Warning: Permanently added '10.128.0.131' (ECDSA) to the list of known hosts.
[ 18.330720][ T22] audit: type=1400 audit(1583532835.627:13): avc: denied { map } for pid=1864 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2020/03/06 22:13:55 parsed 1 programs
2020/03/06 22:13:57 executed programs: 0
[ 20.197884][ T22] audit: type=1400 audit(1583532837.497:14): avc: denied { map } for pid=1864 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=7901 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[ 20.230446][ T22] audit: type=1400 audit(1583532837.527:15): avc: denied { map } for pid=1864 comm="syz-execprog" path="/root/syzkaller-shm105033855" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[ 20.235087][ T1881] cgroup1: Unknown subsys name 'perf_event'
[ 20.263740][ T1881] cgroup1: Unknown subsys name 'net_cls'
[ 20.274524][ T1885] cgroup1: Unknown subsys name 'perf_event'
[ 20.280203][ T1889] cgroup1: Unknown subsys name 'perf_event'
[ 20.281084][ T1887] cgroup1: Unknown subsys name 'perf_event'
[ 20.286629][ T1889] cgroup1: Unknown subsys name 'net_cls'
[ 20.295152][ T1885] cgroup1: Unknown subsys name 'net_cls'
[ 20.306473][ T1887] cgroup1: Unknown subsys name 'net_cls'
[ 20.307430][ T1895] cgroup1: Unknown subsys name 'perf_event'
[ 20.314241][ T1896] cgroup1: Unknown subsys name 'perf_event'
[ 20.322718][ T1895] cgroup1: Unknown subsys name 'net_cls'
[ 20.328191][ T1896] cgroup1: Unknown subsys name 'net_cls'
[ 21.290395][ T22] audit: type=1400 audit(1583532838.587:16): avc: denied { create } for pid=1889 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 21.326047][ T22] audit: type=1400 audit(1583532838.587:17): avc: denied { write } for pid=1889 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 21.356128][ T22] audit: type=1400 audit(1583532838.587:18): avc: denied { read } for pid=1889 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 24.054041][ T22] audit: type=1400 audit(1583532841.347:19): avc: denied { associate } for pid=1887 comm="syz-executor.3" name="syz3" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
2020/03/06 22:14:02 executed programs: 23
[ 26.624281][ T4573] ==================================================================
[ 26.632377][ T4573] BUG: KASAN: use-after-free in free_netdev+0x186/0x300
[ 26.639296][ T4573] Read of size 8 at addr ffff8881d3dca4f0 by task syz-executor.2/4573
[ 26.647428][ T4573]
[ 26.649760][ T4573] CPU: 1 PID: 4573 Comm: syz-executor.2 Not tainted 5.4.24-syzkaller-00171-g3fe2bfe139ad #0
[ 26.659794][ T4573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 26.669826][ T4573] Call Trace:
[ 26.673096][ T4573] dump_stack+0x1b0/0x228
[ 26.677400][ T4573] ? show_regs_print_info+0x18/0x18
[ 26.682573][ T4573] ? vprintk_func+0x105/0x110
[ 26.687222][ T4573] ? printk+0xc0/0x109
[ 26.691266][ T4573] print_address_description+0x96/0x5d0
[ 26.696782][ T4573] ? devkmsg_release+0x127/0x127
[ 26.701691][ T4573] ? call_rcu+0x10/0x10
[ 26.705843][ T4573] __kasan_report+0x14b/0x1c0
[ 26.710523][ T4573] ? free_netdev+0x186/0x300
[ 26.715145][ T4573] kasan_report+0x26/0x50
[ 26.719455][ T4573] __asan_report_load8_noabort+0x14/0x20
[ 26.725063][ T4573] free_netdev+0x186/0x300
[ 26.729456][ T4573] netdev_run_todo+0xbc4/0xe00
[ 26.734195][ T4573] ? netdev_refcnt_read+0x1c0/0x1c0
[ 26.739372][ T4573] ? mutex_trylock+0xb0/0xb0
[ 26.743939][ T4573] ? netlink_net_capable+0x124/0x160
[ 26.749206][ T4573] rtnetlink_rcv_msg+0x963/0xc20
[ 26.754129][ T4573] ? is_bpf_text_address+0x2c8/0x2e0
[ 26.759391][ T4573] ? __kernel_text_address+0x9a/0x110
[ 26.764736][ T4573] ? rtnetlink_bind+0x80/0x80
[ 26.769390][ T4573] ? arch_stack_walk+0x98/0xe0
[ 26.774130][ T4573] ? __rcu_read_lock+0x50/0x50
[ 26.778869][ T4573] ? avc_has_perm_noaudit+0x2fc/0x3f0
[ 26.784214][ T4573] ? rhashtable_jhash2+0x1f1/0x330
[ 26.789297][ T4573] ? jhash+0x750/0x750
[ 26.793347][ T4573] ? rht_key_hashfn+0x157/0x240
[ 26.798172][ T4573] ? deferred_put_nlk_sk+0x200/0x200
[ 26.803443][ T4573] ? __alloc_skb+0x109/0x540
[ 26.808004][ T4573] ? jhash+0x750/0x750
[ 26.812044][ T4573] ? netlink_hash+0xd0/0xd0
[ 26.816525][ T4573] ? avc_has_perm+0x15f/0x260
[ 26.823692][ T4573] ? __rcu_read_lock+0x50/0x50
[ 26.828429][ T4573] netlink_rcv_skb+0x1f0/0x460
[ 26.833775][ T4573] ? rtnetlink_bind+0x80/0x80
[ 26.838454][ T4573] ? netlink_ack+0xa80/0xa80
[ 26.843027][ T4573] ? netlink_autobind+0x1c0/0x1c0
[ 26.848098][ T4573] ? __rcu_read_lock+0x50/0x50
[ 26.852846][ T4573] ? selinux_vm_enough_memory+0x160/0x160
[ 26.858538][ T4573] rtnetlink_rcv+0x1c/0x20
[ 26.862928][ T4573] netlink_unicast+0x87c/0xa20
[ 26.867667][ T4573] ? netlink_detachskb+0x60/0x60
[ 26.872575][ T4573] ? security_netlink_send+0xab/0xc0
[ 26.878634][ T4573] netlink_sendmsg+0x9a7/0xd40
[ 26.883382][ T4573] ? netlink_getsockopt+0x900/0x900
[ 26.888551][ T4573] ? security_socket_sendmsg+0xad/0xc0
[ 26.893981][ T4573] ? netlink_getsockopt+0x900/0x900
[ 26.899154][ T4573] ____sys_sendmsg+0x56f/0x860
[ 26.903891][ T4573] ? __sys_sendmsg_sock+0x2a0/0x2a0
[ 26.909071][ T4573] ? __fdget+0x17c/0x200
[ 26.913286][ T4573] __sys_sendmsg+0x26a/0x350
[ 26.917848][ T4573] ? errseq_set+0x102/0x140
[ 26.922323][ T4573] ? ____sys_sendmsg+0x860/0x860
[ 26.927233][ T4573] ? __rcu_read_lock+0x50/0x50
[ 26.931967][ T4573] ? alloc_file_pseudo+0x282/0x310
[ 26.937049][ T4573] ? __kasan_check_write+0x14/0x20
[ 26.942139][ T4573] ? __kasan_check_read+0x11/0x20
[ 26.947136][ T4573] ? _copy_to_user+0x92/0xb0
[ 26.951699][ T4573] ? put_timespec64+0x106/0x150
[ 26.956524][ T4573] ? ktime_get_raw+0x130/0x130
[ 26.961345][ T4573] ? get_timespec64+0x1c0/0x1c0
[ 26.966170][ T4573] ? __kasan_check_read+0x11/0x20
[ 26.971168][ T4573] ? __ia32_sys_clock_settime+0x230/0x230
[ 26.976869][ T4573] __x64_sys_sendmsg+0x7f/0x90
[ 26.981607][ T4573] do_syscall_64+0xc0/0x100
[ 26.986084][ T4573] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 26.991960][ T4573] RIP: 0033:0x45c4a9
[ 26.995841][ T4573] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 27.015425][ T4573] RSP: 002b:00007f03dd012c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 27.023810][ T4573] RAX: ffffffffffffffda RBX: 00007f03dd0136d4 RCX: 000000000045c4a9
[ 27.031757][ T4573] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005
[ 27.039701][ T4573] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 27.047651][ T4573] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 27.055952][ T4573] R13: 00000000000009f9 R14: 00000000004cc766 R15: 000000000076bf2c
[ 27.063897][ T4573]
[ 27.066211][ T4573] Allocated by task 4573:
[ 27.070527][ T4573] __kasan_kmalloc+0x117/0x1b0
[ 27.075277][ T4573] kasan_kmalloc+0x9/0x10
[ 27.079594][ T4573] __kmalloc+0x102/0x310
[ 27.083824][ T4573] sk_prot_alloc+0x11c/0x2f0
[ 27.088401][ T4573] sk_alloc+0x35/0x300
[ 27.092456][ T4573] tun_chr_open+0x7b/0x4a0
[ 27.096875][ T4573] misc_open+0x3ea/0x440
[ 27.101118][ T4573] chrdev_open+0x60a/0x670
[ 27.105633][ T4573] do_dentry_open+0x8f7/0x1070
[ 27.110378][ T4573] vfs_open+0x73/0x80
[ 27.114340][ T4573] path_openat+0x1681/0x42d0
[ 27.118903][ T4573] do_filp_open+0x1f7/0x430
[ 27.123466][ T4573] do_sys_open+0x36f/0x7a0
[ 27.127856][ T4573] __x64_sys_openat+0xa2/0xb0
[ 27.132507][ T4573] do_syscall_64+0xc0/0x100
[ 27.137157][ T4573] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 27.143019][ T4573]
[ 27.145331][ T4573] Freed by task 4572:
[ 27.149284][ T4573] __kasan_slab_free+0x168/0x220
[ 27.154193][ T4573] kasan_slab_free+0xe/0x10
[ 27.159194][ T4573] kfree+0x170/0x6d0
[ 27.163070][ T4573] __sk_destruct+0x45f/0x4e0
[ 27.167647][ T4573] __sk_free+0x35d/0x430
[ 27.171861][ T4573] sk_free+0x45/0x50
[ 27.175741][ T4573] __tun_detach+0x15d0/0x1a40
[ 27.180405][ T4573] tun_chr_close+0xb8/0xd0
[ 27.184801][ T4573] __fput+0x295/0x710
[ 27.188848][ T4573] ____fput+0x15/0x20
[ 27.192900][ T4573] task_work_run+0x176/0x1a0
[ 27.197463][ T4573] prepare_exit_to_usermode+0x2d8/0x370
[ 27.202981][ T4573] syscall_return_slowpath+0x6f/0x500
[ 27.208323][ T4573] do_syscall_64+0xe8/0x100
[ 27.212802][ T4573] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 27.218681][ T4573]
[ 27.220986][ T4573] The buggy address belongs to the object at ffff8881d3dca000
[ 27.220986][ T4573] which belongs to the cache kmalloc-2k of size 2048
[ 27.235190][ T4573] The buggy address is located 1264 bytes inside of
[ 27.235190][ T4573] 2048-byte region [ffff8881d3dca000, ffff8881d3dca800)
[ 27.248607][ T4573] The buggy address belongs to the page:
[ 27.254222][ T4573] page:ffffea00074f7200 refcount:1 mapcount:0 mapping:ffff8881da802800 index:0x0 compound_mapcount: 0
[ 27.265131][ T4573] flags: 0x8000000000010200(slab|head)
[ 27.270581][ T4573] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881da802800
[ 27.279218][ T4573] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 27.287794][ T4573] page dumped because: kasan: bad access detected
[ 27.294184][ T4573]
[ 27.296489][ T4573] Memory state around the buggy address:
[ 27.302097][ T4573] ffff8881d3dca380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 27.310139][ T4573] ffff8881d3dca400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 27.318835][ T4573] >ffff8881d3dca480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 27.327020][ T4573] ^
[ 27.334805][ T4573] ffff8881d3dca500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 27.342854][ T4573] ffff8881d3dca580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 27.350993][ T4573] ==================================================================
[ 27.359222][ T4573] Disabling lock debugging due to kernel taint
2020/03/06 22:14:07 executed programs: 111
2020/03/06 22:14:12 executed programs: 217