[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   89.501341][   T27] audit: type=1800 audit(1580122651.013:25): pid=9627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   89.533694][   T27] audit: type=1800 audit(1580122651.023:26): pid=9627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   89.578384][   T27] audit: type=1800 audit(1580122651.023:27): pid=9627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.203' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   98.375557][ T9779] ==================================================================
[   98.384036][ T9779] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40f/0xf20
[   98.391655][ T9779] Read of size 8 at addr ffff88809e963900 by task syz-executor098/9779
[   98.399907][ T9779] 
[   98.402262][ T9779] CPU: 1 PID: 9779 Comm: syz-executor098 Not tainted 5.5.0-rc6-next-20200116-syzkaller #0
[   98.412169][ T9779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   98.422225][ T9779] Call Trace:
[   98.425509][ T9779]  dump_stack+0x197/0x210
[   98.429840][ T9779]  ? bitmap_ip_list+0x40f/0xf20
[   98.434865][ T9779]  print_address_description.constprop.0.cold+0xd4/0x30b
[   98.441924][ T9779]  ? bitmap_ip_list+0x40f/0xf20
[   98.446778][ T9779]  ? bitmap_ip_list+0x40f/0xf20
[   98.451644][ T9779]  __kasan_report.cold+0x1b/0x32
[   98.456639][ T9779]  ? bitmap_ip_list+0x40f/0xf20
[   98.461490][ T9779]  kasan_report+0x12/0x20
[   98.465809][ T9779]  check_memory_region+0x134/0x1a0
[   98.470923][ T9779]  __kasan_check_read+0x11/0x20
[   98.475763][ T9779]  bitmap_ip_list+0x40f/0xf20
[   98.480498][ T9779]  ? bitmap_ip_add+0xe60/0xe60
[   98.485395][ T9779]  ? nla_put+0x110/0x150
[   98.489639][ T9779]  ip_set_dump_start+0x96c/0x1ca0
[   98.494665][ T9779]  ? ip_set_rename+0x720/0x720
[   98.499546][ T9779]  ? __kmalloc_reserve.isra.0+0x70/0xf0
[   98.505099][ T9779]  ? __lock_acquire+0x2660/0x4a00
[   98.510127][ T9779]  ? __kasan_check_write+0x14/0x20
[   98.515240][ T9779]  netlink_dump+0x558/0xfb0
[   98.520142][ T9779]  ? __netlink_sendskb+0xc0/0xc0
[   98.525089][ T9779]  __netlink_dump_start+0x673/0x930
[   98.530286][ T9779]  ip_set_dump+0x15a/0x1d0
[   98.534697][ T9779]  ? call_ad+0x5a0/0x5a0
[   98.538947][ T9779]  ? ip_set_rename+0x720/0x720
[   98.543712][ T9779]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[   98.549615][ T9779]  ? call_ad+0x5a0/0x5a0
[   98.553867][ T9779]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   98.558794][ T9779]  ? nfnetlink_bind+0x2c0/0x2c0
[   98.563745][ T9779]  ? __kasan_check_read+0x11/0x20
[   98.569010][ T9779]  ? __lock_acquire+0x8a0/0x4a00
[   98.573935][ T9779]  ? save_stack+0x5c/0x90
[   98.578268][ T9779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.584497][ T9779]  ? apparmor_capable+0x4df/0x910
[   98.589521][ T9779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.595803][ T9779]  ? __kasan_check_read+0x11/0x20
[   98.600862][ T9779]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   98.606328][ T9779]  netlink_rcv_skb+0x177/0x450
[   98.611093][ T9779]  ? nfnetlink_bind+0x2c0/0x2c0
[   98.616062][ T9779]  ? netlink_ack+0xb50/0xb50
[   98.620653][ T9779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.626890][ T9779]  ? ns_capable_common+0x93/0x100
[   98.631922][ T9779]  ? ns_capable+0x20/0x30
[   98.636241][ T9779]  ? __netlink_ns_capable+0x104/0x140
[   98.641613][ T9779]  nfnetlink_rcv+0x1ba/0x460
[   98.646201][ T9779]  ? nfnetlink_rcv_batch+0x1780/0x1780
[   98.651658][ T9779]  ? netlink_deliver_tap+0x248/0xbf0
[   98.656948][ T9779]  ? __kasan_check_write+0x14/0x20
[   98.662046][ T9779]  netlink_unicast+0x59e/0x7e0
[   98.666808][ T9779]  ? netlink_attachskb+0x870/0x870
[   98.671913][ T9779]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   98.677729][ T9779]  ? __check_object_size+0x3d/0x437
[   98.682926][ T9779]  netlink_sendmsg+0x91c/0xea0
[   98.687698][ T9779]  ? netlink_unicast+0x7e0/0x7e0
[   98.692695][ T9779]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   98.698362][ T9779]  ? apparmor_socket_sendmsg+0x2a/0x30
[   98.703814][ T9779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.710058][ T9779]  ? security_socket_sendmsg+0x8d/0xc0
[   98.715578][ T9779]  ? netlink_unicast+0x7e0/0x7e0
[   98.720517][ T9779]  sock_sendmsg+0xd7/0x130
[   98.724949][ T9779]  ____sys_sendmsg+0x753/0x880
[   98.729727][ T9779]  ? kernel_sendmsg+0x50/0x50
[   98.734494][ T9779]  ? lockdep_init_map+0x1be/0x6d0
[   98.739524][ T9779]  ___sys_sendmsg+0x100/0x170
[   98.744551][ T9779]  ? sendmsg_copy_msghdr+0x70/0x70
[   98.749661][ T9779]  ? __kasan_check_read+0x11/0x20
[   98.754785][ T9779]  ? __lock_acquire+0x8a0/0x4a00
[   98.759853][ T9779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.766096][ T9779]  ? __this_cpu_preempt_check+0x35/0x190
[   98.771760][ T9779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.777999][ T9779]  ? percpu_counter_add_batch+0x13c/0x190
[   98.783726][ T9779]  ? __fd_install+0x1bc/0x640
[   98.788408][ T9779]  ? find_held_lock+0x35/0x130
[   98.793332][ T9779]  ? __fd_install+0x1bc/0x640
[   98.798060][ T9779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.805030][ T9779]  ? __fget_light+0x1ad/0x270
[   98.809707][ T9779]  ? __fdget+0x1b/0x20
[   98.813782][ T9779]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   98.820142][ T9779]  __sys_sendmsg+0x105/0x1d0
[   98.824837][ T9779]  ? __sys_sendmsg_sock+0xc0/0xc0
[   98.829874][ T9779]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   98.835331][ T9779]  ? do_syscall_64+0x26/0x790
[   98.839995][ T9779]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   98.846061][ T9779]  ? do_syscall_64+0x26/0x790
[   98.850805][ T9779]  __x64_sys_sendmsg+0x78/0xb0
[   98.855576][ T9779]  do_syscall_64+0xfa/0x790
[   98.860169][ T9779]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   98.866188][ T9779] RIP: 0033:0x440529
[   98.870082][ T9779] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   98.889753][ T9779] RSP: 002b:00007fff7246d5e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   98.898211][ T9779] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529
[   98.906179][ T9779] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004
[   98.914145][ T9779] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   98.922101][ T9779] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0
[   98.930167][ T9779] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000
[   98.938145][ T9779] 
[   98.940458][ T9779] Allocated by task 9779:
[   98.944781][ T9779]  save_stack+0x23/0x90
[   98.948943][ T9779]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   98.954569][ T9779]  kasan_kmalloc+0x9/0x10
[   98.958888][ T9779]  __kmalloc+0x163/0x770
[   98.963131][ T9779]  ip_set_alloc+0x38/0x5e
[   98.967445][ T9779]  bitmap_ip_create+0x6ec/0xc20
[   98.972352][ T9779]  ip_set_create+0x6f1/0x1500
[   98.977029][ T9779]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   98.981962][ T9779]  netlink_rcv_skb+0x177/0x450
[   98.986771][ T9779]  nfnetlink_rcv+0x1ba/0x460
[   98.991353][ T9779]  netlink_unicast+0x59e/0x7e0
[   98.996152][ T9779]  netlink_sendmsg+0x91c/0xea0
[   99.000913][ T9779]  sock_sendmsg+0xd7/0x130
[   99.005324][ T9779]  ____sys_sendmsg+0x753/0x880
[   99.010188][ T9779]  ___sys_sendmsg+0x100/0x170
[   99.014857][ T9779]  __sys_sendmsg+0x105/0x1d0
[   99.019445][ T9779]  __x64_sys_sendmsg+0x78/0xb0
[   99.024326][ T9779]  do_syscall_64+0xfa/0x790
[   99.028827][ T9779]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   99.034698][ T9779] 
[   99.037145][ T9779] Freed by task 9509:
[   99.041122][ T9779]  save_stack+0x23/0x90
[   99.045555][ T9779]  __kasan_slab_free+0x102/0x150
[   99.050488][ T9779]  kasan_slab_free+0xe/0x10
[   99.055038][ T9779]  kfree+0x10a/0x2c0
[   99.058982][ T9779]  tomoyo_check_open_permission+0x19e/0x3e0
[   99.064867][ T9779]  tomoyo_file_open+0xa9/0xd0
[   99.069745][ T9779]  security_file_open+0x71/0x300
[   99.074814][ T9779]  do_dentry_open+0x365/0x1350
[   99.079583][ T9779]  vfs_open+0xa0/0xd0
[   99.083571][ T9779]  path_openat+0x12fd/0x34d0
[   99.088165][ T9779]  do_filp_open+0x192/0x260
[   99.092737][ T9779]  do_sys_openat2+0x633/0x840
[   99.097507][ T9779]  do_sys_open+0xfc/0x190
[   99.101960][ T9779]  __x64_sys_open+0x7e/0xc0
[   99.106720][ T9779]  do_syscall_64+0xfa/0x790
[   99.111254][ T9779]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   99.117133][ T9779] 
[   99.119458][ T9779] The buggy address belongs to the object at ffff88809e963900
[   99.119458][ T9779]  which belongs to the cache kmalloc-32 of size 32
[   99.133466][ T9779] The buggy address is located 0 bytes inside of
[   99.133466][ T9779]  32-byte region [ffff88809e963900, ffff88809e963920)
[   99.146784][ T9779] The buggy address belongs to the page:
[   99.152477][ T9779] page:ffffea00027a58c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809e963fc1
[   99.162933][ T9779] flags: 0xfffe0000000200(slab)
[   99.167896][ T9779] raw: 00fffe0000000200 ffffea0002a51f48 ffffea0002a23488 ffff8880aa4001c0
[   99.176710][ T9779] raw: ffff88809e963fc1 ffff88809e963000 000000010000003f 0000000000000000
[   99.185387][ T9779] page dumped because: kasan: bad access detected
[   99.191790][ T9779] 
[   99.194116][ T9779] Memory state around the buggy address:
[   99.199963][ T9779]  ffff88809e963800: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   99.208018][ T9779]  ffff88809e963880: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc
[   99.216109][ T9779] >ffff88809e963900: 04 fc fc fc fc fc fc fc 00 00 fc fc fc fc fc fc
[   99.224265][ T9779]                    ^
[   99.228325][ T9779]  ffff88809e963980: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   99.236379][ T9779]  ffff88809e963a00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   99.244426][ T9779] ==================================================================
[   99.252749][ T9779] Disabling lock debugging due to kernel taint
[   99.260321][ T9779] Kernel panic - not syncing: panic_on_warn set ...
[   99.267115][ T9779] CPU: 0 PID: 9779 Comm: syz-executor098 Tainted: G    B             5.5.0-rc6-next-20200116-syzkaller #0
[   99.278431][ T9779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   99.288489][ T9779] Call Trace:
[   99.291779][ T9779]  dump_stack+0x197/0x210
[   99.296117][ T9779]  panic+0x2e3/0x75c
[   99.300007][ T9779]  ? add_taint.cold+0x16/0x16
[   99.304676][ T9779]  ? bitmap_ip_list+0x40f/0xf20
[   99.309850][ T9779]  ? preempt_schedule+0x4b/0x60
[   99.314700][ T9779]  ? ___preempt_schedule+0x16/0x18
[   99.319802][ T9779]  ? trace_hardirqs_on+0x5e/0x240
[   99.325102][ T9779]  ? bitmap_ip_list+0x40f/0xf20
[   99.329941][ T9779]  end_report+0x47/0x4f
[   99.334152][ T9779]  ? bitmap_ip_list+0x40f/0xf20
[   99.339004][ T9779]  __kasan_report.cold+0xe/0x32
[   99.343838][ T9779]  ? bitmap_ip_list+0x40f/0xf20
[   99.348683][ T9779]  kasan_report+0x12/0x20
[   99.353179][ T9779]  check_memory_region+0x134/0x1a0
[   99.358414][ T9779]  __kasan_check_read+0x11/0x20
[   99.363256][ T9779]  bitmap_ip_list+0x40f/0xf20
[   99.367926][ T9779]  ? bitmap_ip_add+0xe60/0xe60
[   99.372673][ T9779]  ? nla_put+0x110/0x150
[   99.376912][ T9779]  ip_set_dump_start+0x96c/0x1ca0
[   99.382181][ T9779]  ? ip_set_rename+0x720/0x720
[   99.386949][ T9779]  ? __kmalloc_reserve.isra.0+0x70/0xf0
[   99.392541][ T9779]  ? __lock_acquire+0x2660/0x4a00
[   99.397581][ T9779]  ? __kasan_check_write+0x14/0x20
[   99.402767][ T9779]  netlink_dump+0x558/0xfb0
[   99.407278][ T9779]  ? __netlink_sendskb+0xc0/0xc0
[   99.412219][ T9779]  __netlink_dump_start+0x673/0x930
[   99.417603][ T9779]  ip_set_dump+0x15a/0x1d0
[   99.422014][ T9779]  ? call_ad+0x5a0/0x5a0
[   99.426284][ T9779]  ? ip_set_rename+0x720/0x720
[   99.431391][ T9779]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[   99.437217][ T9779]  ? call_ad+0x5a0/0x5a0
[   99.441460][ T9779]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   99.446384][ T9779]  ? nfnetlink_bind+0x2c0/0x2c0
[   99.451332][ T9779]  ? __kasan_check_read+0x11/0x20
[   99.456349][ T9779]  ? __lock_acquire+0x8a0/0x4a00
[   99.461279][ T9779]  ? save_stack+0x5c/0x90
[   99.465601][ T9779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.471854][ T9779]  ? apparmor_capable+0x4df/0x910
[   99.476918][ T9779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.483255][ T9779]  ? __kasan_check_read+0x11/0x20
[   99.488276][ T9779]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   99.493726][ T9779]  netlink_rcv_skb+0x177/0x450
[   99.498485][ T9779]  ? nfnetlink_bind+0x2c0/0x2c0
[   99.503341][ T9779]  ? netlink_ack+0xb50/0xb50
[   99.507918][ T9779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.514153][ T9779]  ? ns_capable_common+0x93/0x100
[   99.519174][ T9779]  ? ns_capable+0x20/0x30
[   99.523524][ T9779]  ? __netlink_ns_capable+0x104/0x140
[   99.528905][ T9779]  nfnetlink_rcv+0x1ba/0x460
[   99.533480][ T9779]  ? nfnetlink_rcv_batch+0x1780/0x1780
[   99.538932][ T9779]  ? netlink_deliver_tap+0x248/0xbf0
[   99.544267][ T9779]  ? __kasan_check_write+0x14/0x20
[   99.549371][ T9779]  netlink_unicast+0x59e/0x7e0
[   99.554118][ T9779]  ? netlink_attachskb+0x870/0x870
[   99.559227][ T9779]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   99.564940][ T9779]  ? __check_object_size+0x3d/0x437
[   99.570131][ T9779]  netlink_sendmsg+0x91c/0xea0
[   99.574880][ T9779]  ? netlink_unicast+0x7e0/0x7e0
[   99.579814][ T9779]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   99.585341][ T9779]  ? apparmor_socket_sendmsg+0x2a/0x30
[   99.590845][ T9779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.597128][ T9779]  ? security_socket_sendmsg+0x8d/0xc0
[   99.602599][ T9779]  ? netlink_unicast+0x7e0/0x7e0
[   99.607536][ T9779]  sock_sendmsg+0xd7/0x130
[   99.612045][ T9779]  ____sys_sendmsg+0x753/0x880
[   99.616815][ T9779]  ? kernel_sendmsg+0x50/0x50
[   99.621510][ T9779]  ? lockdep_init_map+0x1be/0x6d0
[   99.626563][ T9779]  ___sys_sendmsg+0x100/0x170
[   99.631240][ T9779]  ? sendmsg_copy_msghdr+0x70/0x70
[   99.636348][ T9779]  ? __kasan_check_read+0x11/0x20
[   99.641397][ T9779]  ? __lock_acquire+0x8a0/0x4a00
[   99.646332][ T9779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.652621][ T9779]  ? __this_cpu_preempt_check+0x35/0x190
[   99.658358][ T9779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.664656][ T9779]  ? percpu_counter_add_batch+0x13c/0x190
[   99.670368][ T9779]  ? __fd_install+0x1bc/0x640
[   99.675073][ T9779]  ? find_held_lock+0x35/0x130
[   99.679829][ T9779]  ? __fd_install+0x1bc/0x640
[   99.684491][ T9779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.690724][ T9779]  ? __fget_light+0x1ad/0x270
[   99.695391][ T9779]  ? __fdget+0x1b/0x20
[   99.699464][ T9779]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   99.705696][ T9779]  __sys_sendmsg+0x105/0x1d0
[   99.710270][ T9779]  ? __sys_sendmsg_sock+0xc0/0xc0
[   99.715286][ T9779]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   99.720739][ T9779]  ? do_syscall_64+0x26/0x790
[   99.725468][ T9779]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   99.731541][ T9779]  ? do_syscall_64+0x26/0x790
[   99.736214][ T9779]  __x64_sys_sendmsg+0x78/0xb0
[   99.740973][ T9779]  do_syscall_64+0xfa/0x790
[   99.745472][ T9779]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   99.751498][ T9779] RIP: 0033:0x440529
[   99.755490][ T9779] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   99.775287][ T9779] RSP: 002b:00007fff7246d5e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   99.783738][ T9779] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529
[   99.791695][ T9779] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004
[   99.799693][ T9779] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   99.807650][ T9779] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0
[   99.815653][ T9779] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000
[   99.825675][ T9779] Kernel Offset: disabled
[   99.830223][ T9779] Rebooting in 86400 seconds..