[  102.741812][   T27] audit: type=1800 audit(1579410441.467:36): pid=10467 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[  103.566640][   T27] audit: type=1400 audit(1579410442.377:37): avc:  denied  { watch } for  pid=10566 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.77' (ECDSA) to the list of known hosts.
syzkaller login: [  113.474552][   T27] kauditd_printk_skb: 4 callbacks suppressed
[  113.474568][   T27] audit: type=1400 audit(1579410452.287:42): avc:  denied  { map } for  pid=10659 comm="syz-executor014" path="/root/syz-executor014532167" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[  113.479133][T10659] ==================================================================
[  113.481215][   T27] audit: type=1400 audit(1579410452.287:43): avc:  denied  { create } for  pid=10659 comm="syz-executor014" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[  113.507703][T10659] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080
[  113.507716][T10659] Read of size 8 at addr ffff888094d8bf00 by task syz-executor014/10659
[  113.507720][T10659] 
[  113.507733][T10659] CPU: 1 PID: 10659 Comm: syz-executor014 Not tainted 5.5.0-rc6-syzkaller #0
executing program
[  113.507741][T10659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  113.507745][T10659] Call Trace:
[  113.507764][T10659]  dump_stack+0x197/0x210
[  113.507777][T10659]  ? bitmap_ipmac_list+0x635/0x1080
[  113.507797][T10659]  print_address_description.constprop.0.cold+0xd4/0x30b
[  113.507809][T10659]  ? bitmap_ipmac_list+0x635/0x1080
[  113.507819][T10659]  ? bitmap_ipmac_list+0x635/0x1080
[  113.507837][T10659]  __kasan_report.cold+0x1b/0x41
[  113.516728][   T27] audit: type=1400 audit(1579410452.287:44): avc:  denied  { write } for  pid=10659 comm="syz-executor014" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[  113.541106][T10659]  ? bitmap_ipmac_list+0x635/0x1080
[  113.541124][T10659]  kasan_report+0x12/0x20
[  113.541138][T10659]  check_memory_region+0x134/0x1a0
[  113.541152][T10659]  __kasan_check_read+0x11/0x20
[  113.541164][T10659]  bitmap_ipmac_list+0x635/0x1080
[  113.541190][T10659]  ? bitmap_ipmac_head+0x8a0/0x8a0
[  113.541207][T10659]  ? nla_put+0x110/0x150
[  113.541226][T10659]  ip_set_dump_start+0x96c/0x1ca0
[  113.677796][T10659]  ? ip_set_rename+0x720/0x720
[  113.682570][T10659]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  113.688202][T10659]  ? perf_trace_lock_acquire+0x4a0/0x530
[  113.693822][T10659]  ? __kasan_check_write+0x14/0x20
[  113.698927][T10659]  netlink_dump+0x558/0xfb0
[  113.703431][T10659]  ? __netlink_sendskb+0xc0/0xc0
[  113.708364][T10659]  __netlink_dump_start+0x66a/0x930
[  113.713559][T10659]  ip_set_dump+0x15a/0x1d0
[  113.717993][T10659]  ? call_ad+0x5a0/0x5a0
[  113.722233][T10659]  ? ip_set_rename+0x720/0x720
[  113.726981][T10659]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[  113.732796][T10659]  ? call_ad+0x5a0/0x5a0
[  113.737023][T10659]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  113.741965][T10659]  ? nfnetlink_bind+0x2c0/0x2c0
[  113.746833][T10659]  ? avc_has_extended_perms+0x10f0/0x10f0
[  113.752606][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  113.758925][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  113.765167][T10659]  ? cred_has_capability+0x199/0x330
[  113.770439][T10659]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  113.776083][T10659]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  113.781710][T10659]  ? __check_heap_object+0x53/0xb3
[  113.786821][T10659]  ? __lock_acquire+0x8a0/0x4a00
[  113.791761][T10659]  netlink_rcv_skb+0x177/0x450
[  113.796620][T10659]  ? nfnetlink_bind+0x2c0/0x2c0
[  113.801469][T10659]  ? netlink_ack+0xb50/0xb50
[  113.806111][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  113.812357][T10659]  ? ns_capable_common+0x93/0x100
[  113.817382][T10659]  ? ns_capable+0x20/0x30
[  113.821711][T10659]  ? __netlink_ns_capable+0x104/0x140
[  113.827109][T10659]  nfnetlink_rcv+0x1ba/0x460
[  113.831691][T10659]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  113.837150][T10659]  ? netlink_deliver_tap+0x24a/0xbe0
[  113.842478][T10659]  ? __kasan_check_write+0x14/0x20
[  113.847589][T10659]  netlink_unicast+0x58c/0x7d0
[  113.852369][T10659]  ? netlink_attachskb+0x870/0x870
[  113.857484][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  113.863728][T10659]  netlink_sendmsg+0x91c/0xea0
[  113.868513][T10659]  ? netlink_unicast+0x7d0/0x7d0
[  113.873451][T10659]  ? tomoyo_socket_sendmsg+0x26/0x30
[  113.878875][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  113.885213][T10659]  ? security_socket_sendmsg+0x8d/0xc0
[  113.890677][T10659]  ? netlink_unicast+0x7d0/0x7d0
[  113.895618][T10659]  sock_sendmsg+0xd7/0x130
[  113.900044][T10659]  ____sys_sendmsg+0x753/0x880
[  113.904840][T10659]  ? kernel_sendmsg+0x50/0x50
[  113.909515][T10659]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  113.915718][T10659]  ___sys_sendmsg+0x100/0x170
[  113.920405][T10659]  ? sendmsg_copy_msghdr+0x70/0x70
[  113.925522][T10659]  ? __kasan_check_read+0x11/0x20
[  113.932713][T10659]  ? __lock_acquire+0x8a0/0x4a00
[  113.937639][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  113.943874][T10659]  ? __this_cpu_preempt_check+0x35/0x190
[  113.949502][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  113.955731][T10659]  ? percpu_counter_add_batch+0x13c/0x190
[  113.961452][T10659]  ? __fd_install+0x1bc/0x640
[  113.966150][T10659]  ? find_held_lock+0x35/0x130
[  113.970909][T10659]  ? __fd_install+0x1bc/0x640
[  113.975590][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  113.981829][T10659]  ? __fget_light+0x1a9/0x230
[  113.986505][T10659]  ? __fdget+0x1b/0x20
[  113.990571][T10659]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  113.996799][T10659]  __sys_sendmsg+0x105/0x1d0
[  114.001397][T10659]  ? __sys_sendmsg_sock+0xc0/0xc0
[  114.006457][T10659]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  114.011909][T10659]  ? do_syscall_64+0x26/0x790
[  114.016585][T10659]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  114.022937][T10659]  ? do_syscall_64+0x26/0x790
[  114.027598][T10659]  __x64_sys_sendmsg+0x78/0xb0
[  114.032360][T10659]  do_syscall_64+0xfa/0x790
[  114.036917][T10659]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  114.042799][T10659] RIP: 0033:0x440529
[  114.046799][T10659] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  114.066401][T10659] RSP: 002b:00007ffdca188bd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  114.074983][T10659] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529
[  114.082951][T10659] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004
[  114.090926][T10659] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[  114.098905][T10659] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0
[  114.107175][T10659] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000
[  114.115166][T10659] 
[  114.117500][T10659] Allocated by task 10659:
[  114.121905][T10659]  save_stack+0x23/0x90
[  114.126084][T10659]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  114.131706][T10659]  kasan_kmalloc+0x9/0x10
[  114.136031][T10659]  __kmalloc+0x163/0x770
[  114.140260][T10659]  ip_set_alloc+0x38/0x5e
[  114.144575][T10659]  bitmap_ipmac_create+0x4e8/0xa00
[  114.149677][T10659]  ip_set_create+0x6f1/0x1500
[  114.154340][T10659]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  114.159386][T10659]  netlink_rcv_skb+0x177/0x450
[  114.164157][T10659]  nfnetlink_rcv+0x1ba/0x460
[  114.168884][T10659]  netlink_unicast+0x58c/0x7d0
[  114.173667][T10659]  netlink_sendmsg+0x91c/0xea0
[  114.178432][T10659]  sock_sendmsg+0xd7/0x130
[  114.182883][T10659]  ____sys_sendmsg+0x753/0x880
[  114.187735][T10659]  ___sys_sendmsg+0x100/0x170
[  114.192406][T10659]  __sys_sendmsg+0x105/0x1d0
[  114.197115][T10659]  __x64_sys_sendmsg+0x78/0xb0
[  114.201884][T10659]  do_syscall_64+0xfa/0x790
[  114.206390][T10659]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  114.212270][T10659] 
[  114.214603][T10659] Freed by task 0:
[  114.218314][T10659]  save_stack+0x23/0x90
[  114.223158][T10659]  __kasan_slab_free+0x102/0x150
[  114.228101][T10659]  kasan_slab_free+0xe/0x10
[  114.232592][T10659]  kfree+0x10a/0x2c0
[  114.236477][T10659]  security_cred_free+0xa9/0x110
[  114.241406][T10659]  put_cred_rcu+0x129/0x4b0
[  114.245906][T10659]  rcu_core+0x570/0x1540
[  114.250137][T10659]  rcu_core_si+0x9/0x10
[  114.254283][T10659]  __do_softirq+0x262/0x98c
[  114.258767][T10659] 
[  114.261137][T10659] The buggy address belongs to the object at ffff888094d8bf00
[  114.261137][T10659]  which belongs to the cache kmalloc-32 of size 32
[  114.275143][T10659] The buggy address is located 0 bytes inside of
[  114.275143][T10659]  32-byte region [ffff888094d8bf00, ffff888094d8bf20)
[  114.288290][T10659] The buggy address belongs to the page:
[  114.293926][T10659] page:ffffea00025362c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff888094d8bfc1
[  114.304340][T10659] raw: 00fffe0000000200 ffffea00029bdfc8 ffffea00025124c8 ffff8880aa4001c0
[  114.312923][T10659] raw: ffff888094d8bfc1 ffff888094d8b000 000000010000002b 0000000000000000
[  114.321521][T10659] page dumped because: kasan: bad access detected
[  114.328480][T10659] 
[  114.330801][T10659] Memory state around the buggy address:
[  114.336430][T10659]  ffff888094d8be00: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc
[  114.344542][T10659]  ffff888094d8be80: 00 00 01 fc fc fc fc fc 00 01 fc fc fc fc fc fc
[  114.352604][T10659] >ffff888094d8bf00: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[  114.360653][T10659]                    ^
[  114.364717][T10659]  ffff888094d8bf80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  114.372773][T10659]  ffff888094d8c000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  114.380840][T10659] ==================================================================
[  114.388908][T10659] Disabling lock debugging due to kernel taint
[  114.395810][T10659] Kernel panic - not syncing: panic_on_warn set ...
[  114.402465][T10659] CPU: 0 PID: 10659 Comm: syz-executor014 Tainted: G    B             5.5.0-rc6-syzkaller #0
[  114.412683][T10659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  114.422783][T10659] Call Trace:
[  114.426087][T10659]  dump_stack+0x197/0x210
[  114.430403][T10659]  panic+0x2e3/0x75c
[  114.434293][T10659]  ? add_taint.cold+0x16/0x16
[  114.439035][T10659]  ? bitmap_ipmac_list+0x635/0x1080
[  114.444235][T10659]  ? preempt_schedule+0x4b/0x60
[  114.449087][T10659]  ? ___preempt_schedule+0x16/0x18
[  114.454204][T10659]  ? trace_hardirqs_on+0x5e/0x240
[  114.459298][T10659]  ? bitmap_ipmac_list+0x635/0x1080
[  114.464497][T10659]  end_report+0x47/0x4f
[  114.468635][T10659]  ? bitmap_ipmac_list+0x635/0x1080
[  114.473827][T10659]  __kasan_report.cold+0xe/0x41
[  114.478672][T10659]  ? bitmap_ipmac_list+0x635/0x1080
[  114.483855][T10659]  kasan_report+0x12/0x20
[  114.488255][T10659]  check_memory_region+0x134/0x1a0
[  114.493372][T10659]  __kasan_check_read+0x11/0x20
[  114.498216][T10659]  bitmap_ipmac_list+0x635/0x1080
[  114.503348][T10659]  ? bitmap_ipmac_head+0x8a0/0x8a0
[  114.508452][T10659]  ? nla_put+0x110/0x150
[  114.512684][T10659]  ip_set_dump_start+0x96c/0x1ca0
[  114.517744][T10659]  ? ip_set_rename+0x720/0x720
[  114.522503][T10659]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  114.528056][T10659]  ? perf_trace_lock_acquire+0x4a0/0x530
[  114.534548][T10659]  ? __kasan_check_write+0x14/0x20
[  114.539647][T10659]  netlink_dump+0x558/0xfb0
[  114.544246][T10659]  ? __netlink_sendskb+0xc0/0xc0
[  114.549178][T10659]  __netlink_dump_start+0x66a/0x930
[  114.554375][T10659]  ip_set_dump+0x15a/0x1d0
[  114.558832][T10659]  ? call_ad+0x5a0/0x5a0
[  114.563069][T10659]  ? ip_set_rename+0x720/0x720
[  114.567825][T10659]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[  114.573624][T10659]  ? call_ad+0x5a0/0x5a0
[  114.577870][T10659]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  114.582818][T10659]  ? nfnetlink_bind+0x2c0/0x2c0
[  114.587670][T10659]  ? avc_has_extended_perms+0x10f0/0x10f0
[  114.593388][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  114.599635][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  114.605962][T10659]  ? cred_has_capability+0x199/0x330
[  114.611374][T10659]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  114.616993][T10659]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  114.622673][T10659]  ? __check_heap_object+0x53/0xb3
[  114.627794][T10659]  ? __lock_acquire+0x8a0/0x4a00
[  114.632713][T10659]  netlink_rcv_skb+0x177/0x450
[  114.637470][T10659]  ? nfnetlink_bind+0x2c0/0x2c0
[  114.642313][T10659]  ? netlink_ack+0xb50/0xb50
[  114.646895][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  114.653125][T10659]  ? ns_capable_common+0x93/0x100
[  114.658139][T10659]  ? ns_capable+0x20/0x30
[  114.662507][T10659]  ? __netlink_ns_capable+0x104/0x140
[  114.667872][T10659]  nfnetlink_rcv+0x1ba/0x460
[  114.672449][T10659]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  114.677943][T10659]  ? netlink_deliver_tap+0x24a/0xbe0
[  114.683223][T10659]  ? __kasan_check_write+0x14/0x20
[  114.688337][T10659]  netlink_unicast+0x58c/0x7d0
[  114.693094][T10659]  ? netlink_attachskb+0x870/0x870
[  114.698202][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  114.704641][T10659]  netlink_sendmsg+0x91c/0xea0
[  114.709439][T10659]  ? netlink_unicast+0x7d0/0x7d0
[  114.714373][T10659]  ? tomoyo_socket_sendmsg+0x26/0x30
[  114.719645][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  114.726021][T10659]  ? security_socket_sendmsg+0x8d/0xc0
[  114.731497][T10659]  ? netlink_unicast+0x7d0/0x7d0
[  114.736451][T10659]  sock_sendmsg+0xd7/0x130
[  114.740870][T10659]  ____sys_sendmsg+0x753/0x880
[  114.745619][T10659]  ? kernel_sendmsg+0x50/0x50
[  114.750503][T10659]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  114.756660][T10659]  ___sys_sendmsg+0x100/0x170
[  114.761343][T10659]  ? sendmsg_copy_msghdr+0x70/0x70
[  114.766467][T10659]  ? __kasan_check_read+0x11/0x20
[  114.771483][T10659]  ? __lock_acquire+0x8a0/0x4a00
[  114.776416][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  114.782744][T10659]  ? __this_cpu_preempt_check+0x35/0x190
[  114.788371][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  114.794601][T10659]  ? percpu_counter_add_batch+0x13c/0x190
[  114.800305][T10659]  ? __fd_install+0x1bc/0x640
[  114.805099][T10659]  ? find_held_lock+0x35/0x130
[  114.809882][T10659]  ? __fd_install+0x1bc/0x640
[  114.814602][T10659]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  114.820942][T10659]  ? __fget_light+0x1a9/0x230
[  114.825641][T10659]  ? __fdget+0x1b/0x20
[  114.829702][T10659]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  114.835936][T10659]  __sys_sendmsg+0x105/0x1d0
[  114.840507][T10659]  ? __sys_sendmsg_sock+0xc0/0xc0
[  114.845527][T10659]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  114.851092][T10659]  ? do_syscall_64+0x26/0x790
[  114.855763][T10659]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  114.861816][T10659]  ? do_syscall_64+0x26/0x790
[  114.866485][T10659]  __x64_sys_sendmsg+0x78/0xb0
[  114.871251][T10659]  do_syscall_64+0xfa/0x790
[  114.875802][T10659]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  114.881687][T10659] RIP: 0033:0x440529
[  114.886109][T10659] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  114.905704][T10659] RSP: 002b:00007ffdca188bd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  114.914247][T10659] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529
[  114.922204][T10659] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004
[  114.930157][T10659] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[  114.939075][T10659] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0
[  114.947903][T10659] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000
[  114.957319][T10659] Kernel Offset: disabled
[  114.961650][T10659] Rebooting in 86400 seconds..