[ 34.251623][ T27] audit: type=1800 audit(1556091177.884:27): pid=7352 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[ 34.320995][ T27] audit: type=1800 audit(1556091178.004:28): pid=7352 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 35.106228][ T27] audit: type=1800 audit(1556091178.784:29): pid=7352 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[ 35.130879][ T27] audit: type=1800 audit(1556091178.784:30): pid=7352 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.10.46' (ECDSA) to the list of known hosts.
2019/04/24 07:33:09 parsed 1 programs
2019/04/24 07:33:11 executed programs: 0
syzkaller login: [ 48.324019][ T7519] IPVS: ftp: loaded support on port[0] = 21
[ 48.386740][ T7519] chnl_net:caif_netlink_parms(): no params data found
[ 48.416157][ T7519] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.423835][ T7519] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.431638][ T7519] device bridge_slave_0 entered promiscuous mode
[ 48.440170][ T7519] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.447237][ T7519] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.455026][ T7519] device bridge_slave_1 entered promiscuous mode
[ 48.469607][ T7519] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 48.479106][ T7519] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 48.495152][ T7519] team0: Port device team_slave_0 added
[ 48.512048][ T7519] team0: Port device team_slave_1 added
[ 48.590489][ T7519] device hsr_slave_0 entered promiscuous mode
[ 48.659243][ T7519] device hsr_slave_1 entered promiscuous mode
[ 48.735385][ T7519] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.742770][ T7519] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.750588][ T7519] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.757757][ T7519] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 48.785667][ T7519] 8021q: adding VLAN 0 to HW filter on device bond0
[ 48.797806][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 48.817995][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.826237][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.834899][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 48.846532][ T7519] 8021q: adding VLAN 0 to HW filter on device team0
[ 48.856328][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 48.865080][ T2952] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.872178][ T2952] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 48.889815][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 48.898131][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.905207][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.913102][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 48.921561][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 48.933084][ T7521] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 48.940837][ T7521] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 48.951511][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 48.961449][ T7519] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 48.976461][ T7519] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 49.591559][ T7563] ==================================================================
[ 49.599800][ T7563] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x7a0
[ 49.607152][ T7563] Write of size 72 at addr ffff888088d87c78 by task syz-executor.0/7563
[ 49.615461][ T7563]
[ 49.617774][ T7563] CPU: 0 PID: 7563 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #82
[ 49.625642][ T7563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 49.635810][ T7563] Call Trace:
[ 49.639091][ T7563] dump_stack+0x172/0x1f0
[ 49.643552][ T7563] ? ax25_getname+0x58/0x7a0
[ 49.648284][ T7563] print_address_description.cold+0x7c/0x20d
[ 49.654305][ T7563] ? ax25_getname+0x58/0x7a0
[ 49.658885][ T7563] ? ax25_getname+0x58/0x7a0
[ 49.663472][ T7563] kasan_report.cold+0x1b/0x40
[ 49.668219][ T7563] ? ax25_getname+0x58/0x7a0
[ 49.672805][ T7563] check_memory_region+0x123/0x190
[ 49.677895][ T7563] memset+0x24/0x40
[ 49.681689][ T7563] ax25_getname+0x58/0x7a0
[ 49.686086][ T7563] ? fget+0x20/0x30
[ 49.689963][ T7563] vhost_net_ioctl+0x120f/0x1900
[ 49.694880][ T7563] ? vhost_zerocopy_callback+0x300/0x300
[ 49.700503][ T7563] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 49.706300][ T7563] ? __fget+0x35a/0x550
[ 49.710449][ T7563] ? vhost_zerocopy_callback+0x300/0x300
[ 49.716064][ T7563] do_vfs_ioctl+0xd6e/0x1390
[ 49.720637][ T7563] ? ioctl_preallocate+0x210/0x210
[ 49.725723][ T7563] ? __fget+0x381/0x550
[ 49.730033][ T7563] ? ksys_dup3+0x3e0/0x3e0
[ 49.734459][ T7563] ? nsecs_to_jiffies+0x30/0x30
[ 49.739420][ T7563] ? tomoyo_file_ioctl+0x23/0x30
[ 49.744343][ T7563] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 49.750821][ T7563] ? security_file_ioctl+0x93/0xc0
[ 49.755914][ T7563] ksys_ioctl+0xab/0xd0
[ 49.760116][ T7563] __x64_sys_ioctl+0x73/0xb0
[ 49.764793][ T7563] do_syscall_64+0x103/0x610
[ 49.769377][ T7563] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 49.775254][ T7563] RIP: 0033:0x458c39
[ 49.779137][ T7563] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 49.798731][ T7563] RSP: 002b:00007efce23fac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 49.807291][ T7563] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c39
[ 49.815250][ T7563] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000003
[ 49.823207][ T7563] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[ 49.831162][ T7563] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efce23fb6d4
[ 49.839111][ T7563] R13: 00000000004c3657 R14: 00000000004d6b30 R15: 00000000ffffffff
[ 49.847070][ T7563]
[ 49.849374][ T7563] The buggy address belongs to the page:
[ 49.854981][ T7563] page:ffffea00022361c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 49.863812][ T7563] flags: 0x1fffc0000000000()
[ 49.868383][ T7563] raw: 01fffc0000000000 0000000000000000 ffffffff02230101 0000000000000000
[ 49.876954][ T7563] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 49.885784][ T7563] page dumped because: kasan: bad access detected
[ 49.892225][ T7563]
[ 49.894545][ T7563] Memory state around the buggy address:
[ 49.900263][ T7563] ffff888088d87b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[ 49.908310][ T7563] ffff888088d87c00: f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 f2 f2 f2 00
[ 49.916355][ T7563] >ffff888088d87c80: 00 00 00 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00
[ 49.924413][ T7563] ^
[ 49.929779][ T7563] ffff888088d87d00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[ 49.937830][ T7563] ffff888088d87d80: 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 00
[ 49.945880][ T7563] ==================================================================
[ 49.953915][ T7563] Disabling lock debugging due to kernel taint
[ 49.961464][ T7563] Kernel panic - not syncing: panic_on_warn set ...
[ 49.968042][ T7563] CPU: 0 PID: 7563 Comm: syz-executor.0 Tainted: G B 5.1.0-rc6+ #82
[ 49.977319][ T7563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 49.987407][ T7563] Call Trace:
[ 49.990699][ T7563] dump_stack+0x172/0x1f0
[ 49.995023][ T7563] panic+0x2cb/0x65c
[ 49.998933][ T7563] ? __warn_printk+0xf3/0xf3
[ 50.003511][ T7563] ? ax25_getname+0x58/0x7a0
[ 50.008078][ T7563] ? preempt_schedule+0x4b/0x60
[ 50.012918][ T7563] ? ___preempt_schedule+0x16/0x18
[ 50.018008][ T7563] ? trace_hardirqs_on+0x5e/0x230
[ 50.023009][ T7563] ? ax25_getname+0x58/0x7a0
[ 50.027575][ T7563] end_report+0x47/0x4f
[ 50.031708][ T7563] ? ax25_getname+0x58/0x7a0
[ 50.036389][ T7563] kasan_report.cold+0xe/0x40
[ 50.041052][ T7563] ? ax25_getname+0x58/0x7a0
[ 50.045622][ T7563] check_memory_region+0x123/0x190
[ 50.050722][ T7563] memset+0x24/0x40
[ 50.054516][ T7563] ax25_getname+0x58/0x7a0
[ 50.058910][ T7563] ? fget+0x20/0x30
[ 50.062833][ T7563] vhost_net_ioctl+0x120f/0x1900
[ 50.067869][ T7563] ? vhost_zerocopy_callback+0x300/0x300
[ 50.073490][ T7563] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 50.079276][ T7563] ? __fget+0x35a/0x550
[ 50.083422][ T7563] ? vhost_zerocopy_callback+0x300/0x300
[ 50.089042][ T7563] do_vfs_ioctl+0xd6e/0x1390
[ 50.093621][ T7563] ? ioctl_preallocate+0x210/0x210
[ 50.098856][ T7563] ? __fget+0x381/0x550
[ 50.103006][ T7563] ? ksys_dup3+0x3e0/0x3e0
[ 50.107401][ T7563] ? nsecs_to_jiffies+0x30/0x30
[ 50.112244][ T7563] ? tomoyo_file_ioctl+0x23/0x30
[ 50.117169][ T7563] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 50.123388][ T7563] ? security_file_ioctl+0x93/0xc0
[ 50.128493][ T7563] ksys_ioctl+0xab/0xd0
[ 50.132682][ T7563] __x64_sys_ioctl+0x73/0xb0
[ 50.137265][ T7563] do_syscall_64+0x103/0x610
[ 50.141842][ T7563] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 50.147710][ T7563] RIP: 0033:0x458c39
[ 50.151673][ T7563] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 50.171291][ T7563] RSP: 002b:00007efce23fac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 50.179735][ T7563] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c39
[ 50.187696][ T7563] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000003
[ 50.195669][ T7563] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[ 50.203615][ T7563] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efce23fb6d4
[ 50.211562][ T7563] R13: 00000000004c3657 R14: 00000000004d6b30 R15: 00000000ffffffff
[ 50.220479][ T7563] Kernel Offset: disabled
[ 50.224853][ T7563] Rebooting in 86400 seconds..