[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   64.153876][   T26] audit: type=1800 audit(1573874150.275:25): pid=9013 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   64.184955][   T26] audit: type=1800 audit(1573874150.275:26): pid=9013 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   64.251484][   T26] audit: type=1800 audit(1573874150.375:27): pid=9013 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts.
2019/11/16 03:16:01 parsed 1 programs
2019/11/16 03:16:03 executed programs: 0
syzkaller login: [   77.549371][ T9183] IPVS: ftp: loaded support on port[0] = 21
[   77.617998][ T9183] chnl_net:caif_netlink_parms(): no params data found
[   77.649584][ T9183] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.657809][ T9183] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.666859][ T9183] device bridge_slave_0 entered promiscuous mode
[   77.675789][ T9183] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.683089][ T9183] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.691449][ T9183] device bridge_slave_1 entered promiscuous mode
[   77.710552][ T9183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.721736][ T9183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.743011][ T9183] team0: Port device team_slave_0 added
[   77.750738][ T9183] team0: Port device team_slave_1 added
[   77.837234][ T9183] device hsr_slave_0 entered promiscuous mode
[   77.915269][ T9183] device hsr_slave_1 entered promiscuous mode
[   78.086886][ T9183] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.094180][ T9183] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.102463][ T9183] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.109637][ T9183] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.259242][ T9183] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.283178][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   78.318511][   T22] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.359124][   T22] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.377266][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   78.441395][ T9183] 8021q: adding VLAN 0 to HW filter on device team0
[   78.479506][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   78.489806][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.497001][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.560089][ T3339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   78.586972][ T3339] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.594091][ T3339] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.647950][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   78.659140][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   78.686241][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   78.711935][ T9183] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   78.736152][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   78.745957][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   78.754145][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   78.786267][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   78.813161][ T3339] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   78.822305][ T3339] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   78.840286][ T9183] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.947494][ T9272] ==================================================================
[   79.956107][ T9272] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x7a0
[   79.963624][ T9272] Write of size 72 at addr ffff8880949efc78 by task syz-executor.0/9272
[   79.972139][ T9272] 
[   79.974468][ T9272] CPU: 1 PID: 9272 Comm: syz-executor.0 Not tainted 5.4.0-rc7+ #0
[   79.982254][ T9272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   79.992307][ T9272] Call Trace:
[   79.995614][ T9272]  dump_stack+0x197/0x210
[   79.999936][ T9272]  ? ax25_getname+0x58/0x7a0
[   80.004518][ T9272]  print_address_description.constprop.0.cold+0xd4/0x30b
[   80.011542][ T9272]  ? ax25_getname+0x58/0x7a0
[   80.016127][ T9272]  ? ax25_getname+0x58/0x7a0
[   80.020708][ T9272]  __kasan_report.cold+0x1b/0x41
[   80.025655][ T9272]  ? ax25_getname+0x58/0x7a0
[   80.030258][ T9272]  kasan_report+0x12/0x20
[   80.034588][ T9272]  check_memory_region+0x134/0x1a0
[   80.039708][ T9272]  memset+0x24/0x40
[   80.043510][ T9272]  ax25_getname+0x58/0x7a0
[   80.047918][ T9272]  ? fget+0x20/0x30
[   80.051729][ T9272]  vhost_net_ioctl+0x120a/0x1960
[   80.056661][ T9272]  ? vhost_zerocopy_callback+0x300/0x300
[   80.062297][ T9272]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   80.068100][ T9272]  ? vhost_zerocopy_callback+0x300/0x300
[   80.073722][ T9272]  do_vfs_ioctl+0xdb6/0x13e0
[   80.078494][ T9272]  ? ioctl_preallocate+0x210/0x210
[   80.083637][ T9272]  ? __fget+0x384/0x560
[   80.087801][ T9272]  ? ksys_dup3+0x3e0/0x3e0
[   80.092206][ T9272]  ? nsecs_to_jiffies+0x30/0x30
[   80.097051][ T9272]  ? tomoyo_file_ioctl+0x23/0x30
[   80.101976][ T9272]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   80.108222][ T9272]  ? security_file_ioctl+0x8d/0xc0
[   80.113338][ T9272]  ksys_ioctl+0xab/0xd0
[   80.117499][ T9272]  __x64_sys_ioctl+0x73/0xb0
[   80.122086][ T9272]  do_syscall_64+0xfa/0x760
[   80.126596][ T9272]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   80.132515][ T9272] RIP: 0033:0x45a669
[   80.136492][ T9272] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   80.156087][ T9272] RSP: 002b:00007f2d69016c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   80.164488][ T9272] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a669
[   80.172477][ T9272] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000003
[   80.180589][ T9272] RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000
[   80.188917][ T9272] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2d690176d4
[   80.197055][ T9272] R13: 00000000004c5b58 R14: 00000000004dabb8 R15: 00000000ffffffff
[   80.205058][ T9272] 
[   80.207381][ T9272] The buggy address belongs to the page:
[   80.213035][ T9272] page:ffffea0002527bc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   80.222145][ T9272] flags: 0x1fffc0000000000()
[   80.226740][ T9272] raw: 01fffc0000000000 0000000000000000 ffffffff02520101 0000000000000000
[   80.235316][ T9272] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   80.244576][ T9272] page dumped because: kasan: bad access detected
[   80.250973][ T9272] 
[   80.253291][ T9272] addr ffff8880949efc78 is located in stack of task syz-executor.0/9272 at offset 128 in frame:
[   80.263869][ T9272]  vhost_net_ioctl+0x0/0x1960
[   80.268528][ T9272] 
[   80.270845][ T9272] this frame has 4 objects:
[   80.275327][ T9272]  [48, 52) 'r'
[   80.275332][ T9272]  [64, 72) 'features'
[   80.278768][ T9272]  [96, 104) 'backend'
[   80.282813][ T9272]  [128, 180) 'uaddr'
[   80.286873][ T9272] 
[   80.293249][ T9272] Memory state around the buggy address:
[   80.300145][ T9272]  ffff8880949efb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[   80.308219][ T9272]  ffff8880949efc00: f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 f2 f2 f2 00
[   80.316290][ T9272] >ffff8880949efc80: 00 00 00 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00
[   80.324337][ T9272]                                   ^
[   80.329693][ T9272]  ffff8880949efd00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[   80.337751][ T9272]  ffff8880949efd80: 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 00
[   80.345796][ T9272] ==================================================================
[   80.353868][ T9272] Disabling lock debugging due to kernel taint
[   80.364455][ T9272] Kernel panic - not syncing: panic_on_warn set ...
[   80.371084][ T9272] CPU: 1 PID: 9272 Comm: syz-executor.0 Tainted: G    B             5.4.0-rc7+ #0
[   80.380263][ T9272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   80.390316][ T9272] Call Trace:
[   80.393689][ T9272]  dump_stack+0x197/0x210
[   80.398126][ T9272]  panic+0x2e3/0x75c
[   80.402036][ T9272]  ? add_taint.cold+0x16/0x16
[   80.406708][ T9272]  ? ax25_getname+0x58/0x7a0
[   80.411286][ T9272]  ? preempt_schedule+0x4b/0x60
[   80.416311][ T9272]  ? ___preempt_schedule+0x16/0x20
[   80.421420][ T9272]  ? trace_hardirqs_on+0x5e/0x240
[   80.426548][ T9272]  ? ax25_getname+0x58/0x7a0
[   80.431238][ T9272]  end_report+0x47/0x4f
[   80.435582][ T9272]  ? ax25_getname+0x58/0x7a0
[   80.440452][ T9272]  __kasan_report.cold+0xe/0x41
[   80.445310][ T9272]  ? ax25_getname+0x58/0x7a0
[   80.449897][ T9272]  kasan_report+0x12/0x20
[   80.454251][ T9272]  check_memory_region+0x134/0x1a0
[   80.459385][ T9272]  memset+0x24/0x40
[   80.463206][ T9272]  ax25_getname+0x58/0x7a0
[   80.467633][ T9272]  ? fget+0x20/0x30
[   80.471435][ T9272]  vhost_net_ioctl+0x120a/0x1960
[   80.476376][ T9272]  ? vhost_zerocopy_callback+0x300/0x300
[   80.482023][ T9272]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   80.487842][ T9272]  ? vhost_zerocopy_callback+0x300/0x300
[   80.493646][ T9272]  do_vfs_ioctl+0xdb6/0x13e0
[   80.498238][ T9272]  ? ioctl_preallocate+0x210/0x210
[   80.503353][ T9272]  ? __fget+0x384/0x560
[   80.507515][ T9272]  ? ksys_dup3+0x3e0/0x3e0
[   80.511919][ T9272]  ? nsecs_to_jiffies+0x30/0x30
[   80.516761][ T9272]  ? tomoyo_file_ioctl+0x23/0x30
[   80.521743][ T9272]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   80.528018][ T9272]  ? security_file_ioctl+0x8d/0xc0
[   80.533128][ T9272]  ksys_ioctl+0xab/0xd0
[   80.537283][ T9272]  __x64_sys_ioctl+0x73/0xb0
[   80.541869][ T9272]  do_syscall_64+0xfa/0x760
[   80.546374][ T9272]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   80.552272][ T9272] RIP: 0033:0x45a669
[   80.556162][ T9272] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   80.575852][ T9272] RSP: 002b:00007f2d69016c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   80.584361][ T9272] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a669
[   80.592503][ T9272] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000003
[   80.600467][ T9272] RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000
[   80.608434][ T9272] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2d690176d4
[   80.616409][ T9272] R13: 00000000004c5b58 R14: 00000000004dabb8 R15: 00000000ffffffff
[   80.626039][ T9272] Kernel Offset: disabled
[   80.630433][ T9272] Rebooting in 86400 seconds..