[ 40.904978] audit: type=1800 audit(1550138228.855:26): pid=7801 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 40.932914] audit: type=1800 audit(1550138228.855:27): pid=7801 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 40.961009] audit: type=1800 audit(1550138228.855:28): pid=7801 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 41.979867] audit: type=1800 audit(1550138229.965:29): pid=7801 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts. 2019/02/14 09:57:19 parsed 1 programs 2019/02/14 09:57:22 executed programs: 0 syzkaller login: [ 54.332488] IPVS: ftp: loaded support on port[0] = 21 [ 54.392628] chnl_net:caif_netlink_parms(): no params data found [ 54.426658] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.433388] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.440831] device bridge_slave_0 entered promiscuous mode [ 54.448036] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.454410] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.461402] device bridge_slave_1 entered promiscuous mode [ 54.477051] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.486300] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.504695] team0: Port device team_slave_0 added [ 54.510949] team0: Port device team_slave_1 added [ 54.589603] device hsr_slave_0 entered promiscuous mode [ 54.658894] device hsr_slave_1 entered promiscuous mode [ 54.705381] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.711841] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.718828] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.725191] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.754387] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.766662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.776043] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.783862] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.791316] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 54.802163] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.811195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.819043] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.825370] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.845234] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.855746] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.867288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.875900] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.882304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.889609] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.897250] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.905225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.912976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.921453] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.928362] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.945366] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/02/14 09:57:27 executed programs: 41 [ 60.385210] ================================================================== [ 60.392684] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x7a0 [ 60.399347] Write of size 72 at addr ffff8880916a7c78 by task syz-executor.0/8321 [ 60.406940] [ 60.408582] CPU: 0 PID: 8321 Comm: syz-executor.0 Not tainted 5.0.0-rc6+ #70 [ 60.415744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.425076] Call Trace: [ 60.427651] dump_stack+0x172/0x1f0 [ 60.431264] ? ax25_getname+0x58/0x7a0 [ 60.435141] print_address_description.cold+0x7c/0x20d [ 60.440395] ? ax25_getname+0x58/0x7a0 [ 60.444258] ? ax25_getname+0x58/0x7a0 [ 60.448128] kasan_report.cold+0x1b/0x40 [ 60.452170] ? ax25_getname+0x58/0x7a0 [ 60.456046] check_memory_region+0x123/0x190 [ 60.460437] memset+0x24/0x40 [ 60.463525] ax25_getname+0x58/0x7a0 [ 60.467220] ? fget+0x1b/0x20 [ 60.470312] vhost_net_ioctl+0x120f/0x1900 [ 60.474532] ? vhost_net_buf_peek+0x840/0x840 [ 60.479018] ? smack_log+0x415/0x540 [ 60.482716] ? smk_access_entry+0x1c0/0x1c0 [ 60.487034] ? __fget+0x340/0x540 [ 60.490491] ? smk_access+0x40d/0x570 [ 60.494275] ? find_held_lock+0x35/0x130 [ 60.498337] ? smk_tskacc+0x2ba/0x390 [ 60.502116] ? vhost_net_buf_peek+0x840/0x840 [ 60.506595] do_vfs_ioctl+0xd6e/0x1390 [ 60.510467] ? smk_curacc+0x7f/0xa0 [ 60.514101] ? ioctl_preallocate+0x210/0x210 [ 60.518501] ? smack_file_ioctl+0x196/0x300 [ 60.522811] ? smack_file_lock+0x240/0x240 [ 60.527025] ? __fget+0x367/0x540 [ 60.530475] ? nsecs_to_jiffies+0x30/0x30 [ 60.534609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.540128] ? security_file_ioctl+0x93/0xc0 [ 60.544521] ksys_ioctl+0xab/0xd0 [ 60.547955] __x64_sys_ioctl+0x73/0xb0 [ 60.552139] do_syscall_64+0x103/0x610 [ 60.556022] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.561221] RIP: 0033:0x457e29 [ 60.564410] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.583311] RSP: 002b:00007f150b0c8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.590999] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 60.598252] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000004 [ 60.605501] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 60.612796] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f150b0c96d4 [ 60.620064] R13: 00000000004c2673 R14: 00000000004d5050 R15: 00000000ffffffff [ 60.627322] [ 60.628932] The buggy address belongs to the page: [ 60.633842] page:ffffea000245a9c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 60.641974] flags: 0x1fffc0000000000() [ 60.645855] raw: 01fffc0000000000 0000000000000000 ffffffff02450101 0000000000000000 [ 60.653838] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 60.661719] page dumped because: kasan: bad access detected [ 60.667484] [ 60.669094] Memory state around the buggy address: [ 60.674001] ffff8880916a7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 60.681359] ffff8880916a7c00: f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 f2 f2 f2 00 [ 60.688699] >ffff8880916a7c80: 00 00 00 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 [ 60.696034] ^ [ 60.700683] ffff8880916a7d00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 60.708024] ffff8880916a7d80: 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 [ 60.715426] ================================================================== [ 60.722804] Disabling lock debugging due to kernel taint [ 60.729211] Kernel panic - not syncing: panic_on_warn set ... [ 60.735088] CPU: 0 PID: 8321 Comm: syz-executor.0 Tainted: G B 5.0.0-rc6+ #70 [ 60.743640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.752971] Call Trace: [ 60.755546] dump_stack+0x172/0x1f0 [ 60.759163] panic+0x2cb/0x65c [ 60.762366] ? __warn_printk+0xf3/0xf3 [ 60.766241] ? ax25_getname+0x58/0x7a0 [ 60.770109] ? preempt_schedule+0x4b/0x60 [ 60.774239] ? ___preempt_schedule+0x16/0x18 [ 60.778629] ? trace_hardirqs_on+0x5e/0x230 [ 60.782928] ? ax25_getname+0x58/0x7a0 [ 60.786798] end_report+0x47/0x4f [ 60.790228] ? ax25_getname+0x58/0x7a0 [ 60.794096] kasan_report.cold+0xe/0x40 [ 60.798049] ? ax25_getname+0x58/0x7a0 [ 60.801920] check_memory_region+0x123/0x190 [ 60.806309] memset+0x24/0x40 [ 60.809394] ax25_getname+0x58/0x7a0 [ 60.813090] ? fget+0x1b/0x20 [ 60.816184] vhost_net_ioctl+0x120f/0x1900 [ 60.820399] ? vhost_net_buf_peek+0x840/0x840 [ 60.824882] ? smack_log+0x415/0x540 [ 60.828583] ? smk_access_entry+0x1c0/0x1c0 [ 60.832887] ? __fget+0x340/0x540 [ 60.836318] ? smk_access+0x40d/0x570 [ 60.840106] ? find_held_lock+0x35/0x130 [ 60.844149] ? smk_tskacc+0x2ba/0x390 [ 60.847933] ? vhost_net_buf_peek+0x840/0x840 [ 60.852414] do_vfs_ioctl+0xd6e/0x1390 [ 60.856283] ? smk_curacc+0x7f/0xa0 [ 60.859891] ? ioctl_preallocate+0x210/0x210 [ 60.864283] ? smack_file_ioctl+0x196/0x300 [ 60.868584] ? smack_file_lock+0x240/0x240 [ 60.872801] ? __fget+0x367/0x540 [ 60.876258] ? nsecs_to_jiffies+0x30/0x30 [ 60.880419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.885974] ? security_file_ioctl+0x93/0xc0 [ 60.890376] ksys_ioctl+0xab/0xd0 [ 60.893814] __x64_sys_ioctl+0x73/0xb0 [ 60.897710] do_syscall_64+0x103/0x610 [ 60.901595] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.906778] RIP: 0033:0x457e29 [ 60.909954] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.928834] RSP: 002b:00007f150b0c8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.936556] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 60.943803] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000004 [ 60.951055] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 60.958407] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f150b0c96d4 [ 60.965655] R13: 00000000004c2673 R14: 00000000004d5050 R15: 00000000ffffffff [ 60.973833] Kernel Offset: disabled [ 60.977462] Rebooting in 86400 seconds..