[ 78.992504][ T26] audit: type=1400 audit(1582863969.384:37): avc: denied { watch } for pid=10343 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [ 79.034608][ T26] audit: type=1400 audit(1582863969.414:38): avc: denied { watch } for pid=10343 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 79.303380][ T26] audit: type=1800 audit(1582863969.694:39): pid=10254 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 79.325269][ T26] audit: type=1800 audit(1582863969.694:40): pid=10254 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 83.341930][ T26] audit: type=1400 audit(1582863973.734:41): avc: denied { map } for pid=10432 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. executing program [ 101.968424][ T26] audit: type=1400 audit(1582863992.364:42): avc: denied { map } for pid=10444 comm="syz-executor545" path="/root/syz-executor545131871" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 101.983419][T10445] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program [ 102.034221][ T26] audit: type=1400 audit(1582863992.424:43): avc: denied { create } for pid=10446 comm="syz-executor545" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 102.059065][ T26] audit: type=1400 audit(1582863992.424:44): avc: denied { write } for pid=10446 comm="syz-executor545" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 102.083033][T10450] ================================================================== [ 102.084487][ T26] audit: type=1400 audit(1582863992.424:45): avc: denied { read } for pid=10446 comm="syz-executor545" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 102.091840][T10450] BUG: KASAN: use-after-free in ethnl_update_bitset32.part.0+0x8db/0x1820 [ 102.091853][T10450] Read of size 4 at addr ffff8880a81b743c by task syz-executor545/10450 [ 102.091857][T10450] [ 102.091871][T10450] CPU: 0 PID: 10450 Comm: syz-executor545 Not tainted 5.6.0-rc3-syzkaller #0 [ 102.091879][T10450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 102.091884][T10450] Call Trace: [ 102.091909][T10450] dump_stack+0x197/0x210 [ 102.161831][T10450] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 102.167968][T10450] print_address_description.constprop.0.cold+0xd4/0x30b [ 102.174965][T10450] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 102.181128][T10450] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 102.187263][T10450] __kasan_report.cold+0x1b/0x32 [ 102.192179][T10450] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 102.198314][T10450] kasan_report+0x12/0x20 [ 102.202624][T10450] __asan_report_load4_noabort+0x14/0x20 [ 102.208234][T10450] ethnl_update_bitset32.part.0+0x8db/0x1820 [ 102.214219][T10450] ? __mutex_lock+0x458/0x13c0 [ 102.218960][T10450] ? lock_downgrade+0x920/0x920 [ 102.223796][T10450] ? ethnl_bitmap32_clear+0x390/0x390 [ 102.229144][T10450] ? mutex_trylock+0x2d0/0x2d0 [ 102.233894][T10450] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 102.240115][T10450] ? ethnl_default_notify+0x6b0/0x6b0 [ 102.245511][T10450] ethnl_update_bitset+0x4d/0x67 [ 102.250427][T10450] ethnl_set_linkmodes+0x461/0xc30 [ 102.255528][T10450] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 102.261152][T10450] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 102.266763][T10450] ? linkmodes_prepare_data+0x2a0/0x2a0 [ 102.272287][T10450] ? kernel_text_address+0xe3/0x110 [ 102.277468][T10450] ? __kernel_text_address+0xd/0x40 [ 102.282665][T10450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.288883][T10450] ? security_capable+0x95/0xc0 [ 102.293721][T10450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.299941][T10450] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x300 [ 102.306252][T10450] genl_rcv_msg+0x67d/0xea0 [ 102.310817][T10450] ? genl_rcv_msg+0x67d/0xea0 [ 102.315483][T10450] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 102.321785][T10450] ? __kasan_check_read+0x11/0x20 [ 102.326786][T10450] ? __lock_acquire+0x8a0/0x4a00 [ 102.331711][T10450] ? find_held_lock+0x35/0x130 [ 102.336460][T10450] netlink_rcv_skb+0x177/0x450 [ 102.341208][T10450] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 102.347524][T10450] ? netlink_ack+0xb50/0xb50 [ 102.352090][T10450] ? __kasan_check_write+0x14/0x20 [ 102.357185][T10450] ? netlink_deliver_tap+0x248/0xbf0 [ 102.362452][T10450] genl_rcv+0x29/0x40 [ 102.366412][T10450] netlink_unicast+0x59e/0x7e0 [ 102.371174][T10450] ? netlink_attachskb+0x870/0x870 [ 102.376265][T10450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.382497][T10450] netlink_sendmsg+0x91c/0xea0 [ 102.387257][T10450] ? netlink_unicast+0x7e0/0x7e0 [ 102.392176][T10450] ? tomoyo_socket_sendmsg+0x26/0x30 [ 102.397441][T10450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.403657][T10450] ? security_socket_sendmsg+0x8d/0xc0 [ 102.409093][T10450] ? netlink_unicast+0x7e0/0x7e0 [ 102.414022][T10450] sock_sendmsg+0xd7/0x130 [ 102.418431][T10450] ____sys_sendmsg+0x753/0x880 [ 102.423183][T10450] ? kernel_sendmsg+0x50/0x50 [ 102.427844][T10450] ? debug_object_active_state+0x28a/0x350 [ 102.433630][T10450] ? find_held_lock+0x35/0x130 [ 102.438381][T10450] ___sys_sendmsg+0x100/0x170 [ 102.443038][T10450] ? sendmsg_copy_msghdr+0x70/0x70 [ 102.448126][T10450] ? lockdep_hardirqs_on+0x421/0x5e0 [ 102.453391][T10450] ? __kasan_check_read+0x11/0x20 [ 102.458395][T10450] ? mark_lock+0xc2/0x1220 [ 102.462795][T10450] ? __kasan_check_read+0x11/0x20 [ 102.467798][T10450] ? __lock_acquire+0x16f2/0x4a00 [ 102.472797][T10450] ? debug_object_deactivate+0x320/0x320 [ 102.478408][T10450] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 102.484543][T10450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.490772][T10450] ? __fget_light+0x1ad/0x270 [ 102.495439][T10450] ? __fdget+0x1b/0x20 [ 102.499499][T10450] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 102.505723][T10450] __sys_sendmsg+0x105/0x1d0 [ 102.510297][T10450] ? __sys_sendmsg_sock+0xc0/0xc0 [ 102.515309][T10450] ? lockdep_hardirqs_on+0x421/0x5e0 [ 102.520586][T10450] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 102.526035][T10450] ? do_syscall_64+0x26/0x790 [ 102.530699][T10450] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.536740][T10450] ? do_syscall_64+0x26/0x790 [ 102.541411][T10450] __x64_sys_sendmsg+0x78/0xb0 [ 102.546173][T10450] do_syscall_64+0xfa/0x790 [ 102.550663][T10450] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.556528][T10450] RIP: 0033:0x445b39 [ 102.560400][T10450] Code: e8 ac cb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab cc fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 102.579987][T10450] RSP: 002b:00007fff992b8188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 102.588466][T10450] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000445b39 [ 102.596416][T10450] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 102.604360][T10450] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000bb1414ac [ 102.612305][T10450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000018e9e [ 102.620253][T10450] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 102.628229][T10450] [ 102.630532][T10450] Allocated by task 10232: [ 102.634926][T10450] save_stack+0x23/0x90 [ 102.639056][T10450] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 102.644663][T10450] kasan_slab_alloc+0xf/0x20 [ 102.649227][T10450] kmem_cache_alloc+0x121/0x710 [ 102.654167][T10450] getname_flags+0xd6/0x5b0 [ 102.658656][T10450] getname+0x1a/0x20 [ 102.662531][T10450] do_sys_openat2+0x45c/0x7e0 [ 102.667186][T10450] do_sys_open+0xf2/0x180 [ 102.671501][T10450] __x64_sys_open+0x7e/0xc0 [ 102.675988][T10450] do_syscall_64+0xfa/0x790 [ 102.680510][T10450] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.686461][T10450] [ 102.688777][T10450] Freed by task 10232: [ 102.692831][T10450] save_stack+0x23/0x90 [ 102.696969][T10450] __kasan_slab_free+0x102/0x150 [ 102.701891][T10450] kasan_slab_free+0xe/0x10 [ 102.706381][T10450] kmem_cache_free+0x86/0x320 [ 102.711046][T10450] putname+0xef/0x130 [ 102.715016][T10450] do_sys_openat2+0x4c7/0x7e0 [ 102.719681][T10450] do_sys_open+0xf2/0x180 [ 102.723989][T10450] __x64_sys_open+0x7e/0xc0 [ 102.728479][T10450] do_syscall_64+0xfa/0x790 [ 102.732969][T10450] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.738836][T10450] [ 102.741155][T10450] The buggy address belongs to the object at ffff8880a81b6b40 [ 102.741155][T10450] which belongs to the cache names_cache of size 4096 [ 102.755281][T10450] The buggy address is located 2300 bytes inside of [ 102.755281][T10450] 4096-byte region [ffff8880a81b6b40, ffff8880a81b7b40) [ 102.768707][T10450] The buggy address belongs to the page: [ 102.774326][T10450] page:ffffea0002a06d80 refcount:1 mapcount:0 mapping:ffff88821bc50a80 index:0x0 compound_mapcount: 0 [ 102.785274][T10450] flags: 0xfffe0000010200(slab|head) [ 102.790546][T10450] raw: 00fffe0000010200 ffffea000254d808 ffffea00025b3b08 ffff88821bc50a80 [ 102.799115][T10450] raw: 0000000000000000 ffff8880a81b6b40 0000000100000001 0000000000000000 [ 102.807676][T10450] page dumped because: kasan: bad access detected [ 102.814067][T10450] [ 102.816373][T10450] Memory state around the buggy address: [ 102.822025][T10450] ffff8880a81b7300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 102.830066][T10450] ffff8880a81b7380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 102.838110][T10450] >ffff8880a81b7400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 102.846181][T10450] ^ [ 102.852047][T10450] ffff8880a81b7480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 102.860132][T10450] ffff8880a81b7500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 102.868167][T10450] ================================================================== [ 102.876201][T10450] Disabling lock debugging due to kernel taint [ 102.883075][T10450] Kernel panic - not syncing: panic_on_warn set ... [ 102.889663][T10450] CPU: 0 PID: 10450 Comm: syz-executor545 Tainted: G B 5.6.0-rc3-syzkaller #0 [ 102.899908][T10450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 102.909944][T10450] Call Trace: [ 102.913222][T10450] dump_stack+0x197/0x210 [ 102.917540][T10450] panic+0x2e3/0x75c [ 102.921422][T10450] ? add_taint.cold+0x16/0x16 [ 102.926159][T10450] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 102.932325][T10450] ? preempt_schedule+0x4b/0x60 [ 102.937154][T10450] ? ___preempt_schedule+0x16/0x18 [ 102.942241][T10450] ? trace_hardirqs_on+0x5e/0x240 [ 102.947244][T10450] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 102.953386][T10450] end_report+0x47/0x4f [ 102.957529][T10450] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 102.963656][T10450] __kasan_report.cold+0xe/0x32 [ 102.968482][T10450] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 102.974649][T10450] kasan_report+0x12/0x20 [ 102.978986][T10450] __asan_report_load4_noabort+0x14/0x20 [ 102.984627][T10450] ethnl_update_bitset32.part.0+0x8db/0x1820 [ 102.990584][T10450] ? __mutex_lock+0x458/0x13c0 [ 102.995325][T10450] ? lock_downgrade+0x920/0x920 [ 103.000166][T10450] ? ethnl_bitmap32_clear+0x390/0x390 [ 103.005520][T10450] ? mutex_trylock+0x2d0/0x2d0 [ 103.010265][T10450] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 103.016484][T10450] ? ethnl_default_notify+0x6b0/0x6b0 [ 103.021859][T10450] ethnl_update_bitset+0x4d/0x67 [ 103.026774][T10450] ethnl_set_linkmodes+0x461/0xc30 [ 103.031863][T10450] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 103.037469][T10450] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 103.043077][T10450] ? linkmodes_prepare_data+0x2a0/0x2a0 [ 103.048663][T10450] ? kernel_text_address+0xe3/0x110 [ 103.053861][T10450] ? __kernel_text_address+0xd/0x40 [ 103.059051][T10450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.065274][T10450] ? security_capable+0x95/0xc0 [ 103.070113][T10450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.076340][T10450] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x300 [ 103.082653][T10450] genl_rcv_msg+0x67d/0xea0 [ 103.087202][T10450] ? genl_rcv_msg+0x67d/0xea0 [ 103.091876][T10450] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 103.098191][T10450] ? __kasan_check_read+0x11/0x20 [ 103.103201][T10450] ? __lock_acquire+0x8a0/0x4a00 [ 103.108171][T10450] ? find_held_lock+0x35/0x130 [ 103.112926][T10450] netlink_rcv_skb+0x177/0x450 [ 103.117675][T10450] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 103.123983][T10450] ? netlink_ack+0xb50/0xb50 [ 103.128555][T10450] ? __kasan_check_write+0x14/0x20 [ 103.133658][T10450] ? netlink_deliver_tap+0x248/0xbf0 [ 103.138930][T10450] genl_rcv+0x29/0x40 [ 103.142895][T10450] netlink_unicast+0x59e/0x7e0 [ 103.147647][T10450] ? netlink_attachskb+0x870/0x870 [ 103.152751][T10450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.159016][T10450] netlink_sendmsg+0x91c/0xea0 [ 103.163768][T10450] ? netlink_unicast+0x7e0/0x7e0 [ 103.168721][T10450] ? tomoyo_socket_sendmsg+0x26/0x30 [ 103.173989][T10450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.180210][T10450] ? security_socket_sendmsg+0x8d/0xc0 [ 103.185651][T10450] ? netlink_unicast+0x7e0/0x7e0 [ 103.190570][T10450] sock_sendmsg+0xd7/0x130 [ 103.194969][T10450] ____sys_sendmsg+0x753/0x880 [ 103.199716][T10450] ? kernel_sendmsg+0x50/0x50 [ 103.204376][T10450] ? debug_object_active_state+0x28a/0x350 [ 103.210166][T10450] ? find_held_lock+0x35/0x130 [ 103.214950][T10450] ___sys_sendmsg+0x100/0x170 [ 103.219611][T10450] ? sendmsg_copy_msghdr+0x70/0x70 [ 103.224706][T10450] ? lockdep_hardirqs_on+0x421/0x5e0 [ 103.229977][T10450] ? __kasan_check_read+0x11/0x20 [ 103.234996][T10450] ? mark_lock+0xc2/0x1220 [ 103.239431][T10450] ? __kasan_check_read+0x11/0x20 [ 103.244453][T10450] ? __lock_acquire+0x16f2/0x4a00 [ 103.249459][T10450] ? debug_object_deactivate+0x320/0x320 [ 103.255071][T10450] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 103.261214][T10450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.267442][T10450] ? __fget_light+0x1ad/0x270 [ 103.272106][T10450] ? __fdget+0x1b/0x20 [ 103.276168][T10450] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 103.282405][T10450] __sys_sendmsg+0x105/0x1d0 [ 103.286983][T10450] ? __sys_sendmsg_sock+0xc0/0xc0 [ 103.291989][T10450] ? lockdep_hardirqs_on+0x421/0x5e0 [ 103.297261][T10450] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 103.302713][T10450] ? do_syscall_64+0x26/0x790 [ 103.307375][T10450] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 103.313431][T10450] ? do_syscall_64+0x26/0x790 [ 103.318098][T10450] __x64_sys_sendmsg+0x78/0xb0 [ 103.322846][T10450] do_syscall_64+0xfa/0x790 [ 103.327371][T10450] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 103.333242][T10450] RIP: 0033:0x445b39 [ 103.337116][T10450] Code: e8 ac cb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab cc fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 103.356699][T10450] RSP: 002b:00007fff992b8188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 103.365088][T10450] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000445b39 [ 103.373041][T10450] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 103.380992][T10450] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000bb1414ac [ 103.389029][T10450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000018e9e [ 103.396981][T10450] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 103.406243][T10450] Kernel Offset: disabled [ 103.410571][T10450] Rebooting in 86400 seconds..