[ 43.042150] audit: type=1800 audit(1581809283.343:29): pid=8001 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 43.078657] audit: type=1800 audit(1581809283.343:30): pid=8001 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 52.974250] kauditd_printk_skb: 5 callbacks suppressed [ 52.974266] audit: type=1400 audit(1581809293.273:36): avc: denied { map } for pid=8186 comm="syz-executor852" path="/root/syz-executor852068025" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 52.991921] ================================================================== [ 53.015304] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x7a0 [ 53.022952] Write of size 72 at addr ffff88808f2e7c78 by task syz-executor852/8186 [ 53.030983] [ 53.032740] CPU: 0 PID: 8186 Comm: syz-executor852 Not tainted 4.19.104-syzkaller #0 [ 53.041148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.051530] Call Trace: [ 53.054261] dump_stack+0x197/0x210 [ 53.058198] ? ax25_getname+0x58/0x7a0 [ 53.062480] print_address_description.cold+0x7c/0x20d [ 53.067970] ? ax25_getname+0x58/0x7a0 [ 53.072109] kasan_report.cold+0x8c/0x2ba [ 53.076278] check_memory_region+0x123/0x190 [ 53.080902] memset+0x24/0x40 [ 53.084188] ax25_getname+0x58/0x7a0 [ 53.088039] ? fget+0x1b/0x20 [ 53.091291] vhost_net_ioctl+0x120a/0x1900 [ 53.095559] ? handle_rx_kick+0x50/0x50 [ 53.100276] ? __handle_mm_fault+0x7d1/0x3f80 [ 53.104952] ? __might_sleep+0x95/0x190 [ 53.109768] ? handle_rx_kick+0x50/0x50 [ 53.113966] do_vfs_ioctl+0xd5f/0x1380 [ 53.118502] ? selinux_file_ioctl+0x46c/0x5d0 [ 53.123512] ? selinux_file_ioctl+0x125/0x5d0 [ 53.130311] ? ioctl_preallocate+0x210/0x210 [ 53.135461] ? selinux_file_mprotect+0x620/0x620 [ 53.140398] ? __mm_populate+0x50/0x380 [ 53.146045] ? write_comp_data+0x4b/0x70 [ 53.150121] ? up_read+0x1a/0x110 [ 53.153828] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.159667] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.165441] ? security_file_ioctl+0x8d/0xc0 [ 53.169868] ksys_ioctl+0xab/0xd0 [ 53.173886] __x64_sys_ioctl+0x73/0xb0 [ 53.178164] do_syscall_64+0xfd/0x620 [ 53.181996] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.187315] RIP: 0033:0x440259 [ 53.190651] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.210380] RSP: 002b:00007fff83b7c0a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 53.218523] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259 [ 53.225899] RDX: 0000000020f1dff8 RSI: 000000004008af30 RDI: 0000000000000003 [ 53.233540] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 53.240940] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401ae0 [ 53.248474] R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000 [ 53.255928] [ 53.257558] The buggy address belongs to the page: [ 53.262515] page:ffffea00023cb9c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 53.270982] flags: 0xfffe0000000000() [ 53.274995] raw: 00fffe0000000000 0000000000000000 ffffffff023c0101 0000000000000000 [ 53.283214] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 53.291659] page dumped because: kasan: bad access detected [ 53.297489] [ 53.299305] Memory state around the buggy address: [ 53.304241] ffff88808f2e7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 53.311744] ffff88808f2e7c00: f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 f2 f2 f2 00 [ 53.319198] >ffff88808f2e7c80: 00 00 00 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 [ 53.326847] ^ [ 53.332231] ffff88808f2e7d00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 53.339948] ffff88808f2e7d80: 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 [ 53.347676] ================================================================== [ 53.355578] Disabling lock debugging due to kernel taint [ 53.362698] Kernel panic - not syncing: panic_on_warn set ... [ 53.362698] [ 53.370506] CPU: 0 PID: 8186 Comm: syz-executor852 Tainted: G B 4.19.104-syzkaller #0 [ 53.379808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.389398] Call Trace: [ 53.391991] dump_stack+0x197/0x210 [ 53.395617] ? ax25_getname+0x58/0x7a0 [ 53.400253] panic+0x26a/0x50e [ 53.403465] ? __warn_printk+0xf3/0xf3 [ 53.407767] ? ax25_getname+0x58/0x7a0 [ 53.411766] ? preempt_schedule+0x4b/0x60 [ 53.416037] ? ___preempt_schedule+0x16/0x18 [ 53.420600] ? trace_hardirqs_on+0x5e/0x220 [ 53.425109] ? ax25_getname+0x58/0x7a0 [ 53.429122] kasan_end_report+0x47/0x4f [ 53.433194] kasan_report.cold+0xa9/0x2ba [ 53.437521] check_memory_region+0x123/0x190 [ 53.442226] memset+0x24/0x40 [ 53.445419] ax25_getname+0x58/0x7a0 [ 53.449183] ? fget+0x1b/0x20 [ 53.452389] vhost_net_ioctl+0x120a/0x1900 [ 53.456852] ? handle_rx_kick+0x50/0x50 [ 53.460971] ? __handle_mm_fault+0x7d1/0x3f80 [ 53.465647] ? __might_sleep+0x95/0x190 [ 53.469633] ? handle_rx_kick+0x50/0x50 [ 53.473612] do_vfs_ioctl+0xd5f/0x1380 [ 53.477658] ? selinux_file_ioctl+0x46c/0x5d0 [ 53.482231] ? selinux_file_ioctl+0x125/0x5d0 [ 53.486830] ? ioctl_preallocate+0x210/0x210 [ 53.491360] ? selinux_file_mprotect+0x620/0x620 [ 53.496119] ? __mm_populate+0x50/0x380 [ 53.500092] ? write_comp_data+0x4b/0x70 [ 53.504150] ? up_read+0x1a/0x110 [ 53.507601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.513319] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.518903] ? security_file_ioctl+0x8d/0xc0 [ 53.523370] ksys_ioctl+0xab/0xd0 [ 53.526854] __x64_sys_ioctl+0x73/0xb0 [ 53.530746] do_syscall_64+0xfd/0x620 [ 53.534541] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.539723] RIP: 0033:0x440259 [ 53.542944] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.561936] RSP: 002b:00007fff83b7c0a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 53.569657] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259 [ 53.576922] RDX: 0000000020f1dff8 RSI: 000000004008af30 RDI: 0000000000000003 [ 53.584486] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 53.591752] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401ae0 [ 53.600524] R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000 [ 53.611506] Kernel Offset: disabled [ 53.615388] Rebooting in 86400 seconds..