[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[    9.019259][   T22] audit: type=1400 audit(1583526788.115:10): avc:  denied  { watch } for  pid=1788 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[    9.028806][   T22] audit: type=1400 audit(1583526788.115:11): avc:  denied  { watch } for  pid=1788 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2280 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   10.480283][   T22] audit: type=1400 audit(1583526789.575:12): avc:  denied  { map } for  pid=1862 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.1.13' (ECDSA) to the list of known hosts.
[   26.262007][   T22] audit: type=1400 audit(1583526805.365:13): avc:  denied  { map } for  pid=1880 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16480 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2020/03/06 20:33:25 parsed 1 programs
2020/03/06 20:33:27 executed programs: 0
[   28.503769][   T22] audit: type=1400 audit(1583526807.605:14): avc:  denied  { map } for  pid=1880 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=7901 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[   28.533823][ T1900] cgroup1: Unknown subsys name 'perf_event'
[   28.535157][ T1902] cgroup1: Unknown subsys name 'perf_event'
[   28.540686][ T1900] cgroup1: Unknown subsys name 'net_cls'
[   28.546607][ T1904] cgroup1: Unknown subsys name 'perf_event'
[   28.559046][ T1907] cgroup1: Unknown subsys name 'perf_event'
[   28.560379][ T1904] cgroup1: Unknown subsys name 'net_cls'
[   28.567645][ T1909] cgroup1: Unknown subsys name 'perf_event'
[   28.578670][ T1902] cgroup1: Unknown subsys name 'net_cls'
[   28.579238][ T1913] cgroup1: Unknown subsys name 'perf_event'
[   28.584840][ T1907] cgroup1: Unknown subsys name 'net_cls'
[   28.594046][ T1913] cgroup1: Unknown subsys name 'net_cls'
[   28.598535][ T1909] cgroup1: Unknown subsys name 'net_cls'
[   29.660837][   T22] audit: type=1400 audit(1583526808.755:15): avc:  denied  { create } for  pid=1900 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   29.718756][   T22] audit: type=1400 audit(1583526808.765:16): avc:  denied  { write } for  pid=1900 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   29.771633][   T22] audit: type=1400 audit(1583526808.765:17): avc:  denied  { read } for  pid=1900 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   32.545247][   T22] audit: type=1400 audit(1583526811.635:18): avc:  denied  { associate } for  pid=1913 comm="syz-executor.5" name="syz5" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
2020/03/06 20:33:32 executed programs: 21
[   34.192509][ T4543] ==================================================================
[   34.200775][ T4543] BUG: KASAN: use-after-free in free_netdev+0x186/0x300
[   34.207689][ T4543] Read of size 8 at addr ffff8881d4ec74f0 by task syz-executor.0/4543
[   34.215831][ T4543] 
[   34.218164][ T4543] CPU: 0 PID: 4543 Comm: syz-executor.0 Not tainted 5.4.24-syzkaller-00161-g017d67e9a8b3 #0
[   34.228239][ T4543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.238307][ T4543] Call Trace:
[   34.241585][ T4543]  dump_stack+0x1b0/0x228
[   34.245896][ T4543]  ? show_regs_print_info+0x18/0x18
[   34.251083][ T4543]  ? vprintk_func+0x105/0x110
[   34.255748][ T4543]  ? printk+0xc0/0x109
[   34.259806][ T4543]  print_address_description+0x96/0x5d0
[   34.265327][ T4543]  ? devkmsg_release+0x127/0x127
[   34.270240][ T4543]  ? call_rcu+0x10/0x10
[   34.274370][ T4543]  __kasan_report+0x14b/0x1c0
[   34.279023][ T4543]  ? free_netdev+0x186/0x300
[   34.283602][ T4543]  kasan_report+0x26/0x50
[   34.287908][ T4543]  __asan_report_load8_noabort+0x14/0x20
[   34.293529][ T4543]  free_netdev+0x186/0x300
[   34.297922][ T4543]  netdev_run_todo+0xbc4/0xe00
[   34.302663][ T4543]  ? netdev_refcnt_read+0x1c0/0x1c0
[   34.307857][ T4543]  ? mutex_trylock+0xb0/0xb0
[   34.312435][ T4543]  ? netlink_net_capable+0x124/0x160
[   34.317707][ T4543]  rtnetlink_rcv_msg+0x963/0xc20
[   34.322662][ T4543]  ? is_bpf_text_address+0x2c8/0x2e0
[   34.327940][ T4543]  ? __kernel_text_address+0x9a/0x110
[   34.333294][ T4543]  ? rtnetlink_bind+0x80/0x80
[   34.338058][ T4543]  ? arch_stack_walk+0x98/0xe0
[   34.342816][ T4543]  ? __rcu_read_lock+0x50/0x50
[   34.347641][ T4543]  ? avc_has_perm_noaudit+0x2fc/0x3f0
[   34.352989][ T4543]  ? rhashtable_jhash2+0x1f1/0x330
[   34.358075][ T4543]  ? jhash+0x750/0x750
[   34.362117][ T4543]  ? rht_key_hashfn+0x157/0x240
[   34.366943][ T4543]  ? deferred_put_nlk_sk+0x200/0x200
[   34.372216][ T4543]  ? __alloc_skb+0x109/0x540
[   34.376868][ T4543]  ? jhash+0x750/0x750
[   34.380917][ T4543]  ? netlink_hash+0xd0/0xd0
[   34.385412][ T4543]  ? avc_has_perm+0x15f/0x260
[   34.390080][ T4543]  ? __rcu_read_lock+0x50/0x50
[   34.394822][ T4543]  netlink_rcv_skb+0x1f0/0x460
[   34.399562][ T4543]  ? rtnetlink_bind+0x80/0x80
[   34.404232][ T4543]  ? netlink_ack+0xa80/0xa80
[   34.408812][ T4543]  ? netlink_autobind+0x1c0/0x1c0
[   34.413820][ T4543]  ? __rcu_read_lock+0x50/0x50
[   34.418562][ T4543]  ? selinux_vm_enough_memory+0x160/0x160
[   34.424258][ T4543]  rtnetlink_rcv+0x1c/0x20
[   34.428995][ T4543]  netlink_unicast+0x87c/0xa20
[   34.433736][ T4543]  ? netlink_detachskb+0x60/0x60
[   34.438664][ T4543]  ? security_netlink_send+0xab/0xc0
[   34.444010][ T4543]  netlink_sendmsg+0x9a7/0xd40
[   34.448750][ T4543]  ? netlink_getsockopt+0x900/0x900
[   34.453935][ T4543]  ? security_socket_sendmsg+0xad/0xc0
[   34.459380][ T4543]  ? netlink_getsockopt+0x900/0x900
[   34.464552][ T4543]  ____sys_sendmsg+0x56f/0x860
[   34.469291][ T4543]  ? __sys_sendmsg_sock+0x2a0/0x2a0
[   34.474480][ T4543]  ? __fdget+0x17c/0x200
[   34.478714][ T4543]  __sys_sendmsg+0x26a/0x350
[   34.483312][ T4543]  ? errseq_set+0x102/0x140
[   34.487797][ T4543]  ? ____sys_sendmsg+0x860/0x860
[   34.492911][ T4543]  ? __rcu_read_lock+0x50/0x50
[   34.497676][ T4543]  ? alloc_file_pseudo+0x282/0x310
[   34.502766][ T4543]  ? __kasan_check_write+0x14/0x20
[   34.507848][ T4543]  ? __kasan_check_read+0x11/0x20
[   34.512874][ T4543]  ? _copy_to_user+0x92/0xb0
[   34.517469][ T4543]  ? put_timespec64+0x106/0x150
[   34.522304][ T4543]  ? ktime_get_raw+0x130/0x130
[   34.527057][ T4543]  ? get_timespec64+0x1c0/0x1c0
[   34.531919][ T4543]  ? __kasan_check_read+0x11/0x20
[   34.537075][ T4543]  ? __ia32_sys_clock_settime+0x230/0x230
[   34.542778][ T4543]  __x64_sys_sendmsg+0x7f/0x90
[   34.547549][ T4543]  do_syscall_64+0xc0/0x100
[   34.552031][ T4543]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   34.557898][ T4543] RIP: 0033:0x45c479
[   34.561769][ T4543] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   34.581360][ T4543] RSP: 002b:00007f9e32fcbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   34.589759][ T4543] RAX: ffffffffffffffda RBX: 00007f9e32fcc6d4 RCX: 000000000045c479
[   34.597708][ T4543] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005
[   34.605656][ T4543] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000
[   34.613718][ T4543] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   34.621673][ T4543] R13: 00000000000009f9 R14: 00000000004cc71a R15: 000000000076bfcc
[   34.629637][ T4543] 
[   34.631951][ T4543] Allocated by task 4532:
[   34.636277][ T4543]  __kasan_kmalloc+0x117/0x1b0
[   34.641014][ T4543]  kasan_kmalloc+0x9/0x10
[   34.645316][ T4543]  __kmalloc+0x102/0x310
[   34.649555][ T4543]  sk_prot_alloc+0x11c/0x2f0
[   34.654119][ T4543]  sk_alloc+0x35/0x300
[   34.658162][ T4543]  tun_chr_open+0x7b/0x4a0
[   34.662685][ T4543]  misc_open+0x3ea/0x440
[   34.666943][ T4543]  chrdev_open+0x60a/0x670
[   34.671349][ T4543]  do_dentry_open+0x8f7/0x1070
[   34.676180][ T4543]  vfs_open+0x73/0x80
[   34.680149][ T4543]  path_openat+0x1681/0x42d0
[   34.684734][ T4543]  do_filp_open+0x1f7/0x430
[   34.689215][ T4543]  do_sys_open+0x36f/0x7a0
[   34.693607][ T4543]  __x64_sys_openat+0xa2/0xb0
[   34.698258][ T4543]  do_syscall_64+0xc0/0x100
[   34.702753][ T4543]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   34.708624][ T4543] 
[   34.710932][ T4543] Freed by task 4531:
[   34.714925][ T4543]  __kasan_slab_free+0x168/0x220
[   34.719861][ T4543]  kasan_slab_free+0xe/0x10
[   34.724341][ T4543]  kfree+0x170/0x6d0
[   34.728215][ T4543]  __sk_destruct+0x45f/0x4e0
[   34.732780][ T4543]  __sk_free+0x35d/0x430
[   34.737001][ T4543]  sk_free+0x45/0x50
[   34.740871][ T4543]  __tun_detach+0x15d0/0x1a40
[   34.745554][ T4543]  tun_chr_close+0xb8/0xd0
[   34.749971][ T4543]  __fput+0x295/0x710
[   34.753937][ T4543]  ____fput+0x15/0x20
[   34.757912][ T4543]  task_work_run+0x176/0x1a0
[   34.762629][ T4543]  prepare_exit_to_usermode+0x2d8/0x370
[   34.768173][ T4543]  syscall_return_slowpath+0x6f/0x500
[   34.773525][ T4543]  do_syscall_64+0xe8/0x100
[   34.778007][ T4543]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   34.783870][ T4543] 
[   34.786186][ T4543] The buggy address belongs to the object at ffff8881d4ec7000
[   34.786186][ T4543]  which belongs to the cache kmalloc-2k of size 2048
[   34.800221][ T4543] The buggy address is located 1264 bytes inside of
[   34.800221][ T4543]  2048-byte region [ffff8881d4ec7000, ffff8881d4ec7800)
[   34.813650][ T4543] The buggy address belongs to the page:
[   34.819262][ T4543] page:ffffea000753b000 refcount:1 mapcount:0 mapping:ffff8881da802800 index:0x0 compound_mapcount: 0
[   34.830186][ T4543] flags: 0x8000000000010200(slab|head)
[   34.835818][ T4543] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881da802800
[   34.844405][ T4543] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[   34.853141][ T4543] page dumped because: kasan: bad access detected
[   34.859524][ T4543] 
[   34.861845][ T4543] Memory state around the buggy address:
[   34.867462][ T4543]  ffff8881d4ec7380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.875613][ T4543]  ffff8881d4ec7400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.883679][ T4543] >ffff8881d4ec7480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.891834][ T4543]                                                              ^
[   34.899553][ T4543]  ffff8881d4ec7500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.907613][ T4543]  ffff8881d4ec7580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.915671][ T4543] ==================================================================
[   34.923801][ T4543] Disabling lock debugging due to kernel taint
2020/03/06 20:33:37 executed programs: 110
2020/03/06 20:33:42 executed programs: 214