[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   69.081928][   T27] audit: type=1800 audit(1578382450.264:25): pid=9431 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   69.101777][   T27] audit: type=1800 audit(1578382450.274:26): pid=9431 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   69.155716][   T27] audit: type=1800 audit(1578382450.274:27): pid=9431 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts.
2020/01/07 07:34:18 parsed 1 programs
2020/01/07 07:34:20 executed programs: 0
syzkaller login: [   79.586959][ T9603] IPVS: ftp: loaded support on port[0] = 21
[   79.652470][ T9603] chnl_net:caif_netlink_parms(): no params data found
[   79.684710][ T9603] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.692085][ T9603] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.700128][ T9603] device bridge_slave_0 entered promiscuous mode
[   79.708459][ T9603] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.715628][ T9603] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.723418][ T9603] device bridge_slave_1 entered promiscuous mode
[   79.740247][ T9603] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.751418][ T9603] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.771560][ T9603] team0: Port device team_slave_0 added
[   79.779384][ T9603] team0: Port device team_slave_1 added
[   79.855705][ T9603] device hsr_slave_0 entered promiscuous mode
[   79.893587][ T9603] device hsr_slave_1 entered promiscuous mode
[   79.987058][ T9603] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   80.035729][ T9603] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   80.076595][ T9603] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   80.135671][ T9603] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   80.195227][ T9603] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.202352][ T9603] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.210106][ T9603] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.217175][ T9603] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.256663][ T9603] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.270648][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   80.290389][   T26] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.308781][   T26] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.317498][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   80.330296][ T9603] 8021q: adding VLAN 0 to HW filter on device team0
[   80.341488][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   80.350270][ T2677] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.357369][ T2677] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.375108][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   80.384375][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.391418][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.412362][ T9603] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   80.423542][ T9603] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   80.435676][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   80.444667][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   80.452896][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   80.461610][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   80.469903][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   80.477865][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   80.499992][ T9603] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.507213][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   80.515493][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   80.533719][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   80.551222][ T9603] device veth0_vlan entered promiscuous mode
[   80.558724][ T9605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   80.567107][ T9605] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   80.574821][ T9605] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   80.587083][ T9603] device veth1_vlan entered promiscuous mode
[   80.644237][ T9605] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   80.652310][ T9605] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   80.734374][ T9608] ==================================================================
[   80.742632][ T9608] BUG: KASAN: slab-out-of-bounds in macvlan_broadcast+0x547/0x620
[   80.750426][ T9608] Read of size 4 at addr ffff88809e2b5801 by task syz-executor.0/9608
[   80.758547][ T9608] 
[   80.760873][ T9608] CPU: 0 PID: 9608 Comm: syz-executor.0 Not tainted 5.5.0-rc5-syzkaller #0
[   80.769433][ T9608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   80.779465][ T9608] Call Trace:
[   80.782738][ T9608]  dump_stack+0x197/0x210
[   80.787054][ T9608]  ? macvlan_broadcast+0x547/0x620
[   80.792150][ T9608]  print_address_description.constprop.0.cold+0xd4/0x30b
[   80.799149][ T9608]  ? macvlan_broadcast+0x547/0x620
[   80.804264][ T9608]  ? macvlan_broadcast+0x547/0x620
[   80.809407][ T9608]  __kasan_report.cold+0x1b/0x41
[   80.814373][ T9608]  ? validate_xmit_xfrm+0x3d0/0xf10
[   80.819564][ T9608]  ? macvlan_broadcast+0x547/0x620
[   80.824671][ T9608]  kasan_report+0x12/0x20
[   80.828984][ T9608]  __asan_report_load_n_noabort+0xf/0x20
[   80.834601][ T9608]  macvlan_broadcast+0x547/0x620
[   80.839627][ T9608]  ? validate_xmit_skb+0x81f/0xe50
[   80.844735][ T9608]  macvlan_start_xmit+0x402/0x77f
[   80.849799][ T9608]  dev_direct_xmit+0x419/0x630
[   80.854552][ T9608]  ? __check_heap_object+0x51/0xb3
[   80.859660][ T9608]  ? validate_xmit_skb_list+0x150/0x150
[   80.865195][ T9608]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   80.871422][ T9608]  ? netdev_pick_tx+0x14e/0xb00
[   80.876271][ T9608]  packet_direct_xmit+0x1a9/0x250
[   80.881283][ T9608]  packet_sendmsg+0x260d/0x6220
[   80.886162][ T9608]  ? ___might_sleep+0x163/0x2c0
[   80.891058][ T9608]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   80.897341][ T9608]  ? aa_label_sk_perm+0x91/0xf0
[   80.902241][ T9608]  ? packet_notifier+0x880/0x880
[   80.907162][ T9608]  ? __kasan_check_read+0x11/0x20
[   80.912187][ T9608]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   80.917731][ T9608]  ? apparmor_socket_sendmsg+0x2a/0x30
[   80.923184][ T9608]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   80.929426][ T9608]  ? security_socket_sendmsg+0x8d/0xc0
[   80.934870][ T9608]  ? packet_notifier+0x880/0x880
[   80.939791][ T9608]  sock_sendmsg+0xd7/0x130
[   80.944229][ T9608]  __sys_sendto+0x262/0x380
[   80.948717][ T9608]  ? __ia32_sys_getpeername+0xb0/0xb0
[   80.954102][ T9608]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   80.960323][ T9608]  ? put_timespec64+0xda/0x140
[   80.965079][ T9608]  ? ns_to_kernel_old_timeval+0x100/0x100
[   80.970831][ T9608]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   80.976270][ T9608]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   80.981822][ T9608]  ? do_syscall_64+0x26/0x790
[   80.986481][ T9608]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   80.992527][ T9608]  __x64_sys_sendto+0xe1/0x1a0
[   80.997282][ T9608]  do_syscall_64+0xfa/0x790
[   81.001768][ T9608]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   81.007636][ T9608] RIP: 0033:0x45af49
[   81.011511][ T9608] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   81.031109][ T9608] RSP: 002b:0000000000a6fb78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   81.039502][ T9608] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045af49
[   81.047454][ T9608] RDX: 000000000000000e RSI: 0000000020000080 RDI: 0000000000000003
[   81.055406][ T9608] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   81.063375][ T9608] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000024d2914
[   81.071337][ T9608] R13: 00000000004ca8a7 R14: 00000000004e3ac0 R15: 00000000ffffffff
[   81.079299][ T9608] 
[   81.081609][ T9608] Allocated by task 9442:
[   81.085919][ T9608]  save_stack+0x23/0x90
[   81.090056][ T9608]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   81.095670][ T9608]  kasan_slab_alloc+0xf/0x20
[   81.100287][ T9608]  kmem_cache_alloc+0x121/0x710
[   81.105152][ T9608]  getname_flags+0xd6/0x5b0
[   81.109681][ T9608]  user_path_at_empty+0x2f/0x50
[   81.114507][ T9608]  vfs_statx+0x129/0x200
[   81.118726][ T9608]  __do_sys_newstat+0xa4/0x130
[   81.123475][ T9608]  __x64_sys_newstat+0x54/0x80
[   81.128219][ T9608]  do_syscall_64+0xfa/0x790
[   81.132712][ T9608]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   81.138585][ T9608] 
[   81.140906][ T9608] Freed by task 9442:
[   81.144869][ T9608]  save_stack+0x23/0x90
[   81.149013][ T9608]  __kasan_slab_free+0x102/0x150
[   81.153945][ T9608]  kasan_slab_free+0xe/0x10
[   81.158428][ T9608]  kmem_cache_free+0x86/0x320
[   81.163091][ T9608]  putname+0xef/0x130
[   81.167068][ T9608]  filename_lookup+0x28f/0x3f0
[   81.171816][ T9608]  user_path_at_empty+0x43/0x50
[   81.176648][ T9608]  vfs_statx+0x129/0x200
[   81.180887][ T9608]  __do_sys_newstat+0xa4/0x130
[   81.185645][ T9608]  __x64_sys_newstat+0x54/0x80
[   81.190403][ T9608]  do_syscall_64+0xfa/0x790
[   81.194889][ T9608]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   81.200755][ T9608] 
[   81.203081][ T9608] The buggy address belongs to the object at ffff88809e2b4180
[   81.203081][ T9608]  which belongs to the cache names_cache of size 4096
[   81.217230][ T9608] The buggy address is located 1665 bytes to the right of
[   81.217230][ T9608]  4096-byte region [ffff88809e2b4180, ffff88809e2b5180)
[   81.231179][ T9608] The buggy address belongs to the page:
[   81.236794][ T9608] page:ffffea000278ad00 refcount:1 mapcount:0 mapping:ffff8880aa5fda80 index:0x0 compound_mapcount: 0
[   81.247714][ T9608] raw: 00fffe0000010200 ffffea0002710b88 ffffea00025dc208 ffff8880aa5fda80
[   81.256280][ T9608] raw: 0000000000000000 ffff88809e2b4180 0000000100000001 0000000000000000
[   81.264882][ T9608] page dumped because: kasan: bad access detected
[   81.271267][ T9608] 
[   81.273573][ T9608] Memory state around the buggy address:
[   81.279185][ T9608]  ffff88809e2b5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.287240][ T9608]  ffff88809e2b5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.295322][ T9608] >ffff88809e2b5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.303359][ T9608]                    ^
[   81.307407][ T9608]  ffff88809e2b5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.315455][ T9608]  ffff88809e2b5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.323509][ T9608] ==================================================================
[   81.331548][ T9608] Disabling lock debugging due to kernel taint
[   81.337756][ T9608] Kernel panic - not syncing: panic_on_warn set ...
[   81.344346][ T9608] CPU: 0 PID: 9608 Comm: syz-executor.0 Tainted: G    B             5.5.0-rc5-syzkaller #0
[   81.354304][ T9608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   81.364337][ T9608] Call Trace:
[   81.367648][ T9608]  dump_stack+0x197/0x210
[   81.371997][ T9608]  panic+0x2e3/0x75c
[   81.375869][ T9608]  ? add_taint.cold+0x16/0x16
[   81.380525][ T9608]  ? trace_hardirqs_on+0x5e/0x240
[   81.385526][ T9608]  ? trace_hardirqs_on+0x5e/0x240
[   81.390543][ T9608]  ? macvlan_broadcast+0x547/0x620
[   81.395718][ T9608]  end_report+0x47/0x4f
[   81.399850][ T9608]  ? macvlan_broadcast+0x547/0x620
[   81.404954][ T9608]  __kasan_report.cold+0xe/0x41
[   81.409781][ T9608]  ? validate_xmit_xfrm+0x3d0/0xf10
[   81.414966][ T9608]  ? macvlan_broadcast+0x547/0x620
[   81.420067][ T9608]  kasan_report+0x12/0x20
[   81.424375][ T9608]  __asan_report_load_n_noabort+0xf/0x20
[   81.429981][ T9608]  macvlan_broadcast+0x547/0x620
[   81.434910][ T9608]  ? validate_xmit_skb+0x81f/0xe50
[   81.440172][ T9608]  macvlan_start_xmit+0x402/0x77f
[   81.445185][ T9608]  dev_direct_xmit+0x419/0x630
[   81.449925][ T9608]  ? __check_heap_object+0x51/0xb3
[   81.455013][ T9608]  ? validate_xmit_skb_list+0x150/0x150
[   81.460537][ T9608]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   81.466765][ T9608]  ? netdev_pick_tx+0x14e/0xb00
[   81.471608][ T9608]  packet_direct_xmit+0x1a9/0x250
[   81.476609][ T9608]  packet_sendmsg+0x260d/0x6220
[   81.481438][ T9608]  ? ___might_sleep+0x163/0x2c0
[   81.486279][ T9608]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   81.492494][ T9608]  ? aa_label_sk_perm+0x91/0xf0
[   81.497325][ T9608]  ? packet_notifier+0x880/0x880
[   81.502239][ T9608]  ? __kasan_check_read+0x11/0x20
[   81.507237][ T9608]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   81.512758][ T9608]  ? apparmor_socket_sendmsg+0x2a/0x30
[   81.518193][ T9608]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   81.524409][ T9608]  ? security_socket_sendmsg+0x8d/0xc0
[   81.529932][ T9608]  ? packet_notifier+0x880/0x880
[   81.534860][ T9608]  sock_sendmsg+0xd7/0x130
[   81.539262][ T9608]  __sys_sendto+0x262/0x380
[   81.543743][ T9608]  ? __ia32_sys_getpeername+0xb0/0xb0
[   81.549101][ T9608]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   81.555336][ T9608]  ? put_timespec64+0xda/0x140
[   81.560091][ T9608]  ? ns_to_kernel_old_timeval+0x100/0x100
[   81.565790][ T9608]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   81.571227][ T9608]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   81.576671][ T9608]  ? do_syscall_64+0x26/0x790
[   81.581327][ T9608]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   81.587370][ T9608]  __x64_sys_sendto+0xe1/0x1a0
[   81.592130][ T9608]  do_syscall_64+0xfa/0x790
[   81.596613][ T9608]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   81.602481][ T9608] RIP: 0033:0x45af49
[   81.606353][ T9608] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   81.626018][ T9608] RSP: 002b:0000000000a6fb78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   81.634406][ T9608] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045af49
[   81.642353][ T9608] RDX: 000000000000000e RSI: 0000000020000080 RDI: 0000000000000003
[   81.650389][ T9608] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   81.658336][ T9608] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000024d2914
[   81.666291][ T9608] R13: 00000000004ca8a7 R14: 00000000004e3ac0 R15: 00000000ffffffff
[   81.675672][ T9608] Kernel Offset: disabled
[   81.679992][ T9608] Rebooting in 86400 seconds..