[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 77.639351][ T28] audit: type=1800 audit(1579340583.918:25): pid=9300 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 77.674881][ T28] audit: type=1800 audit(1579340583.918:26): pid=9300 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 77.724465][ T28] audit: type=1800 audit(1579340583.928:27): pid=9300 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 101.854148][ T9451] ================================================================== [ 101.862306][ T9451] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080 [ 101.870174][ T9451] Read of size 8 at addr ffff88809c38cb00 by task syz-executor607/9451 [ 101.878385][ T9451] [ 101.880696][ T9451] CPU: 1 PID: 9451 Comm: syz-executor607 Not tainted 5.5.0-rc6-syzkaller #0 [ 101.889467][ T9451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 101.899519][ T9451] Call Trace: [ 101.902812][ T9451] dump_stack+0x197/0x210 [ 101.907142][ T9451] ? bitmap_ipmac_list+0x635/0x1080 [ 101.912331][ T9451] print_address_description.constprop.0.cold+0xd4/0x30b [ 101.919337][ T9451] ? bitmap_ipmac_list+0x635/0x1080 [ 101.924534][ T9451] ? bitmap_ipmac_list+0x635/0x1080 [ 101.929730][ T9451] __kasan_report.cold+0x1b/0x41 [ 101.934660][ T9451] ? bitmap_ipmac_list+0x635/0x1080 [ 101.939856][ T9451] kasan_report+0x12/0x20 [ 101.944200][ T9451] check_memory_region+0x134/0x1a0 [ 101.949305][ T9451] __kasan_check_read+0x11/0x20 [ 101.954146][ T9451] bitmap_ipmac_list+0x635/0x1080 [ 101.959174][ T9451] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 101.964285][ T9451] ? nla_put+0x110/0x150 [ 101.968524][ T9451] ip_set_dump_start+0x96c/0x1ca0 [ 101.973546][ T9451] ? ip_set_rename+0x720/0x720 [ 101.978298][ T9451] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 101.983832][ T9451] ? perf_trace_lock_acquire+0x4c0/0x530 [ 101.989454][ T9451] ? __kasan_check_write+0x14/0x20 [ 101.994613][ T9451] netlink_dump+0x558/0xfb0 [ 101.999247][ T9451] ? __netlink_sendskb+0xc0/0xc0 [ 102.004210][ T9451] __netlink_dump_start+0x66a/0x930 [ 102.009447][ T9451] ip_set_dump+0x15a/0x1d0 [ 102.013901][ T9451] ? call_ad+0x5a0/0x5a0 [ 102.018147][ T9451] ? ip_set_rename+0x720/0x720 [ 102.022906][ T9451] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 102.028712][ T9451] ? call_ad+0x5a0/0x5a0 [ 102.032949][ T9451] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 102.037889][ T9451] ? nfnetlink_bind+0x2c0/0x2c0 [ 102.042736][ T9451] ? __kasan_check_read+0x11/0x20 [ 102.047820][ T9451] ? __lock_acquire+0x8a0/0x4a00 [ 102.052763][ T9451] ? save_stack+0x5c/0x90 [ 102.057088][ T9451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.063317][ T9451] ? apparmor_capable+0x497/0x900 [ 102.068396][ T9451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.074629][ T9451] ? __kasan_check_read+0x11/0x20 [ 102.079637][ T9451] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 102.085159][ T9451] netlink_rcv_skb+0x177/0x450 [ 102.089918][ T9451] ? nfnetlink_bind+0x2c0/0x2c0 [ 102.094763][ T9451] ? netlink_ack+0xb50/0xb50 [ 102.099350][ T9451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.105577][ T9451] ? ns_capable_common+0x93/0x100 [ 102.110591][ T9451] ? ns_capable+0x20/0x30 [ 102.114973][ T9451] ? __netlink_ns_capable+0x104/0x140 [ 102.120340][ T9451] nfnetlink_rcv+0x1ba/0x460 [ 102.124918][ T9451] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 102.130374][ T9451] ? netlink_deliver_tap+0x24a/0xbe0 [ 102.135650][ T9451] ? __kasan_check_write+0x14/0x20 [ 102.140763][ T9451] netlink_unicast+0x58c/0x7d0 [ 102.145513][ T9451] ? netlink_attachskb+0x870/0x870 [ 102.150603][ T9451] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 102.156309][ T9451] ? __check_object_size+0x3d/0x437 [ 102.161505][ T9451] netlink_sendmsg+0x91c/0xea0 [ 102.166261][ T9451] ? netlink_unicast+0x7d0/0x7d0 [ 102.171189][ T9451] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 102.176729][ T9451] ? apparmor_socket_sendmsg+0x2a/0x30 [ 102.182182][ T9451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.188412][ T9451] ? security_socket_sendmsg+0x8d/0xc0 [ 102.193866][ T9451] ? netlink_unicast+0x7d0/0x7d0 [ 102.198796][ T9451] sock_sendmsg+0xd7/0x130 [ 102.203317][ T9451] ____sys_sendmsg+0x753/0x880 [ 102.208185][ T9451] ? kernel_sendmsg+0x50/0x50 [ 102.212919][ T9451] ? lockdep_init_map+0x1be/0x6d0 [ 102.217944][ T9451] ___sys_sendmsg+0x100/0x170 [ 102.222606][ T9451] ? sendmsg_copy_msghdr+0x70/0x70 [ 102.227704][ T9451] ? __kasan_check_read+0x11/0x20 [ 102.232708][ T9451] ? __lock_acquire+0x8a0/0x4a00 [ 102.237646][ T9451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.243940][ T9451] ? __this_cpu_preempt_check+0x35/0x190 [ 102.249740][ T9451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.255992][ T9451] ? percpu_counter_add_batch+0x13c/0x190 [ 102.261710][ T9451] ? __fd_install+0x1bc/0x640 [ 102.266432][ T9451] ? find_held_lock+0x35/0x130 [ 102.271202][ T9451] ? __fd_install+0x1bc/0x640 [ 102.275886][ T9451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.282129][ T9451] ? __fget_light+0x1a9/0x230 [ 102.286798][ T9451] ? __fdget+0x1b/0x20 [ 102.290857][ T9451] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 102.297091][ T9451] __sys_sendmsg+0x105/0x1d0 [ 102.301688][ T9451] ? __sys_sendmsg_sock+0xc0/0xc0 [ 102.306710][ T9451] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 102.312164][ T9451] ? do_fast_syscall_32+0xd1/0xe16 [ 102.317262][ T9451] ? entry_SYSENTER_compat+0x70/0x7f [ 102.322530][ T9451] ? do_fast_syscall_32+0xd1/0xe16 [ 102.327667][ T9451] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 102.333119][ T9451] do_fast_syscall_32+0x27b/0xe16 [ 102.338156][ T9451] entry_SYSENTER_compat+0x70/0x7f [ 102.343256][ T9451] RIP: 0023:0xf7feba39 [ 102.347318][ T9451] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 102.366911][ T9451] RSP: 002b:00000000ffa5139c EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 102.375307][ T9451] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000680 [ 102.383275][ T9451] RDX: 0000000000000040 RSI: 00000000080ea080 RDI: 00000000ffa513f0 [ 102.391240][ T9451] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 102.399203][ T9451] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 102.407167][ T9451] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 102.415137][ T9451] [ 102.417448][ T9451] Allocated by task 9451: [ 102.421767][ T9451] save_stack+0x23/0x90 [ 102.425913][ T9451] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 102.431530][ T9451] kasan_kmalloc+0x9/0x10 [ 102.435848][ T9451] __kmalloc+0x163/0x770 [ 102.440078][ T9451] ip_set_alloc+0x38/0x5e [ 102.444392][ T9451] bitmap_ipmac_create+0x4e8/0xa00 [ 102.449491][ T9451] ip_set_create+0x6f1/0x1500 [ 102.454215][ T9451] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 102.459140][ T9451] netlink_rcv_skb+0x177/0x450 [ 102.463899][ T9451] nfnetlink_rcv+0x1ba/0x460 [ 102.468499][ T9451] netlink_unicast+0x58c/0x7d0 [ 102.473307][ T9451] netlink_sendmsg+0x91c/0xea0 [ 102.478062][ T9451] sock_sendmsg+0xd7/0x130 [ 102.482479][ T9451] ____sys_sendmsg+0x753/0x880 [ 102.487233][ T9451] ___sys_sendmsg+0x100/0x170 [ 102.491942][ T9451] __sys_sendmsg+0x105/0x1d0 [ 102.496520][ T9451] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 102.501967][ T9451] do_fast_syscall_32+0x27b/0xe16 [ 102.507028][ T9451] entry_SYSENTER_compat+0x70/0x7f [ 102.512120][ T9451] [ 102.514429][ T9451] Freed by task 9178: [ 102.518473][ T9451] save_stack+0x23/0x90 [ 102.522622][ T9451] __kasan_slab_free+0x102/0x150 [ 102.527554][ T9451] kasan_slab_free+0xe/0x10 [ 102.532042][ T9451] kfree+0x10a/0x2c0 [ 102.535925][ T9451] tomoyo_check_open_permission+0x19e/0x3e0 [ 102.541806][ T9451] tomoyo_file_open+0xa9/0xd0 [ 102.546472][ T9451] security_file_open+0x71/0x300 [ 102.551390][ T9451] do_dentry_open+0x37a/0x1380 [ 102.556144][ T9451] vfs_open+0xa0/0xd0 [ 102.560121][ T9451] path_openat+0x118b/0x3180 [ 102.564702][ T9451] do_filp_open+0x1a1/0x280 [ 102.569198][ T9451] do_sys_open+0x3fe/0x5d0 [ 102.573602][ T9451] __x64_sys_open+0x7e/0xc0 [ 102.578164][ T9451] do_syscall_64+0xfa/0x790 [ 102.582653][ T9451] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.588524][ T9451] [ 102.590840][ T9451] The buggy address belongs to the object at ffff88809c38cb00 [ 102.590840][ T9451] which belongs to the cache kmalloc-32 of size 32 [ 102.604707][ T9451] The buggy address is located 0 bytes inside of [ 102.604707][ T9451] 32-byte region [ffff88809c38cb00, ffff88809c38cb20) [ 102.617709][ T9451] The buggy address belongs to the page: [ 102.623344][ T9451] page:ffffea000270e300 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809c38cfc1 [ 102.633745][ T9451] raw: 00fffe0000000200 ffffea00026a5b88 ffffea00028dde48 ffff8880aa4001c0 [ 102.642389][ T9451] raw: ffff88809c38cfc1 ffff88809c38c000 000000010000003f 0000000000000000 [ 102.650956][ T9451] page dumped because: kasan: bad access detected [ 102.657353][ T9451] [ 102.659713][ T9451] Memory state around the buggy address: [ 102.665387][ T9451] ffff88809c38ca00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 102.673438][ T9451] ffff88809c38ca80: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc [ 102.681536][ T9451] >ffff88809c38cb00: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 102.689581][ T9451] ^ [ 102.693636][ T9451] ffff88809c38cb80: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 102.701766][ T9451] ffff88809c38cc00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 102.709974][ T9451] ================================================================== [ 102.718019][ T9451] Disabling lock debugging due to kernel taint [ 102.725987][ T9451] Kernel panic - not syncing: panic_on_warn set ... [ 102.732596][ T9451] CPU: 0 PID: 9451 Comm: syz-executor607 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 102.742637][ T9451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 102.752674][ T9451] Call Trace: [ 102.755955][ T9451] dump_stack+0x197/0x210 [ 102.760274][ T9451] panic+0x2e3/0x75c [ 102.764226][ T9451] ? add_taint.cold+0x16/0x16 [ 102.768906][ T9451] ? bitmap_ipmac_list+0x635/0x1080 [ 102.774093][ T9451] ? preempt_schedule+0x4b/0x60 [ 102.778936][ T9451] ? ___preempt_schedule+0x16/0x18 [ 102.784040][ T9451] ? trace_hardirqs_on+0x5e/0x240 [ 102.789054][ T9451] ? bitmap_ipmac_list+0x635/0x1080 [ 102.794246][ T9451] end_report+0x47/0x4f [ 102.798388][ T9451] ? bitmap_ipmac_list+0x635/0x1080 [ 102.803563][ T9451] __kasan_report.cold+0xe/0x41 [ 102.808402][ T9451] ? bitmap_ipmac_list+0x635/0x1080 [ 102.813579][ T9451] kasan_report+0x12/0x20 [ 102.817890][ T9451] check_memory_region+0x134/0x1a0 [ 102.823035][ T9451] __kasan_check_read+0x11/0x20 [ 102.827917][ T9451] bitmap_ipmac_list+0x635/0x1080 [ 102.832933][ T9451] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 102.838027][ T9451] ? nla_put+0x110/0x150 [ 102.842313][ T9451] ip_set_dump_start+0x96c/0x1ca0 [ 102.847326][ T9451] ? ip_set_rename+0x720/0x720 [ 102.852090][ T9451] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 102.857688][ T9451] ? perf_trace_lock_acquire+0x4c0/0x530 [ 102.863338][ T9451] ? __kasan_check_write+0x14/0x20 [ 102.868474][ T9451] netlink_dump+0x558/0xfb0 [ 102.872974][ T9451] ? __netlink_sendskb+0xc0/0xc0 [ 102.877910][ T9451] __netlink_dump_start+0x66a/0x930 [ 102.883090][ T9451] ip_set_dump+0x15a/0x1d0 [ 102.887629][ T9451] ? call_ad+0x5a0/0x5a0 [ 102.891864][ T9451] ? ip_set_rename+0x720/0x720 [ 102.896608][ T9451] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 102.902407][ T9451] ? call_ad+0x5a0/0x5a0 [ 102.906641][ T9451] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 102.911614][ T9451] ? nfnetlink_bind+0x2c0/0x2c0 [ 102.916452][ T9451] ? __kasan_check_read+0x11/0x20 [ 102.921458][ T9451] ? __lock_acquire+0x8a0/0x4a00 [ 102.926379][ T9451] ? save_stack+0x5c/0x90 [ 102.930694][ T9451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.936923][ T9451] ? apparmor_capable+0x497/0x900 [ 102.941941][ T9451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.948169][ T9451] ? __kasan_check_read+0x11/0x20 [ 102.953224][ T9451] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 102.958676][ T9451] netlink_rcv_skb+0x177/0x450 [ 102.963433][ T9451] ? nfnetlink_bind+0x2c0/0x2c0 [ 102.968274][ T9451] ? netlink_ack+0xb50/0xb50 [ 102.972851][ T9451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.979079][ T9451] ? ns_capable_common+0x93/0x100 [ 102.984093][ T9451] ? ns_capable+0x20/0x30 [ 102.988405][ T9451] ? __netlink_ns_capable+0x104/0x140 [ 102.993762][ T9451] nfnetlink_rcv+0x1ba/0x460 [ 102.998399][ T9451] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 103.003864][ T9451] ? netlink_deliver_tap+0x24a/0xbe0 [ 103.009201][ T9451] ? __kasan_check_write+0x14/0x20 [ 103.014303][ T9451] netlink_unicast+0x58c/0x7d0 [ 103.019062][ T9451] ? netlink_attachskb+0x870/0x870 [ 103.024162][ T9451] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 103.029904][ T9451] ? __check_object_size+0x3d/0x437 [ 103.035091][ T9451] netlink_sendmsg+0x91c/0xea0 [ 103.039849][ T9451] ? netlink_unicast+0x7d0/0x7d0 [ 103.044773][ T9451] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 103.050316][ T9451] ? apparmor_socket_sendmsg+0x2a/0x30 [ 103.055766][ T9451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.061993][ T9451] ? security_socket_sendmsg+0x8d/0xc0 [ 103.067438][ T9451] ? netlink_unicast+0x7d0/0x7d0 [ 103.072447][ T9451] sock_sendmsg+0xd7/0x130 [ 103.076854][ T9451] ____sys_sendmsg+0x753/0x880 [ 103.081608][ T9451] ? kernel_sendmsg+0x50/0x50 [ 103.088014][ T9451] ? lockdep_init_map+0x1be/0x6d0 [ 103.093078][ T9451] ___sys_sendmsg+0x100/0x170 [ 103.097743][ T9451] ? sendmsg_copy_msghdr+0x70/0x70 [ 103.102843][ T9451] ? __kasan_check_read+0x11/0x20 [ 103.107855][ T9451] ? __lock_acquire+0x8a0/0x4a00 [ 103.112779][ T9451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.119021][ T9451] ? __this_cpu_preempt_check+0x35/0x190 [ 103.124642][ T9451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.130919][ T9451] ? percpu_counter_add_batch+0x13c/0x190 [ 103.136621][ T9451] ? __fd_install+0x1bc/0x640 [ 103.141283][ T9451] ? find_held_lock+0x35/0x130 [ 103.146034][ T9451] ? __fd_install+0x1bc/0x640 [ 103.150692][ T9451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.156958][ T9451] ? __fget_light+0x1a9/0x230 [ 103.161648][ T9451] ? __fdget+0x1b/0x20 [ 103.165699][ T9451] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 103.171925][ T9451] __sys_sendmsg+0x105/0x1d0 [ 103.176505][ T9451] ? __sys_sendmsg_sock+0xc0/0xc0 [ 103.181520][ T9451] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 103.186967][ T9451] ? do_fast_syscall_32+0xd1/0xe16 [ 103.192064][ T9451] ? entry_SYSENTER_compat+0x70/0x7f [ 103.197338][ T9451] ? do_fast_syscall_32+0xd1/0xe16 [ 103.202431][ T9451] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 103.207874][ T9451] do_fast_syscall_32+0x27b/0xe16 [ 103.212893][ T9451] entry_SYSENTER_compat+0x70/0x7f [ 103.217984][ T9451] RIP: 0023:0xf7feba39 [ 103.222037][ T9451] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 103.241624][ T9451] RSP: 002b:00000000ffa5139c EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 103.250021][ T9451] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000680 [ 103.257989][ T9451] RDX: 0000000000000040 RSI: 00000000080ea080 RDI: 00000000ffa513f0 [ 103.265944][ T9451] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 103.273928][ T9451] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 103.282571][ T9451] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 103.291853][ T9451] Kernel Offset: disabled [ 103.296179][ T9451] Rebooting in 86400 seconds..