[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 94.621461][ T28] audit: type=1800 audit(1580388471.782:25): pid=9444 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 94.656623][ T28] audit: type=1800 audit(1580388471.782:26): pid=9444 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 94.695882][ T28] audit: type=1800 audit(1580388471.782:27): pid=9444 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 115.661821][ T9598] ================================================================== [ 115.670019][ T9598] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40f/0xf20 [ 115.677702][ T9598] Read of size 8 at addr ffff8880a7ed9b80 by task syz-executor251/9598 [ 115.685914][ T9598] [ 115.688228][ T9598] CPU: 1 PID: 9598 Comm: syz-executor251 Not tainted 5.5.0-rc6-next-20200116-syzkaller #0 [ 115.698088][ T9598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.708142][ T9598] Call Trace: [ 115.711456][ T9598] dump_stack+0x197/0x210 [ 115.715768][ T9598] ? bitmap_ip_list+0x40f/0xf20 [ 115.720605][ T9598] print_address_description.constprop.0.cold+0xd4/0x30b [ 115.727620][ T9598] ? bitmap_ip_list+0x40f/0xf20 [ 115.732447][ T9598] ? bitmap_ip_list+0x40f/0xf20 [ 115.737292][ T9598] __kasan_report.cold+0x1b/0x32 [ 115.742235][ T9598] ? bitmap_ip_list+0x40f/0xf20 [ 115.747075][ T9598] kasan_report+0x12/0x20 [ 115.751388][ T9598] check_memory_region+0x134/0x1a0 [ 115.756500][ T9598] __kasan_check_read+0x11/0x20 [ 115.761355][ T9598] bitmap_ip_list+0x40f/0xf20 [ 115.766027][ T9598] ? bitmap_ip_add+0xe60/0xe60 [ 115.770772][ T9598] ? nla_put+0x110/0x150 [ 115.775020][ T9598] ip_set_dump_start+0x96c/0x1ca0 [ 115.780029][ T9598] ? ip_set_rename+0x720/0x720 [ 115.784787][ T9598] ? __kmalloc_reserve.isra.0+0x70/0xf0 [ 115.790313][ T9598] ? __lock_acquire+0x2660/0x4a00 [ 115.795332][ T9598] ? __kasan_check_write+0x14/0x20 [ 115.800425][ T9598] netlink_dump+0x558/0xfb0 [ 115.804909][ T9598] ? __netlink_sendskb+0xc0/0xc0 [ 115.809833][ T9598] __netlink_dump_start+0x673/0x930 [ 115.815013][ T9598] ip_set_dump+0x15a/0x1d0 [ 115.819437][ T9598] ? call_ad+0x5a0/0x5a0 [ 115.823660][ T9598] ? ip_set_rename+0x720/0x720 [ 115.828400][ T9598] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 115.834184][ T9598] ? call_ad+0x5a0/0x5a0 [ 115.838419][ T9598] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 115.843394][ T9598] ? nfnetlink_bind+0x2c0/0x2c0 [ 115.848235][ T9598] ? __kasan_check_read+0x11/0x20 [ 115.853255][ T9598] ? __lock_acquire+0x8a0/0x4a00 [ 115.858183][ T9598] ? save_stack+0x5c/0x90 [ 115.862497][ T9598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 115.868719][ T9598] ? apparmor_capable+0x4df/0x910 [ 115.873794][ T9598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 115.880029][ T9598] ? __kasan_check_read+0x11/0x20 [ 115.885044][ T9598] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 115.890490][ T9598] netlink_rcv_skb+0x177/0x450 [ 115.895273][ T9598] ? nfnetlink_bind+0x2c0/0x2c0 [ 115.900106][ T9598] ? netlink_ack+0xb50/0xb50 [ 115.904689][ T9598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 115.910917][ T9598] ? ns_capable_common+0x93/0x100 [ 115.915920][ T9598] ? ns_capable+0x20/0x30 [ 115.920234][ T9598] ? __netlink_ns_capable+0x104/0x140 [ 115.925587][ T9598] nfnetlink_rcv+0x1ba/0x460 [ 115.930164][ T9598] ? nfnetlink_rcv_batch+0x1780/0x1780 [ 115.935602][ T9598] ? netlink_deliver_tap+0x248/0xbf0 [ 115.940870][ T9598] ? __kasan_check_write+0x14/0x20 [ 115.945960][ T9598] netlink_unicast+0x59e/0x7e0 [ 115.950705][ T9598] ? netlink_attachskb+0x870/0x870 [ 115.955832][ T9598] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 115.961532][ T9598] ? __check_object_size+0x3d/0x437 [ 115.966721][ T9598] netlink_sendmsg+0x91c/0xea0 [ 115.971471][ T9598] ? netlink_unicast+0x7e0/0x7e0 [ 115.976387][ T9598] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 115.981909][ T9598] ? apparmor_socket_sendmsg+0x2a/0x30 [ 115.987346][ T9598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 115.993573][ T9598] ? security_socket_sendmsg+0x8d/0xc0 [ 115.999020][ T9598] ? netlink_unicast+0x7e0/0x7e0 [ 116.003942][ T9598] sock_sendmsg+0xd7/0x130 [ 116.008361][ T9598] ____sys_sendmsg+0x753/0x880 [ 116.013111][ T9598] ? kernel_sendmsg+0x50/0x50 [ 116.017795][ T9598] ? __fget_files+0x337/0x520 [ 116.022454][ T9598] ? find_held_lock+0x35/0x130 [ 116.027204][ T9598] ___sys_sendmsg+0x100/0x170 [ 116.031862][ T9598] ? sendmsg_copy_msghdr+0x70/0x70 [ 116.036952][ T9598] ? __kasan_check_read+0x11/0x20 [ 116.041959][ T9598] ? __fget_files+0x359/0x520 [ 116.046621][ T9598] ? do_dup2+0x4f0/0x4f0 [ 116.050850][ T9598] ? __fget_light+0x1ad/0x270 [ 116.055509][ T9598] ? __fdget+0x1b/0x20 [ 116.059559][ T9598] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 116.065781][ T9598] __sys_sendmsg+0x105/0x1d0 [ 116.070351][ T9598] ? __sys_sendmsg_sock+0xc0/0xc0 [ 116.075362][ T9598] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 116.080800][ T9598] ? do_syscall_64+0x26/0x790 [ 116.085496][ T9598] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 116.091537][ T9598] ? do_syscall_64+0x26/0x790 [ 116.096194][ T9598] __x64_sys_sendmsg+0x78/0xb0 [ 116.101071][ T9598] do_syscall_64+0xfa/0x790 [ 116.105566][ T9598] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 116.111450][ T9598] RIP: 0033:0x445bd9 [ 116.115322][ T9598] Code: e8 bc b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 116.134903][ T9598] RSP: 002b:00007facacd7bdb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 116.143304][ T9598] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445bd9 [ 116.151254][ T9598] RDX: 0000000000000010 RSI: 00000000200003c0 RDI: 0000000000000004 [ 116.159203][ T9598] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000 [ 116.167155][ T9598] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac2c [ 116.175118][ T9598] R13: 00007ffef42e2a0f R14: 00007facacd7c9c0 R15: 20c49ba5e353f7cf [ 116.183099][ T9598] [ 116.185410][ T9598] Allocated by task 9598: [ 116.189727][ T9598] save_stack+0x23/0x90 [ 116.193874][ T9598] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 116.199509][ T9598] kasan_kmalloc+0x9/0x10 [ 116.203814][ T9598] __kmalloc+0x163/0x770 [ 116.208071][ T9598] ip_set_alloc+0x38/0x5e [ 116.212387][ T9598] bitmap_ip_create+0x6ec/0xc20 [ 116.217214][ T9598] ip_set_create+0x6f1/0x1500 [ 116.221977][ T9598] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 116.226930][ T9598] netlink_rcv_skb+0x177/0x450 [ 116.231672][ T9598] nfnetlink_rcv+0x1ba/0x460 [ 116.236238][ T9598] netlink_unicast+0x59e/0x7e0 [ 116.241013][ T9598] netlink_sendmsg+0x91c/0xea0 [ 116.245754][ T9598] sock_sendmsg+0xd7/0x130 [ 116.250149][ T9598] ____sys_sendmsg+0x753/0x880 [ 116.254927][ T9598] ___sys_sendmsg+0x100/0x170 [ 116.259634][ T9598] __sys_sendmsg+0x105/0x1d0 [ 116.264312][ T9598] __x64_sys_sendmsg+0x78/0xb0 [ 116.269063][ T9598] do_syscall_64+0xfa/0x790 [ 116.273545][ T9598] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 116.279415][ T9598] [ 116.281720][ T9598] Freed by task 9366: [ 116.285726][ T9598] save_stack+0x23/0x90 [ 116.289864][ T9598] __kasan_slab_free+0x102/0x150 [ 116.294797][ T9598] kasan_slab_free+0xe/0x10 [ 116.299281][ T9598] kfree+0x10a/0x2c0 [ 116.303155][ T9598] tomoyo_path_perm+0x24e/0x430 [ 116.307981][ T9598] tomoyo_inode_getattr+0x1d/0x30 [ 116.312981][ T9598] security_inode_getattr+0xf2/0x150 [ 116.318245][ T9598] vfs_getattr+0x25/0x70 [ 116.322462][ T9598] vfs_statx_fd+0x71/0xc0 [ 116.326769][ T9598] __do_sys_newfstat+0x9b/0x120 [ 116.331592][ T9598] __x64_sys_newfstat+0x54/0x80 [ 116.336422][ T9598] do_syscall_64+0xfa/0x790 [ 116.340922][ T9598] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 116.346785][ T9598] [ 116.349091][ T9598] The buggy address belongs to the object at ffff8880a7ed9b80 [ 116.349091][ T9598] which belongs to the cache kmalloc-32 of size 32 [ 116.362944][ T9598] The buggy address is located 0 bytes inside of [ 116.362944][ T9598] 32-byte region [ffff8880a7ed9b80, ffff8880a7ed9ba0) [ 116.375972][ T9598] The buggy address belongs to the page: [ 116.381640][ T9598] page:ffffea00029fb640 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a7ed9fc1 [ 116.392026][ T9598] flags: 0xfffe0000000200(slab) [ 116.396864][ T9598] raw: 00fffe0000000200 ffffea0002a53c88 ffffea00026c0a48 ffff8880aa4001c0 [ 116.405429][ T9598] raw: ffff8880a7ed9fc1 ffff8880a7ed9000 000000010000003d 0000000000000000 [ 116.413986][ T9598] page dumped because: kasan: bad access detected [ 116.420386][ T9598] [ 116.422693][ T9598] Memory state around the buggy address: [ 116.428305][ T9598] ffff8880a7ed9a80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 116.436353][ T9598] ffff8880a7ed9b00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 116.444411][ T9598] >ffff8880a7ed9b80: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 116.452458][ T9598] ^ [ 116.456504][ T9598] ffff8880a7ed9c00: fb fb fb fb fc fc fc fc 00 07 fc fc fc fc fc fc [ 116.464543][ T9598] ffff8880a7ed9c80: fb fb fb fb fc fc fc fc 06 fc fc fc fc fc fc fc [ 116.472584][ T9598] ================================================================== [ 116.480627][ T9598] Disabling lock debugging due to kernel taint [ 116.486913][ T9598] Kernel panic - not syncing: panic_on_warn set ... [ 116.493501][ T9598] CPU: 1 PID: 9598 Comm: syz-executor251 Tainted: G B 5.5.0-rc6-next-20200116-syzkaller #0 [ 116.504753][ T9598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.514791][ T9598] Call Trace: [ 116.518067][ T9598] dump_stack+0x197/0x210 [ 116.522376][ T9598] panic+0x2e3/0x75c [ 116.526248][ T9598] ? add_taint.cold+0x16/0x16 [ 116.530916][ T9598] ? bitmap_ip_list+0x40f/0xf20 [ 116.535745][ T9598] ? preempt_schedule+0x4b/0x60 [ 116.540572][ T9598] ? ___preempt_schedule+0x16/0x18 [ 116.545660][ T9598] ? trace_hardirqs_on+0x5e/0x240 [ 116.550663][ T9598] ? bitmap_ip_list+0x40f/0xf20 [ 116.555490][ T9598] end_report+0x47/0x4f [ 116.559626][ T9598] ? bitmap_ip_list+0x40f/0xf20 [ 116.564491][ T9598] __kasan_report.cold+0xe/0x32 [ 116.569318][ T9598] ? bitmap_ip_list+0x40f/0xf20 [ 116.574143][ T9598] kasan_report+0x12/0x20 [ 116.578449][ T9598] check_memory_region+0x134/0x1a0 [ 116.583581][ T9598] __kasan_check_read+0x11/0x20 [ 116.588405][ T9598] bitmap_ip_list+0x40f/0xf20 [ 116.593094][ T9598] ? bitmap_ip_add+0xe60/0xe60 [ 116.597832][ T9598] ? nla_put+0x110/0x150 [ 116.602046][ T9598] ip_set_dump_start+0x96c/0x1ca0 [ 116.607048][ T9598] ? ip_set_rename+0x720/0x720 [ 116.613047][ T9598] ? __kmalloc_reserve.isra.0+0x70/0xf0 [ 116.618570][ T9598] ? __lock_acquire+0x2660/0x4a00 [ 116.623569][ T9598] ? __kasan_check_write+0x14/0x20 [ 116.628661][ T9598] netlink_dump+0x558/0xfb0 [ 116.633139][ T9598] ? __netlink_sendskb+0xc0/0xc0 [ 116.638060][ T9598] __netlink_dump_start+0x673/0x930 [ 116.643233][ T9598] ip_set_dump+0x15a/0x1d0 [ 116.647640][ T9598] ? call_ad+0x5a0/0x5a0 [ 116.651872][ T9598] ? ip_set_rename+0x720/0x720 [ 116.656617][ T9598] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 116.662404][ T9598] ? call_ad+0x5a0/0x5a0 [ 116.666644][ T9598] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 116.671576][ T9598] ? nfnetlink_bind+0x2c0/0x2c0 [ 116.676414][ T9598] ? __kasan_check_read+0x11/0x20 [ 116.681420][ T9598] ? __lock_acquire+0x8a0/0x4a00 [ 116.686342][ T9598] ? save_stack+0x5c/0x90 [ 116.690661][ T9598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 116.696877][ T9598] ? apparmor_capable+0x4df/0x910 [ 116.701973][ T9598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 116.708190][ T9598] ? __kasan_check_read+0x11/0x20 [ 116.713188][ T9598] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 116.718625][ T9598] netlink_rcv_skb+0x177/0x450 [ 116.723366][ T9598] ? nfnetlink_bind+0x2c0/0x2c0 [ 116.728192][ T9598] ? netlink_ack+0xb50/0xb50 [ 116.732757][ T9598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 116.738972][ T9598] ? ns_capable_common+0x93/0x100 [ 116.743969][ T9598] ? ns_capable+0x20/0x30 [ 116.748275][ T9598] ? __netlink_ns_capable+0x104/0x140 [ 116.753620][ T9598] nfnetlink_rcv+0x1ba/0x460 [ 116.758189][ T9598] ? nfnetlink_rcv_batch+0x1780/0x1780 [ 116.763621][ T9598] ? netlink_deliver_tap+0x248/0xbf0 [ 116.768892][ T9598] ? __kasan_check_write+0x14/0x20 [ 116.773976][ T9598] netlink_unicast+0x59e/0x7e0 [ 116.778716][ T9598] ? netlink_attachskb+0x870/0x870 [ 116.783802][ T9598] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 116.789495][ T9598] ? __check_object_size+0x3d/0x437 [ 116.794678][ T9598] netlink_sendmsg+0x91c/0xea0 [ 116.799424][ T9598] ? netlink_unicast+0x7e0/0x7e0 [ 116.804346][ T9598] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 116.809869][ T9598] ? apparmor_socket_sendmsg+0x2a/0x30 [ 116.815300][ T9598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 116.821529][ T9598] ? security_socket_sendmsg+0x8d/0xc0 [ 116.826960][ T9598] ? netlink_unicast+0x7e0/0x7e0 [ 116.831871][ T9598] sock_sendmsg+0xd7/0x130 [ 116.836259][ T9598] ____sys_sendmsg+0x753/0x880 [ 116.840998][ T9598] ? kernel_sendmsg+0x50/0x50 [ 116.845652][ T9598] ? __fget_files+0x337/0x520 [ 116.850303][ T9598] ? find_held_lock+0x35/0x130 [ 116.855038][ T9598] ___sys_sendmsg+0x100/0x170 [ 116.859691][ T9598] ? sendmsg_copy_msghdr+0x70/0x70 [ 116.864787][ T9598] ? __kasan_check_read+0x11/0x20 [ 116.869787][ T9598] ? __fget_files+0x359/0x520 [ 116.874457][ T9598] ? do_dup2+0x4f0/0x4f0 [ 116.878687][ T9598] ? __fget_light+0x1ad/0x270 [ 116.883338][ T9598] ? __fdget+0x1b/0x20 [ 116.887417][ T9598] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 116.893633][ T9598] __sys_sendmsg+0x105/0x1d0 [ 116.898208][ T9598] ? __sys_sendmsg_sock+0xc0/0xc0 [ 116.903264][ T9598] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 116.908703][ T9598] ? do_syscall_64+0x26/0x790 [ 116.913409][ T9598] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 116.919462][ T9598] ? do_syscall_64+0x26/0x790 [ 116.924122][ T9598] __x64_sys_sendmsg+0x78/0xb0 [ 116.928867][ T9598] do_syscall_64+0xfa/0x790 [ 116.933382][ T9598] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 116.939255][ T9598] RIP: 0033:0x445bd9 [ 116.943138][ T9598] Code: e8 bc b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 116.962723][ T9598] RSP: 002b:00007facacd7bdb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 116.971112][ T9598] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445bd9 [ 116.979060][ T9598] RDX: 0000000000000010 RSI: 00000000200003c0 RDI: 0000000000000004 [ 116.987008][ T9598] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000 [ 116.994987][ T9598] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac2c [ 117.002939][ T9598] R13: 00007ffef42e2a0f R14: 00007facacd7c9c0 R15: 20c49ba5e353f7cf [ 117.012110][ T9598] Kernel Offset: disabled [ 117.016429][ T9598] Rebooting in 86400 seconds..