[ 85.444916][ T26] audit: type=1800 audit(1579305575.994:26): pid=9461 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 86.462312][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 86.462323][ T26] audit: type=1800 audit(1579305577.034:29): pid=9461 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 86.489186][ T26] audit: type=1800 audit(1579305577.034:30): pid=9461 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.131' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 96.041141][ T9615] ================================================================== [ 96.049340][ T9615] BUG: KASAN: slab-out-of-bounds in bitmap_port_list+0x3cf/0xdb0 [ 96.057053][ T9615] Read of size 8 at addr ffff8880a25633c0 by task syz-executor120/9615 [ 96.065321][ T9615] [ 96.067641][ T9615] CPU: 1 PID: 9615 Comm: syz-executor120 Not tainted 5.5.0-rc6-syzkaller #0 [ 96.076290][ T9615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 96.086324][ T9615] Call Trace: [ 96.089622][ T9615] dump_stack+0x197/0x210 [ 96.093954][ T9615] ? bitmap_port_list+0x3cf/0xdb0 [ 96.098989][ T9615] print_address_description.constprop.0.cold+0xd4/0x30b [ 96.105994][ T9615] ? bitmap_port_list+0x3cf/0xdb0 [ 96.111010][ T9615] ? bitmap_port_list+0x3cf/0xdb0 [ 96.116022][ T9615] __kasan_report.cold+0x1b/0x41 [ 96.120954][ T9615] ? bitmap_port_list+0x3cf/0xdb0 [ 96.125958][ T9615] kasan_report+0x12/0x20 [ 96.130267][ T9615] check_memory_region+0x134/0x1a0 [ 96.135369][ T9615] __kasan_check_read+0x11/0x20 [ 96.140201][ T9615] bitmap_port_list+0x3cf/0xdb0 [ 96.145030][ T9615] ? bitmap_port_head+0x296/0x600 [ 96.150035][ T9615] ? bitmap_port_del+0x380/0x380 [ 96.154963][ T9615] ? nla_put+0x110/0x150 [ 96.159187][ T9615] ip_set_dump_start+0x96c/0x1ca0 [ 96.164207][ T9615] ? ip_set_rename+0x720/0x720 [ 96.168960][ T9615] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 96.174486][ T9615] ? perf_trace_lock_acquire+0x4c0/0x530 [ 96.180097][ T9615] ? __kasan_check_write+0x14/0x20 [ 96.185190][ T9615] netlink_dump+0x558/0xfb0 [ 96.189689][ T9615] ? __netlink_sendskb+0xc0/0xc0 [ 96.194612][ T9615] __netlink_dump_start+0x66a/0x930 [ 96.199796][ T9615] ip_set_dump+0x15a/0x1d0 [ 96.204207][ T9615] ? call_ad+0x5a0/0x5a0 [ 96.208447][ T9615] ? ip_set_rename+0x720/0x720 [ 96.213196][ T9615] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 96.218985][ T9615] ? call_ad+0x5a0/0x5a0 [ 96.223219][ T9615] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 96.228156][ T9615] ? nfnetlink_bind+0x2c0/0x2c0 [ 96.232993][ T9615] ? __kasan_check_read+0x11/0x20 [ 96.237998][ T9615] ? __lock_acquire+0x8a0/0x4a00 [ 96.242916][ T9615] ? save_stack+0x5c/0x90 [ 96.247247][ T9615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.253473][ T9615] ? apparmor_capable+0x497/0x900 [ 96.258495][ T9615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.265183][ T9615] ? __kasan_check_read+0x11/0x20 [ 96.270187][ T9615] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 96.276060][ T9615] netlink_rcv_skb+0x177/0x450 [ 96.280817][ T9615] ? nfnetlink_bind+0x2c0/0x2c0 [ 96.285649][ T9615] ? netlink_ack+0xb50/0xb50 [ 96.290217][ T9615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.296435][ T9615] ? ns_capable_common+0x93/0x100 [ 96.301444][ T9615] ? ns_capable+0x20/0x30 [ 96.305777][ T9615] ? __netlink_ns_capable+0x104/0x140 [ 96.311135][ T9615] nfnetlink_rcv+0x1ba/0x460 [ 96.315706][ T9615] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 96.321142][ T9615] ? netlink_deliver_tap+0x24a/0xbe0 [ 96.326409][ T9615] ? __kasan_check_write+0x14/0x20 [ 96.331502][ T9615] netlink_unicast+0x58c/0x7d0 [ 96.336250][ T9615] ? netlink_attachskb+0x870/0x870 [ 96.341359][ T9615] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 96.347059][ T9615] ? __check_object_size+0x3d/0x437 [ 96.352239][ T9615] netlink_sendmsg+0x91c/0xea0 [ 96.356985][ T9615] ? netlink_unicast+0x7d0/0x7d0 [ 96.361903][ T9615] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 96.367430][ T9615] ? apparmor_socket_sendmsg+0x2a/0x30 [ 96.372876][ T9615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.379109][ T9615] ? security_socket_sendmsg+0x8d/0xc0 [ 96.384548][ T9615] ? netlink_unicast+0x7d0/0x7d0 [ 96.389469][ T9615] sock_sendmsg+0xd7/0x130 [ 96.393866][ T9615] ____sys_sendmsg+0x753/0x880 [ 96.398627][ T9615] ? kernel_sendmsg+0x50/0x50 [ 96.403298][ T9615] ? lockdep_init_map+0x1be/0x6d0 [ 96.408308][ T9615] ___sys_sendmsg+0x100/0x170 [ 96.412965][ T9615] ? sendmsg_copy_msghdr+0x70/0x70 [ 96.418069][ T9615] ? __kasan_check_read+0x11/0x20 [ 96.423091][ T9615] ? __lock_acquire+0x8a0/0x4a00 [ 96.428025][ T9615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.434289][ T9615] ? __this_cpu_preempt_check+0x35/0x190 [ 96.440038][ T9615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.446374][ T9615] ? percpu_counter_add_batch+0x13c/0x190 [ 96.452089][ T9615] ? __fd_install+0x1bc/0x640 [ 96.456747][ T9615] ? find_held_lock+0x35/0x130 [ 96.461504][ T9615] ? __fd_install+0x1bc/0x640 [ 96.466165][ T9615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.472385][ T9615] ? __fget_light+0x1a9/0x230 [ 96.477040][ T9615] ? __fdget+0x1b/0x20 [ 96.481095][ T9615] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 96.487320][ T9615] __sys_sendmsg+0x105/0x1d0 [ 96.491889][ T9615] ? __sys_sendmsg_sock+0xc0/0xc0 [ 96.496911][ T9615] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 96.502413][ T9615] ? do_fast_syscall_32+0xd1/0xe16 [ 96.507518][ T9615] ? entry_SYSENTER_compat+0x70/0x7f [ 96.512809][ T9615] ? do_fast_syscall_32+0xd1/0xe16 [ 96.517908][ T9615] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 96.523353][ T9615] do_fast_syscall_32+0x27b/0xe16 [ 96.528568][ T9615] entry_SYSENTER_compat+0x70/0x7f [ 96.533669][ T9615] RIP: 0023:0xf7f50a39 [ 96.537729][ T9615] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 96.557327][ T9615] RSP: 002b:00000000fffb91bc EFLAGS: 00000202 ORIG_RAX: 0000000000000172 [ 96.565718][ T9615] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000540 [ 96.573671][ T9615] RDX: 0000000000000000 RSI: 00000000080ea080 RDI: 00000000fffb9210 [ 96.581623][ T9615] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 96.589574][ T9615] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 96.597526][ T9615] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 96.605518][ T9615] [ 96.607912][ T9615] Allocated by task 9615: [ 96.612224][ T9615] save_stack+0x23/0x90 [ 96.616355][ T9615] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 96.621967][ T9615] kasan_kmalloc+0x9/0x10 [ 96.626275][ T9615] __kmalloc+0x163/0x770 [ 96.630495][ T9615] ip_set_alloc+0x38/0x5e [ 96.634799][ T9615] bitmap_port_create+0x3dc/0x7c0 [ 96.639818][ T9615] ip_set_create+0x6f1/0x1500 [ 96.644485][ T9615] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 96.649400][ T9615] netlink_rcv_skb+0x177/0x450 [ 96.654140][ T9615] nfnetlink_rcv+0x1ba/0x460 [ 96.658706][ T9615] netlink_unicast+0x58c/0x7d0 [ 96.663444][ T9615] netlink_sendmsg+0x91c/0xea0 [ 96.668197][ T9615] sock_sendmsg+0xd7/0x130 [ 96.672593][ T9615] ____sys_sendmsg+0x753/0x880 [ 96.677335][ T9615] ___sys_sendmsg+0x100/0x170 [ 96.681990][ T9615] __sys_sendmsg+0x105/0x1d0 [ 96.686557][ T9615] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 96.692031][ T9615] do_fast_syscall_32+0x27b/0xe16 [ 96.697032][ T9615] entry_SYSENTER_compat+0x70/0x7f [ 96.702114][ T9615] [ 96.704420][ T9615] Freed by task 9345: [ 96.708380][ T9615] save_stack+0x23/0x90 [ 96.712510][ T9615] __kasan_slab_free+0x102/0x150 [ 96.717466][ T9615] kasan_slab_free+0xe/0x10 [ 96.721948][ T9615] kfree+0x10a/0x2c0 [ 96.725823][ T9615] tomoyo_check_open_permission+0x19e/0x3e0 [ 96.731694][ T9615] tomoyo_file_open+0xa9/0xd0 [ 96.736389][ T9615] security_file_open+0x71/0x300 [ 96.741307][ T9615] do_dentry_open+0x37a/0x1380 [ 96.746044][ T9615] vfs_open+0xa0/0xd0 [ 96.750002][ T9615] path_openat+0x118b/0x3180 [ 96.754588][ T9615] do_filp_open+0x1a1/0x280 [ 96.759068][ T9615] do_sys_open+0x3fe/0x5d0 [ 96.763461][ T9615] __x64_sys_open+0x7e/0xc0 [ 96.767942][ T9615] do_syscall_64+0xfa/0x790 [ 96.772420][ T9615] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.778318][ T9615] [ 96.780626][ T9615] The buggy address belongs to the object at ffff8880a25633c0 [ 96.780626][ T9615] which belongs to the cache kmalloc-32 of size 32 [ 96.794482][ T9615] The buggy address is located 0 bytes inside of [ 96.794482][ T9615] 32-byte region [ffff8880a25633c0, ffff8880a25633e0) [ 96.807482][ T9615] The buggy address belongs to the page: [ 96.813099][ T9615] page:ffffea00028958c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a2563fc1 [ 96.823509][ T9615] raw: 00fffe0000000200 ffffea00029e4ec8 ffffea00026df0c8 ffff8880aa4001c0 [ 96.832088][ T9615] raw: ffff8880a2563fc1 ffff8880a2563000 000000010000003f 0000000000000000 [ 96.840658][ T9615] page dumped because: kasan: bad access detected [ 96.847080][ T9615] [ 96.849390][ T9615] Memory state around the buggy address: [ 96.855005][ T9615] ffff8880a2563280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 96.863048][ T9615] ffff8880a2563300: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 96.871129][ T9615] >ffff8880a2563380: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 96.879167][ T9615] ^ [ 96.885298][ T9615] ffff8880a2563400: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 96.893377][ T9615] ffff8880a2563480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 96.901448][ T9615] ================================================================== [ 96.909486][ T9615] Disabling lock debugging due to kernel taint [ 96.917105][ T9615] Kernel panic - not syncing: panic_on_warn set ... [ 96.923726][ T9615] CPU: 0 PID: 9615 Comm: syz-executor120 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 96.933760][ T9615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 96.943793][ T9615] Call Trace: [ 96.947105][ T9615] dump_stack+0x197/0x210 [ 96.951414][ T9615] panic+0x2e3/0x75c [ 96.955285][ T9615] ? add_taint.cold+0x16/0x16 [ 96.959975][ T9615] ? bitmap_port_list+0x3cf/0xdb0 [ 96.965012][ T9615] ? preempt_schedule+0x4b/0x60 [ 96.969856][ T9615] ? ___preempt_schedule+0x16/0x18 [ 96.974988][ T9615] ? trace_hardirqs_on+0x5e/0x240 [ 96.979988][ T9615] ? bitmap_port_list+0x3cf/0xdb0 [ 96.985025][ T9615] end_report+0x47/0x4f [ 96.989156][ T9615] ? bitmap_port_list+0x3cf/0xdb0 [ 96.994155][ T9615] __kasan_report.cold+0xe/0x41 [ 96.999018][ T9615] ? bitmap_port_list+0x3cf/0xdb0 [ 97.004019][ T9615] kasan_report+0x12/0x20 [ 97.008367][ T9615] check_memory_region+0x134/0x1a0 [ 97.013488][ T9615] __kasan_check_read+0x11/0x20 [ 97.018315][ T9615] bitmap_port_list+0x3cf/0xdb0 [ 97.023141][ T9615] ? bitmap_port_head+0x296/0x600 [ 97.028157][ T9615] ? bitmap_port_del+0x380/0x380 [ 97.033073][ T9615] ? nla_put+0x110/0x150 [ 97.037313][ T9615] ip_set_dump_start+0x96c/0x1ca0 [ 97.042330][ T9615] ? ip_set_rename+0x720/0x720 [ 97.047071][ T9615] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 97.052595][ T9615] ? perf_trace_lock_acquire+0x4c0/0x530 [ 97.058203][ T9615] ? __kasan_check_write+0x14/0x20 [ 97.063301][ T9615] netlink_dump+0x558/0xfb0 [ 97.067779][ T9615] ? __netlink_sendskb+0xc0/0xc0 [ 97.072698][ T9615] __netlink_dump_start+0x66a/0x930 [ 97.077871][ T9615] ip_set_dump+0x15a/0x1d0 [ 97.082274][ T9615] ? call_ad+0x5a0/0x5a0 [ 97.086503][ T9615] ? ip_set_rename+0x720/0x720 [ 97.091254][ T9615] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 97.097035][ T9615] ? call_ad+0x5a0/0x5a0 [ 97.101256][ T9615] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 97.106186][ T9615] ? nfnetlink_bind+0x2c0/0x2c0 [ 97.111028][ T9615] ? __kasan_check_read+0x11/0x20 [ 97.116062][ T9615] ? __lock_acquire+0x8a0/0x4a00 [ 97.120991][ T9615] ? save_stack+0x5c/0x90 [ 97.125409][ T9615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.131637][ T9615] ? apparmor_capable+0x497/0x900 [ 97.136639][ T9615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.142871][ T9615] ? __kasan_check_read+0x11/0x20 [ 97.147888][ T9615] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 97.153331][ T9615] netlink_rcv_skb+0x177/0x450 [ 97.158074][ T9615] ? nfnetlink_bind+0x2c0/0x2c0 [ 97.162899][ T9615] ? netlink_ack+0xb50/0xb50 [ 97.167465][ T9615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.173685][ T9615] ? ns_capable_common+0x93/0x100 [ 97.178725][ T9615] ? ns_capable+0x20/0x30 [ 97.183031][ T9615] ? __netlink_ns_capable+0x104/0x140 [ 97.188393][ T9615] nfnetlink_rcv+0x1ba/0x460 [ 97.192971][ T9615] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 97.198447][ T9615] ? netlink_deliver_tap+0x24a/0xbe0 [ 97.203728][ T9615] ? __kasan_check_write+0x14/0x20 [ 97.208866][ T9615] netlink_unicast+0x58c/0x7d0 [ 97.213663][ T9615] ? netlink_attachskb+0x870/0x870 [ 97.218771][ T9615] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 97.224471][ T9615] ? __check_object_size+0x3d/0x437 [ 97.229690][ T9615] netlink_sendmsg+0x91c/0xea0 [ 97.234534][ T9615] ? netlink_unicast+0x7d0/0x7d0 [ 97.239473][ T9615] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 97.245004][ T9615] ? apparmor_socket_sendmsg+0x2a/0x30 [ 97.250457][ T9615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.256726][ T9615] ? security_socket_sendmsg+0x8d/0xc0 [ 97.262178][ T9615] ? netlink_unicast+0x7d0/0x7d0 [ 97.267140][ T9615] sock_sendmsg+0xd7/0x130 [ 97.271543][ T9615] ____sys_sendmsg+0x753/0x880 [ 97.276281][ T9615] ? kernel_sendmsg+0x50/0x50 [ 97.280955][ T9615] ? lockdep_init_map+0x1be/0x6d0 [ 97.285958][ T9615] ___sys_sendmsg+0x100/0x170 [ 97.290611][ T9615] ? sendmsg_copy_msghdr+0x70/0x70 [ 97.295696][ T9615] ? __kasan_check_read+0x11/0x20 [ 97.300703][ T9615] ? __lock_acquire+0x8a0/0x4a00 [ 97.305616][ T9615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.311843][ T9615] ? __this_cpu_preempt_check+0x35/0x190 [ 97.317450][ T9615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.323667][ T9615] ? percpu_counter_add_batch+0x13c/0x190 [ 97.329361][ T9615] ? __fd_install+0x1bc/0x640 [ 97.334022][ T9615] ? find_held_lock+0x35/0x130 [ 97.338781][ T9615] ? __fd_install+0x1bc/0x640 [ 97.343433][ T9615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.349646][ T9615] ? __fget_light+0x1a9/0x230 [ 97.354302][ T9615] ? __fdget+0x1b/0x20 [ 97.358360][ T9615] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 97.364595][ T9615] __sys_sendmsg+0x105/0x1d0 [ 97.369169][ T9615] ? __sys_sendmsg_sock+0xc0/0xc0 [ 97.374199][ T9615] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 97.379658][ T9615] ? do_fast_syscall_32+0xd1/0xe16 [ 97.384751][ T9615] ? entry_SYSENTER_compat+0x70/0x7f [ 97.390014][ T9615] ? do_fast_syscall_32+0xd1/0xe16 [ 97.395153][ T9615] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 97.400603][ T9615] do_fast_syscall_32+0x27b/0xe16 [ 97.405647][ T9615] entry_SYSENTER_compat+0x70/0x7f [ 97.410784][ T9615] RIP: 0023:0xf7f50a39 [ 97.414832][ T9615] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 97.434421][ T9615] RSP: 002b:00000000fffb91bc EFLAGS: 00000202 ORIG_RAX: 0000000000000172 [ 97.442857][ T9615] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000540 [ 97.450843][ T9615] RDX: 0000000000000000 RSI: 00000000080ea080 RDI: 00000000fffb9210 [ 97.458944][ T9615] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 97.466897][ T9615] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 97.474860][ T9615] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 97.484039][ T9615] Kernel Offset: disabled [ 97.488374][ T9615] Rebooting in 86400 seconds..