[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 77.719203][ T27] audit: type=1800 audit(1579348990.606:25): pid=9445 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 77.739362][ T27] audit: type=1800 audit(1579348990.616:26): pid=9445 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 77.783318][ T27] audit: type=1800 audit(1579348990.616:27): pid=9445 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 88.901812][ T9597] ================================================================== [ 88.911274][ T9597] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080 [ 88.919347][ T9597] Read of size 8 at addr ffff8880a24c5340 by task syz-executor139/9597 [ 88.927924][ T9597] [ 88.930276][ T9597] CPU: 1 PID: 9597 Comm: syz-executor139 Not tainted 5.5.0-rc6-syzkaller #0 [ 88.938953][ T9597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 88.950313][ T9597] Call Trace: [ 88.953702][ T9597] dump_stack+0x197/0x210 [ 88.958030][ T9597] ? bitmap_ipmac_list+0x635/0x1080 [ 88.963276][ T9597] print_address_description.constprop.0.cold+0xd4/0x30b [ 88.970405][ T9597] ? bitmap_ipmac_list+0x635/0x1080 [ 88.975780][ T9597] ? bitmap_ipmac_list+0x635/0x1080 [ 88.981371][ T9597] __kasan_report.cold+0x1b/0x41 [ 88.986332][ T9597] ? bitmap_ipmac_list+0x635/0x1080 [ 88.991674][ T9597] kasan_report+0x12/0x20 [ 88.996119][ T9597] check_memory_region+0x134/0x1a0 [ 89.001503][ T9597] __kasan_check_read+0x11/0x20 [ 89.006359][ T9597] bitmap_ipmac_list+0x635/0x1080 [ 89.011397][ T9597] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 89.016515][ T9597] ? nla_put+0x110/0x150 [ 89.020755][ T9597] ip_set_dump_start+0x96c/0x1ca0 [ 89.025772][ T9597] ? ip_set_rename+0x720/0x720 [ 89.030668][ T9597] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 89.036205][ T9597] ? perf_trace_lock_acquire+0x4c0/0x530 [ 89.041850][ T9597] ? __kasan_check_write+0x14/0x20 [ 89.048016][ T9597] netlink_dump+0x558/0xfb0 [ 89.052530][ T9597] ? __netlink_sendskb+0xc0/0xc0 [ 89.057768][ T9597] __netlink_dump_start+0x66a/0x930 [ 89.063105][ T9597] ip_set_dump+0x15a/0x1d0 [ 89.067599][ T9597] ? call_ad+0x5a0/0x5a0 [ 89.071826][ T9597] ? ip_set_rename+0x720/0x720 [ 89.076580][ T9597] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 89.082390][ T9597] ? call_ad+0x5a0/0x5a0 [ 89.086636][ T9597] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 89.091581][ T9597] ? nfnetlink_bind+0x2c0/0x2c0 [ 89.096423][ T9597] ? __kasan_check_read+0x11/0x20 [ 89.101431][ T9597] ? __lock_acquire+0x8a0/0x4a00 [ 89.106366][ T9597] ? save_stack+0x5c/0x90 [ 89.110682][ T9597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.116918][ T9597] ? apparmor_capable+0x497/0x900 [ 89.121952][ T9597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.128183][ T9597] ? __kasan_check_read+0x11/0x20 [ 89.133210][ T9597] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 89.138692][ T9597] netlink_rcv_skb+0x177/0x450 [ 89.143557][ T9597] ? nfnetlink_bind+0x2c0/0x2c0 [ 89.148839][ T9597] ? netlink_ack+0xb50/0xb50 [ 89.153417][ T9597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.159655][ T9597] ? ns_capable_common+0x93/0x100 [ 89.164694][ T9597] ? ns_capable+0x20/0x30 [ 89.169024][ T9597] ? __netlink_ns_capable+0x104/0x140 [ 89.174510][ T9597] nfnetlink_rcv+0x1ba/0x460 [ 89.179154][ T9597] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 89.184658][ T9597] ? netlink_deliver_tap+0x24a/0xbe0 [ 89.189934][ T9597] ? __kasan_check_write+0x14/0x20 [ 89.195151][ T9597] netlink_unicast+0x58c/0x7d0 [ 89.199941][ T9597] ? netlink_attachskb+0x870/0x870 [ 89.205166][ T9597] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 89.211014][ T9597] ? __check_object_size+0x3d/0x437 [ 89.216213][ T9597] netlink_sendmsg+0x91c/0xea0 [ 89.220966][ T9597] ? netlink_unicast+0x7d0/0x7d0 [ 89.225895][ T9597] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 89.231492][ T9597] ? apparmor_socket_sendmsg+0x2a/0x30 [ 89.236992][ T9597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.243238][ T9597] ? security_socket_sendmsg+0x8d/0xc0 [ 89.248843][ T9597] ? netlink_unicast+0x7d0/0x7d0 [ 89.253769][ T9597] sock_sendmsg+0xd7/0x130 [ 89.258283][ T9597] ____sys_sendmsg+0x753/0x880 [ 89.263111][ T9597] ? kernel_sendmsg+0x50/0x50 [ 89.267790][ T9597] ? lockdep_init_map+0x1be/0x6d0 [ 89.272866][ T9597] ___sys_sendmsg+0x100/0x170 [ 89.277655][ T9597] ? sendmsg_copy_msghdr+0x70/0x70 [ 89.282767][ T9597] ? __kasan_check_read+0x11/0x20 [ 89.287791][ T9597] ? __lock_acquire+0x8a0/0x4a00 [ 89.292737][ T9597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.299112][ T9597] ? __this_cpu_preempt_check+0x35/0x190 [ 89.304861][ T9597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.311104][ T9597] ? percpu_counter_add_batch+0x13c/0x190 [ 89.316985][ T9597] ? __fd_install+0x1bc/0x640 [ 89.321824][ T9597] ? find_held_lock+0x35/0x130 [ 89.326725][ T9597] ? __fd_install+0x1bc/0x640 [ 89.331407][ T9597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.337683][ T9597] ? __fget_light+0x1a9/0x230 [ 89.342364][ T9597] ? __fdget+0x1b/0x20 [ 89.346431][ T9597] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 89.352728][ T9597] __sys_sendmsg+0x105/0x1d0 [ 89.357309][ T9597] ? __sys_sendmsg_sock+0xc0/0xc0 [ 89.362344][ T9597] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 89.367807][ T9597] ? do_fast_syscall_32+0xd1/0xe16 [ 89.373092][ T9597] ? entry_SYSENTER_compat+0x70/0x7f [ 89.378375][ T9597] ? do_fast_syscall_32+0xd1/0xe16 [ 89.383480][ T9597] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 89.388941][ T9597] do_fast_syscall_32+0x27b/0xe16 [ 89.393963][ T9597] entry_SYSENTER_compat+0x70/0x7f [ 89.399169][ T9597] RIP: 0023:0xf7f30a39 [ 89.403480][ T9597] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 89.423210][ T9597] RSP: 002b:00000000ff88d54c EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 89.431742][ T9597] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000380 [ 89.439712][ T9597] RDX: 0000000000000000 RSI: 00000000080ea080 RDI: 00000000ff88d5a0 [ 89.447680][ T9597] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 89.455673][ T9597] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 89.463634][ T9597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 89.471610][ T9597] [ 89.473927][ T9597] Allocated by task 9597: [ 89.478254][ T9597] save_stack+0x23/0x90 [ 89.482404][ T9597] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 89.488030][ T9597] kasan_kmalloc+0x9/0x10 [ 89.492424][ T9597] __kmalloc+0x163/0x770 [ 89.496648][ T9597] ip_set_alloc+0x38/0x5e [ 89.500970][ T9597] bitmap_ipmac_create+0x4e8/0xa00 [ 89.506079][ T9597] ip_set_create+0x6f1/0x1500 [ 89.510756][ T9597] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 89.515687][ T9597] netlink_rcv_skb+0x177/0x450 [ 89.520444][ T9597] nfnetlink_rcv+0x1ba/0x460 [ 89.525061][ T9597] netlink_unicast+0x58c/0x7d0 [ 89.529830][ T9597] netlink_sendmsg+0x91c/0xea0 [ 89.534604][ T9597] sock_sendmsg+0xd7/0x130 [ 89.539132][ T9597] ____sys_sendmsg+0x753/0x880 [ 89.543971][ T9597] ___sys_sendmsg+0x100/0x170 [ 89.548806][ T9597] __sys_sendmsg+0x105/0x1d0 [ 89.553446][ T9597] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 89.558902][ T9597] do_fast_syscall_32+0x27b/0xe16 [ 89.563941][ T9597] entry_SYSENTER_compat+0x70/0x7f [ 89.569032][ T9597] [ 89.571459][ T9597] Freed by task 9331: [ 89.575540][ T9597] save_stack+0x23/0x90 [ 89.579692][ T9597] __kasan_slab_free+0x102/0x150 [ 89.584627][ T9597] kasan_slab_free+0xe/0x10 [ 89.589204][ T9597] kfree+0x10a/0x2c0 [ 89.593100][ T9597] tomoyo_path_perm+0x24e/0x430 [ 89.597955][ T9597] tomoyo_inode_getattr+0x1d/0x30 [ 89.603068][ T9597] security_inode_getattr+0xf2/0x150 [ 89.608366][ T9597] vfs_getattr+0x25/0x70 [ 89.612611][ T9597] vfs_statx+0x157/0x200 [ 89.616845][ T9597] __do_sys_newstat+0xa4/0x130 [ 89.621719][ T9597] __x64_sys_newstat+0x54/0x80 [ 89.626617][ T9597] do_syscall_64+0xfa/0x790 [ 89.632385][ T9597] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 89.638262][ T9597] [ 89.640576][ T9597] The buggy address belongs to the object at ffff8880a24c5340 [ 89.640576][ T9597] which belongs to the cache kmalloc-32 of size 32 [ 89.654602][ T9597] The buggy address is located 0 bytes inside of [ 89.654602][ T9597] 32-byte region [ffff8880a24c5340, ffff8880a24c5360) [ 89.667721][ T9597] The buggy address belongs to the page: [ 89.673452][ T9597] page:ffffea0002893140 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a24c5fc1 [ 89.683850][ T9597] raw: 00fffe0000000200 ffffea0002767548 ffffea000280f0c8 ffff8880aa4001c0 [ 89.692427][ T9597] raw: ffff8880a24c5fc1 ffff8880a24c5000 000000010000003e 0000000000000000 [ 89.701010][ T9597] page dumped because: kasan: bad access detected [ 89.707416][ T9597] [ 89.709728][ T9597] Memory state around the buggy address: [ 89.715349][ T9597] ffff8880a24c5200: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 89.723503][ T9597] ffff8880a24c5280: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 89.731769][ T9597] >ffff8880a24c5300: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 89.739875][ T9597] ^ [ 89.746129][ T9597] ffff8880a24c5380: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 89.754188][ T9597] ffff8880a24c5400: 00 00 00 04 fc fc fc fc fb fb fb fb fc fc fc fc [ 89.762276][ T9597] ================================================================== [ 89.770450][ T9597] Disabling lock debugging due to kernel taint [ 89.777269][ T9597] Kernel panic - not syncing: panic_on_warn set ... [ 89.783867][ T9597] CPU: 0 PID: 9597 Comm: syz-executor139 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 89.794034][ T9597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.804080][ T9597] Call Trace: [ 89.807524][ T9597] dump_stack+0x197/0x210 [ 89.811945][ T9597] panic+0x2e3/0x75c [ 89.816004][ T9597] ? add_taint.cold+0x16/0x16 [ 89.820676][ T9597] ? bitmap_ipmac_list+0x635/0x1080 [ 89.825874][ T9597] ? preempt_schedule+0x4b/0x60 [ 89.830729][ T9597] ? ___preempt_schedule+0x16/0x18 [ 89.835825][ T9597] ? trace_hardirqs_on+0x5e/0x240 [ 89.840843][ T9597] ? bitmap_ipmac_list+0x635/0x1080 [ 89.846032][ T9597] end_report+0x47/0x4f [ 89.850216][ T9597] ? bitmap_ipmac_list+0x635/0x1080 [ 89.855406][ T9597] __kasan_report.cold+0xe/0x41 [ 89.860254][ T9597] ? bitmap_ipmac_list+0x635/0x1080 [ 89.865596][ T9597] kasan_report+0x12/0x20 [ 89.869918][ T9597] check_memory_region+0x134/0x1a0 [ 89.875073][ T9597] __kasan_check_read+0x11/0x20 [ 89.879939][ T9597] bitmap_ipmac_list+0x635/0x1080 [ 89.884958][ T9597] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 89.890052][ T9597] ? nla_put+0x110/0x150 [ 89.894288][ T9597] ip_set_dump_start+0x96c/0x1ca0 [ 89.899475][ T9597] ? ip_set_rename+0x720/0x720 [ 89.904356][ T9597] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 89.909892][ T9597] ? perf_trace_lock_acquire+0x4c0/0x530 [ 89.915524][ T9597] ? __kasan_check_write+0x14/0x20 [ 89.920629][ T9597] netlink_dump+0x558/0xfb0 [ 89.925129][ T9597] ? __netlink_sendskb+0xc0/0xc0 [ 89.930064][ T9597] __netlink_dump_start+0x66a/0x930 [ 89.935260][ T9597] ip_set_dump+0x15a/0x1d0 [ 89.939662][ T9597] ? call_ad+0x5a0/0x5a0 [ 89.943899][ T9597] ? ip_set_rename+0x720/0x720 [ 89.948703][ T9597] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 89.954526][ T9597] ? call_ad+0x5a0/0x5a0 [ 89.958881][ T9597] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 89.963824][ T9597] ? nfnetlink_bind+0x2c0/0x2c0 [ 89.968681][ T9597] ? __kasan_check_read+0x11/0x20 [ 89.973908][ T9597] ? __lock_acquire+0x8a0/0x4a00 [ 89.978833][ T9597] ? save_stack+0x5c/0x90 [ 89.983261][ T9597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.989494][ T9597] ? apparmor_capable+0x497/0x900 [ 89.994508][ T9597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 90.000853][ T9597] ? __kasan_check_read+0x11/0x20 [ 90.005863][ T9597] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 90.011315][ T9597] netlink_rcv_skb+0x177/0x450 [ 90.016076][ T9597] ? nfnetlink_bind+0x2c0/0x2c0 [ 90.020910][ T9597] ? netlink_ack+0xb50/0xb50 [ 90.025492][ T9597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 90.031769][ T9597] ? ns_capable_common+0x93/0x100 [ 90.036782][ T9597] ? ns_capable+0x20/0x30 [ 90.041092][ T9597] ? __netlink_ns_capable+0x104/0x140 [ 90.046566][ T9597] nfnetlink_rcv+0x1ba/0x460 [ 90.051181][ T9597] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 90.056769][ T9597] ? netlink_deliver_tap+0x24a/0xbe0 [ 90.062051][ T9597] ? __kasan_check_write+0x14/0x20 [ 90.067151][ T9597] netlink_unicast+0x58c/0x7d0 [ 90.071911][ T9597] ? netlink_attachskb+0x870/0x870 [ 90.077018][ T9597] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 90.082730][ T9597] ? __check_object_size+0x3d/0x437 [ 90.087923][ T9597] netlink_sendmsg+0x91c/0xea0 [ 90.092670][ T9597] ? netlink_unicast+0x7d0/0x7d0 [ 90.097632][ T9597] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 90.103238][ T9597] ? apparmor_socket_sendmsg+0x2a/0x30 [ 90.108690][ T9597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 90.115017][ T9597] ? security_socket_sendmsg+0x8d/0xc0 [ 90.120490][ T9597] ? netlink_unicast+0x7d0/0x7d0 [ 90.125418][ T9597] sock_sendmsg+0xd7/0x130 [ 90.129827][ T9597] ____sys_sendmsg+0x753/0x880 [ 90.134578][ T9597] ? kernel_sendmsg+0x50/0x50 [ 90.139339][ T9597] ? lockdep_init_map+0x1be/0x6d0 [ 90.144355][ T9597] ___sys_sendmsg+0x100/0x170 [ 90.149024][ T9597] ? sendmsg_copy_msghdr+0x70/0x70 [ 90.154131][ T9597] ? __kasan_check_read+0x11/0x20 [ 90.159298][ T9597] ? __lock_acquire+0x8a0/0x4a00 [ 90.164233][ T9597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 90.170485][ T9597] ? __this_cpu_preempt_check+0x35/0x190 [ 90.176124][ T9597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 90.182459][ T9597] ? percpu_counter_add_batch+0x13c/0x190 [ 90.188173][ T9597] ? __fd_install+0x1bc/0x640 [ 90.192846][ T9597] ? find_held_lock+0x35/0x130 [ 90.197599][ T9597] ? __fd_install+0x1bc/0x640 [ 90.202269][ T9597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 90.208502][ T9597] ? __fget_light+0x1a9/0x230 [ 90.213163][ T9597] ? __fdget+0x1b/0x20 [ 90.217228][ T9597] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 90.223549][ T9597] __sys_sendmsg+0x105/0x1d0 [ 90.228171][ T9597] ? __sys_sendmsg_sock+0xc0/0xc0 [ 90.233222][ T9597] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 90.238676][ T9597] ? do_fast_syscall_32+0xd1/0xe16 [ 90.243772][ T9597] ? entry_SYSENTER_compat+0x70/0x7f [ 90.249036][ T9597] ? do_fast_syscall_32+0xd1/0xe16 [ 90.254140][ T9597] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 90.259648][ T9597] do_fast_syscall_32+0x27b/0xe16 [ 90.264661][ T9597] entry_SYSENTER_compat+0x70/0x7f [ 90.269762][ T9597] RIP: 0023:0xf7f30a39 [ 90.273826][ T9597] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 90.293465][ T9597] RSP: 002b:00000000ff88d54c EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 90.301868][ T9597] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000380 [ 90.309834][ T9597] RDX: 0000000000000000 RSI: 00000000080ea080 RDI: 00000000ff88d5a0 [ 90.317847][ T9597] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 90.325850][ T9597] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 90.333812][ T9597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 90.343448][ T9597] Kernel Offset: disabled [ 90.347782][ T9597] Rebooting in 86400 seconds..