[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 86.860619][ T27] audit: type=1800 audit(1579370351.021:25): pid=9405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 86.890746][ T27] audit: type=1800 audit(1579370351.021:26): pid=9405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 86.919437][ T27] audit: type=1800 audit(1579370351.031:27): pid=9405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.1' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 96.486336][ T9558] ================================================================== [ 96.494569][ T9558] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40f/0xf20 [ 96.502104][ T9558] Read of size 8 at addr ffff88809ec28b40 by task syz-executor274/9558 [ 96.510321][ T9558] [ 96.512646][ T9558] CPU: 0 PID: 9558 Comm: syz-executor274 Not tainted 5.5.0-rc6-syzkaller #0 [ 96.521298][ T9558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 96.531394][ T9558] Call Trace: [ 96.534732][ T9558] dump_stack+0x197/0x210 [ 96.539098][ T9558] ? bitmap_ip_list+0x40f/0xf20 [ 96.543969][ T9558] print_address_description.constprop.0.cold+0xd4/0x30b [ 96.551016][ T9558] ? bitmap_ip_list+0x40f/0xf20 [ 96.555929][ T9558] ? bitmap_ip_list+0x40f/0xf20 [ 96.560770][ T9558] __kasan_report.cold+0x1b/0x41 [ 96.565696][ T9558] ? bitmap_ip_list+0x40f/0xf20 [ 96.570565][ T9558] kasan_report+0x12/0x20 [ 96.574889][ T9558] check_memory_region+0x134/0x1a0 [ 96.580004][ T9558] __kasan_check_read+0x11/0x20 [ 96.584843][ T9558] bitmap_ip_list+0x40f/0xf20 [ 96.589504][ T9558] ? bitmap_ip_add+0xe60/0xe60 [ 96.594259][ T9558] ? nla_put+0x110/0x150 [ 96.598485][ T9558] ip_set_dump_start+0x96c/0x1ca0 [ 96.603502][ T9558] ? ip_set_rename+0x720/0x720 [ 96.608257][ T9558] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 96.613859][ T9558] ? perf_trace_lock_acquire+0x4c0/0x530 [ 96.619477][ T9558] ? __kasan_check_write+0x14/0x20 [ 96.624600][ T9558] netlink_dump+0x558/0xfb0 [ 96.629103][ T9558] ? __netlink_sendskb+0xc0/0xc0 [ 96.634043][ T9558] __netlink_dump_start+0x66a/0x930 [ 96.639228][ T9558] ip_set_dump+0x15a/0x1d0 [ 96.643624][ T9558] ? call_ad+0x5a0/0x5a0 [ 96.647962][ T9558] ? ip_set_rename+0x720/0x720 [ 96.652717][ T9558] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 96.658519][ T9558] ? call_ad+0x5a0/0x5a0 [ 96.662747][ T9558] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 96.667688][ T9558] ? nfnetlink_bind+0x2c0/0x2c0 [ 96.672536][ T9558] ? __kasan_check_read+0x11/0x20 [ 96.677553][ T9558] ? __lock_acquire+0x8a0/0x4a00 [ 96.682474][ T9558] ? save_stack+0x5c/0x90 [ 96.686824][ T9558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.693059][ T9558] ? apparmor_capable+0x497/0x900 [ 96.698081][ T9558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.704400][ T9558] ? __kasan_check_read+0x11/0x20 [ 96.709432][ T9558] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 96.714991][ T9558] netlink_rcv_skb+0x177/0x450 [ 96.719739][ T9558] ? nfnetlink_bind+0x2c0/0x2c0 [ 96.724571][ T9558] ? netlink_ack+0xb50/0xb50 [ 96.729151][ T9558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.735384][ T9558] ? ns_capable_common+0x93/0x100 [ 96.740393][ T9558] ? ns_capable+0x20/0x30 [ 96.744723][ T9558] ? __netlink_ns_capable+0x104/0x140 [ 96.750094][ T9558] nfnetlink_rcv+0x1ba/0x460 [ 96.754679][ T9558] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 96.760127][ T9558] ? netlink_deliver_tap+0x24a/0xbe0 [ 96.765406][ T9558] ? __kasan_check_write+0x14/0x20 [ 96.770545][ T9558] netlink_unicast+0x58c/0x7d0 [ 96.775314][ T9558] ? netlink_attachskb+0x870/0x870 [ 96.780418][ T9558] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 96.786120][ T9558] ? __check_object_size+0x3d/0x437 [ 96.791309][ T9558] netlink_sendmsg+0x91c/0xea0 [ 96.796072][ T9558] ? netlink_unicast+0x7d0/0x7d0 [ 96.800997][ T9558] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 96.806747][ T9558] ? apparmor_socket_sendmsg+0x2a/0x30 [ 96.812200][ T9558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.818428][ T9558] ? security_socket_sendmsg+0x8d/0xc0 [ 96.823870][ T9558] ? netlink_unicast+0x7d0/0x7d0 [ 96.828806][ T9558] sock_sendmsg+0xd7/0x130 [ 96.833305][ T9558] ____sys_sendmsg+0x753/0x880 [ 96.838066][ T9558] ? kernel_sendmsg+0x50/0x50 [ 96.842727][ T9558] ? lockdep_init_map+0x1be/0x6d0 [ 96.847749][ T9558] ___sys_sendmsg+0x100/0x170 [ 96.852411][ T9558] ? sendmsg_copy_msghdr+0x70/0x70 [ 96.857603][ T9558] ? __kasan_check_read+0x11/0x20 [ 96.862706][ T9558] ? __lock_acquire+0x8a0/0x4a00 [ 96.867630][ T9558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.873868][ T9558] ? __this_cpu_preempt_check+0x35/0x190 [ 96.879486][ T9558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.885768][ T9558] ? percpu_counter_add_batch+0x13c/0x190 [ 96.891488][ T9558] ? __fd_install+0x1bc/0x640 [ 96.896147][ T9558] ? find_held_lock+0x35/0x130 [ 96.900911][ T9558] ? __fd_install+0x1bc/0x640 [ 96.905702][ T9558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.911936][ T9558] ? __fget_light+0x1a9/0x230 [ 96.916656][ T9558] ? __fdget+0x1b/0x20 [ 96.920807][ T9558] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 96.927036][ T9558] __sys_sendmsg+0x105/0x1d0 [ 96.931623][ T9558] ? __sys_sendmsg_sock+0xc0/0xc0 [ 96.936673][ T9558] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 96.942140][ T9558] ? do_fast_syscall_32+0xd1/0xe16 [ 96.947344][ T9558] ? entry_SYSENTER_compat+0x70/0x7f [ 96.952654][ T9558] ? do_fast_syscall_32+0xd1/0xe16 [ 96.957760][ T9558] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 96.963201][ T9558] do_fast_syscall_32+0x27b/0xe16 [ 96.968208][ T9558] entry_SYSENTER_compat+0x70/0x7f [ 96.973293][ T9558] RIP: 0023:0xf7f7ea39 [ 96.977353][ T9558] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 96.996964][ T9558] RSP: 002b:00000000ff86543c EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 97.005384][ T9558] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000540 [ 97.013345][ T9558] RDX: 0000000000000000 RSI: 00000000080ea080 RDI: 00000000ff865490 [ 97.021308][ T9558] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 97.029271][ T9558] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 97.037249][ T9558] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 97.045228][ T9558] [ 97.047553][ T9558] Allocated by task 9558: [ 97.051911][ T9558] save_stack+0x23/0x90 [ 97.056055][ T9558] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 97.061672][ T9558] kasan_kmalloc+0x9/0x10 [ 97.065998][ T9558] __kmalloc+0x163/0x770 [ 97.070255][ T9558] ip_set_alloc+0x38/0x5e [ 97.074587][ T9558] bitmap_ip_create+0x6ec/0xc20 [ 97.079421][ T9558] ip_set_create+0x6f1/0x1500 [ 97.084082][ T9558] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 97.089014][ T9558] netlink_rcv_skb+0x177/0x450 [ 97.093798][ T9558] nfnetlink_rcv+0x1ba/0x460 [ 97.098379][ T9558] netlink_unicast+0x58c/0x7d0 [ 97.103171][ T9558] netlink_sendmsg+0x91c/0xea0 [ 97.107920][ T9558] sock_sendmsg+0xd7/0x130 [ 97.112336][ T9558] ____sys_sendmsg+0x753/0x880 [ 97.117092][ T9558] ___sys_sendmsg+0x100/0x170 [ 97.121814][ T9558] __sys_sendmsg+0x105/0x1d0 [ 97.126423][ T9558] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 97.131873][ T9558] do_fast_syscall_32+0x27b/0xe16 [ 97.136879][ T9558] entry_SYSENTER_compat+0x70/0x7f [ 97.141971][ T9558] [ 97.144282][ T9558] Freed by task 9279: [ 97.148266][ T9558] save_stack+0x23/0x90 [ 97.152416][ T9558] __kasan_slab_free+0x102/0x150 [ 97.157342][ T9558] kasan_slab_free+0xe/0x10 [ 97.161828][ T9558] kfree+0x10a/0x2c0 [ 97.165723][ T9558] tomoyo_check_open_permission+0x19e/0x3e0 [ 97.171617][ T9558] tomoyo_file_open+0xa9/0xd0 [ 97.176292][ T9558] security_file_open+0x71/0x300 [ 97.181216][ T9558] do_dentry_open+0x37a/0x1380 [ 97.186022][ T9558] vfs_open+0xa0/0xd0 [ 97.189988][ T9558] path_openat+0x118b/0x3180 [ 97.194724][ T9558] do_filp_open+0x1a1/0x280 [ 97.199217][ T9558] do_sys_open+0x3fe/0x5d0 [ 97.203623][ T9558] __x64_sys_open+0x7e/0xc0 [ 97.208216][ T9558] do_syscall_64+0xfa/0x790 [ 97.212834][ T9558] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.218715][ T9558] [ 97.221041][ T9558] The buggy address belongs to the object at ffff88809ec28b40 [ 97.221041][ T9558] which belongs to the cache kmalloc-32 of size 32 [ 97.234908][ T9558] The buggy address is located 0 bytes inside of [ 97.234908][ T9558] 32-byte region [ffff88809ec28b40, ffff88809ec28b60) [ 97.247914][ T9558] The buggy address belongs to the page: [ 97.253534][ T9558] page:ffffea00027b0a00 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809ec28fc1 [ 97.263939][ T9558] raw: 00fffe0000000200 ffffea00028a5bc8 ffffea0002772048 ffff8880aa4001c0 [ 97.272527][ T9558] raw: ffff88809ec28fc1 ffff88809ec28000 000000010000002d 0000000000000000 [ 97.281115][ T9558] page dumped because: kasan: bad access detected [ 97.287520][ T9558] [ 97.289919][ T9558] Memory state around the buggy address: [ 97.295544][ T9558] ffff88809ec28a00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 97.303701][ T9558] ffff88809ec28a80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 97.311756][ T9558] >ffff88809ec28b00: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 97.319818][ T9558] ^ [ 97.325964][ T9558] ffff88809ec28b80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 97.334017][ T9558] ffff88809ec28c00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 97.342067][ T9558] ================================================================== [ 97.350135][ T9558] Disabling lock debugging due to kernel taint [ 97.357163][ T9558] Kernel panic - not syncing: panic_on_warn set ... [ 97.363758][ T9558] CPU: 0 PID: 9558 Comm: syz-executor274 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 97.373845][ T9558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.383930][ T9558] Call Trace: [ 97.387213][ T9558] dump_stack+0x197/0x210 [ 97.391533][ T9558] panic+0x2e3/0x75c [ 97.395422][ T9558] ? add_taint.cold+0x16/0x16 [ 97.400086][ T9558] ? bitmap_ip_list+0x40f/0xf20 [ 97.404933][ T9558] ? preempt_schedule+0x4b/0x60 [ 97.409773][ T9558] ? ___preempt_schedule+0x16/0x18 [ 97.414874][ T9558] ? trace_hardirqs_on+0x5e/0x240 [ 97.419923][ T9558] ? bitmap_ip_list+0x40f/0xf20 [ 97.424764][ T9558] end_report+0x47/0x4f [ 97.428904][ T9558] ? bitmap_ip_list+0x40f/0xf20 [ 97.433742][ T9558] __kasan_report.cold+0xe/0x41 [ 97.438578][ T9558] ? bitmap_ip_list+0x40f/0xf20 [ 97.443477][ T9558] kasan_report+0x12/0x20 [ 97.447789][ T9558] check_memory_region+0x134/0x1a0 [ 97.452896][ T9558] __kasan_check_read+0x11/0x20 [ 97.457769][ T9558] bitmap_ip_list+0x40f/0xf20 [ 97.462451][ T9558] ? bitmap_ip_add+0xe60/0xe60 [ 97.467208][ T9558] ? nla_put+0x110/0x150 [ 97.471438][ T9558] ip_set_dump_start+0x96c/0x1ca0 [ 97.476464][ T9558] ? ip_set_rename+0x720/0x720 [ 97.481227][ T9558] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 97.486811][ T9558] ? perf_trace_lock_acquire+0x4c0/0x530 [ 97.492436][ T9558] ? __kasan_check_write+0x14/0x20 [ 97.497550][ T9558] netlink_dump+0x558/0xfb0 [ 97.502052][ T9558] ? __netlink_sendskb+0xc0/0xc0 [ 97.506988][ T9558] __netlink_dump_start+0x66a/0x930 [ 97.512175][ T9558] ip_set_dump+0x15a/0x1d0 [ 97.516592][ T9558] ? call_ad+0x5a0/0x5a0 [ 97.520819][ T9558] ? ip_set_rename+0x720/0x720 [ 97.525621][ T9558] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 97.531413][ T9558] ? call_ad+0x5a0/0x5a0 [ 97.535646][ T9558] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 97.540578][ T9558] ? nfnetlink_bind+0x2c0/0x2c0 [ 97.545425][ T9558] ? __kasan_check_read+0x11/0x20 [ 97.550436][ T9558] ? __lock_acquire+0x8a0/0x4a00 [ 97.555364][ T9558] ? save_stack+0x5c/0x90 [ 97.559791][ T9558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.566018][ T9558] ? apparmor_capable+0x497/0x900 [ 97.571030][ T9558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.577317][ T9558] ? __kasan_check_read+0x11/0x20 [ 97.582333][ T9558] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 97.587771][ T9558] netlink_rcv_skb+0x177/0x450 [ 97.592524][ T9558] ? nfnetlink_bind+0x2c0/0x2c0 [ 97.597353][ T9558] ? netlink_ack+0xb50/0xb50 [ 97.601929][ T9558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.608152][ T9558] ? ns_capable_common+0x93/0x100 [ 97.613245][ T9558] ? ns_capable+0x20/0x30 [ 97.617548][ T9558] ? __netlink_ns_capable+0x104/0x140 [ 97.622907][ T9558] nfnetlink_rcv+0x1ba/0x460 [ 97.627492][ T9558] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 97.632935][ T9558] ? netlink_deliver_tap+0x24a/0xbe0 [ 97.638210][ T9558] ? __kasan_check_write+0x14/0x20 [ 97.643300][ T9558] netlink_unicast+0x58c/0x7d0 [ 97.648064][ T9558] ? netlink_attachskb+0x870/0x870 [ 97.653164][ T9558] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 97.658867][ T9558] ? __check_object_size+0x3d/0x437 [ 97.664070][ T9558] netlink_sendmsg+0x91c/0xea0 [ 97.668941][ T9558] ? netlink_unicast+0x7d0/0x7d0 [ 97.674552][ T9558] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 97.680103][ T9558] ? apparmor_socket_sendmsg+0x2a/0x30 [ 97.685562][ T9558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.691792][ T9558] ? security_socket_sendmsg+0x8d/0xc0 [ 97.697259][ T9558] ? netlink_unicast+0x7d0/0x7d0 [ 97.702183][ T9558] sock_sendmsg+0xd7/0x130 [ 97.706618][ T9558] ____sys_sendmsg+0x753/0x880 [ 97.711498][ T9558] ? kernel_sendmsg+0x50/0x50 [ 97.716170][ T9558] ? lockdep_init_map+0x1be/0x6d0 [ 97.721316][ T9558] ___sys_sendmsg+0x100/0x170 [ 97.725990][ T9558] ? sendmsg_copy_msghdr+0x70/0x70 [ 97.731271][ T9558] ? __kasan_check_read+0x11/0x20 [ 97.736381][ T9558] ? __lock_acquire+0x8a0/0x4a00 [ 97.741662][ T9558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.747922][ T9558] ? __this_cpu_preempt_check+0x35/0x190 [ 97.753548][ T9558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.759798][ T9558] ? percpu_counter_add_batch+0x13c/0x190 [ 97.765999][ T9558] ? __fd_install+0x1bc/0x640 [ 97.771390][ T9558] ? find_held_lock+0x35/0x130 [ 97.776296][ T9558] ? __fd_install+0x1bc/0x640 [ 97.780960][ T9558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.787188][ T9558] ? __fget_light+0x1a9/0x230 [ 97.791856][ T9558] ? __fdget+0x1b/0x20 [ 97.795915][ T9558] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 97.802184][ T9558] __sys_sendmsg+0x105/0x1d0 [ 97.807450][ T9558] ? __sys_sendmsg_sock+0xc0/0xc0 [ 97.812487][ T9558] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 97.817925][ T9558] ? do_fast_syscall_32+0xd1/0xe16 [ 97.823025][ T9558] ? entry_SYSENTER_compat+0x70/0x7f [ 97.828299][ T9558] ? do_fast_syscall_32+0xd1/0xe16 [ 97.834267][ T9558] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 97.839714][ T9558] do_fast_syscall_32+0x27b/0xe16 [ 97.845211][ T9558] entry_SYSENTER_compat+0x70/0x7f [ 97.850353][ T9558] RIP: 0023:0xf7f7ea39 [ 97.854406][ T9558] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 97.876452][ T9558] RSP: 002b:00000000ff86543c EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 97.884851][ T9558] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000540 [ 97.892803][ T9558] RDX: 0000000000000000 RSI: 00000000080ea080 RDI: 00000000ff865490 [ 97.900753][ T9558] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 97.910619][ T9558] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 97.918621][ T9558] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 97.927979][ T9558] Kernel Offset: disabled [ 97.932309][ T9558] Rebooting in 86400 seconds..