[   32.573069] audit: type=1800 audit(1550165683.234:27): pid=7224 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   32.592997] audit: type=1800 audit(1550165683.244:28): pid=7224 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   33.675911] audit: type=1800 audit(1550165684.404:29): pid=7224 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   33.695995] audit: type=1800 audit(1550165684.404:30): pid=7224 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.82' (ECDSA) to the list of known hosts.
2019/02/14 17:34:55 parsed 1 programs
2019/02/14 17:34:57 executed programs: 0
syzkaller login: [   46.726956] IPVS: ftp: loaded support on port[0] = 21
[   46.782368] chnl_net:caif_netlink_parms(): no params data found
[   46.812004] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.818867] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.825887] device bridge_slave_0 entered promiscuous mode
[   46.832829] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.839190] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.846699] device bridge_slave_1 entered promiscuous mode
[   46.861468] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   46.870517] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   46.887073] team0: Port device team_slave_0 added
[   46.893053] team0: Port device team_slave_1 added
[   46.945009] device hsr_slave_0 entered promiscuous mode
[   47.012925] device hsr_slave_1 entered promiscuous mode
[   47.069266] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.075872] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.083015] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.089483] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.115323] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.125404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   47.145139] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.151977] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.160450] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   47.170102] 8021q: adding VLAN 0 to HW filter on device team0
[   47.178073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   47.185916] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.192250] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.200820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   47.209009] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.215382] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.233934] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   47.241537] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   47.249253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   47.257278] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   47.266555] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   47.276080] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   47.290258] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.339800] ==================================================================
[   47.347427] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x7a0
[   47.354068] Write of size 72 at addr ffff88808d327c78 by task syz-executor.0/7400
[   47.361776] 
[   47.363387] CPU: 0 PID: 7400 Comm: syz-executor.0 Not tainted 5.0.0-rc6+ #71
[   47.370563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.379898] Call Trace:
[   47.382509]  dump_stack+0x172/0x1f0
[   47.386145]  ? ax25_getname+0x58/0x7a0
[   47.390042]  print_address_description.cold+0x7c/0x20d
[   47.395323]  ? ax25_getname+0x58/0x7a0
[   47.399207]  ? ax25_getname+0x58/0x7a0
[   47.403088]  kasan_report.cold+0x1b/0x40
[   47.407140]  ? ax25_getname+0x58/0x7a0
[   47.411029]  check_memory_region+0x123/0x190
[   47.415454]  memset+0x24/0x40
[   47.418569]  ax25_getname+0x58/0x7a0
[   47.422268]  ? fget+0x1b/0x20
[   47.425364]  vhost_net_ioctl+0x120f/0x1900
[   47.429684]  ? vhost_net_buf_peek+0x840/0x840
[   47.434347]  ? __fget+0x340/0x540
[   47.437799]  ? find_held_lock+0x35/0x130
[   47.441837]  ? __fget+0x340/0x540
[   47.445280]  ? vhost_net_buf_peek+0x840/0x840
[   47.449761]  do_vfs_ioctl+0xd6e/0x1390
[   47.453635]  ? ioctl_preallocate+0x210/0x210
[   47.458023]  ? __fget+0x367/0x540
[   47.461458]  ? iterate_fd+0x360/0x360
[   47.477929]  ? nsecs_to_jiffies+0x30/0x30
[   47.482069]  ? security_file_ioctl+0x93/0xc0
[   47.486459]  ksys_ioctl+0xab/0xd0
[   47.489894]  __x64_sys_ioctl+0x73/0xb0
[   47.493767]  do_syscall_64+0x103/0x610
[   47.497637]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.502953] RIP: 0033:0x457e29
[   47.506139] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   47.525024] RSP: 002b:00007feebc7b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   47.532717] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29
[   47.540124] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000004
[   47.547391] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[   47.554642] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feebc7b66d4
[   47.561901] R13: 00000000004c2673 R14: 00000000004d5050 R15: 00000000ffffffff
[   47.569156] 
[   47.570760] The buggy address belongs to the page:
[   47.575670] page:ffffea000234c9c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   47.584022] flags: 0x1fffc0000000000()
[   47.587891] raw: 01fffc0000000000 0000000000000000 ffffffff02340101 0000000000000000
[   47.595760] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   47.603612] page dumped because: kasan: bad access detected
[   47.609294] 
[   47.610900] Memory state around the buggy address:
[   47.615804]  ffff88808d327b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[   47.623400]  ffff88808d327c00: f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 f2 f2 f2 00
[   47.630734] >ffff88808d327c80: 00 00 00 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00
[   47.638067]                                   ^
[   47.642716]  ffff88808d327d00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[   47.650075]  ffff88808d327d80: 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 00
[   47.657415] ==================================================================
[   47.664748] Disabling lock debugging due to kernel taint
[   47.671943] Kernel panic - not syncing: panic_on_warn set ...
[   47.677923] CPU: 0 PID: 7400 Comm: syz-executor.0 Tainted: G    B             5.0.0-rc6+ #71
[   47.686539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.695883] Call Trace:
[   47.698477]  dump_stack+0x172/0x1f0
[   47.702091]  panic+0x2cb/0x65c
[   47.705263]  ? __warn_printk+0xf3/0xf3
[   47.709333]  ? ax25_getname+0x58/0x7a0
[   47.713204]  ? preempt_schedule+0x4b/0x60
[   47.717338]  ? ___preempt_schedule+0x16/0x18
[   47.721727]  ? trace_hardirqs_on+0x5e/0x230
[   47.726033]  ? ax25_getname+0x58/0x7a0
[   47.729906]  end_report+0x47/0x4f
[   47.733473]  ? ax25_getname+0x58/0x7a0
[   47.737351]  kasan_report.cold+0xe/0x40
[   47.741304]  ? ax25_getname+0x58/0x7a0
[   47.745402]  check_memory_region+0x123/0x190
[   47.749941]  memset+0x24/0x40
[   47.753031]  ax25_getname+0x58/0x7a0
[   47.756949]  ? fget+0x1b/0x20
[   47.760231]  vhost_net_ioctl+0x120f/0x1900
[   47.764452]  ? vhost_net_buf_peek+0x840/0x840
[   47.768931]  ? __fget+0x340/0x540
[   47.772362]  ? find_held_lock+0x35/0x130
[   47.776411]  ? __fget+0x340/0x540
[   47.779995]  ? vhost_net_buf_peek+0x840/0x840
[   47.784471]  do_vfs_ioctl+0xd6e/0x1390
[   47.788336]  ? ioctl_preallocate+0x210/0x210
[   47.792728]  ? __fget+0x367/0x540
[   47.796162]  ? iterate_fd+0x360/0x360
[   47.799940]  ? nsecs_to_jiffies+0x30/0x30
[   47.804077]  ? security_file_ioctl+0x93/0xc0
[   47.808465]  ksys_ioctl+0xab/0xd0
[   47.811900]  __x64_sys_ioctl+0x73/0xb0
[   47.815764]  do_syscall_64+0x103/0x610
[   47.819629]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.825019] RIP: 0033:0x457e29
[   47.828236] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   47.847207] RSP: 002b:00007feebc7b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   47.854896] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29
[   47.862341] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000004
[   47.869733] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[   47.876984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feebc7b66d4
[   47.884400] R13: 00000000004c2673 R14: 00000000004d5050 R15: 00000000ffffffff
[   47.892930] Kernel Offset: disabled
[   47.896556] Rebooting in 86400 seconds..