[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   70.874775][   T26] audit: type=1800 audit(1559156799.414:25): pid=8936 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   70.915807][   T26] audit: type=1800 audit(1559156799.414:26): pid=8936 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   70.968120][   T26] audit: type=1800 audit(1559156799.414:27): pid=8936 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.142' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   82.103750][ T9093] IPVS: ftp: loaded support on port[0] = 21
executing program
executing program
executing program
executing program
[   82.173631][ T9103] ==================================================================
[   82.181897][ T9103] BUG: KASAN: use-after-free in napi_gro_frags+0xc6f/0xd10
[   82.189096][ T9103] Read of size 2 at addr ffff8880840b040c by task syz-executor383/9103
[   82.197306][ T9103] 
[   82.199623][ T9103] CPU: 1 PID: 9103 Comm: syz-executor383 Not tainted 5.2.0-rc1+ #5
[   82.207502][ T9103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.217539][ T9103] Call Trace:
[   82.220855][ T9103]  dump_stack+0x172/0x1f0
[   82.225209][ T9103]  ? napi_gro_frags+0xc6f/0xd10
[   82.230278][ T9103]  print_address_description.cold+0x7c/0x20d
[   82.236249][ T9103]  ? napi_gro_frags+0xc6f/0xd10
[   82.241085][ T9103]  ? napi_gro_frags+0xc6f/0xd10
[   82.245920][ T9103]  __kasan_report.cold+0x1b/0x40
[   82.250846][ T9103]  ? __kasan_slab_free+0x140/0x150
[   82.255940][ T9103]  ? napi_gro_frags+0xc6f/0xd10
[   82.260811][ T9103]  kasan_report+0x12/0x20
[   82.265148][ T9103]  __asan_report_load_n_noabort+0xf/0x20
[   82.270777][ T9103]  napi_gro_frags+0xc6f/0xd10
[   82.275474][ T9103]  tun_get_user+0x2f3c/0x3ff0
[   82.280148][ T9103]  ? tun_device_event+0xee0/0xee0
[   82.285162][ T9103]  ? tun_get+0x171/0x290
[   82.289425][ T9103]  ? lock_downgrade+0x880/0x880
[   82.294275][ T9103]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.300520][ T9103]  ? kasan_check_read+0x11/0x20
[   82.305358][ T9103]  tun_chr_write_iter+0xbd/0x156
[   82.310289][ T9103]  do_iter_readv_writev+0x5f8/0x8f0
[   82.315479][ T9103]  ? no_seek_end_llseek_size+0x70/0x70
[   82.320945][ T9103]  ? apparmor_file_permission+0x25/0x30
[   82.326485][ T9103]  ? rw_verify_area+0x126/0x360
[   82.331321][ T9103]  do_iter_write+0x184/0x610
[   82.335909][ T9103]  ? dup_iter+0x260/0x260
[   82.340229][ T9103]  vfs_writev+0x1b3/0x2f0
[   82.344542][ T9103]  ? vfs_iter_write+0xb0/0xb0
[   82.349234][ T9103]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.355459][ T9103]  ? __handle_mm_fault+0x7cb/0x3eb0
[   82.360678][ T9103]  ? __do_page_fault+0x623/0xda0
[   82.365630][ T9103]  ? __do_page_fault+0x623/0xda0
[   82.370554][ T9103]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.376993][ T9103]  ? __fget_light+0x1a9/0x230
[   82.381663][ T9103]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.387887][ T9103]  do_writev+0x15b/0x330
[   82.392115][ T9103]  ? vfs_writev+0x2f0/0x2f0
[   82.396633][ T9103]  ? do_syscall_64+0x26/0x680
[   82.401325][ T9103]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.407387][ T9103]  ? do_syscall_64+0x26/0x680
[   82.412056][ T9103]  __x64_sys_writev+0x75/0xb0
[   82.416732][ T9103]  do_syscall_64+0xfd/0x680
[   82.421310][ T9103]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.427190][ T9103] RIP: 0033:0x441cd0
[   82.431070][ T9103] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 41 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00
[   82.450659][ T9103] RSP: 002b:00007fffdcf2b508 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   82.459055][ T9103] RAX: ffffffffffffffda RBX: 00007fffdcf2b530 RCX: 0000000000441cd0
[   82.467014][ T9103] RDX: 0000000000000003 RSI: 00007fffdcf2b550 RDI: 00000000000000f0
[   82.474975][ T9103] RBP: 00007fffdcf2b550 R08: 00007fffdcf2b580 R09: 0000000000000003
[   82.482947][ T9103] R10: 0000000000000d77 R11: 0000000000000246 R12: 00000000000140e2
[   82.491170][ T9103] R13: 0000000000402b60 R14: 0000000000000000 R15: 0000000000000000
[   82.499132][ T9103] 
[   82.501440][ T9103] The buggy address belongs to the page:
[   82.507061][ T9103] page:ffffea0002102c00 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0
[   82.516409][ T9103] flags: 0x1fffc0000000000()
[   82.521000][ T9103] raw: 01fffc0000000000 ffffea000294a808 ffff88812fffc878 0000000000000000
[   82.529579][ T9103] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000
[   82.538139][ T9103] page dumped because: kasan: bad access detected
[   82.544549][ T9103] 
[   82.546862][ T9103] Memory state around the buggy address:
[   82.552473][ T9103]  ffff8880840b0300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   82.560515][ T9103]  ffff8880840b0380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   82.568556][ T9103] >ffff8880840b0400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   82.576595][ T9103]                       ^
[   82.580906][ T9103]  ffff8880840b0480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   82.588949][ T9103]  ffff8880840b0500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   82.596997][ T9103] ==================================================================
[   82.605037][ T9103] Disabling lock debugging due to kernel taint
[   82.611242][ T9103] Kernel panic - not syncing: panic_on_warn set ...
[   82.618026][ T9103] CPU: 1 PID: 9103 Comm: syz-executor383 Tainted: G    B             5.2.0-rc1+ #5
[   82.627286][ T9103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.637634][ T9103] Call Trace:
[   82.640924][ T9103]  dump_stack+0x172/0x1f0
[   82.645264][ T9103]  panic+0x2cb/0x744
[   82.649343][ T9103]  ? __warn_printk+0xf3/0xf3
[   82.653951][ T9103]  ? trace_hardirqs_on+0x5e/0x220
[   82.658994][ T9103]  ? trace_hardirqs_on+0x5e/0x220
[   82.664370][ T9103]  ? napi_gro_frags+0xc6f/0xd10
[   82.669205][ T9103]  end_report+0x47/0x4f
[   82.673380][ T9103]  ? napi_gro_frags+0xc6f/0xd10
[   82.678218][ T9103]  __kasan_report.cold+0xe/0x40
[   82.683056][ T9103]  ? __kasan_slab_free+0x140/0x150
[   82.688169][ T9103]  ? napi_gro_frags+0xc6f/0xd10
[   82.693017][ T9103]  kasan_report+0x12/0x20
[   82.697345][ T9103]  __asan_report_load_n_noabort+0xf/0x20
[   82.702957][ T9103]  napi_gro_frags+0xc6f/0xd10
[   82.707660][ T9103]  tun_get_user+0x2f3c/0x3ff0
[   82.712327][ T9103]  ? tun_device_event+0xee0/0xee0
[   82.717358][ T9103]  ? tun_get+0x171/0x290
[   82.721601][ T9103]  ? lock_downgrade+0x880/0x880
[   82.726435][ T9103]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.732662][ T9103]  ? kasan_check_read+0x11/0x20
[   82.737515][ T9103]  tun_chr_write_iter+0xbd/0x156
[   82.742587][ T9103]  do_iter_readv_writev+0x5f8/0x8f0
[   82.747778][ T9103]  ? no_seek_end_llseek_size+0x70/0x70
[   82.753231][ T9103]  ? apparmor_file_permission+0x25/0x30
[   82.758868][ T9103]  ? rw_verify_area+0x126/0x360
[   82.763731][ T9103]  do_iter_write+0x184/0x610
[   82.768327][ T9103]  ? dup_iter+0x260/0x260
[   82.772837][ T9103]  vfs_writev+0x1b3/0x2f0
[   82.777155][ T9103]  ? vfs_iter_write+0xb0/0xb0
[   82.781818][ T9103]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.788041][ T9103]  ? __handle_mm_fault+0x7cb/0x3eb0
[   82.793243][ T9103]  ? __do_page_fault+0x623/0xda0
[   82.798163][ T9103]  ? __do_page_fault+0x623/0xda0
[   82.803107][ T9103]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.809327][ T9103]  ? __fget_light+0x1a9/0x230
[   82.813996][ T9103]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.820221][ T9103]  do_writev+0x15b/0x330
[   82.824465][ T9103]  ? vfs_writev+0x2f0/0x2f0
[   82.828951][ T9103]  ? do_syscall_64+0x26/0x680
[   82.833618][ T9103]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.839666][ T9103]  ? do_syscall_64+0x26/0x680
[   82.844337][ T9103]  __x64_sys_writev+0x75/0xb0
[   82.849030][ T9103]  do_syscall_64+0xfd/0x680
[   82.853730][ T9103]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.859615][ T9103] RIP: 0033:0x441cd0
[   82.863524][ T9103] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 41 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00
[   82.883134][ T9103] RSP: 002b:00007fffdcf2b508 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   82.891641][ T9103] RAX: ffffffffffffffda RBX: 00007fffdcf2b530 RCX: 0000000000441cd0
[   82.899601][ T9103] RDX: 0000000000000003 RSI: 00007fffdcf2b550 RDI: 00000000000000f0
[   82.907564][ T9103] RBP: 00007fffdcf2b550 R08: 00007fffdcf2b580 R09: 0000000000000003
[   82.915516][ T9103] R10: 0000000000000d77 R11: 0000000000000246 R12: 00000000000140e2
[   82.923485][ T9103] R13: 0000000000402b60 R14: 0000000000000000 R15: 0000000000000000
[   82.932596][ T9103] Kernel Offset: disabled
[   82.936925][ T9103] Rebooting in 86400 seconds..