[ 89.584549][ T26] audit: type=1400 audit(1579433815.133:38): avc: denied { watch } for pid=10558 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 89.887823][ T26] audit: type=1800 audit(1579433815.483:39): pid=10471 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 89.911307][ T26] audit: type=1800 audit(1579433815.483:40): pid=10471 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [ 90.617146][ T26] audit: type=1400 audit(1579433816.213:41): avc: denied { map } for pid=10649 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.193' (ECDSA) to the list of known hosts. syzkaller login: [ 110.128882][ T26] audit: type=1400 audit(1579433835.723:42): avc: denied { map } for pid=10661 comm="syz-executor825" path="/root/syz-executor825364346" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 110.133678][T10661] ================================================================== [ 110.156225][ T26] audit: type=1400 audit(1579433835.723:43): avc: denied { create } for pid=10661 comm="syz-executor825" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 110.164340][T10661] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40f/0xf20 [ 110.164353][T10661] Read of size 8 at addr ffff88809abc1240 by task syz-executor825/10661 [ 110.164358][T10661] [ 110.164373][T10661] CPU: 1 PID: 10661 Comm: syz-executor825 Not tainted 5.5.0-rc6-syzkaller #0 [ 110.164380][T10661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.164384][T10661] Call Trace: [ 110.164404][T10661] dump_stack+0x197/0x210 [ 110.164417][T10661] ? bitmap_ip_list+0x40f/0xf20 [ 110.164434][T10661] print_address_description.constprop.0.cold+0xd4/0x30b [ 110.164452][T10661] ? bitmap_ip_list+0x40f/0xf20 [ 110.191166][ T26] audit: type=1400 audit(1579433835.723:44): avc: denied { write } for pid=10661 comm="syz-executor825" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 executing program [ 110.198078][T10661] ? bitmap_ip_list+0x40f/0xf20 [ 110.198095][T10661] __kasan_report.cold+0x1b/0x41 [ 110.198109][T10661] ? bitmap_ip_list+0x40f/0xf20 [ 110.198124][T10661] kasan_report+0x12/0x20 [ 110.198139][T10661] check_memory_region+0x134/0x1a0 [ 110.198153][T10661] __kasan_check_read+0x11/0x20 [ 110.198164][T10661] bitmap_ip_list+0x40f/0xf20 [ 110.198190][T10661] ? bitmap_ip_add+0xe60/0xe60 [ 110.316152][T10661] ? nla_put+0x110/0x150 [ 110.320397][T10661] ip_set_dump_start+0x96c/0x1ca0 [ 110.325420][T10661] ? ip_set_rename+0x720/0x720 [ 110.330175][T10661] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 110.335705][T10661] ? perf_trace_lock_acquire+0x4a0/0x530 [ 110.341320][T10661] ? __kasan_check_write+0x14/0x20 [ 110.346418][T10661] netlink_dump+0x558/0xfb0 [ 110.351035][T10661] ? __netlink_sendskb+0xc0/0xc0 [ 110.355977][T10661] __netlink_dump_start+0x66a/0x930 [ 110.361167][T10661] ip_set_dump+0x15a/0x1d0 [ 110.365630][T10661] ? call_ad+0x5a0/0x5a0 [ 110.369899][T10661] ? ip_set_rename+0x720/0x720 [ 110.374647][T10661] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 110.380464][T10661] ? call_ad+0x5a0/0x5a0 [ 110.384701][T10661] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 110.389762][T10661] ? nfnetlink_bind+0x2c0/0x2c0 [ 110.394613][T10661] ? avc_has_extended_perms+0x10f0/0x10f0 [ 110.400326][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.406606][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.413319][T10661] ? cred_has_capability+0x199/0x330 [ 110.418602][T10661] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 110.424344][T10661] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 110.429977][T10661] ? __check_heap_object+0x53/0xb3 [ 110.435092][T10661] ? __lock_acquire+0x8a0/0x4a00 [ 110.440020][T10661] netlink_rcv_skb+0x177/0x450 [ 110.444779][T10661] ? nfnetlink_bind+0x2c0/0x2c0 [ 110.449625][T10661] ? netlink_ack+0xb50/0xb50 [ 110.454209][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.460444][T10661] ? ns_capable_common+0x93/0x100 [ 110.465533][T10661] ? ns_capable+0x20/0x30 [ 110.469857][T10661] ? __netlink_ns_capable+0x104/0x140 [ 110.475493][T10661] nfnetlink_rcv+0x1ba/0x460 [ 110.481036][T10661] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 110.486534][T10661] ? netlink_deliver_tap+0x24a/0xbe0 [ 110.491816][T10661] ? __kasan_check_write+0x14/0x20 [ 110.497032][T10661] netlink_unicast+0x58c/0x7d0 [ 110.501827][T10661] ? netlink_attachskb+0x870/0x870 [ 110.506939][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.513188][T10661] netlink_sendmsg+0x91c/0xea0 [ 110.517949][T10661] ? netlink_unicast+0x7d0/0x7d0 [ 110.522888][T10661] ? tomoyo_socket_sendmsg+0x26/0x30 [ 110.528211][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.534487][T10661] ? security_socket_sendmsg+0x8d/0xc0 [ 110.539949][T10661] ? netlink_unicast+0x7d0/0x7d0 [ 110.545186][T10661] sock_sendmsg+0xd7/0x130 [ 110.549610][T10661] ____sys_sendmsg+0x753/0x880 [ 110.554372][T10661] ? kernel_sendmsg+0x50/0x50 [ 110.559179][T10661] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 110.565547][T10661] ___sys_sendmsg+0x100/0x170 [ 110.570389][T10661] ? sendmsg_copy_msghdr+0x70/0x70 [ 110.575498][T10661] ? __kasan_check_read+0x11/0x20 [ 110.580552][T10661] ? __lock_acquire+0x8a0/0x4a00 [ 110.585487][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.592249][T10661] ? __this_cpu_preempt_check+0x35/0x190 [ 110.597886][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.604139][T10661] ? percpu_counter_add_batch+0x13c/0x190 [ 110.609867][T10661] ? __fd_install+0x1bc/0x640 [ 110.614536][T10661] ? find_held_lock+0x35/0x130 [ 110.619301][T10661] ? __fd_install+0x1bc/0x640 [ 110.624002][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.630262][T10661] ? __fget_light+0x1a9/0x230 [ 110.634951][T10661] ? __fdget+0x1b/0x20 [ 110.639015][T10661] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 110.645250][T10661] __sys_sendmsg+0x105/0x1d0 [ 110.649826][T10661] ? __sys_sendmsg_sock+0xc0/0xc0 [ 110.654845][T10661] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 110.660287][T10661] ? do_syscall_64+0x26/0x790 [ 110.664954][T10661] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.671000][T10661] ? do_syscall_64+0x26/0x790 [ 110.675660][T10661] __x64_sys_sendmsg+0x78/0xb0 [ 110.680431][T10661] do_syscall_64+0xfa/0x790 [ 110.684937][T10661] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.690820][T10661] RIP: 0033:0x440529 [ 110.694705][T10661] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 110.714298][T10661] RSP: 002b:00007fff51dc45d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 110.722707][T10661] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 110.730756][T10661] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 110.738763][T10661] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 110.746725][T10661] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0 [ 110.754686][T10661] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 110.762657][T10661] [ 110.765023][T10661] Allocated by task 10661: [ 110.769431][T10661] save_stack+0x23/0x90 [ 110.773578][T10661] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 110.779244][T10661] kasan_kmalloc+0x9/0x10 [ 110.783603][T10661] __kmalloc+0x163/0x770 [ 110.787834][T10661] ip_set_alloc+0x38/0x5e [ 110.792156][T10661] bitmap_ip_create+0x6ec/0xc20 [ 110.797035][T10661] ip_set_create+0x6f1/0x1500 [ 110.801721][T10661] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 110.806648][T10661] netlink_rcv_skb+0x177/0x450 [ 110.811411][T10661] nfnetlink_rcv+0x1ba/0x460 [ 110.816423][T10661] netlink_unicast+0x58c/0x7d0 [ 110.821264][T10661] netlink_sendmsg+0x91c/0xea0 [ 110.826014][T10661] sock_sendmsg+0xd7/0x130 [ 110.830408][T10661] ____sys_sendmsg+0x753/0x880 [ 110.835151][T10661] ___sys_sendmsg+0x100/0x170 [ 110.839852][T10661] __sys_sendmsg+0x105/0x1d0 [ 110.844510][T10661] __x64_sys_sendmsg+0x78/0xb0 [ 110.849283][T10661] do_syscall_64+0xfa/0x790 [ 110.853777][T10661] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.859643][T10661] [ 110.861956][T10661] Freed by task 10432: [ 110.866016][T10661] save_stack+0x23/0x90 [ 110.870166][T10661] __kasan_slab_free+0x102/0x150 [ 110.875099][T10661] kasan_slab_free+0xe/0x10 [ 110.879591][T10661] kfree+0x10a/0x2c0 [ 110.883478][T10661] security_cred_free+0xa9/0x110 [ 110.888403][T10661] put_cred_rcu+0x129/0x4b0 [ 110.892954][T10661] __put_cred+0x1ef/0x270 [ 110.897265][T10661] do_faccessat+0x693/0x7f0 [ 110.901805][T10661] __x64_sys_access+0x59/0x80 [ 110.906585][T10661] do_syscall_64+0xfa/0x790 [ 110.911081][T10661] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.917158][T10661] [ 110.919473][T10661] The buggy address belongs to the object at ffff88809abc1240 [ 110.919473][T10661] which belongs to the cache kmalloc-32 of size 32 [ 110.933340][T10661] The buggy address is located 0 bytes inside of [ 110.933340][T10661] 32-byte region [ffff88809abc1240, ffff88809abc1260) [ 110.946441][T10661] The buggy address belongs to the page: [ 110.952183][T10661] page:ffffea00026af040 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809abc1fc1 [ 110.963284][T10661] raw: 00fffe0000000200 ffffea0002794008 ffffea000279ce48 ffff8880aa4001c0 [ 110.971870][T10661] raw: ffff88809abc1fc1 ffff88809abc1000 0000000100000034 0000000000000000 [ 110.980458][T10661] page dumped because: kasan: bad access detected [ 110.986874][T10661] [ 110.989186][T10661] Memory state around the buggy address: [ 110.994857][T10661] ffff88809abc1100: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 111.002915][T10661] ffff88809abc1180: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 111.010974][T10661] >ffff88809abc1200: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 111.019023][T10661] ^ [ 111.025278][T10661] ffff88809abc1280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 111.033356][T10661] ffff88809abc1300: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 111.041467][T10661] ================================================================== [ 111.049659][T10661] Disabling lock debugging due to kernel taint [ 111.057370][T10661] Kernel panic - not syncing: panic_on_warn set ... [ 111.064001][T10661] CPU: 0 PID: 10661 Comm: syz-executor825 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 111.074136][T10661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.084193][T10661] Call Trace: [ 111.087478][T10661] dump_stack+0x197/0x210 [ 111.091800][T10661] panic+0x2e3/0x75c [ 111.095699][T10661] ? add_taint.cold+0x16/0x16 [ 111.100515][T10661] ? bitmap_ip_list+0x40f/0xf20 [ 111.105360][T10661] ? preempt_schedule+0x4b/0x60 [ 111.110294][T10661] ? ___preempt_schedule+0x16/0x18 [ 111.115404][T10661] ? trace_hardirqs_on+0x5e/0x240 [ 111.120422][T10661] ? bitmap_ip_list+0x40f/0xf20 [ 111.125312][T10661] end_report+0x47/0x4f [ 111.129457][T10661] ? bitmap_ip_list+0x40f/0xf20 [ 111.134291][T10661] __kasan_report.cold+0xe/0x41 [ 111.139186][T10661] ? bitmap_ip_list+0x40f/0xf20 [ 111.144039][T10661] kasan_report+0x12/0x20 [ 111.148371][T10661] check_memory_region+0x134/0x1a0 [ 111.153648][T10661] __kasan_check_read+0x11/0x20 [ 111.158694][T10661] bitmap_ip_list+0x40f/0xf20 [ 111.163385][T10661] ? bitmap_ip_add+0xe60/0xe60 [ 111.168142][T10661] ? nla_put+0x110/0x150 [ 111.172379][T10661] ip_set_dump_start+0x96c/0x1ca0 [ 111.177483][T10661] ? ip_set_rename+0x720/0x720 [ 111.182605][T10661] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 111.188190][T10661] ? perf_trace_lock_acquire+0x4a0/0x530 [ 111.193942][T10661] ? __kasan_check_write+0x14/0x20 [ 111.199168][T10661] netlink_dump+0x558/0xfb0 [ 111.203667][T10661] ? __netlink_sendskb+0xc0/0xc0 [ 111.208599][T10661] __netlink_dump_start+0x66a/0x930 [ 111.214751][T10661] ip_set_dump+0x15a/0x1d0 [ 111.219164][T10661] ? call_ad+0x5a0/0x5a0 [ 111.223400][T10661] ? ip_set_rename+0x720/0x720 [ 111.228152][T10661] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 111.233951][T10661] ? call_ad+0x5a0/0x5a0 [ 111.238224][T10661] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 111.243266][T10661] ? nfnetlink_bind+0x2c0/0x2c0 [ 111.248140][T10661] ? avc_has_extended_perms+0x10f0/0x10f0 [ 111.253848][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.261223][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.267445][T10661] ? cred_has_capability+0x199/0x330 [ 111.272763][T10661] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 111.278399][T10661] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 111.284020][T10661] ? __check_heap_object+0x53/0xb3 [ 111.289156][T10661] ? __lock_acquire+0x8a0/0x4a00 [ 111.294128][T10661] netlink_rcv_skb+0x177/0x450 [ 111.298869][T10661] ? nfnetlink_bind+0x2c0/0x2c0 [ 111.303698][T10661] ? netlink_ack+0xb50/0xb50 [ 111.308267][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.314502][T10661] ? ns_capable_common+0x93/0x100 [ 111.319502][T10661] ? ns_capable+0x20/0x30 [ 111.323808][T10661] ? __netlink_ns_capable+0x104/0x140 [ 111.329175][T10661] nfnetlink_rcv+0x1ba/0x460 [ 111.333753][T10661] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 111.339187][T10661] ? netlink_deliver_tap+0x24a/0xbe0 [ 111.344452][T10661] ? __kasan_check_write+0x14/0x20 [ 111.349538][T10661] netlink_unicast+0x58c/0x7d0 [ 111.354277][T10661] ? netlink_attachskb+0x870/0x870 [ 111.359382][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.365609][T10661] netlink_sendmsg+0x91c/0xea0 [ 111.370353][T10661] ? netlink_unicast+0x7d0/0x7d0 [ 111.375269][T10661] ? tomoyo_socket_sendmsg+0x26/0x30 [ 111.380596][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.386813][T10661] ? security_socket_sendmsg+0x8d/0xc0 [ 111.392247][T10661] ? netlink_unicast+0x7d0/0x7d0 [ 111.397273][T10661] sock_sendmsg+0xd7/0x130 [ 111.401677][T10661] ____sys_sendmsg+0x753/0x880 [ 111.407382][T10661] ? kernel_sendmsg+0x50/0x50 [ 111.412058][T10661] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 111.418683][T10661] ___sys_sendmsg+0x100/0x170 [ 111.423403][T10661] ? sendmsg_copy_msghdr+0x70/0x70 [ 111.428510][T10661] ? __kasan_check_read+0x11/0x20 [ 111.433520][T10661] ? __lock_acquire+0x8a0/0x4a00 [ 111.438702][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.444919][T10661] ? __this_cpu_preempt_check+0x35/0x190 [ 111.450583][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.456855][T10661] ? percpu_counter_add_batch+0x13c/0x190 [ 111.462616][T10661] ? __fd_install+0x1bc/0x640 [ 111.467404][T10661] ? find_held_lock+0x35/0x130 [ 111.472190][T10661] ? __fd_install+0x1bc/0x640 [ 111.476871][T10661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.483101][T10661] ? __fget_light+0x1a9/0x230 [ 111.487872][T10661] ? __fdget+0x1b/0x20 [ 111.491947][T10661] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 111.498182][T10661] __sys_sendmsg+0x105/0x1d0 [ 111.502767][T10661] ? __sys_sendmsg_sock+0xc0/0xc0 [ 111.507792][T10661] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 111.513300][T10661] ? do_syscall_64+0x26/0x790 [ 111.517971][T10661] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 111.524035][T10661] ? do_syscall_64+0x26/0x790 [ 111.528712][T10661] __x64_sys_sendmsg+0x78/0xb0 [ 111.533463][T10661] do_syscall_64+0xfa/0x790 [ 111.537962][T10661] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 111.543886][T10661] RIP: 0033:0x440529 [ 111.547825][T10661] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 111.567522][T10661] RSP: 002b:00007fff51dc45d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.575920][T10661] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 111.583922][T10661] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 111.592018][T10661] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 111.599991][T10661] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0 [ 111.608072][T10661] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 111.617556][T10661] Kernel Offset: disabled [ 111.621892][T10661] Rebooting in 86400 seconds..