[   77.332576][   T27] audit: type=1400 audit(1576766780.517:37): avc:  denied  { watch } for  pid=10062 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[   77.387755][   T27] audit: type=1400 audit(1576766780.517:38): avc:  denied  { watch } for  pid=10062 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   77.542307][   T27] audit: type=1800 audit(1576766780.727:39): pid=9971 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   77.564412][   T27] audit: type=1800 audit(1576766780.727:40): pid=9971 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   82.194584][   T27] audit: type=1400 audit(1576766785.377:41): avc:  denied  { map } for  pid=10149 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts.
[   88.833356][   T27] audit: type=1400 audit(1576766792.017:42): avc:  denied  { map } for  pid=10161 comm="syz-executor336" path="/root/syz-executor336410264" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   88.864457][T10162] IPVS: ftp: loaded support on port[0] = 21
[   88.894213][   T27] audit: type=1400 audit(1576766792.077:43): avc:  denied  { create } for  pid=10162 comm="syz-executor336" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
executing program
[   88.920056][   T27] audit: type=1400 audit(1576766792.077:44): avc:  denied  { write } for  pid=10162 comm="syz-executor336" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   88.945938][   T27] audit: type=1400 audit(1576766792.077:45): avc:  denied  { read } for  pid=10162 comm="syz-executor336" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   88.980269][   T27] audit: type=1400 audit(1576766792.157:46): avc:  denied  { open } for  pid=10162 comm="syz-executor336" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1
[   89.349873][T10162] ==================================================================
[   89.358070][T10162] BUG: KASAN: use-after-free in eth_type_trans+0x6ce/0x760
[   89.365245][T10162] Read of size 8 at addr ffff888084bf0040 by task syz-executor336/10162
[   89.373545][T10162] 
[   89.375874][T10162] CPU: 1 PID: 10162 Comm: syz-executor336 Not tainted 5.5.0-rc2-syzkaller #0
[   89.384620][T10162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   89.394665][T10162] Call Trace:
[   89.397937][T10162]  dump_stack+0x197/0x210
[   89.402247][T10162]  ? eth_type_trans+0x6ce/0x760
[   89.407183][T10162]  print_address_description.constprop.0.cold+0xd4/0x30b
[   89.414182][T10162]  ? eth_type_trans+0x6ce/0x760
[   89.419020][T10162]  ? eth_type_trans+0x6ce/0x760
[   89.423851][T10162]  __kasan_report.cold+0x1b/0x41
[   89.428781][T10162]  ? calibrate_delay.cold+0x42e/0x4a7
[   89.434134][T10162]  ? eth_type_trans+0x6ce/0x760
[   89.438977][T10162]  kasan_report+0x12/0x20
[   89.443294][T10162]  __asan_report_load8_noabort+0x14/0x20
[   89.448922][T10162]  eth_type_trans+0x6ce/0x760
[   89.453579][T10162]  ? eth_gro_receive+0x890/0x890
[   89.458541][T10162]  napi_gro_frags+0x8c2/0xd00
[   89.463268][T10162]  tun_get_user+0x2e7f/0x3fc0
[   89.467950][T10162]  ? __this_cpu_preempt_check+0x8a/0x190
[   89.473621][T10162]  ? tun_build_skb.isra.0+0x1470/0x1470
[   89.479174][T10162]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   89.484645][T10162]  ? __this_cpu_preempt_check+0x8a/0x190
[   89.490263][T10162]  ? des3_ede_expand_key+0x6e90/0x7480
[   89.495736][T10162]  tun_chr_write_iter+0xbd/0x156
[   89.500676][T10162]  do_iter_readv_writev+0x5f8/0x8f0
[   89.505863][T10162]  ? no_seek_end_llseek_size+0x70/0x70
[   89.511310][T10162]  ? rw_verify_area+0x126/0x360
[   89.516173][T10162]  do_iter_write+0x184/0x610
[   89.520765][T10162]  vfs_writev+0x1b3/0x2f0
[   89.525089][T10162]  ? vfs_iter_write+0xb0/0xb0
[   89.529813][T10162]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.536053][T10162]  ? __do_sys_perf_event_open+0xe1/0x2c70
[   89.541769][T10162]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.547999][T10162]  ? __fget_light+0x1a9/0x230
[   89.552663][T10162]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.558907][T10162]  do_writev+0x15b/0x330
[   89.563135][T10162]  ? vfs_writev+0x2f0/0x2f0
[   89.567623][T10162]  ? do_syscall_64+0x26/0x790
[   89.572282][T10162]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   89.578328][T10162]  ? do_syscall_64+0x26/0x790
[   89.582993][T10162]  __x64_sys_writev+0x75/0xb0
[   89.588270][T10162]  do_syscall_64+0xfa/0x790
[   89.592754][T10162]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   89.598625][T10162] RIP: 0033:0x441800
[   89.602532][T10162] Code: 05 48 3d 01 f0 ff ff 0f 83 fd 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 51 9c 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 d4 0e fc ff c3 48 83 ec 08 e8 9a 2b 00 00
[   89.622129][T10162] RSP: 002b:00007ffe7bc617c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   89.630537][T10162] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441800
[   89.640651][T10162] RDX: 0000000000000001 RSI: 00007ffe7bc61820 RDI: 00000000000000f0
[   89.648612][T10162] RBP: 00007ffe7bc617f0 R08: 0000000000000000 R09: 0000000000000020
[   89.656573][T10162] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000003
[   89.664527][T10162] R13: 0000000000000004 R14: 00007ffe7bc61870 R15: 0000000000000000
[   89.672848][T10162] 
[   89.675155][T10162] The buggy address belongs to the page:
[   89.680781][T10162] page:ffffea000212fc00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   89.689866][T10162] raw: 00fffe0000000000 ffffea000212fc08 ffffea000212fc08 0000000000000000
[   89.698444][T10162] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   89.707003][T10162] page dumped because: kasan: bad access detected
[   89.713400][T10162] 
[   89.715718][T10162] Memory state around the buggy address:
[   89.721340][T10162]  ffff888084beff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   89.729394][T10162]  ffff888084beff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   89.737626][T10162] >ffff888084bf0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   89.745674][T10162]                                            ^
[   89.753974][T10162]  ffff888084bf0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   89.762030][T10162]  ffff888084bf0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   89.770071][T10162] ==================================================================
[   89.778124][T10162] Disabling lock debugging due to kernel taint
[   89.784334][T10162] Kernel panic - not syncing: panic_on_warn set ...
[   89.791179][T10162] CPU: 1 PID: 10162 Comm: syz-executor336 Tainted: G    B             5.5.0-rc2-syzkaller #0
[   89.801464][T10162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   89.811503][T10162] Call Trace:
[   89.814778][T10162]  dump_stack+0x197/0x210
[   89.819087][T10162]  panic+0x2e3/0x75c
[   89.822963][T10162]  ? add_taint.cold+0x16/0x16
[   89.827618][T10162]  ? retint_kernel+0x2b/0x2b
[   89.832509][T10162]  ? trace_hardirqs_on+0x5e/0x240
[   89.837528][T10162]  ? eth_type_trans+0x6ce/0x760
[   89.842364][T10162]  end_report+0x47/0x4f
[   89.846843][T10162]  ? eth_type_trans+0x6ce/0x760
[   89.852978][T10162]  __kasan_report.cold+0xe/0x41
[   89.857810][T10162]  ? calibrate_delay.cold+0x42e/0x4a7
[   89.863173][T10162]  ? eth_type_trans+0x6ce/0x760
[   89.868000][T10162]  kasan_report+0x12/0x20
[   89.872323][T10162]  __asan_report_load8_noabort+0x14/0x20
[   89.877947][T10162]  eth_type_trans+0x6ce/0x760
[   89.882602][T10162]  ? eth_gro_receive+0x890/0x890
[   89.887545][T10162]  napi_gro_frags+0x8c2/0xd00
[   89.892216][T10162]  tun_get_user+0x2e7f/0x3fc0
[   89.896868][T10162]  ? __this_cpu_preempt_check+0x8a/0x190
[   89.902515][T10162]  ? tun_build_skb.isra.0+0x1470/0x1470
[   89.908044][T10162]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   89.913495][T10162]  ? __this_cpu_preempt_check+0x8a/0x190
[   89.919119][T10162]  ? des3_ede_expand_key+0x6e90/0x7480
[   89.924565][T10162]  tun_chr_write_iter+0xbd/0x156
[   89.929494][T10162]  do_iter_readv_writev+0x5f8/0x8f0
[   89.934685][T10162]  ? no_seek_end_llseek_size+0x70/0x70
[   89.940138][T10162]  ? rw_verify_area+0x126/0x360
[   89.944979][T10162]  do_iter_write+0x184/0x610
[   89.949552][T10162]  vfs_writev+0x1b3/0x2f0
[   89.953871][T10162]  ? vfs_iter_write+0xb0/0xb0
[   89.958527][T10162]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.964774][T10162]  ? __do_sys_perf_event_open+0xe1/0x2c70
[   89.970501][T10162]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.976770][T10162]  ? __fget_light+0x1a9/0x230
[   89.981453][T10162]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.987680][T10162]  do_writev+0x15b/0x330
[   89.991908][T10162]  ? vfs_writev+0x2f0/0x2f0
[   89.996393][T10162]  ? do_syscall_64+0x26/0x790
[   90.001067][T10162]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   90.007209][T10162]  ? do_syscall_64+0x26/0x790
[   90.011943][T10162]  __x64_sys_writev+0x75/0xb0
[   90.016600][T10162]  do_syscall_64+0xfa/0x790
[   90.021088][T10162]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   90.026957][T10162] RIP: 0033:0x441800
[   90.030849][T10162] Code: 05 48 3d 01 f0 ff ff 0f 83 fd 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 51 9c 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 d4 0e fc ff c3 48 83 ec 08 e8 9a 2b 00 00
[   90.050448][T10162] RSP: 002b:00007ffe7bc617c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   90.058849][T10162] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441800
[   90.066813][T10162] RDX: 0000000000000001 RSI: 00007ffe7bc61820 RDI: 00000000000000f0
[   90.074774][T10162] RBP: 00007ffe7bc617f0 R08: 0000000000000000 R09: 0000000000000020
[   90.082742][T10162] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000003
[   90.090703][T10162] R13: 0000000000000004 R14: 00007ffe7bc61870 R15: 0000000000000000
[   90.099873][T10162] Kernel Offset: disabled
[   90.104198][T10162] Rebooting in 86400 seconds..