Starting mcstransd:
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 9.177052][ T22] audit: type=1400 audit(1584237102.430:10): avc: denied { watch } for pid=1797 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[ 9.184941][ T22] audit: type=1400 audit(1584237102.430:11): avc: denied { watch } for pid=1797 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2280 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 10.512381][ T22] audit: type=1400 audit(1584237103.760:12): avc: denied { map } for pid=1866 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.10.43' (ECDSA) to the list of known hosts.
[ 16.625653][ T22] audit: type=1400 audit(1584237109.870:13): avc: denied { map } for pid=1878 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16480 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2020/03/15 01:51:49 parsed 1 programs
2020/03/15 01:51:51 executed programs: 0
[ 18.381680][ T22] audit: type=1400 audit(1584237111.630:14): avc: denied { map } for pid=1878 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=7901 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[ 18.415183][ T22] audit: type=1400 audit(1584237111.670:15): avc: denied { map } for pid=1878 comm="syz-execprog" path="/root/syzkaller-shm344169641" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[ 18.420618][ T1894] cgroup1: Unknown subsys name 'perf_event'
[ 18.448032][ T1894] cgroup1: Unknown subsys name 'net_cls'
[ 18.688045][ T22] audit: type=1400 audit(1584237111.940:16): avc: denied { create } for pid=1894 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 18.712857][ T22] audit: type=1400 audit(1584237111.940:17): avc: denied { write } for pid=1894 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 18.737997][ T22] audit: type=1400 audit(1584237111.950:18): avc: denied { read } for pid=1894 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 19.381084][ T22] audit: type=1400 audit(1584237112.630:19): avc: denied { associate } for pid=1894 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[ 20.325855][ T2339] ==================================================================
[ 20.333951][ T2339] BUG: KASAN: use-after-free in free_netdev+0x186/0x300
[ 20.340865][ T2339] Read of size 8 at addr ffff8881ca7e74f0 by task syz-executor.0/2339
[ 20.349014][ T2339]
[ 20.351327][ T2339] CPU: 1 PID: 2339 Comm: syz-executor.0 Not tainted 5.4.25-syzkaller-00409-g21ee296526c7 #0
[ 20.361357][ T2339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 20.371392][ T2339] Call Trace:
[ 20.374684][ T2339] dump_stack+0x1b0/0x228
[ 20.378995][ T2339] ? show_regs_print_info+0x18/0x18
[ 20.384177][ T2339] ? vprintk_func+0x105/0x110
[ 20.388830][ T2339] ? printk+0xc0/0x109
[ 20.392873][ T2339] print_address_description+0x96/0x5d0
[ 20.398393][ T2339] ? devkmsg_release+0x127/0x127
[ 20.403304][ T2339] ? call_rcu+0x10/0x10
[ 20.407447][ T2339] __kasan_report+0x14b/0x1c0
[ 20.412100][ T2339] ? free_netdev+0x186/0x300
[ 20.416672][ T2339] kasan_report+0x26/0x50
[ 20.420979][ T2339] __asan_report_load8_noabort+0x14/0x20
[ 20.426587][ T2339] free_netdev+0x186/0x300
[ 20.430981][ T2339] netdev_run_todo+0xbc4/0xe00
[ 20.435717][ T2339] ? netdev_refcnt_read+0x1c0/0x1c0
[ 20.440901][ T2339] ? mutex_trylock+0xb0/0xb0
[ 20.445464][ T2339] ? netlink_net_capable+0x124/0x160
[ 20.450725][ T2339] rtnetlink_rcv_msg+0x963/0xc20
[ 20.455638][ T2339] ? is_bpf_text_address+0x2c8/0x2e0
[ 20.460895][ T2339] ? __kernel_text_address+0x9a/0x110
[ 20.466252][ T2339] ? rtnetlink_bind+0x80/0x80
[ 20.470900][ T2339] ? arch_stack_walk+0x98/0xe0
[ 20.475653][ T2339] ? __rcu_read_lock+0x50/0x50
[ 20.480424][ T2339] ? avc_has_perm_noaudit+0x2fc/0x3f0
[ 20.485773][ T2339] ? rhashtable_jhash2+0x1f1/0x330
[ 20.490855][ T2339] ? jhash+0x750/0x750
[ 20.494898][ T2339] ? rht_key_hashfn+0x157/0x240
[ 20.499723][ T2339] ? deferred_put_nlk_sk+0x200/0x200
[ 20.504990][ T2339] ? __alloc_skb+0x109/0x540
[ 20.509555][ T2339] ? jhash+0x750/0x750
[ 20.513607][ T2339] ? netlink_hash+0xd0/0xd0
[ 20.518092][ T2339] ? avc_has_perm+0x15f/0x260
[ 20.522757][ T2339] ? __rcu_read_lock+0x50/0x50
[ 20.527508][ T2339] netlink_rcv_skb+0x1f0/0x460
[ 20.532247][ T2339] ? rtnetlink_bind+0x80/0x80
[ 20.536897][ T2339] ? netlink_ack+0xa80/0xa80
[ 20.541463][ T2339] ? netlink_autobind+0x1c0/0x1c0
[ 20.546634][ T2339] ? __rcu_read_lock+0x50/0x50
[ 20.551370][ T2339] ? selinux_vm_enough_memory+0x160/0x160
[ 20.557075][ T2339] rtnetlink_rcv+0x1c/0x20
[ 20.561468][ T2339] netlink_unicast+0x87c/0xa20
[ 20.566206][ T2339] ? netlink_detachskb+0x60/0x60
[ 20.571291][ T2339] ? security_netlink_send+0xab/0xc0
[ 20.576556][ T2339] netlink_sendmsg+0x9a7/0xd40
[ 20.581298][ T2339] ? netlink_getsockopt+0x900/0x900
[ 20.586468][ T2339] ? security_socket_sendmsg+0xad/0xc0
[ 20.591913][ T2339] ? netlink_getsockopt+0x900/0x900
[ 20.597082][ T2339] ____sys_sendmsg+0x56f/0x860
[ 20.602012][ T2339] ? __sys_sendmsg_sock+0x2a0/0x2a0
[ 20.607199][ T2339] ? __fdget+0x17c/0x200
[ 20.611445][ T2339] __sys_sendmsg+0x26a/0x350
[ 20.616015][ T2339] ? ____sys_sendmsg+0x860/0x860
[ 20.620930][ T2339] ? __rcu_read_lock+0x50/0x50
[ 20.629675][ T2339] ? selinux_file_ioctl+0x6e4/0x920
[ 20.634875][ T2339] ? __kasan_check_write+0x14/0x20
[ 20.639976][ T2339] ? __kasan_check_read+0x11/0x20
[ 20.644976][ T2339] ? _copy_to_user+0x92/0xb0
[ 20.649593][ T2339] ? put_timespec64+0x106/0x150
[ 20.654431][ T2339] ? ktime_get_raw+0x130/0x130
[ 20.659166][ T2339] ? get_timespec64+0x1c0/0x1c0
[ 20.663989][ T2339] ? __kasan_check_read+0x11/0x20
[ 20.668987][ T2339] ? __ia32_sys_clock_settime+0x230/0x230
[ 20.674689][ T2339] __x64_sys_sendmsg+0x7f/0x90
[ 20.679425][ T2339] do_syscall_64+0xc0/0x100
[ 20.683902][ T2339] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 20.689763][ T2339] RIP: 0033:0x45c849
[ 20.693633][ T2339] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 20.713215][ T2339] RSP: 002b:00007f658baf4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 20.721598][ T2339] RAX: ffffffffffffffda RBX: 00007f658baf56d4 RCX: 000000000045c849
[ 20.729545][ T2339] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005
[ 20.737500][ T2339] RBP: 000000000076c040 R08: 0000000000000000 R09: 0000000000000000
[ 20.745467][ T2339] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 20.753417][ T2339] R13: 00000000000009f9 R14: 00000000004ccb17 R15: 000000000076c04c
[ 20.761367][ T2339]
[ 20.763671][ T2339] Allocated by task 2337:
[ 20.767983][ T2339] __kasan_kmalloc+0x117/0x1b0
[ 20.772731][ T2339] kasan_kmalloc+0x9/0x10
[ 20.777039][ T2339] __kmalloc+0x102/0x310
[ 20.781263][ T2339] sk_prot_alloc+0x11c/0x2f0
[ 20.785845][ T2339] sk_alloc+0x35/0x300
[ 20.789926][ T2339] tun_chr_open+0x7b/0x4a0
[ 20.794334][ T2339] misc_open+0x3ea/0x440
[ 20.798590][ T2339] chrdev_open+0x60a/0x670
[ 20.802999][ T2339] do_dentry_open+0x8f7/0x1070
[ 20.807778][ T2339] vfs_open+0x73/0x80
[ 20.811767][ T2339] path_openat+0x1681/0x42d0
[ 20.816503][ T2339] do_filp_open+0x1f7/0x430
[ 20.820992][ T2339] do_sys_open+0x36f/0x7a0
[ 20.825389][ T2339] __x64_sys_openat+0xa2/0xb0
[ 20.830042][ T2339] do_syscall_64+0xc0/0x100
[ 20.834536][ T2339] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 20.840417][ T2339]
[ 20.842723][ T2339] Freed by task 2335:
[ 20.846697][ T2339] __kasan_slab_free+0x168/0x220
[ 20.851613][ T2339] kasan_slab_free+0xe/0x10
[ 20.856103][ T2339] kfree+0x170/0x6d0
[ 20.859974][ T2339] __sk_destruct+0x45f/0x4e0
[ 20.864553][ T2339] __sk_free+0x35d/0x430
[ 20.868774][ T2339] sk_free+0x45/0x50
[ 20.872647][ T2339] __tun_detach+0x15d0/0x1a40
[ 20.877319][ T2339] tun_chr_close+0xb8/0xd0
[ 20.881729][ T2339] __fput+0x295/0x710
[ 20.885709][ T2339] ____fput+0x15/0x20
[ 20.889681][ T2339] task_work_run+0x176/0x1a0
[ 20.894254][ T2339] prepare_exit_to_usermode+0x2d8/0x370
[ 20.899775][ T2339] syscall_return_slowpath+0x6f/0x500
[ 20.905388][ T2339] do_syscall_64+0xe8/0x100
[ 20.909882][ T2339] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 20.915778][ T2339]
[ 20.918083][ T2339] The buggy address belongs to the object at ffff8881ca7e7000
[ 20.918083][ T2339] which belongs to the cache kmalloc-2k of size 2048
[ 20.932110][ T2339] The buggy address is located 1264 bytes inside of
[ 20.932110][ T2339] 2048-byte region [ffff8881ca7e7000, ffff8881ca7e7800)
[ 20.945531][ T2339] The buggy address belongs to the page:
[ 20.951150][ T2339] page:ffffea000729f800 refcount:1 mapcount:0 mapping:ffff8881da802800 index:0x0 compound_mapcount: 0
[ 20.962071][ T2339] flags: 0x8000000000010200(slab|head)
[ 20.967508][ T2339] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881da802800
[ 20.976088][ T2339] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 20.984658][ T2339] page dumped because: kasan: bad access detected
[ 20.991041][ T2339]
[ 20.993347][ T2339] Memory state around the buggy address:
[ 20.998959][ T2339] ffff8881ca7e7380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 21.006997][ T2339] ffff8881ca7e7400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 21.015028][ T2339] >ffff8881ca7e7480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 21.023080][ T2339] ^
[ 21.030766][ T2339] ffff8881ca7e7500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 21.038799][ T2339] ffff8881ca7e7580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 21.046826][ T2339] ==================================================================
[ 21.054868][ T2339] Disabling lock debugging due to kernel taint
2020/03/15 01:51:56 executed programs: 19
2020/03/15 01:52:01 executed programs: 47