[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Start[ 9.142489][ T22] audit: type=1400 audit(1583581951.903:10): avc: denied { watch } for pid=1787 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 ing file context[ 9.149387][ T22] audit: type=1400 audit(1583581951.903:11): avc: denied { watch } for pid=1787 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2280 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 10.147314][ T22] audit: type=1400 audit(1583581952.903:12): avc: denied { map } for pid=1863 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.145' (ECDSA) to the list of known hosts. syzkaller login: [ 18.599189][ T22] audit: type=1400 audit(1583581961.353:13): avc: denied { map } for pid=1875 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2020/03/07 11:52:41 parsed 1 programs 2020/03/07 11:52:42 executed programs: 0 [ 19.808246][ T22] audit: type=1400 audit(1583581962.563:14): avc: denied { map } for pid=1875 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=36 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 19.822498][ T1898] cgroup1: Unknown subsys name 'perf_event' [ 19.834182][ T22] audit: type=1400 audit(1583581962.563:15): avc: denied { map } for pid=1875 comm="syz-execprog" path="/root/syzkaller-shm596807287" dev="sda1" ino=2233 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 19.840697][ T1898] cgroup1: Unknown subsys name 'net_cls' [ 20.091581][ T22] audit: type=1400 audit(1583581962.853:16): avc: denied { create } for pid=1898 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 20.116568][ T22] audit: type=1400 audit(1583581962.853:17): avc: denied { write } for pid=1898 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 20.142199][ T22] audit: type=1400 audit(1583581962.883:18): avc: denied { read } for pid=1898 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 20.729196][ T22] audit: type=1400 audit(1583581963.483:19): avc: denied { associate } for pid=1898 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 21.719677][ T2337] ================================================================== [ 21.727769][ T2337] BUG: KASAN: use-after-free in free_netdev+0x186/0x300 [ 21.734781][ T2337] Read of size 8 at addr ffff8881ca75b4f0 by task syz-executor.0/2337 [ 21.742997][ T2337] [ 21.745305][ T2337] CPU: 1 PID: 2337 Comm: syz-executor.0 Not tainted 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 21.755330][ T2337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.765525][ T2337] Call Trace: [ 21.768804][ T2337] dump_stack+0x1b0/0x228 [ 21.773104][ T2337] ? show_regs_print_info+0x18/0x18 [ 21.778279][ T2337] ? vprintk_func+0x105/0x110 [ 21.782945][ T2337] ? printk+0xc0/0x109 [ 21.786996][ T2337] print_address_description+0x96/0x5d0 [ 21.792514][ T2337] ? devkmsg_release+0x127/0x127 [ 21.797433][ T2337] ? call_rcu+0x10/0x10 [ 21.801572][ T2337] __kasan_report+0x14b/0x1c0 [ 21.806297][ T2337] ? free_netdev+0x186/0x300 [ 21.810862][ T2337] kasan_report+0x26/0x50 [ 21.815165][ T2337] __asan_report_load8_noabort+0x14/0x20 [ 21.820775][ T2337] free_netdev+0x186/0x300 [ 21.825163][ T2337] netdev_run_todo+0xbc4/0xe00 [ 21.829916][ T2337] ? netdev_refcnt_read+0x1c0/0x1c0 [ 21.835088][ T2337] ? mutex_trylock+0xb0/0xb0 [ 21.839652][ T2337] ? netlink_net_capable+0x124/0x160 [ 21.844912][ T2337] rtnetlink_rcv_msg+0x963/0xc20 [ 21.849825][ T2337] ? is_bpf_text_address+0x2c8/0x2e0 [ 21.855083][ T2337] ? __kernel_text_address+0x9a/0x110 [ 21.860440][ T2337] ? rtnetlink_bind+0x80/0x80 [ 21.865098][ T2337] ? arch_stack_walk+0x98/0xe0 [ 21.869836][ T2337] ? __rcu_read_lock+0x50/0x50 [ 21.874577][ T2337] ? avc_has_perm_noaudit+0x2fc/0x3f0 [ 21.879934][ T2337] ? rhashtable_jhash2+0x1f1/0x330 [ 21.885017][ T2337] ? jhash+0x750/0x750 [ 21.889080][ T2337] ? rht_key_hashfn+0x157/0x240 [ 21.893927][ T2337] ? deferred_put_nlk_sk+0x200/0x200 [ 21.899198][ T2337] ? __alloc_skb+0x109/0x540 [ 21.903760][ T2337] ? jhash+0x750/0x750 [ 21.907956][ T2337] ? netlink_hash+0xd0/0xd0 [ 21.912611][ T2337] ? avc_has_perm+0x15f/0x260 [ 21.917302][ T2337] ? __rcu_read_lock+0x50/0x50 [ 21.922041][ T2337] netlink_rcv_skb+0x1f0/0x460 [ 21.926873][ T2337] ? rtnetlink_bind+0x80/0x80 [ 21.931537][ T2337] ? netlink_ack+0xa80/0xa80 [ 21.936112][ T2337] ? netlink_autobind+0x1c0/0x1c0 [ 21.941256][ T2337] ? __rcu_read_lock+0x50/0x50 [ 21.945996][ T2337] ? selinux_vm_enough_memory+0x160/0x160 [ 21.951754][ T2337] rtnetlink_rcv+0x1c/0x20 [ 21.956149][ T2337] netlink_unicast+0x87c/0xa20 [ 21.960887][ T2337] ? netlink_detachskb+0x60/0x60 [ 21.965810][ T2337] ? security_netlink_send+0xab/0xc0 [ 21.971065][ T2337] netlink_sendmsg+0x9a7/0xd40 [ 21.975827][ T2337] ? netlink_getsockopt+0x900/0x900 [ 21.981000][ T2337] ? security_socket_sendmsg+0xad/0xc0 [ 21.986530][ T2337] ? netlink_getsockopt+0x900/0x900 [ 21.991702][ T2337] ____sys_sendmsg+0x56f/0x860 [ 21.996438][ T2337] ? __sys_sendmsg_sock+0x2a0/0x2a0 [ 22.001607][ T2337] ? __kasan_check_write+0x14/0x20 [ 22.006698][ T2337] ? __fdget+0x17c/0x200 [ 22.010918][ T2337] __sys_sendmsg+0x26a/0x350 [ 22.015484][ T2337] ? errseq_sample+0x43/0x70 [ 22.020046][ T2337] ? ____sys_sendmsg+0x860/0x860 [ 22.024967][ T2337] ? alloc_file_pseudo+0x282/0x310 [ 22.030052][ T2337] ? alloc_empty_file_noaccount+0x80/0x80 [ 22.035830][ T2337] ? __kasan_check_read+0x11/0x20 [ 22.040823][ T2337] ? _copy_to_user+0x92/0xb0 [ 22.045405][ T2337] ? put_timespec64+0x106/0x150 [ 22.050249][ T2337] ? ktime_get_raw+0x130/0x130 [ 22.055023][ T2337] ? get_timespec64+0x1c0/0x1c0 [ 22.059847][ T2337] ? __kasan_check_read+0x11/0x20 [ 22.064863][ T2337] ? __ia32_sys_clock_settime+0x230/0x230 [ 22.070558][ T2337] __x64_sys_sendmsg+0x7f/0x90 [ 22.075296][ T2337] do_syscall_64+0xc0/0x100 [ 22.079780][ T2337] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.085648][ T2337] RIP: 0033:0x45c4a9 [ 22.089519][ T2337] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 22.109207][ T2337] RSP: 002b:00007f536d5eac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 22.117737][ T2337] RAX: ffffffffffffffda RBX: 00007f536d5eb6d4 RCX: 000000000045c4a9 [ 22.125699][ T2337] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005 [ 22.133665][ T2337] RBP: 000000000076c060 R08: 0000000000000000 R09: 0000000000000000 [ 22.141624][ T2337] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 22.149590][ T2337] R13: 00000000000009f9 R14: 00000000004cc766 R15: 000000000076c06c [ 22.157533][ T2337] [ 22.159838][ T2337] Allocated by task 2335: [ 22.164170][ T2337] __kasan_kmalloc+0x117/0x1b0 [ 22.168918][ T2337] kasan_kmalloc+0x9/0x10 [ 22.173334][ T2337] __kmalloc+0x102/0x310 [ 22.177551][ T2337] sk_prot_alloc+0x11c/0x2f0 [ 22.182374][ T2337] sk_alloc+0x35/0x300 [ 22.186426][ T2337] tun_chr_open+0x7b/0x4a0 [ 22.190817][ T2337] misc_open+0x3ea/0x440 [ 22.195038][ T2337] chrdev_open+0x60a/0x670 [ 22.199478][ T2337] do_dentry_open+0x8f7/0x1070 [ 22.204256][ T2337] vfs_open+0x73/0x80 [ 22.208339][ T2337] path_openat+0x1681/0x42d0 [ 22.212918][ T2337] do_filp_open+0x1f7/0x430 [ 22.217400][ T2337] do_sys_open+0x36f/0x7a0 [ 22.221792][ T2337] __x64_sys_openat+0xa2/0xb0 [ 22.226441][ T2337] do_syscall_64+0xc0/0x100 [ 22.230918][ T2337] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.236930][ T2337] [ 22.239238][ T2337] Freed by task 2333: [ 22.243206][ T2337] __kasan_slab_free+0x168/0x220 [ 22.248113][ T2337] kasan_slab_free+0xe/0x10 [ 22.252762][ T2337] kfree+0x170/0x6d0 [ 22.256631][ T2337] __sk_destruct+0x45f/0x4e0 [ 22.261294][ T2337] __sk_free+0x35d/0x430 [ 22.265515][ T2337] sk_free+0x45/0x50 [ 22.269440][ T2337] __tun_detach+0x15d0/0x1a40 [ 22.274099][ T2337] tun_chr_close+0xb8/0xd0 [ 22.278502][ T2337] __fput+0x295/0x710 [ 22.282479][ T2337] ____fput+0x15/0x20 [ 22.286450][ T2337] task_work_run+0x176/0x1a0 [ 22.291014][ T2337] prepare_exit_to_usermode+0x2d8/0x370 [ 22.296533][ T2337] syscall_return_slowpath+0x6f/0x500 [ 22.301878][ T2337] do_syscall_64+0xe8/0x100 [ 22.306351][ T2337] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.312213][ T2337] [ 22.314536][ T2337] The buggy address belongs to the object at ffff8881ca75b000 [ 22.314536][ T2337] which belongs to the cache kmalloc-2k of size 2048 [ 22.329699][ T2337] The buggy address is located 1264 bytes inside of [ 22.329699][ T2337] 2048-byte region [ffff8881ca75b000, ffff8881ca75b800) [ 22.343211][ T2337] The buggy address belongs to the page: [ 22.348835][ T2337] page:ffffea000729d600 refcount:1 mapcount:0 mapping:ffff8881da802800 index:0x0 compound_mapcount: 0 [ 22.359745][ T2337] flags: 0x8000000000010200(slab|head) [ 22.365193][ T2337] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881da802800 [ 22.373750][ T2337] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 22.382312][ T2337] page dumped because: kasan: bad access detected [ 22.388695][ T2337] [ 22.390998][ T2337] Memory state around the buggy address: [ 22.399475][ T2337] ffff8881ca75b380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.407668][ T2337] ffff8881ca75b400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.415822][ T2337] >ffff8881ca75b480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.423954][ T2337] ^ [ 22.431643][ T2337] ffff8881ca75b500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.439678][ T2337] ffff8881ca75b580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.447718][ T2337] ================================================================== [ 22.455760][ T2337] Disabling lock debugging due to kernel taint 2020/03/07 11:52:47 executed programs: 17 2020/03/07 11:52:52 executed programs: 44