Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. executing program [** ] A start job is running for dev-ttyS0.device (9s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (10s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (10s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (11s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (12s / 1min 30s) [ **] A start job is running for dev-ttyS0.device (12s / 1min 30s) [ *] A start job is running for dev-ttyS0.device (13s / 1min 30s) [ **] A start job is running for dev-ttyS0.device (13s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (14s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (15s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (15s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (16s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (17s / 1min 30s) [* ] A start job is running for dev-ttyS0.device (17s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (18s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (18s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (19s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (20s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (20s / 1min 30s)[ 27.654815][ T22] audit: type=1400 audit(1597858517.122:8): avc: denied { execmem } for pid=341 comm="syz-executor215" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 27.881144][ T344] ================================================================== [ 27.889241][ T344] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x249/0xa60 [ 27.896928][ T344] Read of size 8 at addr ffff8881c44bfcb8 by task syz-executor215/344 [ 27.905062][ T344] [ 27.907401][ T344] CPU: 0 PID: 344 Comm: syz-executor215 Not tainted 5.4.59-syzkaller-00504-g010ff9a0f65f #0 [ 27.917445][ T344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.927493][ T344] Call Trace: [ 27.930760][ T344] dump_stack+0x14a/0x1ce [ 27.935066][ T344] ? fuse_aio_complete+0x40f/0x540 [ 27.940152][ T344] ? show_regs_print_info+0x12/0x12 [ 27.945340][ T344] ? printk+0xd2/0x114 [ 27.949392][ T344] print_address_description+0x93/0x620 [ 27.954914][ T344] ? devkmsg_release+0x11c/0x11c [ 27.960774][ T344] __kasan_report+0x16d/0x1e0 [ 27.965422][ T344] ? iov_iter_revert+0x249/0xa60 [ 27.970348][ T344] kasan_report+0x36/0x60 [ 27.970358][ T344] iov_iter_revert+0x249/0xa60 [ 27.970375][ T344] generic_file_read_iter+0x1dd5/0x20b0 [ 27.984956][ T344] ? __kernel_text_address+0x93/0x110 [ 27.990332][ T344] ? kasan_alloc_pages+0x4a/0x60 [ 27.995299][ T344] ? prep_new_page+0x11a/0x380 [ 28.000049][ T344] ? find_get_pages_range_tag+0xaf0/0xaf0 [ 28.005761][ T344] ? forget_all_cached_acls+0xdf/0x100 [ 28.011226][ T344] fuse_file_read_iter+0x3ec/0x4e0 [ 28.016343][ T344] ? fuse_file_llseek+0x890/0x890 [ 28.021369][ T344] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 28.026905][ T344] ? _raw_spin_lock+0xa1/0x170 [ 28.031747][ T344] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 28.037544][ T344] ? iov_iter_init+0x83/0x160 [ 28.042222][ T344] __vfs_read+0x59a/0x710 [ 28.046552][ T344] ? rw_verify_area+0x340/0x340 [ 28.051408][ T344] ? __fsnotify_update_child_dentry_flags+0x2c0/0x2c0 [ 28.058157][ T344] ? security_file_permission+0x1e9/0x300 [ 28.063866][ T344] vfs_read+0x166/0x380 [ 28.068013][ T344] ksys_read+0x18c/0x2c0 [ 28.072916][ T344] ? vfs_write+0x4f0/0x4f0 [ 28.077313][ T344] ? do_user_addr_fault+0x55c/0x9f0 [ 28.082497][ T344] do_syscall_64+0xcb/0x150 [ 28.086998][ T344] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 28.092875][ T344] RIP: 0033:0x446889 [ 28.096774][ T344] Code: e8 5c bb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 28.116373][ T344] RSP: 002b:00007fd76a67ad98 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 28.124766][ T344] RAX: ffffffffffffffda RBX: 00000000006e0c48 RCX: 0000000000446889 [ 28.132716][ T344] RDX: 00000000200041e0 RSI: 00000000200021c0 RDI: 0000000000000005 [ 28.141204][ T344] RBP: 00000000006e0c40 R08: 0000000000000000 R09: 0000000000000000 [ 28.149149][ T344] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e0c4c [ 28.157107][ T344] R13: 0000000020006380 R14: 00000000004b1100 R15: 00000000004af0f8 [ 28.165062][ T344] [ 28.167376][ T344] The buggy address belongs to the page: [ 28.172980][ T344] page:ffffea0007112fc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 28.182145][ T344] flags: 0x8000000000000000() [ 28.186807][ T344] raw: 8000000000000000 0000000000000000 ffffea0007112fc8 0000000000000000 [ 28.195376][ T344] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 28.203935][ T344] page dumped because: kasan: bad access detected [ 28.210328][ T344] [ 28.212644][ T344] addr ffff8881c44bfcb8 is located in stack of task syz-executor215/344 at offset 24 in frame: [ 28.222947][ T344] __vfs_read+0x0/0x710 [ 28.227074][ T344] [ 28.229371][ T344] this frame has 3 objects: [ 28.233837][ T344] [32, 48) 'iov.i' [ 28.233840][ T344] [64, 112) 'kiocb.i' [ 28.237616][ T344] [144, 184) 'iter.i' [ 28.241646][ T344] [ 28.247971][ T344] Memory state around the buggy address: [ 28.253571][ T344] ffff8881c44bfb80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3 [ 28.261613][ T344] ffff8881c44bfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.269647][ T344] >ffff8881c44bfc80: 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 00 00 00 00 [ 28.277685][ T344]