[ 42.230751][ T27] audit: type=1800 audit(1579405522.284:26): pid=8014 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 42.275554][ T27] audit: type=1800 audit(1579405522.284:27): pid=8014 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 42.308962][ T27] audit: type=1800 audit(1579405522.284:28): pid=8014 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 42.994230][ T27] audit: type=1800 audit(1579405523.074:29): pid=8014 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 53.741306][ T8164] ================================================================== [ 53.749452][ T8164] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40d/0xcb0 [ 53.757004][ T8164] Read of size 8 at addr ffff8880a38d8d80 by task syz-executor563/8164 [ 53.765209][ T8164] [ 53.767508][ T8164] CPU: 1 PID: 8164 Comm: syz-executor563 Not tainted 5.5.0-rc6-syzkaller #0 [ 53.776143][ T8164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.786168][ T8164] Call Trace: [ 53.789427][ T8164] dump_stack+0x1fb/0x318 [ 53.793729][ T8164] print_address_description+0x74/0x5c0 [ 53.799240][ T8164] ? vprintk_func+0x158/0x170 [ 53.803884][ T8164] ? printk+0x62/0x8d [ 53.807853][ T8164] ? vprintk_emit+0x2d4/0x3a0 [ 53.812505][ T8164] __kasan_report+0x149/0x1c0 [ 53.817149][ T8164] ? bitmap_ip_list+0x40d/0xcb0 [ 53.821970][ T8164] kasan_report+0x26/0x50 [ 53.826272][ T8164] ? debug_smp_processor_id+0x9/0x20 [ 53.831536][ T8164] check_memory_region+0x2b6/0x2f0 [ 53.836618][ T8164] __kasan_check_read+0x11/0x20 [ 53.841435][ T8164] bitmap_ip_list+0x40d/0xcb0 [ 53.846091][ T8164] ip_set_dump_start+0x10f9/0x1800 [ 53.851188][ T8164] netlink_dump+0x4ed/0x1170 [ 53.855761][ T8164] __netlink_dump_start+0x5cb/0x7b0 [ 53.860928][ T8164] ip_set_dump+0x107/0x160 [ 53.865310][ T8164] ? __find_set_type_get+0x540/0x540 [ 53.870572][ T8164] ? ip_set_dump_start+0x1800/0x1800 [ 53.875835][ T8164] ? ip_set_swap+0x730/0x730 [ 53.880392][ T8164] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 53.885312][ T8164] ? cap_capable+0x25b/0x290 [ 53.889867][ T8164] ? cap_capable+0x25b/0x290 [ 53.894428][ T8164] netlink_rcv_skb+0x19e/0x3e0 [ 53.899158][ T8164] ? nfnetlink_bind+0x250/0x250 [ 53.903977][ T8164] nfnetlink_rcv+0x1e0/0x1e50 [ 53.908628][ T8164] ? rcu_lock_release+0x9/0x30 [ 53.913358][ T8164] ? rcu_lock_release+0x21/0x30 [ 53.918173][ T8164] ? netlink_deliver_tap+0x142/0x880 [ 53.923429][ T8164] netlink_unicast+0x767/0x920 [ 53.928160][ T8164] netlink_sendmsg+0xa2c/0xd50 [ 53.932899][ T8164] ? netlink_getsockopt+0x9f0/0x9f0 [ 53.938064][ T8164] ____sys_sendmsg+0x4f7/0x7f0 [ 53.942799][ T8164] __sys_sendmsg+0x1ed/0x290 [ 53.947360][ T8164] ? check_preemption_disabled+0xb4/0x260 [ 53.953047][ T8164] ? debug_smp_processor_id+0x9/0x20 [ 53.958297][ T8164] ? debug_smp_processor_id+0x1c/0x20 [ 53.963633][ T8164] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 53.969706][ T8164] ? prepare_exit_to_usermode+0x221/0x5b0 [ 53.975390][ T8164] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 53.981081][ T8164] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 53.986504][ T8164] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 53.992188][ T8164] ? do_syscall_64+0x1d/0x1c0 [ 53.996832][ T8164] __x64_sys_sendmsg+0x7f/0x90 [ 54.001563][ T8164] do_syscall_64+0xf7/0x1c0 [ 54.006033][ T8164] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.011895][ T8164] RIP: 0033:0x440569 [ 54.015761][ T8164] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.035328][ T8164] RSP: 002b:00007ffe41cf86b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 54.043702][ T8164] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440569 [ 54.051642][ T8164] RDX: 0000000000000010 RSI: 00000000200003c0 RDI: 0000000000000004 [ 54.059623][ T8164] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 54.067597][ T8164] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401df0 [ 54.075536][ T8164] R13: 0000000000401e80 R14: 0000000000000000 R15: 0000000000000000 [ 54.083482][ T8164] [ 54.085778][ T8164] Allocated by task 8164: [ 54.090071][ T8164] __kasan_kmalloc+0x118/0x1c0 [ 54.094810][ T8164] kasan_kmalloc+0x9/0x10 [ 54.099105][ T8164] __kmalloc+0x254/0x340 [ 54.103312][ T8164] kzalloc+0x21/0x40 [ 54.107170][ T8164] ip_set_alloc+0x32/0x60 [ 54.111462][ T8164] bitmap_ip_create+0x48b/0xac0 [ 54.116296][ T8164] ip_set_create+0x421/0xfd0 [ 54.120852][ T8164] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 54.125752][ T8164] netlink_rcv_skb+0x19e/0x3e0 [ 54.130482][ T8164] nfnetlink_rcv+0x1e0/0x1e50 [ 54.135122][ T8164] netlink_unicast+0x767/0x920 [ 54.139849][ T8164] netlink_sendmsg+0xa2c/0xd50 [ 54.144575][ T8164] ____sys_sendmsg+0x4f7/0x7f0 [ 54.149303][ T8164] __sys_sendmsg+0x1ed/0x290 [ 54.153858][ T8164] __x64_sys_sendmsg+0x7f/0x90 [ 54.158587][ T8164] do_syscall_64+0xf7/0x1c0 [ 54.163070][ T8164] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.168924][ T8164] [ 54.171223][ T8164] Freed by task 7870: [ 54.175170][ T8164] __kasan_slab_free+0x12e/0x1e0 [ 54.180069][ T8164] kasan_slab_free+0xe/0x10 [ 54.184535][ T8164] kfree+0x10d/0x220 [ 54.188398][ T8164] tomoyo_check_open_permission+0x79c/0x9d0 [ 54.194269][ T8164] tomoyo_file_open+0x141/0x190 [ 54.199088][ T8164] security_file_open+0x50/0x2e0 [ 54.203992][ T8164] do_dentry_open+0x351/0x10c0 [ 54.208722][ T8164] vfs_open+0x73/0x80 [ 54.212667][ T8164] path_openat+0x1367/0x4250 [ 54.217220][ T8164] do_filp_open+0x192/0x3d0 [ 54.221690][ T8164] do_sys_open+0x29f/0x560 [ 54.226073][ T8164] __x64_sys_open+0x87/0x90 [ 54.230545][ T8164] do_syscall_64+0xf7/0x1c0 [ 54.235015][ T8164] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.240878][ T8164] [ 54.243178][ T8164] The buggy address belongs to the object at ffff8880a38d8d80 [ 54.243178][ T8164] which belongs to the cache kmalloc-32 of size 32 [ 54.257033][ T8164] The buggy address is located 0 bytes inside of [ 54.257033][ T8164] 32-byte region [ffff8880a38d8d80, ffff8880a38d8da0) [ 54.270059][ T8164] The buggy address belongs to the page: [ 54.275779][ T8164] page:ffffea00028e3600 refcount:1 mapcount:0 mapping:ffff8880aa8001c0 index:0xffff8880a38d8fc1 [ 54.286157][ T8164] raw: 00fffe0000000200 ffffea000263d0c8 ffffea00029d7c08 ffff8880aa8001c0 [ 54.294712][ T8164] raw: ffff8880a38d8fc1 ffff8880a38d8000 000000010000002c 0000000000000000 [ 54.303269][ T8164] page dumped because: kasan: bad access detected [ 54.309648][ T8164] [ 54.311947][ T8164] Memory state around the buggy address: [ 54.317551][ T8164] ffff8880a38d8c80: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc [ 54.325620][ T8164] ffff8880a38d8d00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 54.333652][ T8164] >ffff8880a38d8d80: 04 fc fc fc fc fc fc fc 00 00 01 fc fc fc fc fc [ 54.341680][ T8164] ^ [ 54.345717][ T8164] ffff8880a38d8e00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 54.353744][ T8164] ffff8880a38d8e80: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc [ 54.361775][ T8164] ================================================================== [ 54.369804][ T8164] Disabling lock debugging due to kernel taint [ 54.377280][ T8164] Kernel panic - not syncing: panic_on_warn set ... [ 54.383853][ T8164] CPU: 1 PID: 8164 Comm: syz-executor563 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 54.393878][ T8164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.403900][ T8164] Call Trace: [ 54.407173][ T8164] dump_stack+0x1fb/0x318 [ 54.411471][ T8164] panic+0x264/0x7a9 [ 54.415329][ T8164] ? __kasan_report+0x193/0x1c0 [ 54.420139][ T8164] ? trace_hardirqs_on+0x34/0x80 [ 54.425037][ T8164] ? __kasan_report+0x193/0x1c0 [ 54.429848][ T8164] __kasan_report+0x1b9/0x1c0 [ 54.434502][ T8164] ? bitmap_ip_list+0x40d/0xcb0 [ 54.439327][ T8164] kasan_report+0x26/0x50 [ 54.443774][ T8164] ? debug_smp_processor_id+0x9/0x20 [ 54.449027][ T8164] check_memory_region+0x2b6/0x2f0 [ 54.454110][ T8164] __kasan_check_read+0x11/0x20 [ 54.458946][ T8164] bitmap_ip_list+0x40d/0xcb0 [ 54.463609][ T8164] ip_set_dump_start+0x10f9/0x1800 [ 54.468696][ T8164] netlink_dump+0x4ed/0x1170 [ 54.473256][ T8164] __netlink_dump_start+0x5cb/0x7b0 [ 54.478681][ T8164] ip_set_dump+0x107/0x160 [ 54.483196][ T8164] ? __find_set_type_get+0x540/0x540 [ 54.488450][ T8164] ? ip_set_dump_start+0x1800/0x1800 [ 54.493702][ T8164] ? ip_set_swap+0x730/0x730 [ 54.498256][ T8164] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 54.503206][ T8164] ? cap_capable+0x25b/0x290 [ 54.507763][ T8164] ? cap_capable+0x25b/0x290 [ 54.512330][ T8164] netlink_rcv_skb+0x19e/0x3e0 [ 54.517117][ T8164] ? nfnetlink_bind+0x250/0x250 [ 54.521979][ T8164] nfnetlink_rcv+0x1e0/0x1e50 [ 54.526646][ T8164] ? rcu_lock_release+0x9/0x30 [ 54.531385][ T8164] ? rcu_lock_release+0x21/0x30 [ 54.536208][ T8164] ? netlink_deliver_tap+0x142/0x880 [ 54.541468][ T8164] netlink_unicast+0x767/0x920 [ 54.546205][ T8164] netlink_sendmsg+0xa2c/0xd50 [ 54.550951][ T8164] ? netlink_getsockopt+0x9f0/0x9f0 [ 54.556123][ T8164] ____sys_sendmsg+0x4f7/0x7f0 [ 54.560866][ T8164] __sys_sendmsg+0x1ed/0x290 [ 54.565434][ T8164] ? check_preemption_disabled+0xb4/0x260 [ 54.571160][ T8164] ? debug_smp_processor_id+0x9/0x20 [ 54.576414][ T8164] ? debug_smp_processor_id+0x1c/0x20 [ 54.581759][ T8164] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 54.587803][ T8164] ? prepare_exit_to_usermode+0x221/0x5b0 [ 54.593618][ T8164] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 54.599311][ T8164] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 54.604742][ T8164] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 54.610437][ T8164] ? do_syscall_64+0x1d/0x1c0 [ 54.615201][ T8164] __x64_sys_sendmsg+0x7f/0x90 [ 54.619942][ T8164] do_syscall_64+0xf7/0x1c0 [ 54.624421][ T8164] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.630293][ T8164] RIP: 0033:0x440569 [ 54.634160][ T8164] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.653737][ T8164] RSP: 002b:00007ffe41cf86b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 54.662151][ T8164] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440569 [ 54.670091][ T8164] RDX: 0000000000000010 RSI: 00000000200003c0 RDI: 0000000000000004 [ 54.678033][ T8164] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 54.685984][ T8164] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401df0 [ 54.693938][ T8164] R13: 0000000000401e80 R14: 0000000000000000 R15: 0000000000000000 [ 54.703095][ T8164] Kernel Offset: disabled [ 54.707407][ T8164] Rebooting in 86400 seconds..