Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   96.526500][   T26] audit: type=1400 audit(1579581030.006:37): avc:  denied  { watch } for  pid=10743 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   99.920665][   T26] kauditd_printk_skb: 3 callbacks suppressed
[   99.920680][   T26] audit: type=1400 audit(1579581033.396:41): avc:  denied  { map } for  pid=10835 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.143' (ECDSA) to the list of known hosts.
executing program
executing program
[  106.729947][   T26] audit: type=1400 audit(1579581040.206:42): avc:  denied  { map } for  pid=10847 comm="syz-executor196" path="/root/syz-executor196764290" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[  106.747662][T10849] ==================================================================
[  106.757589][   T26] audit: type=1400 audit(1579581040.206:43): avc:  denied  { create } for  pid=10848 comm="syz-executor196" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[  106.765225][T10849] BUG: KASAN: slab-out-of-bounds in bitmap_ip_ext_cleanup+0xd8/0x290
[  106.765238][T10849] Read of size 8 at addr ffff888099964d00 by task syz-executor196/10849
[  106.765246][T10849] 
[  106.765262][T10849] CPU: 1 PID: 10849 Comm: syz-executor196 Not tainted 5.5.0-rc7-syzkaller #0
[  106.765270][T10849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  106.765275][T10849] Call Trace:
[  106.765298][T10849]  dump_stack+0x197/0x210
[  106.765311][T10849]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  106.765335][T10849]  print_address_description.constprop.0.cold+0xd4/0x30b
[  106.765349][T10849]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  106.765361][T10849]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  106.765390][T10849]  __kasan_report.cold+0x1b/0x41
[  106.765406][T10849]  ? ip_set_net_exit+0x510/0x5c0
[  106.765418][T10849]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  106.765439][T10849]  kasan_report+0x12/0x20
[  106.791381][   T26] audit: type=1400 audit(1579581040.206:44): avc:  denied  { write } for  pid=10848 comm="syz-executor196" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[  106.798522][T10849]  check_memory_region+0x134/0x1a0
[  106.798538][T10849]  __kasan_check_read+0x11/0x20
[  106.798552][T10849]  bitmap_ip_ext_cleanup+0xd8/0x290
[  106.798570][T10849]  bitmap_ip_destroy+0x180/0x1d0
[  106.798585][T10849]  ip_set_create+0xe47/0x1500
[  106.798608][T10849]  ? ip_set_destroy+0xb70/0xb70
[  106.798645][T10849]  ? ip_set_destroy+0xb70/0xb70
[  106.938953][T10849]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  106.943913][T10849]  ? nfnetlink_bind+0x2c0/0x2c0
[  106.948833][T10849]  ? avc_has_extended_perms+0x10f0/0x10f0
[  106.954659][T10849]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  106.960892][T10849]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  106.967152][T10849]  ? cred_has_capability+0x199/0x330
[  106.972541][T10849]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  106.978179][T10849]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  106.983816][T10849]  ? __check_heap_object+0x53/0xb3
[  106.989024][T10849]  ? __lock_acquire+0x8a0/0x4a00
[  106.994054][T10849]  netlink_rcv_skb+0x177/0x450
[  106.998808][T10849]  ? nfnetlink_bind+0x2c0/0x2c0
[  107.003733][T10849]  ? netlink_ack+0xb50/0xb50
[  107.008447][T10849]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.014843][T10849]  ? ns_capable_common+0x93/0x100
[  107.019857][T10849]  ? ns_capable+0x20/0x30
[  107.024192][T10849]  ? __netlink_ns_capable+0x104/0x140
[  107.029668][T10849]  nfnetlink_rcv+0x1ba/0x460
[  107.034265][T10849]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  107.039711][T10849]  ? netlink_deliver_tap+0x24a/0xbe0
[  107.044987][T10849]  ? __kasan_check_write+0x14/0x20
[  107.050095][T10849]  netlink_unicast+0x58c/0x7d0
[  107.054888][T10849]  ? netlink_attachskb+0x870/0x870
[  107.060016][T10849]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.066246][T10849]  netlink_sendmsg+0x91c/0xea0
[  107.071000][T10849]  ? netlink_unicast+0x7d0/0x7d0
[  107.075940][T10849]  ? tomoyo_socket_sendmsg+0x26/0x30
[  107.081224][T10849]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.087576][T10849]  ? security_socket_sendmsg+0x8d/0xc0
[  107.093023][T10849]  ? netlink_unicast+0x7d0/0x7d0
[  107.097955][T10849]  sock_sendmsg+0xd7/0x130
[  107.102356][T10849]  ____sys_sendmsg+0x753/0x880
[  107.107249][T10849]  ? kernel_sendmsg+0x50/0x50
[  107.112016][T10849]  ? mark_held_locks+0xa4/0xf0
[  107.116773][T10849]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  107.122841][T10849]  ? __handle_mm_fault+0x3145/0x3cc0
[  107.128127][T10849]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  107.135323][T10849]  ___sys_sendmsg+0x100/0x170
[  107.139990][T10849]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  107.146061][T10849]  ? sendmsg_copy_msghdr+0x70/0x70
[  107.151185][T10849]  ? __do_page_fault+0x56a/0xd80
[  107.156640][T10849]  ? find_held_lock+0x35/0x130
[  107.161388][T10849]  ? __do_page_fault+0x56a/0xd80
[  107.166551][T10849]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.172779][T10849]  ? __fget_light+0x1a9/0x230
[  107.177470][T10849]  ? __fdget+0x1b/0x20
[  107.181681][T10849]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  107.188052][T10849]  __sys_sendmsg+0x105/0x1d0
[  107.192816][T10849]  ? __sys_sendmsg_sock+0xc0/0xc0
[  107.197841][T10849]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  107.203380][T10849]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  107.208836][T10849]  ? do_syscall_64+0x26/0x790
[  107.213502][T10849]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  107.219676][T10849]  ? do_syscall_64+0x26/0x790
[  107.224355][T10849]  __x64_sys_sendmsg+0x78/0xb0
[  107.229108][T10849]  do_syscall_64+0xfa/0x790
[  107.233598][T10849]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  107.239784][T10849] RIP: 0033:0x441459
[  107.243663][T10849] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  107.263564][T10849] RSP: 002b:00007ffe7d1caa58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  107.271980][T10849] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441459
[  107.280045][T10849] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  107.288021][T10849] RBP: 000000000001a0bf R08: 00000000004002c8 R09: 00000000004002c8
[  107.296280][T10849] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402280
[  107.304300][T10849] R13: 0000000000402310 R14: 0000000000000000 R15: 0000000000000000
[  107.312956][T10849] 
[  107.315283][T10849] Allocated by task 10849:
[  107.319703][T10849]  save_stack+0x23/0x90
[  107.323884][T10849]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  107.329515][T10849]  kasan_kmalloc+0x9/0x10
[  107.333850][T10849]  __kmalloc+0x163/0x770
[  107.338298][T10849]  ip_set_alloc+0x38/0x5e
[  107.342625][T10849]  bitmap_ip_create+0x6ec/0xc20
[  107.347483][T10849]  ip_set_create+0x6f1/0x1500
[  107.352163][T10849]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  107.357101][T10849]  netlink_rcv_skb+0x177/0x450
[  107.361855][T10849]  nfnetlink_rcv+0x1ba/0x460
[  107.366552][T10849]  netlink_unicast+0x58c/0x7d0
[  107.371300][T10849]  netlink_sendmsg+0x91c/0xea0
[  107.376054][T10849]  sock_sendmsg+0xd7/0x130
[  107.380476][T10849]  ____sys_sendmsg+0x753/0x880
[  107.387084][T10849]  ___sys_sendmsg+0x100/0x170
[  107.391744][T10849]  __sys_sendmsg+0x105/0x1d0
[  107.396329][T10849]  __x64_sys_sendmsg+0x78/0xb0
[  107.401141][T10849]  do_syscall_64+0xfa/0x790
[  107.405695][T10849]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  107.411576][T10849] 
[  107.413987][T10849] Freed by task 10611:
[  107.418056][T10849]  save_stack+0x23/0x90
[  107.422318][T10849]  __kasan_slab_free+0x102/0x150
[  107.427252][T10849]  kasan_slab_free+0xe/0x10
[  107.431800][T10849]  kfree+0x10a/0x2c0
[  107.435686][T10849]  tomoyo_supervisor+0xc2c/0xef0
[  107.440621][T10849]  tomoyo_path_permission+0x263/0x360
[  107.446042][T10849]  tomoyo_path_perm+0x318/0x430
[  107.450896][T10849]  tomoyo_inode_getattr+0x1d/0x30
[  107.455979][T10849]  security_inode_getattr+0xf2/0x150
[  107.461256][T10849]  vfs_getattr+0x25/0x70
[  107.465526][T10849]  vfs_statx+0x157/0x200
[  107.469771][T10849]  __do_sys_newstat+0xa4/0x130
[  107.474534][T10849]  __x64_sys_newstat+0x54/0x80
[  107.479299][T10849]  do_syscall_64+0xfa/0x790
[  107.483789][T10849]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  107.489670][T10849] 
[  107.491985][T10849] The buggy address belongs to the object at ffff888099964d00
[  107.491985][T10849]  which belongs to the cache kmalloc-32 of size 32
[  107.506019][T10849] The buggy address is located 0 bytes inside of
[  107.506019][T10849]  32-byte region [ffff888099964d00, ffff888099964d20)
[  107.519380][T10849] The buggy address belongs to the page:
[  107.525007][T10849] page:ffffea0002665900 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff888099964fc1
[  107.535627][T10849] raw: 00fffe0000000200 ffffea0002755388 ffffea00026be148 ffff8880aa4001c0
[  107.544198][T10849] raw: ffff888099964fc1 ffff888099964000 0000000100000029 0000000000000000
[  107.553826][T10849] page dumped because: kasan: bad access detected
[  107.560576][T10849] 
[  107.562895][T10849] Memory state around the buggy address:
[  107.568662][T10849]  ffff888099964c00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  107.576727][T10849]  ffff888099964c80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  107.584789][T10849] >ffff888099964d00: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[  107.592937][T10849]                    ^
[  107.596991][T10849]  ffff888099964d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  107.605045][T10849]  ffff888099964e00: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc
[  107.613253][T10849] ==================================================================
[  107.621307][T10849] Disabling lock debugging due to kernel taint
[  107.628422][T10849] Kernel panic - not syncing: panic_on_warn set ...
[  107.635240][T10849] CPU: 1 PID: 10849 Comm: syz-executor196 Tainted: G    B             5.5.0-rc7-syzkaller #0
[  107.645482][T10849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  107.655662][T10849] Call Trace:
[  107.658948][T10849]  dump_stack+0x197/0x210
[  107.663285][T10849]  panic+0x2e3/0x75c
[  107.667312][T10849]  ? add_taint.cold+0x16/0x16
[  107.672034][T10849]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  107.677513][T10849]  ? preempt_schedule+0x4b/0x60
[  107.682382][T10849]  ? ___preempt_schedule+0x16/0x18
[  107.687680][T10849]  ? trace_hardirqs_on+0x5e/0x240
[  107.692713][T10849]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  107.698081][T10849]  end_report+0x47/0x4f
[  107.702229][T10849]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  107.707673][T10849]  __kasan_report.cold+0xe/0x41
[  107.712521][T10849]  ? ip_set_net_exit+0x510/0x5c0
[  107.717481][T10849]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  107.722848][T10849]  kasan_report+0x12/0x20
[  107.727248][T10849]  check_memory_region+0x134/0x1a0
[  107.732392][T10849]  __kasan_check_read+0x11/0x20
[  107.737341][T10849]  bitmap_ip_ext_cleanup+0xd8/0x290
[  107.742560][T10849]  bitmap_ip_destroy+0x180/0x1d0
[  107.747508][T10849]  ip_set_create+0xe47/0x1500
[  107.752283][T10849]  ? ip_set_destroy+0xb70/0xb70
[  107.757136][T10849]  ? ip_set_destroy+0xb70/0xb70
[  107.761982][T10849]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  107.766919][T10849]  ? nfnetlink_bind+0x2c0/0x2c0
[  107.771766][T10849]  ? avc_has_extended_perms+0x10f0/0x10f0
[  107.777630][T10849]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.783908][T10849]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.791034][T10849]  ? cred_has_capability+0x199/0x330
[  107.796315][T10849]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  107.801940][T10849]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  107.807572][T10849]  ? __check_heap_object+0x53/0xb3
[  107.812736][T10849]  ? __lock_acquire+0x8a0/0x4a00
[  107.817751][T10849]  netlink_rcv_skb+0x177/0x450
[  107.822645][T10849]  ? nfnetlink_bind+0x2c0/0x2c0
[  107.827500][T10849]  ? netlink_ack+0xb50/0xb50
[  107.832091][T10849]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.838328][T10849]  ? ns_capable_common+0x93/0x100
[  107.843561][T10849]  ? ns_capable+0x20/0x30
[  107.847923][T10849]  ? __netlink_ns_capable+0x104/0x140
[  107.853372][T10849]  nfnetlink_rcv+0x1ba/0x460
[  107.857982][T10849]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  107.863504][T10849]  ? netlink_deliver_tap+0x24a/0xbe0
[  107.868787][T10849]  ? __kasan_check_write+0x14/0x20
[  107.873887][T10849]  netlink_unicast+0x58c/0x7d0
[  107.878650][T10849]  ? netlink_attachskb+0x870/0x870
[  107.883868][T10849]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.890105][T10849]  netlink_sendmsg+0x91c/0xea0
[  107.895224][T10849]  ? netlink_unicast+0x7d0/0x7d0
[  107.900185][T10849]  ? tomoyo_socket_sendmsg+0x26/0x30
[  107.905478][T10849]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.911828][T10849]  ? security_socket_sendmsg+0x8d/0xc0
[  107.917401][T10849]  ? netlink_unicast+0x7d0/0x7d0
[  107.922337][T10849]  sock_sendmsg+0xd7/0x130
[  107.926906][T10849]  ____sys_sendmsg+0x753/0x880
[  107.931652][T10849]  ? kernel_sendmsg+0x50/0x50
[  107.936323][T10849]  ? mark_held_locks+0xa4/0xf0
[  107.941092][T10849]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  107.947151][T10849]  ? __handle_mm_fault+0x3145/0x3cc0
[  107.952559][T10849]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  107.958624][T10849]  ___sys_sendmsg+0x100/0x170
[  107.963364][T10849]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  107.969339][T10849]  ? sendmsg_copy_msghdr+0x70/0x70
[  107.974512][T10849]  ? __do_page_fault+0x56a/0xd80
[  107.979595][T10849]  ? find_held_lock+0x35/0x130
[  107.984355][T10849]  ? __do_page_fault+0x56a/0xd80
[  107.989289][T10849]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.995513][T10849]  ? __fget_light+0x1a9/0x230
[  108.000369][T10849]  ? __fdget+0x1b/0x20
[  108.004432][T10849]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  108.010733][T10849]  __sys_sendmsg+0x105/0x1d0
[  108.015366][T10849]  ? __sys_sendmsg_sock+0xc0/0xc0
[  108.020395][T10849]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  108.026338][T10849]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  108.031780][T10849]  ? do_syscall_64+0x26/0x790
[  108.036788][T10849]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  108.042844][T10849]  ? do_syscall_64+0x26/0x790
[  108.047509][T10849]  __x64_sys_sendmsg+0x78/0xb0
[  108.052275][T10849]  do_syscall_64+0xfa/0x790
[  108.056790][T10849]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  108.062669][T10849] RIP: 0033:0x441459
[  108.066597][T10849] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  108.088078][T10849] RSP: 002b:00007ffe7d1caa58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  108.096522][T10849] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441459
[  108.104490][T10849] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  108.112455][T10849] RBP: 000000000001a0bf R08: 00000000004002c8 R09: 00000000004002c8
[  108.120418][T10849] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402280
[  108.128494][T10849] R13: 0000000000402310 R14: 0000000000000000 R15: 0000000000000000
[  108.138099][T10849] Kernel Offset: disabled
[  108.142488][T10849] Rebooting in 86400 seconds..