[ 41.162621][ T26] audit: type=1800 audit(1556740859.127:25): pid=7853 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 41.197354][ T26] audit: type=1800 audit(1556740859.137:26): pid=7853 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 41.231874][ T26] audit: type=1800 audit(1556740859.137:27): pid=7853 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.181' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 52.012336][ T8026] IPVS: ftp: loaded support on port[0] = 21 [ 52.056208][ T8028] ================================================================== [ 52.064512][ T8028] BUG: KASAN: slab-out-of-bounds in skb_gro_receive+0xf5f/0x10e0 [ 52.072225][ T8028] Read of size 16 at addr ffff88808c687ff0 by task syz-executor256/8028 [ 52.080694][ T8028] [ 52.083027][ T8028] CPU: 1 PID: 8028 Comm: syz-executor256 Not tainted 5.1.0-rc7-next-20190501 #34 [ 52.092229][ T8028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.102276][ T8028] Call Trace: [ 52.105559][ T8028] dump_stack+0x172/0x1f0 [ 52.109881][ T8028] ? skb_gro_receive+0xf5f/0x10e0 [ 52.115007][ T8028] print_address_description.cold+0x7c/0x20d [ 52.121028][ T8028] ? skb_gro_receive+0xf5f/0x10e0 [ 52.126126][ T8028] ? skb_gro_receive+0xf5f/0x10e0 [ 52.131300][ T8028] __kasan_report.cold+0x1b/0x40 [ 52.136248][ T8028] ? skb_gro_receive+0xf5f/0x10e0 [ 52.141638][ T8028] kasan_report+0x12/0x20 [ 52.145970][ T8028] __asan_report_load16_noabort+0x14/0x20 [ 52.151723][ T8028] skb_gro_receive+0xf5f/0x10e0 [ 52.156590][ T8028] udp_gro_receive+0xc63/0x1080 [ 52.161452][ T8028] udp4_gro_receive+0x763/0xeb0 [ 52.166303][ T8028] ? udp_gro_receive+0x1080/0x1080 [ 52.171412][ T8028] inet_gro_receive+0xe72/0x1110 [ 52.176414][ T8028] ? inet_sk_rebuild_header+0x1c50/0x1c50 [ 52.182133][ T8028] dev_gro_receive+0x1cd0/0x23c0 [ 52.187069][ T8028] napi_gro_frags+0x36b/0xd10 [ 52.191885][ T8028] tun_get_user+0x2f3f/0x3ff0 [ 52.196556][ T8028] ? tun_build_skb.isra.0+0x1300/0x1300 [ 52.202093][ T8028] ? tun_get+0x171/0x290 [ 52.206335][ T8028] ? lock_downgrade+0x880/0x880 [ 52.211182][ T8028] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.217433][ T8028] ? kasan_check_read+0x11/0x20 [ 52.222329][ T8028] tun_chr_write_iter+0xbd/0x156 [ 52.227295][ T8028] do_iter_readv_writev+0x5e1/0x8e0 [ 52.232577][ T8028] ? vfs_dedupe_file_range+0x780/0x780 [ 52.238088][ T8028] ? apparmor_file_permission+0x25/0x30 [ 52.243632][ T8028] ? rw_verify_area+0x118/0x360 [ 52.248590][ T8028] do_iter_write+0x184/0x610 [ 52.253175][ T8028] ? dup_iter+0x260/0x260 [ 52.257500][ T8028] vfs_writev+0x1b3/0x2f0 [ 52.261824][ T8028] ? vfs_iter_write+0xb0/0xb0 [ 52.266499][ T8028] ? release_sock+0x158/0x1c0 [ 52.271225][ T8028] ? __local_bh_enable_ip+0x15a/0x270 [ 52.276643][ T8028] ? release_sock+0x158/0x1c0 [ 52.281329][ T8028] ? udp_lib_setsockopt+0x494/0x9c0 [ 52.286727][ T8028] ? udp_setsockopt+0x70/0xb0 [ 52.291545][ T8028] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.297900][ T8028] ? __fget_light+0x1a9/0x230 [ 52.302573][ T8028] do_writev+0x15e/0x370 [ 52.306812][ T8028] ? vfs_writev+0x2f0/0x2f0 [ 52.311510][ T8028] ? do_syscall_64+0x26/0x670 [ 52.316312][ T8028] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.322373][ T8028] ? do_syscall_64+0x26/0x670 [ 52.327054][ T8028] __x64_sys_writev+0x75/0xb0 [ 52.332019][ T8028] do_syscall_64+0x103/0x670 [ 52.336603][ T8028] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.342480][ T8028] RIP: 0033:0x441cc0 [ 52.346364][ T8028] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 51 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 52.365960][ T8028] RSP: 002b:00007ffffce90e28 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 52.374463][ T8028] RAX: ffffffffffffffda RBX: 00007ffffce90e60 RCX: 0000000000441cc0 [ 52.382453][ T8028] RDX: 0000000000000001 RSI: 00007ffffce90e80 RDI: 00000000000000f0 [ 52.390484][ T8028] RBP: 0000000000000000 R08: 000000000000ffff R09: 0000555555780668 [ 52.398451][ T8028] R10: 0000000020000040 R11: 0000000000000246 R12: 000000000000cb46 [ 52.406412][ T8028] R13: 0000000000402b50 R14: 0000000000000000 R15: 0000000000000000 [ 52.414384][ T8028] [ 52.416710][ T8028] Allocated by task 7976: [ 52.421142][ T8028] save_stack+0x23/0x90 [ 52.425292][ T8028] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 52.430911][ T8028] kasan_slab_alloc+0xf/0x20 [ 52.435488][ T8028] kmem_cache_alloc_node+0x131/0x710 [ 52.440766][ T8028] copy_process.part.0+0x4426/0x67e0 [ 52.446053][ T8028] _do_fork+0x25d/0xfe0 [ 52.450191][ T8028] __x64_sys_clone+0xbf/0x150 [ 52.454853][ T8028] do_syscall_64+0x103/0x670 [ 52.459426][ T8028] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.465444][ T8028] [ 52.467765][ T8028] Freed by task 0: [ 52.471473][ T8028] save_stack+0x23/0x90 [ 52.475726][ T8028] __kasan_slab_free+0x102/0x150 [ 52.480646][ T8028] kasan_slab_free+0xe/0x10 [ 52.485134][ T8028] kmem_cache_free+0x86/0x260 [ 52.489800][ T8028] free_task+0xdd/0x120 [ 52.493943][ T8028] __put_task_struct+0x1fd/0x4e0 [ 52.498974][ T8028] delayed_put_task_struct+0x1ec/0x340 [ 52.504532][ T8028] rcu_core+0xbac/0x1510 [ 52.508766][ T8028] __do_softirq+0x266/0x95a [ 52.513257][ T8028] [ 52.515576][ T8028] The buggy address belongs to the object at ffff88808c6864c0 [ 52.515576][ T8028] which belongs to the cache task_struct of size 6080 [ 52.530040][ T8028] The buggy address is located 880 bytes to the right of [ 52.530040][ T8028] 6080-byte region [ffff88808c6864c0, ffff88808c687c80) [ 52.544031][ T8028] The buggy address belongs to the page: [ 52.549669][ T8028] page:ffffea000231a180 count:1 mapcount:0 mapping:ffff88821bc427c0 index:0x0 compound_mapcount: 0 [ 52.560338][ T8028] flags: 0x1fffc0000010200(slab|head) [ 52.565718][ T8028] raw: 01fffc0000010200 ffffea0002326508 ffffea0002a10d88 ffff88821bc427c0 [ 52.574310][ T8028] raw: 0000000000000000 ffff88808c6864c0 0000000100000001 0000000000000000 [ 52.582882][ T8028] page dumped because: kasan: bad access detected [ 52.589418][ T8028] [ 52.591772][ T8028] Memory state around the buggy address: [ 52.597451][ T8028] ffff88808c687e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.605503][ T8028] ffff88808c687f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.613813][ T8028] >ffff88808c687f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.621855][ T8028] ^ [ 52.629559][ T8028] ffff88808c688000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.637608][ T8028] ffff88808c688080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.645883][ T8028] ================================================================== [ 52.653929][ T8028] Disabling lock debugging due to kernel taint [ 52.660104][ T8028] Kernel panic - not syncing: panic_on_warn set ... [ 52.666744][ T8028] CPU: 1 PID: 8028 Comm: syz-executor256 Tainted: G B 5.1.0-rc7-next-20190501 #34 [ 52.677230][ T8028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.687280][ T8028] Call Trace: [ 52.690565][ T8028] dump_stack+0x172/0x1f0 [ 52.694948][ T8028] panic+0x2cb/0x75a [ 52.698847][ T8028] ? __warn_printk+0xf3/0xf3 [ 52.703418][ T8028] ? retint_kernel+0x2b/0x2b [ 52.707989][ T8028] ? trace_hardirqs_on+0x5e/0x230 [ 52.712999][ T8028] ? skb_gro_receive+0xf5f/0x10e0 [ 52.718013][ T8028] end_report+0x47/0x4f [ 52.722152][ T8028] ? skb_gro_receive+0xf5f/0x10e0 [ 52.727251][ T8028] __kasan_report.cold+0xe/0x40 [ 52.732092][ T8028] ? skb_gro_receive+0xf5f/0x10e0 [ 52.737103][ T8028] kasan_report+0x12/0x20 [ 52.741417][ T8028] __asan_report_load16_noabort+0x14/0x20 [ 52.747120][ T8028] skb_gro_receive+0xf5f/0x10e0 [ 52.751969][ T8028] udp_gro_receive+0xc63/0x1080 [ 52.756853][ T8028] udp4_gro_receive+0x763/0xeb0 [ 52.761802][ T8028] ? udp_gro_receive+0x1080/0x1080 [ 52.778382][ T8028] inet_gro_receive+0xe72/0x1110 [ 52.783310][ T8028] ? inet_sk_rebuild_header+0x1c50/0x1c50 [ 52.789021][ T8028] dev_gro_receive+0x1cd0/0x23c0 [ 52.794162][ T8028] napi_gro_frags+0x36b/0xd10 [ 52.798827][ T8028] tun_get_user+0x2f3f/0x3ff0 [ 52.803632][ T8028] ? tun_build_skb.isra.0+0x1300/0x1300 [ 52.809164][ T8028] ? tun_get+0x171/0x290 [ 52.815173][ T8028] ? lock_downgrade+0x880/0x880 [ 52.820135][ T8028] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.826374][ T8028] ? kasan_check_read+0x11/0x20 [ 52.831310][ T8028] tun_chr_write_iter+0xbd/0x156 [ 52.836240][ T8028] do_iter_readv_writev+0x5e1/0x8e0 [ 52.841440][ T8028] ? vfs_dedupe_file_range+0x780/0x780 [ 52.847033][ T8028] ? apparmor_file_permission+0x25/0x30 [ 52.852736][ T8028] ? rw_verify_area+0x118/0x360 [ 52.857595][ T8028] do_iter_write+0x184/0x610 [ 52.862184][ T8028] ? dup_iter+0x260/0x260 [ 52.866590][ T8028] vfs_writev+0x1b3/0x2f0 [ 52.870913][ T8028] ? vfs_iter_write+0xb0/0xb0 [ 52.875611][ T8028] ? release_sock+0x158/0x1c0 [ 52.880590][ T8028] ? __local_bh_enable_ip+0x15a/0x270 [ 52.885955][ T8028] ? release_sock+0x158/0x1c0 [ 52.890623][ T8028] ? udp_lib_setsockopt+0x494/0x9c0 [ 52.895815][ T8028] ? udp_setsockopt+0x70/0xb0 [ 52.900630][ T8028] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.906862][ T8028] ? __fget_light+0x1a9/0x230 [ 52.911534][ T8028] do_writev+0x15e/0x370 [ 52.915765][ T8028] ? vfs_writev+0x2f0/0x2f0 [ 52.920256][ T8028] ? do_syscall_64+0x26/0x670 [ 52.924921][ T8028] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.930973][ T8028] ? do_syscall_64+0x26/0x670 [ 52.935790][ T8028] __x64_sys_writev+0x75/0xb0 [ 52.940459][ T8028] do_syscall_64+0x103/0x670 [ 52.945047][ T8028] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.951022][ T8028] RIP: 0033:0x441cc0 [ 52.954900][ T8028] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 51 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 52.974606][ T8028] RSP: 002b:00007ffffce90e28 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 52.983551][ T8028] RAX: ffffffffffffffda RBX: 00007ffffce90e60 RCX: 0000000000441cc0 [ 52.992219][ T8028] RDX: 0000000000000001 RSI: 00007ffffce90e80 RDI: 00000000000000f0 [ 53.000362][ T8028] RBP: 0000000000000000 R08: 000000000000ffff R09: 0000555555780668 [ 53.008322][ T8028] R10: 0000000020000040 R11: 0000000000000246 R12: 000000000000cb46 [ 53.016396][ T8028] R13: 0000000000402b50 R14: 0000000000000000 R15: 0000000000000000 [ 53.025525][ T8028] Kernel Offset: disabled [ 53.029855][ T8028] Rebooting in 86400 seconds..