Warning: Permanently added '10.128.0.66' (ECDSA) to the list of known hosts. executing program [ *] A start job is running for dev-ttyS0.device (13s / 1min 30s) [ **] A start job is running for dev-ttyS0.device (13s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (14s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (15s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (15s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (16s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (16s / 1min 30s) [* ] A start job is running for dev-ttyS0.device (17s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (18s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (18s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (19s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (19s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (20s / 1min 30s) [ **] A start job is running for dev-ttyS0.device (21s / 1min 30s) [ *] A start job is running for dev-ttyS0.device (21s / 1min 30s) [ **] A start job is running for dev-ttyS0.device (22s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (23s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (23s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (24s / 1min 30s)[ 30.739013][ T22] audit: type=1400 audit(1598145826.014:8): avc: denied { execmem } for pid=340 comm="syz-executor242" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [*** ] A start job is running for dev-ttyS0.device (24s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (25s / 1min 30s) [* ] A start job is running for dev-ttyS0.device (26s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (26s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (27s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (28s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (28s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (29s / 1min 30s)[ 35.847414][ T342] ================================================================== [ 35.855657][ T342] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x249/0xa60 [ 35.863430][ T342] Read of size 8 at addr ffff8881cdf5fcb8 by task syz-executor242/342 [ 35.871543][ T342] [ 35.873846][ T342] CPU: 0 PID: 342 Comm: syz-executor242 Not tainted 5.4.59-syzkaller-00527-g2f4d6c9fd77c #0 [ 35.883868][ T342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.893903][ T342] Call Trace: [ 35.897166][ T342] dump_stack+0x14a/0x1ce [ 35.901464][ T342] ? fuse_aio_complete+0x40f/0x540 [ 35.906562][ T342] ? show_regs_print_info+0x12/0x12 [ 35.911730][ T342] ? printk+0xd2/0x114 [ 35.915769][ T342] print_address_description+0x93/0x620 [ 35.921281][ T342] ? devkmsg_release+0x11c/0x11c [ 35.926184][ T342] __kasan_report+0x16d/0x1e0 [ 35.930849][ T342] ? iov_iter_revert+0x249/0xa60 [ 35.935848][ T342] kasan_report+0x36/0x60 [ 35.940196][ T342] iov_iter_revert+0x249/0xa60 [ 35.944993][ T342] generic_file_read_iter+0x1dd5/0x20b0 [ 35.950537][ T342] ? stack_trace_snprint+0x150/0x150 [ 35.955796][ T342] ? find_get_pages_range_tag+0xaf0/0xaf0 [ 35.961484][ T342] ? forget_all_cached_acls+0xdf/0x100 [ 35.966912][ T342] fuse_file_read_iter+0x3ec/0x4e0 [ 35.971998][ T342] ? fuse_file_llseek+0x890/0x890 [ 35.976994][ T342] ? iov_iter_init+0x83/0x160 [ 35.981637][ T342] __vfs_read+0x59a/0x710 [ 35.985937][ T342] ? rw_verify_area+0x340/0x340 [ 35.990758][ T342] ? __fsnotify_update_child_dentry_flags+0x2c0/0x2c0 [ 35.997491][ T342] ? security_file_permission+0x1e9/0x300 [ 36.003193][ T342] vfs_read+0x166/0x380 [ 36.007334][ T342] ksys_read+0x18c/0x2c0 [ 36.011544][ T342] ? vfs_write+0x4f0/0x4f0 [ 36.015931][ T342] ? do_user_addr_fault+0x55c/0x9f0 [ 36.021111][ T342] do_syscall_64+0xcb/0x150 [ 36.025583][ T342] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 36.031579][ T342] RIP: 0033:0x446f79 [ 36.036129][ T342] Code: e8 9c b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 36.055722][ T342] RSP: 002b:00007fcff961fd98 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 36.064101][ T342] RAX: ffffffffffffffda RBX: 00000000006dfc48 RCX: 0000000000446f79 [ 36.072039][ T342] RDX: 00000000200041e0 RSI: 00000000200021c0 RDI: 0000000000000006 [ 36.079989][ T342] RBP: 00000000006dfc40 R08: 0000000000000000 R09: 0000000000000000 [ 36.087929][ T342] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dfc4c [ 36.095868][ T342] R13: 0000000020006380 R14: 00000000004b11d0 R15: 00000000004af1c8 [ 36.103810][ T342] [ 36.106107][ T342] The buggy address belongs to the page: [ 36.111705][ T342] page:ffffea000737d7c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 36.120784][ T342] flags: 0x8000000000000000() [ 36.125437][ T342] raw: 8000000000000000 0000000000000000 ffffea000737d7c8 0000000000000000 [ 36.135227][ T342] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 36.143774][ T342] page dumped because: kasan: bad access detected [ 36.150167][ T342] [ 36.152477][ T342] addr ffff8881cdf5fcb8 is located in stack of task syz-executor242/342 at offset 24 in frame: [ 36.162802][ T342] __vfs_read+0x0/0x710 [ 36.166932][ T342] [ 36.169285][ T342] this frame has 3 objects: [ 36.173755][ T342] [32, 48) 'iov.i' [ 36.173758][ T342] [64, 112) 'kiocb.i' [ 36.177570][ T342] [144, 184) 'iter.i' [ 36.181612][ T342] [ 36.187939][ T342] Memory state around the buggy address: [ 36.193551][ T342] ffff8881cdf5fb80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3 [ 36.201583][ T342] ffff8881cdf5fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.209627][ T342] >ffff8881cdf5fc80: 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 00 00 00 00 [ 36.217652][ T342] ^ [ 36.223621][ T342] ffff8881cdf5fd00: 00 00 f2 f2 f2 f2 00 00 00 00 00 f3 f3 f3 f3 f3 [ 36.231665][ T342] ffff8881cdf5fd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.239690][ T342] ================================================================== executing program [ 36.247736][ T342] Disabling lock debugging due to kernel taint executing program