[ 92.539207][ T27] audit: type=1800 audit(1579348096.585:26): pid=9639 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 93.356357][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 93.356369][ T27] audit: type=1800 audit(1579348097.425:29): pid=9639 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 93.384056][ T27] audit: type=1800 audit(1579348097.425:30): pid=9639 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.88' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 103.020009][ T9791] ================================================================== [ 103.028200][ T9791] BUG: KASAN: slab-out-of-bounds in bitmap_port_list+0x3cf/0xdb0 [ 103.035922][ T9791] Read of size 8 at addr ffff8880a9af3640 by task syz-executor986/9791 [ 103.044135][ T9791] [ 103.046461][ T9791] CPU: 0 PID: 9791 Comm: syz-executor986 Not tainted 5.5.0-rc5-syzkaller #0 [ 103.055190][ T9791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 103.065391][ T9791] Call Trace: [ 103.068687][ T9791] dump_stack+0x197/0x210 [ 103.073014][ T9791] ? bitmap_port_list+0x3cf/0xdb0 [ 103.078043][ T9791] print_address_description.constprop.0.cold+0xd4/0x30b [ 103.085065][ T9791] ? bitmap_port_list+0x3cf/0xdb0 [ 103.090110][ T9791] ? bitmap_port_list+0x3cf/0xdb0 [ 103.095130][ T9791] __kasan_report.cold+0x1b/0x41 [ 103.100065][ T9791] ? bitmap_port_list+0x3cf/0xdb0 [ 103.105093][ T9791] kasan_report+0x12/0x20 [ 103.109411][ T9791] check_memory_region+0x134/0x1a0 [ 103.114514][ T9791] __kasan_check_read+0x11/0x20 [ 103.119477][ T9791] bitmap_port_list+0x3cf/0xdb0 [ 103.124348][ T9791] ? bitmap_port_head+0x296/0x600 [ 103.129449][ T9791] ? bitmap_port_del+0x380/0x380 [ 103.134562][ T9791] ? nla_put+0x110/0x150 [ 103.138797][ T9791] ip_set_dump_start+0x96c/0x1ca0 [ 103.143846][ T9791] ? ip_set_rename+0x720/0x720 [ 103.148600][ T9791] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 103.154167][ T9791] ? perf_trace_lock_acquire+0x4b0/0x530 [ 103.159795][ T9791] ? __kasan_check_write+0x14/0x20 [ 103.164914][ T9791] netlink_dump+0x558/0xfb0 [ 103.169417][ T9791] ? __netlink_sendskb+0xc0/0xc0 [ 103.174350][ T9791] __netlink_dump_start+0x66a/0x930 [ 103.179579][ T9791] ip_set_dump+0x15a/0x1d0 [ 103.183988][ T9791] ? call_ad+0x5a0/0x5a0 [ 103.188276][ T9791] ? ip_set_rename+0x720/0x720 [ 103.193073][ T9791] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 103.198920][ T9791] ? call_ad+0x5a0/0x5a0 [ 103.203157][ T9791] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 103.208092][ T9791] ? nfnetlink_bind+0x2c0/0x2c0 [ 103.213099][ T9791] ? __kasan_check_read+0x11/0x20 [ 103.218114][ T9791] ? __lock_acquire+0x8a0/0x4a00 [ 103.223040][ T9791] ? save_stack+0x5c/0x90 [ 103.227364][ T9791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.233601][ T9791] ? apparmor_capable+0x497/0x900 [ 103.238618][ T9791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.244844][ T9791] ? __kasan_check_read+0x11/0x20 [ 103.249861][ T9791] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 103.255370][ T9791] netlink_rcv_skb+0x177/0x450 [ 103.260137][ T9791] ? nfnetlink_bind+0x2c0/0x2c0 [ 103.265026][ T9791] ? netlink_ack+0xb50/0xb50 [ 103.269650][ T9791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.275897][ T9791] ? ns_capable_common+0x93/0x100 [ 103.280946][ T9791] ? ns_capable+0x20/0x30 [ 103.285268][ T9791] ? __netlink_ns_capable+0x104/0x140 [ 103.290636][ T9791] nfnetlink_rcv+0x1ba/0x460 [ 103.295315][ T9791] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 103.300765][ T9791] ? netlink_deliver_tap+0x24a/0xbe0 [ 103.306045][ T9791] ? __kasan_check_write+0x14/0x20 [ 103.311149][ T9791] netlink_unicast+0x58c/0x7d0 [ 103.315908][ T9791] ? netlink_attachskb+0x870/0x870 [ 103.321036][ T9791] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 103.326740][ T9791] ? __check_object_size+0x3d/0x437 [ 103.331931][ T9791] netlink_sendmsg+0x91c/0xea0 [ 103.336692][ T9791] ? netlink_unicast+0x7d0/0x7d0 [ 103.341803][ T9791] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 103.347351][ T9791] ? apparmor_socket_sendmsg+0x2a/0x30 [ 103.353170][ T9791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.359495][ T9791] ? security_socket_sendmsg+0x8d/0xc0 [ 103.364949][ T9791] ? netlink_unicast+0x7d0/0x7d0 [ 103.369880][ T9791] sock_sendmsg+0xd7/0x130 [ 103.374291][ T9791] ____sys_sendmsg+0x753/0x880 [ 103.379050][ T9791] ? kernel_sendmsg+0x50/0x50 [ 103.383715][ T9791] ? lockdep_init_map+0x1be/0x6d0 [ 103.388783][ T9791] ___sys_sendmsg+0x100/0x170 [ 103.393474][ T9791] ? sendmsg_copy_msghdr+0x70/0x70 [ 103.398576][ T9791] ? __kasan_check_read+0x11/0x20 [ 103.403584][ T9791] ? __lock_acquire+0x8a0/0x4a00 [ 103.408513][ T9791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.414755][ T9791] ? __this_cpu_preempt_check+0x35/0x190 [ 103.420390][ T9791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.426631][ T9791] ? percpu_counter_add_batch+0x13c/0x190 [ 103.432332][ T9791] ? __fd_install+0x1bc/0x640 [ 103.437009][ T9791] ? find_held_lock+0x35/0x130 [ 103.441804][ T9791] ? __fd_install+0x1bc/0x640 [ 103.446475][ T9791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.452704][ T9791] ? __fget_light+0x1a9/0x230 [ 103.457430][ T9791] ? __fdget+0x1b/0x20 [ 103.461484][ T9791] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 103.468492][ T9791] __sys_sendmsg+0x105/0x1d0 [ 103.473076][ T9791] ? __sys_sendmsg_sock+0xc0/0xc0 [ 103.478093][ T9791] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 103.483538][ T9791] ? do_syscall_64+0x26/0x790 [ 103.488343][ T9791] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 103.494391][ T9791] ? do_syscall_64+0x26/0x790 [ 103.499057][ T9791] __x64_sys_sendmsg+0x78/0xb0 [ 103.503819][ T9791] do_syscall_64+0xfa/0x790 [ 103.508306][ T9791] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 103.514179][ T9791] RIP: 0033:0x4404e9 [ 103.518066][ T9791] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 103.537697][ T9791] RSP: 002b:00007ffd5722ab08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 103.546107][ T9791] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404e9 [ 103.554245][ T9791] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 103.562214][ T9791] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 103.570189][ T9791] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d70 [ 103.578152][ T9791] R13: 0000000000401e00 R14: 0000000000000000 R15: 0000000000000000 [ 103.586122][ T9791] [ 103.588461][ T9791] Allocated by task 9791: [ 103.592781][ T9791] save_stack+0x23/0x90 [ 103.596917][ T9791] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 103.602540][ T9791] kasan_kmalloc+0x9/0x10 [ 103.606849][ T9791] __kmalloc+0x163/0x770 [ 103.611081][ T9791] ip_set_alloc+0x38/0x5e [ 103.615395][ T9791] bitmap_port_create+0x3dc/0x7c0 [ 103.620422][ T9791] ip_set_create+0x6f1/0x1500 [ 103.625094][ T9791] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 103.630016][ T9791] netlink_rcv_skb+0x177/0x450 [ 103.634772][ T9791] nfnetlink_rcv+0x1ba/0x460 [ 103.639355][ T9791] netlink_unicast+0x58c/0x7d0 [ 103.644111][ T9791] netlink_sendmsg+0x91c/0xea0 [ 103.648860][ T9791] sock_sendmsg+0xd7/0x130 [ 103.653291][ T9791] ____sys_sendmsg+0x753/0x880 [ 103.658096][ T9791] ___sys_sendmsg+0x100/0x170 [ 103.662835][ T9791] __sys_sendmsg+0x105/0x1d0 [ 103.667417][ T9791] __x64_sys_sendmsg+0x78/0xb0 [ 103.672166][ T9791] do_syscall_64+0xfa/0x790 [ 103.676780][ T9791] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 103.682653][ T9791] [ 103.684963][ T9791] Freed by task 9521: [ 103.688948][ T9791] save_stack+0x23/0x90 [ 103.693191][ T9791] __kasan_slab_free+0x102/0x150 [ 103.698112][ T9791] kasan_slab_free+0xe/0x10 [ 103.702601][ T9791] kfree+0x10a/0x2c0 [ 103.706474][ T9791] tomoyo_check_open_permission+0x19e/0x3e0 [ 103.712352][ T9791] tomoyo_file_open+0xa9/0xd0 [ 103.717017][ T9791] security_file_open+0x71/0x300 [ 103.721941][ T9791] do_dentry_open+0x37a/0x1380 [ 103.726691][ T9791] vfs_open+0xa0/0xd0 [ 103.730708][ T9791] path_openat+0x10df/0x4500 [ 103.735285][ T9791] do_filp_open+0x1a1/0x280 [ 103.739789][ T9791] do_sys_open+0x3fe/0x5d0 [ 103.744197][ T9791] __x64_sys_open+0x7e/0xc0 [ 103.748683][ T9791] do_syscall_64+0xfa/0x790 [ 103.753261][ T9791] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 103.759156][ T9791] [ 103.761557][ T9791] The buggy address belongs to the object at ffff8880a9af3640 [ 103.761557][ T9791] which belongs to the cache kmalloc-32 of size 32 [ 103.775434][ T9791] The buggy address is located 0 bytes inside of [ 103.775434][ T9791] 32-byte region [ffff8880a9af3640, ffff8880a9af3660) [ 103.788428][ T9791] The buggy address belongs to the page: [ 103.794054][ T9791] page:ffffea0002a6bcc0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a9af3fc1 [ 103.804454][ T9791] raw: 00fffe0000000200 ffffea0002524988 ffffea0002693f88 ffff8880aa4001c0 [ 103.813022][ T9791] raw: ffff8880a9af3fc1 ffff8880a9af3000 0000000100000034 0000000000000000 [ 103.821693][ T9791] page dumped because: kasan: bad access detected [ 103.828100][ T9791] [ 103.830423][ T9791] Memory state around the buggy address: [ 103.836055][ T9791] ffff8880a9af3500: 00 00 00 00 fc fc fc fc fb fb fb fb fc fc fc fc [ 103.844101][ T9791] ffff8880a9af3580: 00 00 00 00 fc fc fc fc fb fb fb fb fc fc fc fc [ 103.852185][ T9791] >ffff8880a9af3600: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 103.860227][ T9791] ^ [ 103.866565][ T9791] ffff8880a9af3680: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc [ 103.874613][ T9791] ffff8880a9af3700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 103.882657][ T9791] ================================================================== [ 103.890702][ T9791] Disabling lock debugging due to kernel taint [ 103.897604][ T9791] Kernel panic - not syncing: panic_on_warn set ... [ 103.904262][ T9791] CPU: 0 PID: 9791 Comm: syz-executor986 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 103.914529][ T9791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 103.924599][ T9791] Call Trace: [ 103.927886][ T9791] dump_stack+0x197/0x210 [ 103.932247][ T9791] panic+0x2e3/0x75c [ 103.936148][ T9791] ? add_taint.cold+0x16/0x16 [ 103.940815][ T9791] ? bitmap_port_list+0x3cf/0xdb0 [ 103.945819][ T9791] ? preempt_schedule+0x4b/0x60 [ 103.950773][ T9791] ? ___preempt_schedule+0x16/0x18 [ 103.955900][ T9791] ? trace_hardirqs_on+0x5e/0x240 [ 103.960909][ T9791] ? bitmap_port_list+0x3cf/0xdb0 [ 103.965929][ T9791] end_report+0x47/0x4f [ 103.970064][ T9791] ? bitmap_port_list+0x3cf/0xdb0 [ 103.975126][ T9791] __kasan_report.cold+0xe/0x41 [ 103.979972][ T9791] ? bitmap_port_list+0x3cf/0xdb0 [ 103.984984][ T9791] kasan_report+0x12/0x20 [ 103.989323][ T9791] check_memory_region+0x134/0x1a0 [ 103.994415][ T9791] __kasan_check_read+0x11/0x20 [ 103.999264][ T9791] bitmap_port_list+0x3cf/0xdb0 [ 104.004130][ T9791] ? bitmap_port_head+0x296/0x600 [ 104.009142][ T9791] ? bitmap_port_del+0x380/0x380 [ 104.014117][ T9791] ? nla_put+0x110/0x150 [ 104.018341][ T9791] ip_set_dump_start+0x96c/0x1ca0 [ 104.023353][ T9791] ? ip_set_rename+0x720/0x720 [ 104.028101][ T9791] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 104.033700][ T9791] ? perf_trace_lock_acquire+0x4b0/0x530 [ 104.039326][ T9791] ? __kasan_check_write+0x14/0x20 [ 104.044558][ T9791] netlink_dump+0x558/0xfb0 [ 104.049048][ T9791] ? __netlink_sendskb+0xc0/0xc0 [ 104.053975][ T9791] __netlink_dump_start+0x66a/0x930 [ 104.059183][ T9791] ip_set_dump+0x15a/0x1d0 [ 104.063580][ T9791] ? call_ad+0x5a0/0x5a0 [ 104.067821][ T9791] ? ip_set_rename+0x720/0x720 [ 104.072566][ T9791] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 104.078373][ T9791] ? call_ad+0x5a0/0x5a0 [ 104.082622][ T9791] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 104.087549][ T9791] ? nfnetlink_bind+0x2c0/0x2c0 [ 104.092394][ T9791] ? __kasan_check_read+0x11/0x20 [ 104.097404][ T9791] ? __lock_acquire+0x8a0/0x4a00 [ 104.102335][ T9791] ? save_stack+0x5c/0x90 [ 104.106647][ T9791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.112876][ T9791] ? apparmor_capable+0x497/0x900 [ 104.117883][ T9791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.124111][ T9791] ? __kasan_check_read+0x11/0x20 [ 104.129152][ T9791] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 104.135055][ T9791] netlink_rcv_skb+0x177/0x450 [ 104.139821][ T9791] ? nfnetlink_bind+0x2c0/0x2c0 [ 104.144665][ T9791] ? netlink_ack+0xb50/0xb50 [ 104.149272][ T9791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.155539][ T9791] ? ns_capable_common+0x93/0x100 [ 104.160552][ T9791] ? ns_capable+0x20/0x30 [ 104.165120][ T9791] ? __netlink_ns_capable+0x104/0x140 [ 104.170527][ T9791] nfnetlink_rcv+0x1ba/0x460 [ 104.175186][ T9791] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 104.180754][ T9791] ? netlink_deliver_tap+0x24a/0xbe0 [ 104.186498][ T9791] ? __kasan_check_write+0x14/0x20 [ 104.191660][ T9791] netlink_unicast+0x58c/0x7d0 [ 104.196562][ T9791] ? netlink_attachskb+0x870/0x870 [ 104.201688][ T9791] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 104.207511][ T9791] ? __check_object_size+0x3d/0x437 [ 104.212723][ T9791] netlink_sendmsg+0x91c/0xea0 [ 104.217494][ T9791] ? netlink_unicast+0x7d0/0x7d0 [ 104.222415][ T9791] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 104.227941][ T9791] ? apparmor_socket_sendmsg+0x2a/0x30 [ 104.233398][ T9791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.239617][ T9791] ? security_socket_sendmsg+0x8d/0xc0 [ 104.245056][ T9791] ? netlink_unicast+0x7d0/0x7d0 [ 104.249982][ T9791] sock_sendmsg+0xd7/0x130 [ 104.254387][ T9791] ____sys_sendmsg+0x753/0x880 [ 104.259235][ T9791] ? kernel_sendmsg+0x50/0x50 [ 104.263922][ T9791] ? lockdep_init_map+0x1be/0x6d0 [ 104.268933][ T9791] ___sys_sendmsg+0x100/0x170 [ 104.273595][ T9791] ? sendmsg_copy_msghdr+0x70/0x70 [ 104.278787][ T9791] ? __kasan_check_read+0x11/0x20 [ 104.283790][ T9791] ? __lock_acquire+0x8a0/0x4a00 [ 104.288721][ T9791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.294940][ T9791] ? __this_cpu_preempt_check+0x35/0x190 [ 104.300579][ T9791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.306832][ T9791] ? percpu_counter_add_batch+0x13c/0x190 [ 104.312553][ T9791] ? __fd_install+0x1bc/0x640 [ 104.317212][ T9791] ? find_held_lock+0x35/0x130 [ 104.322405][ T9791] ? __fd_install+0x1bc/0x640 [ 104.327237][ T9791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.333459][ T9791] ? __fget_light+0x1a9/0x230 [ 104.338573][ T9791] ? __fdget+0x1b/0x20 [ 104.342624][ T9791] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 104.348842][ T9791] __sys_sendmsg+0x105/0x1d0 [ 104.353436][ T9791] ? __sys_sendmsg_sock+0xc0/0xc0 [ 104.358638][ T9791] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 104.364178][ T9791] ? do_syscall_64+0x26/0x790 [ 104.368846][ T9791] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.374911][ T9791] ? do_syscall_64+0x26/0x790 [ 104.379590][ T9791] __x64_sys_sendmsg+0x78/0xb0 [ 104.384344][ T9791] do_syscall_64+0xfa/0x790 [ 104.388831][ T9791] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.394710][ T9791] RIP: 0033:0x4404e9 [ 104.398593][ T9791] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 104.418181][ T9791] RSP: 002b:00007ffd5722ab08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 104.426573][ T9791] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404e9 [ 104.434523][ T9791] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 104.442508][ T9791] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 104.450751][ T9791] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d70 [ 104.458722][ T9791] R13: 0000000000401e00 R14: 0000000000000000 R15: 0000000000000000 [ 104.468481][ T9791] Kernel Offset: disabled [ 104.472807][ T9791] Rebooting in 86400 seconds..