[   71.666651][   T27] audit: type=1800 audit(1581914014.315:26): pid=9906 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[   72.825168][   T27] kauditd_printk_skb: 2 callbacks suppressed
[   72.825179][   T27] audit: type=1800 audit(1581914015.495:29): pid=9906 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   72.851433][   T27] audit: type=1800 audit(1581914015.495:30): pid=9906 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   82.177926][T10059] ==================================================================
[   82.186272][T10059] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x7a0
[   82.193632][T10059] Write of size 72 at addr ffffc90005bc7e00 by task syz-executor507/10059
[   82.202285][T10059] 
[   82.204650][T10059] CPU: 1 PID: 10059 Comm: syz-executor507 Not tainted 5.6.0-rc2-syzkaller #0
[   82.213393][T10059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.223613][T10059] Call Trace:
[   82.226986][T10059]  dump_stack+0x197/0x210
[   82.231314][T10059]  ? ax25_getname+0x58/0x7a0
[   82.235996][T10059]  print_address_description.constprop.0.cold+0x5/0x30b
[   82.243070][T10059]  ? ax25_getname+0x58/0x7a0
[   82.247698][T10059]  ? ax25_getname+0x58/0x7a0
[   82.252292][T10059]  __kasan_report.cold+0x1b/0x32
[   82.257222][T10059]  ? ax25_getname+0x58/0x7a0
[   82.261808][T10059]  kasan_report+0x12/0x20
[   82.266150][T10059]  check_memory_region+0x134/0x1a0
[   82.271269][T10059]  memset+0x24/0x40
[   82.275092][T10059]  ax25_getname+0x58/0x7a0
[   82.279619][T10059]  ? fget+0x4f/0x60
[   82.283427][T10059]  vhost_net_ioctl+0x1213/0x1960
[   82.288371][T10059]  ? vhost_zerocopy_callback+0x2f0/0x2f0
[   82.294116][T10059]  ? __kasan_check_write+0x14/0x20
[   82.299215][T10059]  ? up_read+0x1cd/0x810
[   82.303468][T10059]  ? tomoyo_file_ioctl+0x23/0x30
[   82.308402][T10059]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.314648][T10059]  ? security_file_ioctl+0x8d/0xc0
[   82.319811][T10059]  ? vhost_zerocopy_callback+0x2f0/0x2f0
[   82.325514][T10059]  ksys_ioctl+0x123/0x180
[   82.329850][T10059]  __x64_sys_ioctl+0x73/0xb0
[   82.334434][T10059]  do_syscall_64+0xfa/0x790
[   82.338943][T10059]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.344882][T10059] RIP: 0033:0x440259
[   82.348835][T10059] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   82.368520][T10059] RSP: 002b:00007ffe1fa95c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   82.377002][T10059] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259
[   82.384967][T10059] RDX: 0000000020f1dff8 RSI: 000000004008af30 RDI: 0000000000000003
[   82.392949][T10059] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   82.400919][T10059] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401ae0
[   82.409009][T10059] R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000
[   82.416987][T10059] 
[   82.419308][T10059] 
[   82.421706][T10059] addr ffffc90005bc7e00 is located in stack of task syz-executor507/10059 at offset 128 in frame:
[   82.432386][T10059]  vhost_net_ioctl+0x0/0x1960
[   82.437046][T10059] 
[   82.439366][T10059] this frame has 4 objects:
[   82.444100][T10059]  [48, 52) 'r'
[   82.444105][T10059]  [64, 72) 'features'
[   82.447555][T10059]  [96, 104) 'backend'
[   82.451716][T10059]  [128, 180) 'uaddr'
[   82.455772][T10059] 
[   82.462207][T10059] Memory state around the buggy address:
[   82.469591][T10059]  ffffc90005bc7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   82.480172][T10059]  ffffc90005bc7d80: f1 f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 f2 f2 f2
[   82.488245][T10059] >ffffc90005bc7e00: 00 00 00 00 00 00 04 f3 f3 f3 f3 f3 00 00 00 00
[   82.496292][T10059]                                      ^
[   82.501918][T10059]  ffffc90005bc7e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   82.510313][T10059]  ffffc90005bc7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   82.518469][T10059] ==================================================================
[   82.526609][T10059] Disabling lock debugging due to kernel taint
[   82.533695][T10059] Kernel panic - not syncing: panic_on_warn set ...
[   82.540289][T10059] CPU: 1 PID: 10059 Comm: syz-executor507 Tainted: G    B             5.6.0-rc2-syzkaller #0
[   82.550473][T10059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.560530][T10059] Call Trace:
[   82.563807][T10059]  dump_stack+0x197/0x210
[   82.568151][T10059]  panic+0x2e3/0x75c
[   82.572069][T10059]  ? add_taint.cold+0x16/0x16
[   82.576778][T10059]  ? ax25_getname+0x58/0x7a0
[   82.581639][T10059]  ? preempt_schedule+0x4b/0x60
[   82.586481][T10059]  ? ___preempt_schedule+0x16/0x18
[   82.591599][T10059]  ? trace_hardirqs_on+0x5e/0x240
[   82.596624][T10059]  ? ax25_getname+0x58/0x7a0
[   82.601250][T10059]  end_report+0x47/0x4f
[   82.605414][T10059]  ? ax25_getname+0x58/0x7a0
[   82.609996][T10059]  __kasan_report.cold+0xe/0x32
[   82.614948][T10059]  ? ax25_getname+0x58/0x7a0
[   82.619538][T10059]  kasan_report+0x12/0x20
[   82.623940][T10059]  check_memory_region+0x134/0x1a0
[   82.629039][T10059]  memset+0x24/0x40
[   82.632831][T10059]  ax25_getname+0x58/0x7a0
[   82.637240][T10059]  ? fget+0x4f/0x60
[   82.641036][T10059]  vhost_net_ioctl+0x1213/0x1960
[   82.645985][T10059]  ? vhost_zerocopy_callback+0x2f0/0x2f0
[   82.651749][T10059]  ? __kasan_check_write+0x14/0x20
[   82.656856][T10059]  ? up_read+0x1cd/0x810
[   82.661100][T10059]  ? tomoyo_file_ioctl+0x23/0x30
[   82.666080][T10059]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.672317][T10059]  ? security_file_ioctl+0x8d/0xc0
[   82.677440][T10059]  ? vhost_zerocopy_callback+0x2f0/0x2f0
[   82.683071][T10059]  ksys_ioctl+0x123/0x180
[   82.687387][T10059]  __x64_sys_ioctl+0x73/0xb0
[   82.691974][T10059]  do_syscall_64+0xfa/0x790
[   82.696528][T10059]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.702413][T10059] RIP: 0033:0x440259
[   82.706292][T10059] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   82.726764][T10059] RSP: 002b:00007ffe1fa95c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   82.735170][T10059] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259
[   82.743274][T10059] RDX: 0000000020f1dff8 RSI: 000000004008af30 RDI: 0000000000000003
[   82.751241][T10059] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   82.759211][T10059] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401ae0
[   82.767200][T10059] R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000
[   82.776876][T10059] Kernel Offset: disabled
[   82.781211][T10059] Rebooting in 86400 seconds..