[ 39.208054][ T26] audit: type=1800 audit(1556111066.690:27): pid=7691 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 39.237796][ T26] audit: type=1800 audit(1556111066.700:28): pid=7691 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 40.066709][ T26] audit: type=1800 audit(1556111067.600:29): pid=7691 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [....] startpar: service(s) returned failure: rsyslog ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.215' (ECDSA) to the list of known hosts. 2019/04/24 13:04:38 parsed 1 programs 2019/04/24 13:04:40 executed programs: 0 syzkaller login: [ 53.395176][ T7879] IPVS: ftp: loaded support on port[0] = 21 [ 53.452701][ T7879] chnl_net:caif_netlink_parms(): no params data found [ 53.484336][ T7879] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.492058][ T7879] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.499962][ T7879] device bridge_slave_0 entered promiscuous mode [ 53.508528][ T7879] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.515601][ T7879] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.523419][ T7879] device bridge_slave_1 entered promiscuous mode [ 53.539358][ T7879] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.548993][ T7879] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.566762][ T7879] team0: Port device team_slave_0 added [ 53.573991][ T7879] team0: Port device team_slave_1 added [ 53.618851][ T7879] device hsr_slave_0 entered promiscuous mode [ 53.687739][ T7879] device hsr_slave_1 entered promiscuous mode [ 53.755132][ T7879] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.762327][ T7879] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.770087][ T7879] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.777157][ T7879] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.809725][ T7879] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.820178][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.831157][ T2988] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.839517][ T2988] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.848798][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 53.860991][ T7879] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.871197][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.879932][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.886970][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.908369][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.916658][ T2988] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.923762][ T2988] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.932110][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.940797][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.949407][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.960650][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.968427][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.979568][ T7879] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.995220][ T7879] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.421542][ T7979] ================================================================== [ 55.430900][ T7979] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x7a0 [ 55.438257][ T7979] Write of size 72 at addr ffff88808ab57c78 by task syz-executor.0/7979 [ 55.446556][ T7979] [ 55.448868][ T7979] CPU: 0 PID: 7979 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #83 [ 55.456746][ T7979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.466813][ T7979] Call Trace: [ 55.470105][ T7979] dump_stack+0x172/0x1f0 [ 55.474422][ T7979] ? ax25_getname+0x58/0x7a0 [ 55.479020][ T7979] print_address_description.cold+0x7c/0x20d [ 55.485003][ T7979] ? ax25_getname+0x58/0x7a0 [ 55.489582][ T7979] ? ax25_getname+0x58/0x7a0 [ 55.494167][ T7979] kasan_report.cold+0x1b/0x40 [ 55.498934][ T7979] ? ax25_getname+0x58/0x7a0 [ 55.503508][ T7979] check_memory_region+0x123/0x190 [ 55.508633][ T7979] memset+0x24/0x40 [ 55.512438][ T7979] ax25_getname+0x58/0x7a0 [ 55.516833][ T7979] ? fget+0x20/0x30 [ 55.520626][ T7979] vhost_net_ioctl+0x120f/0x1900 [ 55.525565][ T7979] ? vhost_zerocopy_callback+0x300/0x300 [ 55.531213][ T7979] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 55.537040][ T7979] ? smack_log+0x415/0x540 [ 55.541474][ T7979] ? vhost_zerocopy_callback+0x300/0x300 [ 55.547110][ T7979] do_vfs_ioctl+0xd6e/0x1390 [ 55.551707][ T7979] ? ioctl_preallocate+0x210/0x210 [ 55.556819][ T7979] ? smack_file_ioctl+0x196/0x310 [ 55.561864][ T7979] ? smack_inode_rename+0x2d0/0x2d0 [ 55.567076][ T7979] ? nsecs_to_jiffies+0x30/0x30 [ 55.571957][ T7979] ? tomoyo_file_ioctl+0x23/0x30 [ 55.576902][ T7979] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.583145][ T7979] ? security_file_ioctl+0x93/0xc0 [ 55.588257][ T7979] ksys_ioctl+0xab/0xd0 [ 55.592410][ T7979] __x64_sys_ioctl+0x73/0xb0 [ 55.597008][ T7979] do_syscall_64+0x103/0x610 [ 55.601616][ T7979] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.607515][ T7979] RIP: 0033:0x458d99 [ 55.611396][ T7979] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.631002][ T7979] RSP: 002b:00007f935fbb7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 55.639414][ T7979] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458d99 [ 55.647386][ T7979] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000003 [ 55.655360][ T7979] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 55.663322][ T7979] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f935fbb86d4 [ 55.671281][ T7979] R13: 00000000004c37b7 R14: 00000000004d6c90 R15: 00000000ffffffff [ 55.679245][ T7979] [ 55.681593][ T7979] The buggy address belongs to the page: [ 55.687221][ T7979] page:ffffea00022ad5c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 55.696095][ T7979] flags: 0x1fffc0000000000() [ 55.700681][ T7979] raw: 01fffc0000000000 0000000000000000 ffffffff022a0101 0000000000000000 [ 55.709249][ T7979] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 55.717825][ T7979] page dumped because: kasan: bad access detected [ 55.724224][ T7979] [ 55.726533][ T7979] Memory state around the buggy address: [ 55.732144][ T7979] ffff88808ab57b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 55.740188][ T7979] ffff88808ab57c00: f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 f2 f2 f2 00 [ 55.748330][ T7979] >ffff88808ab57c80: 00 00 00 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 [ 55.756374][ T7979] ^ [ 55.761731][ T7979] ffff88808ab57d00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 55.769782][ T7979] ffff88808ab57d80: 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 [ 55.777824][ T7979] ================================================================== [ 55.785881][ T7979] Disabling lock debugging due to kernel taint [ 55.796101][ T7979] Kernel panic - not syncing: panic_on_warn set ... [ 55.802713][ T7979] CPU: 0 PID: 7979 Comm: syz-executor.0 Tainted: G B 5.1.0-rc6+ #83 [ 55.811977][ T7979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.822012][ T7979] Call Trace: [ 55.825288][ T7979] dump_stack+0x172/0x1f0 [ 55.829605][ T7979] panic+0x2cb/0x65c [ 55.833486][ T7979] ? __warn_printk+0xf3/0xf3 [ 55.838078][ T7979] ? ax25_getname+0x58/0x7a0 [ 55.842657][ T7979] ? preempt_schedule+0x4b/0x60 [ 55.847565][ T7979] ? ___preempt_schedule+0x16/0x18 [ 55.852682][ T7979] ? trace_hardirqs_on+0x5e/0x230 [ 55.857696][ T7979] ? ax25_getname+0x58/0x7a0 [ 55.862276][ T7979] end_report+0x47/0x4f [ 55.866414][ T7979] ? ax25_getname+0x58/0x7a0 [ 55.870999][ T7979] kasan_report.cold+0xe/0x40 [ 55.875663][ T7979] ? ax25_getname+0x58/0x7a0 [ 55.880238][ T7979] check_memory_region+0x123/0x190 [ 55.885333][ T7979] memset+0x24/0x40 [ 55.889126][ T7979] ax25_getname+0x58/0x7a0 [ 55.893519][ T7979] ? fget+0x20/0x30 [ 55.897321][ T7979] vhost_net_ioctl+0x120f/0x1900 [ 55.902239][ T7979] ? vhost_zerocopy_callback+0x300/0x300 [ 55.907874][ T7979] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 55.913655][ T7979] ? smack_log+0x415/0x540 [ 55.918062][ T7979] ? vhost_zerocopy_callback+0x300/0x300 [ 55.923671][ T7979] do_vfs_ioctl+0xd6e/0x1390 [ 55.928240][ T7979] ? ioctl_preallocate+0x210/0x210 [ 55.933342][ T7979] ? smack_file_ioctl+0x196/0x310 [ 55.938353][ T7979] ? smack_inode_rename+0x2d0/0x2d0 [ 55.943532][ T7979] ? nsecs_to_jiffies+0x30/0x30 [ 55.948376][ T7979] ? tomoyo_file_ioctl+0x23/0x30 [ 55.953294][ T7979] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.959514][ T7979] ? security_file_ioctl+0x93/0xc0 [ 55.964605][ T7979] ksys_ioctl+0xab/0xd0 [ 55.968758][ T7979] __x64_sys_ioctl+0x73/0xb0 [ 55.973333][ T7979] do_syscall_64+0x103/0x610 [ 55.977918][ T7979] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.983788][ T7979] RIP: 0033:0x458d99 [ 55.987659][ T7979] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.007274][ T7979] RSP: 002b:00007f935fbb7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 56.015669][ T7979] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458d99 [ 56.023705][ T7979] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000003 [ 56.031658][ T7979] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 56.039610][ T7979] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f935fbb86d4 [ 56.047560][ T7979] R13: 00000000004c37b7 R14: 00000000004d6c90 R15: 00000000ffffffff [ 56.056267][ T7979] Kernel Offset: disabled [ 56.060602][ T7979] Rebooting in 86400 seconds..