[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[   94.967107][   T27] audit: type=1400 audit(1579479643.639:37): avc:  denied  { watch } for  pid=10235 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   98.443144][   T27] kauditd_printk_skb: 3 callbacks suppressed
[   98.443160][   T27] audit: type=1400 audit(1579479647.119:41): avc:  denied  { map } for  pid=10324 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts.
[  105.171873][   T27] audit: type=1400 audit(1579479653.839:42): avc:  denied  { map } for  pid=10336 comm="syz-executor506" path="/root/syz-executor506017696" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[  105.176543][T10336] ==================================================================
[  105.199237][   T27] audit: type=1400 audit(1579479653.849:43): avc:  denied  { create } for  pid=10336 comm="syz-executor506" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[  105.207064][T10336] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40f/0xf20
[  105.207075][T10336] Read of size 8 at addr ffff8880a7b3c500 by task syz-executor506/10336
[  105.207078][T10336] 
[  105.207093][T10336] CPU: 0 PID: 10336 Comm: syz-executor506 Not tainted 5.5.0-rc6-syzkaller #0
[  105.207101][T10336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  105.207112][T10336] Call Trace:
[  105.233114][   T27] audit: type=1400 audit(1579479653.849:44): avc:  denied  { write } for  pid=10336 comm="syz-executor506" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[  105.239557][T10336]  dump_stack+0x197/0x210
[  105.301298][T10336]  ? bitmap_ip_list+0x40f/0xf20
[  105.306132][T10336]  print_address_description.constprop.0.cold+0xd4/0x30b
[  105.313130][T10336]  ? bitmap_ip_list+0x40f/0xf20
[  105.317954][T10336]  ? bitmap_ip_list+0x40f/0xf20
[  105.322780][T10336]  __kasan_report.cold+0x1b/0x41
[  105.327696][T10336]  ? bitmap_ip_list+0x40f/0xf20
[  105.332525][T10336]  kasan_report+0x12/0x20
[  105.336832][T10336]  check_memory_region+0x134/0x1a0
[  105.341939][T10336]  __kasan_check_read+0x11/0x20
[  105.346777][T10336]  bitmap_ip_list+0x40f/0xf20
[  105.351435][T10336]  ? bitmap_ip_add+0xe60/0xe60
[  105.356178][T10336]  ? nla_put+0x110/0x150
[  105.360399][T10336]  ip_set_dump_start+0x96c/0x1ca0
[  105.365404][T10336]  ? ip_set_rename+0x720/0x720
[  105.370148][T10336]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  105.375752][T10336]  ? perf_trace_lock_acquire+0x4a0/0x530
[  105.381391][T10336]  ? __kasan_check_write+0x14/0x20
[  105.386489][T10336]  netlink_dump+0x558/0xfb0
[  105.390989][T10336]  ? __netlink_sendskb+0xc0/0xc0
[  105.395919][T10336]  __netlink_dump_start+0x66a/0x930
[  105.401102][T10336]  ip_set_dump+0x15a/0x1d0
[  105.405500][T10336]  ? call_ad+0x5a0/0x5a0
[  105.409720][T10336]  ? ip_set_rename+0x720/0x720
[  105.414481][T10336]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[  105.420282][T10336]  ? call_ad+0x5a0/0x5a0
[  105.424504][T10336]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  105.429425][T10336]  ? nfnetlink_bind+0x2c0/0x2c0
[  105.434268][T10336]  ? avc_has_extended_perms+0x10f0/0x10f0
[  105.439968][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  105.446185][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  105.452414][T10336]  ? cred_has_capability+0x199/0x330
[  105.457689][T10336]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  105.463300][T10336]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  105.468910][T10336]  ? __check_heap_object+0x53/0xb3
[  105.473995][T10336]  ? __lock_acquire+0x8a0/0x4a00
[  105.478911][T10336]  netlink_rcv_skb+0x177/0x450
[  105.483673][T10336]  ? nfnetlink_bind+0x2c0/0x2c0
[  105.488525][T10336]  ? netlink_ack+0xb50/0xb50
[  105.493162][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  105.499558][T10336]  ? ns_capable_common+0x93/0x100
[  105.504565][T10336]  ? ns_capable+0x20/0x30
[  105.508888][T10336]  ? __netlink_ns_capable+0x104/0x140
[  105.514259][T10336]  nfnetlink_rcv+0x1ba/0x460
[  105.518834][T10336]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  105.524275][T10336]  ? netlink_deliver_tap+0x24a/0xbe0
[  105.529552][T10336]  ? __kasan_check_write+0x14/0x20
[  105.534651][T10336]  netlink_unicast+0x58c/0x7d0
[  105.539397][T10336]  ? netlink_attachskb+0x870/0x870
[  105.544502][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  105.550722][T10336]  netlink_sendmsg+0x91c/0xea0
[  105.555468][T10336]  ? netlink_unicast+0x7d0/0x7d0
[  105.560387][T10336]  ? tomoyo_socket_sendmsg+0x26/0x30
[  105.565654][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  105.571872][T10336]  ? security_socket_sendmsg+0x8d/0xc0
[  105.577309][T10336]  ? netlink_unicast+0x7d0/0x7d0
[  105.582223][T10336]  sock_sendmsg+0xd7/0x130
[  105.586616][T10336]  ____sys_sendmsg+0x753/0x880
[  105.591359][T10336]  ? kernel_sendmsg+0x50/0x50
[  105.596014][T10336]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  105.602149][T10336]  ___sys_sendmsg+0x100/0x170
[  105.606805][T10336]  ? sendmsg_copy_msghdr+0x70/0x70
[  105.611891][T10336]  ? __kasan_check_read+0x11/0x20
[  105.616911][T10336]  ? __lock_acquire+0x8a0/0x4a00
[  105.621858][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  105.628083][T10336]  ? __this_cpu_preempt_check+0x35/0x190
[  105.633697][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  105.639919][T10336]  ? percpu_counter_add_batch+0x13c/0x190
[  105.645633][T10336]  ? __fd_install+0x1bc/0x640
[  105.650313][T10336]  ? find_held_lock+0x35/0x130
[  105.655059][T10336]  ? __fd_install+0x1bc/0x640
[  105.659723][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  105.665950][T10336]  ? __fget_light+0x1a9/0x230
[  105.670629][T10336]  ? __fdget+0x1b/0x20
[  105.674690][T10336]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  105.680928][T10336]  __sys_sendmsg+0x105/0x1d0
[  105.685502][T10336]  ? __sys_sendmsg_sock+0xc0/0xc0
[  105.690515][T10336]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  105.695957][T10336]  ? do_syscall_64+0x26/0x790
[  105.700617][T10336]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  105.706664][T10336]  ? do_syscall_64+0x26/0x790
[  105.711325][T10336]  __x64_sys_sendmsg+0x78/0xb0
[  105.716069][T10336]  do_syscall_64+0xfa/0x790
[  105.720556][T10336]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  105.726423][T10336] RIP: 0033:0x440569
[  105.730298][T10336] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  105.749894][T10336] RSP: 002b:00007ffda8ba3b78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  105.758292][T10336] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440569
[  105.766241][T10336] RDX: 0000000000000010 RSI: 00000000200003c0 RDI: 0000000000000004
[  105.774192][T10336] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[  105.782142][T10336] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401df0
[  105.790089][T10336] R13: 0000000000401e80 R14: 0000000000000000 R15: 0000000000000000
[  105.798056][T10336] 
[  105.800364][T10336] Allocated by task 10336:
[  105.804808][T10336]  save_stack+0x23/0x90
[  105.808943][T10336]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  105.814620][T10336]  kasan_kmalloc+0x9/0x10
[  105.818932][T10336]  __kmalloc+0x163/0x770
[  105.823151][T10336]  ip_set_alloc+0x38/0x5e
[  105.827469][T10336]  bitmap_ip_create+0x6ec/0xc20
[  105.832296][T10336]  ip_set_create+0x6f1/0x1500
[  105.836949][T10336]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  105.841859][T10336]  netlink_rcv_skb+0x177/0x450
[  105.846602][T10336]  nfnetlink_rcv+0x1ba/0x460
[  105.851168][T10336]  netlink_unicast+0x58c/0x7d0
[  105.855907][T10336]  netlink_sendmsg+0x91c/0xea0
[  105.860645][T10336]  sock_sendmsg+0xd7/0x130
[  105.865038][T10336]  ____sys_sendmsg+0x753/0x880
[  105.869776][T10336]  ___sys_sendmsg+0x100/0x170
[  105.874491][T10336]  __sys_sendmsg+0x105/0x1d0
[  105.879055][T10336]  __x64_sys_sendmsg+0x78/0xb0
[  105.883797][T10336]  do_syscall_64+0xfa/0x790
[  105.888277][T10336]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  105.894139][T10336] 
[  105.896444][T10336] Freed by task 10108:
[  105.900525][T10336]  save_stack+0x23/0x90
[  105.904657][T10336]  __kasan_slab_free+0x102/0x150
[  105.909591][T10336]  kasan_slab_free+0xe/0x10
[  105.914093][T10336]  kfree+0x10a/0x2c0
[  105.917969][T10336]  security_cred_free+0xa9/0x110
[  105.922888][T10336]  put_cred_rcu+0x129/0x4b0
[  105.927372][T10336]  __put_cred+0x1ef/0x270
[  105.931683][T10336]  do_faccessat+0x693/0x7f0
[  105.936165][T10336]  __x64_sys_access+0x59/0x80
[  105.940822][T10336]  do_syscall_64+0xfa/0x790
[  105.945304][T10336]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  105.951184][T10336] 
[  105.953502][T10336] The buggy address belongs to the object at ffff8880a7b3c500
[  105.953502][T10336]  which belongs to the cache kmalloc-32 of size 32
[  105.967367][T10336] The buggy address is located 0 bytes inside of
[  105.967367][T10336]  32-byte region [ffff8880a7b3c500, ffff8880a7b3c520)
[  105.980354][T10336] The buggy address belongs to the page:
[  105.985967][T10336] page:ffffea00029ecf00 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a7b3cfc1
[  105.996373][T10336] raw: 00fffe0000000200 ffffea0002623e88 ffffea000269b348 ffff8880aa4001c0
[  106.004943][T10336] raw: ffff8880a7b3cfc1 ffff8880a7b3c000 000000010000003d 0000000000000000
[  106.013499][T10336] page dumped because: kasan: bad access detected
[  106.019880][T10336] 
[  106.022183][T10336] Memory state around the buggy address:
[  106.027793][T10336]  ffff8880a7b3c400: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  106.035830][T10336]  ffff8880a7b3c480: 00 00 01 fc fc fc fc fc 00 00 00 04 fc fc fc fc
[  106.043866][T10336] >ffff8880a7b3c500: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[  106.051901][T10336]                    ^
[  106.055946][T10336]  ffff8880a7b3c580: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  106.063980][T10336]  ffff8880a7b3c600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
executing program
[  106.072013][T10336] ==================================================================
[  106.080045][T10336] Disabling lock debugging due to kernel taint
[  106.087696][T10336] Kernel panic - not syncing: panic_on_warn set ...
[  106.094297][T10336] CPU: 0 PID: 10336 Comm: syz-executor506 Tainted: G    B             5.5.0-rc6-syzkaller #0
[  106.104414][T10336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  106.114464][T10336] Call Trace:
[  106.117740][T10336]  dump_stack+0x197/0x210
[  106.122047][T10336]  panic+0x2e3/0x75c
[  106.125916][T10336]  ? add_taint.cold+0x16/0x16
[  106.130574][T10336]  ? bitmap_ip_list+0x40f/0xf20
[  106.135419][T10336]  ? preempt_schedule+0x4b/0x60
[  106.140244][T10336]  ? ___preempt_schedule+0x16/0x18
[  106.145333][T10336]  ? trace_hardirqs_on+0x5e/0x240
[  106.150332][T10336]  ? bitmap_ip_list+0x40f/0xf20
[  106.155158][T10336]  end_report+0x47/0x4f
[  106.159290][T10336]  ? bitmap_ip_list+0x40f/0xf20
[  106.164114][T10336]  __kasan_report.cold+0xe/0x41
[  106.168941][T10336]  ? bitmap_ip_list+0x40f/0xf20
[  106.173783][T10336]  kasan_report+0x12/0x20
[  106.178086][T10336]  check_memory_region+0x134/0x1a0
[  106.183173][T10336]  __kasan_check_read+0x11/0x20
[  106.188013][T10336]  bitmap_ip_list+0x40f/0xf20
[  106.192665][T10336]  ? bitmap_ip_add+0xe60/0xe60
[  106.197404][T10336]  ? nla_put+0x110/0x150
[  106.201619][T10336]  ip_set_dump_start+0x96c/0x1ca0
[  106.206619][T10336]  ? ip_set_rename+0x720/0x720
[  106.211357][T10336]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  106.216879][T10336]  ? perf_trace_lock_acquire+0x4a0/0x530
[  106.222487][T10336]  ? __kasan_check_write+0x14/0x20
[  106.227574][T10336]  netlink_dump+0x558/0xfb0
[  106.232069][T10336]  ? __netlink_sendskb+0xc0/0xc0
[  106.236983][T10336]  __netlink_dump_start+0x66a/0x930
[  106.242156][T10336]  ip_set_dump+0x15a/0x1d0
[  106.246563][T10336]  ? call_ad+0x5a0/0x5a0
[  106.250780][T10336]  ? ip_set_rename+0x720/0x720
[  106.255522][T10336]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[  106.261303][T10336]  ? call_ad+0x5a0/0x5a0
[  106.265521][T10336]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  106.270438][T10336]  ? nfnetlink_bind+0x2c0/0x2c0
[  106.275265][T10336]  ? avc_has_extended_perms+0x10f0/0x10f0
[  106.280960][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  106.287195][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  106.293427][T10336]  ? cred_has_capability+0x199/0x330
[  106.298702][T10336]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  106.304314][T10336]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  106.309934][T10336]  ? __check_heap_object+0x53/0xb3
[  106.315025][T10336]  ? __lock_acquire+0x8a0/0x4a00
[  106.319987][T10336]  netlink_rcv_skb+0x177/0x450
[  106.324730][T10336]  ? nfnetlink_bind+0x2c0/0x2c0
[  106.329554][T10336]  ? netlink_ack+0xb50/0xb50
[  106.334120][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  106.340338][T10336]  ? ns_capable_common+0x93/0x100
[  106.345374][T10336]  ? ns_capable+0x20/0x30
[  106.349681][T10336]  ? __netlink_ns_capable+0x104/0x140
[  106.355030][T10336]  nfnetlink_rcv+0x1ba/0x460
[  106.359596][T10336]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  106.365027][T10336]  ? netlink_deliver_tap+0x24a/0xbe0
[  106.370286][T10336]  ? __kasan_check_write+0x14/0x20
[  106.375408][T10336]  netlink_unicast+0x58c/0x7d0
[  106.380146][T10336]  ? netlink_attachskb+0x870/0x870
[  106.385233][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  106.391447][T10336]  netlink_sendmsg+0x91c/0xea0
[  106.396191][T10336]  ? netlink_unicast+0x7d0/0x7d0
[  106.401120][T10336]  ? tomoyo_socket_sendmsg+0x26/0x30
[  106.406381][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  106.412611][T10336]  ? security_socket_sendmsg+0x8d/0xc0
[  106.418070][T10336]  ? netlink_unicast+0x7d0/0x7d0
[  106.422996][T10336]  sock_sendmsg+0xd7/0x130
[  106.427403][T10336]  ____sys_sendmsg+0x753/0x880
[  106.432146][T10336]  ? kernel_sendmsg+0x50/0x50
[  106.436805][T10336]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  106.442950][T10336]  ___sys_sendmsg+0x100/0x170
[  106.447611][T10336]  ? sendmsg_copy_msghdr+0x70/0x70
[  106.452742][T10336]  ? __kasan_check_read+0x11/0x20
[  106.457743][T10336]  ? __lock_acquire+0x8a0/0x4a00
[  106.462660][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  106.468915][T10336]  ? __this_cpu_preempt_check+0x35/0x190
[  106.474525][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  106.480739][T10336]  ? percpu_counter_add_batch+0x13c/0x190
[  106.486466][T10336]  ? __fd_install+0x1bc/0x640
[  106.491116][T10336]  ? find_held_lock+0x35/0x130
[  106.495852][T10336]  ? __fd_install+0x1bc/0x640
[  106.500506][T10336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  106.506719][T10336]  ? __fget_light+0x1a9/0x230
[  106.511439][T10336]  ? __fdget+0x1b/0x20
[  106.515493][T10336]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  106.521713][T10336]  __sys_sendmsg+0x105/0x1d0
[  106.526282][T10336]  ? __sys_sendmsg_sock+0xc0/0xc0
[  106.531289][T10336]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  106.536724][T10336]  ? do_syscall_64+0x26/0x790
[  106.541374][T10336]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  106.547449][T10336]  ? do_syscall_64+0x26/0x790
[  106.552104][T10336]  __x64_sys_sendmsg+0x78/0xb0
[  106.556857][T10336]  do_syscall_64+0xfa/0x790
[  106.561339][T10336]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  106.567205][T10336] RIP: 0033:0x440569
[  106.571076][T10336] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  106.590654][T10336] RSP: 002b:00007ffda8ba3b78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  106.599036][T10336] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440569
[  106.607002][T10336] RDX: 0000000000000010 RSI: 00000000200003c0 RDI: 0000000000000004
[  106.614961][T10336] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[  106.622908][T10336] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401df0
[  106.630853][T10336] R13: 0000000000401e80 R14: 0000000000000000 R15: 0000000000000000
[  106.640066][T10336] Kernel Offset: disabled
[  106.644386][T10336] Rebooting in 86400 seconds..