[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   86.919835][   T27] audit: type=1800 audit(1579401400.085:25): pid=9507 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   86.939709][   T27] audit: type=1800 audit(1579401400.085:26): pid=9507 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   86.976964][   T27] audit: type=1800 audit(1579401400.095:27): pid=9507 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  100.873633][ T9658] ==================================================================
[  100.881827][ T9658] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080
[  100.889704][ T9658] Read of size 8 at addr ffff888099d6c9c0 by task syz-executor921/9658
[  100.897979][ T9658] 
[  100.900296][ T9658] CPU: 1 PID: 9658 Comm: syz-executor921 Not tainted 5.5.0-rc5-syzkaller #0
[  100.909020][ T9658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  100.919076][ T9658] Call Trace:
[  100.922359][ T9658]  dump_stack+0x197/0x210
[  100.926700][ T9658]  ? bitmap_ipmac_list+0x635/0x1080
[  100.931952][ T9658]  print_address_description.constprop.0.cold+0xd4/0x30b
[  100.938970][ T9658]  ? bitmap_ipmac_list+0x635/0x1080
[  100.944156][ T9658]  ? bitmap_ipmac_list+0x635/0x1080
[  100.949352][ T9658]  __kasan_report.cold+0x1b/0x41
[  100.954294][ T9658]  ? bitmap_ipmac_list+0x635/0x1080
[  100.959475][ T9658]  kasan_report+0x12/0x20
[  100.963902][ T9658]  check_memory_region+0x134/0x1a0
[  100.969005][ T9658]  __kasan_check_read+0x11/0x20
[  100.973905][ T9658]  bitmap_ipmac_list+0x635/0x1080
[  100.978943][ T9658]  ? bitmap_ipmac_head+0x8a0/0x8a0
[  100.984102][ T9658]  ? nla_put+0x110/0x150
[  100.988356][ T9658]  ip_set_dump_start+0x96c/0x1ca0
[  100.993379][ T9658]  ? ip_set_rename+0x720/0x720
[  100.998147][ T9658]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  101.003891][ T9658]  ? perf_trace_lock_acquire+0x4b0/0x530
[  101.009521][ T9658]  ? __kasan_check_write+0x14/0x20
[  101.014641][ T9658]  netlink_dump+0x558/0xfb0
[  101.019148][ T9658]  ? __netlink_sendskb+0xc0/0xc0
[  101.024093][ T9658]  __netlink_dump_start+0x66a/0x930
[  101.029295][ T9658]  ip_set_dump+0x15a/0x1d0
[  101.033706][ T9658]  ? call_ad+0x5a0/0x5a0
[  101.038003][ T9658]  ? ip_set_rename+0x720/0x720
[  101.042883][ T9658]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[  101.048693][ T9658]  ? call_ad+0x5a0/0x5a0
[  101.052923][ T9658]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  101.057891][ T9658]  ? nfnetlink_bind+0x2c0/0x2c0
[  101.062742][ T9658]  ? __kasan_check_read+0x11/0x20
[  101.067750][ T9658]  ? __lock_acquire+0x8a0/0x4a00
[  101.072792][ T9658]  ? save_stack+0x5c/0x90
[  101.077136][ T9658]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  101.083475][ T9658]  ? apparmor_capable+0x497/0x900
[  101.088502][ T9658]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  101.094797][ T9658]  ? __kasan_check_read+0x11/0x20
[  101.099927][ T9658]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  101.105382][ T9658]  netlink_rcv_skb+0x177/0x450
[  101.110136][ T9658]  ? nfnetlink_bind+0x2c0/0x2c0
[  101.114984][ T9658]  ? netlink_ack+0xb50/0xb50
[  101.119617][ T9658]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  101.125861][ T9658]  ? ns_capable_common+0x93/0x100
[  101.130873][ T9658]  ? ns_capable+0x20/0x30
[  101.135195][ T9658]  ? __netlink_ns_capable+0x104/0x140
[  101.140559][ T9658]  nfnetlink_rcv+0x1ba/0x460
[  101.145148][ T9658]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  101.150622][ T9658]  ? netlink_deliver_tap+0x24a/0xbe0
[  101.155968][ T9658]  ? __kasan_check_write+0x14/0x20
[  101.161076][ T9658]  netlink_unicast+0x58c/0x7d0
[  101.165887][ T9658]  ? netlink_attachskb+0x870/0x870
[  101.171104][ T9658]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  101.176932][ T9658]  ? __check_object_size+0x3d/0x437
[  101.182127][ T9658]  netlink_sendmsg+0x91c/0xea0
[  101.186924][ T9658]  ? netlink_unicast+0x7d0/0x7d0
[  101.191848][ T9658]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  101.197496][ T9658]  ? apparmor_socket_sendmsg+0x2a/0x30
[  101.202996][ T9658]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  101.209252][ T9658]  ? security_socket_sendmsg+0x8d/0xc0
[  101.214883][ T9658]  ? netlink_unicast+0x7d0/0x7d0
[  101.219815][ T9658]  sock_sendmsg+0xd7/0x130
[  101.224275][ T9658]  ____sys_sendmsg+0x753/0x880
[  101.229035][ T9658]  ? kernel_sendmsg+0x50/0x50
[  101.233750][ T9658]  ? lockdep_init_map+0x1be/0x6d0
[  101.238782][ T9658]  ___sys_sendmsg+0x100/0x170
[  101.243456][ T9658]  ? sendmsg_copy_msghdr+0x70/0x70
[  101.248568][ T9658]  ? __kasan_check_read+0x11/0x20
[  101.253581][ T9658]  ? __lock_acquire+0x8a0/0x4a00
[  101.258520][ T9658]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  101.264804][ T9658]  ? __this_cpu_preempt_check+0x35/0x190
[  101.270432][ T9658]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  101.276673][ T9658]  ? percpu_counter_add_batch+0x13c/0x190
[  101.282418][ T9658]  ? __fd_install+0x1bc/0x640
[  101.287254][ T9658]  ? find_held_lock+0x35/0x130
[  101.292012][ T9658]  ? __fd_install+0x1bc/0x640
[  101.296723][ T9658]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  101.302952][ T9658]  ? __fget_light+0x1a9/0x230
[  101.307622][ T9658]  ? __fdget+0x1b/0x20
[  101.311679][ T9658]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  101.317924][ T9658]  __sys_sendmsg+0x105/0x1d0
[  101.322509][ T9658]  ? __sys_sendmsg_sock+0xc0/0xc0
[  101.327582][ T9658]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  101.333031][ T9658]  ? do_syscall_64+0x26/0x790
[  101.337701][ T9658]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  101.343758][ T9658]  ? do_syscall_64+0x26/0x790
[  101.348458][ T9658]  __x64_sys_sendmsg+0x78/0xb0
[  101.353216][ T9658]  do_syscall_64+0xfa/0x790
[  101.357821][ T9658]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  101.363698][ T9658] RIP: 0033:0x440529
[  101.367584][ T9658] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  101.387285][ T9658] RSP: 002b:00007ffeabe5a7e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  101.395748][ T9658] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529
[  101.403983][ T9658] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004
[  101.411952][ T9658] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[  101.419920][ T9658] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0
[  101.427926][ T9658] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000
[  101.436080][ T9658] 
[  101.438434][ T9658] Allocated by task 9658:
[  101.442809][ T9658]  save_stack+0x23/0x90
[  101.447038][ T9658]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  101.452662][ T9658]  kasan_kmalloc+0x9/0x10
[  101.456969][ T9658]  __kmalloc+0x163/0x770
[  101.461244][ T9658]  ip_set_alloc+0x38/0x5e
[  101.465559][ T9658]  bitmap_ipmac_create+0x4e8/0xa00
[  101.470663][ T9658]  ip_set_create+0x6f1/0x1500
[  101.475422][ T9658]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  101.480398][ T9658]  netlink_rcv_skb+0x177/0x450
[  101.485164][ T9658]  nfnetlink_rcv+0x1ba/0x460
[  101.489745][ T9658]  netlink_unicast+0x58c/0x7d0
[  101.494498][ T9658]  netlink_sendmsg+0x91c/0xea0
[  101.499255][ T9658]  sock_sendmsg+0xd7/0x130
[  101.503664][ T9658]  ____sys_sendmsg+0x753/0x880
[  101.508405][ T9658]  ___sys_sendmsg+0x100/0x170
[  101.513078][ T9658]  __sys_sendmsg+0x105/0x1d0
[  101.517651][ T9658]  __x64_sys_sendmsg+0x78/0xb0
[  101.522413][ T9658]  do_syscall_64+0xfa/0x790
[  101.526928][ T9658]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  101.532850][ T9658] 
[  101.535160][ T9658] Freed by task 9420:
[  101.539179][ T9658]  save_stack+0x23/0x90
[  101.543323][ T9658]  __kasan_slab_free+0x102/0x150
[  101.548238][ T9658]  kasan_slab_free+0xe/0x10
[  101.552734][ T9658]  kfree+0x10a/0x2c0
[  101.556633][ T9658]  load_elf_binary+0x61c/0x5310
[  101.561467][ T9658]  search_binary_handler+0x16d/0x570
[  101.566733][ T9658]  load_script+0x66a/0x8d0
[  101.571140][ T9658]  search_binary_handler+0x16d/0x570
[  101.576418][ T9658]  __do_execve_file.isra.0+0x1329/0x22b0
[  101.582039][ T9658]  __x64_sys_execve+0x8f/0xc0
[  101.586787][ T9658]  do_syscall_64+0xfa/0x790
[  101.591289][ T9658]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  101.597160][ T9658] 
[  101.599481][ T9658] The buggy address belongs to the object at ffff888099d6c9c0
[  101.599481][ T9658]  which belongs to the cache kmalloc-32 of size 32
[  101.613499][ T9658] The buggy address is located 0 bytes inside of
[  101.613499][ T9658]  32-byte region [ffff888099d6c9c0, ffff888099d6c9e0)
[  101.626621][ T9658] The buggy address belongs to the page:
[  101.632282][ T9658] page:ffffea0002675b00 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff888099d6cfc1
[  101.642738][ T9658] raw: 00fffe0000000200 ffffea000269d988 ffffea00027b0c08 ffff8880aa4001c0
[  101.651414][ T9658] raw: ffff888099d6cfc1 ffff888099d6c000 000000010000003f 0000000000000000
[  101.660014][ T9658] page dumped because: kasan: bad access detected
[  101.666475][ T9658] 
[  101.668807][ T9658] Memory state around the buggy address:
[  101.674520][ T9658]  ffff888099d6c880: 06 fc fc fc fc fc fc fc 06 fc fc fc fc fc fc fc
[  101.682633][ T9658]  ffff888099d6c900: 04 fc fc fc fc fc fc fc 04 fc fc fc fc fc fc fc
[  101.691245][ T9658] >ffff888099d6c980: 04 fc fc fc fc fc fc fc 04 fc fc fc fc fc fc fc
[  101.699304][ T9658]                                            ^
[  101.705577][ T9658]  ffff888099d6ca00: 06 fc fc fc fc fc fc fc 00 01 fc fc fc fc fc fc
[  101.713706][ T9658]  ffff888099d6ca80: fb fb fb fb fc fc fc fc 06 fc fc fc fc fc fc fc
[  101.721856][ T9658] ==================================================================
[  101.730011][ T9658] Disabling lock debugging due to kernel taint
[  101.736670][ T9658] Kernel panic - not syncing: panic_on_warn set ...
[  101.743286][ T9658] CPU: 1 PID: 9658 Comm: syz-executor921 Tainted: G    B             5.5.0-rc5-syzkaller #0
[  101.753343][ T9658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  101.763460][ T9658] Call Trace:
[  101.766786][ T9658]  dump_stack+0x197/0x210
[  101.771110][ T9658]  panic+0x2e3/0x75c
[  101.775043][ T9658]  ? add_taint.cold+0x16/0x16
[  101.779708][ T9658]  ? bitmap_ipmac_list+0x635/0x1080
[  101.784892][ T9658]  ? preempt_schedule+0x4b/0x60
[  101.789736][ T9658]  ? ___preempt_schedule+0x16/0x18
[  101.794833][ T9658]  ? trace_hardirqs_on+0x5e/0x240
[  101.799850][ T9658]  ? bitmap_ipmac_list+0x635/0x1080
[  101.805207][ T9658]  end_report+0x47/0x4f
[  101.809350][ T9658]  ? bitmap_ipmac_list+0x635/0x1080
[  101.814542][ T9658]  __kasan_report.cold+0xe/0x41
[  101.819388][ T9658]  ? bitmap_ipmac_list+0x635/0x1080
[  101.824585][ T9658]  kasan_report+0x12/0x20
[  101.828901][ T9658]  check_memory_region+0x134/0x1a0
[  101.834017][ T9658]  __kasan_check_read+0x11/0x20
[  101.838857][ T9658]  bitmap_ipmac_list+0x635/0x1080
[  101.843878][ T9658]  ? bitmap_ipmac_head+0x8a0/0x8a0
[  101.848975][ T9658]  ? nla_put+0x110/0x150
[  101.853203][ T9658]  ip_set_dump_start+0x96c/0x1ca0
[  101.858511][ T9658]  ? ip_set_rename+0x720/0x720
[  101.863399][ T9658]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  101.868935][ T9658]  ? perf_trace_lock_acquire+0x4b0/0x530
[  101.874676][ T9658]  ? __kasan_check_write+0x14/0x20
[  101.879912][ T9658]  netlink_dump+0x558/0xfb0
[  101.884417][ T9658]  ? __netlink_sendskb+0xc0/0xc0
[  101.889580][ T9658]  __netlink_dump_start+0x66a/0x930
[  101.894845][ T9658]  ip_set_dump+0x15a/0x1d0
[  101.899271][ T9658]  ? call_ad+0x5a0/0x5a0
[  101.903546][ T9658]  ? ip_set_rename+0x720/0x720
[  101.908292][ T9658]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[  101.914148][ T9658]  ? call_ad+0x5a0/0x5a0
[  101.918388][ T9658]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  101.923322][ T9658]  ? nfnetlink_bind+0x2c0/0x2c0
[  101.928205][ T9658]  ? __kasan_check_read+0x11/0x20
[  101.933237][ T9658]  ? __lock_acquire+0x8a0/0x4a00
[  101.938179][ T9658]  ? save_stack+0x5c/0x90
[  101.942507][ T9658]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  101.948749][ T9658]  ? apparmor_capable+0x497/0x900
[  101.953781][ T9658]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  101.960012][ T9658]  ? __kasan_check_read+0x11/0x20
[  101.965139][ T9658]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  101.970596][ T9658]  netlink_rcv_skb+0x177/0x450
[  101.975409][ T9658]  ? nfnetlink_bind+0x2c0/0x2c0
[  101.980259][ T9658]  ? netlink_ack+0xb50/0xb50
[  101.984846][ T9658]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  101.991087][ T9658]  ? ns_capable_common+0x93/0x100
[  101.996118][ T9658]  ? ns_capable+0x20/0x30
[  102.000458][ T9658]  ? __netlink_ns_capable+0x104/0x140
[  102.005831][ T9658]  nfnetlink_rcv+0x1ba/0x460
[  102.010422][ T9658]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  102.015876][ T9658]  ? netlink_deliver_tap+0x24a/0xbe0
[  102.021163][ T9658]  ? __kasan_check_write+0x14/0x20
[  102.026281][ T9658]  netlink_unicast+0x58c/0x7d0
[  102.031064][ T9658]  ? netlink_attachskb+0x870/0x870
[  102.036176][ T9658]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  102.042005][ T9658]  ? __check_object_size+0x3d/0x437
[  102.047201][ T9658]  netlink_sendmsg+0x91c/0xea0
[  102.051967][ T9658]  ? netlink_unicast+0x7d0/0x7d0
[  102.057075][ T9658]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  102.062679][ T9658]  ? apparmor_socket_sendmsg+0x2a/0x30
[  102.068154][ T9658]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.074461][ T9658]  ? security_socket_sendmsg+0x8d/0xc0
[  102.079936][ T9658]  ? netlink_unicast+0x7d0/0x7d0
[  102.084912][ T9658]  sock_sendmsg+0xd7/0x130
[  102.089324][ T9658]  ____sys_sendmsg+0x753/0x880
[  102.094077][ T9658]  ? kernel_sendmsg+0x50/0x50
[  102.098733][ T9658]  ? lockdep_init_map+0x1be/0x6d0
[  102.103757][ T9658]  ___sys_sendmsg+0x100/0x170
[  102.108443][ T9658]  ? sendmsg_copy_msghdr+0x70/0x70
[  102.113554][ T9658]  ? __kasan_check_read+0x11/0x20
[  102.118565][ T9658]  ? __lock_acquire+0x8a0/0x4a00
[  102.123506][ T9658]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.129833][ T9658]  ? __this_cpu_preempt_check+0x35/0x190
[  102.135466][ T9658]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.141694][ T9658]  ? percpu_counter_add_batch+0x13c/0x190
[  102.147407][ T9658]  ? __fd_install+0x1bc/0x640
[  102.152070][ T9658]  ? find_held_lock+0x35/0x130
[  102.156815][ T9658]  ? __fd_install+0x1bc/0x640
[  102.161618][ T9658]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.167844][ T9658]  ? __fget_light+0x1a9/0x230
[  102.172526][ T9658]  ? __fdget+0x1b/0x20
[  102.176585][ T9658]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  102.183052][ T9658]  __sys_sendmsg+0x105/0x1d0
[  102.187631][ T9658]  ? __sys_sendmsg_sock+0xc0/0xc0
[  102.192698][ T9658]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  102.198163][ T9658]  ? do_syscall_64+0x26/0x790
[  102.202849][ T9658]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  102.208923][ T9658]  ? do_syscall_64+0x26/0x790
[  102.213608][ T9658]  __x64_sys_sendmsg+0x78/0xb0
[  102.218479][ T9658]  do_syscall_64+0xfa/0x790
[  102.222992][ T9658]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  102.228935][ T9658] RIP: 0033:0x440529
[  102.232966][ T9658] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  102.252564][ T9658] RSP: 002b:00007ffeabe5a7e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  102.260967][ T9658] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529
[  102.268950][ T9658] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004
[  102.279103][ T9658] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[  102.287092][ T9658] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0
[  102.295074][ T9658] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000
[  102.304263][ T9658] Kernel Offset: disabled
[  102.308589][ T9658] Rebooting in 86400 seconds..