[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   66.838541][   T27] audit: type=1800 audit(1577479736.925:25): pid=9184 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   66.858522][   T27] audit: type=1800 audit(1577479736.925:26): pid=9184 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   66.905731][   T27] audit: type=1800 audit(1577479736.925:27): pid=9184 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.253' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   78.549277][ T9343] IPVS: ftp: loaded support on port[0] = 21
[   78.887009][ T9343] ==================================================================
[   78.895178][ T9343] BUG: KASAN: use-after-free in eth_type_trans+0x6ce/0x760
[   78.902697][ T9343] Read of size 8 at addr ffff88808a7f0040 by task syz-executor005/9343
[   78.910909][ T9343] 
[   78.913219][ T9343] CPU: 1 PID: 9343 Comm: syz-executor005 Not tainted 5.5.0-rc2-next-20191220-syzkaller #0
[   78.923108][ T9343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   78.933137][ T9343] Call Trace:
[   78.936408][ T9343]  dump_stack+0x197/0x210
[   78.940754][ T9343]  ? eth_type_trans+0x6ce/0x760
[   78.945624][ T9343]  print_address_description.constprop.0.cold+0xd4/0x30b
[   78.952622][ T9343]  ? eth_type_trans+0x6ce/0x760
[   78.957450][ T9343]  ? eth_type_trans+0x6ce/0x760
[   78.962314][ T9343]  __kasan_report.cold+0x1b/0x41
[   78.967253][ T9343]  ? eth_type_trans+0x6ce/0x760
[   78.972106][ T9343]  kasan_report+0x12/0x20
[   78.976452][ T9343]  __asan_report_load8_noabort+0x14/0x20
[   78.982074][ T9343]  eth_type_trans+0x6ce/0x760
[   78.986732][ T9343]  ? eth_gro_receive+0x890/0x890
[   78.991702][ T9343]  napi_gro_frags+0x8c2/0xd00
[   78.996448][ T9343]  tun_get_user+0x2e7f/0x3fc0
[   79.001115][ T9343]  ? __this_cpu_preempt_check+0x8a/0x190
[   79.006764][ T9343]  ? tun_build_skb.isra.0+0x1480/0x1480
[   79.012291][ T9343]  ? __this_cpu_preempt_check+0x8a/0x190
[   79.017903][ T9343]  ? __kasan_check_read+0x11/0x20
[   79.022904][ T9343]  tun_chr_write_iter+0xbd/0x156
[   79.027826][ T9343]  do_iter_readv_writev+0x5f8/0x8f0
[   79.033002][ T9343]  ? no_seek_end_llseek_size+0x70/0x70
[   79.038436][ T9343]  ? retint_kernel+0x2b/0x2b
[   79.043039][ T9343]  ? do_iter_write+0x10d/0x610
[   79.047781][ T9343]  do_iter_write+0x184/0x610
[   79.052389][ T9343]  vfs_writev+0x1b3/0x2f0
[   79.056694][ T9343]  ? vfs_iter_write+0xb0/0xb0
[   79.061349][ T9343]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   79.066783][ T9343]  ? lockdep_hardirqs_on+0x421/0x5e0
[   79.072049][ T9343]  ? retint_kernel+0x2b/0x2b
[   79.076617][ T9343]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   79.082053][ T9343]  ? __this_cpu_preempt_check+0x8a/0x190
[   79.087669][ T9343]  ? __this_cpu_preempt_check+0x35/0x190
[   79.093274][ T9343]  ? retint_kernel+0x2b/0x2b
[   79.097845][ T9343]  ? do_writev+0xe7/0x330
[   79.102159][ T9343]  ? do_writev+0x113/0x330
[   79.106563][ T9343]  do_writev+0x15b/0x330
[   79.110788][ T9343]  ? vfs_writev+0x2f0/0x2f0
[   79.115276][ T9343]  ? do_syscall_64+0x26/0x790
[   79.119940][ T9343]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   79.125979][ T9343]  ? do_syscall_64+0x26/0x790
[   79.130632][ T9343]  __x64_sys_writev+0x75/0xb0
[   79.135298][ T9343]  do_syscall_64+0xfa/0x790
[   79.139801][ T9343]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   79.145672][ T9343] RIP: 0033:0x441800
[   79.149558][ T9343] Code: 05 48 3d 01 f0 ff ff 0f 83 fd 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 51 9c 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 d4 0e fc ff c3 48 83 ec 08 e8 9a 2b 00 00
[   79.169140][ T9343] RSP: 002b:00007ffd0deb1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   79.177541][ T9343] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441800
[   79.185496][ T9343] RDX: 0000000000000001 RSI: 00007ffd0deb10a0 RDI: 00000000000000f0
[   79.193460][ T9343] RBP: 00007ffd0deb1070 R08: 0000000000000000 R09: 0000000000000020
[   79.201430][ T9343] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000003
[   79.209399][ T9343] R13: 0000000000000004 R14: 00007ffd0deb10f0 R15: 0000000000000000
[   79.217475][ T9343] 
[   79.219787][ T9343] The buggy address belongs to the page:
[   79.225410][ T9343] page:ffffea000229fc00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   79.234511][ T9343] raw: 00fffe0000000000 ffffea000229fc08 ffffea000229fc08 0000000000000000
[   79.243087][ T9343] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   79.251658][ T9343] page dumped because: kasan: bad access detected
[   79.258057][ T9343] 
[   79.260378][ T9343] Memory state around the buggy address:
[   79.266033][ T9343]  ffff88808a7eff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.274096][ T9343]  ffff88808a7eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.282247][ T9343] >ffff88808a7f0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.290296][ T9343]                                            ^
[   79.296474][ T9343]  ffff88808a7f0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.304531][ T9343]  ffff88808a7f0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.312621][ T9343] ==================================================================
[   79.320675][ T9343] Disabling lock debugging due to kernel taint
[   79.326877][ T9343] Kernel panic - not syncing: panic_on_warn set ...
[   79.333464][ T9343] CPU: 1 PID: 9343 Comm: syz-executor005 Tainted: G    B             5.5.0-rc2-next-20191220-syzkaller #0
[   79.344729][ T9343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   79.354769][ T9343] Call Trace:
[   79.358046][ T9343]  dump_stack+0x197/0x210
[   79.362359][ T9343]  panic+0x2e3/0x75c
[   79.366680][ T9343]  ? add_taint.cold+0x16/0x16
[   79.371332][ T9343]  ? retint_kernel+0x2b/0x2b
[   79.375900][ T9343]  ? trace_hardirqs_on+0x5e/0x240
[   79.380902][ T9343]  ? eth_type_trans+0x6ce/0x760
[   79.385730][ T9343]  end_report+0x47/0x4f
[   79.389859][ T9343]  ? eth_type_trans+0x6ce/0x760
[   79.394772][ T9343]  __kasan_report.cold+0xe/0x41
[   79.399600][ T9343]  ? eth_type_trans+0x6ce/0x760
[   79.404434][ T9343]  kasan_report+0x12/0x20
[   79.408742][ T9343]  __asan_report_load8_noabort+0x14/0x20
[   79.414357][ T9343]  eth_type_trans+0x6ce/0x760
[   79.419195][ T9343]  ? eth_gro_receive+0x890/0x890
[   79.424110][ T9343]  napi_gro_frags+0x8c2/0xd00
[   79.428765][ T9343]  tun_get_user+0x2e7f/0x3fc0
[   79.433422][ T9343]  ? __this_cpu_preempt_check+0x8a/0x190
[   79.439044][ T9343]  ? tun_build_skb.isra.0+0x1480/0x1480
[   79.444583][ T9343]  ? __this_cpu_preempt_check+0x8a/0x190
[   79.450213][ T9343]  ? __kasan_check_read+0x11/0x20
[   79.455220][ T9343]  tun_chr_write_iter+0xbd/0x156
[   79.460145][ T9343]  do_iter_readv_writev+0x5f8/0x8f0
[   79.465324][ T9343]  ? no_seek_end_llseek_size+0x70/0x70
[   79.470762][ T9343]  ? retint_kernel+0x2b/0x2b
[   79.475331][ T9343]  ? do_iter_write+0x10d/0x610
[   79.480074][ T9343]  do_iter_write+0x184/0x610
[   79.484642][ T9343]  vfs_writev+0x1b3/0x2f0
[   79.488950][ T9343]  ? vfs_iter_write+0xb0/0xb0
[   79.493605][ T9343]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   79.499040][ T9343]  ? lockdep_hardirqs_on+0x421/0x5e0
[   79.504300][ T9343]  ? retint_kernel+0x2b/0x2b
[   79.508869][ T9343]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   79.514305][ T9343]  ? __this_cpu_preempt_check+0x8a/0x190
[   79.519944][ T9343]  ? __this_cpu_preempt_check+0x35/0x190
[   79.525555][ T9343]  ? retint_kernel+0x2b/0x2b
[   79.530122][ T9343]  ? do_writev+0xe7/0x330
[   79.534423][ T9343]  ? do_writev+0x113/0x330
[   79.538816][ T9343]  do_writev+0x15b/0x330
[   79.543045][ T9343]  ? vfs_writev+0x2f0/0x2f0
[   79.547535][ T9343]  ? do_syscall_64+0x26/0x790
[   79.552183][ T9343]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   79.558225][ T9343]  ? do_syscall_64+0x26/0x790
[   79.562876][ T9343]  __x64_sys_writev+0x75/0xb0
[   79.567550][ T9343]  do_syscall_64+0xfa/0x790
[   79.572032][ T9343]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   79.577898][ T9343] RIP: 0033:0x441800
[   79.581770][ T9343] Code: 05 48 3d 01 f0 ff ff 0f 83 fd 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 51 9c 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 d4 0e fc ff c3 48 83 ec 08 e8 9a 2b 00 00
[   79.601360][ T9343] RSP: 002b:00007ffd0deb1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   79.609754][ T9343] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441800
[   79.617703][ T9343] RDX: 0000000000000001 RSI: 00007ffd0deb10a0 RDI: 00000000000000f0
[   79.625651][ T9343] RBP: 00007ffd0deb1070 R08: 0000000000000000 R09: 0000000000000020
[   79.633595][ T9343] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000003
[   79.641539][ T9343] R13: 0000000000000004 R14: 00007ffd0deb10f0 R15: 0000000000000000
[   79.650873][ T9343] Kernel Offset: disabled
[   79.655205][ T9343] Rebooting in 86400 seconds..