[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 67.647847][ T27] audit: type=1800 audit(1579351152.688:25): pid=9607 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 67.667801][ T27] audit: type=1800 audit(1579351152.688:26): pid=9607 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 67.731117][ T27] audit: type=1800 audit(1579351152.698:27): pid=9607 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.73' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 86.607547][ T9761] ================================================================== [ 86.615746][ T9761] BUG: KASAN: slab-out-of-bounds in bitmap_port_list+0x3cf/0xdb0 [ 86.623574][ T9761] Read of size 8 at addr ffff88809f8d5380 by task syz-executor611/9761 [ 86.631794][ T9761] [ 86.634112][ T9761] CPU: 0 PID: 9761 Comm: syz-executor611 Not tainted 5.5.0-rc5-syzkaller #0 [ 86.642764][ T9761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.652809][ T9761] Call Trace: [ 86.656097][ T9761] dump_stack+0x197/0x210 [ 86.660418][ T9761] ? bitmap_port_list+0x3cf/0xdb0 [ 86.665438][ T9761] print_address_description.constprop.0.cold+0xd4/0x30b [ 86.672452][ T9761] ? bitmap_port_list+0x3cf/0xdb0 [ 86.677468][ T9761] ? bitmap_port_list+0x3cf/0xdb0 [ 86.682486][ T9761] __kasan_report.cold+0x1b/0x41 [ 86.687418][ T9761] ? bitmap_port_list+0x3cf/0xdb0 [ 86.692491][ T9761] kasan_report+0x12/0x20 [ 86.696816][ T9761] check_memory_region+0x134/0x1a0 [ 86.701922][ T9761] __kasan_check_read+0x11/0x20 [ 86.706776][ T9761] bitmap_port_list+0x3cf/0xdb0 [ 86.711627][ T9761] ? bitmap_port_head+0x296/0x600 [ 86.716704][ T9761] ? bitmap_port_del+0x380/0x380 [ 86.721647][ T9761] ? nla_put+0x110/0x150 [ 86.725886][ T9761] ip_set_dump_start+0x96c/0x1ca0 [ 86.730918][ T9761] ? ip_set_rename+0x720/0x720 [ 86.735730][ T9761] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 86.741269][ T9761] ? perf_trace_lock_acquire+0x4b0/0x530 [ 86.746890][ T9761] ? __kasan_check_write+0x14/0x20 [ 86.752001][ T9761] netlink_dump+0x558/0xfb0 [ 86.756495][ T9761] ? __netlink_sendskb+0xc0/0xc0 [ 86.761501][ T9761] __netlink_dump_start+0x66a/0x930 [ 86.766695][ T9761] ip_set_dump+0x15a/0x1d0 [ 86.771105][ T9761] ? call_ad+0x5a0/0x5a0 [ 86.775380][ T9761] ? ip_set_rename+0x720/0x720 [ 86.780214][ T9761] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 86.786014][ T9761] ? call_ad+0x5a0/0x5a0 [ 86.790253][ T9761] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 86.795192][ T9761] ? nfnetlink_bind+0x2c0/0x2c0 [ 86.800077][ T9761] ? __kasan_check_read+0x11/0x20 [ 86.805108][ T9761] ? __lock_acquire+0x8a0/0x4a00 [ 86.810036][ T9761] ? save_stack+0x5c/0x90 [ 86.814355][ T9761] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.820579][ T9761] ? apparmor_capable+0x497/0x900 [ 86.825608][ T9761] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.831852][ T9761] ? __kasan_check_read+0x11/0x20 [ 86.836879][ T9761] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 86.842335][ T9761] netlink_rcv_skb+0x177/0x450 [ 86.847089][ T9761] ? nfnetlink_bind+0x2c0/0x2c0 [ 86.851960][ T9761] ? netlink_ack+0xb50/0xb50 [ 86.856541][ T9761] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.862773][ T9761] ? ns_capable_common+0x93/0x100 [ 86.867793][ T9761] ? ns_capable+0x20/0x30 [ 86.872121][ T9761] ? __netlink_ns_capable+0x104/0x140 [ 86.877499][ T9761] nfnetlink_rcv+0x1ba/0x460 [ 86.882087][ T9761] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 86.887585][ T9761] ? netlink_deliver_tap+0x24a/0xbe0 [ 86.892864][ T9761] ? __kasan_check_write+0x14/0x20 [ 86.897972][ T9761] netlink_unicast+0x58c/0x7d0 [ 86.902735][ T9761] ? netlink_attachskb+0x870/0x870 [ 86.907844][ T9761] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 86.913550][ T9761] ? __check_object_size+0x3d/0x437 [ 86.918792][ T9761] netlink_sendmsg+0x91c/0xea0 [ 86.923554][ T9761] ? netlink_unicast+0x7d0/0x7d0 [ 86.928545][ T9761] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 86.934085][ T9761] ? apparmor_socket_sendmsg+0x2a/0x30 [ 86.939526][ T9761] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.945749][ T9761] ? security_socket_sendmsg+0x8d/0xc0 [ 86.951192][ T9761] ? netlink_unicast+0x7d0/0x7d0 [ 86.956116][ T9761] sock_sendmsg+0xd7/0x130 [ 86.960520][ T9761] ____sys_sendmsg+0x753/0x880 [ 86.965267][ T9761] ? kernel_sendmsg+0x50/0x50 [ 86.969940][ T9761] ? mark_held_locks+0xa4/0xf0 [ 86.974729][ T9761] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 86.980794][ T9761] ? __handle_mm_fault+0x3145/0x3cc0 [ 86.986064][ T9761] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 86.992116][ T9761] ___sys_sendmsg+0x100/0x170 [ 86.996777][ T9761] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 87.002742][ T9761] ? sendmsg_copy_msghdr+0x70/0x70 [ 87.007856][ T9761] ? __do_page_fault+0x56a/0xd80 [ 87.012779][ T9761] ? find_held_lock+0x35/0x130 [ 87.017525][ T9761] ? __do_page_fault+0x56a/0xd80 [ 87.022450][ T9761] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.028672][ T9761] ? __fget_light+0x1a9/0x230 [ 87.033333][ T9761] ? __fdget+0x1b/0x20 [ 87.037497][ T9761] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 87.043732][ T9761] __sys_sendmsg+0x105/0x1d0 [ 87.048309][ T9761] ? __sys_sendmsg_sock+0xc0/0xc0 [ 87.053317][ T9761] ? down_read_non_owner+0x490/0x490 [ 87.058592][ T9761] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 87.064085][ T9761] ? do_syscall_64+0x26/0x790 [ 87.068809][ T9761] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.074884][ T9761] ? do_syscall_64+0x26/0x790 [ 87.079623][ T9761] __x64_sys_sendmsg+0x78/0xb0 [ 87.084389][ T9761] do_syscall_64+0xfa/0x790 [ 87.088888][ T9761] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.094901][ T9761] RIP: 0033:0x441479 [ 87.098786][ T9761] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 87.118391][ T9761] RSP: 002b:00007fff87cf1698 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 87.126798][ T9761] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441479 [ 87.134773][ T9761] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 87.142749][ T9761] RBP: 0000000000015223 R08: 00000000004002c8 R09: 00000000004002c8 [ 87.150717][ T9761] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004022a0 [ 87.158678][ T9761] R13: 0000000000402330 R14: 0000000000000000 R15: 0000000000000000 [ 87.166689][ T9761] [ 87.169018][ T9761] Allocated by task 9760: [ 87.173375][ T9761] save_stack+0x23/0x90 [ 87.177517][ T9761] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 87.183139][ T9761] kasan_kmalloc+0x9/0x10 [ 87.187504][ T9761] __kmalloc+0x163/0x770 [ 87.191741][ T9761] ip_set_alloc+0x38/0x5e [ 87.196060][ T9761] bitmap_port_create+0x3dc/0x7c0 [ 87.201066][ T9761] ip_set_create+0x6f1/0x1500 [ 87.205735][ T9761] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 87.210711][ T9761] netlink_rcv_skb+0x177/0x450 [ 87.215460][ T9761] nfnetlink_rcv+0x1ba/0x460 [ 87.220043][ T9761] netlink_unicast+0x58c/0x7d0 [ 87.224798][ T9761] netlink_sendmsg+0x91c/0xea0 [ 87.229554][ T9761] sock_sendmsg+0xd7/0x130 [ 87.233957][ T9761] ____sys_sendmsg+0x753/0x880 [ 87.238702][ T9761] ___sys_sendmsg+0x100/0x170 [ 87.243418][ T9761] __sys_sendmsg+0x105/0x1d0 [ 87.248001][ T9761] __x64_sys_sendmsg+0x78/0xb0 [ 87.252757][ T9761] do_syscall_64+0xfa/0x790 [ 87.257252][ T9761] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.263126][ T9761] [ 87.265441][ T9761] Freed by task 9449: [ 87.269482][ T9761] save_stack+0x23/0x90 [ 87.273632][ T9761] __kasan_slab_free+0x102/0x150 [ 87.278562][ T9761] kasan_slab_free+0xe/0x10 [ 87.283070][ T9761] kfree+0x10a/0x2c0 [ 87.286964][ T9761] tomoyo_check_open_permission+0x19e/0x3e0 [ 87.292848][ T9761] tomoyo_file_open+0xa9/0xd0 [ 87.297571][ T9761] security_file_open+0x71/0x300 [ 87.302513][ T9761] do_dentry_open+0x37a/0x1380 [ 87.307261][ T9761] vfs_open+0xa0/0xd0 [ 87.311229][ T9761] path_openat+0x10df/0x4500 [ 87.315804][ T9761] do_filp_open+0x1a1/0x280 [ 87.320293][ T9761] do_sys_open+0x3fe/0x5d0 [ 87.324695][ T9761] __x64_sys_open+0x7e/0xc0 [ 87.329180][ T9761] do_syscall_64+0xfa/0x790 [ 87.333670][ T9761] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.339538][ T9761] [ 87.341848][ T9761] The buggy address belongs to the object at ffff88809f8d5380 [ 87.341848][ T9761] which belongs to the cache kmalloc-32 of size 32 [ 87.355764][ T9761] The buggy address is located 0 bytes inside of [ 87.355764][ T9761] 32-byte region [ffff88809f8d5380, ffff88809f8d53a0) [ 87.368761][ T9761] The buggy address belongs to the page: [ 87.374406][ T9761] page:ffffea00027e3540 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809f8d5fc1 [ 87.384833][ T9761] raw: 00fffe0000000200 ffffea00027ac1c8 ffffea0002796108 ffff8880aa4001c0 [ 87.393406][ T9761] raw: ffff88809f8d5fc1 ffff88809f8d5000 000000010000003e 0000000000000000 [ 87.401976][ T9761] page dumped because: kasan: bad access detected [ 87.408421][ T9761] [ 87.410733][ T9761] Memory state around the buggy address: [ 87.416353][ T9761] ffff88809f8d5280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 87.424404][ T9761] ffff88809f8d5300: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 87.432457][ T9761] >ffff88809f8d5380: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 87.440607][ T9761] ^ [ 87.444664][ T9761] ffff88809f8d5400: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 87.452713][ T9761] ffff88809f8d5480: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 87.460756][ T9761] ================================================================== [ 87.468802][ T9761] Disabling lock debugging due to kernel taint [ 87.475676][ T9761] Kernel panic - not syncing: panic_on_warn set ... [ 87.482276][ T9761] CPU: 0 PID: 9761 Comm: syz-executor611 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 87.492314][ T9761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 87.502353][ T9761] Call Trace: [ 87.505656][ T9761] dump_stack+0x197/0x210 [ 87.509978][ T9761] panic+0x2e3/0x75c [ 87.513868][ T9761] ? add_taint.cold+0x16/0x16 [ 87.518537][ T9761] ? bitmap_port_list+0x3cf/0xdb0 [ 87.523552][ T9761] ? preempt_schedule+0x4b/0x60 [ 87.528398][ T9761] ? ___preempt_schedule+0x16/0x18 [ 87.533498][ T9761] ? trace_hardirqs_on+0x5e/0x240 [ 87.538513][ T9761] ? bitmap_port_list+0x3cf/0xdb0 [ 87.543528][ T9761] end_report+0x47/0x4f [ 87.547692][ T9761] ? bitmap_port_list+0x3cf/0xdb0 [ 87.552705][ T9761] __kasan_report.cold+0xe/0x41 [ 87.557648][ T9761] ? bitmap_port_list+0x3cf/0xdb0 [ 87.562659][ T9761] kasan_report+0x12/0x20 [ 87.566977][ T9761] check_memory_region+0x134/0x1a0 [ 87.572077][ T9761] __kasan_check_read+0x11/0x20 [ 87.576917][ T9761] bitmap_port_list+0x3cf/0xdb0 [ 87.581764][ T9761] ? bitmap_port_head+0x296/0x600 [ 87.586776][ T9761] ? bitmap_port_del+0x380/0x380 [ 87.591699][ T9761] ? nla_put+0x110/0x150 [ 87.595930][ T9761] ip_set_dump_start+0x96c/0x1ca0 [ 87.600942][ T9761] ? ip_set_rename+0x720/0x720 [ 87.605692][ T9761] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 87.611226][ T9761] ? perf_trace_lock_acquire+0x4b0/0x530 [ 87.616844][ T9761] ? __kasan_check_write+0x14/0x20 [ 87.621947][ T9761] netlink_dump+0x558/0xfb0 [ 87.626481][ T9761] ? __netlink_sendskb+0xc0/0xc0 [ 87.631411][ T9761] __netlink_dump_start+0x66a/0x930 [ 87.636597][ T9761] ip_set_dump+0x15a/0x1d0 [ 87.641003][ T9761] ? call_ad+0x5a0/0x5a0 [ 87.645247][ T9761] ? ip_set_rename+0x720/0x720 [ 87.649998][ T9761] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 87.655796][ T9761] ? call_ad+0x5a0/0x5a0 [ 87.660026][ T9761] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 87.664952][ T9761] ? nfnetlink_bind+0x2c0/0x2c0 [ 87.669793][ T9761] ? __kasan_check_read+0x11/0x20 [ 87.674804][ T9761] ? __lock_acquire+0x8a0/0x4a00 [ 87.679731][ T9761] ? save_stack+0x5c/0x90 [ 87.684052][ T9761] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.690275][ T9761] ? apparmor_capable+0x497/0x900 [ 87.695294][ T9761] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.701646][ T9761] ? __kasan_check_read+0x11/0x20 [ 87.706660][ T9761] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 87.712110][ T9761] netlink_rcv_skb+0x177/0x450 [ 87.716866][ T9761] ? nfnetlink_bind+0x2c0/0x2c0 [ 87.721713][ T9761] ? netlink_ack+0xb50/0xb50 [ 87.726297][ T9761] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.732526][ T9761] ? ns_capable_common+0x93/0x100 [ 87.737590][ T9761] ? ns_capable+0x20/0x30 [ 87.741900][ T9761] ? __netlink_ns_capable+0x104/0x140 [ 87.747262][ T9761] nfnetlink_rcv+0x1ba/0x460 [ 87.751887][ T9761] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 87.757387][ T9761] ? netlink_deliver_tap+0x24a/0xbe0 [ 87.762660][ T9761] ? __kasan_check_write+0x14/0x20 [ 87.767757][ T9761] netlink_unicast+0x58c/0x7d0 [ 87.772507][ T9761] ? netlink_attachskb+0x870/0x870 [ 87.777603][ T9761] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 87.783348][ T9761] ? __check_object_size+0x3d/0x437 [ 87.788565][ T9761] netlink_sendmsg+0x91c/0xea0 [ 87.793312][ T9761] ? netlink_unicast+0x7d0/0x7d0 [ 87.798242][ T9761] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 87.803782][ T9761] ? apparmor_socket_sendmsg+0x2a/0x30 [ 87.809229][ T9761] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.815457][ T9761] ? security_socket_sendmsg+0x8d/0xc0 [ 87.820900][ T9761] ? netlink_unicast+0x7d0/0x7d0 [ 87.825823][ T9761] sock_sendmsg+0xd7/0x130 [ 87.830224][ T9761] ____sys_sendmsg+0x753/0x880 [ 87.834976][ T9761] ? kernel_sendmsg+0x50/0x50 [ 87.839648][ T9761] ? mark_held_locks+0xa4/0xf0 [ 87.844447][ T9761] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 87.850500][ T9761] ? __handle_mm_fault+0x3145/0x3cc0 [ 87.855773][ T9761] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 87.861829][ T9761] ___sys_sendmsg+0x100/0x170 [ 87.866496][ T9761] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 87.872470][ T9761] ? sendmsg_copy_msghdr+0x70/0x70 [ 87.877573][ T9761] ? __do_page_fault+0x56a/0xd80 [ 87.882496][ T9761] ? find_held_lock+0x35/0x130 [ 87.887248][ T9761] ? __do_page_fault+0x56a/0xd80 [ 87.892179][ T9761] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.898406][ T9761] ? __fget_light+0x1a9/0x230 [ 87.903078][ T9761] ? __fdget+0x1b/0x20 [ 87.907142][ T9761] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 87.913372][ T9761] __sys_sendmsg+0x105/0x1d0 [ 87.917943][ T9761] ? __sys_sendmsg_sock+0xc0/0xc0 [ 87.922959][ T9761] ? down_read_non_owner+0x490/0x490 [ 87.928231][ T9761] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 87.933676][ T9761] ? do_syscall_64+0x26/0x790 [ 87.938341][ T9761] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.944397][ T9761] ? do_syscall_64+0x26/0x790 [ 87.949054][ T9761] __x64_sys_sendmsg+0x78/0xb0 [ 87.953799][ T9761] do_syscall_64+0xfa/0x790 [ 87.958288][ T9761] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.964159][ T9761] RIP: 0033:0x441479 [ 87.968036][ T9761] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 87.987618][ T9761] RSP: 002b:00007fff87cf1698 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 87.996016][ T9761] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441479 [ 88.003966][ T9761] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 88.011915][ T9761] RBP: 0000000000015223 R08: 00000000004002c8 R09: 00000000004002c8 [ 88.019862][ T9761] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004022a0 [ 88.027815][ T9761] R13: 0000000000402330 R14: 0000000000000000 R15: 0000000000000000 [ 88.037185][ T9761] Kernel Offset: disabled [ 88.041519][ T9761] Rebooting in 86400 seconds..