[   92.268314][   T26] audit: type=1400 audit(1578677793.794:37): avc:  denied  { watch } for  pid=10415 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[   92.293075][   T26] audit: type=1400 audit(1578677793.794:38): avc:  denied  { watch } for  pid=10415 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   92.550413][   T26] audit: type=1800 audit(1578677794.074:39): pid=10323 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   92.574356][   T26] audit: type=1800 audit(1578677794.074:40): pid=10323 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   95.631777][   T26] audit: type=1400 audit(1578677797.154:41): avc:  denied  { map } for  pid=10500 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts.
executing program
executing program
[  102.584098][   T26] audit: type=1400 audit(1578677804.104:42): avc:  denied  { map } for  pid=10512 comm="syz-executor103" path="/root/syz-executor103394946" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[  102.596938][T10514] ==================================================================
[  102.614605][   T26] audit: type=1400 audit(1578677804.104:43): avc:  denied  { create } for  pid=10513 comm="syz-executor103" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[  102.621524][T10514] BUG: KASAN: use-after-free in bitmap_port_ext_cleanup+0xe6/0x2a0
[  102.647077][   T26] audit: type=1400 audit(1578677804.104:44): avc:  denied  { write } for  pid=10513 comm="syz-executor103" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[  102.654389][T10514] Read of size 8 at addr ffff88809e3cba40 by task syz-executor103/10514
[  102.654393][T10514] 
[  102.654407][T10514] CPU: 0 PID: 10514 Comm: syz-executor103 Not tainted 5.5.0-rc5-syzkaller #0
[  102.654416][T10514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  102.654421][T10514] Call Trace:
[  102.654441][T10514]  dump_stack+0x197/0x210
[  102.654458][T10514]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  102.654481][T10514]  print_address_description.constprop.0.cold+0xd4/0x30b
[  102.732417][T10514]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  102.738067][T10514]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  102.743603][T10514]  __kasan_report.cold+0x1b/0x41
[  102.748518][T10514]  ? kfree+0x200/0x2c0
[  102.752570][T10514]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  102.759050][T10514]  kasan_report+0x12/0x20
[  102.763459][T10514]  check_memory_region+0x134/0x1a0
[  102.768638][T10514]  __kasan_check_read+0x11/0x20
[  102.773476][T10514]  bitmap_port_ext_cleanup+0xe6/0x2a0
[  102.778941][T10514]  bitmap_port_destroy+0x17c/0x1d0
[  102.784054][T10514]  ip_set_create+0xe47/0x1500
[  102.788723][T10514]  ? ip_set_destroy+0xb70/0xb70
[  102.794155][T10514]  ? ip_set_destroy+0xb70/0xb70
[  102.799950][T10514]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  102.804965][T10514]  ? nfnetlink_bind+0x2c0/0x2c0
[  102.809815][T10514]  ? avc_has_extended_perms+0x10f0/0x10f0
[  102.815886][T10514]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.823953][T10514]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.830440][T10514]  ? cred_has_capability+0x199/0x330
[  102.835746][T10514]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  102.841466][T10514]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  102.847086][T10514]  ? __check_heap_object+0x43/0xb3
[  102.852347][T10514]  ? __lock_acquire+0x8a0/0x4a00
[  102.857465][T10514]  netlink_rcv_skb+0x177/0x450
[  102.862484][T10514]  ? nfnetlink_bind+0x2c0/0x2c0
[  102.867323][T10514]  ? netlink_ack+0xb50/0xb50
[  102.872134][T10514]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.878464][T10514]  ? ns_capable_common+0x93/0x100
[  102.883563][T10514]  ? ns_capable+0x20/0x30
[  102.887901][T10514]  ? __netlink_ns_capable+0x104/0x140
[  102.894143][T10514]  nfnetlink_rcv+0x1ba/0x460
[  102.898827][T10514]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  102.904333][T10514]  ? netlink_deliver_tap+0x24a/0xbe0
[  102.909652][T10514]  ? __kasan_check_write+0x14/0x20
[  102.915031][T10514]  netlink_unicast+0x58c/0x7d0
[  102.919804][T10514]  ? netlink_attachskb+0x870/0x870
[  102.925013][T10514]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.931378][T10514]  netlink_sendmsg+0x91c/0xea0
[  102.936142][T10514]  ? netlink_unicast+0x7d0/0x7d0
[  102.941301][T10514]  ? tomoyo_socket_sendmsg+0x26/0x30
[  102.946603][T10514]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.953697][T10514]  ? security_socket_sendmsg+0x8d/0xc0
[  102.959155][T10514]  ? netlink_unicast+0x7d0/0x7d0
[  102.964072][T10514]  sock_sendmsg+0xd7/0x130
[  102.968479][T10514]  ____sys_sendmsg+0x753/0x880
[  102.973336][T10514]  ? kernel_sendmsg+0x50/0x50
[  102.978968][T10514]  ? mark_held_locks+0xa4/0xf0
[  102.983719][T10514]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  102.989884][T10514]  ? __handle_mm_fault+0x3145/0x3cc0
[  102.997071][T10514]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  103.003125][T10514]  ___sys_sendmsg+0x100/0x170
[  103.009186][T10514]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  103.015264][T10514]  ? sendmsg_copy_msghdr+0x70/0x70
[  103.020383][T10514]  ? __do_page_fault+0x56a/0xd80
[  103.025307][T10514]  ? find_held_lock+0x35/0x130
[  103.030059][T10514]  ? __do_page_fault+0x56a/0xd80
[  103.035129][T10514]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.041379][T10514]  ? __fget_light+0x1a9/0x230
[  103.046273][T10514]  ? __fdget+0x1b/0x20
[  103.050390][T10514]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  103.056676][T10514]  __sys_sendmsg+0x105/0x1d0
[  103.061381][T10514]  ? __sys_sendmsg_sock+0xc0/0xc0
[  103.066408][T10514]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  103.072028][T10514]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  103.077595][T10514]  ? do_syscall_64+0x26/0x790
[  103.082387][T10514]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  103.088462][T10514]  ? do_syscall_64+0x26/0x790
[  103.093137][T10514]  __x64_sys_sendmsg+0x78/0xb0
[  103.097987][T10514]  do_syscall_64+0xfa/0x790
[  103.102498][T10514]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  103.108389][T10514] RIP: 0033:0x4413d9
[  103.112293][T10514] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  103.131891][T10514] RSP: 002b:00007ffd8db1afa8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  103.140290][T10514] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413d9
[  103.148244][T10514] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003
[  103.156319][T10514] RBP: 0000000000019089 R08: 00000000004002c8 R09: 00000000004002c8
[  103.164438][T10514] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402200
[  103.172451][T10514] R13: 0000000000402290 R14: 0000000000000000 R15: 0000000000000000
[  103.181220][T10514] 
[  103.183648][T10514] Allocated by task 10514:
[  103.188077][T10514]  save_stack+0x23/0x90
[  103.192221][T10514]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  103.197847][T10514]  kasan_kmalloc+0x9/0x10
[  103.202254][T10514]  __kmalloc+0x163/0x770
[  103.206500][T10514]  ip_set_alloc+0x38/0x5e
[  103.210816][T10514]  bitmap_port_create+0x3dc/0x7c0
[  103.215832][T10514]  ip_set_create+0x6f1/0x1500
[  103.221032][T10514]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  103.225970][T10514]  netlink_rcv_skb+0x177/0x450
[  103.230768][T10514]  nfnetlink_rcv+0x1ba/0x460
[  103.235357][T10514]  netlink_unicast+0x58c/0x7d0
[  103.240105][T10514]  netlink_sendmsg+0x91c/0xea0
[  103.244866][T10514]  sock_sendmsg+0xd7/0x130
[  103.249279][T10514]  ____sys_sendmsg+0x753/0x880
[  103.254025][T10514]  ___sys_sendmsg+0x100/0x170
[  103.258689][T10514]  __sys_sendmsg+0x105/0x1d0
[  103.263390][T10514]  __x64_sys_sendmsg+0x78/0xb0
[  103.268156][T10514]  do_syscall_64+0xfa/0x790
[  103.272642][T10514]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  103.278534][T10514] 
[  103.280880][T10514] Freed by task 10514:
[  103.284947][T10514]  save_stack+0x23/0x90
[  103.289136][T10514]  __kasan_slab_free+0x102/0x150
[  103.294187][T10514]  kasan_slab_free+0xe/0x10
[  103.298677][T10514]  kfree+0x10a/0x2c0
[  103.302555][T10514]  kvfree+0x61/0x70
[  103.306364][T10514]  ip_set_free+0x16/0x20
[  103.310601][T10514]  bitmap_port_destroy+0xae/0x1d0
[  103.315625][T10514]  ip_set_create+0xe47/0x1500
[  103.320371][T10514]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  103.325299][T10514]  netlink_rcv_skb+0x177/0x450
[  103.330042][T10514]  nfnetlink_rcv+0x1ba/0x460
[  103.334630][T10514]  netlink_unicast+0x58c/0x7d0
[  103.339651][T10514]  netlink_sendmsg+0x91c/0xea0
[  103.344398][T10514]  sock_sendmsg+0xd7/0x130
[  103.349069][T10514]  ____sys_sendmsg+0x753/0x880
[  103.353864][T10514]  ___sys_sendmsg+0x100/0x170
[  103.358533][T10514]  __sys_sendmsg+0x105/0x1d0
[  103.363119][T10514]  __x64_sys_sendmsg+0x78/0xb0
[  103.367870][T10514]  do_syscall_64+0xfa/0x790
[  103.372372][T10514]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  103.378246][T10514] 
[  103.380555][T10514] The buggy address belongs to the object at ffff88809e3cba40
[  103.380555][T10514]  which belongs to the cache kmalloc-32 of size 32
[  103.394444][T10514] The buggy address is located 0 bytes inside of
[  103.394444][T10514]  32-byte region [ffff88809e3cba40, ffff88809e3cba60)
[  103.409482][T10514] The buggy address belongs to the page:
[  103.415125][T10514] page:ffffea000278f2c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809e3cbfc1
[  103.425538][T10514] raw: 00fffe0000000200 ffffea00028e76c8 ffffea0002782188 ffff8880aa4001c0
[  103.434332][T10514] raw: ffff88809e3cbfc1 ffff88809e3cb000 0000000100000034 0000000000000000
[  103.443059][T10514] page dumped because: kasan: bad access detected
[  103.449451][T10514] 
[  103.451772][T10514] Memory state around the buggy address:
[  103.457389][T10514]  ffff88809e3cb900: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  103.465574][T10514]  ffff88809e3cb980: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  103.473647][T10514] >ffff88809e3cba00: 00 00 01 fc fc fc fc fc fb fb fb fb fc fc fc fc
[  103.481706][T10514]                                            ^
[  103.487861][T10514]  ffff88809e3cba80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  103.496038][T10514]  ffff88809e3cbb00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  103.504229][T10514] ==================================================================
[  103.512275][T10514] Disabling lock debugging due to kernel taint
[  103.519160][T10514] Kernel panic - not syncing: panic_on_warn set ...
[  103.525758][T10514] CPU: 0 PID: 10514 Comm: syz-executor103 Tainted: G    B             5.5.0-rc5-syzkaller #0
[  103.536763][T10514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  103.550801][T10514] Call Trace:
[  103.554097][T10514]  dump_stack+0x197/0x210
[  103.558417][T10514]  panic+0x2e3/0x75c
[  103.562295][T10514]  ? add_taint.cold+0x16/0x16
[  103.567054][T10514]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  103.572597][T10514]  ? preempt_schedule+0x4b/0x60
[  103.577489][T10514]  ? ___preempt_schedule+0x16/0x18
[  103.582592][T10514]  ? trace_hardirqs_on+0x5e/0x240
[  103.587720][T10514]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  103.593259][T10514]  end_report+0x47/0x4f
[  103.597408][T10514]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  103.603938][T10514]  __kasan_report.cold+0xe/0x41
[  103.608783][T10514]  ? kfree+0x200/0x2c0
[  103.612849][T10514]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  103.618480][T10514]  kasan_report+0x12/0x20
[  103.622944][T10514]  check_memory_region+0x134/0x1a0
[  103.628054][T10514]  __kasan_check_read+0x11/0x20
[  103.632889][T10514]  bitmap_port_ext_cleanup+0xe6/0x2a0
[  103.639285][T10514]  bitmap_port_destroy+0x17c/0x1d0
[  103.644380][T10514]  ip_set_create+0xe47/0x1500
[  103.649835][T10514]  ? ip_set_destroy+0xb70/0xb70
[  103.654684][T10514]  ? ip_set_destroy+0xb70/0xb70
[  103.659614][T10514]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  103.664539][T10514]  ? nfnetlink_bind+0x2c0/0x2c0
[  103.669370][T10514]  ? avc_has_extended_perms+0x10f0/0x10f0
[  103.675072][T10514]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.681464][T10514]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.687701][T10514]  ? cred_has_capability+0x199/0x330
[  103.692985][T10514]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  103.698608][T10514]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  103.704224][T10514]  ? __check_heap_object+0x43/0xb3
[  103.710411][T10514]  ? __lock_acquire+0x8a0/0x4a00
[  103.715337][T10514]  netlink_rcv_skb+0x177/0x450
[  103.720082][T10514]  ? nfnetlink_bind+0x2c0/0x2c0
[  103.725001][T10514]  ? netlink_ack+0xb50/0xb50
[  103.729604][T10514]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.735822][T10514]  ? ns_capable_common+0x93/0x100
[  103.740866][T10514]  ? ns_capable+0x20/0x30
[  103.745223][T10514]  ? __netlink_ns_capable+0x104/0x140
[  103.750581][T10514]  nfnetlink_rcv+0x1ba/0x460
[  103.756142][T10514]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  103.761592][T10514]  ? netlink_deliver_tap+0x24a/0xbe0
[  103.766865][T10514]  ? __kasan_check_write+0x14/0x20
[  103.772085][T10514]  netlink_unicast+0x58c/0x7d0
[  103.776842][T10514]  ? netlink_attachskb+0x870/0x870
[  103.782515][T10514]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.788892][T10514]  netlink_sendmsg+0x91c/0xea0
[  103.794603][T10514]  ? netlink_unicast+0x7d0/0x7d0
[  103.799524][T10514]  ? tomoyo_socket_sendmsg+0x26/0x30
[  103.804966][T10514]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.811187][T10514]  ? security_socket_sendmsg+0x8d/0xc0
[  103.816779][T10514]  ? netlink_unicast+0x7d0/0x7d0
[  103.821710][T10514]  sock_sendmsg+0xd7/0x130
[  103.829064][T10514]  ____sys_sendmsg+0x753/0x880
[  103.833864][T10514]  ? kernel_sendmsg+0x50/0x50
[  103.838525][T10514]  ? mark_held_locks+0xa4/0xf0
[  103.843375][T10514]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  103.849464][T10514]  ? __handle_mm_fault+0x3145/0x3cc0
[  103.854731][T10514]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  103.860795][T10514]  ___sys_sendmsg+0x100/0x170
[  103.865548][T10514]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  103.871625][T10514]  ? sendmsg_copy_msghdr+0x70/0x70
[  103.876737][T10514]  ? __do_page_fault+0x56a/0xd80
[  103.881688][T10514]  ? find_held_lock+0x35/0x130
[  103.886583][T10514]  ? __do_page_fault+0x56a/0xd80
[  103.891515][T10514]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.897745][T10514]  ? __fget_light+0x1a9/0x230
[  103.902466][T10514]  ? __fdget+0x1b/0x20
[  103.906574][T10514]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  103.912813][T10514]  __sys_sendmsg+0x105/0x1d0
[  103.917398][T10514]  ? __sys_sendmsg_sock+0xc0/0xc0
[  103.922636][T10514]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  103.928175][T10514]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  103.933666][T10514]  ? do_syscall_64+0x26/0x790
[  103.938511][T10514]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  103.944746][T10514]  ? do_syscall_64+0x26/0x790
[  103.949425][T10514]  __x64_sys_sendmsg+0x78/0xb0
[  103.954179][T10514]  do_syscall_64+0xfa/0x790
[  103.958668][T10514]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  103.964549][T10514] RIP: 0033:0x4413d9
[  103.968438][T10514] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  103.988127][T10514] RSP: 002b:00007ffd8db1afa8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  103.996738][T10514] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413d9
[  104.004704][T10514] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003
[  104.012800][T10514] RBP: 0000000000019089 R08: 00000000004002c8 R09: 00000000004002c8
[  104.020871][T10514] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402200
[  104.029207][T10514] R13: 0000000000402290 R14: 0000000000000000 R15: 0000000000000000
[  104.040348][T10514] Kernel Offset: disabled
[  104.044686][T10514] Rebooting in 86400 seconds..