[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   58.535421][   T27] audit: type=1800 audit(1559144758.879:25): pid=8652 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   58.576902][   T27] audit: type=1800 audit(1559144758.879:26): pid=8652 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   58.617425][   T27] audit: type=1800 audit(1559144758.879:27): pid=8652 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   69.788183][ T8805] IPVS: ftp: loaded support on port[0] = 21
executing program
[   69.850513][ T8815] ==================================================================
[   69.858685][ T8815] BUG: KASAN: use-after-free in napi_gro_frags+0xc6f/0xd10
[   69.865862][ T8815] Read of size 2 at addr ffff8880a837040c by task syz-executor000/8815
[   69.874067][ T8815] 
[   69.876385][ T8815] CPU: 1 PID: 8815 Comm: syz-executor000 Not tainted 5.2.0-rc1+ #5
[   69.884252][ T8815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.894284][ T8815] Call Trace:
[   69.897563][ T8815]  dump_stack+0x172/0x1f0
[   69.901884][ T8815]  ? napi_gro_frags+0xc6f/0xd10
[   69.906735][ T8815]  print_address_description.cold+0x7c/0x20d
[   69.912710][ T8815]  ? napi_gro_frags+0xc6f/0xd10
[   69.917543][ T8815]  ? napi_gro_frags+0xc6f/0xd10
[   69.922386][ T8815]  __kasan_report.cold+0x1b/0x40
[   69.927329][ T8815]  ? __kasan_slab_free+0x140/0x150
[   69.932426][ T8815]  ? napi_gro_frags+0xc6f/0xd10
[   69.937298][ T8815]  kasan_report+0x12/0x20
[   69.941611][ T8815]  __asan_report_load_n_noabort+0xf/0x20
[   69.947228][ T8815]  napi_gro_frags+0xc6f/0xd10
[   69.951891][ T8815]  tun_get_user+0x2f3c/0x3ff0
[   69.956575][ T8815]  ? tun_device_event+0xee0/0xee0
[   69.961592][ T8815]  ? tun_get+0x171/0x290
[   69.965819][ T8815]  ? lock_downgrade+0x880/0x880
[   69.970652][ T8815]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   69.976876][ T8815]  ? kasan_check_read+0x11/0x20
[   69.981709][ T8815]  tun_chr_write_iter+0xbd/0x156
[   69.986641][ T8815]  do_iter_readv_writev+0x5f8/0x8f0
[   69.991829][ T8815]  ? no_seek_end_llseek_size+0x70/0x70
[   69.997274][ T8815]  ? apparmor_file_permission+0x25/0x30
[   70.002820][ T8815]  ? rw_verify_area+0x126/0x360
[   70.007658][ T8815]  do_iter_write+0x184/0x610
[   70.012254][ T8815]  ? dup_iter+0x260/0x260
[   70.016577][ T8815]  vfs_writev+0x1b3/0x2f0
[   70.020890][ T8815]  ? vfs_iter_write+0xb0/0xb0
[   70.025552][ T8815]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.031802][ T8815]  ? __handle_mm_fault+0x7cb/0x3eb0
[   70.036994][ T8815]  ? __do_page_fault+0x623/0xda0
[   70.041914][ T8815]  ? __do_page_fault+0x623/0xda0
[   70.046841][ T8815]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.053239][ T8815]  ? __fget_light+0x1a9/0x230
[   70.057897][ T8815]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.064120][ T8815]  do_writev+0x15b/0x330
[   70.068346][ T8815]  ? vfs_writev+0x2f0/0x2f0
[   70.072839][ T8815]  ? do_syscall_64+0x26/0x680
[   70.077507][ T8815]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.083554][ T8815]  ? do_syscall_64+0x26/0x680
[   70.088231][ T8815]  __x64_sys_writev+0x75/0xb0
[   70.092903][ T8815]  do_syscall_64+0xfd/0x680
[   70.097402][ T8815]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.103276][ T8815] RIP: 0033:0x441cd0
[   70.107154][ T8815] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 41 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00
[   70.127164][ T8815] RSP: 002b:00007ffdbb43f738 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   70.135692][ T8815] RAX: ffffffffffffffda RBX: 00007ffdbb43f760 RCX: 0000000000441cd0
[   70.143665][ T8815] RDX: 0000000000000003 RSI: 00007ffdbb43f780 RDI: 00000000000000f0
[   70.151792][ T8815] RBP: 00007ffdbb43f780 R08: 00007ffdbb43f7b0 R09: 0000000000000003
[   70.159765][ T8815] R10: 0000000000000d77 R11: 0000000000000246 R12: 00000000000110c6
[   70.167718][ T8815] R13: 0000000000402b60 R14: 0000000000000000 R15: 0000000000000000
[   70.175675][ T8815] 
[   70.177982][ T8815] The buggy address belongs to the page:
[   70.183592][ T8815] page:ffffea0002a0dc00 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0
[   70.193120][ T8815] flags: 0x1fffc0000000000()
[   70.197847][ T8815] raw: 01fffc0000000000 ffffea0002183c08 ffff88812fffc878 0000000000000000
[   70.206411][ T8815] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000
[   70.215320][ T8815] page dumped because: kasan: bad access detected
[   70.221709][ T8815] 
[   70.224032][ T8815] Memory state around the buggy address:
[   70.229775][ T8815]  ffff8880a8370300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.238292][ T8815]  ffff8880a8370380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.246714][ T8815] >ffff8880a8370400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.255058][ T8815]                       ^
[   70.259531][ T8815]  ffff8880a8370480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.273713][ T8815]  ffff8880a8370500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.281860][ T8815] ==================================================================
[   70.290025][ T8815] Disabling lock debugging due to kernel taint
[   70.296245][ T8815] Kernel panic - not syncing: panic_on_warn set ...
[   70.302841][ T8815] CPU: 1 PID: 8815 Comm: syz-executor000 Tainted: G    B             5.2.0-rc1+ #5
[   70.312104][ T8815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.322142][ T8815] Call Trace:
[   70.325422][ T8815]  dump_stack+0x172/0x1f0
[   70.329738][ T8815]  panic+0x2cb/0x744
[   70.333623][ T8815]  ? __warn_printk+0xf3/0xf3
[   70.338200][ T8815]  ? trace_hardirqs_on+0x5e/0x220
[   70.343203][ T8815]  ? trace_hardirqs_on+0x5e/0x220
[   70.348209][ T8815]  ? napi_gro_frags+0xc6f/0xd10
[   70.353160][ T8815]  end_report+0x47/0x4f
[   70.357294][ T8815]  ? napi_gro_frags+0xc6f/0xd10
[   70.362123][ T8815]  __kasan_report.cold+0xe/0x40
[   70.366963][ T8815]  ? __kasan_slab_free+0x140/0x150
[   70.372058][ T8815]  ? napi_gro_frags+0xc6f/0xd10
[   70.376891][ T8815]  kasan_report+0x12/0x20
[   70.381294][ T8815]  __asan_report_load_n_noabort+0xf/0x20
[   70.386910][ T8815]  napi_gro_frags+0xc6f/0xd10
[   70.391574][ T8815]  tun_get_user+0x2f3c/0x3ff0
[   70.396248][ T8815]  ? tun_device_event+0xee0/0xee0
[   70.401251][ T8815]  ? tun_get+0x171/0x290
[   70.405476][ T8815]  ? lock_downgrade+0x880/0x880
[   70.410307][ T8815]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.416538][ T8815]  ? kasan_check_read+0x11/0x20
[   70.421510][ T8815]  tun_chr_write_iter+0xbd/0x156
[   70.426436][ T8815]  do_iter_readv_writev+0x5f8/0x8f0
[   70.431615][ T8815]  ? no_seek_end_llseek_size+0x70/0x70
[   70.437054][ T8815]  ? apparmor_file_permission+0x25/0x30
[   70.442580][ T8815]  ? rw_verify_area+0x126/0x360
[   70.447431][ T8815]  do_iter_write+0x184/0x610
[   70.452012][ T8815]  ? dup_iter+0x260/0x260
[   70.456326][ T8815]  vfs_writev+0x1b3/0x2f0
[   70.460639][ T8815]  ? vfs_iter_write+0xb0/0xb0
[   70.465310][ T8815]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.471532][ T8815]  ? __handle_mm_fault+0x7cb/0x3eb0
[   70.476738][ T8815]  ? __do_page_fault+0x623/0xda0
[   70.481659][ T8815]  ? __do_page_fault+0x623/0xda0
[   70.486583][ T8815]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.492802][ T8815]  ? __fget_light+0x1a9/0x230
[   70.497460][ T8815]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.503684][ T8815]  do_writev+0x15b/0x330
[   70.507909][ T8815]  ? vfs_writev+0x2f0/0x2f0
[   70.512402][ T8815]  ? do_syscall_64+0x26/0x680
[   70.517154][ T8815]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.523205][ T8815]  ? do_syscall_64+0x26/0x680
[   70.527867][ T8815]  __x64_sys_writev+0x75/0xb0
[   70.532524][ T8815]  do_syscall_64+0xfd/0x680
[   70.537010][ T8815]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.542886][ T8815] RIP: 0033:0x441cd0
[   70.546798][ T8815] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 41 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00
[   70.566524][ T8815] RSP: 002b:00007ffdbb43f738 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   70.574951][ T8815] RAX: ffffffffffffffda RBX: 00007ffdbb43f760 RCX: 0000000000441cd0
[   70.582916][ T8815] RDX: 0000000000000003 RSI: 00007ffdbb43f780 RDI: 00000000000000f0
[   70.590865][ T8815] RBP: 00007ffdbb43f780 R08: 00007ffdbb43f7b0 R09: 0000000000000003
[   70.598816][ T8815] R10: 0000000000000d77 R11: 0000000000000246 R12: 00000000000110c6
[   70.606764][ T8815] R13: 0000000000402b60 R14: 0000000000000000 R15: 0000000000000000
[   70.615978][ T8815] Kernel Offset: disabled
[   70.620302][ T8815] Rebooting in 86400 seconds..