[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 75.749535][ T28] audit: type=1800 audit(1579393734.960:25): pid=8810 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 75.770743][ T28] audit: type=1800 audit(1579393734.960:26): pid=8810 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 75.820763][ T28] audit: type=1800 audit(1579393734.960:27): pid=8810 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 86.410619][ T8965] ================================================================== [ 86.418894][ T8965] BUG: KASAN: slab-out-of-bounds in bitmap_port_ext_cleanup+0xe6/0x2a0 [ 86.427126][ T8965] Read of size 8 at addr ffff88809f6c0d00 by task syz-executor172/8965 [ 86.435369][ T8965] [ 86.437674][ T8965] CPU: 1 PID: 8965 Comm: syz-executor172 Not tainted 5.5.0-rc5-syzkaller #0 [ 86.446317][ T8965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.456344][ T8965] Call Trace: [ 86.459612][ T8965] dump_stack+0x197/0x210 [ 86.463914][ T8965] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 86.469469][ T8965] print_address_description.constprop.0.cold+0xd4/0x30b [ 86.476520][ T8965] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 86.482050][ T8965] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 86.487569][ T8965] __kasan_report.cold+0x1b/0x41 [ 86.492482][ T8965] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 86.498008][ T8965] kasan_report+0x12/0x20 [ 86.502319][ T8965] check_memory_region+0x134/0x1a0 [ 86.507404][ T8965] __kasan_check_read+0x11/0x20 [ 86.512228][ T8965] bitmap_port_ext_cleanup+0xe6/0x2a0 [ 86.517590][ T8965] bitmap_port_destroy+0x180/0x1d0 [ 86.522694][ T8965] ip_set_create+0xe47/0x1500 [ 86.527350][ T8965] ? ip_set_destroy+0xb70/0xb70 [ 86.532188][ T8965] ? ip_set_destroy+0xb70/0xb70 [ 86.537039][ T8965] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 86.541954][ T8965] ? nfnetlink_bind+0x2c0/0x2c0 [ 86.546780][ T8965] ? __kasan_check_read+0x11/0x20 [ 86.551784][ T8965] ? __lock_acquire+0x8a0/0x4a00 [ 86.556703][ T8965] ? save_stack+0x5c/0x90 [ 86.561008][ T8965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.567505][ T8965] ? apparmor_capable+0x497/0x900 [ 86.572515][ T8965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.578733][ T8965] ? __kasan_check_read+0x11/0x20 [ 86.583735][ T8965] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 86.589218][ T8965] netlink_rcv_skb+0x177/0x450 [ 86.593962][ T8965] ? nfnetlink_bind+0x2c0/0x2c0 [ 86.598840][ T8965] ? netlink_ack+0xb50/0xb50 [ 86.603410][ T8965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.609626][ T8965] ? ns_capable_common+0x93/0x100 [ 86.614626][ T8965] ? ns_capable+0x20/0x30 [ 86.618940][ T8965] ? __netlink_ns_capable+0x104/0x140 [ 86.624314][ T8965] nfnetlink_rcv+0x1ba/0x460 [ 86.628886][ T8965] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 86.634318][ T8965] ? netlink_deliver_tap+0x24a/0xbe0 [ 86.639579][ T8965] ? __kasan_check_write+0x14/0x20 [ 86.644669][ T8965] netlink_unicast+0x58c/0x7d0 [ 86.649413][ T8965] ? netlink_attachskb+0x870/0x870 [ 86.654548][ T8965] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 86.660255][ T8965] ? __check_object_size+0x3d/0x437 [ 86.665429][ T8965] netlink_sendmsg+0x91c/0xea0 [ 86.670168][ T8965] ? netlink_unicast+0x7d0/0x7d0 [ 86.675081][ T8965] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 86.680599][ T8965] ? apparmor_socket_sendmsg+0x2a/0x30 [ 86.686033][ T8965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.692249][ T8965] ? security_socket_sendmsg+0x8d/0xc0 [ 86.697683][ T8965] ? netlink_unicast+0x7d0/0x7d0 [ 86.702596][ T8965] sock_sendmsg+0xd7/0x130 [ 86.706987][ T8965] ____sys_sendmsg+0x753/0x880 [ 86.711723][ T8965] ? kernel_sendmsg+0x50/0x50 [ 86.716374][ T8965] ? mark_held_locks+0xa4/0xf0 [ 86.721110][ T8965] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 86.727150][ T8965] ? __handle_mm_fault+0x3145/0x3cc0 [ 86.732428][ T8965] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 86.738471][ T8965] ___sys_sendmsg+0x100/0x170 [ 86.743207][ T8965] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 86.749162][ T8965] ? sendmsg_copy_msghdr+0x70/0x70 [ 86.754287][ T8965] ? __do_page_fault+0x56a/0xd80 [ 86.759208][ T8965] ? find_held_lock+0x35/0x130 [ 86.763972][ T8965] ? __do_page_fault+0x56a/0xd80 [ 86.768888][ T8965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.775102][ T8965] ? __fget_light+0x1a9/0x230 [ 86.779768][ T8965] ? __fdget+0x1b/0x20 [ 86.783807][ T8965] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 86.790025][ T8965] __sys_sendmsg+0x105/0x1d0 [ 86.794594][ T8965] ? __sys_sendmsg_sock+0xc0/0xc0 [ 86.799598][ T8965] ? down_read_non_owner+0x490/0x490 [ 86.804857][ T8965] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 86.810340][ T8965] ? do_syscall_64+0x26/0x790 [ 86.815000][ T8965] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.821038][ T8965] ? do_syscall_64+0x26/0x790 [ 86.825697][ T8965] __x64_sys_sendmsg+0x78/0xb0 [ 86.830433][ T8965] do_syscall_64+0xfa/0x790 [ 86.834909][ T8965] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.840789][ T8965] RIP: 0033:0x441399 [ 86.844659][ T8965] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 86.864230][ T8965] RSP: 002b:00007ffd3c76f208 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 86.872610][ T8965] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441399 [ 86.880555][ T8965] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003 [ 86.888517][ T8965] RBP: 0000000000015169 R08: 00000000004002c8 R09: 00000000004002c8 [ 86.896464][ T8965] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004021c0 [ 86.904411][ T8965] R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000 [ 86.912356][ T8965] [ 86.914663][ T8965] Allocated by task 8965: [ 86.918968][ T8965] save_stack+0x23/0x90 [ 86.923094][ T8965] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 86.928694][ T8965] kasan_kmalloc+0x9/0x10 [ 86.932994][ T8965] __kmalloc+0x163/0x770 [ 86.937208][ T8965] ip_set_alloc+0x38/0x5e [ 86.941509][ T8965] bitmap_port_create+0x3dc/0x7c0 [ 86.946506][ T8965] ip_set_create+0x6f1/0x1500 [ 86.951161][ T8965] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 86.956068][ T8965] netlink_rcv_skb+0x177/0x450 [ 86.960804][ T8965] nfnetlink_rcv+0x1ba/0x460 [ 86.965362][ T8965] netlink_unicast+0x58c/0x7d0 [ 86.970096][ T8965] netlink_sendmsg+0x91c/0xea0 [ 86.974838][ T8965] sock_sendmsg+0xd7/0x130 [ 86.979228][ T8965] ____sys_sendmsg+0x753/0x880 [ 86.983971][ T8965] ___sys_sendmsg+0x100/0x170 [ 86.988616][ T8965] __sys_sendmsg+0x105/0x1d0 [ 86.993174][ T8965] __x64_sys_sendmsg+0x78/0xb0 [ 86.997910][ T8965] do_syscall_64+0xfa/0x790 [ 87.002414][ T8965] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.008270][ T8965] [ 87.010569][ T8965] Freed by task 8710: [ 87.014526][ T8965] save_stack+0x23/0x90 [ 87.018661][ T8965] __kasan_slab_free+0x102/0x150 [ 87.023567][ T8965] kasan_slab_free+0xe/0x10 [ 87.028038][ T8965] kfree+0x10a/0x2c0 [ 87.031907][ T8965] tomoyo_check_open_permission+0x19e/0x3e0 [ 87.037803][ T8965] tomoyo_file_open+0xa9/0xd0 [ 87.042462][ T8965] security_file_open+0x71/0x300 [ 87.047378][ T8965] do_dentry_open+0x37a/0x1380 [ 87.052117][ T8965] vfs_open+0xa0/0xd0 [ 87.056077][ T8965] path_openat+0x10df/0x4500 [ 87.060654][ T8965] do_filp_open+0x1a1/0x280 [ 87.065148][ T8965] do_sys_open+0x3fe/0x5d0 [ 87.069640][ T8965] __x64_sys_open+0x7e/0xc0 [ 87.074190][ T8965] do_syscall_64+0xfa/0x790 [ 87.078713][ T8965] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.084579][ T8965] [ 87.086890][ T8965] The buggy address belongs to the object at ffff88809f6c0d00 [ 87.086890][ T8965] which belongs to the cache kmalloc-32 of size 32 [ 87.100787][ T8965] The buggy address is located 0 bytes inside of [ 87.100787][ T8965] 32-byte region [ffff88809f6c0d00, ffff88809f6c0d20) [ 87.113770][ T8965] The buggy address belongs to the page: [ 87.119385][ T8965] page:ffffea00027db000 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809f6c0fc1 [ 87.129775][ T8965] raw: 00fffe0000000200 ffffea00027cca88 ffffea0002a27908 ffff8880aa4001c0 [ 87.138335][ T8965] raw: ffff88809f6c0fc1 ffff88809f6c0000 000000010000003c 0000000000000000 [ 87.147025][ T8965] page dumped because: kasan: bad access detected [ 87.153408][ T8965] [ 87.155708][ T8965] Memory state around the buggy address: [ 87.161310][ T8965] ffff88809f6c0c00: 00 00 00 fc fc fc fc fc 00 fc fc fc fc fc fc fc [ 87.169345][ T8965] ffff88809f6c0c80: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 87.177392][ T8965] >ffff88809f6c0d00: 04 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc [ 87.185429][ T8965] ^ [ 87.189483][ T8965] ffff88809f6c0d80: 00 fc fc fc fc fc fc fc 00 04 fc fc fc fc fc fc [ 87.197515][ T8965] ffff88809f6c0e00: 00 04 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 87.205546][ T8965] ================================================================== [ 87.213581][ T8965] Disabling lock debugging due to kernel taint [ 87.221790][ T8965] Kernel panic - not syncing: panic_on_warn set ... [ 87.228364][ T8965] CPU: 1 PID: 8965 Comm: syz-executor172 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 87.238396][ T8965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 87.248425][ T8965] Call Trace: [ 87.251696][ T8965] dump_stack+0x197/0x210 [ 87.256009][ T8965] panic+0x2e3/0x75c [ 87.259882][ T8965] ? add_taint.cold+0x16/0x16 [ 87.264530][ T8965] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 87.270057][ T8965] ? preempt_schedule+0x4b/0x60 [ 87.274878][ T8965] ? ___preempt_schedule+0x16/0x18 [ 87.279982][ T8965] ? trace_hardirqs_on+0x5e/0x240 [ 87.284976][ T8965] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 87.290508][ T8965] end_report+0x47/0x4f [ 87.294645][ T8965] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 87.300174][ T8965] __kasan_report.cold+0xe/0x41 [ 87.304995][ T8965] ? bitmap_port_ext_cleanup+0xe6/0x2a0 [ 87.310508][ T8965] kasan_report+0x12/0x20 [ 87.314809][ T8965] check_memory_region+0x134/0x1a0 [ 87.319902][ T8965] __kasan_check_read+0x11/0x20 [ 87.324729][ T8965] bitmap_port_ext_cleanup+0xe6/0x2a0 [ 87.330070][ T8965] bitmap_port_destroy+0x180/0x1d0 [ 87.335150][ T8965] ip_set_create+0xe47/0x1500 [ 87.339796][ T8965] ? ip_set_destroy+0xb70/0xb70 [ 87.344623][ T8965] ? ip_set_destroy+0xb70/0xb70 [ 87.349443][ T8965] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 87.354354][ T8965] ? nfnetlink_bind+0x2c0/0x2c0 [ 87.359217][ T8965] ? __kasan_check_read+0x11/0x20 [ 87.364216][ T8965] ? __lock_acquire+0x8a0/0x4a00 [ 87.369125][ T8965] ? save_stack+0x5c/0x90 [ 87.373431][ T8965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.379661][ T8965] ? apparmor_capable+0x497/0x900 [ 87.384659][ T8965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.390871][ T8965] ? __kasan_check_read+0x11/0x20 [ 87.395880][ T8965] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 87.401311][ T8965] netlink_rcv_skb+0x177/0x450 [ 87.406052][ T8965] ? nfnetlink_bind+0x2c0/0x2c0 [ 87.410875][ T8965] ? netlink_ack+0xb50/0xb50 [ 87.415438][ T8965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.421649][ T8965] ? ns_capable_common+0x93/0x100 [ 87.426662][ T8965] ? ns_capable+0x20/0x30 [ 87.431054][ T8965] ? __netlink_ns_capable+0x104/0x140 [ 87.436412][ T8965] nfnetlink_rcv+0x1ba/0x460 [ 87.441034][ T8965] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 87.446477][ T8965] ? netlink_deliver_tap+0x24a/0xbe0 [ 87.451740][ T8965] ? __kasan_check_write+0x14/0x20 [ 87.456836][ T8965] netlink_unicast+0x58c/0x7d0 [ 87.461577][ T8965] ? netlink_attachskb+0x870/0x870 [ 87.466662][ T8965] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 87.472358][ T8965] ? __check_object_size+0x3d/0x437 [ 87.477541][ T8965] netlink_sendmsg+0x91c/0xea0 [ 87.482279][ T8965] ? netlink_unicast+0x7d0/0x7d0 [ 87.487198][ T8965] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 87.492729][ T8965] ? apparmor_socket_sendmsg+0x2a/0x30 [ 87.498186][ T8965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.504406][ T8965] ? security_socket_sendmsg+0x8d/0xc0 [ 87.509842][ T8965] ? netlink_unicast+0x7d0/0x7d0 [ 87.514757][ T8965] sock_sendmsg+0xd7/0x130 [ 87.519147][ T8965] ____sys_sendmsg+0x753/0x880 [ 87.523899][ T8965] ? kernel_sendmsg+0x50/0x50 [ 87.528551][ T8965] ? mark_held_locks+0xa4/0xf0 [ 87.533292][ T8965] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 87.539340][ T8965] ? __handle_mm_fault+0x3145/0x3cc0 [ 87.544610][ T8965] ? do_huge_pmd_anonymous_page+0x1463/0x1a50 [ 87.550656][ T8965] ___sys_sendmsg+0x100/0x170 [ 87.555354][ T8965] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 87.561310][ T8965] ? sendmsg_copy_msghdr+0x70/0x70 [ 87.566400][ T8965] ? __do_page_fault+0x56a/0xd80 [ 87.571310][ T8965] ? find_held_lock+0x35/0x130 [ 87.576053][ T8965] ? __do_page_fault+0x56a/0xd80 [ 87.580969][ T8965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.587190][ T8965] ? __fget_light+0x1a9/0x230 [ 87.591841][ T8965] ? __fdget+0x1b/0x20 [ 87.595897][ T8965] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 87.602113][ T8965] __sys_sendmsg+0x105/0x1d0 [ 87.606678][ T8965] ? __sys_sendmsg_sock+0xc0/0xc0 [ 87.611681][ T8965] ? down_read_non_owner+0x490/0x490 [ 87.616943][ T8965] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 87.622519][ T8965] ? do_syscall_64+0x26/0x790 [ 87.627175][ T8965] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.633389][ T8965] ? do_syscall_64+0x26/0x790 [ 87.638046][ T8965] __x64_sys_sendmsg+0x78/0xb0 [ 87.642798][ T8965] do_syscall_64+0xfa/0x790 [ 87.647288][ T8965] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.653155][ T8965] RIP: 0033:0x441399 [ 87.657027][ T8965] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 87.676606][ T8965] RSP: 002b:00007ffd3c76f208 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 87.684991][ T8965] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441399 [ 87.692937][ T8965] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003 [ 87.700883][ T8965] RBP: 0000000000015169 R08: 00000000004002c8 R09: 00000000004002c8 [ 87.708829][ T8965] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004021c0 [ 87.716785][ T8965] R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000 [ 87.726162][ T8965] Kernel Offset: disabled [ 87.730480][ T8965] Rebooting in 86400 seconds..