[ 82.435533][ T28] audit: type=1800 audit(1579327544.610:26): pid=9447 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 83.499745][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 83.499756][ T28] audit: type=1800 audit(1579327545.700:29): pid=9447 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 83.526817][ T28] audit: type=1800 audit(1579327545.700:30): pid=9447 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 91.413114][ T9601] ================================================================== [ 91.421419][ T9601] BUG: KASAN: slab-out-of-bounds in bitmap_port_list+0x3cf/0xdb0 [ 91.429226][ T9601] Read of size 8 at addr ffff88809e300440 by task syz-executor168/9601 [ 91.437446][ T9601] [ 91.439774][ T9601] CPU: 0 PID: 9601 Comm: syz-executor168 Not tainted 5.5.0-rc5-syzkaller #0 [ 91.448690][ T9601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 91.458833][ T9601] Call Trace: [ 91.462146][ T9601] dump_stack+0x197/0x210 [ 91.466487][ T9601] ? bitmap_port_list+0x3cf/0xdb0 [ 91.471520][ T9601] print_address_description.constprop.0.cold+0xd4/0x30b [ 91.478614][ T9601] ? bitmap_port_list+0x3cf/0xdb0 [ 91.483832][ T9601] ? bitmap_port_list+0x3cf/0xdb0 [ 91.488859][ T9601] __kasan_report.cold+0x1b/0x41 [ 91.493791][ T9601] ? bitmap_port_list+0x3cf/0xdb0 [ 91.498806][ T9601] kasan_report+0x12/0x20 [ 91.503126][ T9601] check_memory_region+0x134/0x1a0 [ 91.508226][ T9601] __kasan_check_read+0x11/0x20 [ 91.513119][ T9601] bitmap_port_list+0x3cf/0xdb0 [ 91.518060][ T9601] ? bitmap_port_head+0x296/0x600 [ 91.523104][ T9601] ? bitmap_port_del+0x380/0x380 [ 91.528044][ T9601] ? nla_put+0x110/0x150 [ 91.532726][ T9601] ip_set_dump_start+0x96c/0x1ca0 [ 91.537765][ T9601] ? ip_set_rename+0x720/0x720 [ 91.542548][ T9601] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 91.548223][ T9601] ? zap_class+0xe40/0xe60 [ 91.552642][ T9601] ? __kasan_check_write+0x14/0x20 [ 91.557752][ T9601] netlink_dump+0x558/0xfb0 [ 91.562255][ T9601] ? __netlink_sendskb+0xc0/0xc0 [ 91.567200][ T9601] __netlink_dump_start+0x673/0x930 [ 91.572448][ T9601] ip_set_dump+0x15a/0x1d0 [ 91.577048][ T9601] ? call_ad+0x5a0/0x5a0 [ 91.581316][ T9601] ? ip_set_rename+0x720/0x720 [ 91.586073][ T9601] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 91.591870][ T9601] ? call_ad+0x5a0/0x5a0 [ 91.596103][ T9601] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 91.601041][ T9601] ? nfnetlink_bind+0x2c0/0x2c0 [ 91.606196][ T9601] ? __kasan_check_read+0x11/0x20 [ 91.611263][ T9601] ? __lock_acquire+0x8a0/0x4a00 [ 91.616194][ T9601] ? save_stack+0x5c/0x90 [ 91.620584][ T9601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 91.626917][ T9601] ? apparmor_capable+0x497/0x900 [ 91.632245][ T9601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 91.638478][ T9601] ? __kasan_check_read+0x11/0x20 [ 91.643707][ T9601] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 91.649167][ T9601] netlink_rcv_skb+0x177/0x450 [ 91.653975][ T9601] ? nfnetlink_bind+0x2c0/0x2c0 [ 91.658812][ T9601] ? netlink_ack+0xb50/0xb50 [ 91.663452][ T9601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 91.669721][ T9601] ? ns_capable_common+0x93/0x100 [ 91.674757][ T9601] ? ns_capable+0x20/0x30 [ 91.679155][ T9601] ? __netlink_ns_capable+0x104/0x140 [ 91.685037][ T9601] nfnetlink_rcv+0x1ba/0x460 [ 91.689716][ T9601] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 91.695261][ T9601] ? netlink_deliver_tap+0x24a/0xbf0 [ 91.700541][ T9601] ? __kasan_check_write+0x14/0x20 [ 91.705747][ T9601] netlink_unicast+0x59e/0x7e0 [ 91.710512][ T9601] ? netlink_attachskb+0x870/0x870 [ 91.715613][ T9601] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 91.721344][ T9601] ? __check_object_size+0x3d/0x437 [ 91.726541][ T9601] netlink_sendmsg+0x91c/0xea0 [ 91.731303][ T9601] ? netlink_unicast+0x7e0/0x7e0 [ 91.736227][ T9601] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 91.741785][ T9601] ? apparmor_socket_sendmsg+0x2a/0x30 [ 91.747301][ T9601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 91.753555][ T9601] ? security_socket_sendmsg+0x8d/0xc0 [ 91.759020][ T9601] ? netlink_unicast+0x7e0/0x7e0 [ 91.764126][ T9601] sock_sendmsg+0xd7/0x130 [ 91.768535][ T9601] ____sys_sendmsg+0x753/0x880 [ 91.773295][ T9601] ? kernel_sendmsg+0x50/0x50 [ 91.778178][ T9601] ? mark_held_locks+0xa4/0xf0 [ 91.782933][ T9601] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 91.788989][ T9601] ? __handle_mm_fault+0x3145/0x3cc0 [ 91.794483][ T9601] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 91.800688][ T9601] ___sys_sendmsg+0x100/0x170 [ 91.805375][ T9601] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 91.811462][ T9601] ? sendmsg_copy_msghdr+0x70/0x70 [ 91.816575][ T9601] ? __do_page_fault+0x56a/0xd80 [ 91.821515][ T9601] ? find_held_lock+0x35/0x130 [ 91.826279][ T9601] ? __do_page_fault+0x56a/0xd80 [ 91.831216][ T9601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 91.837473][ T9601] ? __fget_light+0x1a9/0x230 [ 91.842149][ T9601] ? __fdget+0x1b/0x20 [ 91.846211][ T9601] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 91.852740][ T9601] __sys_sendmsg+0x105/0x1d0 [ 91.857337][ T9601] ? __sys_sendmsg_sock+0xc0/0xc0 [ 91.862380][ T9601] ? down_read_non_owner+0x490/0x490 [ 91.867680][ T9601] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 91.873132][ T9601] ? do_syscall_64+0x26/0x790 [ 91.877807][ T9601] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 91.883873][ T9601] ? do_syscall_64+0x26/0x790 [ 91.888803][ T9601] __x64_sys_sendmsg+0x78/0xb0 [ 91.893599][ T9601] do_syscall_64+0xfa/0x790 [ 91.898416][ T9601] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 91.904299][ T9601] RIP: 0033:0x441479 [ 91.908192][ T9601] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 91.928053][ T9601] RSP: 002b:00007ffd99913cf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.936459][ T9601] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441479 [ 91.944426][ T9601] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 91.952486][ T9601] RBP: 00000000000164de R08: 00000000004002c8 R09: 00000000004002c8 [ 91.960576][ T9601] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004022a0 [ 91.968760][ T9601] R13: 0000000000402330 R14: 0000000000000000 R15: 0000000000000000 [ 91.976787][ T9601] [ 91.979121][ T9601] Allocated by task 9600: [ 91.983461][ T9601] save_stack+0x23/0x90 [ 91.987612][ T9601] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 91.993242][ T9601] kasan_kmalloc+0x9/0x10 [ 91.997558][ T9601] __kmalloc+0x163/0x770 [ 92.002061][ T9601] ip_set_alloc+0x38/0x5e [ 92.006593][ T9601] bitmap_port_create+0x3dc/0x7c0 [ 92.011613][ T9601] ip_set_create+0x6f1/0x1500 [ 92.016314][ T9601] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 92.021518][ T9601] netlink_rcv_skb+0x177/0x450 [ 92.026270][ T9601] nfnetlink_rcv+0x1ba/0x460 [ 92.030847][ T9601] netlink_unicast+0x59e/0x7e0 [ 92.035598][ T9601] netlink_sendmsg+0x91c/0xea0 [ 92.040353][ T9601] sock_sendmsg+0xd7/0x130 [ 92.044790][ T9601] ____sys_sendmsg+0x753/0x880 [ 92.049544][ T9601] ___sys_sendmsg+0x100/0x170 [ 92.054212][ T9601] __sys_sendmsg+0x105/0x1d0 [ 92.058948][ T9601] __x64_sys_sendmsg+0x78/0xb0 [ 92.063702][ T9601] do_syscall_64+0xfa/0x790 [ 92.068194][ T9601] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 92.074156][ T9601] [ 92.076522][ T9601] Freed by task 9311: [ 92.080497][ T9601] save_stack+0x23/0x90 [ 92.084643][ T9601] __kasan_slab_free+0x102/0x150 [ 92.089647][ T9601] kasan_slab_free+0xe/0x10 [ 92.094249][ T9601] kfree+0x10a/0x2c0 [ 92.098132][ T9601] single_release+0x95/0xc0 [ 92.102658][ T9601] __fput+0x2ff/0x890 [ 92.106629][ T9601] ____fput+0x16/0x20 [ 92.110606][ T9601] task_work_run+0x145/0x1c0 [ 92.115182][ T9601] exit_to_usermode_loop+0x316/0x380 [ 92.120452][ T9601] do_syscall_64+0x676/0x790 [ 92.125033][ T9601] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 92.130968][ T9601] [ 92.133278][ T9601] The buggy address belongs to the object at ffff88809e300440 [ 92.133278][ T9601] which belongs to the cache kmalloc-32 of size 32 [ 92.147288][ T9601] The buggy address is located 0 bytes inside of [ 92.147288][ T9601] 32-byte region [ffff88809e300440, ffff88809e300460) [ 92.160391][ T9601] The buggy address belongs to the page: [ 92.166021][ T9601] page:ffffea000278c000 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809e300fc1 [ 92.176633][ T9601] raw: 00fffe0000000200 ffffea00029d57c8 ffffea0002a14148 ffff8880aa4001c0 [ 92.185218][ T9601] raw: ffff88809e300fc1 ffff88809e300000 000000010000003e 0000000000000000 [ 92.193791][ T9601] page dumped because: kasan: bad access detected [ 92.200184][ T9601] [ 92.202634][ T9601] Memory state around the buggy address: [ 92.208264][ T9601] ffff88809e300300: 00 03 fc fc fc fc fc fc 00 03 fc fc fc fc fc fc [ 92.216313][ T9601] ffff88809e300380: fb fb fb fb fc fc fc fc 06 fc fc fc fc fc fc fc [ 92.224356][ T9601] >ffff88809e300400: 06 fc fc fc fc fc fc fc 04 fc fc fc fc fc fc fc [ 92.233319][ T9601] ^ [ 92.239527][ T9601] ffff88809e300480: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 92.247761][ T9601] ffff88809e300500: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc [ 92.255946][ T9601] ================================================================== [ 92.263997][ T9601] Disabling lock debugging due to kernel taint [ 92.272315][ T9601] Kernel panic - not syncing: panic_on_warn set ... [ 92.279312][ T9601] CPU: 0 PID: 9601 Comm: syz-executor168 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 92.290267][ T9601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 92.300398][ T9601] Call Trace: [ 92.303675][ T9601] dump_stack+0x197/0x210 [ 92.308178][ T9601] panic+0x2e3/0x75c [ 92.312175][ T9601] ? add_taint.cold+0x16/0x16 [ 92.316963][ T9601] ? bitmap_port_list+0x3cf/0xdb0 [ 92.322087][ T9601] ? preempt_schedule+0x4b/0x60 [ 92.326983][ T9601] ? ___preempt_schedule+0x16/0x18 [ 92.332255][ T9601] ? trace_hardirqs_on+0x5e/0x240 [ 92.337316][ T9601] ? bitmap_port_list+0x3cf/0xdb0 [ 92.342330][ T9601] end_report+0x47/0x4f [ 92.346562][ T9601] ? bitmap_port_list+0x3cf/0xdb0 [ 92.351700][ T9601] __kasan_report.cold+0xe/0x41 [ 92.356537][ T9601] ? bitmap_port_list+0x3cf/0xdb0 [ 92.361550][ T9601] kasan_report+0x12/0x20 [ 92.365884][ T9601] check_memory_region+0x134/0x1a0 [ 92.371350][ T9601] __kasan_check_read+0x11/0x20 [ 92.376215][ T9601] bitmap_port_list+0x3cf/0xdb0 [ 92.381052][ T9601] ? bitmap_port_head+0x296/0x600 [ 92.386070][ T9601] ? bitmap_port_del+0x380/0x380 [ 92.391123][ T9601] ? nla_put+0x110/0x150 [ 92.395408][ T9601] ip_set_dump_start+0x96c/0x1ca0 [ 92.400420][ T9601] ? ip_set_rename+0x720/0x720 [ 92.405192][ T9601] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 92.410738][ T9601] ? zap_class+0xe40/0xe60 [ 92.415167][ T9601] ? __kasan_check_write+0x14/0x20 [ 92.420282][ T9601] netlink_dump+0x558/0xfb0 [ 92.424892][ T9601] ? __netlink_sendskb+0xc0/0xc0 [ 92.429931][ T9601] __netlink_dump_start+0x673/0x930 [ 92.435829][ T9601] ip_set_dump+0x15a/0x1d0 [ 92.440258][ T9601] ? call_ad+0x5a0/0x5a0 [ 92.444502][ T9601] ? ip_set_rename+0x720/0x720 [ 92.449390][ T9601] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 92.455193][ T9601] ? call_ad+0x5a0/0x5a0 [ 92.459465][ T9601] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 92.464402][ T9601] ? nfnetlink_bind+0x2c0/0x2c0 [ 92.469253][ T9601] ? __kasan_check_read+0x11/0x20 [ 92.474268][ T9601] ? __lock_acquire+0x8a0/0x4a00 [ 92.479301][ T9601] ? save_stack+0x5c/0x90 [ 92.483663][ T9601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 92.489939][ T9601] ? apparmor_capable+0x497/0x900 [ 92.495114][ T9601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 92.501507][ T9601] ? __kasan_check_read+0x11/0x20 [ 92.506628][ T9601] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 92.512192][ T9601] netlink_rcv_skb+0x177/0x450 [ 92.517092][ T9601] ? nfnetlink_bind+0x2c0/0x2c0 [ 92.522037][ T9601] ? netlink_ack+0xb50/0xb50 [ 92.526620][ T9601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 92.532858][ T9601] ? ns_capable_common+0x93/0x100 [ 92.537919][ T9601] ? ns_capable+0x20/0x30 [ 92.542322][ T9601] ? __netlink_ns_capable+0x104/0x140 [ 92.547701][ T9601] nfnetlink_rcv+0x1ba/0x460 [ 92.552284][ T9601] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 92.557765][ T9601] ? netlink_deliver_tap+0x24a/0xbf0 [ 92.563036][ T9601] ? __kasan_check_write+0x14/0x20 [ 92.568199][ T9601] netlink_unicast+0x59e/0x7e0 [ 92.573065][ T9601] ? netlink_attachskb+0x870/0x870 [ 92.578285][ T9601] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 92.584219][ T9601] ? __check_object_size+0x3d/0x437 [ 92.589427][ T9601] netlink_sendmsg+0x91c/0xea0 [ 92.594184][ T9601] ? netlink_unicast+0x7e0/0x7e0 [ 92.599112][ T9601] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 92.604654][ T9601] ? apparmor_socket_sendmsg+0x2a/0x30 [ 92.610166][ T9601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 92.616496][ T9601] ? security_socket_sendmsg+0x8d/0xc0 [ 92.622036][ T9601] ? netlink_unicast+0x7e0/0x7e0 [ 92.627239][ T9601] sock_sendmsg+0xd7/0x130 [ 92.631675][ T9601] ____sys_sendmsg+0x753/0x880 [ 92.636440][ T9601] ? kernel_sendmsg+0x50/0x50 [ 92.641303][ T9601] ? mark_held_locks+0xa4/0xf0 [ 92.646060][ T9601] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 92.652238][ T9601] ? __handle_mm_fault+0x3145/0x3cc0 [ 92.657659][ T9601] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 92.663720][ T9601] ___sys_sendmsg+0x100/0x170 [ 92.668384][ T9601] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 92.674352][ T9601] ? sendmsg_copy_msghdr+0x70/0x70 [ 92.679493][ T9601] ? __do_page_fault+0x56a/0xd80 [ 92.684468][ T9601] ? find_held_lock+0x35/0x130 [ 92.689257][ T9601] ? __do_page_fault+0x56a/0xd80 [ 92.694206][ T9601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 92.700435][ T9601] ? __fget_light+0x1a9/0x230 [ 92.705105][ T9601] ? __fdget+0x1b/0x20 [ 92.709371][ T9601] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 92.715662][ T9601] __sys_sendmsg+0x105/0x1d0 [ 92.720242][ T9601] ? __sys_sendmsg_sock+0xc0/0xc0 [ 92.725261][ T9601] ? down_read_non_owner+0x490/0x490 [ 92.730539][ T9601] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 92.736163][ T9601] ? do_syscall_64+0x26/0x790 [ 92.740972][ T9601] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 92.747026][ T9601] ? do_syscall_64+0x26/0x790 [ 92.751689][ T9601] __x64_sys_sendmsg+0x78/0xb0 [ 92.756446][ T9601] do_syscall_64+0xfa/0x790 [ 92.760981][ T9601] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 92.766854][ T9601] RIP: 0033:0x441479 [ 92.770735][ T9601] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 92.790497][ T9601] RSP: 002b:00007ffd99913cf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 92.798947][ T9601] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441479 [ 92.806904][ T9601] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 92.814967][ T9601] RBP: 00000000000164de R08: 00000000004002c8 R09: 00000000004002c8 [ 92.822952][ T9601] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004022a0 [ 92.830977][ T9601] R13: 0000000000402330 R14: 0000000000000000 R15: 0000000000000000 [ 92.840415][ T9601] Kernel Offset: disabled [ 92.844745][ T9601] Rebooting in 86400 seconds..