[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   11.028858] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   31.589563] random: crng init done
Warning: Permanently added '10.128.1.32' (ECDSA) to the list of known hosts.
2019/06/15 14:21:23 parsed 1 programs
2019/06/15 14:21:25 executed programs: 0
[   50.090075] audit: type=1400 audit(1560608485.606:5): avc:  denied  { associate } for  pid=2077 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
2019/06/15 14:21:30 executed programs: 46
2019/06/15 14:21:35 executed programs: 98
2019/06/15 14:21:40 executed programs: 149
[   65.814995] ==================================================================
[   65.822644] BUG: KASAN: use-after-free in pneigh_get_next.isra.0+0x22d/0x260
[   65.829936] Read of size 8 at addr ffff8801c962de40 by task syz-executor.0/2872
[   65.837655] 
[   65.839332] CPU: 1 PID: 2872 Comm: syz-executor.0 Not tainted 4.9.181+ #9
[   65.846976]  ffff8801cde3f2c0 ffffffff81b57e21 0000000000000000 ffffea0007258b40
[   65.855180]  ffff8801c962de40 0000000000000008 ffffffff82347b5d ffff8801cde3f2f8
[   65.863218]  ffffffff8150abe8 0000000000000000 ffff8801c962de40 ffff8801c962de40
[   65.871318] Call Trace:
[   65.873920]  [<00000000e144a64b>] dump_stack+0xc1/0x120
[   65.879294]  [<00000000d443a36b>] ? pneigh_get_next.isra.0+0x22d/0x260
[   65.885958]  [<00000000d79f4d68>] print_address_description+0x6f/0x23a
[   65.892923]  [<00000000d443a36b>] ? pneigh_get_next.isra.0+0x22d/0x260
[   65.899658]  [<00000000ddc76c72>] kasan_report.cold+0x8c/0x2ba
[   65.905791]  [<00000000c3551b5e>] __asan_report_load8_noabort+0x14/0x20
[   65.912814]  [<00000000d443a36b>] pneigh_get_next.isra.0+0x22d/0x260
[   65.919359]  [<00000000823b6118>] ? mark_held_locks+0xb1/0x100
[   65.925384]  [<00000000600da899>] neigh_seq_next+0xb4/0x1e0
[   65.931118]  [<00000000b8db63bd>] seq_read+0xad6/0x1250
[   65.936606]  [<000000007bb3ee59>] ? seq_lseek+0x3c0/0x3c0
[   65.942188]  [<0000000049712bb3>] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300
[   65.950766]  [<000000003aa89f52>] proc_reg_read+0xfd/0x180
[   65.956447]  [<000000007bb3ee59>] ? seq_lseek+0x3c0/0x3c0
[   65.962077]  [<00000000a0070353>] do_loop_readv_writev.part.0+0xcc/0x2c0
[   65.969245]  [<00000000ca58308c>] do_readv_writev+0x556/0x7a0
[   65.975141]  [<00000000594d7afe>] ? vfs_write+0x520/0x520
[   65.980860]  [<00000000fa6928ae>] ? kasan_unpoison_shadow+0x35/0x50
[   65.987422]  [<00000000bc493528>] ? push_pipe+0x3dd/0x770
[   65.992962]  [<00000000b76a9e76>] ? __kmalloc+0x133/0x320
[   65.998488]  [<00000000a60c0947>] ? iov_iter_get_pages_alloc+0x2c8/0xfb0
[   66.005327]  [<0000000092071624>] vfs_readv+0x86/0xc0
[   66.010586]  [<00000000ea3924fc>] default_file_splice_read+0x44b/0x7e0
[   66.017263]  [<00000000823b6118>] ? mark_held_locks+0xb1/0x100
[   66.023378]  [<0000000004fcc40a>] ? do_splice_direct+0x260/0x260
[   66.029650]  [<00000000e436d13b>] ? generic_pipe_buf_release+0xba/0x110
[   66.036776]  [<00000000f9cfaeb4>] ? fsnotify+0x129/0x11d0
[   66.042410]  [<000000009b445ce9>] ? security_file_permission+0x8f/0x1f0
[   66.049302]  [<00000000260e469f>] ? default_file_splice_write+0x68/0x80
[   66.056061]  [<0000000004fcc40a>] ? do_splice_direct+0x260/0x260
[   66.062558]  [<000000007dd30619>] do_splice_to+0x108/0x170
[   66.068239]  [<0000000056fb7ddf>] splice_direct_to_actor+0x246/0x820
[   66.074739]  [<00000000927cb80e>] ? generic_pipe_buf_nosteal+0x10/0x10
[   66.081499]  [<0000000036c9396c>] ? do_splice_to+0x170/0x170
[   66.087299]  [<000000009b445ce9>] ? security_file_permission+0x8f/0x1f0
[   66.094175]  [<00000000fee16f37>] ? rw_verify_area+0xea/0x2b0
[   66.100059]  [<00000000735a096b>] do_splice_direct+0x1a5/0x260
[   66.106157]  [<0000000001e27d54>] ? splice_direct_to_actor+0x820/0x820
[   66.113309]  [<000000000d88b778>] ? rcu_read_lock_sched_held+0x10b/0x130
[   66.120830]  [<0000000003570f93>] ? rcu_sync_lockdep_assert+0x73/0xb0
[   66.127844]  [<000000000f0085da>] ? __sb_start_write+0x161/0x310
[   66.134093]  [<00000000d4e5abef>] do_sendfile+0x503/0xc00
[   66.139630]  [<0000000086d98139>] ? do_compat_pwritev64+0x180/0x180
[   66.146132]  [<00000000625d7e81>] ? __might_fault+0x114/0x1d0
[   66.152068]  [<00000000a12fbc02>] SyS_sendfile64+0x145/0x160
[   66.158275]  [<000000008ef85f51>] ? SyS_sendfile+0x160/0x160
[   66.164212]  [<000000009e775387>] ? do_syscall_64+0x4a/0x5c0
[   66.170016]  [<000000008ef85f51>] ? SyS_sendfile+0x160/0x160
[   66.175809]  [<00000000ca3dcb1a>] do_syscall_64+0x1ad/0x5c0
[   66.181601]  [<00000000bce52e31>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   66.189151] 
[   66.190977] Allocated by task 2873:
[   66.194624]  save_stack_trace+0x16/0x20
[   66.198594]  kasan_kmalloc.part.0+0x62/0xf0
[   66.203168]  kasan_kmalloc+0xb7/0xd0
[   66.206873]  __kmalloc+0x133/0x320
[   66.210502]  pneigh_lookup+0x184/0x3f0
[   66.214381]  arp_req_set+0x445/0x550
[   66.218076]  arp_ioctl+0x402/0x690
[   66.221606]  inet_ioctl+0x123/0x1a0
[   66.225219]  sock_do_ioctl+0x6a/0xb0
[   66.228933]  sock_ioctl+0x24c/0x3d0
[   66.232842]  do_vfs_ioctl+0xb87/0x11d0
[   66.236844]  SyS_ioctl+0x8f/0xc0
[   66.240221]  do_syscall_64+0x1ad/0x5c0
[   66.244315]  entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   66.249664] 
[   66.251291] Freed by task 2870:
[   66.254766]  save_stack_trace+0x16/0x20
[   66.258738]  kasan_slab_free+0xb0/0x190
[   66.262746]  kfree+0xfc/0x310
[   66.265861]  neigh_ifdown+0x21c/0x2e0
[   66.269697]  arp_ifdown+0x1d/0x30
[   66.273143]  inetdev_event+0x60d/0x10c0
[   66.277191]  notifier_call_chain+0xb4/0x1d0
[   66.281511]  raw_notifier_call_chain+0x2e/0x40
[   66.286087]  call_netdevice_notifiers_info+0x56/0x70
[   66.291237]  rollback_registered_many+0x6ef/0xb50
[   66.296188]  rollback_registered+0xf2/0x1b0
[   66.300525]  unregister_netdevice_queue+0x1ae/0x230
[   66.305553]  __tun_detach+0x820/0xa00
[   66.309351]  tun_chr_close+0x46/0x60
[   66.313067]  __fput+0x274/0x720
[   66.316349]  ____fput+0x16/0x20
[   66.319614]  task_work_run+0x108/0x180
[   66.323490]  exit_to_usermode_loop+0x13b/0x160
[   66.328077]  do_syscall_64+0x3ab/0x5c0
[   66.331951]  entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   66.337183] 
[   66.338802] The buggy address belongs to the object at ffff8801c962de40
[   66.338802]  which belongs to the cache kmalloc-64 of size 64
[   66.351403] The buggy address is located 0 bytes inside of
[   66.351403]  64-byte region [ffff8801c962de40, ffff8801c962de80)
[   66.363380] The buggy address belongs to the page:
[   66.368305] page:ffffea0007258b40 count:1 mapcount:0 mapping:          (null) index:0x0
[   66.376710] flags: 0x4000000000000200(slab)
[   66.381030] page dumped because: kasan: bad access detected
[   66.386885] 
[   66.388501] Memory state around the buggy address:
[   66.393424]  ffff8801c962dd00: fc fc fc fc 00 00 00 00 00 00 00 00 fc fc fc fc
[   66.401130]  ffff8801c962dd80: fb fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb
[   66.408585] >ffff8801c962de00: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
[   66.416036]                                            ^
[   66.421482]  ffff8801c962de80: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc
[   66.428912]  ffff8801c962df00: fb fb fb fb fb fb fb fb fc fc fc fc 00 00 00 00
[   66.436440] ==================================================================
[   66.444120] Disabling lock debugging due to kernel taint
[   66.449826] Kernel panic - not syncing: panic_on_warn set ...
[   66.449826] 
[   66.457189] CPU: 1 PID: 2872 Comm: syz-executor.0 Tainted: G    B           4.9.181+ #9
[   66.465320]  ffff8801cde3f200 ffffffff81b57e21 ffff8801cde3f300 ffffffff82e3f287
[   66.473456]  00000000ffffffff 0000000000000001 ffffffff82347b5d ffff8801cde3f2e0
[   66.481672]  ffffffff813fd5da 0000000041b58ab3 ffffffff82e312d2 ffffffff813fd401
[   66.489703] Call Trace:
[   66.492368]  [<00000000e144a64b>] dump_stack+0xc1/0x120
[   66.497727]  [<00000000d443a36b>] ? pneigh_get_next.isra.0+0x22d/0x260
[   66.504389]  [<000000000dea6819>] panic+0x1d9/0x3bd
[   66.509402]  [<000000001edcb6dd>] ? add_taint.cold+0x16/0x16
[   66.515191]  [<00000000d443a36b>] ? pneigh_get_next.isra.0+0x22d/0x260
[   66.521992]  [<0000000020efa5e3>] kasan_end_report+0x47/0x4f
[   66.527790]  [<0000000080ec0048>] kasan_report.cold+0xa9/0x2ba
[   66.533893]  [<00000000c3551b5e>] __asan_report_load8_noabort+0x14/0x20
[   66.540649]  [<00000000d443a36b>] pneigh_get_next.isra.0+0x22d/0x260
[   66.547165]  [<00000000823b6118>] ? mark_held_locks+0xb1/0x100
[   66.553138]  [<00000000600da899>] neigh_seq_next+0xb4/0x1e0
[   66.558961]  [<00000000b8db63bd>] seq_read+0xad6/0x1250
[   66.575143]  [<000000007bb3ee59>] ? seq_lseek+0x3c0/0x3c0
[   66.580757]  [<0000000049712bb3>] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300
[   66.589376]  [<000000003aa89f52>] proc_reg_read+0xfd/0x180
[   66.594997]  [<000000007bb3ee59>] ? seq_lseek+0x3c0/0x3c0
[   66.600615]  [<00000000a0070353>] do_loop_readv_writev.part.0+0xcc/0x2c0
[   66.607440]  [<00000000ca58308c>] do_readv_writev+0x556/0x7a0
[   66.613963]  [<00000000594d7afe>] ? vfs_write+0x520/0x520
[   66.620433]  [<00000000fa6928ae>] ? kasan_unpoison_shadow+0x35/0x50
[   66.626908]  [<00000000bc493528>] ? push_pipe+0x3dd/0x770
[   66.632696]  [<00000000b76a9e76>] ? __kmalloc+0x133/0x320
[   66.638214]  [<00000000a60c0947>] ? iov_iter_get_pages_alloc+0x2c8/0xfb0
[   66.645118]  [<0000000092071624>] vfs_readv+0x86/0xc0
[   66.650512]  [<00000000ea3924fc>] default_file_splice_read+0x44b/0x7e0
[   66.657789]  [<00000000823b6118>] ? mark_held_locks+0xb1/0x100
[   66.663753]  [<0000000004fcc40a>] ? do_splice_direct+0x260/0x260
[   66.670095]  [<00000000e436d13b>] ? generic_pipe_buf_release+0xba/0x110
[   66.676944]  [<00000000f9cfaeb4>] ? fsnotify+0x129/0x11d0
[   66.682834]  [<000000009b445ce9>] ? security_file_permission+0x8f/0x1f0
[   66.689596]  [<00000000260e469f>] ? default_file_splice_write+0x68/0x80
[   66.696455]  [<0000000004fcc40a>] ? do_splice_direct+0x260/0x260
[   66.702586]  [<000000007dd30619>] do_splice_to+0x108/0x170
[   66.708191]  [<0000000056fb7ddf>] splice_direct_to_actor+0x246/0x820
[   66.714659]  [<00000000927cb80e>] ? generic_pipe_buf_nosteal+0x10/0x10
[   66.721312]  [<0000000036c9396c>] ? do_splice_to+0x170/0x170
[   66.727234]  [<000000009b445ce9>] ? security_file_permission+0x8f/0x1f0
[   66.733969]  [<00000000fee16f37>] ? rw_verify_area+0xea/0x2b0
[   66.739957]  [<00000000735a096b>] do_splice_direct+0x1a5/0x260
[   66.745913]  [<0000000001e27d54>] ? splice_direct_to_actor+0x820/0x820
[   66.752691]  [<000000000d88b778>] ? rcu_read_lock_sched_held+0x10b/0x130
[   66.759694]  [<0000000003570f93>] ? rcu_sync_lockdep_assert+0x73/0xb0
[   66.766365]  [<000000000f0085da>] ? __sb_start_write+0x161/0x310
[   66.772497]  [<00000000d4e5abef>] do_sendfile+0x503/0xc00
[   66.778027]  [<0000000086d98139>] ? do_compat_pwritev64+0x180/0x180
[   66.784523]  [<00000000625d7e81>] ? __might_fault+0x114/0x1d0
[   66.790535]  [<00000000a12fbc02>] SyS_sendfile64+0x145/0x160
[   66.796605]  [<000000008ef85f51>] ? SyS_sendfile+0x160/0x160
[   66.802396]  [<000000009e775387>] ? do_syscall_64+0x4a/0x5c0
[   66.808188]  [<000000008ef85f51>] ? SyS_sendfile+0x160/0x160
[   66.814101]  [<00000000ca3dcb1a>] do_syscall_64+0x1ad/0x5c0
[   66.819902]  [<00000000bce52e31>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   66.827265] Kernel Offset: disabled
[   66.831030] Rebooting in 86400 seconds..