[ 97.267486][ T26] audit: type=1800 audit(1579359988.342:25): pid=9552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 97.287156][ T26] audit: type=1800 audit(1579359988.342:26): pid=9552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 97.315035][ T26] audit: type=1800 audit(1579359988.352:27): pid=9552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 97.748830][ T9620] sshd (9620) used greatest stack depth: 22264 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 107.675748][ T9705] ================================================================== [ 107.683941][ T9705] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080 [ 107.691826][ T9705] Read of size 8 at addr ffff8880a396bb00 by task syz-executor647/9705 [ 107.700043][ T9705] [ 107.702475][ T9705] CPU: 0 PID: 9705 Comm: syz-executor647 Not tainted 5.5.0-rc6-syzkaller #0 [ 107.711146][ T9705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 107.721196][ T9705] Call Trace: [ 107.724485][ T9705] dump_stack+0x197/0x210 [ 107.728854][ T9705] ? bitmap_ipmac_list+0x635/0x1080 [ 107.734052][ T9705] print_address_description.constprop.0.cold+0xd4/0x30b [ 107.741065][ T9705] ? bitmap_ipmac_list+0x635/0x1080 [ 107.746257][ T9705] ? bitmap_ipmac_list+0x635/0x1080 [ 107.751494][ T9705] __kasan_report.cold+0x1b/0x41 [ 107.756687][ T9705] ? bitmap_ipmac_list+0x635/0x1080 [ 107.761876][ T9705] kasan_report+0x12/0x20 [ 107.766193][ T9705] check_memory_region+0x134/0x1a0 [ 107.771305][ T9705] __kasan_check_read+0x11/0x20 [ 107.776155][ T9705] bitmap_ipmac_list+0x635/0x1080 [ 107.781180][ T9705] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 107.786451][ T9705] ? nla_put+0x110/0x150 [ 107.790713][ T9705] ip_set_dump_start+0x96c/0x1ca0 [ 107.795758][ T9705] ? ip_set_rename+0x720/0x720 [ 107.800511][ T9705] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 107.806051][ T9705] ? perf_trace_lock_acquire+0x4c0/0x530 [ 107.811686][ T9705] ? __kasan_check_write+0x14/0x20 [ 107.816793][ T9705] netlink_dump+0x558/0xfb0 [ 107.821281][ T9705] ? __netlink_sendskb+0xc0/0xc0 [ 107.826306][ T9705] __netlink_dump_start+0x66a/0x930 [ 107.831522][ T9705] ip_set_dump+0x15a/0x1d0 [ 107.835927][ T9705] ? call_ad+0x5a0/0x5a0 [ 107.840164][ T9705] ? ip_set_rename+0x720/0x720 [ 107.844935][ T9705] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 107.850756][ T9705] ? call_ad+0x5a0/0x5a0 [ 107.855103][ T9705] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 107.860156][ T9705] ? nfnetlink_bind+0x2c0/0x2c0 [ 107.865007][ T9705] ? __kasan_check_read+0x11/0x20 [ 107.870016][ T9705] ? __lock_acquire+0x8a0/0x4a00 [ 107.874955][ T9705] ? save_stack+0x5c/0x90 [ 107.879295][ T9705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.885529][ T9705] ? apparmor_capable+0x497/0x900 [ 107.890585][ T9705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.896831][ T9705] ? __kasan_check_read+0x11/0x20 [ 107.901855][ T9705] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 107.907395][ T9705] netlink_rcv_skb+0x177/0x450 [ 107.912181][ T9705] ? nfnetlink_bind+0x2c0/0x2c0 [ 107.917036][ T9705] ? netlink_ack+0xb50/0xb50 [ 107.921620][ T9705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.927854][ T9705] ? ns_capable_common+0x93/0x100 [ 107.932865][ T9705] ? ns_capable+0x20/0x30 [ 107.937193][ T9705] ? __netlink_ns_capable+0x104/0x140 [ 107.942673][ T9705] nfnetlink_rcv+0x1ba/0x460 [ 107.947259][ T9705] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 107.952739][ T9705] ? netlink_deliver_tap+0x24a/0xbe0 [ 107.958016][ T9705] ? __kasan_check_write+0x14/0x20 [ 107.963111][ T9705] netlink_unicast+0x58c/0x7d0 [ 107.967866][ T9705] ? netlink_attachskb+0x870/0x870 [ 107.972969][ T9705] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 107.978681][ T9705] ? __check_object_size+0x3d/0x437 [ 107.983863][ T9705] netlink_sendmsg+0x91c/0xea0 [ 107.988748][ T9705] ? netlink_unicast+0x7d0/0x7d0 [ 107.993668][ T9705] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 107.999211][ T9705] ? apparmor_socket_sendmsg+0x2a/0x30 [ 108.004685][ T9705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 108.010918][ T9705] ? security_socket_sendmsg+0x8d/0xc0 [ 108.016363][ T9705] ? netlink_unicast+0x7d0/0x7d0 [ 108.021310][ T9705] sock_sendmsg+0xd7/0x130 [ 108.025719][ T9705] ____sys_sendmsg+0x753/0x880 [ 108.030501][ T9705] ? kernel_sendmsg+0x50/0x50 [ 108.035172][ T9705] ? lockdep_init_map+0x1be/0x6d0 [ 108.040291][ T9705] ___sys_sendmsg+0x100/0x170 [ 108.044965][ T9705] ? sendmsg_copy_msghdr+0x70/0x70 [ 108.050160][ T9705] ? __kasan_check_read+0x11/0x20 [ 108.055247][ T9705] ? __lock_acquire+0x8a0/0x4a00 [ 108.060300][ T9705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 108.066544][ T9705] ? __this_cpu_preempt_check+0x35/0x190 [ 108.072170][ T9705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 108.078395][ T9705] ? percpu_counter_add_batch+0x13c/0x190 [ 108.084181][ T9705] ? __fd_install+0x1bc/0x640 [ 108.088851][ T9705] ? find_held_lock+0x35/0x130 [ 108.093624][ T9705] ? __fd_install+0x1bc/0x640 [ 108.098413][ T9705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 108.104655][ T9705] ? __fget_light+0x1a9/0x230 [ 108.109324][ T9705] ? __fdget+0x1b/0x20 [ 108.113387][ T9705] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 108.119655][ T9705] __sys_sendmsg+0x105/0x1d0 [ 108.124399][ T9705] ? __sys_sendmsg_sock+0xc0/0xc0 [ 108.129418][ T9705] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 108.134865][ T9705] ? do_syscall_64+0x26/0x790 [ 108.139550][ T9705] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 108.145724][ T9705] ? do_syscall_64+0x26/0x790 [ 108.150417][ T9705] __x64_sys_sendmsg+0x78/0xb0 [ 108.155168][ T9705] do_syscall_64+0xfa/0x790 [ 108.159693][ T9705] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 108.165582][ T9705] RIP: 0033:0x440539 [ 108.169456][ T9705] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 108.189134][ T9705] RSP: 002b:00007ffec4d14ef8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 108.197535][ T9705] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440539 [ 108.205607][ T9705] RDX: 0000000000000040 RSI: 0000000020000680 RDI: 0000000000000004 [ 108.213605][ T9705] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 108.221575][ T9705] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401dc0 [ 108.229584][ T9705] R13: 0000000000401e50 R14: 0000000000000000 R15: 0000000000000000 [ 108.237983][ T9705] [ 108.240296][ T9705] Allocated by task 9705: [ 108.244727][ T9705] save_stack+0x23/0x90 [ 108.248870][ T9705] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 108.254507][ T9705] kasan_kmalloc+0x9/0x10 [ 108.258834][ T9705] __kmalloc+0x163/0x770 [ 108.263419][ T9705] ip_set_alloc+0x38/0x5e [ 108.267732][ T9705] bitmap_ipmac_create+0x4e8/0xa00 [ 108.272834][ T9705] ip_set_create+0x6f1/0x1500 [ 108.277494][ T9705] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 108.282409][ T9705] netlink_rcv_skb+0x177/0x450 [ 108.287159][ T9705] nfnetlink_rcv+0x1ba/0x460 [ 108.291731][ T9705] netlink_unicast+0x58c/0x7d0 [ 108.296482][ T9705] netlink_sendmsg+0x91c/0xea0 [ 108.301226][ T9705] sock_sendmsg+0xd7/0x130 [ 108.305644][ T9705] ____sys_sendmsg+0x753/0x880 [ 108.310409][ T9705] ___sys_sendmsg+0x100/0x170 [ 108.315070][ T9705] __sys_sendmsg+0x105/0x1d0 [ 108.319649][ T9705] __x64_sys_sendmsg+0x78/0xb0 [ 108.324422][ T9705] do_syscall_64+0xfa/0x790 [ 108.328920][ T9705] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 108.334802][ T9705] [ 108.337220][ T9705] Freed by task 9436: [ 108.341229][ T9705] save_stack+0x23/0x90 [ 108.345505][ T9705] __kasan_slab_free+0x102/0x150 [ 108.350581][ T9705] kasan_slab_free+0xe/0x10 [ 108.355064][ T9705] kfree+0x10a/0x2c0 [ 108.358939][ T9705] tomoyo_check_open_permission+0x19e/0x3e0 [ 108.364839][ T9705] tomoyo_file_open+0xa9/0xd0 [ 108.369506][ T9705] security_file_open+0x71/0x300 [ 108.374431][ T9705] do_dentry_open+0x37a/0x1380 [ 108.379299][ T9705] vfs_open+0xa0/0xd0 [ 108.383265][ T9705] path_openat+0x118b/0x3180 [ 108.387834][ T9705] do_filp_open+0x1a1/0x280 [ 108.392386][ T9705] do_sys_open+0x3fe/0x5d0 [ 108.396783][ T9705] __x64_sys_open+0x7e/0xc0 [ 108.401340][ T9705] do_syscall_64+0xfa/0x790 [ 108.405873][ T9705] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 108.411754][ T9705] [ 108.414081][ T9705] The buggy address belongs to the object at ffff8880a396bb00 [ 108.414081][ T9705] which belongs to the cache kmalloc-32 of size 32 [ 108.428008][ T9705] The buggy address is located 0 bytes inside of [ 108.428008][ T9705] 32-byte region [ffff8880a396bb00, ffff8880a396bb20) [ 108.441008][ T9705] The buggy address belongs to the page: [ 108.446634][ T9705] page:ffffea00028e5ac0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a396bfc1 [ 108.457034][ T9705] raw: 00fffe0000000200 ffffea000291c148 ffffea0002801388 ffff8880aa4001c0 [ 108.465741][ T9705] raw: ffff8880a396bfc1 ffff8880a396b000 0000000100000026 0000000000000000 [ 108.474311][ T9705] page dumped because: kasan: bad access detected [ 108.480777][ T9705] [ 108.483096][ T9705] Memory state around the buggy address: [ 108.488749][ T9705] ffff8880a396ba00: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc [ 108.496804][ T9705] ffff8880a396ba80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 108.504884][ T9705] >ffff8880a396bb00: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 108.512942][ T9705] ^ [ 108.517036][ T9705] ffff8880a396bb80: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 108.525093][ T9705] ffff8880a396bc00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 108.533147][ T9705] ================================================================== [ 108.541233][ T9705] Disabling lock debugging due to kernel taint [ 108.548045][ T9705] Kernel panic - not syncing: panic_on_warn set ... [ 108.554638][ T9705] CPU: 0 PID: 9705 Comm: syz-executor647 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 108.564677][ T9705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 108.574742][ T9705] Call Trace: [ 108.578020][ T9705] dump_stack+0x197/0x210 [ 108.582861][ T9705] panic+0x2e3/0x75c [ 108.586737][ T9705] ? add_taint.cold+0x16/0x16 [ 108.591452][ T9705] ? bitmap_ipmac_list+0x635/0x1080 [ 108.596761][ T9705] ? preempt_schedule+0x4b/0x60 [ 108.601712][ T9705] ? ___preempt_schedule+0x16/0x18 [ 108.606873][ T9705] ? trace_hardirqs_on+0x5e/0x240 [ 108.611885][ T9705] ? bitmap_ipmac_list+0x635/0x1080 [ 108.617070][ T9705] end_report+0x47/0x4f [ 108.621280][ T9705] ? bitmap_ipmac_list+0x635/0x1080 [ 108.626558][ T9705] __kasan_report.cold+0xe/0x41 [ 108.631403][ T9705] ? bitmap_ipmac_list+0x635/0x1080 [ 108.636592][ T9705] kasan_report+0x12/0x20 [ 108.640941][ T9705] check_memory_region+0x134/0x1a0 [ 108.646043][ T9705] __kasan_check_read+0x11/0x20 [ 108.650876][ T9705] bitmap_ipmac_list+0x635/0x1080 [ 108.655972][ T9705] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 108.663056][ T9705] ? nla_put+0x110/0x150 [ 108.668245][ T9705] ip_set_dump_start+0x96c/0x1ca0 [ 108.673359][ T9705] ? ip_set_rename+0x720/0x720 [ 108.678144][ T9705] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 108.683768][ T9705] ? perf_trace_lock_acquire+0x4c0/0x530 [ 108.689531][ T9705] ? __kasan_check_write+0x14/0x20 [ 108.694659][ T9705] netlink_dump+0x558/0xfb0 [ 108.699180][ T9705] ? __netlink_sendskb+0xc0/0xc0 [ 108.704113][ T9705] __netlink_dump_start+0x66a/0x930 [ 108.709334][ T9705] ip_set_dump+0x15a/0x1d0 [ 108.713828][ T9705] ? call_ad+0x5a0/0x5a0 [ 108.718049][ T9705] ? ip_set_rename+0x720/0x720 [ 108.722843][ T9705] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 108.728665][ T9705] ? call_ad+0x5a0/0x5a0 [ 108.732897][ T9705] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 108.737941][ T9705] ? nfnetlink_bind+0x2c0/0x2c0 [ 108.742798][ T9705] ? __kasan_check_read+0x11/0x20 [ 108.747831][ T9705] ? __lock_acquire+0x8a0/0x4a00 [ 108.752760][ T9705] ? save_stack+0x5c/0x90 [ 108.757100][ T9705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 108.763327][ T9705] ? apparmor_capable+0x497/0x900 [ 108.768358][ T9705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 108.774607][ T9705] ? __kasan_check_read+0x11/0x20 [ 108.779624][ T9705] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 108.785065][ T9705] netlink_rcv_skb+0x177/0x450 [ 108.789809][ T9705] ? nfnetlink_bind+0x2c0/0x2c0 [ 108.794706][ T9705] ? netlink_ack+0xb50/0xb50 [ 108.799281][ T9705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 108.805519][ T9705] ? ns_capable_common+0x93/0x100 [ 108.810671][ T9705] ? ns_capable+0x20/0x30 [ 108.814982][ T9705] ? __netlink_ns_capable+0x104/0x140 [ 108.820334][ T9705] nfnetlink_rcv+0x1ba/0x460 [ 108.824920][ T9705] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 108.830368][ T9705] ? netlink_deliver_tap+0x24a/0xbe0 [ 108.835656][ T9705] ? __kasan_check_write+0x14/0x20 [ 108.840763][ T9705] netlink_unicast+0x58c/0x7d0 [ 108.845521][ T9705] ? netlink_attachskb+0x870/0x870 [ 108.850814][ T9705] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 108.856532][ T9705] ? __check_object_size+0x3d/0x437 [ 108.861714][ T9705] netlink_sendmsg+0x91c/0xea0 [ 108.866481][ T9705] ? netlink_unicast+0x7d0/0x7d0 [ 108.871414][ T9705] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 108.876983][ T9705] ? apparmor_socket_sendmsg+0x2a/0x30 [ 108.882437][ T9705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 108.888683][ T9705] ? security_socket_sendmsg+0x8d/0xc0 [ 108.894133][ T9705] ? netlink_unicast+0x7d0/0x7d0 [ 108.899061][ T9705] sock_sendmsg+0xd7/0x130 [ 108.903670][ T9705] ____sys_sendmsg+0x753/0x880 [ 108.908429][ T9705] ? kernel_sendmsg+0x50/0x50 [ 108.913127][ T9705] ? lockdep_init_map+0x1be/0x6d0 [ 108.918144][ T9705] ___sys_sendmsg+0x100/0x170 [ 108.922811][ T9705] ? sendmsg_copy_msghdr+0x70/0x70 [ 108.927922][ T9705] ? __kasan_check_read+0x11/0x20 [ 108.932957][ T9705] ? __lock_acquire+0x8a0/0x4a00 [ 108.937923][ T9705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 108.944159][ T9705] ? __this_cpu_preempt_check+0x35/0x190 [ 108.949775][ T9705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 108.956128][ T9705] ? percpu_counter_add_batch+0x13c/0x190 [ 108.961978][ T9705] ? __fd_install+0x1bc/0x640 [ 108.966650][ T9705] ? find_held_lock+0x35/0x130 [ 108.971435][ T9705] ? __fd_install+0x1bc/0x640 [ 108.976099][ T9705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 108.982333][ T9705] ? __fget_light+0x1a9/0x230 [ 108.987006][ T9705] ? __fdget+0x1b/0x20 [ 108.991064][ T9705] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 108.997486][ T9705] __sys_sendmsg+0x105/0x1d0 [ 109.002069][ T9705] ? __sys_sendmsg_sock+0xc0/0xc0 [ 109.007092][ T9705] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 109.012549][ T9705] ? do_syscall_64+0x26/0x790 [ 109.017215][ T9705] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.023264][ T9705] ? do_syscall_64+0x26/0x790 [ 109.027988][ T9705] __x64_sys_sendmsg+0x78/0xb0 [ 109.032750][ T9705] do_syscall_64+0xfa/0x790 [ 109.037249][ T9705] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.043319][ T9705] RIP: 0033:0x440539 [ 109.047216][ T9705] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 109.067073][ T9705] RSP: 002b:00007ffec4d14ef8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 109.075566][ T9705] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440539 [ 109.083530][ T9705] RDX: 0000000000000040 RSI: 0000000020000680 RDI: 0000000000000004 [ 109.091513][ T9705] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 109.099532][ T9705] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401dc0 [ 109.107520][ T9705] R13: 0000000000401e50 R14: 0000000000000000 R15: 0000000000000000 [ 109.117090][ T9705] Kernel Offset: disabled [ 109.121414][ T9705] Rebooting in 86400 seconds..