Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[  103.825353][   T26] audit: type=1400 audit(1579435406.128:37): avc:  denied  { watch } for  pid=10568 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [  107.873753][   T26] kauditd_printk_skb: 3 callbacks suppressed
[  107.873767][   T26] audit: type=1400 audit(1579435410.178:41): avc:  denied  { map } for  pid=10655 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.109' (ECDSA) to the list of known hosts.
executing program
executing program
[  121.265291][   T26] audit: type=1400 audit(1579435423.568:42): avc:  denied  { map } for  pid=10667 comm="syz-executor850" path="/root/syz-executor850563928" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[  121.280778][T10669] ==================================================================
[  121.292740][   T26] audit: type=1400 audit(1579435423.568:43): avc:  denied  { create } for  pid=10668 comm="syz-executor850" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[  121.300738][T10669] BUG: KASAN: use-after-free in bitmap_port_ext_cleanup+0xe6/0x2a0
[  121.300750][T10669] Read of size 8 at addr ffff8880a7caf2c0 by task syz-executor850/10669
[  121.300754][T10669] 
[  121.300768][T10669] CPU: 0 PID: 10669 Comm: syz-executor850 Not tainted 5.5.0-rc6-syzkaller #0
[  121.300776][T10669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  121.300780][T10669] Call Trace:
[  121.300800][T10669]  dump_stack+0x197/0x210
[  121.300815][T10669]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  121.300836][T10669]  print_address_description.constprop.0.cold+0xd4/0x30b
[  121.300849][T10669]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  121.300863][T10669]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  121.300877][T10669]  __kasan_report.cold+0x1b/0x41
[  121.300890][T10669]  ? kfree+0x210/0x2c0
[  121.300903][T10669]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  121.300919][T10669]  kasan_report+0x12/0x20
[  121.300938][T10669]  check_memory_region+0x134/0x1a0
[  121.300956][T10669]  __kasan_check_read+0x11/0x20
[  121.328160][   T26] audit: type=1400 audit(1579435423.568:44): avc:  denied  { write } for  pid=10668 comm="syz-executor850" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[  121.333993][T10669]  bitmap_port_ext_cleanup+0xe6/0x2a0
[  121.454790][T10669]  bitmap_port_destroy+0x17c/0x1d0
[  121.459896][T10669]  ip_set_create+0xe47/0x1500
[  121.464589][T10669]  ? ip_set_destroy+0xb70/0xb70
[  121.469442][T10669]  ? ip_set_destroy+0xb70/0xb70
[  121.474280][T10669]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  121.479239][T10669]  ? nfnetlink_bind+0x2c0/0x2c0
[  121.484155][T10669]  ? avc_has_extended_perms+0x10f0/0x10f0
[  121.489953][T10669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  121.496199][T10669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  121.502540][T10669]  ? cred_has_capability+0x199/0x330
[  121.507895][T10669]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  121.513534][T10669]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  121.519427][T10669]  ? __check_heap_object+0x53/0xb3
[  121.524629][T10669]  ? __lock_acquire+0x8a0/0x4a00
[  121.529557][T10669]  netlink_rcv_skb+0x177/0x450
[  121.534325][T10669]  ? nfnetlink_bind+0x2c0/0x2c0
[  121.539174][T10669]  ? netlink_ack+0xb50/0xb50
[  121.543805][T10669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  121.550058][T10669]  ? ns_capable_common+0x93/0x100
[  121.555083][T10669]  ? ns_capable+0x20/0x30
[  121.559405][T10669]  ? __netlink_ns_capable+0x104/0x140
[  121.564788][T10669]  nfnetlink_rcv+0x1ba/0x460
[  121.569536][T10669]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  121.574987][T10669]  ? netlink_deliver_tap+0x24a/0xbe0
[  121.580283][T10669]  ? __kasan_check_write+0x14/0x20
[  121.585443][T10669]  netlink_unicast+0x58c/0x7d0
[  121.590219][T10669]  ? netlink_attachskb+0x870/0x870
[  121.595327][T10669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  121.601567][T10669]  netlink_sendmsg+0x91c/0xea0
[  121.606382][T10669]  ? netlink_unicast+0x7d0/0x7d0
[  121.611342][T10669]  ? tomoyo_socket_sendmsg+0x26/0x30
[  121.616618][T10669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  121.622887][T10669]  ? security_socket_sendmsg+0x8d/0xc0
[  121.628365][T10669]  ? netlink_unicast+0x7d0/0x7d0
[  121.633302][T10669]  sock_sendmsg+0xd7/0x130
[  121.637766][T10669]  ____sys_sendmsg+0x753/0x880
[  121.642546][T10669]  ? kernel_sendmsg+0x50/0x50
[  121.647230][T10669]  ? mark_held_locks+0xa4/0xf0
[  121.652108][T10669]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  121.658188][T10669]  ? __handle_mm_fault+0x3145/0x3cc0
[  121.663562][T10669]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  121.669896][T10669]  ___sys_sendmsg+0x100/0x170
[  121.675207][T10669]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  121.681351][T10669]  ? sendmsg_copy_msghdr+0x70/0x70
[  121.686475][T10669]  ? __do_page_fault+0x56a/0xd80
[  121.691408][T10669]  ? find_held_lock+0x35/0x130
[  121.696175][T10669]  ? __do_page_fault+0x56a/0xd80
[  121.701242][T10669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  121.707556][T10669]  ? __fget_light+0x1a9/0x230
[  121.712238][T10669]  ? __fdget+0x1b/0x20
[  121.716303][T10669]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  121.722545][T10669]  __sys_sendmsg+0x105/0x1d0
[  121.727174][T10669]  ? __sys_sendmsg_sock+0xc0/0xc0
[  121.732192][T10669]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  121.737761][T10669]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  121.743224][T10669]  ? do_syscall_64+0x26/0x790
[  121.748028][T10669]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  121.754093][T10669]  ? do_syscall_64+0x26/0x790
[  121.758876][T10669]  __x64_sys_sendmsg+0x78/0xb0
[  121.763675][T10669]  do_syscall_64+0xfa/0x790
[  121.768235][T10669]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  121.774121][T10669] RIP: 0033:0x441399
[  121.778020][T10669] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  121.797757][T10669] RSP: 002b:00007ffecc9aac18 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  121.806232][T10669] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441399
[  121.814255][T10669] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003
[  121.822737][T10669] RBP: 000000000001d988 R08: 00000000004002c8 R09: 00000000004002c8
[  121.830846][T10669] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004021c0
[  121.838811][T10669] R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000
[  121.846799][T10669] 
[  121.849118][T10669] Allocated by task 10669:
[  121.853558][T10669]  save_stack+0x23/0x90
[  121.857723][T10669]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  121.863502][T10669]  kasan_kmalloc+0x9/0x10
[  121.867830][T10669]  __kmalloc+0x163/0x770
[  121.872066][T10669]  ip_set_alloc+0x38/0x5e
[  121.876487][T10669]  bitmap_port_create+0x3dc/0x7c0
[  121.881505][T10669]  ip_set_create+0x6f1/0x1500
[  121.886183][T10669]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  121.891272][T10669]  netlink_rcv_skb+0x177/0x450
[  121.896227][T10669]  nfnetlink_rcv+0x1ba/0x460
[  121.900853][T10669]  netlink_unicast+0x58c/0x7d0
[  121.905615][T10669]  netlink_sendmsg+0x91c/0xea0
[  121.911536][T10669]  sock_sendmsg+0xd7/0x130
[  121.915947][T10669]  ____sys_sendmsg+0x753/0x880
[  121.920857][T10669]  ___sys_sendmsg+0x100/0x170
[  121.925527][T10669]  __sys_sendmsg+0x105/0x1d0
[  121.930253][T10669]  __x64_sys_sendmsg+0x78/0xb0
[  121.935023][T10669]  do_syscall_64+0xfa/0x790
[  121.939694][T10669]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  121.945680][T10669] 
[  121.948129][T10669] Freed by task 10669:
[  121.952253][T10669]  save_stack+0x23/0x90
[  121.956420][T10669]  __kasan_slab_free+0x102/0x150
[  121.961362][T10669]  kasan_slab_free+0xe/0x10
[  121.965963][T10669]  kfree+0x10a/0x2c0
[  121.970006][T10669]  kvfree+0x61/0x70
[  121.973862][T10669]  ip_set_free+0x16/0x20
[  121.978454][T10669]  bitmap_port_destroy+0xae/0x1d0
[  121.983526][T10669]  ip_set_create+0xe47/0x1500
[  121.988337][T10669]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  121.993283][T10669]  netlink_rcv_skb+0x177/0x450
[  121.998113][T10669]  nfnetlink_rcv+0x1ba/0x460
[  122.002705][T10669]  netlink_unicast+0x58c/0x7d0
[  122.007458][T10669]  netlink_sendmsg+0x91c/0xea0
[  122.012229][T10669]  sock_sendmsg+0xd7/0x130
[  122.016653][T10669]  ____sys_sendmsg+0x753/0x880
[  122.021419][T10669]  ___sys_sendmsg+0x100/0x170
[  122.026095][T10669]  __sys_sendmsg+0x105/0x1d0
[  122.030800][T10669]  __x64_sys_sendmsg+0x78/0xb0
[  122.036167][T10669]  do_syscall_64+0xfa/0x790
[  122.040680][T10669]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  122.046665][T10669] 
[  122.049013][T10669] The buggy address belongs to the object at ffff8880a7caf2c0
[  122.049013][T10669]  which belongs to the cache kmalloc-32 of size 32
[  122.062984][T10669] The buggy address is located 0 bytes inside of
[  122.062984][T10669]  32-byte region [ffff8880a7caf2c0, ffff8880a7caf2e0)
[  122.076529][T10669] The buggy address belongs to the page:
[  122.082284][T10669] page:ffffea00029f2bc0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a7caffc1
[  122.092995][T10669] raw: 00fffe0000000200 ffffea00027f9ac8 ffffea0002a6c708 ffff8880aa4001c0
[  122.101592][T10669] raw: ffff8880a7caffc1 ffff8880a7caf000 000000010000002f 0000000000000000
[  122.110165][T10669] page dumped because: kasan: bad access detected
[  122.116567][T10669] 
[  122.118941][T10669] Memory state around the buggy address:
[  122.124591][T10669]  ffff8880a7caf180: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  122.132646][T10669]  ffff8880a7caf200: 00 07 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[  122.140794][T10669] >ffff8880a7caf280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  122.148855][T10669]                                            ^
[  122.155128][T10669]  ffff8880a7caf300: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  122.163873][T10669]  ffff8880a7caf380: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  122.171921][T10669] ==================================================================
[  122.179968][T10669] Disabling lock debugging due to kernel taint
[  122.187016][T10669] Kernel panic - not syncing: panic_on_warn set ...
[  122.193616][T10669] CPU: 0 PID: 10669 Comm: syz-executor850 Tainted: G    B             5.5.0-rc6-syzkaller #0
[  122.204005][T10669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  122.214160][T10669] Call Trace:
[  122.217445][T10669]  dump_stack+0x197/0x210
[  122.221769][T10669]  panic+0x2e3/0x75c
[  122.225658][T10669]  ? add_taint.cold+0x16/0x16
[  122.230460][T10669]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  122.236134][T10669]  ? preempt_schedule+0x4b/0x60
[  122.240979][T10669]  ? ___preempt_schedule+0x16/0x18
[  122.246179][T10669]  ? trace_hardirqs_on+0x5e/0x240
[  122.251410][T10669]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  122.257051][T10669]  end_report+0x47/0x4f
[  122.261785][T10669]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  122.267322][T10669]  __kasan_report.cold+0xe/0x41
[  122.272170][T10669]  ? kfree+0x210/0x2c0
[  122.276227][T10669]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[  122.281896][T10669]  kasan_report+0x12/0x20
[  122.286320][T10669]  check_memory_region+0x134/0x1a0
[  122.291490][T10669]  __kasan_check_read+0x11/0x20
[  122.296367][T10669]  bitmap_port_ext_cleanup+0xe6/0x2a0
[  122.301768][T10669]  bitmap_port_destroy+0x17c/0x1d0
[  122.306907][T10669]  ip_set_create+0xe47/0x1500
[  122.311690][T10669]  ? ip_set_destroy+0xb70/0xb70
[  122.316647][T10669]  ? ip_set_destroy+0xb70/0xb70
[  122.326127][T10669]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  122.331462][T10669]  ? nfnetlink_bind+0x2c0/0x2c0
[  122.336329][T10669]  ? avc_has_extended_perms+0x10f0/0x10f0
[  122.342069][T10669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  122.348310][T10669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  122.354806][T10669]  ? cred_has_capability+0x199/0x330
[  122.360187][T10669]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  122.365905][T10669]  ? selinux_sb_eat_lsm_opts+0x700/0x700
[  122.371671][T10669]  ? __check_heap_object+0x53/0xb3
[  122.376815][T10669]  ? __lock_acquire+0x8a0/0x4a00
[  122.381786][T10669]  netlink_rcv_skb+0x177/0x450
[  122.386569][T10669]  ? nfnetlink_bind+0x2c0/0x2c0
[  122.391470][T10669]  ? netlink_ack+0xb50/0xb50
[  122.396192][T10669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  122.402454][T10669]  ? ns_capable_common+0x93/0x100
[  122.407578][T10669]  ? ns_capable+0x20/0x30
[  122.411898][T10669]  ? __netlink_ns_capable+0x104/0x140
[  122.417281][T10669]  nfnetlink_rcv+0x1ba/0x460
[  122.421862][T10669]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  122.427534][T10669]  ? netlink_deliver_tap+0x24a/0xbe0
[  122.433825][T10669]  ? __kasan_check_write+0x14/0x20
[  122.438937][T10669]  netlink_unicast+0x58c/0x7d0
[  122.443707][T10669]  ? netlink_attachskb+0x870/0x870
[  122.448816][T10669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  122.455376][T10669]  netlink_sendmsg+0x91c/0xea0
[  122.460143][T10669]  ? netlink_unicast+0x7d0/0x7d0
[  122.465183][T10669]  ? tomoyo_socket_sendmsg+0x26/0x30
[  122.470891][T10669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  122.477136][T10669]  ? security_socket_sendmsg+0x8d/0xc0
[  122.482594][T10669]  ? netlink_unicast+0x7d0/0x7d0
[  122.488588][T10669]  sock_sendmsg+0xd7/0x130
[  122.493100][T10669]  ____sys_sendmsg+0x753/0x880
[  122.497875][T10669]  ? kernel_sendmsg+0x50/0x50
[  122.502563][T10669]  ? mark_held_locks+0xa4/0xf0
[  122.507320][T10669]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  122.513378][T10669]  ? __handle_mm_fault+0x3145/0x3cc0
[  122.518684][T10669]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  122.524855][T10669]  ___sys_sendmsg+0x100/0x170
[  122.529558][T10669]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  122.535567][T10669]  ? sendmsg_copy_msghdr+0x70/0x70
[  122.540823][T10669]  ? __do_page_fault+0x56a/0xd80
[  122.545925][T10669]  ? find_held_lock+0x35/0x130
[  122.550900][T10669]  ? __do_page_fault+0x56a/0xd80
[  122.555871][T10669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  122.562441][T10669]  ? __fget_light+0x1a9/0x230
[  122.567250][T10669]  ? __fdget+0x1b/0x20
[  122.571413][T10669]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  122.577658][T10669]  __sys_sendmsg+0x105/0x1d0
[  122.582257][T10669]  ? __sys_sendmsg_sock+0xc0/0xc0
[  122.587513][T10669]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  122.593267][T10669]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  122.598814][T10669]  ? do_syscall_64+0x26/0x790
[  122.603887][T10669]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  122.609953][T10669]  ? do_syscall_64+0x26/0x790
[  122.614767][T10669]  __x64_sys_sendmsg+0x78/0xb0
[  122.619798][T10669]  do_syscall_64+0xfa/0x790
[  122.624305][T10669]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  122.630280][T10669] RIP: 0033:0x441399
[  122.634514][T10669] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  122.654414][T10669] RSP: 002b:00007ffecc9aac18 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  122.663004][T10669] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441399
[  122.670974][T10669] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003
[  122.679051][T10669] RBP: 000000000001d988 R08: 00000000004002c8 R09: 00000000004002c8
[  122.687018][T10669] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004021c0
[  122.695223][T10669] R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000
[  122.705044][T10669] Kernel Offset: disabled
[  122.709569][T10669] Rebooting in 86400 seconds..