Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 105.093770][ T27] audit: type=1400 audit(1582015331.977:37): avc: denied { watch } for pid=10659 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 108.262113][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 108.262128][ T27] audit: type=1400 audit(1582015335.147:41): avc: denied { map } for pid=10741 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. executing program [ 115.068546][ T27] audit: type=1400 audit(1582015341.947:42): avc: denied { map } for pid=10753 comm="syz-executor973" path="/root/syz-executor973671981" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 115.100981][T10753] ================================================================== [ 115.109286][T10753] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x7a0 [ 115.116654][T10753] Write of size 72 at addr ffffc900020c7e00 by task syz-executor973/10753 [ 115.125400][T10753] [ 115.127721][T10753] CPU: 1 PID: 10753 Comm: syz-executor973 Not tainted 5.6.0-rc2-syzkaller #0 [ 115.136473][T10753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.146539][T10753] Call Trace: [ 115.149830][T10753] dump_stack+0x197/0x210 [ 115.154158][T10753] ? ax25_getname+0x58/0x7a0 [ 115.158755][T10753] print_address_description.constprop.0.cold+0x5/0x30b [ 115.165828][T10753] ? ax25_getname+0x58/0x7a0 [ 115.170446][T10753] ? ax25_getname+0x58/0x7a0 [ 115.175028][T10753] __kasan_report.cold+0x1b/0x32 [ 115.179965][T10753] ? ax25_getname+0x58/0x7a0 [ 115.184559][T10753] kasan_report+0x12/0x20 [ 115.188889][T10753] check_memory_region+0x134/0x1a0 [ 115.194001][T10753] memset+0x24/0x40 [ 115.197805][T10753] ax25_getname+0x58/0x7a0 [ 115.202219][T10753] ? fget+0x4f/0x60 [ 115.206033][T10753] vhost_net_ioctl+0x1213/0x1960 [ 115.211024][T10753] ? vhost_zerocopy_callback+0x2f0/0x2f0 [ 115.216679][T10753] ? __kasan_check_write+0x14/0x20 [ 115.221924][T10753] ? up_read+0x1cd/0x810 [ 115.226175][T10753] ? tomoyo_file_ioctl+0x23/0x30 [ 115.231112][T10753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 115.237352][T10753] ? security_file_ioctl+0x8d/0xc0 [ 115.242454][T10753] ? vhost_zerocopy_callback+0x2f0/0x2f0 [ 115.248136][T10753] ksys_ioctl+0x123/0x180 [ 115.252527][T10753] __x64_sys_ioctl+0x73/0xb0 [ 115.257174][T10753] do_syscall_64+0xfa/0x790 [ 115.261780][T10753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 115.267658][T10753] RIP: 0033:0x440259 [ 115.271657][T10753] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 115.291285][T10753] RSP: 002b:00007fffb9862cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 115.299693][T10753] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259 [ 115.307797][T10753] RDX: 0000000020f1dff8 RSI: 000000004008af30 RDI: 0000000000000003 [ 115.315868][T10753] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 115.323845][T10753] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401ae0 [ 115.332344][T10753] R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000 [ 115.340324][T10753] [ 115.342784][T10753] [ 115.345108][T10753] addr ffffc900020c7e00 is located in stack of task syz-executor973/10753 at offset 128 in frame: [ 115.355728][T10753] vhost_net_ioctl+0x0/0x1960 [ 115.360491][T10753] [ 115.362865][T10753] this frame has 4 objects: [ 115.367465][T10753] [48, 52) 'r' [ 115.367470][T10753] [64, 72) 'features' [ 115.370926][T10753] [96, 104) 'backend' [ 115.374993][T10753] [128, 180) 'uaddr' [ 115.379039][T10753] [ 115.385336][T10753] Memory state around the buggy address: [ 115.390967][T10753] ffffc900020c7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 115.399128][T10753] ffffc900020c7d80: f1 f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 f2 f2 f2 [ 115.407187][T10753] >ffffc900020c7e00: 00 00 00 00 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 [ 115.415243][T10753] ^ [ 115.420905][T10753] ffffc900020c7e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 115.428962][T10753] ffffc900020c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 115.437052][T10753] ================================================================== [ 115.445149][T10753] Disabling lock debugging due to kernel taint [ 115.452143][T10753] Kernel panic - not syncing: panic_on_warn set ... [ 115.458808][T10753] CPU: 1 PID: 10753 Comm: syz-executor973 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 115.469069][T10753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.479376][T10753] Call Trace: [ 115.482689][T10753] dump_stack+0x197/0x210 [ 115.487020][T10753] panic+0x2e3/0x75c [ 115.490953][T10753] ? add_taint.cold+0x16/0x16 [ 115.495616][T10753] ? ax25_getname+0x58/0x7a0 [ 115.500213][T10753] ? preempt_schedule+0x4b/0x60 [ 115.505105][T10753] ? ___preempt_schedule+0x16/0x18 [ 115.510283][T10753] ? trace_hardirqs_on+0x5e/0x240 [ 115.515339][T10753] ? ax25_getname+0x58/0x7a0 [ 115.520080][T10753] end_report+0x47/0x4f [ 115.524325][T10753] ? ax25_getname+0x58/0x7a0 [ 115.528923][T10753] __kasan_report.cold+0xe/0x32 [ 115.533826][T10753] ? ax25_getname+0x58/0x7a0 [ 115.538455][T10753] kasan_report+0x12/0x20 [ 115.542882][T10753] check_memory_region+0x134/0x1a0 [ 115.547977][T10753] memset+0x24/0x40 [ 115.551779][T10753] ax25_getname+0x58/0x7a0 [ 115.556243][T10753] ? fget+0x4f/0x60 [ 115.560097][T10753] vhost_net_ioctl+0x1213/0x1960 [ 115.566055][T10753] ? vhost_zerocopy_callback+0x2f0/0x2f0 [ 115.571705][T10753] ? __kasan_check_write+0x14/0x20 [ 115.576928][T10753] ? up_read+0x1cd/0x810 [ 115.581194][T10753] ? tomoyo_file_ioctl+0x23/0x30 [ 115.586126][T10753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 115.592534][T10753] ? security_file_ioctl+0x8d/0xc0 [ 115.597700][T10753] ? vhost_zerocopy_callback+0x2f0/0x2f0 [ 115.603368][T10753] ksys_ioctl+0x123/0x180 [ 115.607711][T10753] __x64_sys_ioctl+0x73/0xb0 [ 115.612301][T10753] do_syscall_64+0xfa/0x790 [ 115.616854][T10753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 115.622861][T10753] RIP: 0033:0x440259 [ 115.626899][T10753] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 115.646611][T10753] RSP: 002b:00007fffb9862cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 115.655249][T10753] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259 [ 115.663232][T10753] RDX: 0000000020f1dff8 RSI: 000000004008af30 RDI: 0000000000000003 [ 115.671243][T10753] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 115.679268][T10753] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401ae0 [ 115.687247][T10753] R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000 [ 115.696928][T10753] Kernel Offset: disabled [ 115.701311][T10753] Rebooting in 86400 seconds..