[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 89.501341][ T27] audit: type=1800 audit(1580122651.013:25): pid=9627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 89.533694][ T27] audit: type=1800 audit(1580122651.023:26): pid=9627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 89.578384][ T27] audit: type=1800 audit(1580122651.023:27): pid=9627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.203' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 98.375557][ T9779] ================================================================== [ 98.384036][ T9779] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40f/0xf20 [ 98.391655][ T9779] Read of size 8 at addr ffff88809e963900 by task syz-executor098/9779 [ 98.399907][ T9779] [ 98.402262][ T9779] CPU: 1 PID: 9779 Comm: syz-executor098 Not tainted 5.5.0-rc6-next-20200116-syzkaller #0 [ 98.412169][ T9779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 98.422225][ T9779] Call Trace: [ 98.425509][ T9779] dump_stack+0x197/0x210 [ 98.429840][ T9779] ? bitmap_ip_list+0x40f/0xf20 [ 98.434865][ T9779] print_address_description.constprop.0.cold+0xd4/0x30b [ 98.441924][ T9779] ? bitmap_ip_list+0x40f/0xf20 [ 98.446778][ T9779] ? bitmap_ip_list+0x40f/0xf20 [ 98.451644][ T9779] __kasan_report.cold+0x1b/0x32 [ 98.456639][ T9779] ? bitmap_ip_list+0x40f/0xf20 [ 98.461490][ T9779] kasan_report+0x12/0x20 [ 98.465809][ T9779] check_memory_region+0x134/0x1a0 [ 98.470923][ T9779] __kasan_check_read+0x11/0x20 [ 98.475763][ T9779] bitmap_ip_list+0x40f/0xf20 [ 98.480498][ T9779] ? bitmap_ip_add+0xe60/0xe60 [ 98.485395][ T9779] ? nla_put+0x110/0x150 [ 98.489639][ T9779] ip_set_dump_start+0x96c/0x1ca0 [ 98.494665][ T9779] ? ip_set_rename+0x720/0x720 [ 98.499546][ T9779] ? __kmalloc_reserve.isra.0+0x70/0xf0 [ 98.505099][ T9779] ? __lock_acquire+0x2660/0x4a00 [ 98.510127][ T9779] ? __kasan_check_write+0x14/0x20 [ 98.515240][ T9779] netlink_dump+0x558/0xfb0 [ 98.520142][ T9779] ? __netlink_sendskb+0xc0/0xc0 [ 98.525089][ T9779] __netlink_dump_start+0x673/0x930 [ 98.530286][ T9779] ip_set_dump+0x15a/0x1d0 [ 98.534697][ T9779] ? call_ad+0x5a0/0x5a0 [ 98.538947][ T9779] ? ip_set_rename+0x720/0x720 [ 98.543712][ T9779] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 98.549615][ T9779] ? call_ad+0x5a0/0x5a0 [ 98.553867][ T9779] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 98.558794][ T9779] ? nfnetlink_bind+0x2c0/0x2c0 [ 98.563745][ T9779] ? __kasan_check_read+0x11/0x20 [ 98.569010][ T9779] ? __lock_acquire+0x8a0/0x4a00 [ 98.573935][ T9779] ? save_stack+0x5c/0x90 [ 98.578268][ T9779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.584497][ T9779] ? apparmor_capable+0x4df/0x910 [ 98.589521][ T9779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.595803][ T9779] ? __kasan_check_read+0x11/0x20 [ 98.600862][ T9779] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 98.606328][ T9779] netlink_rcv_skb+0x177/0x450 [ 98.611093][ T9779] ? nfnetlink_bind+0x2c0/0x2c0 [ 98.616062][ T9779] ? netlink_ack+0xb50/0xb50 [ 98.620653][ T9779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.626890][ T9779] ? ns_capable_common+0x93/0x100 [ 98.631922][ T9779] ? ns_capable+0x20/0x30 [ 98.636241][ T9779] ? __netlink_ns_capable+0x104/0x140 [ 98.641613][ T9779] nfnetlink_rcv+0x1ba/0x460 [ 98.646201][ T9779] ? nfnetlink_rcv_batch+0x1780/0x1780 [ 98.651658][ T9779] ? netlink_deliver_tap+0x248/0xbf0 [ 98.656948][ T9779] ? __kasan_check_write+0x14/0x20 [ 98.662046][ T9779] netlink_unicast+0x59e/0x7e0 [ 98.666808][ T9779] ? netlink_attachskb+0x870/0x870 [ 98.671913][ T9779] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 98.677729][ T9779] ? __check_object_size+0x3d/0x437 [ 98.682926][ T9779] netlink_sendmsg+0x91c/0xea0 [ 98.687698][ T9779] ? netlink_unicast+0x7e0/0x7e0 [ 98.692695][ T9779] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 98.698362][ T9779] ? apparmor_socket_sendmsg+0x2a/0x30 [ 98.703814][ T9779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.710058][ T9779] ? security_socket_sendmsg+0x8d/0xc0 [ 98.715578][ T9779] ? netlink_unicast+0x7e0/0x7e0 [ 98.720517][ T9779] sock_sendmsg+0xd7/0x130 [ 98.724949][ T9779] ____sys_sendmsg+0x753/0x880 [ 98.729727][ T9779] ? kernel_sendmsg+0x50/0x50 [ 98.734494][ T9779] ? lockdep_init_map+0x1be/0x6d0 [ 98.739524][ T9779] ___sys_sendmsg+0x100/0x170 [ 98.744551][ T9779] ? sendmsg_copy_msghdr+0x70/0x70 [ 98.749661][ T9779] ? __kasan_check_read+0x11/0x20 [ 98.754785][ T9779] ? __lock_acquire+0x8a0/0x4a00 [ 98.759853][ T9779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.766096][ T9779] ? __this_cpu_preempt_check+0x35/0x190 [ 98.771760][ T9779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.777999][ T9779] ? percpu_counter_add_batch+0x13c/0x190 [ 98.783726][ T9779] ? __fd_install+0x1bc/0x640 [ 98.788408][ T9779] ? find_held_lock+0x35/0x130 [ 98.793332][ T9779] ? __fd_install+0x1bc/0x640 [ 98.798060][ T9779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.805030][ T9779] ? __fget_light+0x1ad/0x270 [ 98.809707][ T9779] ? __fdget+0x1b/0x20 [ 98.813782][ T9779] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 98.820142][ T9779] __sys_sendmsg+0x105/0x1d0 [ 98.824837][ T9779] ? __sys_sendmsg_sock+0xc0/0xc0 [ 98.829874][ T9779] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 98.835331][ T9779] ? do_syscall_64+0x26/0x790 [ 98.839995][ T9779] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.846061][ T9779] ? do_syscall_64+0x26/0x790 [ 98.850805][ T9779] __x64_sys_sendmsg+0x78/0xb0 [ 98.855576][ T9779] do_syscall_64+0xfa/0x790 [ 98.860169][ T9779] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.866188][ T9779] RIP: 0033:0x440529 [ 98.870082][ T9779] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 98.889753][ T9779] RSP: 002b:00007fff7246d5e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 98.898211][ T9779] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 98.906179][ T9779] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 98.914145][ T9779] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 98.922101][ T9779] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0 [ 98.930167][ T9779] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 98.938145][ T9779] [ 98.940458][ T9779] Allocated by task 9779: [ 98.944781][ T9779] save_stack+0x23/0x90 [ 98.948943][ T9779] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 98.954569][ T9779] kasan_kmalloc+0x9/0x10 [ 98.958888][ T9779] __kmalloc+0x163/0x770 [ 98.963131][ T9779] ip_set_alloc+0x38/0x5e [ 98.967445][ T9779] bitmap_ip_create+0x6ec/0xc20 [ 98.972352][ T9779] ip_set_create+0x6f1/0x1500 [ 98.977029][ T9779] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 98.981962][ T9779] netlink_rcv_skb+0x177/0x450 [ 98.986771][ T9779] nfnetlink_rcv+0x1ba/0x460 [ 98.991353][ T9779] netlink_unicast+0x59e/0x7e0 [ 98.996152][ T9779] netlink_sendmsg+0x91c/0xea0 [ 99.000913][ T9779] sock_sendmsg+0xd7/0x130 [ 99.005324][ T9779] ____sys_sendmsg+0x753/0x880 [ 99.010188][ T9779] ___sys_sendmsg+0x100/0x170 [ 99.014857][ T9779] __sys_sendmsg+0x105/0x1d0 [ 99.019445][ T9779] __x64_sys_sendmsg+0x78/0xb0 [ 99.024326][ T9779] do_syscall_64+0xfa/0x790 [ 99.028827][ T9779] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 99.034698][ T9779] [ 99.037145][ T9779] Freed by task 9509: [ 99.041122][ T9779] save_stack+0x23/0x90 [ 99.045555][ T9779] __kasan_slab_free+0x102/0x150 [ 99.050488][ T9779] kasan_slab_free+0xe/0x10 [ 99.055038][ T9779] kfree+0x10a/0x2c0 [ 99.058982][ T9779] tomoyo_check_open_permission+0x19e/0x3e0 [ 99.064867][ T9779] tomoyo_file_open+0xa9/0xd0 [ 99.069745][ T9779] security_file_open+0x71/0x300 [ 99.074814][ T9779] do_dentry_open+0x365/0x1350 [ 99.079583][ T9779] vfs_open+0xa0/0xd0 [ 99.083571][ T9779] path_openat+0x12fd/0x34d0 [ 99.088165][ T9779] do_filp_open+0x192/0x260 [ 99.092737][ T9779] do_sys_openat2+0x633/0x840 [ 99.097507][ T9779] do_sys_open+0xfc/0x190 [ 99.101960][ T9779] __x64_sys_open+0x7e/0xc0 [ 99.106720][ T9779] do_syscall_64+0xfa/0x790 [ 99.111254][ T9779] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 99.117133][ T9779] [ 99.119458][ T9779] The buggy address belongs to the object at ffff88809e963900 [ 99.119458][ T9779] which belongs to the cache kmalloc-32 of size 32 [ 99.133466][ T9779] The buggy address is located 0 bytes inside of [ 99.133466][ T9779] 32-byte region [ffff88809e963900, ffff88809e963920) [ 99.146784][ T9779] The buggy address belongs to the page: [ 99.152477][ T9779] page:ffffea00027a58c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809e963fc1 [ 99.162933][ T9779] flags: 0xfffe0000000200(slab) [ 99.167896][ T9779] raw: 00fffe0000000200 ffffea0002a51f48 ffffea0002a23488 ffff8880aa4001c0 [ 99.176710][ T9779] raw: ffff88809e963fc1 ffff88809e963000 000000010000003f 0000000000000000 [ 99.185387][ T9779] page dumped because: kasan: bad access detected [ 99.191790][ T9779] [ 99.194116][ T9779] Memory state around the buggy address: [ 99.199963][ T9779] ffff88809e963800: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 99.208018][ T9779] ffff88809e963880: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc [ 99.216109][ T9779] >ffff88809e963900: 04 fc fc fc fc fc fc fc 00 00 fc fc fc fc fc fc [ 99.224265][ T9779] ^ [ 99.228325][ T9779] ffff88809e963980: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 99.236379][ T9779] ffff88809e963a00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 99.244426][ T9779] ================================================================== [ 99.252749][ T9779] Disabling lock debugging due to kernel taint [ 99.260321][ T9779] Kernel panic - not syncing: panic_on_warn set ... [ 99.267115][ T9779] CPU: 0 PID: 9779 Comm: syz-executor098 Tainted: G B 5.5.0-rc6-next-20200116-syzkaller #0 [ 99.278431][ T9779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 99.288489][ T9779] Call Trace: [ 99.291779][ T9779] dump_stack+0x197/0x210 [ 99.296117][ T9779] panic+0x2e3/0x75c [ 99.300007][ T9779] ? add_taint.cold+0x16/0x16 [ 99.304676][ T9779] ? bitmap_ip_list+0x40f/0xf20 [ 99.309850][ T9779] ? preempt_schedule+0x4b/0x60 [ 99.314700][ T9779] ? ___preempt_schedule+0x16/0x18 [ 99.319802][ T9779] ? trace_hardirqs_on+0x5e/0x240 [ 99.325102][ T9779] ? bitmap_ip_list+0x40f/0xf20 [ 99.329941][ T9779] end_report+0x47/0x4f [ 99.334152][ T9779] ? bitmap_ip_list+0x40f/0xf20 [ 99.339004][ T9779] __kasan_report.cold+0xe/0x32 [ 99.343838][ T9779] ? bitmap_ip_list+0x40f/0xf20 [ 99.348683][ T9779] kasan_report+0x12/0x20 [ 99.353179][ T9779] check_memory_region+0x134/0x1a0 [ 99.358414][ T9779] __kasan_check_read+0x11/0x20 [ 99.363256][ T9779] bitmap_ip_list+0x40f/0xf20 [ 99.367926][ T9779] ? bitmap_ip_add+0xe60/0xe60 [ 99.372673][ T9779] ? nla_put+0x110/0x150 [ 99.376912][ T9779] ip_set_dump_start+0x96c/0x1ca0 [ 99.382181][ T9779] ? ip_set_rename+0x720/0x720 [ 99.386949][ T9779] ? __kmalloc_reserve.isra.0+0x70/0xf0 [ 99.392541][ T9779] ? __lock_acquire+0x2660/0x4a00 [ 99.397581][ T9779] ? __kasan_check_write+0x14/0x20 [ 99.402767][ T9779] netlink_dump+0x558/0xfb0 [ 99.407278][ T9779] ? __netlink_sendskb+0xc0/0xc0 [ 99.412219][ T9779] __netlink_dump_start+0x673/0x930 [ 99.417603][ T9779] ip_set_dump+0x15a/0x1d0 [ 99.422014][ T9779] ? call_ad+0x5a0/0x5a0 [ 99.426284][ T9779] ? ip_set_rename+0x720/0x720 [ 99.431391][ T9779] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 99.437217][ T9779] ? call_ad+0x5a0/0x5a0 [ 99.441460][ T9779] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 99.446384][ T9779] ? nfnetlink_bind+0x2c0/0x2c0 [ 99.451332][ T9779] ? __kasan_check_read+0x11/0x20 [ 99.456349][ T9779] ? __lock_acquire+0x8a0/0x4a00 [ 99.461279][ T9779] ? save_stack+0x5c/0x90 [ 99.465601][ T9779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 99.471854][ T9779] ? apparmor_capable+0x4df/0x910 [ 99.476918][ T9779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 99.483255][ T9779] ? __kasan_check_read+0x11/0x20 [ 99.488276][ T9779] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 99.493726][ T9779] netlink_rcv_skb+0x177/0x450 [ 99.498485][ T9779] ? nfnetlink_bind+0x2c0/0x2c0 [ 99.503341][ T9779] ? netlink_ack+0xb50/0xb50 [ 99.507918][ T9779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 99.514153][ T9779] ? ns_capable_common+0x93/0x100 [ 99.519174][ T9779] ? ns_capable+0x20/0x30 [ 99.523524][ T9779] ? __netlink_ns_capable+0x104/0x140 [ 99.528905][ T9779] nfnetlink_rcv+0x1ba/0x460 [ 99.533480][ T9779] ? nfnetlink_rcv_batch+0x1780/0x1780 [ 99.538932][ T9779] ? netlink_deliver_tap+0x248/0xbf0 [ 99.544267][ T9779] ? __kasan_check_write+0x14/0x20 [ 99.549371][ T9779] netlink_unicast+0x59e/0x7e0 [ 99.554118][ T9779] ? netlink_attachskb+0x870/0x870 [ 99.559227][ T9779] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 99.564940][ T9779] ? __check_object_size+0x3d/0x437 [ 99.570131][ T9779] netlink_sendmsg+0x91c/0xea0 [ 99.574880][ T9779] ? netlink_unicast+0x7e0/0x7e0 [ 99.579814][ T9779] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 99.585341][ T9779] ? apparmor_socket_sendmsg+0x2a/0x30 [ 99.590845][ T9779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 99.597128][ T9779] ? security_socket_sendmsg+0x8d/0xc0 [ 99.602599][ T9779] ? netlink_unicast+0x7e0/0x7e0 [ 99.607536][ T9779] sock_sendmsg+0xd7/0x130 [ 99.612045][ T9779] ____sys_sendmsg+0x753/0x880 [ 99.616815][ T9779] ? kernel_sendmsg+0x50/0x50 [ 99.621510][ T9779] ? lockdep_init_map+0x1be/0x6d0 [ 99.626563][ T9779] ___sys_sendmsg+0x100/0x170 [ 99.631240][ T9779] ? sendmsg_copy_msghdr+0x70/0x70 [ 99.636348][ T9779] ? __kasan_check_read+0x11/0x20 [ 99.641397][ T9779] ? __lock_acquire+0x8a0/0x4a00 [ 99.646332][ T9779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 99.652621][ T9779] ? __this_cpu_preempt_check+0x35/0x190 [ 99.658358][ T9779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 99.664656][ T9779] ? percpu_counter_add_batch+0x13c/0x190 [ 99.670368][ T9779] ? __fd_install+0x1bc/0x640 [ 99.675073][ T9779] ? find_held_lock+0x35/0x130 [ 99.679829][ T9779] ? __fd_install+0x1bc/0x640 [ 99.684491][ T9779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 99.690724][ T9779] ? __fget_light+0x1ad/0x270 [ 99.695391][ T9779] ? __fdget+0x1b/0x20 [ 99.699464][ T9779] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 99.705696][ T9779] __sys_sendmsg+0x105/0x1d0 [ 99.710270][ T9779] ? __sys_sendmsg_sock+0xc0/0xc0 [ 99.715286][ T9779] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 99.720739][ T9779] ? do_syscall_64+0x26/0x790 [ 99.725468][ T9779] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 99.731541][ T9779] ? do_syscall_64+0x26/0x790 [ 99.736214][ T9779] __x64_sys_sendmsg+0x78/0xb0 [ 99.740973][ T9779] do_syscall_64+0xfa/0x790 [ 99.745472][ T9779] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 99.751498][ T9779] RIP: 0033:0x440529 [ 99.755490][ T9779] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 99.775287][ T9779] RSP: 002b:00007fff7246d5e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 99.783738][ T9779] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 99.791695][ T9779] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 99.799693][ T9779] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 99.807650][ T9779] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0 [ 99.815653][ T9779] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 99.825675][ T9779] Kernel Offset: disabled [ 99.830223][ T9779] Rebooting in 86400 seconds..