[ 75.499411][ T27] audit: type=1800 audit(1579501293.930:26): pid=9794 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 76.528206][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 76.528218][ T27] audit: type=1800 audit(1579501294.970:29): pid=9794 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 76.554799][ T27] audit: type=1800 audit(1579501294.970:30): pid=9794 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.234' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 87.616557][ T9947] ================================================================== [ 87.624875][ T9947] BUG: KASAN: slab-out-of-bounds in bitmap_ip_del+0xdb/0x380 [ 87.632359][ T9947] Write of size 8 at addr ffff8880972b5340 by task syz-executor142/9947 [ 87.640693][ T9947] [ 87.643022][ T9947] CPU: 0 PID: 9947 Comm: syz-executor142 Not tainted 5.5.0-rc5-syzkaller #0 [ 87.651867][ T9947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 87.661922][ T9947] Call Trace: [ 87.665222][ T9947] dump_stack+0x197/0x210 [ 87.669666][ T9947] ? bitmap_ip_del+0xdb/0x380 [ 87.674539][ T9947] print_address_description.constprop.0.cold+0xd4/0x30b [ 87.681689][ T9947] ? bitmap_ip_del+0xdb/0x380 [ 87.686367][ T9947] ? bitmap_ip_del+0xdb/0x380 [ 87.691049][ T9947] __kasan_report.cold+0x1b/0x41 [ 87.696151][ T9947] ? __sanitizer_cov_trace_cmp1+0x1/0x20 [ 87.701783][ T9947] ? bitmap_ip_del+0xdb/0x380 [ 87.706486][ T9947] kasan_report+0x12/0x20 [ 87.710823][ T9947] check_memory_region+0x134/0x1a0 [ 87.715971][ T9947] __kasan_check_write+0x14/0x20 [ 87.721018][ T9947] bitmap_ip_del+0xdb/0x380 [ 87.725927][ T9947] bitmap_ip_uadt+0x73e/0xa10 [ 87.730784][ T9947] ? bitmap_ip_create+0xc20/0xc20 [ 87.735845][ T9947] ? bitmap_ip_kadt+0x5a0/0x5a0 [ 87.740837][ T9947] ? __kasan_check_write+0x14/0x20 [ 87.746002][ T9947] ? register_lock_class+0x17a0/0x1850 [ 87.751599][ T9947] call_ad+0x1a0/0x5a0 [ 87.755671][ T9947] ? start_msg+0x220/0x220 [ 87.760134][ T9947] ? nla_memcpy+0xb0/0xb0 [ 87.764490][ T9947] ? __nla_parse+0x43/0x60 [ 87.768896][ T9947] ip_set_ad.isra.0+0x572/0xb20 [ 87.773764][ T9947] ? ip_set_nfnl_get_byindex+0x460/0x460 [ 87.779593][ T9947] ? nla_memcpy+0xb0/0xb0 [ 87.783935][ T9947] ? lock_downgrade+0x920/0x920 [ 87.788886][ T9947] ip_set_udel+0x3a/0x50 [ 87.793202][ T9947] ? ip_set_ad.isra.0+0xb20/0xb20 [ 87.798288][ T9947] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 87.803356][ T9947] ? nfnetlink_bind+0x2c0/0x2c0 [ 87.808323][ T9947] ? __kasan_check_read+0x11/0x20 [ 87.813410][ T9947] ? __lock_acquire+0x8a0/0x4a00 [ 87.818472][ T9947] ? save_stack+0x5c/0x90 [ 87.822872][ T9947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.829189][ T9947] ? apparmor_capable+0x497/0x900 [ 87.834234][ T9947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.840500][ T9947] ? __kasan_check_read+0x11/0x20 [ 87.845587][ T9947] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 87.852189][ T9947] netlink_rcv_skb+0x177/0x450 [ 87.856949][ T9947] ? nfnetlink_bind+0x2c0/0x2c0 [ 87.861811][ T9947] ? netlink_ack+0xb50/0xb50 [ 87.866402][ T9947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.872687][ T9947] ? ns_capable_common+0x93/0x100 [ 87.877724][ T9947] ? ns_capable+0x20/0x30 [ 87.882066][ T9947] ? __netlink_ns_capable+0x104/0x140 [ 87.887452][ T9947] nfnetlink_rcv+0x1ba/0x460 [ 87.892107][ T9947] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 87.897579][ T9947] ? netlink_deliver_tap+0x24a/0xbf0 [ 87.902880][ T9947] ? __kasan_check_write+0x14/0x20 [ 87.908064][ T9947] netlink_unicast+0x59e/0x7e0 [ 87.912855][ T9947] ? netlink_attachskb+0x870/0x870 [ 87.918011][ T9947] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 87.923985][ T9947] ? __check_object_size+0x3d/0x437 [ 87.929278][ T9947] netlink_sendmsg+0x91c/0xea0 [ 87.934206][ T9947] ? netlink_unicast+0x7e0/0x7e0 [ 87.939309][ T9947] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 87.944865][ T9947] ? apparmor_socket_sendmsg+0x2a/0x30 [ 87.950510][ T9947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.956752][ T9947] ? security_socket_sendmsg+0x8d/0xc0 [ 87.962212][ T9947] ? netlink_unicast+0x7e0/0x7e0 [ 87.967153][ T9947] sock_sendmsg+0xd7/0x130 [ 87.971593][ T9947] ____sys_sendmsg+0x753/0x880 [ 87.976366][ T9947] ? kernel_sendmsg+0x50/0x50 [ 87.981050][ T9947] ? lockdep_init_map+0x1be/0x6d0 [ 87.986248][ T9947] ___sys_sendmsg+0x100/0x170 [ 87.990958][ T9947] ? sendmsg_copy_msghdr+0x70/0x70 [ 87.996078][ T9947] ? __kasan_check_read+0x11/0x20 [ 88.001106][ T9947] ? __lock_acquire+0x8a0/0x4a00 [ 88.006045][ T9947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 88.012280][ T9947] ? __this_cpu_preempt_check+0x35/0x190 [ 88.017957][ T9947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 88.024211][ T9947] ? percpu_counter_add_batch+0x13c/0x190 [ 88.029921][ T9947] ? __fd_install+0x1bc/0x640 [ 88.034655][ T9947] ? find_held_lock+0x35/0x130 [ 88.039412][ T9947] ? __fd_install+0x1bc/0x640 [ 88.044103][ T9947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 88.050380][ T9947] ? __fget_light+0x1a9/0x230 [ 88.055062][ T9947] ? __fdget+0x1b/0x20 [ 88.059139][ T9947] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 88.065636][ T9947] __sys_sendmsg+0x105/0x1d0 [ 88.070239][ T9947] ? __sys_sendmsg_sock+0xc0/0xc0 [ 88.075625][ T9947] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 88.081077][ T9947] ? do_syscall_64+0x26/0x790 [ 88.085752][ T9947] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.091814][ T9947] ? do_syscall_64+0x26/0x790 [ 88.096598][ T9947] __x64_sys_sendmsg+0x78/0xb0 [ 88.101494][ T9947] do_syscall_64+0xfa/0x790 [ 88.106103][ T9947] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.111993][ T9947] RIP: 0033:0x440689 [ 88.115874][ T9947] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 88.135477][ T9947] RSP: 002b:00007ffd292c7a58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 88.143898][ T9947] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440689 [ 88.151861][ T9947] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004 [ 88.159837][ T9947] RBP: 00000000006ca018 R08: 000000000000001c R09: 00000000004002c8 [ 88.167826][ T9947] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000401f10 [ 88.175800][ T9947] R13: 0000000000401fa0 R14: 0000000000000000 R15: 0000000000000000 [ 88.184031][ T9947] [ 88.186719][ T9947] Allocated by task 9947: [ 88.191047][ T9947] save_stack+0x23/0x90 [ 88.195193][ T9947] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 88.200829][ T9947] kasan_kmalloc+0x9/0x10 [ 88.205226][ T9947] __kmalloc+0x163/0x770 [ 88.209459][ T9947] ip_set_alloc+0x38/0x5e [ 88.213789][ T9947] bitmap_ip_create+0x6ec/0xc20 [ 88.218763][ T9947] ip_set_create+0x6f1/0x1500 [ 88.223448][ T9947] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 88.228746][ T9947] netlink_rcv_skb+0x177/0x450 [ 88.233510][ T9947] nfnetlink_rcv+0x1ba/0x460 [ 88.238100][ T9947] netlink_unicast+0x59e/0x7e0 [ 88.242952][ T9947] netlink_sendmsg+0x91c/0xea0 [ 88.247802][ T9947] sock_sendmsg+0xd7/0x130 [ 88.252353][ T9947] ____sys_sendmsg+0x753/0x880 [ 88.257127][ T9947] ___sys_sendmsg+0x100/0x170 [ 88.261798][ T9947] __sys_sendmsg+0x105/0x1d0 [ 88.266451][ T9947] __x64_sys_sendmsg+0x78/0xb0 [ 88.271263][ T9947] do_syscall_64+0xfa/0x790 [ 88.275767][ T9947] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.281781][ T9947] [ 88.284109][ T9947] Freed by task 9678: [ 88.288149][ T9947] save_stack+0x23/0x90 [ 88.292402][ T9947] __kasan_slab_free+0x102/0x150 [ 88.297340][ T9947] kasan_slab_free+0xe/0x10 [ 88.301837][ T9947] kfree+0x10a/0x2c0 [ 88.305863][ T9947] tomoyo_check_open_permission+0x19e/0x3e0 [ 88.311773][ T9947] tomoyo_file_open+0xa9/0xd0 [ 88.316460][ T9947] security_file_open+0x71/0x300 [ 88.321943][ T9947] do_dentry_open+0x37a/0x1380 [ 88.326705][ T9947] vfs_open+0xa0/0xd0 [ 88.330685][ T9947] path_openat+0x10df/0x4500 [ 88.335274][ T9947] do_filp_open+0x1a1/0x280 [ 88.339854][ T9947] do_sys_open+0x3fe/0x5d0 [ 88.344271][ T9947] __x64_sys_open+0x7e/0xc0 [ 88.348928][ T9947] do_syscall_64+0xfa/0x790 [ 88.353431][ T9947] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.359331][ T9947] [ 88.361753][ T9947] The buggy address belongs to the object at ffff8880972b5340 [ 88.361753][ T9947] which belongs to the cache kmalloc-32 of size 32 [ 88.375745][ T9947] The buggy address is located 0 bytes inside of [ 88.375745][ T9947] 32-byte region [ffff8880972b5340, ffff8880972b5360) [ 88.388850][ T9947] The buggy address belongs to the page: [ 88.394582][ T9947] page:ffffea00025cad40 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880972b5fc1 [ 88.404997][ T9947] raw: 00fffe0000000200 ffffea0002a69b88 ffffea00029a10c8 ffff8880aa4001c0 [ 88.413583][ T9947] raw: ffff8880972b5fc1 ffff8880972b5000 0000000100000020 0000000000000000 [ 88.422662][ T9947] page dumped because: kasan: bad access detected [ 88.429073][ T9947] [ 88.431393][ T9947] Memory state around the buggy address: [ 88.437260][ T9947] ffff8880972b5200: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 88.445322][ T9947] ffff8880972b5280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 88.453378][ T9947] >ffff8880972b5300: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 88.461564][ T9947] ^ [ 88.467722][ T9947] ffff8880972b5380: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 88.475895][ T9947] ffff8880972b5400: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc [ 88.483950][ T9947] ================================================================== [ 88.492002][ T9947] Disabling lock debugging due to kernel taint [ 88.498342][ T9947] Kernel panic - not syncing: panic_on_warn set ... [ 88.504933][ T9947] CPU: 0 PID: 9947 Comm: syz-executor142 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 88.515231][ T9947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 88.525280][ T9947] Call Trace: [ 88.528630][ T9947] dump_stack+0x197/0x210 [ 88.532955][ T9947] panic+0x2e3/0x75c [ 88.536985][ T9947] ? add_taint.cold+0x16/0x16 [ 88.541659][ T9947] ? retint_kernel+0x2b/0x2b [ 88.546363][ T9947] ? trace_hardirqs_on+0x5e/0x240 [ 88.551445][ T9947] ? bitmap_ip_del+0xdb/0x380 [ 88.556149][ T9947] end_report+0x47/0x4f [ 88.560305][ T9947] ? bitmap_ip_del+0xdb/0x380 [ 88.564981][ T9947] __kasan_report.cold+0xe/0x41 [ 88.569899][ T9947] ? __sanitizer_cov_trace_cmp1+0x1/0x20 [ 88.575903][ T9947] ? bitmap_ip_del+0xdb/0x380 [ 88.580720][ T9947] kasan_report+0x12/0x20 [ 88.585207][ T9947] check_memory_region+0x134/0x1a0 [ 88.590447][ T9947] __kasan_check_write+0x14/0x20 [ 88.595488][ T9947] bitmap_ip_del+0xdb/0x380 [ 88.600015][ T9947] bitmap_ip_uadt+0x73e/0xa10 [ 88.604904][ T9947] ? bitmap_ip_create+0xc20/0xc20 [ 88.610038][ T9947] ? bitmap_ip_kadt+0x5a0/0x5a0 [ 88.614995][ T9947] ? __kasan_check_write+0x14/0x20 [ 88.620121][ T9947] ? register_lock_class+0x17a0/0x1850 [ 88.625577][ T9947] call_ad+0x1a0/0x5a0 [ 88.629669][ T9947] ? start_msg+0x220/0x220 [ 88.634074][ T9947] ? nla_memcpy+0xb0/0xb0 [ 88.638508][ T9947] ? __nla_parse+0x43/0x60 [ 88.642952][ T9947] ip_set_ad.isra.0+0x572/0xb20 [ 88.647796][ T9947] ? ip_set_nfnl_get_byindex+0x460/0x460 [ 88.653464][ T9947] ? nla_memcpy+0xb0/0xb0 [ 88.657812][ T9947] ? lock_downgrade+0x920/0x920 [ 88.662768][ T9947] ip_set_udel+0x3a/0x50 [ 88.667025][ T9947] ? ip_set_ad.isra.0+0xb20/0xb20 [ 88.672240][ T9947] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 88.677234][ T9947] ? nfnetlink_bind+0x2c0/0x2c0 [ 88.682129][ T9947] ? __kasan_check_read+0x11/0x20 [ 88.687220][ T9947] ? __lock_acquire+0x8a0/0x4a00 [ 88.692254][ T9947] ? save_stack+0x5c/0x90 [ 88.696659][ T9947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 88.702896][ T9947] ? apparmor_capable+0x497/0x900 [ 88.707920][ T9947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 88.714148][ T9947] ? __kasan_check_read+0x11/0x20 [ 88.719354][ T9947] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 88.724825][ T9947] netlink_rcv_skb+0x177/0x450 [ 88.729581][ T9947] ? nfnetlink_bind+0x2c0/0x2c0 [ 88.734441][ T9947] ? netlink_ack+0xb50/0xb50 [ 88.739357][ T9947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 88.745598][ T9947] ? ns_capable_common+0x93/0x100 [ 88.750618][ T9947] ? ns_capable+0x20/0x30 [ 88.754985][ T9947] ? __netlink_ns_capable+0x104/0x140 [ 88.760488][ T9947] nfnetlink_rcv+0x1ba/0x460 [ 88.765072][ T9947] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 88.770639][ T9947] ? netlink_deliver_tap+0x24a/0xbf0 [ 88.775920][ T9947] ? __kasan_check_write+0x14/0x20 [ 88.781034][ T9947] netlink_unicast+0x59e/0x7e0 [ 88.785801][ T9947] ? netlink_attachskb+0x870/0x870 [ 88.790905][ T9947] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 88.796636][ T9947] ? __check_object_size+0x3d/0x437 [ 88.802137][ T9947] netlink_sendmsg+0x91c/0xea0 [ 88.806913][ T9947] ? netlink_unicast+0x7e0/0x7e0 [ 88.811988][ T9947] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 88.817523][ T9947] ? apparmor_socket_sendmsg+0x2a/0x30 [ 88.823004][ T9947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 88.829238][ T9947] ? security_socket_sendmsg+0x8d/0xc0 [ 88.834776][ T9947] ? netlink_unicast+0x7e0/0x7e0 [ 88.839711][ T9947] sock_sendmsg+0xd7/0x130 [ 88.844173][ T9947] ____sys_sendmsg+0x753/0x880 [ 88.848938][ T9947] ? kernel_sendmsg+0x50/0x50 [ 88.853768][ T9947] ? lockdep_init_map+0x1be/0x6d0 [ 88.858781][ T9947] ___sys_sendmsg+0x100/0x170 [ 88.863454][ T9947] ? sendmsg_copy_msghdr+0x70/0x70 [ 88.868581][ T9947] ? __kasan_check_read+0x11/0x20 [ 88.873596][ T9947] ? __lock_acquire+0x8a0/0x4a00 [ 88.878535][ T9947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 88.884788][ T9947] ? __this_cpu_preempt_check+0x35/0x190 [ 88.890643][ T9947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 88.897312][ T9947] ? percpu_counter_add_batch+0x13c/0x190 [ 88.903130][ T9947] ? __fd_install+0x1bc/0x640 [ 88.907793][ T9947] ? find_held_lock+0x35/0x130 [ 88.912551][ T9947] ? __fd_install+0x1bc/0x640 [ 88.917220][ T9947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 88.923638][ T9947] ? __fget_light+0x1a9/0x230 [ 88.928313][ T9947] ? __fdget+0x1b/0x20 [ 88.932382][ T9947] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 88.938721][ T9947] __sys_sendmsg+0x105/0x1d0 [ 88.943529][ T9947] ? __sys_sendmsg_sock+0xc0/0xc0 [ 88.948546][ T9947] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 88.954152][ T9947] ? do_syscall_64+0x26/0x790 [ 88.958935][ T9947] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.965051][ T9947] ? do_syscall_64+0x26/0x790 [ 88.969736][ T9947] __x64_sys_sendmsg+0x78/0xb0 [ 88.974504][ T9947] do_syscall_64+0xfa/0x790 [ 88.979118][ T9947] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.985006][ T9947] RIP: 0033:0x440689 [ 88.988896][ T9947] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 89.008639][ T9947] RSP: 002b:00007ffd292c7a58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 89.017163][ T9947] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440689 [ 89.025133][ T9947] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004 [ 89.033180][ T9947] RBP: 00000000006ca018 R08: 000000000000001c R09: 00000000004002c8 [ 89.041155][ T9947] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000401f10 [ 89.049231][ T9947] R13: 0000000000401fa0 R14: 0000000000000000 R15: 0000000000000000 [ 89.058843][ T9947] Kernel Offset: disabled [ 89.063252][ T9947] Rebooting in 86400 seconds..