[   43.141601] audit: type=1800 audit(1576757516.411:32): pid=7611 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   44.124331] audit: type=1800 audit(1576757517.471:33): pid=7611 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.147' (ECDSA) to the list of known hosts.
syzkaller login: [   52.470873] kauditd_printk_skb: 2 callbacks suppressed
[   52.470890] audit: type=1400 audit(1576757525.821:36): avc:  denied  { map } for  pid=7795 comm="syz-executor446" path="/root/syz-executor446228314" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   52.484947] IPVS: ftp: loaded support on port[0] = 21
[   52.529551] audit: type=1400 audit(1576757525.881:37): avc:  denied  { create } for  pid=7796 comm="syz-executor446" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   52.554153] audit: type=1400 audit(1576757525.881:38): avc:  denied  { write } for  pid=7796 comm="syz-executor446" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
executing program
[   52.578443] audit: type=1400 audit(1576757525.881:39): avc:  denied  { read } for  pid=7796 comm="syz-executor446" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   52.772547] ==================================================================
[   52.780230] BUG: KASAN: use-after-free in eth_type_trans+0x6dd/0x770
[   52.786709] Read of size 8 at addr ffff8880877f0040 by task syz-executor446/7796
[   52.794223] 
[   52.795838] CPU: 1 PID: 7796 Comm: syz-executor446 Not tainted 4.19.90-syzkaller #0
[   52.803621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.812967] Call Trace:
[   52.815555]  dump_stack+0x197/0x210
[   52.819179]  ? eth_type_trans+0x6dd/0x770
[   52.823455]  print_address_description.cold+0x7c/0x20d
[   52.828751]  ? eth_type_trans+0x6dd/0x770
[   52.832891]  kasan_report.cold+0x8c/0x2ba
[   52.837050]  __asan_report_load8_noabort+0x14/0x20
[   52.841973]  eth_type_trans+0x6dd/0x770
[   52.845959]  ? eth_gro_receive+0x8a0/0x8a0
[   52.850197]  ? napi_gro_frags+0x36c/0xa20
[   52.854343]  napi_gro_frags+0x6ad/0xa20
[   52.858320]  tun_get_user+0x2f08/0x4c30
[   52.862292]  ? mark_held_locks+0x100/0x100
[   52.866535]  ? tun_build_skb.isra.0+0x1a40/0x1a40
[   52.871388]  ? tun_get+0x171/0x290
[   52.874933]  ? lock_downgrade+0x880/0x880
[   52.879069]  ? kasan_check_read+0x11/0x20
[   52.883213]  tun_chr_write_iter+0xbd/0x156
[   52.887451]  do_iter_readv_writev+0x558/0x830
[   52.891935]  ? vfs_dedupe_file_range+0x6f0/0x6f0
[   52.896684]  ? security_file_permission+0x89/0x230
[   52.901611]  ? rw_verify_area+0x118/0x360
[   52.905756]  do_iter_write+0x184/0x5f0
[   52.909637]  vfs_writev+0x1b3/0x2f0
[   52.913251]  ? vfs_iter_write+0xb0/0xb0
[   52.917237]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.922777]  ? __fd_install+0x200/0x640
[   52.926738]  ? fd_install+0x4d/0x60
[   52.930360]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.935882]  ? __fget_light+0x1a9/0x230
[   52.939844]  do_writev+0x15e/0x370
[   52.943383]  ? vfs_writev+0x2f0/0x2f0
[   52.947203]  ? do_syscall_64+0x26/0x620
[   52.951168]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.956518]  ? do_syscall_64+0x26/0x620
[   52.960480]  __x64_sys_writev+0x75/0xb0
[   52.964458]  do_syscall_64+0xfd/0x620
[   52.968260]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.973530] RIP: 0033:0x441800
[   52.976719] Code: 05 48 3d 01 f0 ff ff 0f 83 fd 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 51 9c 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 d4 0e fc ff c3 48 83 ec 08 e8 9a 2b 00 00
[   52.995612] RSP: 002b:00007ffe87059608 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   53.003313] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441800
[   53.010571] RDX: 0000000000000001 RSI: 00007ffe87059660 RDI: 00000000000000f0
[   53.017826] RBP: 00007ffe87059630 R08: 0000000000000000 R09: 0000000000000020
[   53.025080] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000003
[   53.032335] R13: 0000000000000004 R14: 00007ffe870596b0 R15: 0000000000000000
[   53.039769] 
[   53.041379] The buggy address belongs to the page:
[   53.046297] page:ffffea00021dfc00 count:0 mapcount:0 mapping:0000000000000000 index:0x1
[   53.054419] flags: 0xfffe0000000000()
[   53.058206] raw: 00fffe0000000000 dead000000000100 dead000000000200 0000000000000000
[   53.066089] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   53.073953] page dumped because: kasan: bad access detected
[   53.079655] 
[   53.081262] Memory state around the buggy address:
[   53.086177]  ffff8880877eff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.093538]  ffff8880877eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.108388] >ffff8880877f0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.115746]                                            ^
[   53.121195]  ffff8880877f0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.128551]  ffff8880877f0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.135911] ==================================================================
[   53.143255] Disabling lock debugging due to kernel taint
[   53.148744] Kernel panic - not syncing: panic_on_warn set ...
[   53.148744] 
[   53.156142] CPU: 1 PID: 7796 Comm: syz-executor446 Tainted: G    B             4.19.90-syzkaller #0
[   53.165320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.174656] Call Trace:
[   53.177243]  dump_stack+0x197/0x210
[   53.180870]  ? eth_type_trans+0x6dd/0x770
[   53.185017]  panic+0x26a/0x50e
[   53.188205]  ? __warn_printk+0xf3/0xf3
[   53.192080]  ? retint_kernel+0x2d/0x2d
[   53.195972]  ? trace_hardirqs_on+0x5e/0x220
[   53.200305]  ? eth_type_trans+0x6dd/0x770
[   53.204446]  kasan_end_report+0x47/0x4f
[   53.208418]  kasan_report.cold+0xa9/0x2ba
[   53.212560]  __asan_report_load8_noabort+0x14/0x20
[   53.217487]  eth_type_trans+0x6dd/0x770
[   53.221443]  ? eth_gro_receive+0x8a0/0x8a0
[   53.225663]  ? napi_gro_frags+0x36c/0xa20
[   53.229814]  napi_gro_frags+0x6ad/0xa20
[   53.233789]  tun_get_user+0x2f08/0x4c30
[   53.237772]  ? mark_held_locks+0x100/0x100
[   53.242009]  ? tun_build_skb.isra.0+0x1a40/0x1a40
[   53.246840]  ? tun_get+0x171/0x290
[   53.250410]  ? lock_downgrade+0x880/0x880
[   53.254575]  ? kasan_check_read+0x11/0x20
[   53.258729]  tun_chr_write_iter+0xbd/0x156
[   53.263014]  do_iter_readv_writev+0x558/0x830
[   53.267503]  ? vfs_dedupe_file_range+0x6f0/0x6f0
[   53.272341]  ? security_file_permission+0x89/0x230
[   53.277263]  ? rw_verify_area+0x118/0x360
[   53.281409]  do_iter_write+0x184/0x5f0
[   53.285284]  vfs_writev+0x1b3/0x2f0
[   53.288916]  ? vfs_iter_write+0xb0/0xb0
[   53.292880]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.298414]  ? __fd_install+0x200/0x640
[   53.302374]  ? fd_install+0x4d/0x60
[   53.306122]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.311701]  ? __fget_light+0x1a9/0x230
[   53.315690]  do_writev+0x15e/0x370
[   53.319220]  ? vfs_writev+0x2f0/0x2f0
[   53.323010]  ? do_syscall_64+0x26/0x620
[   53.326971]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.332324]  ? do_syscall_64+0x26/0x620
[   53.336316]  __x64_sys_writev+0x75/0xb0
[   53.340277]  do_syscall_64+0xfd/0x620
[   53.344077]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.349269] RIP: 0033:0x441800
[   53.352448] Code: 05 48 3d 01 f0 ff ff 0f 83 fd 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 51 9c 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 d4 0e fc ff c3 48 83 ec 08 e8 9a 2b 00 00
[   53.371341] RSP: 002b:00007ffe87059608 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   53.379128] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441800
[   53.387104] RDX: 0000000000000001 RSI: 00007ffe87059660 RDI: 00000000000000f0
[   53.394475] RBP: 00007ffe87059630 R08: 0000000000000000 R09: 0000000000000020
[   53.401786] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000003
[   53.409044] R13: 0000000000000004 R14: 00007ffe870596b0 R15: 0000000000000000
[   53.417917] Kernel Offset: disabled
[   53.421554] Rebooting in 86400 seconds..