[ 40.791971][ T26] audit: type=1800 audit(1556747993.132:31): pid=7723 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 47.225348][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 47.225362][ T26] audit: type=1400 audit(1556747999.602:35): avc: denied { map } for pid=7897 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.37' (ECDSA) to the list of known hosts. executing program executing program [ 53.720354][ T26] audit: type=1400 audit(1556748006.092:36): avc: denied { map } for pid=7909 comm="syz-executor192" path="/root/syz-executor192524708" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 53.753385][ T7910] IPVS: ftp: loaded support on port[0] = 21 [ 53.794637][ T7912] ================================================================== [ 53.802892][ T7912] BUG: KASAN: slab-out-of-bounds in skb_gro_receive+0xf5f/0x10e0 [ 53.810832][ T7912] Read of size 16 at addr ffff888089b97ff0 by task syz-executor192/7912 [ 53.819180][ T7912] [ 53.821505][ T7912] CPU: 0 PID: 7912 Comm: syz-executor192 Not tainted 5.1.0-rc7+ #95 [ 53.829489][ T7912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.839627][ T7912] Call Trace: [ 53.842935][ T7912] dump_stack+0x172/0x1f0 [ 53.847263][ T7912] ? skb_gro_receive+0xf5f/0x10e0 [ 53.852277][ T7912] print_address_description.cold+0x7c/0x20d [ 53.858242][ T7912] ? skb_gro_receive+0xf5f/0x10e0 [ 53.863251][ T7912] ? skb_gro_receive+0xf5f/0x10e0 [ 53.868286][ T7912] kasan_report.cold+0x1b/0x40 [ 53.873044][ T7912] ? skb_gro_receive+0xf5f/0x10e0 [ 53.878079][ T7912] __asan_report_load16_noabort+0x14/0x20 [ 53.883803][ T7912] skb_gro_receive+0xf5f/0x10e0 [ 53.889810][ T7912] udp_gro_receive+0xb61/0xfd0 [ 53.894587][ T7912] udp4_gro_receive+0x763/0xeb0 [ 53.899444][ T7912] ? udp_gro_receive+0xfd0/0xfd0 [ 53.904368][ T7912] inet_gro_receive+0xe72/0x1110 [ 53.909292][ T7912] ? inet_sk_rebuild_header+0x1c50/0x1c50 [ 53.914997][ T7912] dev_gro_receive+0x1cd0/0x23c0 [ 53.919931][ T7912] napi_gro_frags+0x36b/0xd10 [ 53.924601][ T7912] tun_get_user+0x2f24/0x3fb0 [ 53.929267][ T7912] ? tun_build_skb.isra.0+0x1300/0x1300 [ 53.934815][ T7912] ? tun_get+0x171/0x290 [ 53.939075][ T7912] ? lock_downgrade+0x880/0x880 [ 53.943908][ T7912] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.950141][ T7912] ? kasan_check_read+0x11/0x20 [ 53.955036][ T7912] tun_chr_write_iter+0xbd/0x156 [ 53.959961][ T7912] do_iter_readv_writev+0x5e1/0x8e0 [ 53.965162][ T7912] ? vfs_dedupe_file_range+0x780/0x780 [ 53.970610][ T7912] ? rw_verify_area+0x118/0x360 [ 53.975634][ T7912] do_iter_write+0x184/0x610 [ 53.980230][ T7912] ? dup_iter+0x260/0x260 [ 53.984560][ T7912] vfs_writev+0x1b3/0x2f0 [ 53.988882][ T7912] ? vfs_iter_write+0xb0/0xb0 [ 53.993550][ T7912] ? release_sock+0x158/0x1c0 [ 53.998225][ T7912] ? __local_bh_enable_ip+0x15a/0x270 [ 54.003590][ T7912] ? release_sock+0x158/0x1c0 [ 54.008259][ T7912] ? udp_lib_setsockopt+0x494/0x9c0 [ 54.013462][ T7912] ? udp_setsockopt+0x70/0xb0 [ 54.018132][ T7912] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.024372][ T7912] ? __fget_light+0x1a9/0x230 [ 54.029050][ T7912] do_writev+0x15e/0x370 [ 54.033283][ T7912] ? vfs_writev+0x2f0/0x2f0 [ 54.037869][ T7912] ? do_syscall_64+0x26/0x610 [ 54.042539][ T7912] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.048605][ T7912] ? do_syscall_64+0x26/0x610 [ 54.053281][ T7912] __x64_sys_writev+0x75/0xb0 [ 54.057963][ T7912] do_syscall_64+0x103/0x610 [ 54.062546][ T7912] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.068422][ T7912] RIP: 0033:0x441cc0 [ 54.072300][ T7912] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 51 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 54.091907][ T7912] RSP: 002b:00007fff38a3b408 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 54.100345][ T7912] RAX: ffffffffffffffda RBX: 00007fff38a3b440 RCX: 0000000000441cc0 [ 54.108332][ T7912] RDX: 0000000000000001 RSI: 00007fff38a3b460 RDI: 00000000000000f0 [ 54.116302][ T7912] RBP: 0000000000000000 R08: 000000000000ffff R09: 0000000002020668 [ 54.124265][ T7912] R10: 0000000020000040 R11: 0000000000000246 R12: 000000000000d208 [ 54.132236][ T7912] R13: 0000000000402b50 R14: 0000000000000000 R15: 0000000000000000 [ 54.140225][ T7912] [ 54.142555][ T7912] Allocated by task 7005: [ 54.146890][ T7912] save_stack+0x45/0xd0 [ 54.151030][ T7912] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 54.156640][ T7912] kasan_slab_alloc+0xf/0x20 [ 54.161216][ T7912] kmem_cache_alloc+0x11a/0x6f0 [ 54.166072][ T7912] getname_flags+0xd6/0x5b0 [ 54.170559][ T7912] user_path_at_empty+0x2f/0x50 [ 54.175393][ T7912] vfs_statx+0x129/0x200 [ 54.179627][ T7912] __do_sys_newlstat+0xa4/0x130 [ 54.184558][ T7912] __x64_sys_newlstat+0x54/0x80 [ 54.189393][ T7912] do_syscall_64+0x103/0x610 [ 54.193967][ T7912] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.199844][ T7912] [ 54.202175][ T7912] Freed by task 7005: [ 54.206145][ T7912] save_stack+0x45/0xd0 [ 54.210281][ T7912] __kasan_slab_free+0x102/0x150 [ 54.215202][ T7912] kasan_slab_free+0xe/0x10 [ 54.219712][ T7912] kmem_cache_free+0x86/0x260 [ 54.224375][ T7912] putname+0xef/0x130 [ 54.228370][ T7912] filename_lookup+0x28f/0x410 [ 54.233193][ T7912] user_path_at_empty+0x43/0x50 [ 54.238317][ T7912] vfs_statx+0x129/0x200 [ 54.244563][ T7912] __do_sys_newlstat+0xa4/0x130 [ 54.249395][ T7912] __x64_sys_newlstat+0x54/0x80 [ 54.254230][ T7912] do_syscall_64+0x103/0x610 [ 54.258803][ T7912] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.264684][ T7912] [ 54.266999][ T7912] The buggy address belongs to the object at ffff888089b96540 [ 54.266999][ T7912] which belongs to the cache names_cache of size 4096 [ 54.281146][ T7912] The buggy address is located 2736 bytes to the right of [ 54.281146][ T7912] 4096-byte region [ffff888089b96540, ffff888089b97540) [ 54.295095][ T7912] The buggy address belongs to the page: [ 54.300716][ T7912] page:ffffea000226e580 count:1 mapcount:0 mapping:ffff88821bc45b00 index:0x0 compound_mapcount: 0 [ 54.311383][ T7912] flags: 0x1fffc0000010200(slab|head) [ 54.316742][ T7912] raw: 01fffc0000010200 ffffea0002a0fa88 ffffea0002221088 ffff88821bc45b00 [ 54.325310][ T7912] raw: 0000000000000000 ffff888089b96540 0000000100000001 0000000000000000 [ 54.333999][ T7912] page dumped because: kasan: bad access detected [ 54.340391][ T7912] [ 54.342696][ T7912] Memory state around the buggy address: [ 54.348304][ T7912] ffff888089b97e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.356360][ T7912] ffff888089b97f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.364400][ T7912] >ffff888089b97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.372557][ T7912] ^ [ 54.380270][ T7912] ffff888089b98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.388313][ T7912] ffff888089b98080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.396382][ T7912] ================================================================== [ 54.404427][ T7912] Disabling lock debugging due to kernel taint [ 54.410601][ T7912] Kernel panic - not syncing: panic_on_warn set ... [ 54.417184][ T7912] CPU: 0 PID: 7912 Comm: syz-executor192 Tainted: G B 5.1.0-rc7+ #95 [ 54.426541][ T7912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.436590][ T7912] Call Trace: [ 54.439875][ T7912] dump_stack+0x172/0x1f0 [ 54.444189][ T7912] panic+0x2cb/0x65c [ 54.448062][ T7912] ? __warn_printk+0xf3/0xf3 [ 54.452632][ T7912] ? trace_hardirqs_on+0x5e/0x230 [ 54.457645][ T7912] ? trace_hardirqs_on+0x5e/0x230 [ 54.462651][ T7912] ? skb_gro_receive+0xf5f/0x10e0 [ 54.467653][ T7912] end_report+0x47/0x4f [ 54.471802][ T7912] ? skb_gro_receive+0xf5f/0x10e0 [ 54.476805][ T7912] kasan_report.cold+0xe/0x40 [ 54.481461][ T7912] ? skb_gro_receive+0xf5f/0x10e0 [ 54.486468][ T7912] __asan_report_load16_noabort+0x14/0x20 [ 54.492170][ T7912] skb_gro_receive+0xf5f/0x10e0 [ 54.497018][ T7912] udp_gro_receive+0xb61/0xfd0 [ 54.501764][ T7912] udp4_gro_receive+0x763/0xeb0 [ 54.506594][ T7912] ? udp_gro_receive+0xfd0/0xfd0 [ 54.511512][ T7912] inet_gro_receive+0xe72/0x1110 [ 54.516452][ T7912] ? inet_sk_rebuild_header+0x1c50/0x1c50 [ 54.522259][ T7912] dev_gro_receive+0x1cd0/0x23c0 [ 54.527181][ T7912] napi_gro_frags+0x36b/0xd10 [ 54.531863][ T7912] tun_get_user+0x2f24/0x3fb0 [ 54.536531][ T7912] ? tun_build_skb.isra.0+0x1300/0x1300 [ 54.542073][ T7912] ? tun_get+0x171/0x290 [ 54.546316][ T7912] ? lock_downgrade+0x880/0x880 [ 54.551148][ T7912] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.557372][ T7912] ? kasan_check_read+0x11/0x20 [ 54.562208][ T7912] tun_chr_write_iter+0xbd/0x156 [ 54.567130][ T7912] do_iter_readv_writev+0x5e1/0x8e0 [ 54.572309][ T7912] ? vfs_dedupe_file_range+0x780/0x780 [ 54.577749][ T7912] ? rw_verify_area+0x118/0x360 [ 54.582578][ T7912] do_iter_write+0x184/0x610 [ 54.587149][ T7912] ? dup_iter+0x260/0x260 [ 54.591461][ T7912] vfs_writev+0x1b3/0x2f0 [ 54.595770][ T7912] ? vfs_iter_write+0xb0/0xb0 [ 54.600426][ T7912] ? release_sock+0x158/0x1c0 [ 54.605087][ T7912] ? __local_bh_enable_ip+0x15a/0x270 [ 54.610457][ T7912] ? release_sock+0x158/0x1c0 [ 54.615120][ T7912] ? udp_lib_setsockopt+0x494/0x9c0 [ 54.620317][ T7912] ? udp_setsockopt+0x70/0xb0 [ 54.625001][ T7912] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.631223][ T7912] ? __fget_light+0x1a9/0x230 [ 54.635880][ T7912] do_writev+0x15e/0x370 [ 54.640125][ T7912] ? vfs_writev+0x2f0/0x2f0 [ 54.644631][ T7912] ? do_syscall_64+0x26/0x610 [ 54.649687][ T7912] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.655734][ T7912] ? do_syscall_64+0x26/0x610 [ 54.660395][ T7912] __x64_sys_writev+0x75/0xb0 [ 54.665053][ T7912] do_syscall_64+0x103/0x610 [ 54.669625][ T7912] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.675495][ T7912] RIP: 0033:0x441cc0 [ 54.679381][ T7912] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 51 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 54.699090][ T7912] RSP: 002b:00007fff38a3b408 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 54.707506][ T7912] RAX: ffffffffffffffda RBX: 00007fff38a3b440 RCX: 0000000000441cc0 [ 54.715462][ T7912] RDX: 0000000000000001 RSI: 00007fff38a3b460 RDI: 00000000000000f0 [ 54.723415][ T7912] RBP: 0000000000000000 R08: 000000000000ffff R09: 0000000002020668 [ 54.731377][ T7912] R10: 0000000020000040 R11: 0000000000000246 R12: 000000000000d208 [ 54.739328][ T7912] R13: 0000000000402b50 R14: 0000000000000000 R15: 0000000000000000 [ 54.750008][ T7912] Kernel Offset: disabled [ 54.754336][ T7912] Rebooting in 86400 seconds..