[   39.208054][   T26] audit: type=1800 audit(1556111066.690:27): pid=7691 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   39.237796][   T26] audit: type=1800 audit(1556111066.700:28): pid=7691 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[   40.066709][   T26] audit: type=1800 audit(1556111067.600:29): pid=7691 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[....] startpar: service(s) returned failure: rsyslog ...[?25l[?1c7[FAIL8[?25h[?0c failed!

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.215' (ECDSA) to the list of known hosts.
2019/04/24 13:04:38 parsed 1 programs
2019/04/24 13:04:40 executed programs: 0
syzkaller login: [   53.395176][ T7879] IPVS: ftp: loaded support on port[0] = 21
[   53.452701][ T7879] chnl_net:caif_netlink_parms(): no params data found
[   53.484336][ T7879] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.492058][ T7879] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.499962][ T7879] device bridge_slave_0 entered promiscuous mode
[   53.508528][ T7879] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.515601][ T7879] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.523419][ T7879] device bridge_slave_1 entered promiscuous mode
[   53.539358][ T7879] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   53.548993][ T7879] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   53.566762][ T7879] team0: Port device team_slave_0 added
[   53.573991][ T7879] team0: Port device team_slave_1 added
[   53.618851][ T7879] device hsr_slave_0 entered promiscuous mode
[   53.687739][ T7879] device hsr_slave_1 entered promiscuous mode
[   53.755132][ T7879] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.762327][ T7879] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.770087][ T7879] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.777157][ T7879] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.809725][ T7879] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.820178][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.831157][ T2988] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.839517][ T2988] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.848798][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   53.860991][ T7879] 8021q: adding VLAN 0 to HW filter on device team0
[   53.871197][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.879932][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.886970][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.908369][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.916658][ T2988] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.923762][ T2988] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.932110][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   53.940797][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   53.949407][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.960650][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   53.968427][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.979568][ T7879] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   53.995220][ T7879] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.421542][ T7979] ==================================================================
[   55.430900][ T7979] BUG: KASAN: stack-out-of-bounds in ax25_getname+0x58/0x7a0
[   55.438257][ T7979] Write of size 72 at addr ffff88808ab57c78 by task syz-executor.0/7979
[   55.446556][ T7979] 
[   55.448868][ T7979] CPU: 0 PID: 7979 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #83
[   55.456746][ T7979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.466813][ T7979] Call Trace:
[   55.470105][ T7979]  dump_stack+0x172/0x1f0
[   55.474422][ T7979]  ? ax25_getname+0x58/0x7a0
[   55.479020][ T7979]  print_address_description.cold+0x7c/0x20d
[   55.485003][ T7979]  ? ax25_getname+0x58/0x7a0
[   55.489582][ T7979]  ? ax25_getname+0x58/0x7a0
[   55.494167][ T7979]  kasan_report.cold+0x1b/0x40
[   55.498934][ T7979]  ? ax25_getname+0x58/0x7a0
[   55.503508][ T7979]  check_memory_region+0x123/0x190
[   55.508633][ T7979]  memset+0x24/0x40
[   55.512438][ T7979]  ax25_getname+0x58/0x7a0
[   55.516833][ T7979]  ? fget+0x20/0x30
[   55.520626][ T7979]  vhost_net_ioctl+0x120f/0x1900
[   55.525565][ T7979]  ? vhost_zerocopy_callback+0x300/0x300
[   55.531213][ T7979]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   55.537040][ T7979]  ? smack_log+0x415/0x540
[   55.541474][ T7979]  ? vhost_zerocopy_callback+0x300/0x300
[   55.547110][ T7979]  do_vfs_ioctl+0xd6e/0x1390
[   55.551707][ T7979]  ? ioctl_preallocate+0x210/0x210
[   55.556819][ T7979]  ? smack_file_ioctl+0x196/0x310
[   55.561864][ T7979]  ? smack_inode_rename+0x2d0/0x2d0
[   55.567076][ T7979]  ? nsecs_to_jiffies+0x30/0x30
[   55.571957][ T7979]  ? tomoyo_file_ioctl+0x23/0x30
[   55.576902][ T7979]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   55.583145][ T7979]  ? security_file_ioctl+0x93/0xc0
[   55.588257][ T7979]  ksys_ioctl+0xab/0xd0
[   55.592410][ T7979]  __x64_sys_ioctl+0x73/0xb0
[   55.597008][ T7979]  do_syscall_64+0x103/0x610
[   55.601616][ T7979]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   55.607515][ T7979] RIP: 0033:0x458d99
[   55.611396][ T7979] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   55.631002][ T7979] RSP: 002b:00007f935fbb7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   55.639414][ T7979] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458d99
[   55.647386][ T7979] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000003
[   55.655360][ T7979] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[   55.663322][ T7979] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f935fbb86d4
[   55.671281][ T7979] R13: 00000000004c37b7 R14: 00000000004d6c90 R15: 00000000ffffffff
[   55.679245][ T7979] 
[   55.681593][ T7979] The buggy address belongs to the page:
[   55.687221][ T7979] page:ffffea00022ad5c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   55.696095][ T7979] flags: 0x1fffc0000000000()
[   55.700681][ T7979] raw: 01fffc0000000000 0000000000000000 ffffffff022a0101 0000000000000000
[   55.709249][ T7979] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   55.717825][ T7979] page dumped because: kasan: bad access detected
[   55.724224][ T7979] 
[   55.726533][ T7979] Memory state around the buggy address:
[   55.732144][ T7979]  ffff88808ab57b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[   55.740188][ T7979]  ffff88808ab57c00: f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 f2 f2 f2 00
[   55.748330][ T7979] >ffff88808ab57c80: 00 00 00 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00
[   55.756374][ T7979]                                   ^
[   55.761731][ T7979]  ffff88808ab57d00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[   55.769782][ T7979]  ffff88808ab57d80: 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 00
[   55.777824][ T7979] ==================================================================
[   55.785881][ T7979] Disabling lock debugging due to kernel taint
[   55.796101][ T7979] Kernel panic - not syncing: panic_on_warn set ...
[   55.802713][ T7979] CPU: 0 PID: 7979 Comm: syz-executor.0 Tainted: G    B             5.1.0-rc6+ #83
[   55.811977][ T7979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.822012][ T7979] Call Trace:
[   55.825288][ T7979]  dump_stack+0x172/0x1f0
[   55.829605][ T7979]  panic+0x2cb/0x65c
[   55.833486][ T7979]  ? __warn_printk+0xf3/0xf3
[   55.838078][ T7979]  ? ax25_getname+0x58/0x7a0
[   55.842657][ T7979]  ? preempt_schedule+0x4b/0x60
[   55.847565][ T7979]  ? ___preempt_schedule+0x16/0x18
[   55.852682][ T7979]  ? trace_hardirqs_on+0x5e/0x230
[   55.857696][ T7979]  ? ax25_getname+0x58/0x7a0
[   55.862276][ T7979]  end_report+0x47/0x4f
[   55.866414][ T7979]  ? ax25_getname+0x58/0x7a0
[   55.870999][ T7979]  kasan_report.cold+0xe/0x40
[   55.875663][ T7979]  ? ax25_getname+0x58/0x7a0
[   55.880238][ T7979]  check_memory_region+0x123/0x190
[   55.885333][ T7979]  memset+0x24/0x40
[   55.889126][ T7979]  ax25_getname+0x58/0x7a0
[   55.893519][ T7979]  ? fget+0x20/0x30
[   55.897321][ T7979]  vhost_net_ioctl+0x120f/0x1900
[   55.902239][ T7979]  ? vhost_zerocopy_callback+0x300/0x300
[   55.907874][ T7979]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   55.913655][ T7979]  ? smack_log+0x415/0x540
[   55.918062][ T7979]  ? vhost_zerocopy_callback+0x300/0x300
[   55.923671][ T7979]  do_vfs_ioctl+0xd6e/0x1390
[   55.928240][ T7979]  ? ioctl_preallocate+0x210/0x210
[   55.933342][ T7979]  ? smack_file_ioctl+0x196/0x310
[   55.938353][ T7979]  ? smack_inode_rename+0x2d0/0x2d0
[   55.943532][ T7979]  ? nsecs_to_jiffies+0x30/0x30
[   55.948376][ T7979]  ? tomoyo_file_ioctl+0x23/0x30
[   55.953294][ T7979]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   55.959514][ T7979]  ? security_file_ioctl+0x93/0xc0
[   55.964605][ T7979]  ksys_ioctl+0xab/0xd0
[   55.968758][ T7979]  __x64_sys_ioctl+0x73/0xb0
[   55.973333][ T7979]  do_syscall_64+0x103/0x610
[   55.977918][ T7979]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   55.983788][ T7979] RIP: 0033:0x458d99
[   55.987659][ T7979] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   56.007274][ T7979] RSP: 002b:00007f935fbb7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   56.015669][ T7979] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458d99
[   56.023705][ T7979] RDX: 0000000020d7c000 RSI: 000000004008af30 RDI: 0000000000000003
[   56.031658][ T7979] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[   56.039610][ T7979] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f935fbb86d4
[   56.047560][ T7979] R13: 00000000004c37b7 R14: 00000000004d6c90 R15: 00000000ffffffff
[   56.056267][ T7979] Kernel Offset: disabled
[   56.060602][ T7979] Rebooting in 86400 seconds..