[ 86.423128][ T27] audit: type=1800 audit(1579324484.805:26): pid=9310 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 87.380640][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 87.380652][ T27] audit: type=1800 audit(1579324485.785:29): pid=9310 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 87.407259][ T27] audit: type=1800 audit(1579324485.785:30): pid=9310 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 97.093668][ T9465] ================================================================== [ 97.101920][ T9465] BUG: KASAN: slab-out-of-bounds in bitmap_port_list+0x3cf/0xdb0 [ 97.109633][ T9465] Read of size 8 at addr ffff88809dc9c1c0 by task syz-executor886/9465 [ 97.117853][ T9465] [ 97.120172][ T9465] CPU: 1 PID: 9465 Comm: syz-executor886 Not tainted 5.5.0-rc5-syzkaller #0 [ 97.128828][ T9465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.138874][ T9465] Call Trace: [ 97.142155][ T9465] dump_stack+0x197/0x210 [ 97.146479][ T9465] ? bitmap_port_list+0x3cf/0xdb0 [ 97.151555][ T9465] print_address_description.constprop.0.cold+0xd4/0x30b [ 97.158585][ T9465] ? bitmap_port_list+0x3cf/0xdb0 [ 97.163593][ T9465] ? bitmap_port_list+0x3cf/0xdb0 [ 97.168656][ T9465] __kasan_report.cold+0x1b/0x41 [ 97.173588][ T9465] ? bitmap_port_list+0x3cf/0xdb0 [ 97.178598][ T9465] kasan_report+0x12/0x20 [ 97.182972][ T9465] check_memory_region+0x134/0x1a0 [ 97.188086][ T9465] __kasan_check_read+0x11/0x20 [ 97.192920][ T9465] bitmap_port_list+0x3cf/0xdb0 [ 97.197755][ T9465] ? bitmap_port_head+0x296/0x600 [ 97.202914][ T9465] ? bitmap_port_del+0x380/0x380 [ 97.207855][ T9465] ? nla_put+0x110/0x150 [ 97.212095][ T9465] ip_set_dump_start+0x96c/0x1ca0 [ 97.217139][ T9465] ? ip_set_rename+0x720/0x720 [ 97.221895][ T9465] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 97.227452][ T9465] ? zap_class+0xe40/0xe60 [ 97.231882][ T9465] ? __kasan_check_write+0x14/0x20 [ 97.237010][ T9465] netlink_dump+0x558/0xfb0 [ 97.241506][ T9465] ? __netlink_sendskb+0xc0/0xc0 [ 97.246454][ T9465] __netlink_dump_start+0x673/0x930 [ 97.251646][ T9465] ip_set_dump+0x15a/0x1d0 [ 97.256046][ T9465] ? call_ad+0x5a0/0x5a0 [ 97.260290][ T9465] ? ip_set_rename+0x720/0x720 [ 97.265041][ T9465] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 97.270877][ T9465] ? call_ad+0x5a0/0x5a0 [ 97.275237][ T9465] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 97.280168][ T9465] ? nfnetlink_bind+0x2c0/0x2c0 [ 97.285177][ T9465] ? __kasan_check_read+0x11/0x20 [ 97.290189][ T9465] ? __lock_acquire+0x8a0/0x4a00 [ 97.295110][ T9465] ? save_stack+0x5c/0x90 [ 97.299438][ T9465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.305670][ T9465] ? apparmor_capable+0x497/0x900 [ 97.310764][ T9465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.316989][ T9465] ? __kasan_check_read+0x11/0x20 [ 97.322002][ T9465] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 97.327463][ T9465] netlink_rcv_skb+0x177/0x450 [ 97.332217][ T9465] ? nfnetlink_bind+0x2c0/0x2c0 [ 97.337064][ T9465] ? netlink_ack+0xb50/0xb50 [ 97.341648][ T9465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.347891][ T9465] ? ns_capable_common+0x93/0x100 [ 97.352900][ T9465] ? ns_capable+0x20/0x30 [ 97.357215][ T9465] ? __netlink_ns_capable+0x104/0x140 [ 97.362592][ T9465] nfnetlink_rcv+0x1ba/0x460 [ 97.367182][ T9465] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 97.372744][ T9465] ? netlink_deliver_tap+0x24a/0xbf0 [ 97.378020][ T9465] ? __kasan_check_write+0x14/0x20 [ 97.383149][ T9465] netlink_unicast+0x59e/0x7e0 [ 97.387900][ T9465] ? netlink_attachskb+0x870/0x870 [ 97.393008][ T9465] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 97.398717][ T9465] ? __check_object_size+0x3d/0x437 [ 97.403908][ T9465] netlink_sendmsg+0x91c/0xea0 [ 97.408662][ T9465] ? netlink_unicast+0x7e0/0x7e0 [ 97.413595][ T9465] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 97.419132][ T9465] ? apparmor_socket_sendmsg+0x2a/0x30 [ 97.424577][ T9465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.430821][ T9465] ? security_socket_sendmsg+0x8d/0xc0 [ 97.436270][ T9465] ? netlink_unicast+0x7e0/0x7e0 [ 97.441329][ T9465] sock_sendmsg+0xd7/0x130 [ 97.445833][ T9465] ____sys_sendmsg+0x753/0x880 [ 97.450597][ T9465] ? kernel_sendmsg+0x50/0x50 [ 97.455262][ T9465] ? lockdep_init_map+0x1be/0x6d0 [ 97.460281][ T9465] ___sys_sendmsg+0x100/0x170 [ 97.465010][ T9465] ? sendmsg_copy_msghdr+0x70/0x70 [ 97.470231][ T9465] ? __kasan_check_read+0x11/0x20 [ 97.475408][ T9465] ? __lock_acquire+0x8a0/0x4a00 [ 97.480494][ T9465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.486734][ T9465] ? __this_cpu_preempt_check+0x35/0x190 [ 97.492362][ T9465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.498594][ T9465] ? percpu_counter_add_batch+0x13c/0x190 [ 97.504299][ T9465] ? __fd_install+0x1bc/0x640 [ 97.509078][ T9465] ? find_held_lock+0x35/0x130 [ 97.513833][ T9465] ? __fd_install+0x1bc/0x640 [ 97.518514][ T9465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.524768][ T9465] ? __fget_light+0x1a9/0x230 [ 97.529446][ T9465] ? __fdget+0x1b/0x20 [ 97.533593][ T9465] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 97.539921][ T9465] __sys_sendmsg+0x105/0x1d0 [ 97.544502][ T9465] ? __sys_sendmsg_sock+0xc0/0xc0 [ 97.549571][ T9465] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 97.555053][ T9465] ? do_syscall_64+0x26/0x790 [ 97.559717][ T9465] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.565783][ T9465] ? do_syscall_64+0x26/0x790 [ 97.570983][ T9465] __x64_sys_sendmsg+0x78/0xb0 [ 97.575808][ T9465] do_syscall_64+0xfa/0x790 [ 97.580340][ T9465] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.586228][ T9465] RIP: 0033:0x4404e9 [ 97.590153][ T9465] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 97.609845][ T9465] RSP: 002b:00007fff1e1d36e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 97.618265][ T9465] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404e9 [ 97.626252][ T9465] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 97.634206][ T9465] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 97.642160][ T9465] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d70 [ 97.650131][ T9465] R13: 0000000000401e00 R14: 0000000000000000 R15: 0000000000000000 [ 97.658090][ T9465] [ 97.660398][ T9465] Allocated by task 9465: [ 97.664730][ T9465] save_stack+0x23/0x90 [ 97.668865][ T9465] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 97.674486][ T9465] kasan_kmalloc+0x9/0x10 [ 97.678812][ T9465] __kmalloc+0x163/0x770 [ 97.683044][ T9465] ip_set_alloc+0x38/0x5e [ 97.687363][ T9465] bitmap_port_create+0x3dc/0x7c0 [ 97.692366][ T9465] ip_set_create+0x6f1/0x1500 [ 97.697023][ T9465] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 97.701941][ T9465] netlink_rcv_skb+0x177/0x450 [ 97.706684][ T9465] nfnetlink_rcv+0x1ba/0x460 [ 97.711252][ T9465] netlink_unicast+0x59e/0x7e0 [ 97.715994][ T9465] netlink_sendmsg+0x91c/0xea0 [ 97.720752][ T9465] sock_sendmsg+0xd7/0x130 [ 97.725159][ T9465] ____sys_sendmsg+0x753/0x880 [ 97.729899][ T9465] ___sys_sendmsg+0x100/0x170 [ 97.734570][ T9465] __sys_sendmsg+0x105/0x1d0 [ 97.739148][ T9465] __x64_sys_sendmsg+0x78/0xb0 [ 97.743896][ T9465] do_syscall_64+0xfa/0x790 [ 97.748391][ T9465] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.754264][ T9465] [ 97.756576][ T9465] Freed by task 9194: [ 97.760549][ T9465] save_stack+0x23/0x90 [ 97.764705][ T9465] __kasan_slab_free+0x102/0x150 [ 97.769624][ T9465] kasan_slab_free+0xe/0x10 [ 97.774116][ T9465] kfree+0x10a/0x2c0 [ 97.777992][ T9465] tomoyo_path_perm+0x24e/0x430 [ 97.782820][ T9465] tomoyo_inode_getattr+0x1d/0x30 [ 97.787836][ T9465] security_inode_getattr+0xf2/0x150 [ 97.793101][ T9465] vfs_getattr+0x25/0x70 [ 97.797317][ T9465] vfs_statx+0x157/0x200 [ 97.801538][ T9465] __do_sys_newstat+0xa4/0x130 [ 97.806303][ T9465] __x64_sys_newstat+0x54/0x80 [ 97.811048][ T9465] do_syscall_64+0xfa/0x790 [ 97.815531][ T9465] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.821395][ T9465] [ 97.823703][ T9465] The buggy address belongs to the object at ffff88809dc9c1c0 [ 97.823703][ T9465] which belongs to the cache kmalloc-32 of size 32 [ 97.837561][ T9465] The buggy address is located 0 bytes inside of [ 97.837561][ T9465] 32-byte region [ffff88809dc9c1c0, ffff88809dc9c1e0) [ 97.850543][ T9465] The buggy address belongs to the page: [ 97.856162][ T9465] page:ffffea0002772700 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809dc9cfc1 [ 97.866553][ T9465] raw: 00fffe0000000200 ffffea00029af888 ffffea0002768a48 ffff8880aa4001c0 [ 97.875132][ T9465] raw: ffff88809dc9cfc1 ffff88809dc9c000 0000000100000037 0000000000000000 [ 97.883691][ T9465] page dumped because: kasan: bad access detected [ 97.890076][ T9465] [ 97.892382][ T9465] Memory state around the buggy address: [ 97.897996][ T9465] ffff88809dc9c080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 97.906062][ T9465] ffff88809dc9c100: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 97.914101][ T9465] >ffff88809dc9c180: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 97.922136][ T9465] ^ [ 97.928266][ T9465] ffff88809dc9c200: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 97.936305][ T9465] ffff88809dc9c280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 97.944354][ T9465] ================================================================== [ 97.952391][ T9465] Disabling lock debugging due to kernel taint [ 97.959658][ T9465] Kernel panic - not syncing: panic_on_warn set ... [ 97.966257][ T9465] CPU: 1 PID: 9465 Comm: syz-executor886 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 97.976304][ T9465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.986347][ T9465] Call Trace: [ 97.989625][ T9465] dump_stack+0x197/0x210 [ 97.993946][ T9465] panic+0x2e3/0x75c [ 97.997819][ T9465] ? add_taint.cold+0x16/0x16 [ 98.002484][ T9465] ? bitmap_port_list+0x3cf/0xdb0 [ 98.007500][ T9465] ? preempt_schedule+0x4b/0x60 [ 98.012330][ T9465] ? ___preempt_schedule+0x16/0x18 [ 98.017428][ T9465] ? trace_hardirqs_on+0x5e/0x240 [ 98.022447][ T9465] ? bitmap_port_list+0x3cf/0xdb0 [ 98.027452][ T9465] end_report+0x47/0x4f [ 98.031585][ T9465] ? bitmap_port_list+0x3cf/0xdb0 [ 98.036585][ T9465] __kasan_report.cold+0xe/0x41 [ 98.041415][ T9465] ? bitmap_port_list+0x3cf/0xdb0 [ 98.046414][ T9465] kasan_report+0x12/0x20 [ 98.050719][ T9465] check_memory_region+0x134/0x1a0 [ 98.055806][ T9465] __kasan_check_read+0x11/0x20 [ 98.060645][ T9465] bitmap_port_list+0x3cf/0xdb0 [ 98.066698][ T9465] ? bitmap_port_head+0x296/0x600 [ 98.071712][ T9465] ? bitmap_port_del+0x380/0x380 [ 98.076685][ T9465] ? nla_put+0x110/0x150 [ 98.080911][ T9465] ip_set_dump_start+0x96c/0x1ca0 [ 98.085973][ T9465] ? ip_set_rename+0x720/0x720 [ 98.090724][ T9465] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 98.096293][ T9465] ? zap_class+0xe40/0xe60 [ 98.100691][ T9465] ? __kasan_check_write+0x14/0x20 [ 98.105780][ T9465] netlink_dump+0x558/0xfb0 [ 98.110261][ T9465] ? __netlink_sendskb+0xc0/0xc0 [ 98.115177][ T9465] __netlink_dump_start+0x673/0x930 [ 98.120353][ T9465] ip_set_dump+0x15a/0x1d0 [ 98.124759][ T9465] ? call_ad+0x5a0/0x5a0 [ 98.129106][ T9465] ? ip_set_rename+0x720/0x720 [ 98.133903][ T9465] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 98.141047][ T9465] ? call_ad+0x5a0/0x5a0 [ 98.145270][ T9465] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 98.150189][ T9465] ? nfnetlink_bind+0x2c0/0x2c0 [ 98.155036][ T9465] ? __kasan_check_read+0x11/0x20 [ 98.160041][ T9465] ? __lock_acquire+0x8a0/0x4a00 [ 98.164953][ T9465] ? save_stack+0x5c/0x90 [ 98.169261][ T9465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.175479][ T9465] ? apparmor_capable+0x497/0x900 [ 98.180505][ T9465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.186859][ T9465] ? __kasan_check_read+0x11/0x20 [ 98.191871][ T9465] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 98.197312][ T9465] netlink_rcv_skb+0x177/0x450 [ 98.202076][ T9465] ? nfnetlink_bind+0x2c0/0x2c0 [ 98.206972][ T9465] ? netlink_ack+0xb50/0xb50 [ 98.211546][ T9465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.217904][ T9465] ? ns_capable_common+0x93/0x100 [ 98.222929][ T9465] ? ns_capable+0x20/0x30 [ 98.227239][ T9465] ? __netlink_ns_capable+0x104/0x140 [ 98.232621][ T9465] nfnetlink_rcv+0x1ba/0x460 [ 98.237193][ T9465] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 98.242635][ T9465] ? netlink_deliver_tap+0x24a/0xbf0 [ 98.247898][ T9465] ? __kasan_check_write+0x14/0x20 [ 98.252988][ T9465] netlink_unicast+0x59e/0x7e0 [ 98.257733][ T9465] ? netlink_attachskb+0x870/0x870 [ 98.262833][ T9465] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 98.268536][ T9465] ? __check_object_size+0x3d/0x437 [ 98.273735][ T9465] netlink_sendmsg+0x91c/0xea0 [ 98.278498][ T9465] ? netlink_unicast+0x7e0/0x7e0 [ 98.283415][ T9465] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 98.288954][ T9465] ? apparmor_socket_sendmsg+0x2a/0x30 [ 98.294398][ T9465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.300623][ T9465] ? security_socket_sendmsg+0x8d/0xc0 [ 98.306076][ T9465] ? netlink_unicast+0x7e0/0x7e0 [ 98.310997][ T9465] sock_sendmsg+0xd7/0x130 [ 98.315392][ T9465] ____sys_sendmsg+0x753/0x880 [ 98.320136][ T9465] ? kernel_sendmsg+0x50/0x50 [ 98.324804][ T9465] ? lockdep_init_map+0x1be/0x6d0 [ 98.329806][ T9465] ___sys_sendmsg+0x100/0x170 [ 98.334472][ T9465] ? sendmsg_copy_msghdr+0x70/0x70 [ 98.339564][ T9465] ? __kasan_check_read+0x11/0x20 [ 98.344562][ T9465] ? __lock_acquire+0x8a0/0x4a00 [ 98.349486][ T9465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.355719][ T9465] ? __this_cpu_preempt_check+0x35/0x190 [ 98.361340][ T9465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.367559][ T9465] ? percpu_counter_add_batch+0x13c/0x190 [ 98.373255][ T9465] ? __fd_install+0x1bc/0x640 [ 98.377907][ T9465] ? find_held_lock+0x35/0x130 [ 98.382654][ T9465] ? __fd_install+0x1bc/0x640 [ 98.387316][ T9465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.393532][ T9465] ? __fget_light+0x1a9/0x230 [ 98.398195][ T9465] ? __fdget+0x1b/0x20 [ 98.402255][ T9465] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 98.408484][ T9465] __sys_sendmsg+0x105/0x1d0 [ 98.413059][ T9465] ? __sys_sendmsg_sock+0xc0/0xc0 [ 98.418065][ T9465] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 98.423498][ T9465] ? do_syscall_64+0x26/0x790 [ 98.428161][ T9465] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.434203][ T9465] ? do_syscall_64+0x26/0x790 [ 98.438861][ T9465] __x64_sys_sendmsg+0x78/0xb0 [ 98.443616][ T9465] do_syscall_64+0xfa/0x790 [ 98.448099][ T9465] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.453975][ T9465] RIP: 0033:0x4404e9 [ 98.457852][ T9465] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 98.477553][ T9465] RSP: 002b:00007fff1e1d36e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 98.485954][ T9465] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404e9 [ 98.493914][ T9465] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 98.501875][ T9465] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 98.509877][ T9465] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d70 [ 98.517833][ T9465] R13: 0000000000401e00 R14: 0000000000000000 R15: 0000000000000000 [ 98.527470][ T9465] Kernel Offset: disabled [ 98.531800][ T9465] Rebooting in 86400 seconds..