[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 47.930667][ T27] audit: type=1800 audit(1579360184.698:25): pid=8485 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 47.949729][ T27] audit: type=1800 audit(1579360184.698:26): pid=8485 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 47.998054][ T27] audit: type=1800 audit(1579360184.698:27): pid=8485 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.103' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.598207][ T8635] ================================================================== [ 69.606394][ T8635] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40d/0xcb0 [ 69.613923][ T8635] Read of size 8 at addr ffff8880a29a6200 by task syz-executor996/8635 [ 69.622140][ T8635] [ 69.624454][ T8635] CPU: 0 PID: 8635 Comm: syz-executor996 Not tainted 5.5.0-rc6-syzkaller #0 [ 69.633150][ T8635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.643231][ T8635] Call Trace: [ 69.646514][ T8635] dump_stack+0x1fb/0x318 [ 69.650828][ T8635] print_address_description+0x74/0x5c0 [ 69.656359][ T8635] ? vprintk_func+0x158/0x170 [ 69.661013][ T8635] ? printk+0x62/0x8d [ 69.665021][ T8635] ? vprintk_emit+0x2d4/0x3a0 [ 69.669678][ T8635] __kasan_report+0x149/0x1c0 [ 69.674403][ T8635] ? bitmap_ip_list+0x40d/0xcb0 [ 69.679284][ T8635] kasan_report+0x26/0x50 [ 69.683636][ T8635] ? debug_smp_processor_id+0x9/0x20 [ 69.688902][ T8635] check_memory_region+0x2b6/0x2f0 [ 69.694105][ T8635] __kasan_check_read+0x11/0x20 [ 69.699281][ T8635] bitmap_ip_list+0x40d/0xcb0 [ 69.704006][ T8635] ip_set_dump_start+0x10f9/0x1800 [ 69.709132][ T8635] netlink_dump+0x4ed/0x1170 [ 69.713705][ T8635] __netlink_dump_start+0x5cb/0x7b0 [ 69.718980][ T8635] ip_set_dump+0x107/0x160 [ 69.723723][ T8635] ? __find_set_type_get+0x540/0x540 [ 69.729021][ T8635] ? ip_set_dump_start+0x1800/0x1800 [ 69.734505][ T8635] ? ip_set_swap+0x730/0x730 [ 69.739072][ T8635] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 69.744015][ T8635] ? cap_capable+0x25b/0x290 [ 69.748587][ T8635] ? cap_capable+0x25b/0x290 [ 69.753189][ T8635] netlink_rcv_skb+0x19e/0x3e0 [ 69.757948][ T8635] ? nfnetlink_bind+0x250/0x250 [ 69.762816][ T8635] nfnetlink_rcv+0x1e0/0x1e50 [ 69.767594][ T8635] ? rcu_lock_release+0x9/0x30 [ 69.772418][ T8635] ? rcu_lock_release+0x21/0x30 [ 69.777261][ T8635] ? netlink_deliver_tap+0x142/0x880 [ 69.782538][ T8635] netlink_unicast+0x767/0x920 [ 69.787346][ T8635] netlink_sendmsg+0xa2c/0xd50 [ 69.792157][ T8635] ? netlink_getsockopt+0x9f0/0x9f0 [ 69.797344][ T8635] ____sys_sendmsg+0x4f7/0x7f0 [ 69.802103][ T8635] __sys_sendmsg+0x1ed/0x290 [ 69.806689][ T8635] ? check_preemption_disabled+0xb4/0x260 [ 69.812440][ T8635] ? debug_smp_processor_id+0x9/0x20 [ 69.817726][ T8635] ? debug_smp_processor_id+0x1c/0x20 [ 69.823082][ T8635] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 69.829134][ T8635] ? prepare_exit_to_usermode+0x221/0x5b0 [ 69.834865][ T8635] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 69.840612][ T8635] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 69.846233][ T8635] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 69.851944][ T8635] ? do_syscall_64+0x1d/0x1c0 [ 69.856611][ T8635] __x64_sys_sendmsg+0x7f/0x90 [ 69.861361][ T8635] do_syscall_64+0xf7/0x1c0 [ 69.865894][ T8635] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.871772][ T8635] RIP: 0033:0x440529 [ 69.875670][ T8635] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.895265][ T8635] RSP: 002b:00007ffc658b0d28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 69.903663][ T8635] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 69.911625][ T8635] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 69.919578][ T8635] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 69.927579][ T8635] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0 [ 69.935579][ T8635] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 69.943586][ T8635] [ 69.945942][ T8635] Allocated by task 8635: [ 69.950279][ T8635] __kasan_kmalloc+0x118/0x1c0 [ 69.955031][ T8635] kasan_kmalloc+0x9/0x10 [ 69.959357][ T8635] __kmalloc+0x254/0x340 [ 69.963590][ T8635] kzalloc+0x21/0x40 [ 69.967502][ T8635] ip_set_alloc+0x32/0x60 [ 69.971812][ T8635] bitmap_ip_create+0x48b/0xac0 [ 69.977016][ T8635] ip_set_create+0x421/0xfd0 [ 69.981587][ T8635] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 69.986514][ T8635] netlink_rcv_skb+0x19e/0x3e0 [ 69.991279][ T8635] nfnetlink_rcv+0x1e0/0x1e50 [ 69.995943][ T8635] netlink_unicast+0x767/0x920 [ 70.000694][ T8635] netlink_sendmsg+0xa2c/0xd50 [ 70.005445][ T8635] ____sys_sendmsg+0x4f7/0x7f0 [ 70.010243][ T8635] __sys_sendmsg+0x1ed/0x290 [ 70.014826][ T8635] __x64_sys_sendmsg+0x7f/0x90 [ 70.019618][ T8635] do_syscall_64+0xf7/0x1c0 [ 70.024303][ T8635] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.030209][ T8635] [ 70.032521][ T8635] Freed by task 8379: [ 70.036527][ T8635] __kasan_slab_free+0x12e/0x1e0 [ 70.041452][ T8635] kasan_slab_free+0xe/0x10 [ 70.045960][ T8635] kfree+0x10d/0x220 [ 70.049932][ T8635] tomoyo_path_perm+0x6ae/0x850 [ 70.054772][ T8635] tomoyo_inode_getattr+0x1c/0x20 [ 70.059774][ T8635] security_inode_getattr+0xc0/0x140 [ 70.065047][ T8635] vfs_getattr+0x2a/0x6d0 [ 70.069420][ T8635] __se_sys_newstat+0x95/0x150 [ 70.074174][ T8635] __x64_sys_newstat+0x5b/0x70 [ 70.079078][ T8635] do_syscall_64+0xf7/0x1c0 [ 70.083573][ T8635] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.089437][ T8635] [ 70.091743][ T8635] The buggy address belongs to the object at ffff8880a29a6200 [ 70.091743][ T8635] which belongs to the cache kmalloc-32 of size 32 [ 70.105704][ T8635] The buggy address is located 0 bytes inside of [ 70.105704][ T8635] 32-byte region [ffff8880a29a6200, ffff8880a29a6220) [ 70.118703][ T8635] The buggy address belongs to the page: [ 70.124376][ T8635] page:ffffea00028a6980 refcount:1 mapcount:0 mapping:ffff8880aa8001c0 index:0xffff8880a29a6fc1 [ 70.134770][ T8635] raw: 00fffe0000000200 ffffea0002878b88 ffffea00028d10c8 ffff8880aa8001c0 [ 70.143338][ T8635] raw: ffff8880a29a6fc1 ffff8880a29a6000 000000010000003f 0000000000000000 [ 70.151898][ T8635] page dumped because: kasan: bad access detected [ 70.158305][ T8635] [ 70.160610][ T8635] Memory state around the buggy address: [ 70.166234][ T8635] ffff8880a29a6100: 06 fc fc fc fc fc fc fc 06 fc fc fc fc fc fc fc [ 70.174281][ T8635] ffff8880a29a6180: 06 fc fc fc fc fc fc fc 06 fc fc fc fc fc fc fc [ 70.182347][ T8635] >ffff8880a29a6200: 04 fc fc fc fc fc fc fc 06 fc fc fc fc fc fc fc [ 70.190392][ T8635] ^ [ 70.194448][ T8635] ffff8880a29a6280: 06 fc fc fc fc fc fc fc 06 fc fc fc fc fc fc fc [ 70.202508][ T8635] ffff8880a29a6300: 06 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 70.210548][ T8635] ================================================================== [ 70.218582][ T8635] Disabling lock debugging due to kernel taint [ 70.225371][ T8635] Kernel panic - not syncing: panic_on_warn set ... [ 70.231961][ T8635] CPU: 0 PID: 8635 Comm: syz-executor996 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 70.242007][ T8635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.252045][ T8635] Call Trace: [ 70.255316][ T8635] dump_stack+0x1fb/0x318 [ 70.259622][ T8635] panic+0x264/0x7a9 [ 70.263500][ T8635] ? __kasan_report+0x193/0x1c0 [ 70.268324][ T8635] ? trace_hardirqs_on+0x34/0x80 [ 70.273248][ T8635] ? __kasan_report+0x193/0x1c0 [ 70.278103][ T8635] __kasan_report+0x1b9/0x1c0 [ 70.282784][ T8635] ? bitmap_ip_list+0x40d/0xcb0 [ 70.287611][ T8635] kasan_report+0x26/0x50 [ 70.291917][ T8635] ? debug_smp_processor_id+0x9/0x20 [ 70.297173][ T8635] check_memory_region+0x2b6/0x2f0 [ 70.302269][ T8635] __kasan_check_read+0x11/0x20 [ 70.307248][ T8635] bitmap_ip_list+0x40d/0xcb0 [ 70.311908][ T8635] ip_set_dump_start+0x10f9/0x1800 [ 70.317006][ T8635] netlink_dump+0x4ed/0x1170 [ 70.321589][ T8635] __netlink_dump_start+0x5cb/0x7b0 [ 70.326825][ T8635] ip_set_dump+0x107/0x160 [ 70.331226][ T8635] ? __find_set_type_get+0x540/0x540 [ 70.336485][ T8635] ? ip_set_dump_start+0x1800/0x1800 [ 70.341839][ T8635] ? ip_set_swap+0x730/0x730 [ 70.346526][ T8635] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 70.351518][ T8635] ? cap_capable+0x25b/0x290 [ 70.356093][ T8635] ? cap_capable+0x25b/0x290 [ 70.360713][ T8635] netlink_rcv_skb+0x19e/0x3e0 [ 70.365511][ T8635] ? nfnetlink_bind+0x250/0x250 [ 70.370347][ T8635] nfnetlink_rcv+0x1e0/0x1e50 [ 70.375017][ T8635] ? rcu_lock_release+0x9/0x30 [ 70.379811][ T8635] ? rcu_lock_release+0x21/0x30 [ 70.384634][ T8635] ? netlink_deliver_tap+0x142/0x880 [ 70.389950][ T8635] netlink_unicast+0x767/0x920 [ 70.394705][ T8635] netlink_sendmsg+0xa2c/0xd50 [ 70.399454][ T8635] ? netlink_getsockopt+0x9f0/0x9f0 [ 70.404698][ T8635] ____sys_sendmsg+0x4f7/0x7f0 [ 70.409455][ T8635] __sys_sendmsg+0x1ed/0x290 [ 70.414091][ T8635] ? check_preemption_disabled+0xb4/0x260 [ 70.420620][ T8635] ? debug_smp_processor_id+0x9/0x20 [ 70.425950][ T8635] ? debug_smp_processor_id+0x1c/0x20 [ 70.431302][ T8635] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 70.437385][ T8635] ? prepare_exit_to_usermode+0x221/0x5b0 [ 70.443144][ T8635] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 70.448857][ T8635] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 70.454323][ T8635] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 70.460030][ T8635] ? do_syscall_64+0x1d/0x1c0 [ 70.464738][ T8635] __x64_sys_sendmsg+0x7f/0x90 [ 70.469518][ T8635] do_syscall_64+0xf7/0x1c0 [ 70.474047][ T8635] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.479923][ T8635] RIP: 0033:0x440529 [ 70.483814][ T8635] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 70.503451][ T8635] RSP: 002b:00007ffc658b0d28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 70.511891][ T8635] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 70.519851][ T8635] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 70.527927][ T8635] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 70.536026][ T8635] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0 [ 70.544002][ T8635] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 70.553357][ T8635] Kernel Offset: disabled [ 70.557690][ T8635] Rebooting in 86400 seconds..