[   43.340626][   T25] audit: type=1800 audit(1575258742.351:25): pid=8050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   43.369448][   T25] audit: type=1800 audit(1575258742.351:26): pid=8050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   43.417507][   T25] audit: type=1800 audit(1575258742.351:27): pid=8050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   44.003363][ T8115] sshd (8115) used greatest stack depth: 24024 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.156' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   53.560908][ T8202] IPVS: ftp: loaded support on port[0] = 21
[   53.588139][   T25] kauditd_printk_skb: 3 callbacks suppressed
[   53.588145][   T25] audit: type=1800 audit(1575258752.591:31): pid=8202 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor541" name="file0" dev="sda1" ino=16485 res=0
[   53.640791][ T8203] ==================================================================
[   53.648934][ T8203] BUG: KASAN: use-after-free in iov_iter_alignment+0x6a1/0x7b0
[   53.656613][ T8203] Read of size 4 at addr ffff888098d40f54 by task loop0/8203
[   53.664018][ T8203] 
[   53.666332][ T8203] CPU: 0 PID: 8203 Comm: loop0 Not tainted 5.4.0-syzkaller #0
[   53.673761][ T8203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.683959][ T8203] Call Trace:
[   53.687240][ T8203]  dump_stack+0x1fb/0x318
[   53.691603][ T8203]  print_address_description+0x75/0x5c0
[   53.697213][ T8203]  ? vprintk_default+0x28/0x30
[   53.701951][ T8203]  ? vprintk_func+0x158/0x170
[   53.706604][ T8203]  ? printk+0x62/0x8d
[   53.710572][ T8203]  __kasan_report+0x14b/0x1c0
[   53.715249][ T8203]  ? iov_iter_alignment+0x6a1/0x7b0
[   53.720449][ T8203]  kasan_report+0x26/0x50
[   53.724750][ T8203]  __asan_report_load4_noabort+0x14/0x20
[   53.730356][ T8203]  iov_iter_alignment+0x6a1/0x7b0
[   53.735357][ T8203]  iomap_dio_bio_actor+0x1a7/0x11e0
[   53.740530][ T8203]  ? ext4_set_iomap+0x529/0x760
[   53.745366][ T8203]  iomap_dio_actor+0x2b4/0x4a0
[   53.750113][ T8203]  ? rcu_read_lock_sched_held+0x10b/0x170
[   53.755805][ T8203]  iomap_apply+0x370/0x490
[   53.760201][ T8203]  iomap_dio_rw+0x8ad/0x1010
[   53.764771][ T8203]  ? iomap_dio_rw+0x1010/0x1010
[   53.769606][ T8203]  ext4_file_read_iter+0x834/0xc20
[   53.774693][ T8203]  lo_rw_aio+0xcbb/0xea0
[   53.778912][ T8203]  loop_queue_work+0x13ab/0x2590
[   53.783821][ T8203]  ? finish_task_switch+0x24f/0x550
[   53.789115][ T8203]  ? kthread_worker_fn+0x3e3/0x700
[   53.794223][ T8203]  ? _raw_spin_unlock_irq+0x22/0x80
[   53.799397][ T8203]  kthread_worker_fn+0x449/0x700
[   53.804312][ T8203]  loop_kthread_worker_fn+0x40/0x60
[   53.809483][ T8203]  kthread+0x332/0x350
[   53.813528][ T8203]  ? loop_set_fd+0x1410/0x1410
[   53.818309][ T8203]  ? kthread_blkcg+0xe0/0xe0
[   53.822887][ T8203]  ret_from_fork+0x24/0x30
[   53.827324][ T8203] 
[   53.829629][ T8203] Allocated by task 4198:
[   53.833931][ T8203]  __kasan_kmalloc+0x11c/0x1b0
[   53.838664][ T8203]  kasan_slab_alloc+0xf/0x20
[   53.843227][ T8203]  kmem_cache_alloc+0x1f5/0x2e0
[   53.848106][ T8203]  mempool_alloc_slab+0x4d/0x70
[   53.852950][ T8203]  mempool_alloc+0x104/0x5e0
[   53.857515][ T8203]  bio_alloc_bioset+0x1b0/0x5f0
[   53.862384][ T8203]  do_mpage_readpage+0x1685/0x1d10
[   53.867468][ T8203]  mpage_readpages+0x2a9/0x440
[   53.872209][ T8203]  blkdev_readpages+0x2c/0x40
[   53.876861][ T8203]  read_pages+0xad/0x4d0
[   53.881077][ T8203]  __do_page_cache_readahead+0x480/0x530
[   53.886679][ T8203]  page_cache_sync_readahead+0x329/0x3b0
[   53.892289][ T8203]  generic_file_buffered_read+0x41d/0x2570
[   53.898099][ T8203]  generic_file_read_iter+0xa9/0x450
[   53.903356][ T8203]  blkdev_read_iter+0x12e/0x140
[   53.908177][ T8203]  __vfs_read+0x59e/0x730
[   53.912477][ T8203]  vfs_read+0x1dd/0x420
[   53.916604][ T8203]  ksys_read+0x117/0x220
[   53.920816][ T8203]  __x64_sys_read+0x7b/0x90
[   53.925291][ T8203]  do_syscall_64+0xf7/0x1c0
[   53.929764][ T8203]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.935624][ T8203] 
[   53.937923][ T8203] Freed by task 4205:
[   53.941877][ T8203]  __kasan_slab_free+0x12a/0x1e0
[   53.946781][ T8203]  kasan_slab_free+0xe/0x10
[   53.951265][ T8203]  kmem_cache_free+0x81/0xf0
[   53.955824][ T8203]  mempool_free_slab+0x1d/0x30
[   53.960556][ T8203]  mempool_free+0xd5/0x350
[   53.964982][ T8203]  bio_put+0x38b/0x460
[   53.969026][ T8203]  mpage_end_io+0x2f5/0x330
[   53.973498][ T8203]  bio_endio+0x4ff/0x570
[   53.977709][ T8203]  blk_update_request+0x438/0x10d0
[   53.982789][ T8203]  scsi_end_request+0x8c/0xa20
[   53.987522][ T8203]  scsi_io_completion+0x17c/0x1b80
[   53.992607][ T8203]  scsi_finish_command+0x3b3/0x560
[   53.997741][ T8203]  scsi_softirq_done+0x289/0x310
[   54.002653][ T8203]  blk_done_softirq+0x312/0x370
[   54.007511][ T8203]  __do_softirq+0x333/0x7c4
[   54.011982][ T8203] 
[   54.014288][ T8203] The buggy address belongs to the object at ffff888098d40f00
[   54.014288][ T8203]  which belongs to the cache bio-0 of size 192
[   54.027788][ T8203] The buggy address is located 84 bytes inside of
[   54.027788][ T8203]  192-byte region [ffff888098d40f00, ffff888098d40fc0)
[   54.040940][ T8203] The buggy address belongs to the page:
[   54.046544][ T8203] page:ffffea0002635000 refcount:1 mapcount:0 mapping:ffff88821acf5700 index:0xffff888098d40c00
[   54.056931][ T8203] raw: 00fffe0000000200 ffffea0002805188 ffff8880a7b42738 ffff88821acf5700
[   54.065494][ T8203] raw: ffff888098d40c00 ffff888098d40000 000000010000000e 0000000000000000
[   54.074110][ T8203] page dumped because: kasan: bad access detected
[   54.080504][ T8203] 
[   54.082811][ T8203] Memory state around the buggy address:
[   54.088421][ T8203]  ffff888098d40e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   54.096460][ T8203]  ffff888098d40e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   54.104553][ T8203] >ffff888098d40f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.112605][ T8203]                                                  ^
[   54.119267][ T8203]  ffff888098d40f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   54.127309][ T8203]  ffff888098d41000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.135358][ T8203] ==================================================================