Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. 2019/11/18 09:36:39 parsed 1 programs [ 77.631003][ T26] audit: type=1400 audit(1574069798.919:42): avc: denied { map } for pid=9464 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 79.526697][ T26] audit: type=1400 audit(1574069800.809:43): avc: denied { map } for pid=9464 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1109 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/11/18 09:36:40 executed programs: 0 [ 79.754198][ T9480] IPVS: ftp: loaded support on port[0] = 21 [ 79.818071][ T9480] chnl_net:caif_netlink_parms(): no params data found [ 79.847575][ T9480] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.855251][ T9480] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.863358][ T9480] device bridge_slave_0 entered promiscuous mode [ 79.872022][ T9480] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.879115][ T9480] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.887008][ T9480] device bridge_slave_1 entered promiscuous mode [ 79.904820][ T9480] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.915621][ T9480] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.936273][ T9480] team0: Port device team_slave_0 added [ 79.943889][ T9480] team0: Port device team_slave_1 added [ 79.992394][ T9480] device hsr_slave_0 entered promiscuous mode [ 80.060027][ T9480] device hsr_slave_1 entered promiscuous mode [ 80.171312][ T26] audit: type=1400 audit(1574069801.459:44): avc: denied { create } for pid=9480 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 80.260146][ T9480] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.263964][ T26] audit: type=1400 audit(1574069801.499:45): avc: denied { write } for pid=9480 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 80.267391][ T9480] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.299872][ T9480] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.306967][ T9480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.350821][ T26] audit: type=1400 audit(1574069801.499:46): avc: denied { read } for pid=9480 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 80.571024][ T9480] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.623521][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.651764][ T2962] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.682079][ T2962] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.712794][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 80.756698][ T9480] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.801915][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 80.816717][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.824016][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.860441][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 80.868974][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.876121][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.902309][ T9507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 80.912152][ T9507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 80.922940][ T9507] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.938611][ T9507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 80.962401][ T9507] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.976446][ T9507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 80.986275][ T9507] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.996264][ T9507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 81.007901][ T9507] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 81.017239][ T9507] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 81.028105][ T9480] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 81.044491][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 81.052634][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 81.063642][ T9480] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.111977][ T26] audit: type=1400 audit(1574069802.399:47): avc: denied { associate } for pid=9480 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 82.834799][ T9605] ================================================================== [ 82.843294][ T9605] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x7a0 [ 82.850684][ T9605] Write of size 72 at addr ffff888087447c78 by task syz-executor.0/9605 [ 82.859008][ T9605] [ 82.861346][ T9605] CPU: 1 PID: 9605 Comm: syz-executor.0 Not tainted 5.4.0-rc7+ #0 [ 82.869143][ T9605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.879204][ T9605] Call Trace: [ 82.882649][ T9605] dump_stack+0x197/0x210 [ 82.886992][ T9605] ? ax25_getname+0x58/0x7a0 [ 82.891694][ T9605] print_address_description.constprop.0.cold+0xd4/0x30b [ 82.898750][ T9605] ? ax25_getname+0x58/0x7a0 [ 82.903478][ T9605] ? ax25_getname+0x58/0x7a0 [ 82.908093][ T9605] __kasan_report.cold+0x1b/0x41 [ 82.913206][ T9605] ? ax25_getname+0x58/0x7a0 [ 82.917821][ T9605] kasan_report+0x12/0x20 [ 82.922282][ T9605] check_memory_region+0x134/0x1a0 [ 82.927916][ T9605] memset+0x24/0x40 [ 82.931726][ T9605] ax25_getname+0x58/0x7a0 [ 82.936128][ T9605] ? fget+0x20/0x30 [ 82.939967][ T9605] vhost_net_ioctl+0x120a/0x1960 [ 82.945006][ T9605] ? vhost_zerocopy_callback+0x300/0x300 [ 82.950709][ T9605] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 82.956989][ T9605] ? ___might_sleep+0x163/0x2c0 [ 82.961868][ T9605] ? vhost_zerocopy_callback+0x300/0x300 [ 82.967725][ T9605] do_vfs_ioctl+0xdb6/0x13e0 [ 82.972406][ T9605] ? ioctl_preallocate+0x210/0x210 [ 82.977518][ T9605] ? selinux_file_mprotect+0x620/0x620 [ 82.982995][ T9605] ? __fget+0x384/0x560 [ 82.987181][ T9605] ? ksys_dup3+0x3e0/0x3e0 [ 82.991608][ T9605] ? nsecs_to_jiffies+0x30/0x30 [ 82.996474][ T9605] ? tomoyo_file_ioctl+0x23/0x30 [ 83.001561][ T9605] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.007801][ T9605] ? security_file_ioctl+0x8d/0xc0 [ 83.012923][ T9605] ksys_ioctl+0xab/0xd0 [ 83.017081][ T9605] __x64_sys_ioctl+0x73/0xb0 [ 83.024282][ T9605] do_syscall_64+0xfa/0x760 [ 83.028857][ T9605] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.034761][ T9605] RIP: 0033:0x45a639 [ 83.038678][ T9605] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 83.058383][ T9605] RSP: 002b:00007fb0dc02cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.066916][ T9605] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a639 [ 83.074926][ T9605] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000003 [ 83.082944][ T9605] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 83.091025][ T9605] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb0dc02d6d4 [ 83.098998][ T9605] R13: 00000000004c5b18 R14: 00000000004dab78 R15: 00000000ffffffff [ 83.107003][ T9605] [ 83.109333][ T9605] The buggy address belongs to the page: [ 83.114972][ T9605] page:ffffea00021d11c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 83.124084][ T9605] raw: 01fffc0000000000 ffffea00021d11c8 ffffea00021d11c8 0000000000000000 [ 83.132714][ T9605] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 83.141676][ T9605] page dumped because: kasan: bad access detected [ 83.148187][ T9605] [ 83.150512][ T9605] addr ffff888087447c78 is located in stack of task syz-executor.0/9605 at offset 128 in frame: [ 83.161043][ T9605] vhost_net_ioctl+0x0/0x1960 [ 83.165717][ T9605] [ 83.168048][ T9605] this frame has 4 objects: [ 83.172560][ T9605] [48, 52) 'r' [ 83.172570][ T9605] [64, 72) 'features' [ 83.176038][ T9605] [96, 104) 'backend' [ 83.180198][ T9605] [128, 180) 'uaddr' [ 83.184259][ T9605] [ 83.190615][ T9605] Memory state around the buggy address: [ 83.196278][ T9605] ffff888087447b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 83.204756][ T9605] ffff888087447c00: f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 f2 f2 f2 00 [ 83.212992][ T9605] >ffff888087447c80: 00 00 00 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 [ 83.221056][ T9605] ^ [ 83.226441][ T9605] ffff888087447d00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 83.234509][ T9605] ffff888087447d80: 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 [ 83.242565][ T9605] ================================================================== [ 83.250727][ T9605] Disabling lock debugging due to kernel taint [ 83.260458][ T9605] Kernel panic - not syncing: panic_on_warn set ... [ 83.267098][ T9605] CPU: 1 PID: 9605 Comm: syz-executor.0 Tainted: G B 5.4.0-rc7+ #0 [ 83.276323][ T9605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.286362][ T9605] Call Trace: [ 83.289650][ T9605] dump_stack+0x197/0x210 [ 83.293973][ T9605] panic+0x2e3/0x75c [ 83.297849][ T9605] ? add_taint.cold+0x16/0x16 [ 83.302530][ T9605] ? ax25_getname+0x58/0x7a0 [ 83.307127][ T9605] ? preempt_schedule+0x4b/0x60 [ 83.312014][ T9605] ? ___preempt_schedule+0x16/0x20 [ 83.317374][ T9605] ? trace_hardirqs_on+0x5e/0x240 [ 83.322402][ T9605] ? ax25_getname+0x58/0x7a0 [ 83.326996][ T9605] end_report+0x47/0x4f [ 83.331153][ T9605] ? ax25_getname+0x58/0x7a0 [ 83.335780][ T9605] __kasan_report.cold+0xe/0x41 [ 83.340631][ T9605] ? ax25_getname+0x58/0x7a0 [ 83.345215][ T9605] kasan_report+0x12/0x20 [ 83.349552][ T9605] check_memory_region+0x134/0x1a0 [ 83.354660][ T9605] memset+0x24/0x40 [ 83.358489][ T9605] ax25_getname+0x58/0x7a0 [ 83.363148][ T9605] ? fget+0x20/0x30 [ 83.366964][ T9605] vhost_net_ioctl+0x120a/0x1960 [ 83.371966][ T9605] ? vhost_zerocopy_callback+0x300/0x300 [ 83.377599][ T9605] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 83.383413][ T9605] ? ___might_sleep+0x163/0x2c0 [ 83.388282][ T9605] ? vhost_zerocopy_callback+0x300/0x300 [ 83.393926][ T9605] do_vfs_ioctl+0xdb6/0x13e0 [ 83.398663][ T9605] ? ioctl_preallocate+0x210/0x210 [ 83.403768][ T9605] ? selinux_file_mprotect+0x620/0x620 [ 83.409232][ T9605] ? __fget+0x384/0x560 [ 83.413388][ T9605] ? ksys_dup3+0x3e0/0x3e0 [ 83.418191][ T9605] ? nsecs_to_jiffies+0x30/0x30 [ 83.423037][ T9605] ? tomoyo_file_ioctl+0x23/0x30 [ 83.427979][ T9605] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.434222][ T9605] ? security_file_ioctl+0x8d/0xc0 [ 83.439843][ T9605] ksys_ioctl+0xab/0xd0 [ 83.443986][ T9605] __x64_sys_ioctl+0x73/0xb0 [ 83.448581][ T9605] do_syscall_64+0xfa/0x760 [ 83.453104][ T9605] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.459072][ T9605] RIP: 0033:0x45a639 [ 83.462955][ T9605] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 83.482554][ T9605] RSP: 002b:00007fb0dc02cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.491126][ T9605] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a639 [ 83.499079][ T9605] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000003 [ 83.507039][ T9605] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 83.514988][ T9605] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb0dc02d6d4 [ 83.522937][ T9605] R13: 00000000004c5b18 R14: 00000000004dab78 R15: 00000000ffffffff [ 83.532292][ T9605] Kernel Offset: disabled [ 83.536619][ T9605] Rebooting in 86400 seconds..