periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   74.729334][   T26] audit: type=1800 audit(1559148344.221:33): pid=9429 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   74.767309][   T26] audit: type=1800 audit(1559148344.231:34): pid=9429 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
[   75.588942][   T26] audit: type=1400 audit(1559148345.081:35): avc:  denied  { map } for  pid=9608 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
syzkaller login: [   82.133065][   T26] audit: type=1400 audit(1559148351.631:36): avc:  denied  { map } for  pid=9620 comm="syz-executor755" path="/root/syz-executor755749532" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   82.167701][ T9621] IPVS: ftp: loaded support on port[0] = 21
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   82.233679][ T9631] ==================================================================
[   82.241869][ T9631] BUG: KASAN: use-after-free in napi_gro_frags+0xc6f/0xd10
[   82.249102][ T9631] Read of size 2 at addr ffff88809787040c by task syz-executor755/9631
[   82.257360][ T9631] 
[   82.259680][ T9631] CPU: 1 PID: 9631 Comm: syz-executor755 Not tainted 5.2.0-rc2+ #5
[   82.267552][ T9631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.277613][ T9631] Call Trace:
[   82.280902][ T9631]  dump_stack+0x172/0x1f0
[   82.285229][ T9631]  ? napi_gro_frags+0xc6f/0xd10
[   82.290067][ T9631]  print_address_description.cold+0x7c/0x20d
[   82.296052][ T9631]  ? napi_gro_frags+0xc6f/0xd10
[   82.300911][ T9631]  ? napi_gro_frags+0xc6f/0xd10
[   82.305771][ T9631]  __kasan_report.cold+0x1b/0x40
[   82.310791][ T9631]  ? __kasan_slab_free+0x140/0x150
[   82.315902][ T9631]  ? napi_gro_frags+0xc6f/0xd10
[   82.321647][ T9631]  kasan_report+0x12/0x20
[   82.325969][ T9631]  __asan_report_load_n_noabort+0xf/0x20
[   82.331611][ T9631]  napi_gro_frags+0xc6f/0xd10
[   82.336311][ T9631]  tun_get_user+0x2f3c/0x3ff0
[   82.341017][ T9631]  ? tun_device_event+0xee0/0xee0
[   82.346035][ T9631]  ? tun_get+0x171/0x290
[   82.350288][ T9631]  ? lock_downgrade+0x880/0x880
[   82.355160][ T9631]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.361387][ T9631]  ? kasan_check_read+0x11/0x20
[   82.366230][ T9631]  tun_chr_write_iter+0xbd/0x156
[   82.371177][ T9631]  do_iter_readv_writev+0x5f8/0x8f0
[   82.376395][ T9631]  ? no_seek_end_llseek_size+0x70/0x70
[   82.381842][ T9631]  ? rw_verify_area+0x126/0x360
[   82.386676][ T9631]  do_iter_write+0x184/0x610
[   82.391367][ T9631]  ? dup_iter+0x260/0x260
[   82.395688][ T9631]  vfs_writev+0x1b3/0x2f0
[   82.400002][ T9631]  ? vfs_iter_write+0xb0/0xb0
[   82.404667][ T9631]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.410901][ T9631]  ? __handle_mm_fault+0x7cb/0x3eb0
[   82.416142][ T9631]  ? __do_page_fault+0x623/0xda0
[   82.421086][ T9631]  ? __do_page_fault+0x623/0xda0
[   82.426038][ T9631]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.432335][ T9631]  ? __fget_light+0x1a9/0x230
[   82.437030][ T9631]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.443266][ T9631]  do_writev+0x15b/0x330
[   82.447538][ T9631]  ? vfs_writev+0x2f0/0x2f0
[   82.452031][ T9631]  ? do_syscall_64+0x26/0x680
[   82.456695][ T9631]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.462839][ T9631]  ? do_syscall_64+0x26/0x680
[   82.467526][ T9631]  __x64_sys_writev+0x75/0xb0
[   82.472368][ T9631]  do_syscall_64+0xfd/0x680
[   82.476947][ T9631]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.482845][ T9631] RIP: 0033:0x441cd0
[   82.486723][ T9631] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 41 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00
[   82.506407][ T9631] RSP: 002b:00007ffec0633f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   82.514830][ T9631] RAX: ffffffffffffffda RBX: 00007ffec0633fb0 RCX: 0000000000441cd0
[   82.522809][ T9631] RDX: 0000000000000003 RSI: 00007ffec0633fd0 RDI: 00000000000000f0
[   82.530865][ T9631] RBP: 00007ffec0633fd0 R08: 00007ffec0634000 R09: 0000000000000003
[   82.538839][ T9631] R10: 0000000000000d77 R11: 0000000000000246 R12: 000000000001411f
[   82.546809][ T9631] R13: 0000000000402b60 R14: 0000000000000000 R15: 0000000000000000
[   82.555096][ T9631] 
[   82.557410][ T9631] The buggy address belongs to the page:
[   82.563058][ T9631] page:ffffea00025e1c00 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0
[   82.572451][ T9631] flags: 0x1fffc0000000000()
[   82.577132][ T9631] raw: 01fffc0000000000 ffffea0002410408 ffff88812fffc878 0000000000000000
[   82.585732][ T9631] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000
[   82.594303][ T9631] page dumped because: kasan: bad access detected
[   82.600720][ T9631] 
[   82.603040][ T9631] Memory state around the buggy address:
[   82.608653][ T9631]  ffff888097870300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   82.616718][ T9631]  ffff888097870380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   82.624790][ T9631] >ffff888097870400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   82.632844][ T9631]                       ^
[   82.637293][ T9631]  ffff888097870480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   82.645373][ T9631]  ffff888097870500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   82.653417][ T9631] ==================================================================
[   82.661557][ T9631] Disabling lock debugging due to kernel taint
[   82.667738][ T9631] Kernel panic - not syncing: panic_on_warn set ...
[   82.674414][ T9631] CPU: 1 PID: 9631 Comm: syz-executor755 Tainted: G    B             5.2.0-rc2+ #5
[   82.683683][ T9631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.693745][ T9631] Call Trace:
[   82.697025][ T9631]  dump_stack+0x172/0x1f0
[   82.701340][ T9631]  panic+0x2cb/0x744
[   82.705222][ T9631]  ? __warn_printk+0xf3/0xf3
[   82.709797][ T9631]  ? trace_hardirqs_on+0x5e/0x220
[   82.714804][ T9631]  ? trace_hardirqs_on+0x5e/0x220
[   82.719821][ T9631]  ? napi_gro_frags+0xc6f/0xd10
[   82.724658][ T9631]  end_report+0x47/0x4f
[   82.728942][ T9631]  ? napi_gro_frags+0xc6f/0xd10
[   82.733777][ T9631]  __kasan_report.cold+0xe/0x40
[   82.738624][ T9631]  ? __kasan_slab_free+0x140/0x150
[   82.743730][ T9631]  ? napi_gro_frags+0xc6f/0xd10
[   82.748581][ T9631]  kasan_report+0x12/0x20
[   82.752909][ T9631]  __asan_report_load_n_noabort+0xf/0x20
[   82.758541][ T9631]  napi_gro_frags+0xc6f/0xd10
[   82.763214][ T9631]  tun_get_user+0x2f3c/0x3ff0
[   82.767879][ T9631]  ? tun_device_event+0xee0/0xee0
[   82.772884][ T9631]  ? tun_get+0x171/0x290
[   82.777112][ T9631]  ? lock_downgrade+0x880/0x880
[   82.781942][ T9631]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.788168][ T9631]  ? kasan_check_read+0x11/0x20
[   82.793020][ T9631]  tun_chr_write_iter+0xbd/0x156
[   82.797941][ T9631]  do_iter_readv_writev+0x5f8/0x8f0
[   82.803228][ T9631]  ? no_seek_end_llseek_size+0x70/0x70
[   82.808848][ T9631]  ? rw_verify_area+0x126/0x360
[   82.813686][ T9631]  do_iter_write+0x184/0x610
[   82.818287][ T9631]  ? dup_iter+0x260/0x260
[   82.822631][ T9631]  vfs_writev+0x1b3/0x2f0
[   82.826944][ T9631]  ? vfs_iter_write+0xb0/0xb0
[   82.831612][ T9631]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.837838][ T9631]  ? __handle_mm_fault+0x7cb/0x3eb0
[   82.843023][ T9631]  ? __do_page_fault+0x623/0xda0
[   82.848496][ T9631]  ? __do_page_fault+0x623/0xda0
[   82.853461][ T9631]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.859708][ T9631]  ? __fget_light+0x1a9/0x230
[   82.868042][ T9631]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.874273][ T9631]  do_writev+0x15b/0x330
[   82.878525][ T9631]  ? vfs_writev+0x2f0/0x2f0
[   82.883035][ T9631]  ? do_syscall_64+0x26/0x680
[   82.887718][ T9631]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.893770][ T9631]  ? do_syscall_64+0x26/0x680
[   82.898446][ T9631]  __x64_sys_writev+0x75/0xb0
[   82.903117][ T9631]  do_syscall_64+0xfd/0x680
[   82.907642][ T9631]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.913540][ T9631] RIP: 0033:0x441cd0
[   82.917444][ T9631] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 41 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00
[   82.937118][ T9631] RSP: 002b:00007ffec0633f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   82.945523][ T9631] RAX: ffffffffffffffda RBX: 00007ffec0633fb0 RCX: 0000000000441cd0
[   82.953574][ T9631] RDX: 0000000000000003 RSI: 00007ffec0633fd0 RDI: 00000000000000f0
[   82.961535][ T9631] RBP: 00007ffec0633fd0 R08: 00007ffec0634000 R09: 0000000000000003
[   82.969507][ T9631] R10: 0000000000000d77 R11: 0000000000000246 R12: 000000000001411f
[   82.977469][ T9631] R13: 0000000000402b60 R14: 0000000000000000 R15: 0000000000000000
[   82.986571][ T9631] Kernel Offset: disabled
[   82.990908][ T9631] Rebooting in 86400 seconds..