[ 95.648050][ T27] audit: type=1400 audit(1579633001.909:37): avc: denied { watch } for pid=10252 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [ 95.683033][ T27] audit: type=1400 audit(1579633001.909:38): avc: denied { watch } for pid=10252 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 95.914830][ T27] audit: type=1800 audit(1579633002.179:39): pid=10164 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 95.938720][ T27] audit: type=1800 audit(1579633002.179:40): pid=10164 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 100.146617][ T27] audit: type=1400 audit(1579633006.419:41): avc: denied { map } for pid=10343 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.199' (ECDSA) to the list of known hosts. executing program executing program [ 109.394939][ T27] audit: type=1400 audit(1579633015.659:42): avc: denied { map } for pid=10355 comm="syz-executor788" path="/root/syz-executor788445473" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 109.408455][T10357] ================================================================== [ 109.422857][ T27] audit: type=1400 audit(1579633015.659:43): avc: denied { create } for pid=10356 comm="syz-executor788" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 109.430274][T10357] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_ext_cleanup+0xd8/0x290 [ 109.430287][T10357] Read of size 8 at addr ffff88809d52e940 by task syz-executor788/10357 [ 109.430290][T10357] [ 109.430305][T10357] CPU: 1 PID: 10357 Comm: syz-executor788 Not tainted 5.5.0-rc7-syzkaller #0 [ 109.430313][T10357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 109.430317][T10357] Call Trace: [ 109.430336][T10357] dump_stack+0x197/0x210 [ 109.430355][T10357] ? bitmap_ipmac_ext_cleanup+0xd8/0x290 [ 109.455582][ T27] audit: type=1400 audit(1579633015.659:44): avc: denied { write } for pid=10356 comm="syz-executor788" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 109.463730][T10357] print_address_description.constprop.0.cold+0xd4/0x30b [ 109.463746][T10357] ? bitmap_ipmac_ext_cleanup+0xd8/0x290 [ 109.463758][T10357] ? bitmap_ipmac_ext_cleanup+0xd8/0x290 [ 109.463771][T10357] __kasan_report.cold+0x1b/0x41 [ 109.463790][T10357] ? bitmap_ipmac_ext_cleanup+0xd8/0x290 [ 109.560541][T10357] kasan_report+0x12/0x20 [ 109.564903][T10357] check_memory_region+0x134/0x1a0 [ 109.570011][T10357] __kasan_check_read+0x11/0x20 [ 109.575017][T10357] bitmap_ipmac_ext_cleanup+0xd8/0x290 [ 109.580517][T10357] bitmap_ipmac_destroy+0x180/0x1d0 [ 109.585726][T10357] ip_set_create+0xe47/0x1500 [ 109.590460][T10357] ? ip_set_destroy+0xb70/0xb70 [ 109.595314][T10357] ? ip_set_destroy+0xb70/0xb70 [ 109.600213][T10357] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 109.605192][T10357] ? nfnetlink_bind+0x2c0/0x2c0 [ 109.610027][T10357] ? avc_has_extended_perms+0x10f0/0x10f0 [ 109.615881][T10357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 109.622170][T10357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 109.628423][T10357] ? cred_has_capability+0x199/0x330 [ 109.633712][T10357] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 109.639378][T10357] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 109.645247][T10357] ? __check_heap_object+0x53/0xb3 [ 109.650645][T10357] ? __lock_acquire+0x8a0/0x4a00 [ 109.655693][T10357] netlink_rcv_skb+0x177/0x450 [ 109.660456][T10357] ? nfnetlink_bind+0x2c0/0x2c0 [ 109.665941][T10357] ? netlink_ack+0xb50/0xb50 [ 109.670588][T10357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 109.676863][T10357] ? ns_capable_common+0x93/0x100 [ 109.681877][T10357] ? ns_capable+0x20/0x30 [ 109.687300][T10357] ? __netlink_ns_capable+0x104/0x140 [ 109.692667][T10357] nfnetlink_rcv+0x1ba/0x460 [ 109.697422][T10357] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 109.702921][T10357] ? netlink_deliver_tap+0x24a/0xbe0 [ 109.708208][T10357] ? __kasan_check_write+0x14/0x20 [ 109.713314][T10357] netlink_unicast+0x58c/0x7d0 [ 109.718068][T10357] ? netlink_attachskb+0x870/0x870 [ 109.723183][T10357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 109.729413][T10357] netlink_sendmsg+0x91c/0xea0 [ 109.734171][T10357] ? netlink_unicast+0x7d0/0x7d0 [ 109.739100][T10357] ? tomoyo_socket_sendmsg+0x26/0x30 [ 109.744443][T10357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 109.751239][T10357] ? security_socket_sendmsg+0x8d/0xc0 [ 109.756745][T10357] ? netlink_unicast+0x7d0/0x7d0 [ 109.761727][T10357] sock_sendmsg+0xd7/0x130 [ 109.766199][T10357] ____sys_sendmsg+0x753/0x880 [ 109.770958][T10357] ? kernel_sendmsg+0x50/0x50 [ 109.775631][T10357] ? mark_held_locks+0xa4/0xf0 [ 109.780465][T10357] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 109.786608][T10357] ? __handle_mm_fault+0x3145/0x3cc0 [ 109.791926][T10357] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 109.798015][T10357] ___sys_sendmsg+0x100/0x170 [ 109.802680][T10357] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 109.808676][T10357] ? sendmsg_copy_msghdr+0x70/0x70 [ 109.813803][T10357] ? __do_page_fault+0x56a/0xd80 [ 109.818727][T10357] ? find_held_lock+0x35/0x130 [ 109.823510][T10357] ? __do_page_fault+0x56a/0xd80 [ 109.828455][T10357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 109.834684][T10357] ? __fget_light+0x1a9/0x230 [ 109.839349][T10357] ? __fdget+0x1b/0x20 [ 109.843411][T10357] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 109.849910][T10357] __sys_sendmsg+0x105/0x1d0 [ 109.854598][T10357] ? __sys_sendmsg_sock+0xc0/0xc0 [ 109.859611][T10357] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 109.865188][T10357] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 109.870636][T10357] ? do_syscall_64+0x26/0x790 [ 109.875363][T10357] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.881416][T10357] ? do_syscall_64+0x26/0x790 [ 109.886135][T10357] __x64_sys_sendmsg+0x78/0xb0 [ 109.890888][T10357] do_syscall_64+0xfa/0x790 [ 109.895726][T10357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.901604][T10357] RIP: 0033:0x4413f9 [ 109.905489][T10357] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 109.925209][T10357] RSP: 002b:00007ffc3d9b2888 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 109.933660][T10357] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413f9 [ 109.941622][T10357] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 109.949578][T10357] RBP: 000000000001ab28 R08: 00000000004002c8 R09: 00000000004002c8 [ 109.957539][T10357] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220 [ 109.965553][T10357] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000 [ 109.973539][T10357] [ 109.975888][T10357] Allocated by task 10357: [ 109.980319][T10357] save_stack+0x23/0x90 [ 109.984465][T10357] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 109.990224][T10357] kasan_kmalloc+0x9/0x10 [ 109.994542][T10357] __kmalloc+0x163/0x770 [ 109.998773][T10357] ip_set_alloc+0x38/0x5e [ 110.003081][T10357] bitmap_ipmac_create+0x4e8/0xa00 [ 110.008175][T10357] ip_set_create+0x6f1/0x1500 [ 110.012988][T10357] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 110.017921][T10357] netlink_rcv_skb+0x177/0x450 [ 110.022762][T10357] nfnetlink_rcv+0x1ba/0x460 [ 110.027341][T10357] netlink_unicast+0x58c/0x7d0 [ 110.032666][T10357] netlink_sendmsg+0x91c/0xea0 [ 110.037454][T10357] sock_sendmsg+0xd7/0x130 [ 110.042022][T10357] ____sys_sendmsg+0x753/0x880 [ 110.046777][T10357] ___sys_sendmsg+0x100/0x170 [ 110.051449][T10357] __sys_sendmsg+0x105/0x1d0 [ 110.056128][T10357] __x64_sys_sendmsg+0x78/0xb0 [ 110.060879][T10357] do_syscall_64+0xfa/0x790 [ 110.066236][T10357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.072156][T10357] [ 110.074471][T10357] Freed by task 10120: [ 110.078528][T10357] save_stack+0x23/0x90 [ 110.082696][T10357] __kasan_slab_free+0x102/0x150 [ 110.087641][T10357] kasan_slab_free+0xe/0x10 [ 110.092133][T10357] kfree+0x10a/0x2c0 [ 110.096012][T10357] tomoyo_supervisor+0xc2c/0xef0 [ 110.100938][T10357] tomoyo_path_permission+0x263/0x360 [ 110.106291][T10357] tomoyo_path_perm+0x318/0x430 [ 110.111124][T10357] tomoyo_inode_getattr+0x1d/0x30 [ 110.116163][T10357] security_inode_getattr+0xf2/0x150 [ 110.121435][T10357] vfs_getattr+0x25/0x70 [ 110.125693][T10357] vfs_statx+0x157/0x200 [ 110.129918][T10357] __do_sys_newstat+0xa4/0x130 [ 110.134670][T10357] __x64_sys_newstat+0x54/0x80 [ 110.139428][T10357] do_syscall_64+0xfa/0x790 [ 110.143966][T10357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.149850][T10357] [ 110.152161][T10357] The buggy address belongs to the object at ffff88809d52e940 [ 110.152161][T10357] which belongs to the cache kmalloc-32 of size 32 [ 110.166026][T10357] The buggy address is located 0 bytes inside of [ 110.166026][T10357] 32-byte region [ffff88809d52e940, ffff88809d52e960) [ 110.179160][T10357] The buggy address belongs to the page: [ 110.185311][T10357] page:ffffea0002754b80 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809d52efc1 [ 110.195708][T10357] raw: 00fffe0000000200 ffffea0002a39e08 ffffea0002507488 ffff8880aa4001c0 [ 110.204333][T10357] raw: ffff88809d52efc1 ffff88809d52e000 0000000100000031 0000000000000000 [ 110.212896][T10357] page dumped because: kasan: bad access detected [ 110.219285][T10357] [ 110.221602][T10357] Memory state around the buggy address: [ 110.227487][T10357] ffff88809d52e800: 00 01 fc fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 110.235534][T10357] ffff88809d52e880: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 110.244031][T10357] >ffff88809d52e900: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 110.252113][T10357] ^ [ 110.258254][T10357] ffff88809d52e980: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 110.266320][T10357] ffff88809d52ea00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 110.274413][T10357] ================================================================== [ 110.282514][T10357] Disabling lock debugging due to kernel taint [ 110.290906][T10357] Kernel panic - not syncing: panic_on_warn set ... [ 110.297496][T10357] CPU: 0 PID: 10357 Comm: syz-executor788 Tainted: G B 5.5.0-rc7-syzkaller #0 [ 110.307676][T10357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.317801][T10357] Call Trace: [ 110.321090][T10357] dump_stack+0x197/0x210 [ 110.325411][T10357] panic+0x2e3/0x75c [ 110.329286][T10357] ? add_taint.cold+0x16/0x16 [ 110.333950][T10357] ? bitmap_ipmac_ext_cleanup+0xd8/0x290 [ 110.339570][T10357] ? preempt_schedule+0x4b/0x60 [ 110.344463][T10357] ? ___preempt_schedule+0x16/0x18 [ 110.349562][T10357] ? trace_hardirqs_on+0x5e/0x240 [ 110.354574][T10357] ? bitmap_ipmac_ext_cleanup+0xd8/0x290 [ 110.360311][T10357] end_report+0x47/0x4f [ 110.364459][T10357] ? bitmap_ipmac_ext_cleanup+0xd8/0x290 [ 110.370118][T10357] __kasan_report.cold+0xe/0x41 [ 110.374961][T10357] ? bitmap_ipmac_ext_cleanup+0xd8/0x290 [ 110.380666][T10357] kasan_report+0x12/0x20 [ 110.384973][T10357] check_memory_region+0x134/0x1a0 [ 110.390131][T10357] __kasan_check_read+0x11/0x20 [ 110.394967][T10357] bitmap_ipmac_ext_cleanup+0xd8/0x290 [ 110.400685][T10357] bitmap_ipmac_destroy+0x180/0x1d0 [ 110.405876][T10357] ip_set_create+0xe47/0x1500 [ 110.410607][T10357] ? ip_set_destroy+0xb70/0xb70 [ 110.415477][T10357] ? ip_set_destroy+0xb70/0xb70 [ 110.420335][T10357] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 110.425394][T10357] ? nfnetlink_bind+0x2c0/0x2c0 [ 110.430259][T10357] ? avc_has_extended_perms+0x10f0/0x10f0 [ 110.437265][T10357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.443497][T10357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.449815][T10357] ? cred_has_capability+0x199/0x330 [ 110.455084][T10357] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 110.460959][T10357] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 110.466595][T10357] ? __check_heap_object+0x53/0xb3 [ 110.471696][T10357] ? __lock_acquire+0x8a0/0x4a00 [ 110.476620][T10357] netlink_rcv_skb+0x177/0x450 [ 110.481364][T10357] ? nfnetlink_bind+0x2c0/0x2c0 [ 110.486270][T10357] ? netlink_ack+0xb50/0xb50 [ 110.490867][T10357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.497092][T10357] ? ns_capable_common+0x93/0x100 [ 110.502153][T10357] ? ns_capable+0x20/0x30 [ 110.506463][T10357] ? __netlink_ns_capable+0x104/0x140 [ 110.511872][T10357] nfnetlink_rcv+0x1ba/0x460 [ 110.516454][T10357] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 110.521897][T10357] ? netlink_deliver_tap+0x24a/0xbe0 [ 110.527167][T10357] ? __kasan_check_write+0x14/0x20 [ 110.532265][T10357] netlink_unicast+0x58c/0x7d0 [ 110.537121][T10357] ? netlink_attachskb+0x870/0x870 [ 110.542250][T10357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.548477][T10357] netlink_sendmsg+0x91c/0xea0 [ 110.553229][T10357] ? netlink_unicast+0x7d0/0x7d0 [ 110.558147][T10357] ? tomoyo_socket_sendmsg+0x26/0x30 [ 110.563428][T10357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.569652][T10357] ? security_socket_sendmsg+0x8d/0xc0 [ 110.575094][T10357] ? netlink_unicast+0x7d0/0x7d0 [ 110.580053][T10357] sock_sendmsg+0xd7/0x130 [ 110.584562][T10357] ____sys_sendmsg+0x753/0x880 [ 110.589313][T10357] ? kernel_sendmsg+0x50/0x50 [ 110.593976][T10357] ? mark_held_locks+0xa4/0xf0 [ 110.598742][T10357] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 110.604794][T10357] ? __handle_mm_fault+0x3145/0x3cc0 [ 110.610065][T10357] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 110.616234][T10357] ___sys_sendmsg+0x100/0x170 [ 110.621036][T10357] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 110.627026][T10357] ? sendmsg_copy_msghdr+0x70/0x70 [ 110.632220][T10357] ? __do_page_fault+0x56a/0xd80 [ 110.637151][T10357] ? find_held_lock+0x35/0x130 [ 110.641955][T10357] ? __do_page_fault+0x56a/0xd80 [ 110.646974][T10357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.653289][T10357] ? __fget_light+0x1a9/0x230 [ 110.657952][T10357] ? __fdget+0x1b/0x20 [ 110.662007][T10357] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 110.668239][T10357] __sys_sendmsg+0x105/0x1d0 [ 110.672810][T10357] ? __sys_sendmsg_sock+0xc0/0xc0 [ 110.677820][T10357] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 110.683353][T10357] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 110.688937][T10357] ? do_syscall_64+0x26/0x790 [ 110.693598][T10357] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.699642][T10357] ? do_syscall_64+0x26/0x790 [ 110.704304][T10357] __x64_sys_sendmsg+0x78/0xb0 [ 110.709096][T10357] do_syscall_64+0xfa/0x790 [ 110.713590][T10357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.719554][T10357] RIP: 0033:0x4413f9 [ 110.723586][T10357] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 110.743172][T10357] RSP: 002b:00007ffc3d9b2888 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 110.751567][T10357] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413f9 [ 110.759525][T10357] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 110.767484][T10357] RBP: 000000000001ab28 R08: 00000000004002c8 R09: 00000000004002c8 [ 110.775440][T10357] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220 [ 110.783400][T10357] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000 [ 110.792863][T10357] Kernel Offset: disabled [ 110.797194][T10357] Rebooting in 86400 seconds..