syzkaller login: [   13.141085][   T23] kauditd_printk_skb: 60 callbacks suppressed
[   13.141094][   T23] audit: type=1400 audit(1635200612.280:71): avc:  denied  { transition } for  pid=290 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   13.145711][   T23] audit: type=1400 audit(1635200612.280:72): avc:  denied  { write } for  pid=290 comm="sh" path="pipe:[11454]" dev="pipefs" ino=11454 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
[   13.799825][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #88!!!
[   13.850575][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!!
[   14.040582][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!!
[   14.130551][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!!
[   14.250522][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!!
[   14.359895][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!!
[   17.169919][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!!
Warning: Permanently added '10.128.1.127' (ECDSA) to the list of known hosts.
executing program
[   23.895489][   T23] audit: type=1400 audit(1635200623.030:73): avc:  denied  { execmem } for  pid=365 comm="syz-executor099" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   23.910912][  T366] ==================================================================
[   23.914932][   T23] audit: type=1400 audit(1635200623.030:74): avc:  denied  { mounton } for  pid=366 comm="syz-executor099" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   23.922922][  T366] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x269/0xa30
[   23.922930][  T366] Read of size 8 at addr ffffc900009bef38 by task syz-executor099/366
[   23.922932][  T366] 
[   23.922941][  T366] CPU: 0 PID: 366 Comm: syz-executor099 Not tainted 5.10.75-syzkaller-01082-g234d53d2bb60 #0
[   23.922945][  T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.922949][  T366] Call Trace:
[   23.922961][  T366]  dump_stack_lvl+0x1e2/0x24b
[   23.922969][  T366]  ? printk+0xcf/0x119
[   23.922978][  T366]  ? show_regs_print_info+0x18/0x18
[   23.922985][  T366]  ? wake_up_klogd+0xb8/0xf0
[   23.922993][  T366]  ? devkmsg_release+0x127/0x127
[   23.923004][  T366]  print_address_description+0x8d/0x3d0
[   23.923012][  T366]  __kasan_report+0x142/0x220
[   23.923019][  T366]  ? iov_iter_revert+0x269/0xa30
[   23.923028][  T366]  kasan_report+0x51/0x70
[   23.923037][  T366]  __asan_report_load8_noabort+0x14/0x20
[   23.923052][  T366]  iov_iter_revert+0x269/0xa30
[   23.947376][   T23] audit: type=1400 audit(1635200623.030:75): avc:  denied  { mount } for  pid=366 comm="syz-executor099" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   23.954576][  T366]  ? ext4_file_read_iter+0x4d0/0x4d0
[   23.954587][  T366]  ? security_file_permission+0xa8/0xc0
[   23.954596][  T366]  io_write+0xaf1/0xf80
[   23.954605][  T366]  ? io_arm_poll_handler+0xeb0/0xeb0
[   23.954616][  T366]  io_issue_sqe+0x1397/0xfc10
[   23.954627][  T366]  ? __io_req_task_cancel+0x720/0x720
[   23.954637][  T366]  ? __rcu_read_lock+0x50/0x50
[   23.954652][  T366]  ? is_bpf_text_address+0x1a2/0x1c0
[   23.962859][   T23] audit: type=1400 audit(1635200623.030:76): avc:  denied  { mounton } for  pid=366 comm="syz-executor099" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   23.965112][  T366]  ? is_module_text_address+0xe1/0x140
[   24.130890][  T366]  ? stack_trace_save+0x1e0/0x1e0
[   24.135887][  T366]  ? __kernel_text_address+0x9a/0x110
[   24.141226][  T366]  ? unwind_get_return_address+0x4c/0x90
[   24.146827][  T366]  ? arch_stack_walk+0xf8/0x140
[   24.151647][  T366]  ? stack_trace_save+0x11b/0x1e0
[   24.156649][  T366]  ? stack_trace_snprint+0xe0/0xe0
[   24.161728][  T366]  ? __rcu_read_lock+0x50/0x50
[   24.166460][  T366]  ? is_bpf_text_address+0x1a2/0x1c0
[   24.171716][  T366]  ? is_module_text_address+0xe1/0x140
[   24.177144][  T366]  ? stack_trace_save+0x1e0/0x1e0
[   24.182137][  T366]  ? __kernel_text_address+0x9a/0x110
[   24.187480][  T366]  ? unwind_get_return_address+0x4c/0x90
[   24.193086][  T366]  ? __kasan_check_write+0x14/0x20
[   24.198169][  T366]  ? _raw_spin_lock_irqsave+0xf8/0x210
[   24.203598][  T366]  ? _raw_spin_lock+0x1b0/0x1b0
[   24.208419][  T366]  ? stack_trace_save+0x11b/0x1e0
[   24.213416][  T366]  ? stack_trace_snprint+0xe0/0xe0
[   24.218498][  T366]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[   24.224275][  T366]  ? stack_depot_save+0x41e/0x480
[   24.229268][  T366]  ? io_prep_rw+0x781/0xb70
[   24.233761][  T366]  ? io_req_prep+0x1bd7/0x51b0
[   24.238500][  T366]  ? io_queue_sqe+0x1180/0x1180
[   24.243336][  T366]  ? __rcu_read_lock+0x50/0x50
[   24.248094][  T366]  __io_queue_sqe+0x2cf/0x2fa0
[   24.252839][  T366]  io_queue_sqe+0x295/0x1180
[   24.257407][  T366]  io_submit_sqe+0x385/0xfd0
[   24.261974][  T366]  ? io_file_get+0x437/0x9c0
[   24.266536][  T366]  io_submit_sqes+0x1050/0x2da0
[   24.271376][  T366]  ? vma_wants_writenotify+0x2ed/0x390
[   24.276824][  T366]  ? io_uring_add_task_file+0x290/0x290
[   24.282353][  T366]  ? __kasan_check_write+0x14/0x20
[   24.287435][  T366]  ? mutex_lock+0xa6/0x110
[   24.291824][  T366]  ? io_uring_add_task_file+0x127/0x290
[   24.297341][  T366]  ? __fdget+0x172/0x240
[   24.301553][  T366]  __se_sys_io_uring_enter+0x322/0x12b0
[   24.307068][  T366]  ? __x64_sys_io_uring_enter+0x100/0x100
[   24.312771][  T366]  ? fput_many+0x47/0x1a0
[   24.317077][  T366]  ? debug_smp_processor_id+0x1c/0x20
[   24.322435][  T366]  __x64_sys_io_uring_enter+0xe5/0x100
[   24.327870][  T366]  do_syscall_64+0x31/0x70
[   24.332262][  T366]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   24.338126][  T366] RIP: 0033:0x7f83c3687a59
[   24.342528][  T366] Code: 28 c3 e8 1a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   24.362135][  T366] RSP: 002b:00007ffff6e3c998 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[   24.370530][  T366] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f83c3687a59
[   24.378478][  T366] RDX: 0000000000000000 RSI: 0000000000007cdc RDI: 0000000000000004
[   24.386428][  T366] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   24.394375][  T366] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffff6e3c9c0
[   24.402333][  T366] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   24.410296][  T366] 
[   24.412596][  T366] 
[   24.414931][  T366] addr ffffc900009bef38 is located in stack of task syz-executor099/366 at offset 24 in frame:
[   24.425239][  T366]  io_write+0x0/0xf80
[   24.429195][  T366] 
[   24.431499][  T366] this frame has 3 objects:
[   24.435974][  T366]  [32, 160) 'inline_vecs'
[   24.435979][  T366]  [192, 200) 'iovec'
[   24.440367][  T366]  [224, 264) '__iter'
[   24.444314][  T366] 
[   24.450649][  T366] Memory state around the buggy address:
[   24.456310][  T366]  ffffc900009bee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.464345][  T366]  ffffc900009bee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.472380][  T366] >ffffc900009bef00: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00
[   24.480425][  T366]                                         ^
[   24.486289][  T366]  ffffc900009bef80: 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 f2 f2 f2
[   24.494324][  T366]  ffffc900009bf000: 00