[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 81.271309][ T27] audit: type=1800 audit(1579379212.869:25): pid=9763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 81.291305][ T27] audit: type=1800 audit(1579379212.869:26): pid=9763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 81.329725][ T27] audit: type=1800 audit(1579379212.879:27): pid=9763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 93.373952][ T9915] ================================================================== [ 93.382294][ T9915] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40f/0xf20 [ 93.389826][ T9915] Read of size 8 at addr ffff88809ab25e40 by task syz-executor730/9915 [ 93.398050][ T9915] [ 93.400372][ T9915] CPU: 0 PID: 9915 Comm: syz-executor730 Not tainted 5.5.0-rc6-syzkaller #0 [ 93.409255][ T9915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 93.419312][ T9915] Call Trace: [ 93.422623][ T9915] dump_stack+0x197/0x210 [ 93.427130][ T9915] ? bitmap_ip_list+0x40f/0xf20 [ 93.432135][ T9915] print_address_description.constprop.0.cold+0xd4/0x30b [ 93.439157][ T9915] ? bitmap_ip_list+0x40f/0xf20 [ 93.444033][ T9915] ? bitmap_ip_list+0x40f/0xf20 [ 93.448896][ T9915] __kasan_report.cold+0x1b/0x41 [ 93.453837][ T9915] ? bitmap_ip_list+0x40f/0xf20 [ 93.458730][ T9915] kasan_report+0x12/0x20 [ 93.463196][ T9915] check_memory_region+0x134/0x1a0 [ 93.468357][ T9915] __kasan_check_read+0x11/0x20 [ 93.473212][ T9915] bitmap_ip_list+0x40f/0xf20 [ 93.477893][ T9915] ? bitmap_ip_add+0xe60/0xe60 [ 93.482654][ T9915] ? nla_put+0x110/0x150 [ 93.486909][ T9915] ip_set_dump_start+0x96c/0x1ca0 [ 93.491939][ T9915] ? ip_set_rename+0x720/0x720 [ 93.496739][ T9915] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 93.502312][ T9915] ? perf_trace_lock_acquire+0x4c0/0x530 [ 93.507962][ T9915] ? __kasan_check_write+0x14/0x20 [ 93.513096][ T9915] netlink_dump+0x558/0xfb0 [ 93.517613][ T9915] ? __netlink_sendskb+0xc0/0xc0 [ 93.522734][ T9915] __netlink_dump_start+0x66a/0x930 [ 93.528197][ T9915] ip_set_dump+0x15a/0x1d0 [ 93.532830][ T9915] ? call_ad+0x5a0/0x5a0 [ 93.537059][ T9915] ? ip_set_rename+0x720/0x720 [ 93.541863][ T9915] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 93.547673][ T9915] ? call_ad+0x5a0/0x5a0 [ 93.551904][ T9915] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 93.557010][ T9915] ? nfnetlink_bind+0x2c0/0x2c0 [ 93.561924][ T9915] ? __kasan_check_read+0x11/0x20 [ 93.567086][ T9915] ? __lock_acquire+0x8a0/0x4a00 [ 93.572041][ T9915] ? save_stack+0x5c/0x90 [ 93.576366][ T9915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 93.582705][ T9915] ? apparmor_capable+0x497/0x900 [ 93.587793][ T9915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 93.594130][ T9915] ? __kasan_check_read+0x11/0x20 [ 93.599164][ T9915] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 93.604619][ T9915] netlink_rcv_skb+0x177/0x450 [ 93.609433][ T9915] ? nfnetlink_bind+0x2c0/0x2c0 [ 93.614361][ T9915] ? netlink_ack+0xb50/0xb50 [ 93.618956][ T9915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 93.625190][ T9915] ? ns_capable_common+0x93/0x100 [ 93.630206][ T9915] ? ns_capable+0x20/0x30 [ 93.634669][ T9915] ? __netlink_ns_capable+0x104/0x140 [ 93.640332][ T9915] nfnetlink_rcv+0x1ba/0x460 [ 93.644952][ T9915] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 93.650550][ T9915] ? netlink_deliver_tap+0x24a/0xbe0 [ 93.655834][ T9915] ? __kasan_check_write+0x14/0x20 [ 93.661082][ T9915] netlink_unicast+0x58c/0x7d0 [ 93.665914][ T9915] ? netlink_attachskb+0x870/0x870 [ 93.671022][ T9915] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 93.676750][ T9915] ? __check_object_size+0x3d/0x437 [ 93.681939][ T9915] netlink_sendmsg+0x91c/0xea0 [ 93.686942][ T9915] ? netlink_unicast+0x7d0/0x7d0 [ 93.692012][ T9915] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 93.697639][ T9915] ? apparmor_socket_sendmsg+0x2a/0x30 [ 93.703096][ T9915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 93.709389][ T9915] ? security_socket_sendmsg+0x8d/0xc0 [ 93.714849][ T9915] ? netlink_unicast+0x7d0/0x7d0 [ 93.719790][ T9915] sock_sendmsg+0xd7/0x130 [ 93.724205][ T9915] ____sys_sendmsg+0x753/0x880 [ 93.729148][ T9915] ? kernel_sendmsg+0x50/0x50 [ 93.733833][ T9915] ? lockdep_init_map+0x1be/0x6d0 [ 93.738886][ T9915] ___sys_sendmsg+0x100/0x170 [ 93.743566][ T9915] ? sendmsg_copy_msghdr+0x70/0x70 [ 93.748815][ T9915] ? __kasan_check_read+0x11/0x20 [ 93.753827][ T9915] ? __lock_acquire+0x8a0/0x4a00 [ 93.758762][ T9915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 93.765331][ T9915] ? __this_cpu_preempt_check+0x35/0x190 [ 93.771294][ T9915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 93.778169][ T9915] ? percpu_counter_add_batch+0x13c/0x190 [ 93.783884][ T9915] ? __fd_install+0x1bc/0x640 [ 93.788872][ T9915] ? find_held_lock+0x35/0x130 [ 93.793762][ T9915] ? __fd_install+0x1bc/0x640 [ 93.798452][ T9915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 93.804790][ T9915] ? __fget_light+0x1a9/0x230 [ 93.809736][ T9915] ? __fdget+0x1b/0x20 [ 93.814070][ T9915] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 93.820780][ T9915] __sys_sendmsg+0x105/0x1d0 [ 93.825374][ T9915] ? __sys_sendmsg_sock+0xc0/0xc0 [ 93.830770][ T9915] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 93.836223][ T9915] ? do_syscall_64+0x26/0x790 [ 93.841011][ T9915] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 93.847246][ T9915] ? do_syscall_64+0x26/0x790 [ 93.851961][ T9915] __x64_sys_sendmsg+0x78/0xb0 [ 93.856739][ T9915] do_syscall_64+0xfa/0x790 [ 93.861728][ T9915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 93.867925][ T9915] RIP: 0033:0x440529 [ 93.872064][ T9915] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 93.892550][ T9915] RSP: 002b:00007ffcbbb3db08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.901059][ T9915] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 93.909254][ T9915] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 93.917223][ T9915] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 93.925464][ T9915] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0 [ 93.933541][ T9915] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 93.941795][ T9915] [ 93.944257][ T9915] Allocated by task 9915: [ 93.948745][ T9915] save_stack+0x23/0x90 [ 93.953094][ T9915] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 93.958874][ T9915] kasan_kmalloc+0x9/0x10 [ 93.963214][ T9915] __kmalloc+0x163/0x770 [ 93.967567][ T9915] ip_set_alloc+0x38/0x5e [ 93.972143][ T9915] bitmap_ip_create+0x6ec/0xc20 [ 93.977435][ T9915] ip_set_create+0x6f1/0x1500 [ 93.982107][ T9915] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 93.987249][ T9915] netlink_rcv_skb+0x177/0x450 [ 93.992134][ T9915] nfnetlink_rcv+0x1ba/0x460 [ 93.996721][ T9915] netlink_unicast+0x58c/0x7d0 [ 94.001659][ T9915] netlink_sendmsg+0x91c/0xea0 [ 94.007330][ T9915] sock_sendmsg+0xd7/0x130 [ 94.012121][ T9915] ____sys_sendmsg+0x753/0x880 [ 94.016949][ T9915] ___sys_sendmsg+0x100/0x170 [ 94.022379][ T9915] __sys_sendmsg+0x105/0x1d0 [ 94.026992][ T9915] __x64_sys_sendmsg+0x78/0xb0 [ 94.031743][ T9915] do_syscall_64+0xfa/0x790 [ 94.036241][ T9915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.042144][ T9915] [ 94.044470][ T9915] Freed by task 9657: [ 94.048466][ T9915] save_stack+0x23/0x90 [ 94.052616][ T9915] __kasan_slab_free+0x102/0x150 [ 94.057582][ T9915] kasan_slab_free+0xe/0x10 [ 94.062113][ T9915] kfree+0x10a/0x2c0 [ 94.066033][ T9915] tomoyo_unix_entry+0x469/0x5d0 [ 94.071227][ T9915] tomoyo_socket_connect_permission+0x331/0x380 [ 94.077479][ T9915] tomoyo_socket_connect+0x26/0x30 [ 94.082624][ T9915] security_socket_connect+0x77/0xc0 [ 94.088199][ T9915] __sys_connect_file+0xae/0x1c0 [ 94.093790][ T9915] __sys_connect+0x174/0x1b0 [ 94.098661][ T9915] __x64_sys_connect+0x73/0xb0 [ 94.103496][ T9915] do_syscall_64+0xfa/0x790 [ 94.108041][ T9915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.114121][ T9915] [ 94.116471][ T9915] The buggy address belongs to the object at ffff88809ab25e40 [ 94.116471][ T9915] which belongs to the cache kmalloc-32 of size 32 [ 94.130621][ T9915] The buggy address is located 0 bytes inside of [ 94.130621][ T9915] 32-byte region [ffff88809ab25e40, ffff88809ab25e60) [ 94.143884][ T9915] The buggy address belongs to the page: [ 94.149621][ T9915] page:ffffea00026ac940 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809ab25fc1 [ 94.160128][ T9915] raw: 00fffe0000000200 ffffea00029ada88 ffffea00026863c8 ffff8880aa4001c0 [ 94.168716][ T9915] raw: ffff88809ab25fc1 ffff88809ab25000 000000010000003e 0000000000000000 [ 94.177550][ T9915] page dumped because: kasan: bad access detected [ 94.183956][ T9915] [ 94.186303][ T9915] Memory state around the buggy address: [ 94.193490][ T9915] ffff88809ab25d00: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc [ 94.201679][ T9915] ffff88809ab25d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 94.209751][ T9915] >ffff88809ab25e00: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 94.217848][ T9915] ^ [ 94.224008][ T9915] ffff88809ab25e80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 94.232477][ T9915] ffff88809ab25f00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 94.240645][ T9915] ================================================================== [ 94.248815][ T9915] Disabling lock debugging due to kernel taint [ 94.256409][ T9915] Kernel panic - not syncing: panic_on_warn set ... [ 94.263572][ T9915] CPU: 0 PID: 9915 Comm: syz-executor730 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 94.274424][ T9915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.284566][ T9915] Call Trace: [ 94.287856][ T9915] dump_stack+0x197/0x210 [ 94.292228][ T9915] panic+0x2e3/0x75c [ 94.296133][ T9915] ? add_taint.cold+0x16/0x16 [ 94.300804][ T9915] ? bitmap_ip_list+0x40f/0xf20 [ 94.305649][ T9915] ? preempt_schedule+0x4b/0x60 [ 94.310596][ T9915] ? ___preempt_schedule+0x16/0x18 [ 94.315904][ T9915] ? trace_hardirqs_on+0x5e/0x240 [ 94.321043][ T9915] ? bitmap_ip_list+0x40f/0xf20 [ 94.325882][ T9915] end_report+0x47/0x4f [ 94.330133][ T9915] ? bitmap_ip_list+0x40f/0xf20 [ 94.335010][ T9915] __kasan_report.cold+0xe/0x41 [ 94.339850][ T9915] ? bitmap_ip_list+0x40f/0xf20 [ 94.344832][ T9915] kasan_report+0x12/0x20 [ 94.349221][ T9915] check_memory_region+0x134/0x1a0 [ 94.354443][ T9915] __kasan_check_read+0x11/0x20 [ 94.359377][ T9915] bitmap_ip_list+0x40f/0xf20 [ 94.364245][ T9915] ? bitmap_ip_add+0xe60/0xe60 [ 94.369091][ T9915] ? nla_put+0x110/0x150 [ 94.373576][ T9915] ip_set_dump_start+0x96c/0x1ca0 [ 94.379924][ T9915] ? ip_set_rename+0x720/0x720 [ 94.384787][ T9915] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 94.390328][ T9915] ? perf_trace_lock_acquire+0x4c0/0x530 [ 94.395983][ T9915] ? __kasan_check_write+0x14/0x20 [ 94.401111][ T9915] netlink_dump+0x558/0xfb0 [ 94.405603][ T9915] ? __netlink_sendskb+0xc0/0xc0 [ 94.410662][ T9915] __netlink_dump_start+0x66a/0x930 [ 94.415963][ T9915] ip_set_dump+0x15a/0x1d0 [ 94.420376][ T9915] ? call_ad+0x5a0/0x5a0 [ 94.424613][ T9915] ? ip_set_rename+0x720/0x720 [ 94.429734][ T9915] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 94.435705][ T9915] ? call_ad+0x5a0/0x5a0 [ 94.440380][ T9915] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 94.445390][ T9915] ? nfnetlink_bind+0x2c0/0x2c0 [ 94.450338][ T9915] ? __kasan_check_read+0x11/0x20 [ 94.455448][ T9915] ? __lock_acquire+0x8a0/0x4a00 [ 94.460382][ T9915] ? save_stack+0x5c/0x90 [ 94.464711][ T9915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.471030][ T9915] ? apparmor_capable+0x497/0x900 [ 94.476051][ T9915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.482392][ T9915] ? __kasan_check_read+0x11/0x20 [ 94.487415][ T9915] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 94.493244][ T9915] netlink_rcv_skb+0x177/0x450 [ 94.498033][ T9915] ? nfnetlink_bind+0x2c0/0x2c0 [ 94.502907][ T9915] ? netlink_ack+0xb50/0xb50 [ 94.507507][ T9915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.513886][ T9915] ? ns_capable_common+0x93/0x100 [ 94.518919][ T9915] ? ns_capable+0x20/0x30 [ 94.523349][ T9915] ? __netlink_ns_capable+0x104/0x140 [ 94.528868][ T9915] nfnetlink_rcv+0x1ba/0x460 [ 94.533567][ T9915] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 94.539019][ T9915] ? netlink_deliver_tap+0x24a/0xbe0 [ 94.544616][ T9915] ? __kasan_check_write+0x14/0x20 [ 94.549897][ T9915] netlink_unicast+0x58c/0x7d0 [ 94.554793][ T9915] ? netlink_attachskb+0x870/0x870 [ 94.559936][ T9915] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 94.565667][ T9915] ? __check_object_size+0x3d/0x437 [ 94.570971][ T9915] netlink_sendmsg+0x91c/0xea0 [ 94.575848][ T9915] ? netlink_unicast+0x7d0/0x7d0 [ 94.580887][ T9915] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 94.586560][ T9915] ? apparmor_socket_sendmsg+0x2a/0x30 [ 94.592017][ T9915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.600697][ T9915] ? security_socket_sendmsg+0x8d/0xc0 [ 94.606616][ T9915] ? netlink_unicast+0x7d0/0x7d0 [ 94.611674][ T9915] sock_sendmsg+0xd7/0x130 [ 94.616106][ T9915] ____sys_sendmsg+0x753/0x880 [ 94.620993][ T9915] ? kernel_sendmsg+0x50/0x50 [ 94.625813][ T9915] ? lockdep_init_map+0x1be/0x6d0 [ 94.630832][ T9915] ___sys_sendmsg+0x100/0x170 [ 94.635651][ T9915] ? sendmsg_copy_msghdr+0x70/0x70 [ 94.640758][ T9915] ? __kasan_check_read+0x11/0x20 [ 94.645783][ T9915] ? __lock_acquire+0x8a0/0x4a00 [ 94.651008][ T9915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.657250][ T9915] ? __this_cpu_preempt_check+0x35/0x190 [ 94.662869][ T9915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.669288][ T9915] ? percpu_counter_add_batch+0x13c/0x190 [ 94.674994][ T9915] ? __fd_install+0x1bc/0x640 [ 94.679661][ T9915] ? find_held_lock+0x35/0x130 [ 94.684620][ T9915] ? __fd_install+0x1bc/0x640 [ 94.689397][ T9915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.695625][ T9915] ? __fget_light+0x1a9/0x230 [ 94.700315][ T9915] ? __fdget+0x1b/0x20 [ 94.704501][ T9915] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 94.710877][ T9915] __sys_sendmsg+0x105/0x1d0 [ 94.715940][ T9915] ? __sys_sendmsg_sock+0xc0/0xc0 [ 94.720962][ T9915] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 94.726404][ T9915] ? do_syscall_64+0x26/0x790 [ 94.731352][ T9915] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.737613][ T9915] ? do_syscall_64+0x26/0x790 [ 94.742281][ T9915] __x64_sys_sendmsg+0x78/0xb0 [ 94.747030][ T9915] do_syscall_64+0xfa/0x790 [ 94.751596][ T9915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.757498][ T9915] RIP: 0033:0x440529 [ 94.761392][ T9915] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 94.781519][ T9915] RSP: 002b:00007ffcbbb3db08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.790539][ T9915] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 94.798505][ T9915] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 94.806470][ T9915] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 94.815343][ T9915] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0 [ 94.823309][ T9915] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 94.833559][ T9915] Kernel Offset: disabled [ 94.838416][ T9915] Rebooting in 86400 seconds..