[ 73.645300][ T27] audit: type=1800 audit(1579331711.039:26): pid=9753 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 74.608703][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 74.608714][ T27] audit: type=1800 audit(1579331712.009:29): pid=9753 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 74.635920][ T27] audit: type=1800 audit(1579331712.009:30): pid=9753 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 82.522911][ T9906] ================================================================== [ 82.531350][ T9906] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080 [ 82.539504][ T9906] Read of size 8 at addr ffff8880a6f66800 by task syz-executor964/9906 [ 82.547736][ T9906] [ 82.550060][ T9906] CPU: 1 PID: 9906 Comm: syz-executor964 Not tainted 5.5.0-rc5-syzkaller #0 [ 82.558956][ T9906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.569128][ T9906] Call Trace: [ 82.572417][ T9906] dump_stack+0x197/0x210 [ 82.576792][ T9906] ? bitmap_ipmac_list+0x635/0x1080 [ 82.582036][ T9906] print_address_description.constprop.0.cold+0xd4/0x30b [ 82.589282][ T9906] ? bitmap_ipmac_list+0x635/0x1080 [ 82.594510][ T9906] ? bitmap_ipmac_list+0x635/0x1080 [ 82.599957][ T9906] __kasan_report.cold+0x1b/0x41 [ 82.606504][ T9906] ? bitmap_ipmac_list+0x635/0x1080 [ 82.611849][ T9906] kasan_report+0x12/0x20 [ 82.616190][ T9906] check_memory_region+0x134/0x1a0 [ 82.621327][ T9906] __kasan_check_read+0x11/0x20 [ 82.626203][ T9906] bitmap_ipmac_list+0x635/0x1080 [ 82.631233][ T9906] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 82.636648][ T9906] ? nla_put+0x110/0x150 [ 82.640972][ T9906] ip_set_dump_start+0x96c/0x1ca0 [ 82.646343][ T9906] ? ip_set_rename+0x720/0x720 [ 82.651135][ T9906] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 82.656777][ T9906] ? zap_class+0xe40/0xe60 [ 82.661191][ T9906] ? __kasan_check_write+0x14/0x20 [ 82.666317][ T9906] netlink_dump+0x558/0xfb0 [ 82.670948][ T9906] ? __netlink_sendskb+0xc0/0xc0 [ 82.676024][ T9906] __netlink_dump_start+0x673/0x930 [ 82.681275][ T9906] ip_set_dump+0x15a/0x1d0 [ 82.685819][ T9906] ? call_ad+0x5a0/0x5a0 [ 82.690068][ T9906] ? ip_set_rename+0x720/0x720 [ 82.694817][ T9906] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 82.704199][ T9906] ? call_ad+0x5a0/0x5a0 [ 82.708484][ T9906] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 82.713564][ T9906] ? nfnetlink_bind+0x2c0/0x2c0 [ 82.718425][ T9906] ? __kasan_check_read+0x11/0x20 [ 82.723621][ T9906] ? __lock_acquire+0x8a0/0x4a00 [ 82.728752][ T9906] ? save_stack+0x5c/0x90 [ 82.733110][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.739465][ T9906] ? apparmor_capable+0x497/0x900 [ 82.744674][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.751413][ T9906] ? __kasan_check_read+0x11/0x20 [ 82.756556][ T9906] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 82.762369][ T9906] netlink_rcv_skb+0x177/0x450 [ 82.767222][ T9906] ? nfnetlink_bind+0x2c0/0x2c0 [ 82.772197][ T9906] ? netlink_ack+0xb50/0xb50 [ 82.777075][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.784183][ T9906] ? ns_capable_common+0x93/0x100 [ 82.789429][ T9906] ? ns_capable+0x20/0x30 [ 82.794125][ T9906] ? __netlink_ns_capable+0x104/0x140 [ 82.799854][ T9906] nfnetlink_rcv+0x1ba/0x460 [ 82.804594][ T9906] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 82.810310][ T9906] ? netlink_deliver_tap+0x24a/0xbf0 [ 82.815607][ T9906] ? __kasan_check_write+0x14/0x20 [ 82.820723][ T9906] netlink_unicast+0x59e/0x7e0 [ 82.825618][ T9906] ? netlink_attachskb+0x870/0x870 [ 82.830850][ T9906] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 82.837725][ T9906] ? __check_object_size+0x3d/0x437 [ 82.842947][ T9906] netlink_sendmsg+0x91c/0xea0 [ 82.847731][ T9906] ? netlink_unicast+0x7e0/0x7e0 [ 82.852707][ T9906] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 82.858711][ T9906] ? apparmor_socket_sendmsg+0x2a/0x30 [ 82.864345][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.870731][ T9906] ? security_socket_sendmsg+0x8d/0xc0 [ 82.876188][ T9906] ? netlink_unicast+0x7e0/0x7e0 [ 82.881261][ T9906] sock_sendmsg+0xd7/0x130 [ 82.886092][ T9906] ____sys_sendmsg+0x753/0x880 [ 82.890859][ T9906] ? kernel_sendmsg+0x50/0x50 [ 82.895539][ T9906] ? lockdep_init_map+0x1be/0x6d0 [ 82.900567][ T9906] ___sys_sendmsg+0x100/0x170 [ 82.905279][ T9906] ? sendmsg_copy_msghdr+0x70/0x70 [ 82.910389][ T9906] ? __kasan_check_read+0x11/0x20 [ 82.915542][ T9906] ? __lock_acquire+0x8a0/0x4a00 [ 82.920589][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.926953][ T9906] ? __this_cpu_preempt_check+0x35/0x190 [ 82.932601][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.939000][ T9906] ? percpu_counter_add_batch+0x13c/0x190 [ 82.944738][ T9906] ? __fd_install+0x1bc/0x640 [ 82.949421][ T9906] ? find_held_lock+0x35/0x130 [ 82.954286][ T9906] ? __fd_install+0x1bc/0x640 [ 82.959077][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.965311][ T9906] ? __fget_light+0x1a9/0x230 [ 82.969997][ T9906] ? __fdget+0x1b/0x20 [ 82.974108][ T9906] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 82.980371][ T9906] __sys_sendmsg+0x105/0x1d0 [ 82.984948][ T9906] ? __sys_sendmsg_sock+0xc0/0xc0 [ 82.989969][ T9906] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 82.995430][ T9906] ? do_syscall_64+0x26/0x790 [ 83.000103][ T9906] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.006776][ T9906] ? do_syscall_64+0x26/0x790 [ 83.011470][ T9906] __x64_sys_sendmsg+0x78/0xb0 [ 83.016284][ T9906] do_syscall_64+0xfa/0x790 [ 83.020794][ T9906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.027603][ T9906] RIP: 0033:0x440539 [ 83.031544][ T9906] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 83.051257][ T9906] RSP: 002b:00007ffd1de0eba8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.059660][ T9906] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440539 [ 83.068767][ T9906] RDX: 0000000000000040 RSI: 0000000020000680 RDI: 0000000000000004 [ 83.076738][ T9906] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 83.084747][ T9906] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401dc0 [ 83.092791][ T9906] R13: 0000000000401e50 R14: 0000000000000000 R15: 0000000000000000 [ 83.100771][ T9906] [ 83.103081][ T9906] Allocated by task 9906: [ 83.107459][ T9906] save_stack+0x23/0x90 [ 83.111606][ T9906] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 83.117306][ T9906] kasan_kmalloc+0x9/0x10 [ 83.121722][ T9906] __kmalloc+0x163/0x770 [ 83.125952][ T9906] ip_set_alloc+0x38/0x5e [ 83.130425][ T9906] bitmap_ipmac_create+0x4e8/0xa00 [ 83.135559][ T9906] ip_set_create+0x6f1/0x1500 [ 83.140244][ T9906] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 83.145170][ T9906] netlink_rcv_skb+0x177/0x450 [ 83.150168][ T9906] nfnetlink_rcv+0x1ba/0x460 [ 83.154783][ T9906] netlink_unicast+0x59e/0x7e0 [ 83.159537][ T9906] netlink_sendmsg+0x91c/0xea0 [ 83.164295][ T9906] sock_sendmsg+0xd7/0x130 [ 83.168764][ T9906] ____sys_sendmsg+0x753/0x880 [ 83.173527][ T9906] ___sys_sendmsg+0x100/0x170 [ 83.178197][ T9906] __sys_sendmsg+0x105/0x1d0 [ 83.182773][ T9906] __x64_sys_sendmsg+0x78/0xb0 [ 83.187565][ T9906] do_syscall_64+0xfa/0x790 [ 83.192065][ T9906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.198160][ T9906] [ 83.200474][ T9906] Freed by task 9637: [ 83.204438][ T9906] save_stack+0x23/0x90 [ 83.208679][ T9906] __kasan_slab_free+0x102/0x150 [ 83.213616][ T9906] kasan_slab_free+0xe/0x10 [ 83.218108][ T9906] kfree+0x10a/0x2c0 [ 83.222049][ T9906] tomoyo_check_open_permission+0x19e/0x3e0 [ 83.227934][ T9906] tomoyo_file_open+0xa9/0xd0 [ 83.232595][ T9906] security_file_open+0x71/0x300 [ 83.237582][ T9906] do_dentry_open+0x37a/0x1380 [ 83.242395][ T9906] vfs_open+0xa0/0xd0 [ 83.246535][ T9906] path_openat+0x10df/0x4500 [ 83.251119][ T9906] do_filp_open+0x1a1/0x280 [ 83.255617][ T9906] do_sys_open+0x3fe/0x5d0 [ 83.260202][ T9906] __x64_sys_open+0x7e/0xc0 [ 83.264796][ T9906] do_syscall_64+0xfa/0x790 [ 83.269288][ T9906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.275167][ T9906] [ 83.277520][ T9906] The buggy address belongs to the object at ffff8880a6f66800 [ 83.277520][ T9906] which belongs to the cache kmalloc-32 of size 32 [ 83.291414][ T9906] The buggy address is located 0 bytes inside of [ 83.291414][ T9906] 32-byte region [ffff8880a6f66800, ffff8880a6f66820) [ 83.304441][ T9906] The buggy address belongs to the page: [ 83.310167][ T9906] page:ffffea00029bd980 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a6f66fc1 [ 83.320833][ T9906] raw: 00fffe0000000200 ffffea00028ecac8 ffffea00027f4ac8 ffff8880aa4001c0 [ 83.329439][ T9906] raw: ffff8880a6f66fc1 ffff8880a6f66000 000000010000003d 0000000000000000 [ 83.338118][ T9906] page dumped because: kasan: bad access detected [ 83.344544][ T9906] [ 83.346894][ T9906] Memory state around the buggy address: [ 83.352778][ T9906] ffff8880a6f66700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 83.362157][ T9906] ffff8880a6f66780: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 83.370336][ T9906] >ffff8880a6f66800: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 83.378427][ T9906] ^ [ 83.382498][ T9906] ffff8880a6f66880: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 83.390548][ T9906] ffff8880a6f66900: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 83.398600][ T9906] ================================================================== [ 83.406676][ T9906] Disabling lock debugging due to kernel taint [ 83.413755][ T9906] Kernel panic - not syncing: panic_on_warn set ... [ 83.420359][ T9906] CPU: 0 PID: 9906 Comm: syz-executor964 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 83.430470][ T9906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.440601][ T9906] Call Trace: [ 83.443876][ T9906] dump_stack+0x197/0x210 [ 83.448200][ T9906] panic+0x2e3/0x75c [ 83.452158][ T9906] ? add_taint.cold+0x16/0x16 [ 83.456843][ T9906] ? bitmap_ipmac_list+0x635/0x1080 [ 83.462040][ T9906] ? preempt_schedule+0x4b/0x60 [ 83.466886][ T9906] ? ___preempt_schedule+0x16/0x18 [ 83.471991][ T9906] ? trace_hardirqs_on+0x5e/0x240 [ 83.477055][ T9906] ? bitmap_ipmac_list+0x635/0x1080 [ 83.482306][ T9906] end_report+0x47/0x4f [ 83.486593][ T9906] ? bitmap_ipmac_list+0x635/0x1080 [ 83.491776][ T9906] __kasan_report.cold+0xe/0x41 [ 83.496818][ T9906] ? bitmap_ipmac_list+0x635/0x1080 [ 83.502021][ T9906] kasan_report+0x12/0x20 [ 83.506520][ T9906] check_memory_region+0x134/0x1a0 [ 83.511795][ T9906] __kasan_check_read+0x11/0x20 [ 83.516663][ T9906] bitmap_ipmac_list+0x635/0x1080 [ 83.521689][ T9906] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 83.526801][ T9906] ? nla_put+0x110/0x150 [ 83.531036][ T9906] ip_set_dump_start+0x96c/0x1ca0 [ 83.536062][ T9906] ? ip_set_rename+0x720/0x720 [ 83.540921][ T9906] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 83.546511][ T9906] ? zap_class+0xe40/0xe60 [ 83.550942][ T9906] ? __kasan_check_write+0x14/0x20 [ 83.556050][ T9906] netlink_dump+0x558/0xfb0 [ 83.560673][ T9906] ? __netlink_sendskb+0xc0/0xc0 [ 83.565656][ T9906] __netlink_dump_start+0x673/0x930 [ 83.570846][ T9906] ip_set_dump+0x15a/0x1d0 [ 83.575415][ T9906] ? call_ad+0x5a0/0x5a0 [ 83.579743][ T9906] ? ip_set_rename+0x720/0x720 [ 83.584513][ T9906] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 83.590372][ T9906] ? call_ad+0x5a0/0x5a0 [ 83.594700][ T9906] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 83.599774][ T9906] ? nfnetlink_bind+0x2c0/0x2c0 [ 83.604754][ T9906] ? __kasan_check_read+0x11/0x20 [ 83.609972][ T9906] ? __lock_acquire+0x8a0/0x4a00 [ 83.615008][ T9906] ? save_stack+0x5c/0x90 [ 83.619328][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.625572][ T9906] ? apparmor_capable+0x497/0x900 [ 83.630595][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.637053][ T9906] ? __kasan_check_read+0x11/0x20 [ 83.642067][ T9906] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 83.647527][ T9906] netlink_rcv_skb+0x177/0x450 [ 83.652286][ T9906] ? nfnetlink_bind+0x2c0/0x2c0 [ 83.657125][ T9906] ? netlink_ack+0xb50/0xb50 [ 83.661796][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.669098][ T9906] ? ns_capable_common+0x93/0x100 [ 83.674119][ T9906] ? ns_capable+0x20/0x30 [ 83.678493][ T9906] ? __netlink_ns_capable+0x104/0x140 [ 83.683918][ T9906] nfnetlink_rcv+0x1ba/0x460 [ 83.688622][ T9906] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 83.694164][ T9906] ? netlink_deliver_tap+0x24a/0xbf0 [ 83.699439][ T9906] ? __kasan_check_write+0x14/0x20 [ 83.704553][ T9906] netlink_unicast+0x59e/0x7e0 [ 83.709396][ T9906] ? netlink_attachskb+0x870/0x870 [ 83.714682][ T9906] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 83.720438][ T9906] ? __check_object_size+0x3d/0x437 [ 83.725653][ T9906] netlink_sendmsg+0x91c/0xea0 [ 83.730427][ T9906] ? netlink_unicast+0x7e0/0x7e0 [ 83.735353][ T9906] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 83.740889][ T9906] ? apparmor_socket_sendmsg+0x2a/0x30 [ 83.746344][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.752597][ T9906] ? security_socket_sendmsg+0x8d/0xc0 [ 83.758068][ T9906] ? netlink_unicast+0x7e0/0x7e0 [ 83.763076][ T9906] sock_sendmsg+0xd7/0x130 [ 83.767611][ T9906] ____sys_sendmsg+0x753/0x880 [ 83.772370][ T9906] ? kernel_sendmsg+0x50/0x50 [ 83.777066][ T9906] ? lockdep_init_map+0x1be/0x6d0 [ 83.782092][ T9906] ___sys_sendmsg+0x100/0x170 [ 83.786752][ T9906] ? sendmsg_copy_msghdr+0x70/0x70 [ 83.792589][ T9906] ? __kasan_check_read+0x11/0x20 [ 83.797898][ T9906] ? __lock_acquire+0x8a0/0x4a00 [ 83.802838][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.809132][ T9906] ? __this_cpu_preempt_check+0x35/0x190 [ 83.814778][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.821109][ T9906] ? percpu_counter_add_batch+0x13c/0x190 [ 83.826816][ T9906] ? __fd_install+0x1bc/0x640 [ 83.831533][ T9906] ? find_held_lock+0x35/0x130 [ 83.836290][ T9906] ? __fd_install+0x1bc/0x640 [ 83.841000][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.847235][ T9906] ? __fget_light+0x1a9/0x230 [ 83.851895][ T9906] ? __fdget+0x1b/0x20 [ 83.855946][ T9906] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 83.862185][ T9906] __sys_sendmsg+0x105/0x1d0 [ 83.866882][ T9906] ? __sys_sendmsg_sock+0xc0/0xc0 [ 83.872031][ T9906] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 83.877491][ T9906] ? do_syscall_64+0x26/0x790 [ 83.882270][ T9906] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.888321][ T9906] ? do_syscall_64+0x26/0x790 [ 83.893003][ T9906] __x64_sys_sendmsg+0x78/0xb0 [ 83.897757][ T9906] do_syscall_64+0xfa/0x790 [ 83.902961][ T9906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.908873][ T9906] RIP: 0033:0x440539 [ 83.912769][ T9906] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 83.932479][ T9906] RSP: 002b:00007ffd1de0eba8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.941487][ T9906] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440539 [ 83.949463][ T9906] RDX: 0000000000000040 RSI: 0000000020000680 RDI: 0000000000000004 [ 83.957419][ T9906] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 83.965382][ T9906] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401dc0 [ 83.973708][ T9906] R13: 0000000000401e50 R14: 0000000000000000 R15: 0000000000000000 [ 83.983132][ T9906] Kernel Offset: disabled [ 83.987499][ T9906] Rebooting in 86400 seconds..