[ 72.598368][ T28] audit: type=1800 audit(1579346749.709:26): pid=9778 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 73.500265][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 73.500278][ T28] audit: type=1800 audit(1579346750.629:29): pid=9778 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 73.526941][ T28] audit: type=1800 audit(1579346750.639:30): pid=9778 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.198' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 84.484958][ T9930] ================================================================== [ 84.493417][ T9930] BUG: KASAN: slab-out-of-bounds in bitmap_port_list+0x3cf/0xdb0 [ 84.501113][ T9930] Read of size 8 at addr ffff8880a3fea880 by task syz-executor711/9930 [ 84.509375][ T9930] [ 84.511704][ T9930] CPU: 1 PID: 9930 Comm: syz-executor711 Not tainted 5.5.0-rc6-syzkaller #0 [ 84.520365][ T9930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.530418][ T9930] Call Trace: [ 84.533798][ T9930] dump_stack+0x197/0x210 [ 84.538143][ T9930] ? bitmap_port_list+0x3cf/0xdb0 [ 84.543161][ T9930] print_address_description.constprop.0.cold+0xd4/0x30b [ 84.550181][ T9930] ? bitmap_port_list+0x3cf/0xdb0 [ 84.555242][ T9930] ? bitmap_port_list+0x3cf/0xdb0 [ 84.560296][ T9930] __kasan_report.cold+0x1b/0x41 [ 84.565599][ T9930] ? bitmap_port_list+0x3cf/0xdb0 [ 84.570642][ T9930] kasan_report+0x12/0x20 [ 84.574973][ T9930] check_memory_region+0x134/0x1a0 [ 84.580113][ T9930] __kasan_check_read+0x11/0x20 [ 84.584979][ T9930] bitmap_port_list+0x3cf/0xdb0 [ 84.589843][ T9930] ? bitmap_port_head+0x296/0x600 [ 84.594878][ T9930] ? bitmap_port_del+0x380/0x380 [ 84.599920][ T9930] ? nla_put+0x110/0x150 [ 84.604162][ T9930] ip_set_dump_start+0x96c/0x1ca0 [ 84.609180][ T9930] ? ip_set_rename+0x720/0x720 [ 84.613944][ T9930] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 84.619642][ T9930] ? perf_trace_lock_acquire+0x4c0/0x530 [ 84.625320][ T9930] ? __kasan_check_write+0x14/0x20 [ 84.630432][ T9930] netlink_dump+0x558/0xfb0 [ 84.634927][ T9930] ? __netlink_sendskb+0xc0/0xc0 [ 84.639865][ T9930] __netlink_dump_start+0x66a/0x930 [ 84.645060][ T9930] ip_set_dump+0x15a/0x1d0 [ 84.649557][ T9930] ? call_ad+0x5a0/0x5a0 [ 84.653798][ T9930] ? ip_set_rename+0x720/0x720 [ 84.658558][ T9930] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 84.664375][ T9930] ? call_ad+0x5a0/0x5a0 [ 84.668796][ T9930] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 84.673742][ T9930] ? nfnetlink_bind+0x2c0/0x2c0 [ 84.678603][ T9930] ? __kasan_check_read+0x11/0x20 [ 84.683624][ T9930] ? __lock_acquire+0x8a0/0x4a00 [ 84.688608][ T9930] ? save_stack+0x5c/0x90 [ 84.692948][ T9930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.699187][ T9930] ? apparmor_capable+0x497/0x900 [ 84.704211][ T9930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.710459][ T9930] ? __kasan_check_read+0x11/0x20 [ 84.715487][ T9930] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 84.720950][ T9930] netlink_rcv_skb+0x177/0x450 [ 84.725721][ T9930] ? nfnetlink_bind+0x2c0/0x2c0 [ 84.730564][ T9930] ? netlink_ack+0xb50/0xb50 [ 84.735158][ T9930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.741406][ T9930] ? ns_capable_common+0x93/0x100 [ 84.746443][ T9930] ? ns_capable+0x20/0x30 [ 84.750757][ T9930] ? __netlink_ns_capable+0x104/0x140 [ 84.756117][ T9930] nfnetlink_rcv+0x1ba/0x460 [ 84.760754][ T9930] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 84.766210][ T9930] ? netlink_deliver_tap+0x24a/0xbe0 [ 84.771551][ T9930] ? __kasan_check_write+0x14/0x20 [ 84.776669][ T9930] netlink_unicast+0x58c/0x7d0 [ 84.781501][ T9930] ? netlink_attachskb+0x870/0x870 [ 84.786742][ T9930] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 84.792640][ T9930] ? __check_object_size+0x3d/0x437 [ 84.797853][ T9930] netlink_sendmsg+0x91c/0xea0 [ 84.802628][ T9930] ? netlink_unicast+0x7d0/0x7d0 [ 84.807555][ T9930] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 84.813102][ T9930] ? apparmor_socket_sendmsg+0x2a/0x30 [ 84.818549][ T9930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.824824][ T9930] ? security_socket_sendmsg+0x8d/0xc0 [ 84.830291][ T9930] ? netlink_unicast+0x7d0/0x7d0 [ 84.835258][ T9930] sock_sendmsg+0xd7/0x130 [ 84.839679][ T9930] ____sys_sendmsg+0x753/0x880 [ 84.844448][ T9930] ? kernel_sendmsg+0x50/0x50 [ 84.849113][ T9930] ? lockdep_init_map+0x1be/0x6d0 [ 84.854157][ T9930] ___sys_sendmsg+0x100/0x170 [ 84.858845][ T9930] ? sendmsg_copy_msghdr+0x70/0x70 [ 84.863953][ T9930] ? __kasan_check_read+0x11/0x20 [ 84.868975][ T9930] ? __lock_acquire+0x8a0/0x4a00 [ 84.874022][ T9930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.880274][ T9930] ? __this_cpu_preempt_check+0x35/0x190 [ 84.885910][ T9930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.892262][ T9930] ? percpu_counter_add_batch+0x13c/0x190 [ 84.897972][ T9930] ? __fd_install+0x1bc/0x640 [ 84.902735][ T9930] ? find_held_lock+0x35/0x130 [ 84.907672][ T9930] ? __fd_install+0x1bc/0x640 [ 84.912403][ T9930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.918785][ T9930] ? __fget_light+0x1a9/0x230 [ 84.923559][ T9930] ? __fdget+0x1b/0x20 [ 84.927627][ T9930] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 84.933869][ T9930] __sys_sendmsg+0x105/0x1d0 [ 84.938558][ T9930] ? __sys_sendmsg_sock+0xc0/0xc0 [ 84.943591][ T9930] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 84.949232][ T9930] ? do_syscall_64+0x26/0x790 [ 84.953965][ T9930] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 84.960036][ T9930] ? do_syscall_64+0x26/0x790 [ 84.964715][ T9930] __x64_sys_sendmsg+0x78/0xb0 [ 84.969486][ T9930] do_syscall_64+0xfa/0x790 [ 84.974006][ T9930] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 84.979894][ T9930] RIP: 0033:0x4404e9 [ 84.983842][ T9930] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 85.003701][ T9930] RSP: 002b:00007ffc2b17efe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.012117][ T9930] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404e9 [ 85.020091][ T9930] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 85.028098][ T9930] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 85.036072][ T9930] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d70 [ 85.044214][ T9930] R13: 0000000000401e00 R14: 0000000000000000 R15: 0000000000000000 [ 85.053432][ T9930] [ 85.055774][ T9930] Allocated by task 9930: [ 85.060111][ T9930] save_stack+0x23/0x90 [ 85.064386][ T9930] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 85.070084][ T9930] kasan_kmalloc+0x9/0x10 [ 85.074419][ T9930] __kmalloc+0x163/0x770 [ 85.078648][ T9930] ip_set_alloc+0x38/0x5e [ 85.082971][ T9930] bitmap_port_create+0x3dc/0x7c0 [ 85.087980][ T9930] ip_set_create+0x6f1/0x1500 [ 85.092673][ T9930] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 85.097592][ T9930] netlink_rcv_skb+0x177/0x450 [ 85.102351][ T9930] nfnetlink_rcv+0x1ba/0x460 [ 85.106942][ T9930] netlink_unicast+0x58c/0x7d0 [ 85.111702][ T9930] netlink_sendmsg+0x91c/0xea0 [ 85.116473][ T9930] sock_sendmsg+0xd7/0x130 [ 85.120873][ T9930] ____sys_sendmsg+0x753/0x880 [ 85.125633][ T9930] ___sys_sendmsg+0x100/0x170 [ 85.130476][ T9930] __sys_sendmsg+0x105/0x1d0 [ 85.135075][ T9930] __x64_sys_sendmsg+0x78/0xb0 [ 85.139858][ T9930] do_syscall_64+0xfa/0x790 [ 85.144356][ T9930] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.150243][ T9930] [ 85.152621][ T9930] Freed by task 9674: [ 85.156609][ T9930] save_stack+0x23/0x90 [ 85.160768][ T9930] __kasan_slab_free+0x102/0x150 [ 85.165698][ T9930] kasan_slab_free+0xe/0x10 [ 85.170354][ T9930] kfree+0x10a/0x2c0 [ 85.174425][ T9930] tomoyo_check_open_permission+0x19e/0x3e0 [ 85.180323][ T9930] tomoyo_file_open+0xa9/0xd0 [ 85.185118][ T9930] security_file_open+0x71/0x300 [ 85.190043][ T9930] do_dentry_open+0x37a/0x1380 [ 85.194819][ T9930] vfs_open+0xa0/0xd0 [ 85.198902][ T9930] path_openat+0x118b/0x3180 [ 85.203480][ T9930] do_filp_open+0x1a1/0x280 [ 85.208031][ T9930] do_sys_open+0x3fe/0x5d0 [ 85.212698][ T9930] __x64_sys_open+0x7e/0xc0 [ 85.217187][ T9930] do_syscall_64+0xfa/0x790 [ 85.221681][ T9930] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.227578][ T9930] [ 85.229911][ T9930] The buggy address belongs to the object at ffff8880a3fea880 [ 85.229911][ T9930] which belongs to the cache kmalloc-32 of size 32 [ 85.244065][ T9930] The buggy address is located 0 bytes inside of [ 85.244065][ T9930] 32-byte region [ffff8880a3fea880, ffff8880a3fea8a0) [ 85.257442][ T9930] The buggy address belongs to the page: [ 85.263160][ T9930] page:ffffea00028ffa80 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a3feafc1 [ 85.273657][ T9930] raw: 00fffe0000000200 ffffea0002781f48 ffffea00029bdd88 ffff8880aa4001c0 [ 85.282359][ T9930] raw: ffff8880a3feafc1 ffff8880a3fea000 0000000100000036 0000000000000000 [ 85.291046][ T9930] page dumped because: kasan: bad access detected [ 85.297454][ T9930] [ 85.300287][ T9930] Memory state around the buggy address: [ 85.305917][ T9930] ffff8880a3fea780: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc [ 85.314269][ T9930] ffff8880a3fea800: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 85.322329][ T9930] >ffff8880a3fea880: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 85.330559][ T9930] ^ [ 85.334618][ T9930] ffff8880a3fea900: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 85.343204][ T9930] ffff8880a3fea980: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 85.351272][ T9930] ================================================================== [ 85.360553][ T9930] Disabling lock debugging due to kernel taint [ 85.367647][ T9930] Kernel panic - not syncing: panic_on_warn set ... [ 85.374253][ T9930] CPU: 0 PID: 9930 Comm: syz-executor711 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 85.384391][ T9930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.394524][ T9930] Call Trace: [ 85.397838][ T9930] dump_stack+0x197/0x210 [ 85.402172][ T9930] panic+0x2e3/0x75c [ 85.406377][ T9930] ? add_taint.cold+0x16/0x16 [ 85.411188][ T9930] ? bitmap_port_list+0x3cf/0xdb0 [ 85.416210][ T9930] ? preempt_schedule+0x4b/0x60 [ 85.421054][ T9930] ? ___preempt_schedule+0x16/0x18 [ 85.426190][ T9930] ? trace_hardirqs_on+0x5e/0x240 [ 85.431227][ T9930] ? bitmap_port_list+0x3cf/0xdb0 [ 85.436344][ T9930] end_report+0x47/0x4f [ 85.440614][ T9930] ? bitmap_port_list+0x3cf/0xdb0 [ 85.445637][ T9930] __kasan_report.cold+0xe/0x41 [ 85.450497][ T9930] ? bitmap_port_list+0x3cf/0xdb0 [ 85.455517][ T9930] kasan_report+0x12/0x20 [ 85.460581][ T9930] check_memory_region+0x134/0x1a0 [ 85.465880][ T9930] __kasan_check_read+0x11/0x20 [ 85.470829][ T9930] bitmap_port_list+0x3cf/0xdb0 [ 85.475692][ T9930] ? bitmap_port_head+0x296/0x600 [ 85.480701][ T9930] ? bitmap_port_del+0x380/0x380 [ 85.485693][ T9930] ? nla_put+0x110/0x150 [ 85.490105][ T9930] ip_set_dump_start+0x96c/0x1ca0 [ 85.495139][ T9930] ? ip_set_rename+0x720/0x720 [ 85.500064][ T9930] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 85.505617][ T9930] ? perf_trace_lock_acquire+0x4c0/0x530 [ 85.511270][ T9930] ? __kasan_check_write+0x14/0x20 [ 85.516389][ T9930] netlink_dump+0x558/0xfb0 [ 85.520890][ T9930] ? __netlink_sendskb+0xc0/0xc0 [ 85.525960][ T9930] __netlink_dump_start+0x66a/0x930 [ 85.531157][ T9930] ip_set_dump+0x15a/0x1d0 [ 85.535559][ T9930] ? call_ad+0x5a0/0x5a0 [ 85.539970][ T9930] ? ip_set_rename+0x720/0x720 [ 85.544864][ T9930] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 85.550660][ T9930] ? call_ad+0x5a0/0x5a0 [ 85.554903][ T9930] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 85.559851][ T9930] ? nfnetlink_bind+0x2c0/0x2c0 [ 85.564702][ T9930] ? __kasan_check_read+0x11/0x20 [ 85.569709][ T9930] ? __lock_acquire+0x8a0/0x4a00 [ 85.574653][ T9930] ? save_stack+0x5c/0x90 [ 85.579175][ T9930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.585423][ T9930] ? apparmor_capable+0x497/0x900 [ 85.590444][ T9930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.596684][ T9930] ? __kasan_check_read+0x11/0x20 [ 85.601812][ T9930] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 85.607274][ T9930] netlink_rcv_skb+0x177/0x450 [ 85.612021][ T9930] ? nfnetlink_bind+0x2c0/0x2c0 [ 85.616893][ T9930] ? netlink_ack+0xb50/0xb50 [ 85.621486][ T9930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.627718][ T9930] ? ns_capable_common+0x93/0x100 [ 85.632735][ T9930] ? ns_capable+0x20/0x30 [ 85.637062][ T9930] ? __netlink_ns_capable+0x104/0x140 [ 85.642424][ T9930] nfnetlink_rcv+0x1ba/0x460 [ 85.647014][ T9930] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 85.652501][ T9930] ? netlink_deliver_tap+0x24a/0xbe0 [ 85.657786][ T9930] ? __kasan_check_write+0x14/0x20 [ 85.662915][ T9930] netlink_unicast+0x58c/0x7d0 [ 85.667671][ T9930] ? netlink_attachskb+0x870/0x870 [ 85.672972][ T9930] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 85.678849][ T9930] ? __check_object_size+0x3d/0x437 [ 85.684052][ T9930] netlink_sendmsg+0x91c/0xea0 [ 85.688807][ T9930] ? netlink_unicast+0x7d0/0x7d0 [ 85.693744][ T9930] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 85.699286][ T9930] ? apparmor_socket_sendmsg+0x2a/0x30 [ 85.704763][ T9930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.711169][ T9930] ? security_socket_sendmsg+0x8d/0xc0 [ 85.716630][ T9930] ? netlink_unicast+0x7d0/0x7d0 [ 85.721608][ T9930] sock_sendmsg+0xd7/0x130 [ 85.726133][ T9930] ____sys_sendmsg+0x753/0x880 [ 85.730893][ T9930] ? kernel_sendmsg+0x50/0x50 [ 85.735695][ T9930] ? lockdep_init_map+0x1be/0x6d0 [ 85.740862][ T9930] ___sys_sendmsg+0x100/0x170 [ 85.745805][ T9930] ? sendmsg_copy_msghdr+0x70/0x70 [ 85.750915][ T9930] ? __kasan_check_read+0x11/0x20 [ 85.755930][ T9930] ? __lock_acquire+0x8a0/0x4a00 [ 85.760887][ T9930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.768013][ T9930] ? __this_cpu_preempt_check+0x35/0x190 [ 85.773687][ T9930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.779946][ T9930] ? percpu_counter_add_batch+0x13c/0x190 [ 85.785682][ T9930] ? __fd_install+0x1bc/0x640 [ 85.790355][ T9930] ? find_held_lock+0x35/0x130 [ 85.795256][ T9930] ? __fd_install+0x1bc/0x640 [ 85.799921][ T9930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.806155][ T9930] ? __fget_light+0x1a9/0x230 [ 85.812830][ T9930] ? __fdget+0x1b/0x20 [ 85.816883][ T9930] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 85.823117][ T9930] __sys_sendmsg+0x105/0x1d0 [ 85.827688][ T9930] ? __sys_sendmsg_sock+0xc0/0xc0 [ 85.832995][ T9930] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 85.838464][ T9930] ? do_syscall_64+0x26/0x790 [ 85.843290][ T9930] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.849355][ T9930] ? do_syscall_64+0x26/0x790 [ 85.854033][ T9930] __x64_sys_sendmsg+0x78/0xb0 [ 85.858914][ T9930] do_syscall_64+0xfa/0x790 [ 85.863415][ T9930] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.869317][ T9930] RIP: 0033:0x4404e9 [ 85.873198][ T9930] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 85.894016][ T9930] RSP: 002b:00007ffc2b17efe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.902415][ T9930] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404e9 [ 85.910395][ T9930] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 85.918410][ T9930] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 85.926474][ T9930] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d70 [ 85.934437][ T9930] R13: 0000000000401e00 R14: 0000000000000000 R15: 0000000000000000 [ 85.944148][ T9930] Kernel Offset: disabled [ 85.948476][ T9930] Rebooting in 86400 seconds..