Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. [ 50.129086] audit: type=1400 audit(1550136435.195:36): avc: denied { map } for pid=7898 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/02/14 09:27:15 parsed 1 programs [ 50.900791] audit: type=1400 audit(1550136435.965:37): avc: denied { map } for pid=7898 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=15505 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/02/14 09:27:17 executed programs: 0 [ 52.819836] IPVS: ftp: loaded support on port[0] = 21 [ 52.877199] chnl_net:caif_netlink_parms(): no params data found [ 52.905577] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.912439] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.920023] device bridge_slave_0 entered promiscuous mode [ 52.927428] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.933786] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.940808] device bridge_slave_1 entered promiscuous mode [ 52.956940] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.965582] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.982243] team0: Port device team_slave_0 added [ 52.988358] team0: Port device team_slave_1 added [ 53.068194] device hsr_slave_0 entered promiscuous mode [ 53.117079] device hsr_slave_1 entered promiscuous mode [ 53.184155] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.190633] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.197658] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.203986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.233409] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.244143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.264408] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.272261] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.280002] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 53.290038] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.298540] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.306369] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.312753] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.327034] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.334582] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.340945] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.348408] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.357015] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.367173] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.377584] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.387859] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 53.399592] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.406982] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.422521] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.433007] audit: type=1400 audit(1550136438.495:38): avc: denied { associate } for pid=7912 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 53.818859] ================================================================== [ 53.826424] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x7a0 [ 53.833074] Write of size 72 at addr ffff888095bf7c78 by task syz-executor.0/7941 [ 53.840669] [ 53.842282] CPU: 1 PID: 7941 Comm: syz-executor.0 Not tainted 5.0.0-rc6+ #70 [ 53.849452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.858796] Call Trace: [ 53.861370] dump_stack+0x172/0x1f0 [ 53.864981] ? ax25_getname+0x58/0x7a0 [ 53.868852] print_address_description.cold+0x7c/0x20d [ 53.874109] ? ax25_getname+0x58/0x7a0 [ 53.877988] ? ax25_getname+0x58/0x7a0 [ 53.881858] kasan_report.cold+0x1b/0x40 [ 53.885905] ? ax25_getname+0x58/0x7a0 [ 53.889778] check_memory_region+0x123/0x190 [ 53.894178] memset+0x24/0x40 [ 53.897274] ax25_getname+0x58/0x7a0 [ 53.900970] ? fget+0x1b/0x20 [ 53.904061] vhost_net_ioctl+0x120f/0x1900 [ 53.908281] ? vhost_net_buf_peek+0x840/0x840 [ 53.912757] ? __fget+0x340/0x540 [ 53.916217] ? ___might_sleep+0x163/0x280 [ 53.920352] ? __might_sleep+0x95/0x190 [ 53.924307] ? vhost_net_buf_peek+0x840/0x840 [ 53.928786] do_vfs_ioctl+0xd6e/0x1390 [ 53.932653] ? selinux_file_ioctl+0x46f/0x5e0 [ 53.937162] ? selinux_file_ioctl+0x125/0x5e0 [ 53.941648] ? ioctl_preallocate+0x210/0x210 [ 53.946047] ? selinux_file_mprotect+0x620/0x620 [ 53.950799] ? iterate_fd+0x360/0x360 [ 53.954581] ? nsecs_to_jiffies+0x30/0x30 [ 53.958716] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.964234] ? security_file_ioctl+0x93/0xc0 [ 53.968710] ksys_ioctl+0xab/0xd0 [ 53.972142] __x64_sys_ioctl+0x73/0xb0 [ 53.976009] do_syscall_64+0x103/0x610 [ 53.979897] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.985076] RIP: 0033:0x457e29 [ 53.988252] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.007148] RSP: 002b:00007f36425e5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 54.014835] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 54.022268] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000004 [ 54.029521] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 54.036780] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36425e66d4 [ 54.044049] R13: 00000000004c2673 R14: 00000000004d5050 R15: 00000000ffffffff [ 54.051304] [ 54.052906] The buggy address belongs to the page: [ 54.057921] page:ffffea000256fdc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 54.066128] flags: 0x1fffc0000000000() [ 54.069999] raw: 01fffc0000000000 0000000000000000 ffffffff02560101 0000000000000000 [ 54.077972] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 54.085832] page dumped because: kasan: bad access detected [ 54.091514] [ 54.093119] Memory state around the buggy address: [ 54.098029] ffff888095bf7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 54.105376] ffff888095bf7c00: f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 f2 f2 f2 00 [ 54.112715] >ffff888095bf7c80: 00 00 00 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 [ 54.120050] ^ [ 54.124700] ffff888095bf7d00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 54.132039] ffff888095bf7d80: 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 [ 54.139373] ================================================================== [ 54.146715] Disabling lock debugging due to kernel taint [ 54.154724] Kernel panic - not syncing: panic_on_warn set ... [ 54.160702] CPU: 1 PID: 7941 Comm: syz-executor.0 Tainted: G B 5.0.0-rc6+ #70 [ 54.169270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.178602] Call Trace: [ 54.181177] dump_stack+0x172/0x1f0 [ 54.185021] panic+0x2cb/0x65c [ 54.188198] ? __warn_printk+0xf3/0xf3 [ 54.192070] ? ax25_getname+0x58/0x7a0 [ 54.195938] ? preempt_schedule+0x4b/0x60 [ 54.200069] ? ___preempt_schedule+0x16/0x18 [ 54.204471] ? trace_hardirqs_on+0x5e/0x230 [ 54.208778] ? ax25_getname+0x58/0x7a0 [ 54.212662] end_report+0x47/0x4f [ 54.216100] ? ax25_getname+0x58/0x7a0 [ 54.219968] kasan_report.cold+0xe/0x40 [ 54.223940] ? ax25_getname+0x58/0x7a0 [ 54.227821] check_memory_region+0x123/0x190 [ 54.233186] memset+0x24/0x40 [ 54.236295] ax25_getname+0x58/0x7a0 [ 54.239999] ? fget+0x1b/0x20 [ 54.243099] vhost_net_ioctl+0x120f/0x1900 [ 54.247317] ? vhost_net_buf_peek+0x840/0x840 [ 54.251794] ? __fget+0x340/0x540 [ 54.255230] ? ___might_sleep+0x163/0x280 [ 54.259362] ? __might_sleep+0x95/0x190 [ 54.263318] ? vhost_net_buf_peek+0x840/0x840 [ 54.267805] do_vfs_ioctl+0xd6e/0x1390 [ 54.271686] ? selinux_file_ioctl+0x46f/0x5e0 [ 54.276162] ? selinux_file_ioctl+0x125/0x5e0 [ 54.280641] ? ioctl_preallocate+0x210/0x210 [ 54.285030] ? selinux_file_mprotect+0x620/0x620 [ 54.289859] ? iterate_fd+0x360/0x360 [ 54.293728] ? nsecs_to_jiffies+0x30/0x30 [ 54.297862] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.303380] ? security_file_ioctl+0x93/0xc0 [ 54.307775] ksys_ioctl+0xab/0xd0 [ 54.311230] __x64_sys_ioctl+0x73/0xb0 [ 54.315116] do_syscall_64+0x103/0x610 [ 54.319032] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.324203] RIP: 0033:0x457e29 [ 54.327382] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.346267] RSP: 002b:00007f36425e5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 54.353972] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 54.361227] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000004 [ 54.368479] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 54.375729] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36425e66d4 [ 54.382987] R13: 00000000004c2673 R14: 00000000004d5050 R15: 00000000ffffffff [ 54.391422] Kernel Offset: disabled [ 54.395049] Rebooting in 86400 seconds..