Warning: Permanently added '10.128.0.85' (ECDSA) to the list of known hosts. 2018/12/25 18:57:24 parsed 1 programs 2018/12/25 18:57:26 executed programs: 0 syzkaller login: [ 121.432872] IPVS: ftp: loaded support on port[0] = 21 [ 121.696534] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.703286] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.710500] device bridge_slave_0 entered promiscuous mode [ 121.729267] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.736124] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.743028] device bridge_slave_1 entered promiscuous mode [ 121.760875] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 121.779280] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 121.831527] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 121.851870] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 121.932766] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 121.940123] team0: Port device team_slave_0 added [ 121.958077] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 121.965170] team0: Port device team_slave_1 added [ 121.983630] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 122.005879] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 122.026475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 122.046972] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 122.199625] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.206080] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.212896] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.219331] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.751915] 8021q: adding VLAN 0 to HW filter on device bond0 [ 122.804427] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 122.856005] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 122.862122] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 122.870410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 122.922625] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.511356] ================================================================== [ 123.518859] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x790 [ 123.525517] Write of size 72 at addr ffff8881d8547b80 by task syz-executor0/8181 [ 123.533042] [ 123.534686] CPU: 0 PID: 8181 Comm: syz-executor0 Not tainted 4.20.0 #166 [ 123.541511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 123.550847] Call Trace: [ 123.553423] dump_stack+0x1d3/0x2c6 [ 123.557035] ? dump_stack_print_info.cold.1+0x20/0x20 [ 123.562214] ? printk+0xa7/0xcf [ 123.565499] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 123.570256] ? ksys_dup3+0x680/0x680 [ 123.573960] print_address_description.cold.8+0x9/0x1ff [ 123.579313] kasan_report.cold.9+0x242/0x309 [ 123.583728] ? ax25_getname+0x58/0x790 [ 123.587603] check_memory_region+0x13e/0x1b0 [ 123.592030] memset+0x23/0x40 [ 123.595126] ax25_getname+0x58/0x790 [ 123.598845] vhost_net_ioctl+0x139c/0x1bf0 [ 123.603070] ? vhost_net_buf_peek+0xa30/0xa30 [ 123.607569] ? rcu_read_unlock_special+0x1d0/0x1d0 [ 123.612487] ? smk_access+0x53b/0x700 [ 123.616287] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 123.621552] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 123.627072] ? smack_log+0x423/0x590 [ 123.630773] ? smk_access_entry+0x310/0x310 [ 123.635081] ? __fget+0x4d1/0x740 [ 123.638525] ? smk_tskacc+0x3dd/0x520 [ 123.642312] ? smack_privileged+0xd0/0xd0 [ 123.646445] ? arch_local_save_flags+0x40/0x40 [ 123.651015] ? vhost_net_buf_peek+0xa30/0xa30 [ 123.655505] do_vfs_ioctl+0x1de/0x1790 [ 123.659402] ? ioctl_preallocate+0x300/0x300 [ 123.663795] ? smk_curacc+0x7f/0xa0 [ 123.667415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 123.672938] ? smack_file_ioctl+0x210/0x3c0 [ 123.677247] ? fget_raw+0x20/0x20 [ 123.680682] ? smack_file_lock+0x2e0/0x2e0 [ 123.684908] ? do_syscall_64+0x9a/0x820 [ 123.688871] ? do_syscall_64+0x9a/0x820 [ 123.692833] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 123.698362] ? security_file_ioctl+0x94/0xc0 [ 123.702809] ksys_ioctl+0xa9/0xd0 [ 123.706258] __x64_sys_ioctl+0x73/0xb0 [ 123.710131] do_syscall_64+0x1b9/0x820 [ 123.714015] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 123.719377] ? syscall_return_slowpath+0x5e0/0x5e0 [ 123.724304] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 123.729149] ? trace_hardirqs_on_caller+0x310/0x310 [ 123.734151] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 123.739154] ? prepare_exit_to_usermode+0x291/0x3b0 [ 123.744157] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 123.748991] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 123.754174] RIP: 0033:0x457759 [ 123.757357] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 123.776239] RSP: 002b:00007f25cd3fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 123.783931] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457759 [ 123.791182] RDX: 0000000020f1dff8 RSI: 000000004008af30 RDI: 0000000000000004 [ 123.798436] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 123.805687] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f25cd3fc6d4 [ 123.812946] R13: 00000000004c1dd4 R14: 00000000004d40e0 R15: 00000000ffffffff [ 123.820205] [ 123.821813] The buggy address belongs to the page: [ 123.826735] page:ffffea00076151c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 123.834857] flags: 0x2fffc0000000000() [ 123.838740] raw: 02fffc0000000000 0000000000000000 ffffffff07610101 0000000000000000 [ 123.846620] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 123.854479] page dumped because: kasan: bad access detected [ 123.860171] [ 123.861796] Memory state around the buggy address: [ 123.866703] ffff8881d8547a80: 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 [ 123.874050] ffff8881d8547b00: 00 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2 f2 f2 f2 f2 [ 123.881390] >ffff8881d8547b80: 00 00 00 00 00 00 04 f2 00 00 00 00 00 00 00 00 [ 123.888733] ^ [ 123.893648] ffff8881d8547c00: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 [ 123.901000] ffff8881d8547c80: f2 f2 f2 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 [ 123.908334] ================================================================== [ 123.915673] Disabling lock debugging due to kernel taint [ 123.924294] Kernel panic - not syncing: panic_on_warn set ... [ 123.930209] CPU: 0 PID: 8181 Comm: syz-executor0 Tainted: G B 4.20.0 #166 [ 123.938413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 123.947743] Call Trace: [ 123.950317] dump_stack+0x1d3/0x2c6 [ 123.953928] ? dump_stack_print_info.cold.1+0x20/0x20 [ 123.959109] panic+0x2ad/0x55c [ 123.962290] ? add_taint.cold.5+0x16/0x16 [ 123.966418] ? preempt_schedule+0x4d/0x60 [ 123.970546] ? ___preempt_schedule+0x16/0x18 [ 123.974936] ? trace_hardirqs_on+0xb4/0x310 [ 123.979241] kasan_end_report+0x47/0x4f [ 123.983198] kasan_report.cold.9+0x76/0x309 [ 123.987511] ? ax25_getname+0x58/0x790 [ 123.991410] check_memory_region+0x13e/0x1b0 [ 123.995804] memset+0x23/0x40 [ 123.998908] ax25_getname+0x58/0x790 [ 124.002610] vhost_net_ioctl+0x139c/0x1bf0 [ 124.006834] ? vhost_net_buf_peek+0xa30/0xa30 [ 124.011311] ? rcu_read_unlock_special+0x1d0/0x1d0 [ 124.016225] ? smk_access+0x53b/0x700 [ 124.020024] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 124.025288] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 124.030820] ? smack_log+0x423/0x590 [ 124.034513] ? smk_access_entry+0x310/0x310 [ 124.038815] ? __fget+0x4d1/0x740 [ 124.042253] ? smk_tskacc+0x3dd/0x520 [ 124.046054] ? smack_privileged+0xd0/0xd0 [ 124.050184] ? arch_local_save_flags+0x40/0x40 [ 124.054761] ? vhost_net_buf_peek+0xa30/0xa30 [ 124.059245] do_vfs_ioctl+0x1de/0x1790 [ 124.063118] ? ioctl_preallocate+0x300/0x300 [ 124.067510] ? smk_curacc+0x7f/0xa0 [ 124.071122] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 124.076657] ? smack_file_ioctl+0x210/0x3c0 [ 124.080960] ? fget_raw+0x20/0x20 [ 124.084399] ? smack_file_lock+0x2e0/0x2e0 [ 124.088627] ? do_syscall_64+0x9a/0x820 [ 124.092583] ? do_syscall_64+0x9a/0x820 [ 124.096541] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 124.102060] ? security_file_ioctl+0x94/0xc0 [ 124.106448] ksys_ioctl+0xa9/0xd0 [ 124.109885] __x64_sys_ioctl+0x73/0xb0 [ 124.113754] do_syscall_64+0x1b9/0x820 [ 124.117626] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 124.122972] ? syscall_return_slowpath+0x5e0/0x5e0 [ 124.127904] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 124.132741] ? trace_hardirqs_on_caller+0x310/0x310 [ 124.137739] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 124.142751] ? prepare_exit_to_usermode+0x291/0x3b0 [ 124.147781] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 124.152619] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 124.157795] RIP: 0033:0x457759 [ 124.160971] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 124.179855] RSP: 002b:00007f25cd3fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 124.187557] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457759 [ 124.194819] RDX: 0000000020f1dff8 RSI: 000000004008af30 RDI: 0000000000000004 [ 124.202087] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 124.209338] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f25cd3fc6d4 [ 124.216605] R13: 00000000004c1dd4 R14: 00000000004d40e0 R15: 00000000ffffffff [ 124.224855] Kernel Offset: disabled [ 124.228477] Rebooting in 86400 seconds..