[ 88.421723][ T28] audit: type=1800 audit(1579441531.224:26): pid=9480 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 89.431606][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 89.431617][ T28] audit: type=1800 audit(1579441532.254:29): pid=9480 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 89.475596][ T28] audit: type=1800 audit(1579441532.254:30): pid=9480 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 96.771359][ T9632] ================================================================== [ 96.783089][ T9632] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080 [ 96.790974][ T9632] Read of size 8 at addr ffff8880a978c1c0 by task syz-executor653/9632 [ 96.799276][ T9632] [ 96.801592][ T9632] CPU: 0 PID: 9632 Comm: syz-executor653 Not tainted 5.5.0-rc6-syzkaller #0 [ 96.810246][ T9632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 96.820307][ T9632] Call Trace: [ 96.823585][ T9632] dump_stack+0x197/0x210 [ 96.827913][ T9632] ? bitmap_ipmac_list+0x635/0x1080 [ 96.833109][ T9632] print_address_description.constprop.0.cold+0xd4/0x30b [ 96.840112][ T9632] ? bitmap_ipmac_list+0x635/0x1080 [ 96.845290][ T9632] ? bitmap_ipmac_list+0x635/0x1080 [ 96.850469][ T9632] __kasan_report.cold+0x1b/0x41 [ 96.855396][ T9632] ? bitmap_ipmac_list+0x635/0x1080 [ 96.860575][ T9632] kasan_report+0x12/0x20 [ 96.864979][ T9632] check_memory_region+0x134/0x1a0 [ 96.870078][ T9632] __kasan_check_read+0x11/0x20 [ 96.874909][ T9632] bitmap_ipmac_list+0x635/0x1080 [ 96.879924][ T9632] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 96.885032][ T9632] ? nla_put+0x110/0x150 [ 96.889708][ T9632] ip_set_dump_start+0x96c/0x1ca0 [ 96.894794][ T9632] ? ip_set_rename+0x720/0x720 [ 96.899911][ T9632] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 96.905444][ T9632] ? perf_trace_lock_acquire+0x4a0/0x530 [ 96.911076][ T9632] ? __kasan_check_write+0x14/0x20 [ 96.916198][ T9632] netlink_dump+0x558/0xfb0 [ 96.920832][ T9632] ? __netlink_sendskb+0xc0/0xc0 [ 96.925776][ T9632] __netlink_dump_start+0x66a/0x930 [ 96.930982][ T9632] ip_set_dump+0x15a/0x1d0 [ 96.935388][ T9632] ? call_ad+0x5a0/0x5a0 [ 96.939678][ T9632] ? ip_set_rename+0x720/0x720 [ 96.944954][ T9632] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 96.950943][ T9632] ? call_ad+0x5a0/0x5a0 [ 96.955181][ T9632] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 96.960176][ T9632] ? nfnetlink_bind+0x2c0/0x2c0 [ 96.965014][ T9632] ? __kasan_check_read+0x11/0x20 [ 96.970022][ T9632] ? __lock_acquire+0x8a0/0x4a00 [ 96.975031][ T9632] ? save_stack+0x5c/0x90 [ 96.979347][ T9632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.985576][ T9632] ? apparmor_capable+0x497/0x900 [ 96.990718][ T9632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.996962][ T9632] ? __kasan_check_read+0x11/0x20 [ 97.001987][ T9632] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 97.007446][ T9632] netlink_rcv_skb+0x177/0x450 [ 97.012195][ T9632] ? nfnetlink_bind+0x2c0/0x2c0 [ 97.017030][ T9632] ? netlink_ack+0xb50/0xb50 [ 97.021622][ T9632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.027842][ T9632] ? ns_capable_common+0x93/0x100 [ 97.032852][ T9632] ? ns_capable+0x20/0x30 [ 97.037178][ T9632] ? __netlink_ns_capable+0x104/0x140 [ 97.042533][ T9632] nfnetlink_rcv+0x1ba/0x460 [ 97.047107][ T9632] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 97.052543][ T9632] ? netlink_deliver_tap+0x24a/0xbe0 [ 97.057814][ T9632] ? __kasan_check_write+0x14/0x20 [ 97.062911][ T9632] netlink_unicast+0x58c/0x7d0 [ 97.067659][ T9632] ? netlink_attachskb+0x870/0x870 [ 97.072755][ T9632] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 97.079002][ T9632] ? __check_object_size+0x3d/0x437 [ 97.084187][ T9632] netlink_sendmsg+0x91c/0xea0 [ 97.088941][ T9632] ? netlink_unicast+0x7d0/0x7d0 [ 97.093947][ T9632] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 97.099477][ T9632] ? apparmor_socket_sendmsg+0x2a/0x30 [ 97.104920][ T9632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.113666][ T9632] ? security_socket_sendmsg+0x8d/0xc0 [ 97.120063][ T9632] ? netlink_unicast+0x7d0/0x7d0 [ 97.124993][ T9632] sock_sendmsg+0xd7/0x130 [ 97.129397][ T9632] ____sys_sendmsg+0x753/0x880 [ 97.134141][ T9632] ? kernel_sendmsg+0x50/0x50 [ 97.138799][ T9632] ? lockdep_init_map+0x1be/0x6d0 [ 97.143809][ T9632] ___sys_sendmsg+0x100/0x170 [ 97.148526][ T9632] ? sendmsg_copy_msghdr+0x70/0x70 [ 97.153636][ T9632] ? __kasan_check_read+0x11/0x20 [ 97.158651][ T9632] ? __lock_acquire+0x8a0/0x4a00 [ 97.163576][ T9632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.169799][ T9632] ? __this_cpu_preempt_check+0x35/0x190 [ 97.175501][ T9632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.181749][ T9632] ? percpu_counter_add_batch+0x13c/0x190 [ 97.187452][ T9632] ? __fd_install+0x1bc/0x640 [ 97.192120][ T9632] ? find_held_lock+0x35/0x130 [ 97.196885][ T9632] ? __fd_install+0x1bc/0x640 [ 97.201549][ T9632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.207773][ T9632] ? __fget_light+0x1a9/0x230 [ 97.212430][ T9632] ? __fdget+0x1b/0x20 [ 97.216485][ T9632] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 97.222710][ T9632] __sys_sendmsg+0x105/0x1d0 [ 97.227305][ T9632] ? __sys_sendmsg_sock+0xc0/0xc0 [ 97.232317][ T9632] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 97.237761][ T9632] ? do_syscall_64+0x26/0x790 [ 97.242437][ T9632] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.248503][ T9632] ? do_syscall_64+0x26/0x790 [ 97.253187][ T9632] __x64_sys_sendmsg+0x78/0xb0 [ 97.257954][ T9632] do_syscall_64+0xfa/0x790 [ 97.262440][ T9632] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.268314][ T9632] RIP: 0033:0x4402c9 [ 97.272187][ T9632] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 97.291771][ T9632] RSP: 002b:00007ffdc66f7d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 97.300234][ T9632] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9 [ 97.308202][ T9632] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 97.316280][ T9632] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 97.324256][ T9632] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401b50 [ 97.332325][ T9632] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 97.340336][ T9632] [ 97.342664][ T9632] Allocated by task 9632: [ 97.346980][ T9632] save_stack+0x23/0x90 [ 97.351116][ T9632] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 97.356741][ T9632] kasan_kmalloc+0x9/0x10 [ 97.361665][ T9632] __kmalloc+0x163/0x770 [ 97.365902][ T9632] ip_set_alloc+0x38/0x5e [ 97.370214][ T9632] bitmap_ipmac_create+0x4e8/0xa00 [ 97.375302][ T9632] ip_set_create+0x6f1/0x1500 [ 97.379975][ T9632] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 97.384890][ T9632] netlink_rcv_skb+0x177/0x450 [ 97.389666][ T9632] nfnetlink_rcv+0x1ba/0x460 [ 97.394232][ T9632] netlink_unicast+0x58c/0x7d0 [ 97.398994][ T9632] netlink_sendmsg+0x91c/0xea0 [ 97.403755][ T9632] sock_sendmsg+0xd7/0x130 [ 97.408166][ T9632] ____sys_sendmsg+0x753/0x880 [ 97.412911][ T9632] ___sys_sendmsg+0x100/0x170 [ 97.417569][ T9632] __sys_sendmsg+0x105/0x1d0 [ 97.422139][ T9632] __x64_sys_sendmsg+0x78/0xb0 [ 97.427260][ T9632] do_syscall_64+0xfa/0x790 [ 97.431759][ T9632] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.437771][ T9632] [ 97.440081][ T9632] Freed by task 9360: [ 97.444175][ T9632] save_stack+0x23/0x90 [ 97.448322][ T9632] __kasan_slab_free+0x102/0x150 [ 97.456074][ T9632] kasan_slab_free+0xe/0x10 [ 97.460578][ T9632] kfree+0x10a/0x2c0 [ 97.464470][ T9632] tomoyo_check_open_permission+0x19e/0x3e0 [ 97.470398][ T9632] tomoyo_file_open+0xa9/0xd0 [ 97.475087][ T9632] security_file_open+0x71/0x300 [ 97.480028][ T9632] do_dentry_open+0x37a/0x1380 [ 97.484787][ T9632] vfs_open+0xa0/0xd0 [ 97.488766][ T9632] path_openat+0x118b/0x3180 [ 97.493621][ T9632] do_filp_open+0x1a1/0x280 [ 97.498382][ T9632] do_sys_open+0x3fe/0x5d0 [ 97.502790][ T9632] __x64_sys_open+0x7e/0xc0 [ 97.507308][ T9632] do_syscall_64+0xfa/0x790 [ 97.511812][ T9632] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.518425][ T9632] [ 97.520751][ T9632] The buggy address belongs to the object at ffff8880a978c1c0 [ 97.520751][ T9632] which belongs to the cache kmalloc-32 of size 32 [ 97.534685][ T9632] The buggy address is located 0 bytes inside of [ 97.534685][ T9632] 32-byte region [ffff8880a978c1c0, ffff8880a978c1e0) [ 97.547692][ T9632] The buggy address belongs to the page: [ 97.553331][ T9632] page:ffffea0002a5e300 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a978cfc1 [ 97.563736][ T9632] raw: 00fffe0000000200 ffffea0002749008 ffffea00027ab4c8 ffff8880aa4001c0 [ 97.572319][ T9632] raw: ffff8880a978cfc1 ffff8880a978c000 0000000100000035 0000000000000000 [ 97.581014][ T9632] page dumped because: kasan: bad access detected [ 97.587520][ T9632] [ 97.589830][ T9632] Memory state around the buggy address: [ 97.595564][ T9632] ffff8880a978c080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 97.603690][ T9632] ffff8880a978c100: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 97.612130][ T9632] >ffff8880a978c180: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 97.620187][ T9632] ^ [ 97.626805][ T9632] ffff8880a978c200: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc [ 97.634953][ T9632] ffff8880a978c280: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc [ 97.643003][ T9632] ================================================================== [ 97.651133][ T9632] Disabling lock debugging due to kernel taint [ 97.657967][ T9632] Kernel panic - not syncing: panic_on_warn set ... [ 97.664685][ T9632] CPU: 0 PID: 9632 Comm: syz-executor653 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 97.675152][ T9632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.685554][ T9632] Call Trace: [ 97.688858][ T9632] dump_stack+0x197/0x210 [ 97.693166][ T9632] panic+0x2e3/0x75c [ 97.697039][ T9632] ? add_taint.cold+0x16/0x16 [ 97.701892][ T9632] ? bitmap_ipmac_list+0x635/0x1080 [ 97.707088][ T9632] ? preempt_schedule+0x4b/0x60 [ 97.711926][ T9632] ? ___preempt_schedule+0x16/0x18 [ 97.717074][ T9632] ? trace_hardirqs_on+0x5e/0x240 [ 97.722118][ T9632] ? bitmap_ipmac_list+0x635/0x1080 [ 97.727317][ T9632] end_report+0x47/0x4f [ 97.731471][ T9632] ? bitmap_ipmac_list+0x635/0x1080 [ 97.736662][ T9632] __kasan_report.cold+0xe/0x41 [ 97.741508][ T9632] ? bitmap_ipmac_list+0x635/0x1080 [ 97.746698][ T9632] kasan_report+0x12/0x20 [ 97.751026][ T9632] check_memory_region+0x134/0x1a0 [ 97.756134][ T9632] __kasan_check_read+0x11/0x20 [ 97.761020][ T9632] bitmap_ipmac_list+0x635/0x1080 [ 97.766033][ T9632] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 97.771139][ T9632] ? nla_put+0x110/0x150 [ 97.775383][ T9632] ip_set_dump_start+0x96c/0x1ca0 [ 97.780413][ T9632] ? ip_set_rename+0x720/0x720 [ 97.785175][ T9632] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 97.790710][ T9632] ? perf_trace_lock_acquire+0x4a0/0x530 [ 97.796322][ T9632] ? __kasan_check_write+0x14/0x20 [ 97.801423][ T9632] netlink_dump+0x558/0xfb0 [ 97.805901][ T9632] ? __netlink_sendskb+0xc0/0xc0 [ 97.810817][ T9632] __netlink_dump_start+0x66a/0x930 [ 97.816009][ T9632] ip_set_dump+0x15a/0x1d0 [ 97.820405][ T9632] ? call_ad+0x5a0/0x5a0 [ 97.824621][ T9632] ? ip_set_rename+0x720/0x720 [ 97.829364][ T9632] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 97.835146][ T9632] ? call_ad+0x5a0/0x5a0 [ 97.839486][ T9632] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 97.844411][ T9632] ? nfnetlink_bind+0x2c0/0x2c0 [ 97.849257][ T9632] ? __kasan_check_read+0x11/0x20 [ 97.854355][ T9632] ? __lock_acquire+0x8a0/0x4a00 [ 97.859270][ T9632] ? save_stack+0x5c/0x90 [ 97.863576][ T9632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.869793][ T9632] ? apparmor_capable+0x497/0x900 [ 97.874792][ T9632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.881020][ T9632] ? __kasan_check_read+0x11/0x20 [ 97.886020][ T9632] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 97.891468][ T9632] netlink_rcv_skb+0x177/0x450 [ 97.896232][ T9632] ? nfnetlink_bind+0x2c0/0x2c0 [ 97.901069][ T9632] ? netlink_ack+0xb50/0xb50 [ 97.905647][ T9632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.911878][ T9632] ? ns_capable_common+0x93/0x100 [ 97.916889][ T9632] ? ns_capable+0x20/0x30 [ 97.921206][ T9632] ? __netlink_ns_capable+0x104/0x140 [ 97.926561][ T9632] nfnetlink_rcv+0x1ba/0x460 [ 97.931154][ T9632] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 97.936587][ T9632] ? netlink_deliver_tap+0x24a/0xbe0 [ 97.941856][ T9632] ? __kasan_check_write+0x14/0x20 [ 97.946944][ T9632] netlink_unicast+0x58c/0x7d0 [ 97.951700][ T9632] ? netlink_attachskb+0x870/0x870 [ 97.956800][ T9632] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 97.962516][ T9632] ? __check_object_size+0x3d/0x437 [ 97.967710][ T9632] netlink_sendmsg+0x91c/0xea0 [ 97.972472][ T9632] ? netlink_unicast+0x7d0/0x7d0 [ 97.977405][ T9632] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 97.982979][ T9632] ? apparmor_socket_sendmsg+0x2a/0x30 [ 97.988444][ T9632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.994894][ T9632] ? security_socket_sendmsg+0x8d/0xc0 [ 98.000402][ T9632] ? netlink_unicast+0x7d0/0x7d0 [ 98.005332][ T9632] sock_sendmsg+0xd7/0x130 [ 98.009812][ T9632] ____sys_sendmsg+0x753/0x880 [ 98.014564][ T9632] ? kernel_sendmsg+0x50/0x50 [ 98.019241][ T9632] ? lockdep_init_map+0x1be/0x6d0 [ 98.024268][ T9632] ___sys_sendmsg+0x100/0x170 [ 98.028963][ T9632] ? sendmsg_copy_msghdr+0x70/0x70 [ 98.034071][ T9632] ? __kasan_check_read+0x11/0x20 [ 98.039127][ T9632] ? __lock_acquire+0x8a0/0x4a00 [ 98.044177][ T9632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.050414][ T9632] ? __this_cpu_preempt_check+0x35/0x190 [ 98.056094][ T9632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.062370][ T9632] ? percpu_counter_add_batch+0x13c/0x190 [ 98.068080][ T9632] ? __fd_install+0x1bc/0x640 [ 98.072763][ T9632] ? find_held_lock+0x35/0x130 [ 98.077714][ T9632] ? __fd_install+0x1bc/0x640 [ 98.082401][ T9632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.088692][ T9632] ? __fget_light+0x1a9/0x230 [ 98.093426][ T9632] ? __fdget+0x1b/0x20 [ 98.097479][ T9632] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 98.104056][ T9632] __sys_sendmsg+0x105/0x1d0 [ 98.108776][ T9632] ? __sys_sendmsg_sock+0xc0/0xc0 [ 98.113850][ T9632] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 98.119363][ T9632] ? do_syscall_64+0x26/0x790 [ 98.124024][ T9632] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.130208][ T9632] ? do_syscall_64+0x26/0x790 [ 98.135024][ T9632] __x64_sys_sendmsg+0x78/0xb0 [ 98.139863][ T9632] do_syscall_64+0xfa/0x790 [ 98.144419][ T9632] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.150322][ T9632] RIP: 0033:0x4402c9 [ 98.154200][ T9632] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 98.174615][ T9632] RSP: 002b:00007ffdc66f7d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 98.183152][ T9632] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9 [ 98.191190][ T9632] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 98.199162][ T9632] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 98.207127][ T9632] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401b50 [ 98.215102][ T9632] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 98.224529][ T9632] Kernel Offset: disabled [ 98.228860][ T9632] Rebooting in 86400 seconds..