[ 94.370066][ T27] audit: type=1800 audit(1579435746.344:26): pid=9587 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 95.361875][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 95.361886][ T27] audit: type=1800 audit(1579435747.334:29): pid=9587 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 95.388519][ T27] audit: type=1800 audit(1579435747.334:30): pid=9587 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.13' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 106.164248][ T9739] ================================================================== [ 106.172432][ T9739] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080 [ 106.180315][ T9739] Read of size 8 at addr ffff8880a95a0500 by task syz-executor375/9739 [ 106.188536][ T9739] [ 106.190860][ T9739] CPU: 0 PID: 9739 Comm: syz-executor375 Not tainted 5.5.0-rc6-syzkaller #0 [ 106.199516][ T9739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.209619][ T9739] Call Trace: [ 106.212897][ T9739] dump_stack+0x197/0x210 [ 106.217207][ T9739] ? bitmap_ipmac_list+0x635/0x1080 [ 106.222518][ T9739] print_address_description.constprop.0.cold+0xd4/0x30b [ 106.229627][ T9739] ? bitmap_ipmac_list+0x635/0x1080 [ 106.235072][ T9739] ? bitmap_ipmac_list+0x635/0x1080 [ 106.240267][ T9739] __kasan_report.cold+0x1b/0x41 [ 106.245198][ T9739] ? bitmap_ipmac_list+0x635/0x1080 [ 106.250446][ T9739] kasan_report+0x12/0x20 [ 106.254835][ T9739] check_memory_region+0x134/0x1a0 [ 106.259933][ T9739] __kasan_check_read+0x11/0x20 [ 106.264773][ T9739] bitmap_ipmac_list+0x635/0x1080 [ 106.269978][ T9739] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 106.275171][ T9739] ? nla_put+0x110/0x150 [ 106.279408][ T9739] ip_set_dump_start+0x96c/0x1ca0 [ 106.284419][ T9739] ? ip_set_rename+0x720/0x720 [ 106.289177][ T9739] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 106.294703][ T9739] ? perf_trace_lock_acquire+0x4a0/0x530 [ 106.300329][ T9739] ? __kasan_check_write+0x14/0x20 [ 106.305421][ T9739] netlink_dump+0x558/0xfb0 [ 106.309907][ T9739] ? __netlink_sendskb+0xc0/0xc0 [ 106.314842][ T9739] __netlink_dump_start+0x66a/0x930 [ 106.320122][ T9739] ip_set_dump+0x15a/0x1d0 [ 106.324531][ T9739] ? call_ad+0x5a0/0x5a0 [ 106.328820][ T9739] ? ip_set_rename+0x720/0x720 [ 106.333575][ T9739] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 106.339366][ T9739] ? call_ad+0x5a0/0x5a0 [ 106.343603][ T9739] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 106.348580][ T9739] ? nfnetlink_bind+0x2c0/0x2c0 [ 106.353515][ T9739] ? __kasan_check_read+0x11/0x20 [ 106.358538][ T9739] ? __lock_acquire+0x8a0/0x4a00 [ 106.363511][ T9739] ? save_stack+0x5c/0x90 [ 106.367845][ T9739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.374244][ T9739] ? apparmor_capable+0x497/0x900 [ 106.379332][ T9739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.385596][ T9739] ? __kasan_check_read+0x11/0x20 [ 106.390627][ T9739] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 106.396103][ T9739] netlink_rcv_skb+0x177/0x450 [ 106.400956][ T9739] ? nfnetlink_bind+0x2c0/0x2c0 [ 106.405788][ T9739] ? netlink_ack+0xb50/0xb50 [ 106.410473][ T9739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.416696][ T9739] ? ns_capable_common+0x93/0x100 [ 106.421789][ T9739] ? ns_capable+0x20/0x30 [ 106.426101][ T9739] ? __netlink_ns_capable+0x104/0x140 [ 106.431500][ T9739] nfnetlink_rcv+0x1ba/0x460 [ 106.436158][ T9739] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 106.441595][ T9739] ? netlink_deliver_tap+0x24a/0xbe0 [ 106.446862][ T9739] ? __kasan_check_write+0x14/0x20 [ 106.451968][ T9739] netlink_unicast+0x58c/0x7d0 [ 106.456812][ T9739] ? netlink_attachskb+0x870/0x870 [ 106.461903][ T9739] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 106.467616][ T9739] ? __check_object_size+0x3d/0x437 [ 106.472796][ T9739] netlink_sendmsg+0x91c/0xea0 [ 106.477640][ T9739] ? netlink_unicast+0x7d0/0x7d0 [ 106.483006][ T9739] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 106.489236][ T9739] ? apparmor_socket_sendmsg+0x2a/0x30 [ 106.504226][ T9739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.510560][ T9739] ? security_socket_sendmsg+0x8d/0xc0 [ 106.516317][ T9739] ? netlink_unicast+0x7d0/0x7d0 [ 106.521268][ T9739] sock_sendmsg+0xd7/0x130 [ 106.525664][ T9739] ____sys_sendmsg+0x753/0x880 [ 106.530497][ T9739] ? kernel_sendmsg+0x50/0x50 [ 106.535166][ T9739] ? lockdep_init_map+0x1be/0x6d0 [ 106.540192][ T9739] ___sys_sendmsg+0x100/0x170 [ 106.544852][ T9739] ? sendmsg_copy_msghdr+0x70/0x70 [ 106.549951][ T9739] ? __kasan_check_read+0x11/0x20 [ 106.554957][ T9739] ? __lock_acquire+0x8a0/0x4a00 [ 106.559879][ T9739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.566405][ T9739] ? __this_cpu_preempt_check+0x35/0x190 [ 106.572313][ T9739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.578910][ T9739] ? percpu_counter_add_batch+0x13c/0x190 [ 106.584773][ T9739] ? __fd_install+0x1bc/0x640 [ 106.589449][ T9739] ? find_held_lock+0x35/0x130 [ 106.594216][ T9739] ? __fd_install+0x1bc/0x640 [ 106.598901][ T9739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.605390][ T9739] ? __fget_light+0x1a9/0x230 [ 106.610062][ T9739] ? __fdget+0x1b/0x20 [ 106.614125][ T9739] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.620437][ T9739] __sys_sendmsg+0x105/0x1d0 [ 106.625022][ T9739] ? __sys_sendmsg_sock+0xc0/0xc0 [ 106.630046][ T9739] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 106.635494][ T9739] ? do_fast_syscall_32+0xd1/0xe16 [ 106.640605][ T9739] ? entry_SYSENTER_compat+0x70/0x7f [ 106.645987][ T9739] ? do_fast_syscall_32+0xd1/0xe16 [ 106.651169][ T9739] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 106.656615][ T9739] do_fast_syscall_32+0x27b/0xe16 [ 106.661625][ T9739] entry_SYSENTER_compat+0x70/0x7f [ 106.666712][ T9739] RIP: 0023:0xf7f5a9a9 [ 106.670763][ T9739] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 106.690358][ T9739] RSP: 002b:00000000ff9d11dc EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 106.698907][ T9739] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200000c0 [ 106.706877][ T9739] RDX: 0000000000000000 RSI: 00000000080ea00c RDI: 0000000000000000 [ 106.714918][ T9739] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 106.723419][ T9739] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 106.731370][ T9739] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 106.739438][ T9739] [ 106.741772][ T9739] Allocated by task 9739: [ 106.746084][ T9739] save_stack+0x23/0x90 [ 106.750393][ T9739] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 106.756554][ T9739] kasan_kmalloc+0x9/0x10 [ 106.763143][ T9739] __kmalloc+0x163/0x770 [ 106.767531][ T9739] ip_set_alloc+0x38/0x5e [ 106.771873][ T9739] bitmap_ipmac_create+0x4e8/0xa00 [ 106.777002][ T9739] ip_set_create+0x6f1/0x1500 [ 106.781679][ T9739] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 106.786702][ T9739] netlink_rcv_skb+0x177/0x450 [ 106.791467][ T9739] nfnetlink_rcv+0x1ba/0x460 [ 106.801511][ T9739] netlink_unicast+0x58c/0x7d0 [ 106.806426][ T9739] netlink_sendmsg+0x91c/0xea0 [ 106.811489][ T9739] sock_sendmsg+0xd7/0x130 [ 106.818061][ T9739] ____sys_sendmsg+0x753/0x880 [ 106.823610][ T9739] ___sys_sendmsg+0x100/0x170 [ 106.828804][ T9739] __sys_sendmsg+0x105/0x1d0 [ 106.838029][ T9739] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 106.843741][ T9739] do_fast_syscall_32+0x27b/0xe16 [ 106.848990][ T9739] entry_SYSENTER_compat+0x70/0x7f [ 106.854980][ T9739] [ 106.857404][ T9739] Freed by task 9468: [ 106.861800][ T9739] save_stack+0x23/0x90 [ 106.866142][ T9739] __kasan_slab_free+0x102/0x150 [ 106.871168][ T9739] kasan_slab_free+0xe/0x10 [ 106.875671][ T9739] kfree+0x10a/0x2c0 [ 106.879875][ T9739] apparmor_sk_free_security+0x155/0x1d0 [ 106.886084][ T9739] security_sk_free+0x41/0x80 [ 106.890923][ T9739] __sk_destruct+0x4cd/0x7f0 [ 106.896062][ T9739] sk_destruct+0xd5/0x110 [ 106.900960][ T9739] __sk_free+0xfb/0x360 [ 106.913795][ T9739] sk_free+0x83/0xb0 [ 106.917685][ T9739] deferred_put_nlk_sk+0x163/0x300 [ 106.922787][ T9739] rcu_core+0x570/0x1540 [ 106.927016][ T9739] rcu_core_si+0x9/0x10 [ 106.931165][ T9739] __do_softirq+0x262/0x98c [ 106.935664][ T9739] [ 106.937979][ T9739] The buggy address belongs to the object at ffff8880a95a0500 [ 106.937979][ T9739] which belongs to the cache kmalloc-32 of size 32 [ 106.953435][ T9739] The buggy address is located 0 bytes inside of [ 106.953435][ T9739] 32-byte region [ffff8880a95a0500, ffff8880a95a0520) [ 106.968267][ T9739] The buggy address belongs to the page: [ 106.976867][ T9739] page:ffffea0002a56800 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a95a0fc1 [ 106.988659][ T9739] raw: 00fffe0000000200 ffffea000287c248 ffffea000254e188 ffff8880aa4001c0 [ 106.997929][ T9739] raw: ffff8880a95a0fc1 ffff8880a95a0000 000000010000002e 0000000000000000 [ 107.006673][ T9739] page dumped because: kasan: bad access detected [ 107.013179][ T9739] [ 107.015505][ T9739] Memory state around the buggy address: [ 107.021133][ T9739] ffff8880a95a0400: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 107.029182][ T9739] ffff8880a95a0480: fb fb fb fb fc fc fc fc 00 fc fc fc fc fc fc fc [ 107.037228][ T9739] >ffff8880a95a0500: 04 fc fc fc fc fc fc fc 00 01 fc fc fc fc fc fc [ 107.045262][ T9739] ^ [ 107.049320][ T9739] ffff8880a95a0580: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 107.057489][ T9739] ffff8880a95a0600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 107.065563][ T9739] ================================================================== [ 107.073614][ T9739] Disabling lock debugging due to kernel taint [ 107.081004][ T9739] Kernel panic - not syncing: panic_on_warn set ... [ 107.087743][ T9739] CPU: 0 PID: 9739 Comm: syz-executor375 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 107.097813][ T9739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 107.107889][ T9739] Call Trace: [ 107.111191][ T9739] dump_stack+0x197/0x210 [ 107.115506][ T9739] panic+0x2e3/0x75c [ 107.119407][ T9739] ? add_taint.cold+0x16/0x16 [ 107.124207][ T9739] ? bitmap_ipmac_list+0x635/0x1080 [ 107.129403][ T9739] ? preempt_schedule+0x4b/0x60 [ 107.134345][ T9739] ? ___preempt_schedule+0x16/0x18 [ 107.139540][ T9739] ? trace_hardirqs_on+0x5e/0x240 [ 107.144823][ T9739] ? bitmap_ipmac_list+0x635/0x1080 [ 107.150072][ T9739] end_report+0x47/0x4f [ 107.154255][ T9739] ? bitmap_ipmac_list+0x635/0x1080 [ 107.159436][ T9739] __kasan_report.cold+0xe/0x41 [ 107.164431][ T9739] ? bitmap_ipmac_list+0x635/0x1080 [ 107.169612][ T9739] kasan_report+0x12/0x20 [ 107.174016][ T9739] check_memory_region+0x134/0x1a0 [ 107.179115][ T9739] __kasan_check_read+0x11/0x20 [ 107.183966][ T9739] bitmap_ipmac_list+0x635/0x1080 [ 107.188991][ T9739] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 107.194148][ T9739] ? nla_put+0x110/0x150 [ 107.199268][ T9739] ip_set_dump_start+0x96c/0x1ca0 [ 107.204500][ T9739] ? ip_set_rename+0x720/0x720 [ 107.209259][ T9739] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 107.215745][ T9739] ? perf_trace_lock_acquire+0x4a0/0x530 [ 107.221432][ T9739] ? __kasan_check_write+0x14/0x20 [ 107.226554][ T9739] netlink_dump+0x558/0xfb0 [ 107.231060][ T9739] ? __netlink_sendskb+0xc0/0xc0 [ 107.236160][ T9739] __netlink_dump_start+0x66a/0x930 [ 107.241443][ T9739] ip_set_dump+0x15a/0x1d0 [ 107.245865][ T9739] ? call_ad+0x5a0/0x5a0 [ 107.250099][ T9739] ? ip_set_rename+0x720/0x720 [ 107.255034][ T9739] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 107.260935][ T9739] ? call_ad+0x5a0/0x5a0 [ 107.265164][ T9739] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 107.270088][ T9739] ? nfnetlink_bind+0x2c0/0x2c0 [ 107.275039][ T9739] ? __kasan_check_read+0x11/0x20 [ 107.280048][ T9739] ? __lock_acquire+0x8a0/0x4a00 [ 107.284986][ T9739] ? save_stack+0x5c/0x90 [ 107.289412][ T9739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.295922][ T9739] ? apparmor_capable+0x497/0x900 [ 107.300942][ T9739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.308335][ T9739] ? __kasan_check_read+0x11/0x20 [ 107.314079][ T9739] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 107.319620][ T9739] netlink_rcv_skb+0x177/0x450 [ 107.324386][ T9739] ? nfnetlink_bind+0x2c0/0x2c0 [ 107.329511][ T9739] ? netlink_ack+0xb50/0xb50 [ 107.334165][ T9739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.340402][ T9739] ? ns_capable_common+0x93/0x100 [ 107.345670][ T9739] ? ns_capable+0x20/0x30 [ 107.350040][ T9739] ? __netlink_ns_capable+0x104/0x140 [ 107.355568][ T9739] nfnetlink_rcv+0x1ba/0x460 [ 107.360561][ T9739] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 107.366120][ T9739] ? netlink_deliver_tap+0x24a/0xbe0 [ 107.372105][ T9739] ? __kasan_check_write+0x14/0x20 [ 107.380790][ T9739] netlink_unicast+0x58c/0x7d0 [ 107.385564][ T9739] ? netlink_attachskb+0x870/0x870 [ 107.390674][ T9739] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 107.396375][ T9739] ? __check_object_size+0x3d/0x437 [ 107.401554][ T9739] netlink_sendmsg+0x91c/0xea0 [ 107.406307][ T9739] ? netlink_unicast+0x7d0/0x7d0 [ 107.411269][ T9739] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 107.416812][ T9739] ? apparmor_socket_sendmsg+0x2a/0x30 [ 107.422265][ T9739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.428493][ T9739] ? security_socket_sendmsg+0x8d/0xc0 [ 107.434374][ T9739] ? netlink_unicast+0x7d0/0x7d0 [ 107.439309][ T9739] sock_sendmsg+0xd7/0x130 [ 107.443900][ T9739] ____sys_sendmsg+0x753/0x880 [ 107.448788][ T9739] ? kernel_sendmsg+0x50/0x50 [ 107.453585][ T9739] ? lockdep_init_map+0x1be/0x6d0 [ 107.458592][ T9739] ___sys_sendmsg+0x100/0x170 [ 107.463377][ T9739] ? sendmsg_copy_msghdr+0x70/0x70 [ 107.469695][ T9739] ? __kasan_check_read+0x11/0x20 [ 107.475078][ T9739] ? __lock_acquire+0x8a0/0x4a00 [ 107.481057][ T9739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.488242][ T9739] ? __this_cpu_preempt_check+0x35/0x190 [ 107.493868][ T9739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.500101][ T9739] ? percpu_counter_add_batch+0x13c/0x190 [ 107.505847][ T9739] ? __fd_install+0x1bc/0x640 [ 107.510518][ T9739] ? find_held_lock+0x35/0x130 [ 107.515261][ T9739] ? __fd_install+0x1bc/0x640 [ 107.520098][ T9739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.526317][ T9739] ? __fget_light+0x1a9/0x230 [ 107.531259][ T9739] ? __fdget+0x1b/0x20 [ 107.535490][ T9739] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 107.542288][ T9739] __sys_sendmsg+0x105/0x1d0 [ 107.546968][ T9739] ? __sys_sendmsg_sock+0xc0/0xc0 [ 107.551974][ T9739] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 107.558116][ T9739] ? do_fast_syscall_32+0xd1/0xe16 [ 107.563407][ T9739] ? entry_SYSENTER_compat+0x70/0x7f [ 107.569182][ T9739] ? do_fast_syscall_32+0xd1/0xe16 [ 107.574469][ T9739] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 107.579914][ T9739] do_fast_syscall_32+0x27b/0xe16 [ 107.584943][ T9739] entry_SYSENTER_compat+0x70/0x7f [ 107.590135][ T9739] RIP: 0023:0xf7f5a9a9 [ 107.594444][ T9739] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 107.614779][ T9739] RSP: 002b:00000000ff9d11dc EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 107.623311][ T9739] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200000c0 [ 107.631532][ T9739] RDX: 0000000000000000 RSI: 00000000080ea00c RDI: 0000000000000000 [ 107.639836][ T9739] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 107.647799][ T9739] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 107.655937][ T9739] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 107.665249][ T9739] Kernel Offset: disabled [ 107.669589][ T9739] Rebooting in 86400 seconds..