[ 90.467169][ T28] audit: type=1800 audit(1579332410.404:26): pid=9651 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 91.448875][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 91.448887][ T28] audit: type=1800 audit(1579332411.404:29): pid=9651 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 91.476040][ T28] audit: type=1800 audit(1579332411.404:30): pid=9651 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.77' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 103.158961][ T9806] ================================================================== [ 103.167271][ T9806] BUG: KASAN: slab-out-of-bounds in bitmap_port_list+0x3cf/0xdb0 [ 103.175079][ T9806] Read of size 8 at addr ffff8880a893ac80 by task syz-executor590/9806 [ 103.183361][ T9806] [ 103.185694][ T9806] CPU: 0 PID: 9806 Comm: syz-executor590 Not tainted 5.5.0-rc6-syzkaller #0 [ 103.194354][ T9806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 103.204564][ T9806] Call Trace: [ 103.208035][ T9806] dump_stack+0x197/0x210 [ 103.212372][ T9806] ? bitmap_port_list+0x3cf/0xdb0 [ 103.217640][ T9806] print_address_description.constprop.0.cold+0xd4/0x30b [ 103.224727][ T9806] ? bitmap_port_list+0x3cf/0xdb0 [ 103.229745][ T9806] ? bitmap_port_list+0x3cf/0xdb0 [ 103.234796][ T9806] __kasan_report.cold+0x1b/0x41 [ 103.239721][ T9806] ? bitmap_port_list+0x3cf/0xdb0 [ 103.244735][ T9806] kasan_report+0x12/0x20 [ 103.249070][ T9806] check_memory_region+0x134/0x1a0 [ 103.254279][ T9806] __kasan_check_read+0x11/0x20 [ 103.259134][ T9806] bitmap_port_list+0x3cf/0xdb0 [ 103.263986][ T9806] ? bitmap_port_head+0x296/0x600 [ 103.269019][ T9806] ? bitmap_port_del+0x380/0x380 [ 103.273950][ T9806] ? nla_put+0x110/0x150 [ 103.278220][ T9806] ip_set_dump_start+0x96c/0x1ca0 [ 103.283329][ T9806] ? ip_set_rename+0x720/0x720 [ 103.288208][ T9806] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 103.293771][ T9806] ? perf_trace_lock_acquire+0x4c0/0x530 [ 103.299406][ T9806] ? __kasan_check_write+0x14/0x20 [ 103.304631][ T9806] netlink_dump+0x558/0xfb0 [ 103.309138][ T9806] ? __netlink_sendskb+0xc0/0xc0 [ 103.314098][ T9806] __netlink_dump_start+0x66a/0x930 [ 103.319481][ T9806] ip_set_dump+0x15a/0x1d0 [ 103.323896][ T9806] ? call_ad+0x5a0/0x5a0 [ 103.328138][ T9806] ? ip_set_rename+0x720/0x720 [ 103.332897][ T9806] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 103.338702][ T9806] ? call_ad+0x5a0/0x5a0 [ 103.342944][ T9806] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 103.347880][ T9806] ? nfnetlink_bind+0x2c0/0x2c0 [ 103.353070][ T9806] ? __kasan_check_read+0x11/0x20 [ 103.358093][ T9806] ? __lock_acquire+0x8a0/0x4a00 [ 103.363137][ T9806] ? save_stack+0x5c/0x90 [ 103.367473][ T9806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.373846][ T9806] ? apparmor_capable+0x497/0x900 [ 103.378990][ T9806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.385239][ T9806] ? __kasan_check_read+0x11/0x20 [ 103.390359][ T9806] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 103.395951][ T9806] netlink_rcv_skb+0x177/0x450 [ 103.400730][ T9806] ? nfnetlink_bind+0x2c0/0x2c0 [ 103.405594][ T9806] ? netlink_ack+0xb50/0xb50 [ 103.410176][ T9806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.416416][ T9806] ? ns_capable_common+0x93/0x100 [ 103.421447][ T9806] ? ns_capable+0x20/0x30 [ 103.425771][ T9806] ? __netlink_ns_capable+0x104/0x140 [ 103.431292][ T9806] nfnetlink_rcv+0x1ba/0x460 [ 103.435888][ T9806] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 103.441336][ T9806] ? netlink_deliver_tap+0x24a/0xbe0 [ 103.446760][ T9806] ? __kasan_check_write+0x14/0x20 [ 103.451859][ T9806] netlink_unicast+0x58c/0x7d0 [ 103.456629][ T9806] ? netlink_attachskb+0x870/0x870 [ 103.461739][ T9806] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 103.467450][ T9806] ? __check_object_size+0x3d/0x437 [ 103.472723][ T9806] netlink_sendmsg+0x91c/0xea0 [ 103.477487][ T9806] ? netlink_unicast+0x7d0/0x7d0 [ 103.482520][ T9806] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 103.488098][ T9806] ? apparmor_socket_sendmsg+0x2a/0x30 [ 103.493673][ T9806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.500102][ T9806] ? security_socket_sendmsg+0x8d/0xc0 [ 103.505709][ T9806] ? netlink_unicast+0x7d0/0x7d0 [ 103.510705][ T9806] sock_sendmsg+0xd7/0x130 [ 103.515142][ T9806] ____sys_sendmsg+0x753/0x880 [ 103.519910][ T9806] ? kernel_sendmsg+0x50/0x50 [ 103.524593][ T9806] ? mark_held_locks+0xa4/0xf0 [ 103.529346][ T9806] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 103.535414][ T9806] ___sys_sendmsg+0x100/0x170 [ 103.540112][ T9806] ? sendmsg_copy_msghdr+0x70/0x70 [ 103.545222][ T9806] ? prep_transhuge_page+0xa0/0xa0 [ 103.550333][ T9806] ? __do_page_fault+0x56a/0xd80 [ 103.555274][ T9806] ? find_held_lock+0x35/0x130 [ 103.560153][ T9806] ? __do_page_fault+0x56a/0xd80 [ 103.565094][ T9806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.571331][ T9806] ? __fget_light+0x1a9/0x230 [ 103.576106][ T9806] ? __fdget+0x1b/0x20 [ 103.580293][ T9806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 103.586882][ T9806] __sys_sendmsg+0x105/0x1d0 [ 103.591463][ T9806] ? __sys_sendmsg_sock+0xc0/0xc0 [ 103.596612][ T9806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 103.602073][ T9806] ? do_fast_syscall_32+0xd1/0xe16 [ 103.607187][ T9806] ? entry_SYSENTER_compat+0x70/0x7f [ 103.612468][ T9806] ? do_fast_syscall_32+0xd1/0xe16 [ 103.619411][ T9806] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 103.625067][ T9806] do_fast_syscall_32+0x27b/0xe16 [ 103.630172][ T9806] entry_SYSENTER_compat+0x70/0x7f [ 103.635273][ T9806] RIP: 0023:0xf7f74a39 [ 103.639350][ T9806] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 103.658946][ T9806] RSP: 002b:00000000ff9d938c EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 103.667882][ T9806] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000240 [ 103.675871][ T9806] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000ff9d94a4 [ 103.683851][ T9806] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 103.691972][ T9806] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 103.699950][ T9806] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 103.707925][ T9806] [ 103.710257][ T9806] Allocated by task 9805: [ 103.714583][ T9806] save_stack+0x23/0x90 [ 103.718991][ T9806] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 103.724806][ T9806] kasan_kmalloc+0x9/0x10 [ 103.729134][ T9806] __kmalloc+0x163/0x770 [ 103.733366][ T9806] ip_set_alloc+0x38/0x5e [ 103.737696][ T9806] bitmap_port_create+0x3dc/0x7c0 [ 103.742712][ T9806] ip_set_create+0x6f1/0x1500 [ 103.747383][ T9806] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 103.752315][ T9806] netlink_rcv_skb+0x177/0x450 [ 103.757067][ T9806] nfnetlink_rcv+0x1ba/0x460 [ 103.761815][ T9806] netlink_unicast+0x58c/0x7d0 [ 103.766843][ T9806] netlink_sendmsg+0x91c/0xea0 [ 103.771917][ T9806] sock_sendmsg+0xd7/0x130 [ 103.776530][ T9806] ____sys_sendmsg+0x753/0x880 [ 103.781290][ T9806] ___sys_sendmsg+0x100/0x170 [ 103.785961][ T9806] __sys_sendmsg+0x105/0x1d0 [ 103.790558][ T9806] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 103.796020][ T9806] do_fast_syscall_32+0x27b/0xe16 [ 103.801114][ T9806] entry_SYSENTER_compat+0x70/0x7f [ 103.806211][ T9806] [ 103.808540][ T9806] Freed by task 9545: [ 103.812547][ T9806] save_stack+0x23/0x90 [ 103.816715][ T9806] __kasan_slab_free+0x102/0x150 [ 103.821647][ T9806] kasan_slab_free+0xe/0x10 [ 103.826145][ T9806] kfree+0x10a/0x2c0 [ 103.830046][ T9806] tomoyo_init_log+0x15a9/0x2070 [ 103.835047][ T9806] tomoyo_supervisor+0x33f/0xef0 [ 103.840093][ T9806] tomoyo_env_perm+0x18e/0x210 [ 103.844856][ T9806] tomoyo_find_next_domain+0x1354/0x1f6c [ 103.850520][ T9806] tomoyo_bprm_check_security+0x124/0x1a0 [ 103.856385][ T9806] security_bprm_check+0x63/0xb0 [ 103.861321][ T9806] search_binary_handler+0x71/0x570 [ 103.866644][ T9806] __do_execve_file.isra.0+0x1329/0x22b0 [ 103.872285][ T9806] __x64_sys_execve+0x8f/0xc0 [ 103.876971][ T9806] do_syscall_64+0xfa/0x790 [ 103.881570][ T9806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 103.887451][ T9806] [ 103.889790][ T9806] The buggy address belongs to the object at ffff8880a893ac80 [ 103.889790][ T9806] which belongs to the cache kmalloc-32 of size 32 [ 103.903684][ T9806] The buggy address is located 0 bytes inside of [ 103.903684][ T9806] 32-byte region [ffff8880a893ac80, ffff8880a893aca0) [ 103.916685][ T9806] The buggy address belongs to the page: [ 103.922408][ T9806] page:ffffea0002a24e80 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a893afc1 [ 103.932831][ T9806] raw: 00fffe0000000200 ffffea0002894ac8 ffffea0002a1fa08 ffff8880aa4001c0 [ 103.941573][ T9806] raw: ffff8880a893afc1 ffff8880a893a000 000000010000002d 0000000000000000 [ 103.950153][ T9806] page dumped because: kasan: bad access detected [ 103.956555][ T9806] [ 103.958976][ T9806] Memory state around the buggy address: [ 103.964589][ T9806] ffff8880a893ab80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 103.972643][ T9806] ffff8880a893ac00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 103.980704][ T9806] >ffff8880a893ac80: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 103.990669][ T9806] ^ [ 103.994729][ T9806] ffff8880a893ad00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 104.002787][ T9806] ffff8880a893ad80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 104.011023][ T9806] ================================================================== [ 104.019255][ T9806] Disabling lock debugging due to kernel taint [ 104.026088][ T9806] Kernel panic - not syncing: panic_on_warn set ... [ 104.032760][ T9806] CPU: 0 PID: 9806 Comm: syz-executor590 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 104.043369][ T9806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 104.053643][ T9806] Call Trace: [ 104.056926][ T9806] dump_stack+0x197/0x210 [ 104.061242][ T9806] panic+0x2e3/0x75c [ 104.065143][ T9806] ? add_taint.cold+0x16/0x16 [ 104.069938][ T9806] ? bitmap_port_list+0x3cf/0xdb0 [ 104.074996][ T9806] ? preempt_schedule+0x4b/0x60 [ 104.079859][ T9806] ? ___preempt_schedule+0x16/0x18 [ 104.084973][ T9806] ? trace_hardirqs_on+0x5e/0x240 [ 104.090147][ T9806] ? bitmap_port_list+0x3cf/0xdb0 [ 104.095560][ T9806] end_report+0x47/0x4f [ 104.099833][ T9806] ? bitmap_port_list+0x3cf/0xdb0 [ 104.104865][ T9806] __kasan_report.cold+0xe/0x41 [ 104.109825][ T9806] ? bitmap_port_list+0x3cf/0xdb0 [ 104.115082][ T9806] kasan_report+0x12/0x20 [ 104.119404][ T9806] check_memory_region+0x134/0x1a0 [ 104.125357][ T9806] __kasan_check_read+0x11/0x20 [ 104.130466][ T9806] bitmap_port_list+0x3cf/0xdb0 [ 104.135640][ T9806] ? bitmap_port_head+0x296/0x600 [ 104.140996][ T9806] ? bitmap_port_del+0x380/0x380 [ 104.145928][ T9806] ? nla_put+0x110/0x150 [ 104.150277][ T9806] ip_set_dump_start+0x96c/0x1ca0 [ 104.155633][ T9806] ? ip_set_rename+0x720/0x720 [ 104.160496][ T9806] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 104.166040][ T9806] ? perf_trace_lock_acquire+0x4c0/0x530 [ 104.171720][ T9806] ? __kasan_check_write+0x14/0x20 [ 104.176825][ T9806] netlink_dump+0x558/0xfb0 [ 104.181375][ T9806] ? __netlink_sendskb+0xc0/0xc0 [ 104.186312][ T9806] __netlink_dump_start+0x66a/0x930 [ 104.191763][ T9806] ip_set_dump+0x15a/0x1d0 [ 104.196238][ T9806] ? call_ad+0x5a0/0x5a0 [ 104.200479][ T9806] ? ip_set_rename+0x720/0x720 [ 104.205335][ T9806] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 104.211257][ T9806] ? call_ad+0x5a0/0x5a0 [ 104.215555][ T9806] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 104.220503][ T9806] ? nfnetlink_bind+0x2c0/0x2c0 [ 104.225458][ T9806] ? __kasan_check_read+0x11/0x20 [ 104.230480][ T9806] ? __lock_acquire+0x8a0/0x4a00 [ 104.235472][ T9806] ? save_stack+0x5c/0x90 [ 104.239950][ T9806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.246301][ T9806] ? apparmor_capable+0x497/0x900 [ 104.251322][ T9806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.257622][ T9806] ? __kasan_check_read+0x11/0x20 [ 104.262715][ T9806] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 104.268184][ T9806] netlink_rcv_skb+0x177/0x450 [ 104.273199][ T9806] ? nfnetlink_bind+0x2c0/0x2c0 [ 104.278051][ T9806] ? netlink_ack+0xb50/0xb50 [ 104.282810][ T9806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.289061][ T9806] ? ns_capable_common+0x93/0x100 [ 104.294198][ T9806] ? ns_capable+0x20/0x30 [ 104.298526][ T9806] ? __netlink_ns_capable+0x104/0x140 [ 104.304058][ T9806] nfnetlink_rcv+0x1ba/0x460 [ 104.308762][ T9806] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 104.314230][ T9806] ? netlink_deliver_tap+0x24a/0xbe0 [ 104.319674][ T9806] ? __kasan_check_write+0x14/0x20 [ 104.325299][ T9806] netlink_unicast+0x58c/0x7d0 [ 104.330160][ T9806] ? netlink_attachskb+0x870/0x870 [ 104.335280][ T9806] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 104.341111][ T9806] ? __check_object_size+0x3d/0x437 [ 104.346656][ T9806] netlink_sendmsg+0x91c/0xea0 [ 104.351422][ T9806] ? netlink_unicast+0x7d0/0x7d0 [ 104.356449][ T9806] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 104.362171][ T9806] ? apparmor_socket_sendmsg+0x2a/0x30 [ 104.367635][ T9806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.375381][ T9806] ? security_socket_sendmsg+0x8d/0xc0 [ 104.380944][ T9806] ? netlink_unicast+0x7d0/0x7d0 [ 104.385949][ T9806] sock_sendmsg+0xd7/0x130 [ 104.390577][ T9806] ____sys_sendmsg+0x753/0x880 [ 104.395518][ T9806] ? kernel_sendmsg+0x50/0x50 [ 104.400337][ T9806] ? mark_held_locks+0xa4/0xf0 [ 104.405111][ T9806] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 104.411388][ T9806] ___sys_sendmsg+0x100/0x170 [ 104.416063][ T9806] ? sendmsg_copy_msghdr+0x70/0x70 [ 104.421387][ T9806] ? prep_transhuge_page+0xa0/0xa0 [ 104.426745][ T9806] ? __do_page_fault+0x56a/0xd80 [ 104.431746][ T9806] ? find_held_lock+0x35/0x130 [ 104.436526][ T9806] ? __do_page_fault+0x56a/0xd80 [ 104.441554][ T9806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.447897][ T9806] ? __fget_light+0x1a9/0x230 [ 104.452562][ T9806] ? __fdget+0x1b/0x20 [ 104.456751][ T9806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 104.462989][ T9806] __sys_sendmsg+0x105/0x1d0 [ 104.467615][ T9806] ? __sys_sendmsg_sock+0xc0/0xc0 [ 104.472847][ T9806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 104.479161][ T9806] ? do_fast_syscall_32+0xd1/0xe16 [ 104.484514][ T9806] ? entry_SYSENTER_compat+0x70/0x7f [ 104.489816][ T9806] ? do_fast_syscall_32+0xd1/0xe16 [ 104.495019][ T9806] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 104.501633][ T9806] do_fast_syscall_32+0x27b/0xe16 [ 104.506743][ T9806] entry_SYSENTER_compat+0x70/0x7f [ 104.511851][ T9806] RIP: 0023:0xf7f74a39 [ 104.515913][ T9806] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 104.535978][ T9806] RSP: 002b:00000000ff9d938c EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 104.544715][ T9806] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000240 [ 104.552681][ T9806] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000ff9d94a4 [ 104.560655][ T9806] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 104.568627][ T9806] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 104.576583][ T9806] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 104.586335][ T9806] Kernel Offset: disabled [ 104.590680][ T9806] Rebooting in 86400 seconds..