[ 74.713409][ T27] audit: type=1800 audit(1579975759.721:25): pid=9750 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 75.587796][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 75.587808][ T27] audit: type=1800 audit(1579975760.591:29): pid=9750 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 75.615200][ T27] audit: type=1800 audit(1579975760.591:30): pid=9750 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.245' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 84.760228][ T9906] ================================================================== [ 84.768445][ T9906] BUG: KASAN: slab-out-of-bounds in bitmap_port_ext_cleanup+0xe6/0x2a0 [ 84.776666][ T9906] Read of size 8 at addr ffff88809e590f40 by task syz-executor244/9906 [ 84.784886][ T9906] [ 84.787323][ T9906] CPU: 1 PID: 9906 Comm: syz-executor244 Not tainted 5.5.0-rc7-syzkaller #0 [ 84.796162][ T9906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.806274][ T9906] Call Trace: [ 84.809559][ T9906] dump_stack+0x197/0x210 [ 84.813953][ T9906] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 84.819497][ T9906] print_address_description.constprop.0.cold+0xd4/0x30b [ 84.827023][ T9906] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 84.832574][ T9906] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 84.838107][ T9906] __kasan_report.cold+0x1b/0x41 [ 84.843033][ T9906] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 84.848575][ T9906] kasan_report+0x12/0x20 [ 84.853006][ T9906] check_memory_region+0x134/0x1a0 [ 84.858104][ T9906] __kasan_check_read+0x11/0x20 [ 84.862942][ T9906] bitmap_port_ext_cleanup+0xe6/0x2a0 [ 84.868327][ T9906] bitmap_port_destroy+0x180/0x1d0 [ 84.873546][ T9906] ip_set_create+0xe47/0x1500 [ 84.878337][ T9906] ? ip_set_destroy+0xb70/0xb70 [ 84.883314][ T9906] ? ip_set_destroy+0xb70/0xb70 [ 84.888165][ T9906] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 84.893113][ T9906] ? nfnetlink_bind+0x2c0/0x2c0 [ 84.897963][ T9906] ? __kasan_check_read+0x11/0x20 [ 84.902984][ T9906] ? __lock_acquire+0x8a0/0x4a00 [ 84.907912][ T9906] ? save_stack+0x5c/0x90 [ 84.912250][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.918628][ T9906] ? apparmor_capable+0x497/0x900 [ 84.923659][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.930336][ T9906] ? __kasan_check_read+0x11/0x20 [ 84.935372][ T9906] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 84.941069][ T9906] netlink_rcv_skb+0x177/0x450 [ 84.946313][ T9906] ? nfnetlink_bind+0x2c0/0x2c0 [ 84.951196][ T9906] ? netlink_ack+0xb50/0xb50 [ 84.955781][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.962016][ T9906] ? ns_capable_common+0x93/0x100 [ 84.967038][ T9906] ? ns_capable+0x20/0x30 [ 84.971362][ T9906] ? __netlink_ns_capable+0x104/0x140 [ 84.976748][ T9906] nfnetlink_rcv+0x1ba/0x460 [ 84.981427][ T9906] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 84.987033][ T9906] ? netlink_deliver_tap+0x24a/0xbe0 [ 84.992338][ T9906] ? __kasan_check_write+0x14/0x20 [ 84.997565][ T9906] netlink_unicast+0x58c/0x7d0 [ 85.002352][ T9906] ? netlink_attachskb+0x870/0x870 [ 85.007471][ T9906] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 85.013207][ T9906] ? __check_object_size+0x3d/0x437 [ 85.018520][ T9906] netlink_sendmsg+0x91c/0xea0 [ 85.023279][ T9906] ? netlink_unicast+0x7d0/0x7d0 [ 85.028224][ T9906] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 85.033804][ T9906] ? apparmor_socket_sendmsg+0x2a/0x30 [ 85.039363][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.045608][ T9906] ? security_socket_sendmsg+0x8d/0xc0 [ 85.051062][ T9906] ? netlink_unicast+0x7d0/0x7d0 [ 85.056193][ T9906] sock_sendmsg+0xd7/0x130 [ 85.060619][ T9906] ____sys_sendmsg+0x753/0x880 [ 85.065422][ T9906] ? kernel_sendmsg+0x50/0x50 [ 85.070106][ T9906] ? mark_held_locks+0xa4/0xf0 [ 85.074888][ T9906] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 85.080954][ T9906] ? __handle_mm_fault+0x3145/0x3cc0 [ 85.086446][ T9906] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 85.092532][ T9906] ___sys_sendmsg+0x100/0x170 [ 85.097206][ T9906] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 85.103631][ T9906] ? sendmsg_copy_msghdr+0x70/0x70 [ 85.108810][ T9906] ? __do_page_fault+0x56a/0xd80 [ 85.113822][ T9906] ? find_held_lock+0x35/0x130 [ 85.118709][ T9906] ? __do_page_fault+0x56a/0xd80 [ 85.123663][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.129915][ T9906] ? __fget_light+0x1a9/0x230 [ 85.134686][ T9906] ? __fdget+0x1b/0x20 [ 85.138884][ T9906] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 85.145133][ T9906] __sys_sendmsg+0x105/0x1d0 [ 85.149832][ T9906] ? __sys_sendmsg_sock+0xc0/0xc0 [ 85.156019][ T9906] ? down_read_non_owner+0x490/0x490 [ 85.161324][ T9906] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 85.166820][ T9906] ? do_syscall_64+0x26/0x790 [ 85.171531][ T9906] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.177603][ T9906] ? do_syscall_64+0x26/0x790 [ 85.182296][ T9906] __x64_sys_sendmsg+0x78/0xb0 [ 85.187057][ T9906] do_syscall_64+0xfa/0x790 [ 85.191563][ T9906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.197449][ T9906] RIP: 0033:0x441399 [ 85.201336][ T9906] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 85.221342][ T9906] RSP: 002b:00007ffe460e5648 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.229935][ T9906] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441399 [ 85.238098][ T9906] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 85.246138][ T9906] RBP: 0000000000014ae3 R08: 00000000004002c8 R09: 00000000004002c8 [ 85.254277][ T9906] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004021c0 [ 85.262247][ T9906] R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000 [ 85.270228][ T9906] [ 85.272550][ T9906] Allocated by task 9906: [ 85.276870][ T9906] save_stack+0x23/0x90 [ 85.281550][ T9906] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 85.287176][ T9906] kasan_kmalloc+0x9/0x10 [ 85.291508][ T9906] __kmalloc+0x163/0x770 [ 85.295762][ T9906] ip_set_alloc+0x38/0x5e [ 85.300093][ T9906] bitmap_port_create+0x3dc/0x7c0 [ 85.305110][ T9906] ip_set_create+0x6f1/0x1500 [ 85.309791][ T9906] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 85.314740][ T9906] netlink_rcv_skb+0x177/0x450 [ 85.319598][ T9906] nfnetlink_rcv+0x1ba/0x460 [ 85.324250][ T9906] netlink_unicast+0x58c/0x7d0 [ 85.329042][ T9906] netlink_sendmsg+0x91c/0xea0 [ 85.333902][ T9906] sock_sendmsg+0xd7/0x130 [ 85.338314][ T9906] ____sys_sendmsg+0x753/0x880 [ 85.343265][ T9906] ___sys_sendmsg+0x100/0x170 [ 85.347938][ T9906] __sys_sendmsg+0x105/0x1d0 [ 85.352565][ T9906] __x64_sys_sendmsg+0x78/0xb0 [ 85.357325][ T9906] do_syscall_64+0xfa/0x790 [ 85.361822][ T9906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.367702][ T9906] [ 85.370025][ T9906] Freed by task 9634: [ 85.374031][ T9906] save_stack+0x23/0x90 [ 85.378173][ T9906] __kasan_slab_free+0x102/0x150 [ 85.383103][ T9906] kasan_slab_free+0xe/0x10 [ 85.388029][ T9906] kfree+0x10a/0x2c0 [ 85.391919][ T9906] tomoyo_check_open_permission+0x19e/0x3e0 [ 85.397811][ T9906] tomoyo_file_open+0xa9/0xd0 [ 85.402580][ T9906] security_file_open+0x71/0x300 [ 85.407704][ T9906] do_dentry_open+0x37a/0x1380 [ 85.412754][ T9906] vfs_open+0xa0/0xd0 [ 85.416841][ T9906] path_openat+0x118b/0x3180 [ 85.421536][ T9906] do_filp_open+0x1a1/0x280 [ 85.426022][ T9906] do_sys_open+0x3fe/0x5d0 [ 85.430428][ T9906] __x64_sys_open+0x7e/0xc0 [ 85.435054][ T9906] do_syscall_64+0xfa/0x790 [ 85.439573][ T9906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.445450][ T9906] [ 85.447770][ T9906] The buggy address belongs to the object at ffff88809e590f40 [ 85.447770][ T9906] which belongs to the cache kmalloc-32 of size 32 [ 85.461676][ T9906] The buggy address is located 0 bytes inside of [ 85.461676][ T9906] 32-byte region [ffff88809e590f40, ffff88809e590f60) [ 85.475546][ T9906] The buggy address belongs to the page: [ 85.481398][ T9906] page:ffffea0002796400 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809e590fc1 [ 85.492138][ T9906] raw: 00fffe0000000200 ffffea00029458c8 ffffea00025bfa48 ffff8880aa4001c0 [ 85.500952][ T9906] raw: ffff88809e590fc1 ffff88809e590000 000000010000002d 0000000000000000 [ 85.509612][ T9906] page dumped because: kasan: bad access detected [ 85.516163][ T9906] [ 85.518513][ T9906] Memory state around the buggy address: [ 85.524195][ T9906] ffff88809e590e00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 85.532264][ T9906] ffff88809e590e80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 85.540581][ T9906] >ffff88809e590f00: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 85.548630][ T9906] ^ [ 85.554775][ T9906] ffff88809e590f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 85.562843][ T9906] ffff88809e591000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.570894][ T9906] ================================================================== [ 85.578948][ T9906] Disabling lock debugging due to kernel taint [ 85.585801][ T9906] Kernel panic - not syncing: panic_on_warn set ... [ 85.592397][ T9906] CPU: 1 PID: 9906 Comm: syz-executor244 Tainted: G B 5.5.0-rc7-syzkaller #0 [ 85.602445][ T9906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.613443][ T9906] Call Trace: [ 85.616825][ T9906] dump_stack+0x197/0x210 [ 85.621936][ T9906] panic+0x2e3/0x75c [ 85.625829][ T9906] ? add_taint.cold+0x16/0x16 [ 85.630695][ T9906] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 85.636936][ T9906] ? preempt_schedule+0x4b/0x60 [ 85.641891][ T9906] ? ___preempt_schedule+0x16/0x18 [ 85.647000][ T9906] ? trace_hardirqs_on+0x5e/0x240 [ 85.652078][ T9906] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 85.657628][ T9906] end_report+0x47/0x4f [ 85.661769][ T9906] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 85.667304][ T9906] __kasan_report.cold+0xe/0x41 [ 85.672149][ T9906] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 85.677689][ T9906] kasan_report+0x12/0x20 [ 85.682016][ T9906] check_memory_region+0x134/0x1a0 [ 85.687134][ T9906] __kasan_check_read+0x11/0x20 [ 85.692004][ T9906] bitmap_port_ext_cleanup+0xe6/0x2a0 [ 85.698326][ T9906] bitmap_port_destroy+0x180/0x1d0 [ 85.703557][ T9906] ip_set_create+0xe47/0x1500 [ 85.708219][ T9906] ? ip_set_destroy+0xb70/0xb70 [ 85.713071][ T9906] ? ip_set_destroy+0xb70/0xb70 [ 85.718003][ T9906] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 85.723210][ T9906] ? nfnetlink_bind+0x2c0/0x2c0 [ 85.728066][ T9906] ? __kasan_check_read+0x11/0x20 [ 85.733187][ T9906] ? __lock_acquire+0x8a0/0x4a00 [ 85.738128][ T9906] ? save_stack+0x5c/0x90 [ 85.742451][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.748683][ T9906] ? apparmor_capable+0x497/0x900 [ 85.753717][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.760214][ T9906] ? __kasan_check_read+0x11/0x20 [ 85.765225][ T9906] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 85.770847][ T9906] netlink_rcv_skb+0x177/0x450 [ 85.775596][ T9906] ? nfnetlink_bind+0x2c0/0x2c0 [ 85.780445][ T9906] ? netlink_ack+0xb50/0xb50 [ 85.785044][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.791534][ T9906] ? ns_capable_common+0x93/0x100 [ 85.796552][ T9906] ? ns_capable+0x20/0x30 [ 85.800880][ T9906] ? __netlink_ns_capable+0x104/0x140 [ 85.806243][ T9906] nfnetlink_rcv+0x1ba/0x460 [ 85.810834][ T9906] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 85.816286][ T9906] ? netlink_deliver_tap+0x24a/0xbe0 [ 85.821561][ T9906] ? __kasan_check_write+0x14/0x20 [ 85.826666][ T9906] netlink_unicast+0x58c/0x7d0 [ 85.831432][ T9906] ? netlink_attachskb+0x870/0x870 [ 85.836645][ T9906] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 85.842543][ T9906] ? __check_object_size+0x3d/0x437 [ 85.847881][ T9906] netlink_sendmsg+0x91c/0xea0 [ 85.852636][ T9906] ? netlink_unicast+0x7d0/0x7d0 [ 85.857590][ T9906] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 85.863138][ T9906] ? apparmor_socket_sendmsg+0x2a/0x30 [ 85.868627][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.874887][ T9906] ? security_socket_sendmsg+0x8d/0xc0 [ 85.880354][ T9906] ? netlink_unicast+0x7d0/0x7d0 [ 85.885275][ T9906] sock_sendmsg+0xd7/0x130 [ 85.889680][ T9906] ____sys_sendmsg+0x753/0x880 [ 85.894509][ T9906] ? kernel_sendmsg+0x50/0x50 [ 85.899184][ T9906] ? mark_held_locks+0xa4/0xf0 [ 85.903949][ T9906] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 85.910125][ T9906] ? __handle_mm_fault+0x3145/0x3cc0 [ 85.915402][ T9906] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 85.921460][ T9906] ___sys_sendmsg+0x100/0x170 [ 85.926132][ T9906] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 85.932104][ T9906] ? sendmsg_copy_msghdr+0x70/0x70 [ 85.937335][ T9906] ? __do_page_fault+0x56a/0xd80 [ 85.942305][ T9906] ? find_held_lock+0x35/0x130 [ 85.947403][ T9906] ? __do_page_fault+0x56a/0xd80 [ 85.952334][ T9906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.958582][ T9906] ? __fget_light+0x1a9/0x230 [ 85.963312][ T9906] ? __fdget+0x1b/0x20 [ 85.969024][ T9906] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 85.975281][ T9906] __sys_sendmsg+0x105/0x1d0 [ 85.979860][ T9906] ? __sys_sendmsg_sock+0xc0/0xc0 [ 85.984889][ T9906] ? down_read_non_owner+0x490/0x490 [ 85.990177][ T9906] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 85.995691][ T9906] ? do_syscall_64+0x26/0x790 [ 86.000487][ T9906] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.006539][ T9906] ? do_syscall_64+0x26/0x790 [ 86.011350][ T9906] __x64_sys_sendmsg+0x78/0xb0 [ 86.016097][ T9906] do_syscall_64+0xfa/0x790 [ 86.020696][ T9906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.026681][ T9906] RIP: 0033:0x441399 [ 86.030560][ T9906] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 86.050364][ T9906] RSP: 002b:00007ffe460e5648 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 86.058782][ T9906] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441399 [ 86.066826][ T9906] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 86.074989][ T9906] RBP: 0000000000014ae3 R08: 00000000004002c8 R09: 00000000004002c8 [ 86.082951][ T9906] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004021c0 [ 86.091066][ T9906] R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000 [ 86.100632][ T9906] Kernel Offset: disabled [ 86.104989][ T9906] Rebooting in 86400 seconds..