[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 88.765177][ T27] audit: type=1800 audit(1579406301.975:25): pid=9468 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 88.786141][ T27] audit: type=1800 audit(1579406301.995:26): pid=9468 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 88.839499][ T27] audit: type=1800 audit(1579406301.995:27): pid=9468 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.130' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 109.773389][ T9624] ================================================================== [ 109.781728][ T9624] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40f/0xf20 [ 109.789278][ T9624] Read of size 8 at addr ffff88809ee5f840 by task syz-executor276/9624 [ 109.797497][ T9624] [ 109.799816][ T9624] CPU: 0 PID: 9624 Comm: syz-executor276 Not tainted 5.5.0-rc6-syzkaller #0 [ 109.808473][ T9624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 109.821210][ T9624] Call Trace: [ 109.824504][ T9624] dump_stack+0x197/0x210 [ 109.828835][ T9624] ? bitmap_ip_list+0x40f/0xf20 [ 109.833675][ T9624] print_address_description.constprop.0.cold+0xd4/0x30b [ 109.840726][ T9624] ? bitmap_ip_list+0x40f/0xf20 [ 109.845562][ T9624] ? bitmap_ip_list+0x40f/0xf20 [ 109.850397][ T9624] __kasan_report.cold+0x1b/0x41 [ 109.855319][ T9624] ? bitmap_ip_list+0x40f/0xf20 [ 109.860167][ T9624] kasan_report+0x12/0x20 [ 109.864922][ T9624] check_memory_region+0x134/0x1a0 [ 109.870017][ T9624] __kasan_check_read+0x11/0x20 [ 109.874864][ T9624] bitmap_ip_list+0x40f/0xf20 [ 109.879529][ T9624] ? bitmap_ip_add+0xe60/0xe60 [ 109.884277][ T9624] ? nla_put+0x110/0x150 [ 109.888507][ T9624] ip_set_dump_start+0x96c/0x1ca0 [ 109.893522][ T9624] ? ip_set_rename+0x720/0x720 [ 109.898283][ T9624] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 109.903840][ T9624] ? perf_trace_lock_acquire+0x4a0/0x530 [ 109.909632][ T9624] ? __kasan_check_write+0x14/0x20 [ 109.914747][ T9624] netlink_dump+0x558/0xfb0 [ 109.919364][ T9624] ? __netlink_sendskb+0xc0/0xc0 [ 109.924401][ T9624] __netlink_dump_start+0x66a/0x930 [ 109.929597][ T9624] ip_set_dump+0x15a/0x1d0 [ 109.934006][ T9624] ? call_ad+0x5a0/0x5a0 [ 109.938288][ T9624] ? ip_set_rename+0x720/0x720 [ 109.943041][ T9624] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 109.948844][ T9624] ? call_ad+0x5a0/0x5a0 [ 109.953087][ T9624] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 109.958115][ T9624] ? nfnetlink_bind+0x2c0/0x2c0 [ 109.962961][ T9624] ? __kasan_check_read+0x11/0x20 [ 109.967989][ T9624] ? __lock_acquire+0x8a0/0x4a00 [ 109.973006][ T9624] ? save_stack+0x5c/0x90 [ 109.977352][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 109.983629][ T9624] ? apparmor_capable+0x497/0x900 [ 109.988644][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 109.994873][ T9624] ? __kasan_check_read+0x11/0x20 [ 109.999974][ T9624] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 110.005434][ T9624] netlink_rcv_skb+0x177/0x450 [ 110.010353][ T9624] ? nfnetlink_bind+0x2c0/0x2c0 [ 110.016329][ T9624] ? netlink_ack+0xb50/0xb50 [ 110.020915][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.028472][ T9624] ? ns_capable_common+0x93/0x100 [ 110.033478][ T9624] ? ns_capable+0x20/0x30 [ 110.037895][ T9624] ? __netlink_ns_capable+0x104/0x140 [ 110.043294][ T9624] nfnetlink_rcv+0x1ba/0x460 [ 110.047942][ T9624] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 110.053503][ T9624] ? netlink_deliver_tap+0x24a/0xbe0 [ 110.058987][ T9624] ? __kasan_check_write+0x14/0x20 [ 110.064113][ T9624] netlink_unicast+0x58c/0x7d0 [ 110.068896][ T9624] ? netlink_attachskb+0x870/0x870 [ 110.073997][ T9624] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 110.079710][ T9624] ? __check_object_size+0x3d/0x437 [ 110.084944][ T9624] netlink_sendmsg+0x91c/0xea0 [ 110.089712][ T9624] ? netlink_unicast+0x7d0/0x7d0 [ 110.094753][ T9624] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 110.100296][ T9624] ? apparmor_socket_sendmsg+0x2a/0x30 [ 110.105805][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.112037][ T9624] ? security_socket_sendmsg+0x8d/0xc0 [ 110.118539][ T9624] ? netlink_unicast+0x7d0/0x7d0 [ 110.123487][ T9624] sock_sendmsg+0xd7/0x130 [ 110.128013][ T9624] ____sys_sendmsg+0x753/0x880 [ 110.132950][ T9624] ? kernel_sendmsg+0x50/0x50 [ 110.137627][ T9624] ? lockdep_init_map+0x1be/0x6d0 [ 110.142659][ T9624] ___sys_sendmsg+0x100/0x170 [ 110.147327][ T9624] ? sendmsg_copy_msghdr+0x70/0x70 [ 110.152479][ T9624] ? __kasan_check_read+0x11/0x20 [ 110.157534][ T9624] ? __lock_acquire+0x8a0/0x4a00 [ 110.162470][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.169496][ T9624] ? __this_cpu_preempt_check+0x35/0x190 [ 110.175119][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.181343][ T9624] ? percpu_counter_add_batch+0x13c/0x190 [ 110.187118][ T9624] ? __fd_install+0x1bc/0x640 [ 110.191795][ T9624] ? find_held_lock+0x35/0x130 [ 110.196552][ T9624] ? __fd_install+0x1bc/0x640 [ 110.203083][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.209321][ T9624] ? __fget_light+0x1a9/0x230 [ 110.213988][ T9624] ? __fdget+0x1b/0x20 [ 110.218129][ T9624] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 110.224354][ T9624] __sys_sendmsg+0x105/0x1d0 [ 110.228939][ T9624] ? __sys_sendmsg_sock+0xc0/0xc0 [ 110.233950][ T9624] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 110.239390][ T9624] ? do_fast_syscall_32+0xd1/0xe16 [ 110.244482][ T9624] ? entry_SYSENTER_compat+0x70/0x7f [ 110.249748][ T9624] ? do_fast_syscall_32+0xd1/0xe16 [ 110.254845][ T9624] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 110.260286][ T9624] do_fast_syscall_32+0x27b/0xe16 [ 110.265297][ T9624] entry_SYSENTER_compat+0x70/0x7f [ 110.270388][ T9624] RIP: 0023:0xf7f509a9 [ 110.274434][ T9624] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 110.294041][ T9624] RSP: 002b:00000000ff918e7c EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 110.302445][ T9624] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200000c0 [ 110.310398][ T9624] RDX: 0000000000000080 RSI: 00000000080ea080 RDI: 00000000ff918ed0 [ 110.318363][ T9624] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 110.326321][ T9624] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 110.334285][ T9624] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 110.342278][ T9624] [ 110.344668][ T9624] Allocated by task 9624: [ 110.349009][ T9624] save_stack+0x23/0x90 [ 110.353152][ T9624] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 110.358780][ T9624] kasan_kmalloc+0x9/0x10 [ 110.363116][ T9624] __kmalloc+0x163/0x770 [ 110.367359][ T9624] ip_set_alloc+0x38/0x5e [ 110.371682][ T9624] bitmap_ip_create+0x6ec/0xc20 [ 110.376514][ T9624] ip_set_create+0x6f1/0x1500 [ 110.381182][ T9624] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 110.386173][ T9624] netlink_rcv_skb+0x177/0x450 [ 110.390949][ T9624] nfnetlink_rcv+0x1ba/0x460 [ 110.396057][ T9624] netlink_unicast+0x58c/0x7d0 [ 110.400817][ T9624] netlink_sendmsg+0x91c/0xea0 [ 110.405589][ T9624] sock_sendmsg+0xd7/0x130 [ 110.410000][ T9624] ____sys_sendmsg+0x753/0x880 [ 110.414769][ T9624] ___sys_sendmsg+0x100/0x170 [ 110.419439][ T9624] __sys_sendmsg+0x105/0x1d0 [ 110.424023][ T9624] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 110.429474][ T9624] do_fast_syscall_32+0x27b/0xe16 [ 110.434498][ T9624] entry_SYSENTER_compat+0x70/0x7f [ 110.439590][ T9624] [ 110.441914][ T9624] Freed by task 9302: [ 110.445889][ T9624] save_stack+0x23/0x90 [ 110.450043][ T9624] __kasan_slab_free+0x102/0x150 [ 110.454984][ T9624] kasan_slab_free+0xe/0x10 [ 110.459492][ T9624] kfree+0x10a/0x2c0 [ 110.463373][ T9624] tomoyo_check_open_permission+0x19e/0x3e0 [ 110.469309][ T9624] tomoyo_file_open+0xa9/0xd0 [ 110.474030][ T9624] security_file_open+0x71/0x300 [ 110.478982][ T9624] do_dentry_open+0x37a/0x1380 [ 110.483736][ T9624] vfs_open+0xa0/0xd0 [ 110.487752][ T9624] path_openat+0x118b/0x3180 [ 110.492410][ T9624] do_filp_open+0x1a1/0x280 [ 110.496904][ T9624] do_sys_open+0x3fe/0x5d0 [ 110.501317][ T9624] __x64_sys_open+0x7e/0xc0 [ 110.505821][ T9624] do_syscall_64+0xfa/0x790 [ 110.510313][ T9624] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.516318][ T9624] [ 110.518635][ T9624] The buggy address belongs to the object at ffff88809ee5f840 [ 110.518635][ T9624] which belongs to the cache kmalloc-32 of size 32 [ 110.532507][ T9624] The buggy address is located 0 bytes inside of [ 110.532507][ T9624] 32-byte region [ffff88809ee5f840, ffff88809ee5f860) [ 110.545505][ T9624] The buggy address belongs to the page: [ 110.551233][ T9624] page:ffffea00027b97c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809ee5ffc1 [ 110.561732][ T9624] raw: 00fffe0000000200 ffffea000289fdc8 ffffea0002943f88 ffff8880aa4001c0 [ 110.570318][ T9624] raw: ffff88809ee5ffc1 ffff88809ee5f000 0000000100000031 0000000000000000 [ 110.578888][ T9624] page dumped because: kasan: bad access detected [ 110.585372][ T9624] [ 110.587690][ T9624] Memory state around the buggy address: [ 110.593304][ T9624] ffff88809ee5f700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 110.601350][ T9624] ffff88809ee5f780: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 110.609488][ T9624] >ffff88809ee5f800: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 110.617529][ T9624] ^ [ 110.623660][ T9624] ffff88809ee5f880: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 110.631698][ T9624] ffff88809ee5f900: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 110.639738][ T9624] ================================================================== [ 110.647793][ T9624] Disabling lock debugging due to kernel taint [ 110.654542][ T9624] Kernel panic - not syncing: panic_on_warn set ... [ 110.661133][ T9624] CPU: 0 PID: 9624 Comm: syz-executor276 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 110.671185][ T9624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.681218][ T9624] Call Trace: [ 110.684495][ T9624] dump_stack+0x197/0x210 [ 110.688822][ T9624] panic+0x2e3/0x75c [ 110.692692][ T9624] ? add_taint.cold+0x16/0x16 [ 110.697348][ T9624] ? bitmap_ip_list+0x40f/0xf20 [ 110.702175][ T9624] ? preempt_schedule+0x4b/0x60 [ 110.707003][ T9624] ? ___preempt_schedule+0x16/0x18 [ 110.712092][ T9624] ? trace_hardirqs_on+0x5e/0x240 [ 110.717112][ T9624] ? bitmap_ip_list+0x40f/0xf20 [ 110.721951][ T9624] end_report+0x47/0x4f [ 110.726097][ T9624] ? bitmap_ip_list+0x40f/0xf20 [ 110.730939][ T9624] __kasan_report.cold+0xe/0x41 [ 110.735774][ T9624] ? bitmap_ip_list+0x40f/0xf20 [ 110.740622][ T9624] kasan_report+0x12/0x20 [ 110.744995][ T9624] check_memory_region+0x134/0x1a0 [ 110.750110][ T9624] __kasan_check_read+0x11/0x20 [ 110.754961][ T9624] bitmap_ip_list+0x40f/0xf20 [ 110.759618][ T9624] ? bitmap_ip_add+0xe60/0xe60 [ 110.764360][ T9624] ? nla_put+0x110/0x150 [ 110.768585][ T9624] ip_set_dump_start+0x96c/0x1ca0 [ 110.773590][ T9624] ? ip_set_rename+0x720/0x720 [ 110.778340][ T9624] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 110.783864][ T9624] ? perf_trace_lock_acquire+0x4a0/0x530 [ 110.789487][ T9624] ? __kasan_check_write+0x14/0x20 [ 110.794593][ T9624] netlink_dump+0x558/0xfb0 [ 110.799096][ T9624] ? __netlink_sendskb+0xc0/0xc0 [ 110.804027][ T9624] __netlink_dump_start+0x66a/0x930 [ 110.809208][ T9624] ip_set_dump+0x15a/0x1d0 [ 110.813606][ T9624] ? call_ad+0x5a0/0x5a0 [ 110.817830][ T9624] ? ip_set_rename+0x720/0x720 [ 110.822586][ T9624] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 110.828396][ T9624] ? call_ad+0x5a0/0x5a0 [ 110.832630][ T9624] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 110.837548][ T9624] ? nfnetlink_bind+0x2c0/0x2c0 [ 110.842377][ T9624] ? __kasan_check_read+0x11/0x20 [ 110.847378][ T9624] ? __lock_acquire+0x8a0/0x4a00 [ 110.852292][ T9624] ? save_stack+0x5c/0x90 [ 110.856599][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.862815][ T9624] ? apparmor_capable+0x497/0x900 [ 110.867831][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.874059][ T9624] ? __kasan_check_read+0x11/0x20 [ 110.879064][ T9624] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 110.884564][ T9624] netlink_rcv_skb+0x177/0x450 [ 110.889325][ T9624] ? nfnetlink_bind+0x2c0/0x2c0 [ 110.894161][ T9624] ? netlink_ack+0xb50/0xb50 [ 110.898737][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.905141][ T9624] ? ns_capable_common+0x93/0x100 [ 110.910260][ T9624] ? ns_capable+0x20/0x30 [ 110.914581][ T9624] ? __netlink_ns_capable+0x104/0x140 [ 110.919947][ T9624] nfnetlink_rcv+0x1ba/0x460 [ 110.924522][ T9624] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 110.929959][ T9624] ? netlink_deliver_tap+0x24a/0xbe0 [ 110.935249][ T9624] ? __kasan_check_write+0x14/0x20 [ 110.940536][ T9624] netlink_unicast+0x58c/0x7d0 [ 110.945291][ T9624] ? netlink_attachskb+0x870/0x870 [ 110.950433][ T9624] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 110.956171][ T9624] ? __check_object_size+0x3d/0x437 [ 110.961547][ T9624] netlink_sendmsg+0x91c/0xea0 [ 110.966306][ T9624] ? netlink_unicast+0x7d0/0x7d0 [ 110.971294][ T9624] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 110.977023][ T9624] ? apparmor_socket_sendmsg+0x2a/0x30 [ 110.982480][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.988701][ T9624] ? security_socket_sendmsg+0x8d/0xc0 [ 110.994137][ T9624] ? netlink_unicast+0x7d0/0x7d0 [ 110.999067][ T9624] sock_sendmsg+0xd7/0x130 [ 111.003480][ T9624] ____sys_sendmsg+0x753/0x880 [ 111.008225][ T9624] ? kernel_sendmsg+0x50/0x50 [ 111.012907][ T9624] ? lockdep_init_map+0x1be/0x6d0 [ 111.017918][ T9624] ___sys_sendmsg+0x100/0x170 [ 111.022573][ T9624] ? sendmsg_copy_msghdr+0x70/0x70 [ 111.027677][ T9624] ? __kasan_check_read+0x11/0x20 [ 111.032676][ T9624] ? __lock_acquire+0x8a0/0x4a00 [ 111.037611][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.043849][ T9624] ? __this_cpu_preempt_check+0x35/0x190 [ 111.049468][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.055737][ T9624] ? percpu_counter_add_batch+0x13c/0x190 [ 111.061454][ T9624] ? __fd_install+0x1bc/0x640 [ 111.066116][ T9624] ? find_held_lock+0x35/0x130 [ 111.070881][ T9624] ? __fd_install+0x1bc/0x640 [ 111.075542][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.081758][ T9624] ? __fget_light+0x1a9/0x230 [ 111.086411][ T9624] ? __fdget+0x1b/0x20 [ 111.090455][ T9624] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 111.096672][ T9624] __sys_sendmsg+0x105/0x1d0 [ 111.101237][ T9624] ? __sys_sendmsg_sock+0xc0/0xc0 [ 111.106265][ T9624] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 111.111754][ T9624] ? do_fast_syscall_32+0xd1/0xe16 [ 111.116852][ T9624] ? entry_SYSENTER_compat+0x70/0x7f [ 111.122171][ T9624] ? do_fast_syscall_32+0xd1/0xe16 [ 111.127266][ T9624] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 111.132704][ T9624] do_fast_syscall_32+0x27b/0xe16 [ 111.137709][ T9624] entry_SYSENTER_compat+0x70/0x7f [ 111.142807][ T9624] RIP: 0023:0xf7f509a9 [ 111.146860][ T9624] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 111.166446][ T9624] RSP: 002b:00000000ff918e7c EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 111.174837][ T9624] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200000c0 [ 111.182784][ T9624] RDX: 0000000000000080 RSI: 00000000080ea080 RDI: 00000000ff918ed0 [ 111.190754][ T9624] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 111.199230][ T9624] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 111.207193][ T9624] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 111.216475][ T9624] Kernel Offset: disabled [ 111.220820][ T9624] Rebooting in 86400 seconds..