[ 71.937004][ T26] audit: type=1800 audit(1579337297.893:26): pid=9642 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 72.868884][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 72.868896][ T26] audit: type=1800 audit(1579337298.833:29): pid=9642 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 72.895047][ T26] audit: type=1800 audit(1579337298.843:30): pid=9642 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 82.409937][ T9796] ================================================================== [ 82.418333][ T9796] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080 [ 82.426261][ T9796] Read of size 8 at addr ffff8880a6a92400 by task syz-executor012/9796 [ 82.434538][ T9796] [ 82.436862][ T9796] CPU: 0 PID: 9796 Comm: syz-executor012 Not tainted 5.5.0-rc5-syzkaller #0 [ 82.445551][ T9796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.455604][ T9796] Call Trace: [ 82.458924][ T9796] dump_stack+0x197/0x210 [ 82.463244][ T9796] ? bitmap_ipmac_list+0x635/0x1080 [ 82.468432][ T9796] print_address_description.constprop.0.cold+0xd4/0x30b [ 82.475443][ T9796] ? bitmap_ipmac_list+0x635/0x1080 [ 82.480652][ T9796] ? bitmap_ipmac_list+0x635/0x1080 [ 82.485878][ T9796] __kasan_report.cold+0x1b/0x41 [ 82.490851][ T9796] ? bitmap_ipmac_list+0x635/0x1080 [ 82.496040][ T9796] kasan_report+0x12/0x20 [ 82.500355][ T9796] check_memory_region+0x134/0x1a0 [ 82.505469][ T9796] __kasan_check_read+0x11/0x20 [ 82.510306][ T9796] bitmap_ipmac_list+0x635/0x1080 [ 82.515324][ T9796] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 82.520424][ T9796] ? nla_put+0x110/0x150 [ 82.524702][ T9796] ip_set_dump_start+0x96c/0x1ca0 [ 82.529720][ T9796] ? ip_set_rename+0x720/0x720 [ 82.534474][ T9796] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 82.540009][ T9796] ? zap_class+0xe40/0xe60 [ 82.544429][ T9796] ? __kasan_check_write+0x14/0x20 [ 82.549569][ T9796] netlink_dump+0x558/0xfb0 [ 82.554073][ T9796] ? __netlink_sendskb+0xc0/0xc0 [ 82.559010][ T9796] __netlink_dump_start+0x673/0x930 [ 82.564206][ T9796] ip_set_dump+0x15a/0x1d0 [ 82.568667][ T9796] ? call_ad+0x5a0/0x5a0 [ 82.572915][ T9796] ? ip_set_rename+0x720/0x720 [ 82.577668][ T9796] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 82.583461][ T9796] ? call_ad+0x5a0/0x5a0 [ 82.587689][ T9796] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 82.592652][ T9796] ? nfnetlink_bind+0x2c0/0x2c0 [ 82.597508][ T9796] ? __kasan_check_read+0x11/0x20 [ 82.602520][ T9796] ? __lock_acquire+0x8a0/0x4a00 [ 82.607455][ T9796] ? save_stack+0x5c/0x90 [ 82.611776][ T9796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.618011][ T9796] ? apparmor_capable+0x497/0x900 [ 82.623029][ T9796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.629257][ T9796] ? __kasan_check_read+0x11/0x20 [ 82.634271][ T9796] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 82.639730][ T9796] netlink_rcv_skb+0x177/0x450 [ 82.644486][ T9796] ? nfnetlink_bind+0x2c0/0x2c0 [ 82.649325][ T9796] ? netlink_ack+0xb50/0xb50 [ 82.653906][ T9796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.674230][ T9796] ? ns_capable_common+0x93/0x100 [ 82.679243][ T9796] ? ns_capable+0x20/0x30 [ 82.683574][ T9796] ? __netlink_ns_capable+0x104/0x140 [ 82.688965][ T9796] nfnetlink_rcv+0x1ba/0x460 [ 82.693555][ T9796] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 82.699085][ T9796] ? netlink_deliver_tap+0x24a/0xbf0 [ 82.704355][ T9796] ? __kasan_check_write+0x14/0x20 [ 82.709466][ T9796] netlink_unicast+0x59e/0x7e0 [ 82.714228][ T9796] ? netlink_attachskb+0x870/0x870 [ 82.719351][ T9796] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 82.725087][ T9796] ? __check_object_size+0x3d/0x437 [ 82.730289][ T9796] netlink_sendmsg+0x91c/0xea0 [ 82.735056][ T9796] ? netlink_unicast+0x7e0/0x7e0 [ 82.739988][ T9796] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 82.745522][ T9796] ? apparmor_socket_sendmsg+0x2a/0x30 [ 82.750982][ T9796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.757220][ T9796] ? security_socket_sendmsg+0x8d/0xc0 [ 82.762666][ T9796] ? netlink_unicast+0x7e0/0x7e0 [ 82.767608][ T9796] sock_sendmsg+0xd7/0x130 [ 82.772029][ T9796] ____sys_sendmsg+0x753/0x880 [ 82.776783][ T9796] ? kernel_sendmsg+0x50/0x50 [ 82.781448][ T9796] ? lockdep_init_map+0x1be/0x6d0 [ 82.786532][ T9796] ___sys_sendmsg+0x100/0x170 [ 82.791201][ T9796] ? sendmsg_copy_msghdr+0x70/0x70 [ 82.796347][ T9796] ? __kasan_check_read+0x11/0x20 [ 82.801353][ T9796] ? __lock_acquire+0x8a0/0x4a00 [ 82.806296][ T9796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.812537][ T9796] ? __this_cpu_preempt_check+0x35/0x190 [ 82.818204][ T9796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.824452][ T9796] ? percpu_counter_add_batch+0x13c/0x190 [ 82.830205][ T9796] ? __fd_install+0x1bc/0x640 [ 82.834866][ T9796] ? find_held_lock+0x35/0x130 [ 82.839626][ T9796] ? __fd_install+0x1bc/0x640 [ 82.844301][ T9796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.850580][ T9796] ? __fget_light+0x1a9/0x230 [ 82.855255][ T9796] ? __fdget+0x1b/0x20 [ 82.859321][ T9796] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 82.865578][ T9796] __sys_sendmsg+0x105/0x1d0 [ 82.870165][ T9796] ? __sys_sendmsg_sock+0xc0/0xc0 [ 82.875185][ T9796] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 82.880626][ T9796] ? do_syscall_64+0x26/0x790 [ 82.885308][ T9796] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.891362][ T9796] ? do_syscall_64+0x26/0x790 [ 82.896030][ T9796] __x64_sys_sendmsg+0x78/0xb0 [ 82.900831][ T9796] do_syscall_64+0xfa/0x790 [ 82.905369][ T9796] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.911247][ T9796] RIP: 0033:0x440529 [ 82.915174][ T9796] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 82.934763][ T9796] RSP: 002b:00007ffeab71f248 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 82.943195][ T9796] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 82.951191][ T9796] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004 [ 82.959147][ T9796] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 82.967131][ T9796] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0 [ 82.975100][ T9796] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 82.983067][ T9796] [ 82.985378][ T9796] Allocated by task 9796: [ 82.989691][ T9796] save_stack+0x23/0x90 [ 82.993827][ T9796] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 83.000335][ T9796] kasan_kmalloc+0x9/0x10 [ 83.004646][ T9796] __kmalloc+0x163/0x770 [ 83.008868][ T9796] ip_set_alloc+0x38/0x5e [ 83.013181][ T9796] bitmap_ipmac_create+0x4e8/0xa00 [ 83.018273][ T9796] ip_set_create+0x6f1/0x1500 [ 83.022949][ T9796] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 83.027985][ T9796] netlink_rcv_skb+0x177/0x450 [ 83.032843][ T9796] nfnetlink_rcv+0x1ba/0x460 [ 83.037439][ T9796] netlink_unicast+0x59e/0x7e0 [ 83.042187][ T9796] netlink_sendmsg+0x91c/0xea0 [ 83.046944][ T9796] sock_sendmsg+0xd7/0x130 [ 83.051368][ T9796] ____sys_sendmsg+0x753/0x880 [ 83.056131][ T9796] ___sys_sendmsg+0x100/0x170 [ 83.060802][ T9796] __sys_sendmsg+0x105/0x1d0 [ 83.065374][ T9796] __x64_sys_sendmsg+0x78/0xb0 [ 83.070122][ T9796] do_syscall_64+0xfa/0x790 [ 83.074616][ T9796] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.080482][ T9796] [ 83.082789][ T9796] Freed by task 9526: [ 83.086824][ T9796] save_stack+0x23/0x90 [ 83.091031][ T9796] __kasan_slab_free+0x102/0x150 [ 83.096019][ T9796] kasan_slab_free+0xe/0x10 [ 83.100553][ T9796] kfree+0x10a/0x2c0 [ 83.104438][ T9796] tomoyo_check_open_permission+0x19e/0x3e0 [ 83.110315][ T9796] tomoyo_file_open+0xa9/0xd0 [ 83.114979][ T9796] security_file_open+0x71/0x300 [ 83.119914][ T9796] do_dentry_open+0x37a/0x1380 [ 83.124698][ T9796] vfs_open+0xa0/0xd0 [ 83.128669][ T9796] path_openat+0x10df/0x4500 [ 83.133287][ T9796] do_filp_open+0x1a1/0x280 [ 83.137773][ T9796] do_sys_open+0x3fe/0x5d0 [ 83.142216][ T9796] __x64_sys_open+0x7e/0xc0 [ 83.146706][ T9796] do_syscall_64+0xfa/0x790 [ 83.151236][ T9796] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.157285][ T9796] [ 83.159610][ T9796] The buggy address belongs to the object at ffff8880a6a92400 [ 83.159610][ T9796] which belongs to the cache kmalloc-32 of size 32 [ 83.175340][ T9796] The buggy address is located 0 bytes inside of [ 83.175340][ T9796] 32-byte region [ffff8880a6a92400, ffff8880a6a92420) [ 83.188333][ T9796] The buggy address belongs to the page: [ 83.193955][ T9796] page:ffffea00029aa480 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a6a92fc1 [ 83.204351][ T9796] raw: 00fffe0000000200 ffffea00029acec8 ffffea0002622e48 ffff8880aa4001c0 [ 83.212938][ T9796] raw: ffff8880a6a92fc1 ffff8880a6a92000 000000010000003c 0000000000000000 [ 83.221526][ T9796] page dumped because: kasan: bad access detected [ 83.227921][ T9796] [ 83.230233][ T9796] Memory state around the buggy address: [ 83.235857][ T9796] ffff8880a6a92300: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 83.243909][ T9796] ffff8880a6a92380: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 83.251974][ T9796] >ffff8880a6a92400: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 83.260027][ T9796] ^ [ 83.264085][ T9796] ffff8880a6a92480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 83.272142][ T9796] ffff8880a6a92500: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc [ 83.280203][ T9796] ================================================================== [ 83.288246][ T9796] Disabling lock debugging due to kernel taint [ 83.295230][ T9796] Kernel panic - not syncing: panic_on_warn set ... [ 83.301849][ T9796] CPU: 0 PID: 9796 Comm: syz-executor012 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 83.311897][ T9796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.321949][ T9796] Call Trace: [ 83.325224][ T9796] dump_stack+0x197/0x210 [ 83.329536][ T9796] panic+0x2e3/0x75c [ 83.333428][ T9796] ? add_taint.cold+0x16/0x16 [ 83.338100][ T9796] ? bitmap_ipmac_list+0x635/0x1080 [ 83.343304][ T9796] ? preempt_schedule+0x4b/0x60 [ 83.348144][ T9796] ? ___preempt_schedule+0x16/0x18 [ 83.353241][ T9796] ? trace_hardirqs_on+0x5e/0x240 [ 83.358261][ T9796] ? bitmap_ipmac_list+0x635/0x1080 [ 83.363458][ T9796] end_report+0x47/0x4f [ 83.367608][ T9796] ? bitmap_ipmac_list+0x635/0x1080 [ 83.372790][ T9796] __kasan_report.cold+0xe/0x41 [ 83.377622][ T9796] ? bitmap_ipmac_list+0x635/0x1080 [ 83.382893][ T9796] kasan_report+0x12/0x20 [ 83.387210][ T9796] check_memory_region+0x134/0x1a0 [ 83.392320][ T9796] __kasan_check_read+0x11/0x20 [ 83.397169][ T9796] bitmap_ipmac_list+0x635/0x1080 [ 83.402234][ T9796] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 83.407330][ T9796] ? nla_put+0x110/0x150 [ 83.411556][ T9796] ip_set_dump_start+0x96c/0x1ca0 [ 83.416598][ T9796] ? ip_set_rename+0x720/0x720 [ 83.421377][ T9796] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 83.426929][ T9796] ? zap_class+0xe40/0xe60 [ 83.431387][ T9796] ? __kasan_check_write+0x14/0x20 [ 83.436546][ T9796] netlink_dump+0x558/0xfb0 [ 83.441056][ T9796] ? __netlink_sendskb+0xc0/0xc0 [ 83.446059][ T9796] __netlink_dump_start+0x673/0x930 [ 83.451252][ T9796] ip_set_dump+0x15a/0x1d0 [ 83.455658][ T9796] ? call_ad+0x5a0/0x5a0 [ 83.459905][ T9796] ? ip_set_rename+0x720/0x720 [ 83.464722][ T9796] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 83.470539][ T9796] ? call_ad+0x5a0/0x5a0 [ 83.474797][ T9796] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 83.479731][ T9796] ? nfnetlink_bind+0x2c0/0x2c0 [ 83.484706][ T9796] ? __kasan_check_read+0x11/0x20 [ 83.489813][ T9796] ? __lock_acquire+0x8a0/0x4a00 [ 83.494756][ T9796] ? save_stack+0x5c/0x90 [ 83.499095][ T9796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.505385][ T9796] ? apparmor_capable+0x497/0x900 [ 83.510433][ T9796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.516677][ T9796] ? __kasan_check_read+0x11/0x20 [ 83.521748][ T9796] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 83.527460][ T9796] netlink_rcv_skb+0x177/0x450 [ 83.532269][ T9796] ? nfnetlink_bind+0x2c0/0x2c0 [ 83.537157][ T9796] ? netlink_ack+0xb50/0xb50 [ 83.541770][ T9796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.548004][ T9796] ? ns_capable_common+0x93/0x100 [ 83.553074][ T9796] ? ns_capable+0x20/0x30 [ 83.557389][ T9796] ? __netlink_ns_capable+0x104/0x140 [ 83.562796][ T9796] nfnetlink_rcv+0x1ba/0x460 [ 83.567369][ T9796] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 83.572852][ T9796] ? netlink_deliver_tap+0x24a/0xbf0 [ 83.578254][ T9796] ? __kasan_check_write+0x14/0x20 [ 83.583354][ T9796] netlink_unicast+0x59e/0x7e0 [ 83.588103][ T9796] ? netlink_attachskb+0x870/0x870 [ 83.593209][ T9796] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 83.598933][ T9796] ? __check_object_size+0x3d/0x437 [ 83.604131][ T9796] netlink_sendmsg+0x91c/0xea0 [ 83.608882][ T9796] ? netlink_unicast+0x7e0/0x7e0 [ 83.613847][ T9796] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 83.619396][ T9796] ? apparmor_socket_sendmsg+0x2a/0x30 [ 83.624898][ T9796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.631212][ T9796] ? security_socket_sendmsg+0x8d/0xc0 [ 83.636752][ T9796] ? netlink_unicast+0x7e0/0x7e0 [ 83.641690][ T9796] sock_sendmsg+0xd7/0x130 [ 83.646122][ T9796] ____sys_sendmsg+0x753/0x880 [ 83.650895][ T9796] ? kernel_sendmsg+0x50/0x50 [ 83.655577][ T9796] ? lockdep_init_map+0x1be/0x6d0 [ 83.660594][ T9796] ___sys_sendmsg+0x100/0x170 [ 83.665629][ T9796] ? sendmsg_copy_msghdr+0x70/0x70 [ 83.670731][ T9796] ? __kasan_check_read+0x11/0x20 [ 83.675767][ T9796] ? __lock_acquire+0x8a0/0x4a00 [ 83.680732][ T9796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.687035][ T9796] ? __this_cpu_preempt_check+0x35/0x190 [ 83.692778][ T9796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.699002][ T9796] ? percpu_counter_add_batch+0x13c/0x190 [ 83.704709][ T9796] ? __fd_install+0x1bc/0x640 [ 83.709407][ T9796] ? find_held_lock+0x35/0x130 [ 83.714165][ T9796] ? __fd_install+0x1bc/0x640 [ 83.718837][ T9796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.725059][ T9796] ? __fget_light+0x1a9/0x230 [ 83.729724][ T9796] ? __fdget+0x1b/0x20 [ 83.733795][ T9796] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 83.740042][ T9796] __sys_sendmsg+0x105/0x1d0 [ 83.744668][ T9796] ? __sys_sendmsg_sock+0xc0/0xc0 [ 83.749678][ T9796] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 83.755154][ T9796] ? do_syscall_64+0x26/0x790 [ 83.759827][ T9796] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.765884][ T9796] ? do_syscall_64+0x26/0x790 [ 83.770688][ T9796] __x64_sys_sendmsg+0x78/0xb0 [ 83.775488][ T9796] do_syscall_64+0xfa/0x790 [ 83.779996][ T9796] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.785969][ T9796] RIP: 0033:0x440529 [ 83.789848][ T9796] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 83.809555][ T9796] RSP: 002b:00007ffeab71f248 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.818147][ T9796] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 83.826103][ T9796] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004 [ 83.834072][ T9796] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 83.842029][ T9796] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0 [ 83.850000][ T9796] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 83.859345][ T9796] Kernel Offset: disabled [ 83.863690][ T9796] Rebooting in 86400 seconds..