[ 33.958125][ T26] audit: type=1800 audit(1550138102.903:27): pid=7297 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 33.958148][ T26] audit: type=1800 audit(1550138102.903:28): pid=7297 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 34.795934][ T26] audit: type=1800 audit(1550138103.773:29): pid=7297 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 34.819298][ T26] audit: type=1800 audit(1550138103.773:30): pid=7297 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. 2019/02/14 09:55:13 parsed 1 programs 2019/02/14 09:55:15 executed programs: 0 syzkaller login: [ 46.604927][ T7463] IPVS: ftp: loaded support on port[0] = 21 [ 46.663783][ T7463] chnl_net:caif_netlink_parms(): no params data found [ 46.694293][ T7463] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.702124][ T7463] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.709919][ T7463] device bridge_slave_0 entered promiscuous mode [ 46.718287][ T7463] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.725443][ T7463] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.733778][ T7463] device bridge_slave_1 entered promiscuous mode [ 46.749572][ T7463] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.759105][ T7463] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.776930][ T7463] team0: Port device team_slave_0 added [ 46.783591][ T7463] team0: Port device team_slave_1 added [ 46.837790][ T7463] device hsr_slave_0 entered promiscuous mode [ 46.876497][ T7463] device hsr_slave_1 entered promiscuous mode [ 46.922916][ T7463] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.930364][ T7463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.938338][ T7463] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.945394][ T7463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.973561][ T7463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.985943][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.006156][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.014539][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.023192][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 47.034008][ T7463] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.042949][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.051406][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.058485][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.078469][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.086889][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.094018][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.102047][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.110512][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.119257][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.127446][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.135935][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.144583][ T7463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.161666][ T7463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.398597][ T7553] ================================================================== [ 48.406953][ T7553] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x7a0 [ 48.414299][ T7553] Write of size 72 at addr ffff888029bffc78 by task syz-executor.0/7553 [ 48.422618][ T7553] [ 48.424932][ T7553] CPU: 0 PID: 7553 Comm: syz-executor.0 Not tainted 5.0.0-rc6-next-20190214 #35 [ 48.434033][ T7553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.444208][ T7553] Call Trace: [ 48.447487][ T7553] dump_stack+0x172/0x1f0 [ 48.451965][ T7553] ? ax25_getname+0x58/0x7a0 [ 48.456753][ T7553] print_address_description.cold+0x7c/0x20d [ 48.462711][ T7553] ? ax25_getname+0x58/0x7a0 [ 48.467279][ T7553] ? ax25_getname+0x58/0x7a0 [ 48.471852][ T7553] kasan_report.cold+0x1b/0x40 [ 48.476591][ T7553] ? ax25_getname+0x58/0x7a0 [ 48.481315][ T7553] check_memory_region+0x123/0x190 [ 48.486404][ T7553] memset+0x24/0x40 [ 48.490303][ T7553] ax25_getname+0x58/0x7a0 [ 48.494712][ T7553] ? fget+0x20/0x30 [ 48.498626][ T7553] vhost_net_ioctl+0x120f/0x1900 [ 48.503551][ T7553] ? vhost_zerocopy_callback+0x300/0x300 [ 48.509597][ T7553] ? __fget+0x35a/0x550 [ 48.513747][ T7553] ? find_held_lock+0x35/0x130 [ 48.518502][ T7553] ? __fget+0x35a/0x550 [ 48.522785][ T7553] ? vhost_zerocopy_callback+0x300/0x300 [ 48.528512][ T7553] do_vfs_ioctl+0xd6e/0x1390 [ 48.533196][ T7553] ? kasan_check_read+0x11/0x20 [ 48.538412][ T7553] ? ioctl_preallocate+0x210/0x210 [ 48.543501][ T7553] ? __fget+0x381/0x550 [ 48.547808][ T7553] ? ksys_dup3+0x3e0/0x3e0 [ 48.552206][ T7553] ? nsecs_to_jiffies+0x30/0x30 [ 48.557047][ T7553] ? security_file_ioctl+0x93/0xc0 [ 48.562158][ T7553] ksys_ioctl+0xab/0xd0 [ 48.566293][ T7553] __x64_sys_ioctl+0x73/0xb0 [ 48.570971][ T7553] do_syscall_64+0x103/0x610 [ 48.575542][ T7553] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.581595][ T7553] RIP: 0033:0x457e29 [ 48.585481][ T7553] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.605188][ T7553] RSP: 002b:00007fd3cdbeec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 48.613826][ T7553] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 48.621873][ T7553] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000004 [ 48.629949][ T7553] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 48.638014][ T7553] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd3cdbef6d4 [ 48.646583][ T7553] R13: 00000000004c2673 R14: 00000000004d5050 R15: 00000000ffffffff [ 48.654553][ T7553] [ 48.656862][ T7553] The buggy address belongs to the page: [ 48.662488][ T7553] page:ffffea0000a6ffc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 48.671429][ T7553] flags: 0x1fffc0000000000() [ 48.676217][ T7553] raw: 01fffc0000000000 0000000000000000 ffffffff00a60101 0000000000000000 [ 48.684785][ T7553] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 48.693617][ T7553] page dumped because: kasan: bad access detected [ 48.700120][ T7553] [ 48.702460][ T7553] Memory state around the buggy address: [ 48.708076][ T7553] ffff888029bffb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 48.716444][ T7553] ffff888029bffc00: f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 f2 f2 f2 00 [ 48.724618][ T7553] >ffff888029bffc80: 00 00 00 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 [ 48.732788][ T7553] ^ [ 48.738135][ T7553] ffff888029bffd00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 48.746378][ T7553] ffff888029bffd80: 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 [ 48.754757][ T7553] ================================================================== [ 48.762791][ T7553] Disabling lock debugging due to kernel taint [ 48.771462][ T7553] Kernel panic - not syncing: panic_on_warn set ... [ 48.778498][ T7553] CPU: 0 PID: 7553 Comm: syz-executor.0 Tainted: G B 5.0.0-rc6-next-20190214 #35 [ 48.788971][ T7553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.799397][ T7553] Call Trace: [ 48.802683][ T7553] dump_stack+0x172/0x1f0 [ 48.806993][ T7553] panic+0x2cb/0x65c [ 48.811067][ T7553] ? __warn_printk+0xf3/0xf3 [ 48.815802][ T7553] ? ax25_getname+0x58/0x7a0 [ 48.820374][ T7553] ? preempt_schedule+0x4b/0x60 [ 48.825381][ T7553] ? ___preempt_schedule+0x16/0x18 [ 48.830473][ T7553] ? trace_hardirqs_on+0x5e/0x230 [ 48.835484][ T7553] ? ax25_getname+0x58/0x7a0 [ 48.840068][ T7553] end_report+0x47/0x4f [ 48.844343][ T7553] ? ax25_getname+0x58/0x7a0 [ 48.849120][ T7553] kasan_report.cold+0xe/0x40 [ 48.853909][ T7553] ? ax25_getname+0x58/0x7a0 [ 48.858473][ T7553] check_memory_region+0x123/0x190 [ 48.863558][ T7553] memset+0x24/0x40 [ 48.867341][ T7553] ax25_getname+0x58/0x7a0 [ 48.871733][ T7553] ? fget+0x20/0x30 [ 48.875542][ T7553] vhost_net_ioctl+0x120f/0x1900 [ 48.880557][ T7553] ? vhost_zerocopy_callback+0x300/0x300 [ 48.886304][ T7553] ? __fget+0x35a/0x550 [ 48.890462][ T7553] ? find_held_lock+0x35/0x130 [ 48.895213][ T7553] ? __fget+0x35a/0x550 [ 48.899348][ T7553] ? vhost_zerocopy_callback+0x300/0x300 [ 48.905066][ T7553] do_vfs_ioctl+0xd6e/0x1390 [ 48.909645][ T7553] ? kasan_check_read+0x11/0x20 [ 48.914580][ T7553] ? ioctl_preallocate+0x210/0x210 [ 48.919669][ T7553] ? __fget+0x381/0x550 [ 48.923801][ T7553] ? ksys_dup3+0x3e0/0x3e0 [ 48.928360][ T7553] ? nsecs_to_jiffies+0x30/0x30 [ 48.933193][ T7553] ? security_file_ioctl+0x93/0xc0 [ 48.938294][ T7553] ksys_ioctl+0xab/0xd0 [ 48.942424][ T7553] __x64_sys_ioctl+0x73/0xb0 [ 48.947008][ T7553] do_syscall_64+0x103/0x610 [ 48.951876][ T7553] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.957750][ T7553] RIP: 0033:0x457e29 [ 48.961618][ T7553] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.981203][ T7553] RSP: 002b:00007fd3cdbeec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 48.989587][ T7553] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 48.997718][ T7553] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000004 [ 49.005801][ T7553] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 49.013967][ T7553] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd3cdbef6d4 [ 49.022096][ T7553] R13: 00000000004c2673 R14: 00000000004d5050 R15: 00000000ffffffff [ 49.031389][ T7553] Kernel Offset: disabled [ 49.035708][ T7553] Rebooting in 86400 seconds..