[ 37.883488][ T26] audit: type=1800 audit(1556091184.551:28): pid=7664 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.754108][ T26] audit: type=1800 audit(1556091185.471:29): pid=7664 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 38.774686][ T26] audit: type=1800 audit(1556091185.481:30): pid=7664 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.229' (ECDSA) to the list of known hosts. 2019/04/24 07:33:16 parsed 1 programs 2019/04/24 07:33:18 executed programs: 0 syzkaller login: [ 52.005826][ T7852] IPVS: ftp: loaded support on port[0] = 21 [ 52.063057][ T7852] chnl_net:caif_netlink_parms(): no params data found [ 52.093417][ T7852] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.101186][ T7852] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.109119][ T7852] device bridge_slave_0 entered promiscuous mode [ 52.117771][ T7852] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.124848][ T7852] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.132609][ T7852] device bridge_slave_1 entered promiscuous mode [ 52.148798][ T7852] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.158281][ T7852] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.174368][ T7852] team0: Port device team_slave_0 added [ 52.182335][ T7852] team0: Port device team_slave_1 added [ 52.237196][ T7852] device hsr_slave_0 entered promiscuous mode [ 52.285323][ T7852] device hsr_slave_1 entered promiscuous mode [ 52.362326][ T7852] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.369527][ T7852] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.377235][ T7852] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.384268][ T7852] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.413439][ T7852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.424451][ T2923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.445639][ T2923] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.453253][ T2923] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.461961][ T2923] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 52.472953][ T7852] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.483200][ T7854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.491594][ T7854] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.499254][ T7854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.509732][ T2923] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.518723][ T2923] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.525827][ T2923] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.542403][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.551053][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.566226][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.574567][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.583297][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.592608][ T7852] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.608739][ T7852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.908127][ T7875] ================================================================== [ 52.916311][ T7875] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x7a0 [ 52.923688][ T7875] Write of size 72 at addr ffff888097197c78 by task syz-executor.0/7875 [ 52.931982][ T7875] [ 52.934294][ T7875] CPU: 1 PID: 7875 Comm: syz-executor.0 Not tainted 5.1.0-rc6-next-20190423 #29 [ 52.943370][ T7875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.953409][ T7875] Call Trace: [ 52.956703][ T7875] dump_stack+0x172/0x1f0 [ 52.961015][ T7875] ? ax25_getname+0x58/0x7a0 [ 52.965607][ T7875] print_address_description.cold+0x7c/0x20d [ 52.971770][ T7875] ? ax25_getname+0x58/0x7a0 [ 52.976349][ T7875] ? ax25_getname+0x58/0x7a0 [ 52.981093][ T7875] __kasan_report.cold+0x1b/0x40 [ 52.986120][ T7875] ? ax25_getname+0x58/0x7a0 [ 52.991012][ T7875] kasan_report+0x12/0x20 [ 52.995343][ T7875] check_memory_region+0x123/0x190 [ 53.000542][ T7875] memset+0x24/0x40 [ 53.004338][ T7875] ax25_getname+0x58/0x7a0 [ 53.008740][ T7875] ? fget+0x20/0x30 [ 53.012535][ T7875] vhost_net_ioctl+0x120f/0x1900 [ 53.017481][ T7875] ? vhost_zerocopy_callback+0x300/0x300 [ 53.023114][ T7875] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 53.028945][ T7875] ? __fget+0x35a/0x550 [ 53.033103][ T7875] ? vhost_zerocopy_callback+0x300/0x300 [ 53.038731][ T7875] do_vfs_ioctl+0xd6e/0x1390 [ 53.043317][ T7875] ? ioctl_preallocate+0x210/0x210 [ 53.048415][ T7875] ? __fget+0x381/0x550 [ 53.052556][ T7875] ? ksys_dup3+0x3e0/0x3e0 [ 53.056951][ T7875] ? nsecs_to_jiffies+0x30/0x30 [ 53.061795][ T7875] ? tomoyo_file_ioctl+0x23/0x30 [ 53.066713][ T7875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.073452][ T7875] ? security_file_ioctl+0x93/0xc0 [ 53.078555][ T7875] ksys_ioctl+0xab/0xd0 [ 53.082695][ T7875] __x64_sys_ioctl+0x73/0xb0 [ 53.087286][ T7875] do_syscall_64+0x103/0x670 [ 53.091879][ T7875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.097748][ T7875] RIP: 0033:0x458c39 [ 53.101621][ T7875] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.121224][ T7875] RSP: 002b:00007f833aea7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 53.129631][ T7875] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c39 [ 53.137617][ T7875] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000003 [ 53.145588][ T7875] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 53.153541][ T7875] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f833aea86d4 [ 53.161491][ T7875] R13: 00000000004c3657 R14: 00000000004d6b30 R15: 00000000ffffffff [ 53.169447][ T7875] [ 53.171751][ T7875] The buggy address belongs to the page: [ 53.177359][ T7875] page:ffffea00025c65c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 53.186197][ T7875] flags: 0x1fffc0000000000() [ 53.190772][ T7875] raw: 01fffc0000000000 0000000000000000 ffffffff025c0101 0000000000000000 [ 53.199354][ T7875] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 53.207911][ T7875] page dumped because: kasan: bad access detected [ 53.214294][ T7875] [ 53.216595][ T7875] Memory state around the buggy address: [ 53.222201][ T7875] ffff888097197b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 53.230239][ T7875] ffff888097197c00: f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 f2 f2 f2 00 [ 53.238292][ T7875] >ffff888097197c80: 00 00 00 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 [ 53.246329][ T7875] ^ [ 53.251687][ T7875] ffff888097197d00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 53.259724][ T7875] ffff888097197d80: 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 [ 53.267757][ T7875] ================================================================== [ 53.275789][ T7875] Disabling lock debugging due to kernel taint [ 53.283600][ T7875] Kernel panic - not syncing: panic_on_warn set ... [ 53.290198][ T7875] CPU: 0 PID: 7875 Comm: syz-executor.0 Tainted: G B 5.1.0-rc6-next-20190423 #29 [ 53.300578][ T7875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.310625][ T7875] Call Trace: [ 53.313902][ T7875] dump_stack+0x172/0x1f0 [ 53.318212][ T7875] panic+0x2cb/0x72b [ 53.322085][ T7875] ? __warn_printk+0xf3/0xf3 [ 53.326653][ T7875] ? ax25_getname+0x58/0x7a0 [ 53.331220][ T7875] ? preempt_schedule+0x4b/0x60 [ 53.336047][ T7875] ? ___preempt_schedule+0x16/0x18 [ 53.341136][ T7875] ? trace_hardirqs_on+0x5e/0x230 [ 53.346140][ T7875] ? ax25_getname+0x58/0x7a0 [ 53.350708][ T7875] end_report+0x47/0x4f [ 53.354837][ T7875] ? ax25_getname+0x58/0x7a0 [ 53.359401][ T7875] __kasan_report.cold+0xe/0x40 [ 53.364227][ T7875] ? ax25_getname+0x58/0x7a0 [ 53.368793][ T7875] kasan_report+0x12/0x20 [ 53.373135][ T7875] check_memory_region+0x123/0x190 [ 53.378230][ T7875] memset+0x24/0x40 [ 53.382014][ T7875] ax25_getname+0x58/0x7a0 [ 53.386420][ T7875] ? fget+0x20/0x30 [ 53.390221][ T7875] vhost_net_ioctl+0x120f/0x1900 [ 53.395156][ T7875] ? vhost_zerocopy_callback+0x300/0x300 [ 53.400777][ T7875] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 53.406562][ T7875] ? __fget+0x35a/0x550 [ 53.410692][ T7875] ? vhost_zerocopy_callback+0x300/0x300 [ 53.416303][ T7875] do_vfs_ioctl+0xd6e/0x1390 [ 53.420872][ T7875] ? ioctl_preallocate+0x210/0x210 [ 53.425958][ T7875] ? __fget+0x381/0x550 [ 53.430178][ T7875] ? ksys_dup3+0x3e0/0x3e0 [ 53.434569][ T7875] ? nsecs_to_jiffies+0x30/0x30 [ 53.439397][ T7875] ? tomoyo_file_ioctl+0x23/0x30 [ 53.444331][ T7875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.450552][ T7875] ? security_file_ioctl+0x93/0xc0 [ 53.455642][ T7875] ksys_ioctl+0xab/0xd0 [ 53.459774][ T7875] __x64_sys_ioctl+0x73/0xb0 [ 53.464356][ T7875] do_syscall_64+0x103/0x670 [ 53.468927][ T7875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.474790][ T7875] RIP: 0033:0x458c39 [ 53.478659][ T7875] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.498241][ T7875] RSP: 002b:00007f833aea7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 53.506629][ T7875] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c39 [ 53.514592][ T7875] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000003 [ 53.522538][ T7875] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 53.530485][ T7875] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f833aea86d4 [ 53.538430][ T7875] R13: 00000000004c3657 R14: 00000000004d6b30 R15: 00000000ffffffff [ 53.547022][ T7875] Kernel Offset: disabled [ 53.551358][ T7875] Rebooting in 86400 seconds..