[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 53.906722][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 53.906736][ T26] audit: type=1400 audit(1556089991.267:35): avc: denied { map } for pid=8220 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. [ 60.556633][ T26] audit: type=1400 audit(1556089997.917:36): avc: denied { map } for pid=8232 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/04/24 07:13:18 parsed 1 programs [ 61.554663][ T26] audit: type=1400 audit(1556089998.917:37): avc: denied { map } for pid=8232 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1114 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/04/24 07:13:20 executed programs: 0 [ 63.426404][ T8246] IPVS: ftp: loaded support on port[0] = 21 [ 63.487871][ T8246] chnl_net:caif_netlink_parms(): no params data found [ 63.520300][ T8246] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.527972][ T8246] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.535978][ T8246] device bridge_slave_0 entered promiscuous mode [ 63.544542][ T8246] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.551764][ T8246] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.559412][ T8246] device bridge_slave_1 entered promiscuous mode [ 63.576491][ T8246] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 63.587682][ T8246] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 63.606133][ T8246] team0: Port device team_slave_0 added [ 63.613324][ T8246] team0: Port device team_slave_1 added [ 63.691517][ T8246] device hsr_slave_0 entered promiscuous mode [ 63.769921][ T8246] device hsr_slave_1 entered promiscuous mode [ 63.829142][ T8246] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.836378][ T8246] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.844250][ T8246] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.851324][ T8246] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.883933][ T8246] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.897178][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.908402][ T2990] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.927367][ T2990] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.936772][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 63.949057][ T8246] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.958934][ T2898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.968318][ T2898] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.975430][ T2898] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.986462][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.996113][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.003255][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.019343][ T2898] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.028830][ T2898] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.041530][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.055445][ T8246] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 64.066977][ T8246] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.078609][ T2898] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.087533][ T2898] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.096179][ T2898] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.112008][ T8246] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.124361][ T26] audit: type=1400 audit(1556090001.487:38): avc: denied { associate } for pid=8246 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 64.473395][ T8269] ================================================================== [ 64.481819][ T8269] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x7a0 [ 64.489735][ T8269] Write of size 72 at addr ffff888091357c78 by task syz-executor.0/8269 [ 64.498062][ T8269] [ 64.500400][ T8269] CPU: 0 PID: 8269 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #81 [ 64.508273][ T8269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.518344][ T8269] Call Trace: [ 64.521647][ T8269] dump_stack+0x172/0x1f0 [ 64.526241][ T8269] ? ax25_getname+0x58/0x7a0 [ 64.530856][ T8269] print_address_description.cold+0x7c/0x20d [ 64.536859][ T8269] ? ax25_getname+0x58/0x7a0 [ 64.541450][ T8269] ? ax25_getname+0x58/0x7a0 [ 64.546042][ T8269] kasan_report.cold+0x1b/0x40 [ 64.550797][ T8269] ? ax25_getname+0x58/0x7a0 [ 64.555624][ T8269] check_memory_region+0x123/0x190 [ 64.560738][ T8269] memset+0x24/0x40 [ 64.564541][ T8269] ax25_getname+0x58/0x7a0 [ 64.568964][ T8269] ? fget+0x20/0x30 [ 64.572785][ T8269] vhost_net_ioctl+0x120f/0x1900 [ 64.577725][ T8269] ? vhost_zerocopy_callback+0x300/0x300 [ 64.583382][ T8269] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 64.589226][ T8269] ? ___might_sleep+0x163/0x280 [ 64.594112][ T8269] ? vhost_zerocopy_callback+0x300/0x300 [ 64.599740][ T8269] do_vfs_ioctl+0xd6e/0x1390 [ 64.604527][ T8269] ? ioctl_preallocate+0x210/0x210 [ 64.609652][ T8269] ? selinux_file_mprotect+0x620/0x620 [ 64.615110][ T8269] ? __fget+0x381/0x550 [ 64.619346][ T8269] ? ksys_dup3+0x3e0/0x3e0 [ 64.625684][ T8269] ? nsecs_to_jiffies+0x30/0x30 [ 64.630571][ T8269] ? tomoyo_file_ioctl+0x23/0x30 [ 64.635523][ T8269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.642054][ T8269] ? security_file_ioctl+0x93/0xc0 [ 64.647164][ T8269] ksys_ioctl+0xab/0xd0 [ 64.652357][ T8269] __x64_sys_ioctl+0x73/0xb0 [ 64.657164][ T8269] do_syscall_64+0x103/0x610 [ 64.661792][ T8269] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.667798][ T8269] RIP: 0033:0x458c39 [ 64.671790][ T8269] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.691389][ T8269] RSP: 002b:00007f3564a21c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 64.701982][ T8269] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c39 [ 64.709945][ T8269] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000003 [ 64.717907][ T8269] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 64.725894][ T8269] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3564a226d4 [ 64.734262][ T8269] R13: 00000000004c3657 R14: 00000000004d6b30 R15: 00000000ffffffff [ 64.742263][ T8269] [ 64.744665][ T8269] The buggy address belongs to the page: [ 64.750385][ T8269] page:ffffea000244d5c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 64.759321][ T8269] flags: 0x1fffc0000000000() [ 64.763910][ T8269] raw: 01fffc0000000000 0000000000000000 ffffffff02440101 0000000000000000 [ 64.772521][ T8269] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 64.790006][ T8269] page dumped because: kasan: bad access detected [ 64.796561][ T8269] [ 64.798990][ T8269] Memory state around the buggy address: [ 64.804716][ T8269] ffff888091357b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 64.812773][ T8269] ffff888091357c00: f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 f2 f2 f2 00 [ 64.821051][ T8269] >ffff888091357c80: 00 00 00 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 [ 64.829622][ T8269] ^ [ 64.834998][ T8269] ffff888091357d00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 64.843060][ T8269] ffff888091357d80: 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 [ 64.851597][ T8269] ================================================================== [ 64.859650][ T8269] Disabling lock debugging due to kernel taint [ 64.870161][ T8269] Kernel panic - not syncing: panic_on_warn set ... [ 64.876778][ T8269] CPU: 0 PID: 8269 Comm: syz-executor.0 Tainted: G B 5.1.0-rc6+ #81 [ 64.887069][ T8269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.897229][ T8269] Call Trace: [ 64.900514][ T8269] dump_stack+0x172/0x1f0 [ 64.904867][ T8269] panic+0x2cb/0x65c [ 64.908761][ T8269] ? __warn_printk+0xf3/0xf3 [ 64.913339][ T8269] ? ax25_getname+0x58/0x7a0 [ 64.917910][ T8269] ? preempt_schedule+0x4b/0x60 [ 64.922754][ T8269] ? ___preempt_schedule+0x16/0x18 [ 64.928075][ T8269] ? trace_hardirqs_on+0x5e/0x230 [ 64.933129][ T8269] ? ax25_getname+0x58/0x7a0 [ 64.937733][ T8269] end_report+0x47/0x4f [ 64.941880][ T8269] ? ax25_getname+0x58/0x7a0 [ 64.946470][ T8269] kasan_report.cold+0xe/0x40 [ 64.951152][ T8269] ? ax25_getname+0x58/0x7a0 [ 64.955757][ T8269] check_memory_region+0x123/0x190 [ 64.960879][ T8269] memset+0x24/0x40 [ 64.964707][ T8269] ax25_getname+0x58/0x7a0 [ 64.969111][ T8269] ? fget+0x20/0x30 [ 64.972904][ T8269] vhost_net_ioctl+0x120f/0x1900 [ 64.977831][ T8269] ? vhost_zerocopy_callback+0x300/0x300 [ 64.983447][ T8269] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 64.989274][ T8269] ? ___might_sleep+0x163/0x280 [ 64.994207][ T8269] ? vhost_zerocopy_callback+0x300/0x300 [ 64.999837][ T8269] do_vfs_ioctl+0xd6e/0x1390 [ 65.004419][ T8269] ? ioctl_preallocate+0x210/0x210 [ 65.009540][ T8269] ? selinux_file_mprotect+0x620/0x620 [ 65.014991][ T8269] ? __fget+0x381/0x550 [ 65.019216][ T8269] ? ksys_dup3+0x3e0/0x3e0 [ 65.023640][ T8269] ? nsecs_to_jiffies+0x30/0x30 [ 65.028513][ T8269] ? tomoyo_file_ioctl+0x23/0x30 [ 65.033649][ T8269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.039875][ T8269] ? security_file_ioctl+0x93/0xc0 [ 65.045201][ T8269] ksys_ioctl+0xab/0xd0 [ 65.049513][ T8269] __x64_sys_ioctl+0x73/0xb0 [ 65.054097][ T8269] do_syscall_64+0x103/0x610 [ 65.058676][ T8269] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 65.064567][ T8269] RIP: 0033:0x458c39 [ 65.068470][ T8269] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 65.088167][ T8269] RSP: 002b:00007f3564a21c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 65.096578][ T8269] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c39 [ 65.104777][ T8269] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000003 [ 65.112853][ T8269] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 65.120939][ T8269] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3564a226d4 [ 65.129117][ T8269] R13: 00000000004c3657 R14: 00000000004d6b30 R15: 00000000ffffffff [ 65.138072][ T8269] Kernel Offset: disabled [ 65.142409][ T8269] Rebooting in 86400 seconds..