Warning: Permanently added '10.128.0.96' (ECDSA) to the list of known hosts. 2019/11/09 21:33:22 parsed 1 programs 2019/11/09 21:33:22 executed programs: 0 [ 79.027307] IPVS: ftp: loaded support on port[0] = 21 [ 79.054335] IPVS: ftp: loaded support on port[0] = 21 [ 79.128574] IPVS: ftp: loaded support on port[0] = 21 [ 79.135789] IPVS: ftp: loaded support on port[0] = 21 [ 79.146063] IPVS: ftp: loaded support on port[0] = 21 [ 79.209291] IPVS: ftp: loaded support on port[0] = 21 [ 79.920121] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.932643] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.940986] device bridge_slave_0 entered promiscuous mode [ 80.014552] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.020965] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.031061] device bridge_slave_1 entered promiscuous mode [ 80.068167] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.077441] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.085237] device bridge_slave_0 entered promiscuous mode [ 80.092203] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.101391] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.108451] device bridge_slave_0 entered promiscuous mode [ 80.115329] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.121709] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.128882] device bridge_slave_0 entered promiscuous mode [ 80.150279] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.158453] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.168856] device bridge_slave_1 entered promiscuous mode [ 80.177953] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.184337] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.191878] device bridge_slave_1 entered promiscuous mode [ 80.201615] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.208999] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.219745] device bridge_slave_1 entered promiscuous mode [ 80.243269] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.252410] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.270875] device bridge_slave_0 entered promiscuous mode [ 80.295689] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.303837] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.323330] device bridge_slave_0 entered promiscuous mode [ 80.340386] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.350236] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.359108] device bridge_slave_1 entered promiscuous mode [ 80.400114] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.409970] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.421398] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.428833] device bridge_slave_1 entered promiscuous mode [ 80.458175] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.496688] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.532048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.558581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.580863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.601363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.622867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.680322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 80.695883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.708307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.729113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 80.741812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 80.760975] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 80.779517] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.798881] team0: Port device team_slave_0 added [ 80.806492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.837565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 80.857468] team0: Port device team_slave_1 added [ 80.876670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 80.895508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 80.922041] team0: Port device team_slave_0 added [ 80.932825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 80.944173] team0: Port device team_slave_0 added [ 80.968546] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.996299] team0: Port device team_slave_1 added [ 81.017054] team0: Port device team_slave_0 added [ 81.023062] team0: Port device team_slave_1 added [ 81.030590] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 81.060872] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.083519] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.095071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 81.111480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 81.121850] team0: Port device team_slave_1 added [ 81.138069] team0: Port device team_slave_0 added [ 81.169614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 81.178920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 81.187045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 81.195654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 81.207859] team0: Port device team_slave_1 added [ 81.216744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 81.225559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 81.239843] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 81.252947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 81.269610] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.282823] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.297480] team0: Port device team_slave_0 added [ 81.312786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 81.325454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 81.341926] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 81.356335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 81.364164] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 81.375774] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 81.391105] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 81.398942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 81.418344] team0: Port device team_slave_1 added [ 81.439986] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 81.464894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 81.484373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 81.500434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 81.515719] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.523334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 81.531229] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 81.548786] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 81.588032] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 81.611177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 81.630302] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 81.641255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 81.890690] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.897186] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.904264] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.910774] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.000194] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.006616] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.013194] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.019606] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.052012] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.058471] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.065316] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.071658] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.095658] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.102078] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.108771] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.115176] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.125922] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.132341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.138998] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.145415] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.233578] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.240017] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.246644] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.252997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.725207] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 82.732927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 82.761867] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 82.769611] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 82.776869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 82.784139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 83.979610] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.988627] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.002339] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.019490] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.138949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.291880] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.318212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 84.330831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.348415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 84.357373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.383378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 84.394658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.418064] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 84.427622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.489113] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.535330] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.549698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 84.558736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.582128] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.596240] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.727189] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.742010] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 84.761235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.910939] 8021q: adding VLAN 0 to HW filter on device team0 2019/11/09 21:33:29 executed programs: 6 [ 87.642079] ================================================================== [ 87.649635] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x4d/0x7b0 [ 87.649642] Write of size 72 at addr ffff8881b8c67c78 by task syz-executor3/9222 [ 87.649645] [ 87.649652] CPU: 0 PID: 9222 Comm: syz-executor3 Not tainted 5.4.0-rc6+ #0 [ 87.649656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 87.649659] Call Trace: [ 87.649667] dump_stack+0x12d/0x187 [ 87.649679] print_address_description.constprop.8.cold.10+0x9/0x31d [ 87.649684] ? ax25_getname+0x4d/0x7b0 [ 87.672527] __kasan_report.cold.11+0x1b/0x3a [ 87.672534] ? ax25_getname+0x4d/0x7b0 [ 87.672542] ? ax25_getname+0x4d/0x7b0 [ 87.672548] kasan_report+0x12/0x20 [ 87.672553] check_memory_region+0x153/0x1d0 [ 87.672559] memset+0x23/0x40 [ 87.722002] ax25_getname+0x4d/0x7b0 [ 87.725702] vhost_net_ioctl+0xe79/0x1530 [ 87.729837] ? handle_tx_kick+0x40/0x40 [ 87.733789] ? __lock_acquire+0x100f/0x4ef0 [ 87.738348] ? mark_lock+0xc5/0x11d0 [ 87.742056] ? exit_robust_list+0x1c0/0x1c0 [ 87.746400] ? find_held_lock+0x36/0x1d0 [ 87.750449] ? smk_access_entry+0x1e0/0x1e0 [ 87.754757] ? __fget+0x294/0x420 [ 87.758201] do_vfs_ioctl+0x199/0x1160 [ 87.762073] ? rcu_read_lock_held+0x9c/0xb0 [ 87.766384] ? ioctl_preallocate+0x1c0/0x1c0 [ 87.770778] ? smk_curacc+0xb5/0xe0 [ 87.774413] ? smack_file_ioctl+0x24c/0x2c0 [ 87.778720] ? smack_inode_link+0x280/0x280 [ 87.783028] ? nsecs_to_jiffies+0x20/0x20 [ 87.788195] ? __blkcg_punt_bio_submit+0x1c0/0x1c0 [ 87.793112] ksys_ioctl+0x62/0x90 [ 87.796548] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 87.801121] __x64_sys_ioctl+0x6e/0xb0 [ 87.805001] do_syscall_64+0xd0/0x5e0 [ 87.808826] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.814186] RIP: 0033:0x4578a9 [ 87.817367] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 87.837350] RSP: 002b:00007fd47c00bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 87.845049] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004578a9 [ 87.852336] RDX: 0000000020f1dff8 RSI: 000000004008af30 RDI: 0000000000000004 [ 87.859607] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 87.866883] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd47c00c6d4 [ 87.874136] R13: 00000000004c1e74 R14: 00000000004d4180 R15: 00000000ffffffff [ 87.881398] [ 87.883009] The buggy address belongs to the page: [ 87.887943] page:ffffea0006e319c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 87.896332] flags: 0x2fffc0000000000() [ 87.900236] raw: 02fffc0000000000 0000000000000000 ffffffff06e30101 0000000000000000 [ 87.908107] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 87.915966] page dumped because: kasan: bad access detected [ 87.921652] [ 87.923277] addr ffff8881b8c67c78 is located in stack of task syz-executor3/9222 at offset 160 in frame: [ 87.932885] vhost_net_ioctl+0x0/0x1530 [ 87.936855] [ 87.938464] this frame has 3 objects: [ 87.942436] [32, 36) 'r' [ 87.942439] [96, 104) 'backend' [ 87.945186] [160, 212) 'uaddr' [ 87.948524] [ 87.953424] Memory state around the buggy address: [ 87.958332] ffff8881b8c67b80: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 [ 87.965770] ffff8881b8c67c00: f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 [ 87.973113] >ffff8881b8c67c80: 00 00 00 00 00 04 f2 00 00 00 00 00 00 00 00 00 [ 87.980451] ^ [ 87.985222] ffff8881b8c67d00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 [ 87.992910] ffff8881b8c67d80: f2 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 [ 88.000359] ================================================================== [ 88.007720] Disabling lock debugging due to kernel taint [ 88.014469] Kernel panic - not syncing: panic_on_warn set ... [ 88.020890] CPU: 0 PID: 9222 Comm: syz-executor3 Tainted: G B 5.4.0-rc6+ #0 [ 88.029277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 88.038700] Call Trace: [ 88.041279] dump_stack+0x12d/0x187 [ 88.045076] ? ax25_getname+0x40/0x7b0 [ 88.048948] panic+0x22a/0x4f5 [ 88.052131] ? add_taint.cold.8+0x11/0x11 [ 88.056278] ? ___preempt_schedule+0x16/0x20 [ 88.060669] ? ax25_getname+0x4d/0x7b0 [ 88.064536] end_report+0x47/0x4f [ 88.067996] __kasan_report.cold.11+0xe/0x3a [ 88.072393] ? ax25_getname+0x4d/0x7b0 [ 88.076257] ? ax25_getname+0x4d/0x7b0 [ 88.080119] kasan_report+0x12/0x20 [ 88.084254] check_memory_region+0x153/0x1d0 [ 88.088639] memset+0x23/0x40 [ 88.091719] ax25_getname+0x4d/0x7b0 [ 88.095424] vhost_net_ioctl+0xe79/0x1530 [ 88.099553] ? handle_tx_kick+0x40/0x40 [ 88.103512] ? __lock_acquire+0x100f/0x4ef0 [ 88.107824] ? mark_lock+0xc5/0x11d0 [ 88.111518] ? exit_robust_list+0x1c0/0x1c0 [ 88.115971] ? find_held_lock+0x36/0x1d0 [ 88.120194] ? smk_access_entry+0x1e0/0x1e0 [ 88.124501] ? __fget+0x294/0x420 [ 88.127943] do_vfs_ioctl+0x199/0x1160 [ 88.131814] ? rcu_read_lock_held+0x9c/0xb0 [ 88.136120] ? ioctl_preallocate+0x1c0/0x1c0 [ 88.140552] ? smk_curacc+0xb5/0xe0 [ 88.144205] ? smack_file_ioctl+0x24c/0x2c0 [ 88.148509] ? smack_inode_link+0x280/0x280 [ 88.152830] ? nsecs_to_jiffies+0x20/0x20 [ 88.156968] ? __blkcg_punt_bio_submit+0x1c0/0x1c0 [ 88.161877] ksys_ioctl+0x62/0x90 [ 88.165330] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 88.169896] __x64_sys_ioctl+0x6e/0xb0 [ 88.173763] do_syscall_64+0xd0/0x5e0 [ 88.177567] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.182734] RIP: 0033:0x4578a9 [ 88.185914] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 88.204888] RSP: 002b:00007fd47c00bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 88.212759] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004578a9 [ 88.220201] RDX: 0000000020f1dff8 RSI: 000000004008af30 RDI: 0000000000000004 [ 88.227458] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 88.234708] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd47c00c6d4 [ 88.242224] R13: 00000000004c1e74 R14: 00000000004d4180 R15: 00000000ffffffff [ 88.251123] Kernel Offset: disabled [ 88.254784] Rebooting in 86400 seconds..