[ 71.666651][ T27] audit: type=1800 audit(1581914014.315:26): pid=9906 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 72.825168][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 72.825179][ T27] audit: type=1800 audit(1581914015.495:29): pid=9906 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 72.851433][ T27] audit: type=1800 audit(1581914015.495:30): pid=9906 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 82.177926][T10059] ================================================================== [ 82.186272][T10059] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x7a0 [ 82.193632][T10059] Write of size 72 at addr ffffc90005bc7e00 by task syz-executor507/10059 [ 82.202285][T10059] [ 82.204650][T10059] CPU: 1 PID: 10059 Comm: syz-executor507 Not tainted 5.6.0-rc2-syzkaller #0 [ 82.213393][T10059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.223613][T10059] Call Trace: [ 82.226986][T10059] dump_stack+0x197/0x210 [ 82.231314][T10059] ? ax25_getname+0x58/0x7a0 [ 82.235996][T10059] print_address_description.constprop.0.cold+0x5/0x30b [ 82.243070][T10059] ? ax25_getname+0x58/0x7a0 [ 82.247698][T10059] ? ax25_getname+0x58/0x7a0 [ 82.252292][T10059] __kasan_report.cold+0x1b/0x32 [ 82.257222][T10059] ? ax25_getname+0x58/0x7a0 [ 82.261808][T10059] kasan_report+0x12/0x20 [ 82.266150][T10059] check_memory_region+0x134/0x1a0 [ 82.271269][T10059] memset+0x24/0x40 [ 82.275092][T10059] ax25_getname+0x58/0x7a0 [ 82.279619][T10059] ? fget+0x4f/0x60 [ 82.283427][T10059] vhost_net_ioctl+0x1213/0x1960 [ 82.288371][T10059] ? vhost_zerocopy_callback+0x2f0/0x2f0 [ 82.294116][T10059] ? __kasan_check_write+0x14/0x20 [ 82.299215][T10059] ? up_read+0x1cd/0x810 [ 82.303468][T10059] ? tomoyo_file_ioctl+0x23/0x30 [ 82.308402][T10059] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.314648][T10059] ? security_file_ioctl+0x8d/0xc0 [ 82.319811][T10059] ? vhost_zerocopy_callback+0x2f0/0x2f0 [ 82.325514][T10059] ksys_ioctl+0x123/0x180 [ 82.329850][T10059] __x64_sys_ioctl+0x73/0xb0 [ 82.334434][T10059] do_syscall_64+0xfa/0x790 [ 82.338943][T10059] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.344882][T10059] RIP: 0033:0x440259 [ 82.348835][T10059] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 82.368520][T10059] RSP: 002b:00007ffe1fa95c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 82.377002][T10059] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259 [ 82.384967][T10059] RDX: 0000000020f1dff8 RSI: 000000004008af30 RDI: 0000000000000003 [ 82.392949][T10059] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 82.400919][T10059] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401ae0 [ 82.409009][T10059] R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000 [ 82.416987][T10059] [ 82.419308][T10059] [ 82.421706][T10059] addr ffffc90005bc7e00 is located in stack of task syz-executor507/10059 at offset 128 in frame: [ 82.432386][T10059] vhost_net_ioctl+0x0/0x1960 [ 82.437046][T10059] [ 82.439366][T10059] this frame has 4 objects: [ 82.444100][T10059] [48, 52) 'r' [ 82.444105][T10059] [64, 72) 'features' [ 82.447555][T10059] [96, 104) 'backend' [ 82.451716][T10059] [128, 180) 'uaddr' [ 82.455772][T10059] [ 82.462207][T10059] Memory state around the buggy address: [ 82.469591][T10059] ffffc90005bc7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 82.480172][T10059] ffffc90005bc7d80: f1 f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 f2 f2 f2 [ 82.488245][T10059] >ffffc90005bc7e00: 00 00 00 00 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 [ 82.496292][T10059] ^ [ 82.501918][T10059] ffffc90005bc7e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 82.510313][T10059] ffffc90005bc7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 82.518469][T10059] ================================================================== [ 82.526609][T10059] Disabling lock debugging due to kernel taint [ 82.533695][T10059] Kernel panic - not syncing: panic_on_warn set ... [ 82.540289][T10059] CPU: 1 PID: 10059 Comm: syz-executor507 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 82.550473][T10059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.560530][T10059] Call Trace: [ 82.563807][T10059] dump_stack+0x197/0x210 [ 82.568151][T10059] panic+0x2e3/0x75c [ 82.572069][T10059] ? add_taint.cold+0x16/0x16 [ 82.576778][T10059] ? ax25_getname+0x58/0x7a0 [ 82.581639][T10059] ? preempt_schedule+0x4b/0x60 [ 82.586481][T10059] ? ___preempt_schedule+0x16/0x18 [ 82.591599][T10059] ? trace_hardirqs_on+0x5e/0x240 [ 82.596624][T10059] ? ax25_getname+0x58/0x7a0 [ 82.601250][T10059] end_report+0x47/0x4f [ 82.605414][T10059] ? ax25_getname+0x58/0x7a0 [ 82.609996][T10059] __kasan_report.cold+0xe/0x32 [ 82.614948][T10059] ? ax25_getname+0x58/0x7a0 [ 82.619538][T10059] kasan_report+0x12/0x20 [ 82.623940][T10059] check_memory_region+0x134/0x1a0 [ 82.629039][T10059] memset+0x24/0x40 [ 82.632831][T10059] ax25_getname+0x58/0x7a0 [ 82.637240][T10059] ? fget+0x4f/0x60 [ 82.641036][T10059] vhost_net_ioctl+0x1213/0x1960 [ 82.645985][T10059] ? vhost_zerocopy_callback+0x2f0/0x2f0 [ 82.651749][T10059] ? __kasan_check_write+0x14/0x20 [ 82.656856][T10059] ? up_read+0x1cd/0x810 [ 82.661100][T10059] ? tomoyo_file_ioctl+0x23/0x30 [ 82.666080][T10059] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.672317][T10059] ? security_file_ioctl+0x8d/0xc0 [ 82.677440][T10059] ? vhost_zerocopy_callback+0x2f0/0x2f0 [ 82.683071][T10059] ksys_ioctl+0x123/0x180 [ 82.687387][T10059] __x64_sys_ioctl+0x73/0xb0 [ 82.691974][T10059] do_syscall_64+0xfa/0x790 [ 82.696528][T10059] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.702413][T10059] RIP: 0033:0x440259 [ 82.706292][T10059] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 82.726764][T10059] RSP: 002b:00007ffe1fa95c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 82.735170][T10059] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259 [ 82.743274][T10059] RDX: 0000000020f1dff8 RSI: 000000004008af30 RDI: 0000000000000003 [ 82.751241][T10059] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 82.759211][T10059] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401ae0 [ 82.767200][T10059] R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000 [ 82.776876][T10059] Kernel Offset: disabled [ 82.781211][T10059] Rebooting in 86400 seconds..