Warning: Permanently added '10.128.0.250' (ECDSA) to the list of known hosts.
2020/06/18 01:51:37 parsed 1 programs
2020/06/18 01:51:37 executed programs: 0
[[0m[0;31m*     [0m] A start job is running for dev-ttyS0.device (8s / 1min 30s)[K[[0;1;31m*[0m[0;31m*    [0m] A start job is running for dev-ttyS0.device (8s / 1min 30s)[K[[0;31m*[0;1;31m*[0m[0;31m*   [0m] A start job is running for dev-ttyS0.device (9s / 1min 30s)[K[ [0;31m*[0;1;31m*[0m[0;31m*  [0m] A start job is running for dev-ttyS0.device (9s / 1min 30s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] A start job is running for dev-ttyS0.device (10s / 1min 30s)[K[   [0;31m*[0;1;31m*[0m[0;31m*[0m] A start job is running for dev-ttyS0.device (10s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (11s / 1min 30s)[K[     [0;31m*[0m] A start job is running for dev-ttyS0.device (11s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (12s / 1min 30s)[   19.084120][   T22] audit: type=1400 audit(1592445097.372:8): avc:  denied  { execmem } for  pid=421 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   19.108651][  T428] cgroup1: Unknown subsys name 'perf_event'
[   19.109484][  T425] cgroup1: Unknown subsys name 'perf_event'
[   19.114972][  T428] cgroup1: Unknown subsys name 'net_cls'
[   19.123663][  T426] cgroup1: Unknown subsys name 'perf_event'
[   19.127538][  T430] cgroup1: Unknown subsys name 'perf_event'
[   19.134561][  T432] cgroup1: Unknown subsys name 'perf_event'
[   19.139723][  T430] cgroup1: Unknown subsys name 'net_cls'
[   19.147961][  T425] cgroup1: Unknown subsys name 'net_cls'
[   19.151232][  T426] cgroup1: Unknown subsys name 'net_cls'
[   19.158862][  T432] cgroup1: Unknown subsys name 'net_cls'
[   19.161351][  T435] cgroup1: Unknown subsys name 'perf_event'
[   19.172602][  T435] cgroup1: Unknown subsys name 'net_cls'
2020/06/18 01:51:42 executed programs: 41
[K[   [0;31m*[0;1;31m*[0m[0;31m*[0m] A start job is running for dev-ttyS0.device (13s / 1min 30s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] A start job is running for dev-ttyS0.device (13s / 1min 30s)[K[ [0;31m*[0;1;31m*[0m[0;31m*  [0m] A start job is running for dev-ttyS0.device (13s / 1min 30s)[K[[0;31m*[0;1;31m*[0m[0;31m*   [0m] A start job is running for dev-ttyS0.device (14s / 1min 30s)[K[[0;1;31m*[0m[0;31m*    [0m] A start job is running for dev-ttyS0.device (14s / 1min 30s)[K[[0m[0;31m*     [0m] A start job is running for dev-ttyS0.device (15s / 1min 30s)[K[[0;1;31m*[0m[0;31m*    [0m] A start job is running for dev-ttyS0.device (15s / 1min 30s)[K[[0;31m*[0;1;31m*[0m[0;31m*   [0m] A start job is running for dev-ttyS0.device (16s / 1min 30s)[K[ [0;31m*[0;1;31m*[0m[0;31m*  [0m] A start job is running for dev-ttyS0.device (16s / 1min 30s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] A start job is running for dev-ttyS0.device (17s / 1min 30s)[K[   [0;31m*[0;1;31m*[0m[0;31m*[0m] A start job is running for dev-ttyS0.device (17s / 1min 30s)[   24.297318][ T3085] ==================================================================
[   24.305416][ T3085] BUG: KASAN: use-after-free in free_netdev+0x176/0x300
[   24.312347][ T3085] Read of size 8 at addr ffff8881cfc7f538 by task syz-executor.0/3085
[   24.320466][ T3085] 
[   24.322778][ T3085] CPU: 0 PID: 3085 Comm: syz-executor.0 Not tainted 5.4.46-syzkaller-00155-g8e6c65a07bb4 #0
[   24.332808][ T3085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.342838][ T3085] Call Trace:
[   24.346112][ T3085]  dump_stack+0x14a/0x1ce
[   24.350419][ T3085]  ? show_regs_print_info+0x12/0x12
[   24.355587][ T3085]  ? printk+0xd2/0x114
[   24.359626][ T3085]  print_address_description+0x93/0x620
[   24.365168][ T3085]  ? slab_free_freelist_hook+0xd0/0x150
[   24.370704][ T3085]  ? call_rcu+0x10/0x10
[   24.374924][ T3085]  __kasan_report+0x16d/0x1e0
[   24.379581][ T3085]  ? free_netdev+0x176/0x300
[   24.384186][ T3085]  kasan_report+0x34/0x60
[   24.388496][ T3085]  free_netdev+0x176/0x300
[   24.392895][ T3085]  netdev_run_todo+0xc38/0xe90
[   24.397723][ T3085]  ? netdev_refcnt_read+0x1a0/0x1a0
[   24.402895][ T3085]  ? mutex_trylock+0xb0/0xb0
[   24.407465][ T3085]  rtnetlink_rcv_msg+0x9a0/0xc60
[   24.412377][ T3085]  ? is_bpf_text_address+0x290/0x2b0
[   24.417636][ T3085]  ? rtnetlink_bind+0x80/0x80
[   24.422290][ T3085]  ? unwind_get_return_address+0x48/0x90
[   24.427889][ T3085]  ? arch_stack_walk+0xd8/0x120
[   24.432711][ T3085]  ? stack_trace_save+0x123/0x1f0
[   24.437702][ T3085]  ? stack_trace_snprint+0x150/0x150
[   24.442962][ T3085]  ? futex_wait_queue_me+0x2eb/0x420
[   24.448228][ T3085]  ? rhashtable_jhash2+0x1cf/0x2f0
[   24.453313][ T3085]  ? jhash+0x740/0x740
[   24.457370][ T3085]  ? rht_key_hashfn+0x157/0x240
[   24.462243][ T3085]  ? deferred_put_nlk_sk+0x210/0x210
[   24.467509][ T3085]  ? jhash+0x740/0x740
[   24.471553][ T3085]  ? netlink_hash+0xd0/0xd0
[   24.476104][ T3085]  ? __sys_sendmsg+0x2d5/0x3c0
[   24.480892][ T3085]  ? do_syscall_64+0xcb/0x150
[   24.485547][ T3085]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   24.491593][ T3085]  ? __rcu_read_lock+0x50/0x50
[   24.496348][ T3085]  netlink_rcv_skb+0x200/0x480
[   24.501084][ T3085]  ? rtnetlink_bind+0x80/0x80
[   24.505842][ T3085]  ? netlink_ack+0xa90/0xa90
[   24.510460][ T3085]  ? __rcu_read_lock+0x50/0x50
[   24.515240][ T3085]  ? selinux_vm_enough_memory+0x170/0x170
[   24.521031][ T3085]  ? netlink_trim+0x10a/0x230
[   24.525676][ T3085]  netlink_unicast+0x8ad/0xa50
[   24.530434][ T3085]  ? netlink_detachskb+0x60/0x60
[   24.535951][ T3085]  ? __virt_addr_valid+0x1fd/0x290
[   24.541083][ T3085]  netlink_sendmsg+0x9de/0xd80
[   24.545813][ T3085]  ? netlink_getsockopt+0x8e0/0x8e0
[   24.550981][ T3085]  ? import_iovec+0x1c2/0x380
[   24.555646][ T3085]  ? security_socket_sendmsg+0xad/0xc0
[   24.561089][ T3085]  ? netlink_getsockopt+0x8e0/0x8e0
[   24.566267][ T3085]  ____sys_sendmsg+0x58a/0x8d0
[   24.571022][ T3085]  ? __sys_sendmsg_sock+0x2b0/0x2b0
[   24.576195][ T3085]  __sys_sendmsg+0x2d5/0x3c0
[   24.580760][ T3085]  ? ____sys_sendmsg+0x8d0/0x8d0
[   24.585671][ T3085]  ? _copy_to_user+0x8e/0xb0
[   24.590241][ T3085]  do_syscall_64+0xcb/0x150
[   24.594735][ T3085]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   24.600609][ T3085] RIP: 0033:0x45ca59
[   24.604502][ T3085] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   24.624122][ T3085] RSP: 002b:00007fca2e55cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   24.632534][ T3085] RAX: ffffffffffffffda RBX: 0000000000501ba0 RCX: 000000000045ca59
[   24.640507][ T3085] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004
[   24.648505][ T3085] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[   24.656536][ T3085] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   24.664491][ T3085] R13: 0000000000000a25 R14: 00000000004cd076 R15: 00007fca2e55d6d4
[   24.672440][ T3085] 
[   24.674781][ T3085] Allocated by task 3071:
[   24.679093][ T3085]  __kasan_kmalloc+0x12c/0x1c0
[   24.683883][ T3085]  __kmalloc+0xf7/0x2d0
[   24.688023][ T3085]  sk_prot_alloc+0xd6/0x290
[   24.692546][ T3085]  sk_alloc+0x2e/0x2e0
[   24.696586][ T3085]  tun_chr_open+0x77/0x4a0
[   24.700982][ T3085]  misc_open+0x356/0x3d0
[   24.705199][ T3085]  chrdev_open+0x585/0x640
[   24.709587][ T3085]  do_dentry_open+0x8f7/0x1070
[   24.714325][ T3085]  path_openat+0x12db/0x3d10
[   24.718887][ T3085]  do_filp_open+0x20d/0x440
[   24.723356][ T3085]  do_sys_open+0x387/0x7d0
[   24.727742][ T3085]  do_syscall_64+0xcb/0x150
[   24.732213][ T3085]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   24.738121][ T3085] 
[   24.740428][ T3085] Freed by task 3070:
[   24.744384][ T3085]  __kasan_slab_free+0x181/0x230
[   24.749350][ T3085]  slab_free_freelist_hook+0xd0/0x150
[   24.754823][ T3085]  kfree+0x12b/0x600
[   24.758695][ T3085]  __sk_destruct+0x3f9/0x480
[   24.763259][ T3085]  tun_chr_close+0xb4/0xd0
[   24.767675][ T3085]  __fput+0x27d/0x6c0
[   24.771636][ T3085]  task_work_run+0x176/0x1a0
[   24.776218][ T3085]  prepare_exit_to_usermode+0x286/0x2e0
[   24.781742][ T3085]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   24.787596][ T3085] 
[   24.789908][ T3085] The buggy address belongs to the object at ffff8881cfc7f000
[   24.789908][ T3085]  which belongs to the cache kmalloc-2k of size 2048
[   24.803951][ T3085] The buggy address is located 1336 bytes inside of
[   24.803951][ T3085]  2048-byte region [ffff8881cfc7f000, ffff8881cfc7f800)
[   24.817363][ T3085] The buggy address belongs to the page:
[   24.822978][ T3085] page:ffffea00073f1e00 refcount:1 mapcount:0 mapping:ffff8881da80c000 index:0x0 compound_mapcount: 0
[   24.833868][ T3085] flags: 0x8000000000010200(slab|head)
[   24.839319][ T3085] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881da80c000
[   24.847891][ T3085] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[   24.856473][ T3085] page dumped because: kasan: bad access detected
[   24.862866][ T3085] 
[   24.865175][ T3085] Memory state around the buggy address:
[   24.870801][ T3085]  ffff8881cfc7f400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.878836][ T3085]  ffff8881cfc7f480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.886878][ T3085] >ffff8881cfc7f500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.894908][ T3085]                                         ^
[   24.900773][ T3085]  ffff8881cfc7f580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.908815][ T3085]  ffff8881cfc7f600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.916846][ T3085] ==================================================================
[   24.924895][ T3085] Disabling lock debugging due to kernel taint
2020/06/18 01:51:47 executed programs: 140
[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (18s / 1min 30s)[K[     [0;31m*[0m] A start job is running for dev-ttyS0.device (19s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (19s / 1min 30s)[K[   [0;31m*[0;1;31m*[0m[0;31m*[0m] A start job is running for dev-ttyS0.device (20s / 1min 30s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] A start job is running for dev-ttyS0.device (20s / 1min 30s)[K[ [0;31m*[0;1;31m*[0m[0;31m*  [0m] A start job is running for dev-ttyS0.device (21s / 1min 30s)[K[[0;31m*[0;1;31m*[0m[0;31m*   [0m] A start job is running for dev-ttyS0.device (21s / 1min 30s)[K[[0;1;31m*[0m[0;31m*    [0m] A start job is running for dev-ttyS0.device (22s / 1min 30s)[K[[0m[0;31m*     [0m] A start job is running for dev-ttyS0.device (22s / 1min 30s)[K[[0;1;31m*[0m[0;31m*    [0m] A start job is running for dev-ttyS0.device (23s / 1min 30s)[K[[0;31m*[0;1;31m*[0m[0;31m*   [0m] A start job is running for dev-ttyS0.device (23s / 1min 30s)[K[ [0;31m*[0;1;31m*[0m[0;31m*  [0m] A start job is running for dev-ttyS0.device (24s / 1min 30s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] A start job is running for dev-ttyS0.device (24s / 1min 30s)[K[   [0;31m*[0;1;31m*[0m[0;31m*[0m] A start job is running for dev-ttyS0.device (25s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (25s / 1min 30s)[K[     [0;31m*[0m] A start job is running for dev-ttyS0.device (26s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (26s / 1min 30s)[K[   [0;31m*[0;1;31m*[0m[0;31m*[0m] A start job is running for dev-ttyS0.device (27s / 1min 30s)