[ 36.953705][ T26] audit: type=1800 audit(1556740845.394:27): pid=7603 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 36.988958][ T26] audit: type=1800 audit(1556740845.394:28): pid=7603 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.931397][ T26] audit: type=1800 audit(1556740846.444:29): pid=7603 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 37.952102][ T26] audit: type=1800 audit(1556740846.444:30): pid=7603 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.82' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 45.276835][ T7756] IPVS: ftp: loaded support on port[0] = 21 [ 45.315806][ T7758] ================================================================== [ 45.324026][ T7758] BUG: KASAN: slab-out-of-bounds in skb_gro_receive+0xf5f/0x10e0 [ 45.331729][ T7758] Read of size 16 at addr ffff88808e2b7ff0 by task syz-executor019/7758 [ 45.340027][ T7758] [ 45.342340][ T7758] CPU: 0 PID: 7758 Comm: syz-executor019 Not tainted 5.1.0-rc6+ #191 [ 45.350383][ T7758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.360598][ T7758] Call Trace: [ 45.363919][ T7758] dump_stack+0x172/0x1f0 [ 45.368236][ T7758] ? skb_gro_receive+0xf5f/0x10e0 [ 45.373243][ T7758] print_address_description.cold+0x7c/0x20d [ 45.379221][ T7758] ? skb_gro_receive+0xf5f/0x10e0 [ 45.384281][ T7758] ? skb_gro_receive+0xf5f/0x10e0 [ 45.389468][ T7758] kasan_report.cold+0x1b/0x40 [ 45.394222][ T7758] ? skb_gro_receive+0xf5f/0x10e0 [ 45.399233][ T7758] __asan_report_load16_noabort+0x14/0x20 [ 45.404931][ T7758] skb_gro_receive+0xf5f/0x10e0 [ 45.409775][ T7758] udp_gro_receive+0xc63/0x1080 [ 45.414610][ T7758] udp4_gro_receive+0x763/0xeb0 [ 45.419448][ T7758] ? udp_gro_receive+0x1080/0x1080 [ 45.424544][ T7758] inet_gro_receive+0xe72/0x1110 [ 45.429466][ T7758] ? inet_sk_rebuild_header+0x1c50/0x1c50 [ 45.435166][ T7758] dev_gro_receive+0x1cd0/0x23c0 [ 45.440099][ T7758] napi_gro_frags+0x36b/0xd10 [ 45.444775][ T7758] tun_get_user+0x2f24/0x3fb0 [ 45.449442][ T7758] ? tun_build_skb.isra.0+0x1300/0x1300 [ 45.454969][ T7758] ? tun_get+0x171/0x290 [ 45.459216][ T7758] ? lock_downgrade+0x880/0x880 [ 45.464047][ T7758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.470274][ T7758] ? kasan_check_read+0x11/0x20 [ 45.475129][ T7758] tun_chr_write_iter+0xbd/0x156 [ 45.480061][ T7758] do_iter_readv_writev+0x5e1/0x8e0 [ 45.485282][ T7758] ? vfs_dedupe_file_range+0x780/0x780 [ 45.490746][ T7758] ? apparmor_file_permission+0x25/0x30 [ 45.496278][ T7758] ? rw_verify_area+0x118/0x360 [ 45.501139][ T7758] do_iter_write+0x184/0x610 [ 45.505729][ T7758] ? dup_iter+0x260/0x260 [ 45.510042][ T7758] vfs_writev+0x1b3/0x2f0 [ 45.514378][ T7758] ? vfs_iter_write+0xb0/0xb0 [ 45.519050][ T7758] ? release_sock+0x158/0x1c0 [ 45.523713][ T7758] ? __local_bh_enable_ip+0x15a/0x270 [ 45.529065][ T7758] ? release_sock+0x158/0x1c0 [ 45.533725][ T7758] ? udp_lib_setsockopt+0x494/0x9c0 [ 45.538905][ T7758] ? udp_setsockopt+0x70/0xb0 [ 45.543569][ T7758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.549897][ T7758] ? __fget_light+0x1a9/0x230 [ 45.554562][ T7758] do_writev+0x15e/0x370 [ 45.558788][ T7758] ? vfs_writev+0x2f0/0x2f0 [ 45.563296][ T7758] ? do_syscall_64+0x26/0x610 [ 45.567956][ T7758] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.574173][ T7758] ? do_syscall_64+0x26/0x610 [ 45.578857][ T7758] __x64_sys_writev+0x75/0xb0 [ 45.583516][ T7758] do_syscall_64+0x103/0x610 [ 45.588087][ T7758] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.593974][ T7758] RIP: 0033:0x441cc0 [ 45.597867][ T7758] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 51 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 45.617448][ T7758] RSP: 002b:00007ffe31187c38 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 45.625846][ T7758] RAX: ffffffffffffffda RBX: 00007ffe31187c70 RCX: 0000000000441cc0 [ 45.633800][ T7758] RDX: 0000000000000001 RSI: 00007ffe31187c90 RDI: 00000000000000f0 [ 45.641930][ T7758] RBP: 0000000000000000 R08: 000000000000ffff R09: 00000000015f8668 [ 45.649879][ T7758] R10: 0000000020000040 R11: 0000000000000246 R12: 000000000000b0e0 [ 45.657830][ T7758] R13: 0000000000402b50 R14: 0000000000000000 R15: 0000000000000000 [ 45.665880][ T7758] [ 45.668198][ T7758] Allocated by task 6032: [ 45.672709][ T7758] save_stack+0x45/0xd0 [ 45.676865][ T7758] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 45.682477][ T7758] kasan_slab_alloc+0xf/0x20 [ 45.687048][ T7758] kmem_cache_alloc+0x11a/0x6f0 [ 45.691880][ T7758] copy_process.part.0+0x2161/0x7980 [ 45.697142][ T7758] _do_fork+0x257/0xfd0 [ 45.701440][ T7758] __x64_sys_clone+0xbf/0x150 [ 45.706100][ T7758] do_syscall_64+0x103/0x610 [ 45.710689][ T7758] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.717531][ T7758] [ 45.719859][ T7758] Freed by task 9: [ 45.723564][ T7758] save_stack+0x45/0xd0 [ 45.727702][ T7758] __kasan_slab_free+0x102/0x150 [ 45.732621][ T7758] kasan_slab_free+0xe/0x10 [ 45.737121][ T7758] kmem_cache_free+0x86/0x260 [ 45.742131][ T7758] __put_task_struct+0x2e4/0x4e0 [ 45.747072][ T7758] delayed_put_task_struct+0x1ec/0x340 [ 45.752515][ T7758] rcu_core+0x916/0x13a0 [ 45.756742][ T7758] __do_softirq+0x266/0x95a [ 45.761217][ T7758] [ 45.763528][ T7758] The buggy address belongs to the object at ffff88808e2b77c0 [ 45.763528][ T7758] which belongs to the cache signal_cache of size 1328 [ 45.777735][ T7758] The buggy address is located 768 bytes to the right of [ 45.777735][ T7758] 1328-byte region [ffff88808e2b77c0, ffff88808e2b7cf0) [ 45.791587][ T7758] The buggy address belongs to the page: [ 45.797216][ T7758] page:ffffea000238ad80 count:1 mapcount:0 mapping:ffff88812c294780 index:0x0 compound_mapcount: 0 [ 45.807863][ T7758] flags: 0x1fffc0000010200(slab|head) [ 45.813220][ T7758] raw: 01fffc0000010200 ffffea0002207308 ffffea000236ca88 ffff88812c294780 [ 45.821805][ T7758] raw: 0000000000000000 ffff88808e2b60c0 0000000100000005 0000000000000000 [ 45.830366][ T7758] page dumped because: kasan: bad access detected [ 45.836775][ T7758] [ 45.839083][ T7758] Memory state around the buggy address: [ 45.844699][ T7758] ffff88808e2b7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.852741][ T7758] ffff88808e2b7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.860783][ T7758] >ffff88808e2b7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.868850][ T7758] ^ [ 45.876553][ T7758] ffff88808e2b8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.884600][ T7758] ffff88808e2b8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.892637][ T7758] ================================================================== [ 45.900679][ T7758] Disabling lock debugging due to kernel taint [ 45.906851][ T7758] Kernel panic - not syncing: panic_on_warn set ... [ 45.913435][ T7758] CPU: 0 PID: 7758 Comm: syz-executor019 Tainted: G B 5.1.0-rc6+ #191 [ 45.922860][ T7758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.932889][ T7758] Call Trace: [ 45.936168][ T7758] dump_stack+0x172/0x1f0 [ 45.940513][ T7758] panic+0x2cb/0x65c [ 45.944451][ T7758] ? __warn_printk+0xf3/0xf3 [ 45.949139][ T7758] ? trace_hardirqs_on+0x5e/0x230 [ 45.954140][ T7758] ? trace_hardirqs_on+0x5e/0x230 [ 45.959146][ T7758] ? skb_gro_receive+0xf5f/0x10e0 [ 45.964152][ T7758] end_report+0x47/0x4f [ 45.968302][ T7758] ? skb_gro_receive+0xf5f/0x10e0 [ 45.973309][ T7758] kasan_report.cold+0xe/0x40 [ 45.977970][ T7758] ? skb_gro_receive+0xf5f/0x10e0 [ 45.982981][ T7758] __asan_report_load16_noabort+0x14/0x20 [ 45.989215][ T7758] skb_gro_receive+0xf5f/0x10e0 [ 45.994051][ T7758] udp_gro_receive+0xc63/0x1080 [ 45.998884][ T7758] udp4_gro_receive+0x763/0xeb0 [ 46.003715][ T7758] ? udp_gro_receive+0x1080/0x1080 [ 46.008814][ T7758] inet_gro_receive+0xe72/0x1110 [ 46.013742][ T7758] ? inet_sk_rebuild_header+0x1c50/0x1c50 [ 46.019442][ T7758] dev_gro_receive+0x1cd0/0x23c0 [ 46.024362][ T7758] napi_gro_frags+0x36b/0xd10 [ 46.029030][ T7758] tun_get_user+0x2f24/0x3fb0 [ 46.033695][ T7758] ? tun_build_skb.isra.0+0x1300/0x1300 [ 46.039219][ T7758] ? tun_get+0x171/0x290 [ 46.043472][ T7758] ? lock_downgrade+0x880/0x880 [ 46.048325][ T7758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.054553][ T7758] ? kasan_check_read+0x11/0x20 [ 46.059397][ T7758] tun_chr_write_iter+0xbd/0x156 [ 46.064335][ T7758] do_iter_readv_writev+0x5e1/0x8e0 [ 46.069521][ T7758] ? vfs_dedupe_file_range+0x780/0x780 [ 46.074961][ T7758] ? apparmor_file_permission+0x25/0x30 [ 46.080488][ T7758] ? rw_verify_area+0x118/0x360 [ 46.085316][ T7758] do_iter_write+0x184/0x610 [ 46.089895][ T7758] ? dup_iter+0x260/0x260 [ 46.094219][ T7758] vfs_writev+0x1b3/0x2f0 [ 46.098541][ T7758] ? vfs_iter_write+0xb0/0xb0 [ 46.103214][ T7758] ? release_sock+0x158/0x1c0 [ 46.107872][ T7758] ? __local_bh_enable_ip+0x15a/0x270 [ 46.113221][ T7758] ? release_sock+0x158/0x1c0 [ 46.117878][ T7758] ? udp_lib_setsockopt+0x494/0x9c0 [ 46.123055][ T7758] ? udp_setsockopt+0x70/0xb0 [ 46.127735][ T7758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.133955][ T7758] ? __fget_light+0x1a9/0x230 [ 46.138873][ T7758] do_writev+0x15e/0x370 [ 46.143100][ T7758] ? vfs_writev+0x2f0/0x2f0 [ 46.147610][ T7758] ? do_syscall_64+0x26/0x610 [ 46.152286][ T7758] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.158345][ T7758] ? do_syscall_64+0x26/0x610 [ 46.163004][ T7758] __x64_sys_writev+0x75/0xb0 [ 46.167662][ T7758] do_syscall_64+0x103/0x610 [ 46.172234][ T7758] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.178103][ T7758] RIP: 0033:0x441cc0 [ 46.182089][ T7758] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 51 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 46.201697][ T7758] RSP: 002b:00007ffe31187c38 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 46.210097][ T7758] RAX: ffffffffffffffda RBX: 00007ffe31187c70 RCX: 0000000000441cc0 [ 46.218047][ T7758] RDX: 0000000000000001 RSI: 00007ffe31187c90 RDI: 00000000000000f0 [ 46.226114][ T7758] RBP: 0000000000000000 R08: 000000000000ffff R09: 00000000015f8668 [ 46.234064][ T7758] R10: 0000000020000040 R11: 0000000000000246 R12: 000000000000b0e0 [ 46.242024][ T7758] R13: 0000000000402b50 R14: 0000000000000000 R15: 0000000000000000 [ 46.251028][ T7758] Kernel Offset: disabled [ 46.255355][ T7758] Rebooting in 86400 seconds..