[ 82.989455][ T27] audit: type=1400 audit(1579951088.908:37): avc: denied { watch } for pid=10603 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [ 83.033233][ T27] audit: type=1400 audit(1579951088.938:38): avc: denied { watch } for pid=10603 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1[ 83.273230][ T27] audit: type=1800 audit(1579951089.188:39): pid=10518 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 G[ ok [39;[ 83.296578][ T27] audit: type=1800 audit(1579951089.198:40): pid=10518 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 85.496221][ T27] audit: type=1400 audit(1579951091.418:41): avc: denied { map } for pid=10697 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts. executing program executing program [ 103.897434][ T27] audit: type=1400 audit(1579951109.818:42): avc: denied { map } for pid=10709 comm="syz-executor601" path="/root/syz-executor601111839" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 103.926459][T10711] ================================================================== [ 103.934690][T10711] BUG: KASAN: slab-out-of-bounds in bitmap_port_ext_cleanup+0xe6/0x2a0 [ 103.942913][T10711] Read of size 8 at addr ffff88809f7a5c00 by task syz-executor601/10711 [ 103.951234][T10711] [ 103.953562][T10711] CPU: 0 PID: 10711 Comm: syz-executor601 Not tainted 5.5.0-rc7-syzkaller #0 [ 103.962308][T10711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 103.972344][T10711] Call Trace: [ 103.975624][T10711] dump_stack+0x197/0x210 [ 103.979951][T10711] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 103.985482][T10711] print_address_description.constprop.0.cold+0xd4/0x30b [ 103.992484][T10711] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 103.998010][T10711] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 104.003536][T10711] __kasan_report.cold+0x1b/0x41 [ 104.008470][T10711] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 104.014009][T10711] kasan_report+0x12/0x20 [ 104.018336][T10711] check_memory_region+0x134/0x1a0 [ 104.023430][T10711] __kasan_check_read+0x11/0x20 [ 104.028262][T10711] bitmap_port_ext_cleanup+0xe6/0x2a0 [ 104.033627][T10711] bitmap_port_destroy+0x180/0x1d0 [ 104.038721][T10711] ip_set_create+0xe47/0x1500 [ 104.043383][T10711] ? ip_set_destroy+0xb70/0xb70 [ 104.048242][T10711] ? ip_set_destroy+0xb70/0xb70 [ 104.053077][T10711] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 104.058005][T10711] ? nfnetlink_bind+0x2c0/0x2c0 [ 104.062846][T10711] ? avc_has_extended_perms+0x10f0/0x10f0 [ 104.068557][T10711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.074786][T10711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.081038][T10711] ? cred_has_capability+0x199/0x330 [ 104.086324][T10711] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 104.091951][T10711] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 104.097578][T10711] ? enable_cpucache.cold+0x11/0x1e [ 104.102760][T10711] ? __lock_acquire+0x8a0/0x4a00 [ 104.107684][T10711] netlink_rcv_skb+0x177/0x450 [ 104.112428][T10711] ? nfnetlink_bind+0x2c0/0x2c0 [ 104.117261][T10711] ? netlink_ack+0xb50/0xb50 [ 104.121832][T10711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.128060][T10711] ? ns_capable_common+0x93/0x100 [ 104.133063][T10711] ? ns_capable+0x20/0x30 [ 104.137376][T10711] ? __netlink_ns_capable+0x104/0x140 [ 104.142733][T10711] nfnetlink_rcv+0x1ba/0x460 [ 104.147315][T10711] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 104.152771][T10711] ? netlink_deliver_tap+0x24a/0xbe0 [ 104.158038][T10711] ? __kasan_check_write+0x14/0x20 [ 104.163149][T10711] netlink_unicast+0x58c/0x7d0 [ 104.168166][T10711] ? netlink_attachskb+0x870/0x870 [ 104.173259][T10711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.179525][T10711] netlink_sendmsg+0x91c/0xea0 [ 104.184273][T10711] ? netlink_unicast+0x7d0/0x7d0 [ 104.189193][T10711] ? tomoyo_socket_sendmsg+0x26/0x30 [ 104.194458][T10711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.200675][T10711] ? security_socket_sendmsg+0x8d/0xc0 [ 104.206148][T10711] ? netlink_unicast+0x7d0/0x7d0 [ 104.211097][T10711] sock_sendmsg+0xd7/0x130 [ 104.216110][T10711] ____sys_sendmsg+0x753/0x880 [ 104.220856][T10711] ? kernel_sendmsg+0x50/0x50 [ 104.225526][T10711] ? mark_held_locks+0xa4/0xf0 [ 104.230284][T10711] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 104.236338][T10711] ? __handle_mm_fault+0x3145/0x3cc0 [ 104.241613][T10711] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 104.247672][T10711] ___sys_sendmsg+0x100/0x170 [ 104.252343][T10711] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 104.258326][T10711] ? sendmsg_copy_msghdr+0x70/0x70 [ 104.263434][T10711] ? __do_page_fault+0x56a/0xd80 [ 104.268353][T10711] ? find_held_lock+0x35/0x130 [ 104.273098][T10711] ? __do_page_fault+0x56a/0xd80 [ 104.278032][T10711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.284250][T10711] ? __fget_light+0x1a9/0x230 [ 104.289177][T10711] ? __fdget+0x1b/0x20 [ 104.293267][T10711] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 104.299491][T10711] __sys_sendmsg+0x105/0x1d0 [ 104.304064][T10711] ? __sys_sendmsg_sock+0xc0/0xc0 [ 104.309081][T10711] ? down_read_non_owner+0x490/0x490 [ 104.314361][T10711] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 104.319889][T10711] ? do_syscall_64+0x26/0x790 [ 104.324559][T10711] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.330609][T10711] ? do_syscall_64+0x26/0x790 [ 104.335274][T10711] __x64_sys_sendmsg+0x78/0xb0 [ 104.340019][T10711] do_syscall_64+0xfa/0x790 [ 104.344506][T10711] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.350381][T10711] RIP: 0033:0x441399 [ 104.354262][T10711] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 104.373846][T10711] RSP: 002b:00007ffd8d1187e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 104.382248][T10711] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441399 [ 104.390210][T10711] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 104.398174][T10711] RBP: 00000000000195c0 R08: 00000000004002c8 R09: 00000000004002c8 [ 104.406286][T10711] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004021c0 [ 104.414238][T10711] R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000 [ 104.422209][T10711] [ 104.424516][T10711] Allocated by task 10711: [ 104.428929][T10711] save_stack+0x23/0x90 [ 104.433065][T10711] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 104.438682][T10711] kasan_kmalloc+0x9/0x10 [ 104.442994][T10711] __kmalloc+0x163/0x770 [ 104.447216][T10711] ip_set_alloc+0x38/0x5e [ 104.451533][T10711] bitmap_port_create+0x3dc/0x7c0 [ 104.456536][T10711] ip_set_create+0x6f1/0x1500 [ 104.461200][T10711] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 104.466138][T10711] netlink_rcv_skb+0x177/0x450 [ 104.470885][T10711] nfnetlink_rcv+0x1ba/0x460 [ 104.475451][T10711] netlink_unicast+0x58c/0x7d0 [ 104.480191][T10711] netlink_sendmsg+0x91c/0xea0 [ 104.484931][T10711] sock_sendmsg+0xd7/0x130 [ 104.489322][T10711] ____sys_sendmsg+0x753/0x880 [ 104.494061][T10711] ___sys_sendmsg+0x100/0x170 [ 104.498716][T10711] __sys_sendmsg+0x105/0x1d0 [ 104.503285][T10711] __x64_sys_sendmsg+0x78/0xb0 [ 104.508038][T10711] do_syscall_64+0xfa/0x790 [ 104.512533][T10711] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.518411][T10711] [ 104.520722][T10711] Freed by task 10475: [ 104.524780][T10711] save_stack+0x23/0x90 [ 104.528955][T10711] __kasan_slab_free+0x102/0x150 [ 104.533874][T10711] kasan_slab_free+0xe/0x10 [ 104.538367][T10711] kfree+0x10a/0x2c0 [ 104.542251][T10711] tomoyo_supervisor+0xc2c/0xef0 [ 104.547191][T10711] tomoyo_path_permission+0x263/0x360 [ 104.552563][T10711] tomoyo_path_perm+0x318/0x430 [ 104.557410][T10711] tomoyo_inode_getattr+0x1d/0x30 [ 104.562420][T10711] security_inode_getattr+0xf2/0x150 [ 104.567689][T10711] vfs_getattr+0x25/0x70 [ 104.571919][T10711] vfs_statx_fd+0x71/0xc0 [ 104.576232][T10711] __do_sys_newfstat+0x9b/0x120 [ 104.581076][T10711] __x64_sys_newfstat+0x54/0x80 [ 104.585913][T10711] do_syscall_64+0xfa/0x790 [ 104.590406][T10711] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.596275][T10711] [ 104.598641][T10711] The buggy address belongs to the object at ffff88809f7a5c00 [ 104.598641][T10711] which belongs to the cache kmalloc-32 of size 32 [ 104.612539][T10711] The buggy address is located 0 bytes inside of [ 104.612539][T10711] 32-byte region [ffff88809f7a5c00, ffff88809f7a5c20) [ 104.625650][T10711] The buggy address belongs to the page: [ 104.631302][T10711] page:ffffea00027de940 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809f7a5fc1 [ 104.641698][T10711] raw: 00fffe0000000200 ffffea0002a2ae88 ffffea00027a8108 ffff8880aa4001c0 [ 104.650281][T10711] raw: ffff88809f7a5fc1 ffff88809f7a5000 0000000100000033 0000000000000000 [ 104.658849][T10711] page dumped because: kasan: bad access detected [ 104.665340][T10711] [ 104.667651][T10711] Memory state around the buggy address: [ 104.673272][T10711] ffff88809f7a5b00: 05 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 104.681419][T10711] ffff88809f7a5b80: fb fb fb fb fc fc fc fc 05 fc fc fc fc fc fc fc [ 104.689475][T10711] >ffff88809f7a5c00: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 104.697526][T10711] ^ [ 104.701582][T10711] ffff88809f7a5c80: 06 fc fc fc fc fc fc fc 00 00 fc fc fc fc fc fc [ 104.709680][T10711] ffff88809f7a5d00: 00 00 01 fc fc fc fc fc 00 00 00 00 fc fc fc fc [ 104.717721][T10711] ================================================================== [ 104.725759][T10711] Disabling lock debugging due to kernel taint [ 104.732053][ T27] audit: type=1400 audit(1579951109.818:43): avc: denied { create } for pid=10710 comm="syz-executor601" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 104.758047][ T27] audit: type=1400 audit(1579951109.818:44): avc: denied { write } for pid=10710 comm="syz-executor601" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 104.784351][T10711] Kernel panic - not syncing: panic_on_warn set ... [ 104.790940][T10711] CPU: 0 PID: 10711 Comm: syz-executor601 Tainted: G B 5.5.0-rc7-syzkaller #0 [ 104.801324][T10711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 104.811461][T10711] Call Trace: [ 104.814734][T10711] dump_stack+0x197/0x210 [ 104.819041][T10711] panic+0x2e3/0x75c [ 104.822912][T10711] ? add_taint.cold+0x16/0x16 [ 104.827566][T10711] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 104.833108][T10711] ? preempt_schedule+0x4b/0x60 [ 104.837935][T10711] ? ___preempt_schedule+0x16/0x18 [ 104.843039][T10711] ? trace_hardirqs_on+0x5e/0x240 [ 104.848043][T10711] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 104.853694][T10711] end_report+0x47/0x4f [ 104.857834][T10711] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 104.863356][T10711] __kasan_report.cold+0xe/0x41 [ 104.868880][T10711] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 104.874402][T10711] kasan_report+0x12/0x20 [ 104.878774][T10711] check_memory_region+0x134/0x1a0 [ 104.883862][T10711] __kasan_check_read+0x11/0x20 [ 104.888690][T10711] bitmap_port_ext_cleanup+0xe6/0x2a0 [ 104.894062][T10711] bitmap_port_destroy+0x180/0x1d0 [ 104.899165][T10711] ip_set_create+0xe47/0x1500 [ 104.903824][T10711] ? ip_set_destroy+0xb70/0xb70 [ 104.908673][T10711] ? ip_set_destroy+0xb70/0xb70 [ 104.913510][T10711] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 104.918444][T10711] ? nfnetlink_bind+0x2c0/0x2c0 [ 104.923275][T10711] ? avc_has_extended_perms+0x10f0/0x10f0 [ 104.928990][T10711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.935220][T10711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.941446][T10711] ? cred_has_capability+0x199/0x330 [ 104.946710][T10711] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 104.952317][T10711] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 104.957937][T10711] ? enable_cpucache.cold+0x11/0x1e [ 104.963121][T10711] ? __lock_acquire+0x8a0/0x4a00 [ 104.968038][T10711] netlink_rcv_skb+0x177/0x450 [ 104.972782][T10711] ? nfnetlink_bind+0x2c0/0x2c0 [ 104.977611][T10711] ? netlink_ack+0xb50/0xb50 [ 104.982179][T10711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.988402][T10711] ? ns_capable_common+0x93/0x100 [ 104.993413][T10711] ? ns_capable+0x20/0x30 [ 104.997722][T10711] ? __netlink_ns_capable+0x104/0x140 [ 105.003249][T10711] nfnetlink_rcv+0x1ba/0x460 [ 105.007830][T10711] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 105.013274][T10711] ? netlink_deliver_tap+0x24a/0xbe0 [ 105.018542][T10711] ? __kasan_check_write+0x14/0x20 [ 105.023666][T10711] netlink_unicast+0x58c/0x7d0 [ 105.028441][T10711] ? netlink_attachskb+0x870/0x870 [ 105.033550][T10711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 105.039792][T10711] netlink_sendmsg+0x91c/0xea0 [ 105.044541][T10711] ? netlink_unicast+0x7d0/0x7d0 [ 105.049461][T10711] ? tomoyo_socket_sendmsg+0x26/0x30 [ 105.054726][T10711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 105.060962][T10711] ? security_socket_sendmsg+0x8d/0xc0 [ 105.066411][T10711] ? netlink_unicast+0x7d0/0x7d0 [ 105.071326][T10711] sock_sendmsg+0xd7/0x130 [ 105.075719][T10711] ____sys_sendmsg+0x753/0x880 [ 105.080462][T10711] ? kernel_sendmsg+0x50/0x50 [ 105.085129][T10711] ? mark_held_locks+0xa4/0xf0 [ 105.089884][T10711] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 105.095933][T10711] ? __handle_mm_fault+0x3145/0x3cc0 [ 105.101206][T10711] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 105.107262][T10711] ___sys_sendmsg+0x100/0x170 [ 105.111928][T10711] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 105.117888][T10711] ? sendmsg_copy_msghdr+0x70/0x70 [ 105.122979][T10711] ? __do_page_fault+0x56a/0xd80 [ 105.127893][T10711] ? find_held_lock+0x35/0x130 [ 105.132657][T10711] ? __do_page_fault+0x56a/0xd80 [ 105.137574][T10711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 105.143801][T10711] ? __fget_light+0x1a9/0x230 [ 105.148457][T10711] ? __fdget+0x1b/0x20 [ 105.152514][T10711] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 105.158741][T10711] __sys_sendmsg+0x105/0x1d0 [ 105.163309][T10711] ? __sys_sendmsg_sock+0xc0/0xc0 [ 105.168341][T10711] ? down_read_non_owner+0x490/0x490 [ 105.173609][T10711] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 105.179132][T10711] ? do_syscall_64+0x26/0x790 [ 105.183786][T10711] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.189829][T10711] ? do_syscall_64+0x26/0x790 [ 105.194498][T10711] __x64_sys_sendmsg+0x78/0xb0 [ 105.199250][T10711] do_syscall_64+0xfa/0x790 [ 105.203993][T10711] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.209870][T10711] RIP: 0033:0x441399 [ 105.213752][T10711] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 105.233331][T10711] RSP: 002b:00007ffd8d1187e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 105.241740][T10711] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441399 [ 105.249705][T10711] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 105.257658][T10711] RBP: 00000000000195c0 R08: 00000000004002c8 R09: 00000000004002c8 [ 105.265622][T10711] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004021c0 [ 105.273593][T10711] R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000 [ 105.283079][T10711] Kernel Offset: disabled [ 105.287438][T10711] Rebooting in 86400 seconds..