[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   47.930667][   T27] audit: type=1800 audit(1579360184.698:25): pid=8485 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   47.949729][   T27] audit: type=1800 audit(1579360184.698:26): pid=8485 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   47.998054][   T27] audit: type=1800 audit(1579360184.698:27): pid=8485 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.103' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   69.598207][ T8635] ==================================================================
[   69.606394][ T8635] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40d/0xcb0
[   69.613923][ T8635] Read of size 8 at addr ffff8880a29a6200 by task syz-executor996/8635
[   69.622140][ T8635] 
[   69.624454][ T8635] CPU: 0 PID: 8635 Comm: syz-executor996 Not tainted 5.5.0-rc6-syzkaller #0
[   69.633150][ T8635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.643231][ T8635] Call Trace:
[   69.646514][ T8635]  dump_stack+0x1fb/0x318
[   69.650828][ T8635]  print_address_description+0x74/0x5c0
[   69.656359][ T8635]  ? vprintk_func+0x158/0x170
[   69.661013][ T8635]  ? printk+0x62/0x8d
[   69.665021][ T8635]  ? vprintk_emit+0x2d4/0x3a0
[   69.669678][ T8635]  __kasan_report+0x149/0x1c0
[   69.674403][ T8635]  ? bitmap_ip_list+0x40d/0xcb0
[   69.679284][ T8635]  kasan_report+0x26/0x50
[   69.683636][ T8635]  ? debug_smp_processor_id+0x9/0x20
[   69.688902][ T8635]  check_memory_region+0x2b6/0x2f0
[   69.694105][ T8635]  __kasan_check_read+0x11/0x20
[   69.699281][ T8635]  bitmap_ip_list+0x40d/0xcb0
[   69.704006][ T8635]  ip_set_dump_start+0x10f9/0x1800
[   69.709132][ T8635]  netlink_dump+0x4ed/0x1170
[   69.713705][ T8635]  __netlink_dump_start+0x5cb/0x7b0
[   69.718980][ T8635]  ip_set_dump+0x107/0x160
[   69.723723][ T8635]  ? __find_set_type_get+0x540/0x540
[   69.729021][ T8635]  ? ip_set_dump_start+0x1800/0x1800
[   69.734505][ T8635]  ? ip_set_swap+0x730/0x730
[   69.739072][ T8635]  nfnetlink_rcv_msg+0x9ae/0xcd0
[   69.744015][ T8635]  ? cap_capable+0x25b/0x290
[   69.748587][ T8635]  ? cap_capable+0x25b/0x290
[   69.753189][ T8635]  netlink_rcv_skb+0x19e/0x3e0
[   69.757948][ T8635]  ? nfnetlink_bind+0x250/0x250
[   69.762816][ T8635]  nfnetlink_rcv+0x1e0/0x1e50
[   69.767594][ T8635]  ? rcu_lock_release+0x9/0x30
[   69.772418][ T8635]  ? rcu_lock_release+0x21/0x30
[   69.777261][ T8635]  ? netlink_deliver_tap+0x142/0x880
[   69.782538][ T8635]  netlink_unicast+0x767/0x920
[   69.787346][ T8635]  netlink_sendmsg+0xa2c/0xd50
[   69.792157][ T8635]  ? netlink_getsockopt+0x9f0/0x9f0
[   69.797344][ T8635]  ____sys_sendmsg+0x4f7/0x7f0
[   69.802103][ T8635]  __sys_sendmsg+0x1ed/0x290
[   69.806689][ T8635]  ? check_preemption_disabled+0xb4/0x260
[   69.812440][ T8635]  ? debug_smp_processor_id+0x9/0x20
[   69.817726][ T8635]  ? debug_smp_processor_id+0x1c/0x20
[   69.823082][ T8635]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   69.829134][ T8635]  ? prepare_exit_to_usermode+0x221/0x5b0
[   69.834865][ T8635]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[   69.840612][ T8635]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   69.846233][ T8635]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[   69.851944][ T8635]  ? do_syscall_64+0x1d/0x1c0
[   69.856611][ T8635]  __x64_sys_sendmsg+0x7f/0x90
[   69.861361][ T8635]  do_syscall_64+0xf7/0x1c0
[   69.865894][ T8635]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   69.871772][ T8635] RIP: 0033:0x440529
[   69.875670][ T8635] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   69.895265][ T8635] RSP: 002b:00007ffc658b0d28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   69.903663][ T8635] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529
[   69.911625][ T8635] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004
[   69.919578][ T8635] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   69.927579][ T8635] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0
[   69.935579][ T8635] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000
[   69.943586][ T8635] 
[   69.945942][ T8635] Allocated by task 8635:
[   69.950279][ T8635]  __kasan_kmalloc+0x118/0x1c0
[   69.955031][ T8635]  kasan_kmalloc+0x9/0x10
[   69.959357][ T8635]  __kmalloc+0x254/0x340
[   69.963590][ T8635]  kzalloc+0x21/0x40
[   69.967502][ T8635]  ip_set_alloc+0x32/0x60
[   69.971812][ T8635]  bitmap_ip_create+0x48b/0xac0
[   69.977016][ T8635]  ip_set_create+0x421/0xfd0
[   69.981587][ T8635]  nfnetlink_rcv_msg+0x9ae/0xcd0
[   69.986514][ T8635]  netlink_rcv_skb+0x19e/0x3e0
[   69.991279][ T8635]  nfnetlink_rcv+0x1e0/0x1e50
[   69.995943][ T8635]  netlink_unicast+0x767/0x920
[   70.000694][ T8635]  netlink_sendmsg+0xa2c/0xd50
[   70.005445][ T8635]  ____sys_sendmsg+0x4f7/0x7f0
[   70.010243][ T8635]  __sys_sendmsg+0x1ed/0x290
[   70.014826][ T8635]  __x64_sys_sendmsg+0x7f/0x90
[   70.019618][ T8635]  do_syscall_64+0xf7/0x1c0
[   70.024303][ T8635]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.030209][ T8635] 
[   70.032521][ T8635] Freed by task 8379:
[   70.036527][ T8635]  __kasan_slab_free+0x12e/0x1e0
[   70.041452][ T8635]  kasan_slab_free+0xe/0x10
[   70.045960][ T8635]  kfree+0x10d/0x220
[   70.049932][ T8635]  tomoyo_path_perm+0x6ae/0x850
[   70.054772][ T8635]  tomoyo_inode_getattr+0x1c/0x20
[   70.059774][ T8635]  security_inode_getattr+0xc0/0x140
[   70.065047][ T8635]  vfs_getattr+0x2a/0x6d0
[   70.069420][ T8635]  __se_sys_newstat+0x95/0x150
[   70.074174][ T8635]  __x64_sys_newstat+0x5b/0x70
[   70.079078][ T8635]  do_syscall_64+0xf7/0x1c0
[   70.083573][ T8635]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.089437][ T8635] 
[   70.091743][ T8635] The buggy address belongs to the object at ffff8880a29a6200
[   70.091743][ T8635]  which belongs to the cache kmalloc-32 of size 32
[   70.105704][ T8635] The buggy address is located 0 bytes inside of
[   70.105704][ T8635]  32-byte region [ffff8880a29a6200, ffff8880a29a6220)
[   70.118703][ T8635] The buggy address belongs to the page:
[   70.124376][ T8635] page:ffffea00028a6980 refcount:1 mapcount:0 mapping:ffff8880aa8001c0 index:0xffff8880a29a6fc1
[   70.134770][ T8635] raw: 00fffe0000000200 ffffea0002878b88 ffffea00028d10c8 ffff8880aa8001c0
[   70.143338][ T8635] raw: ffff8880a29a6fc1 ffff8880a29a6000 000000010000003f 0000000000000000
[   70.151898][ T8635] page dumped because: kasan: bad access detected
[   70.158305][ T8635] 
[   70.160610][ T8635] Memory state around the buggy address:
[   70.166234][ T8635]  ffff8880a29a6100: 06 fc fc fc fc fc fc fc 06 fc fc fc fc fc fc fc
[   70.174281][ T8635]  ffff8880a29a6180: 06 fc fc fc fc fc fc fc 06 fc fc fc fc fc fc fc
[   70.182347][ T8635] >ffff8880a29a6200: 04 fc fc fc fc fc fc fc 06 fc fc fc fc fc fc fc
[   70.190392][ T8635]                    ^
[   70.194448][ T8635]  ffff8880a29a6280: 06 fc fc fc fc fc fc fc 06 fc fc fc fc fc fc fc
[   70.202508][ T8635]  ffff8880a29a6300: 06 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   70.210548][ T8635] ==================================================================
[   70.218582][ T8635] Disabling lock debugging due to kernel taint
[   70.225371][ T8635] Kernel panic - not syncing: panic_on_warn set ...
[   70.231961][ T8635] CPU: 0 PID: 8635 Comm: syz-executor996 Tainted: G    B             5.5.0-rc6-syzkaller #0
[   70.242007][ T8635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.252045][ T8635] Call Trace:
[   70.255316][ T8635]  dump_stack+0x1fb/0x318
[   70.259622][ T8635]  panic+0x264/0x7a9
[   70.263500][ T8635]  ? __kasan_report+0x193/0x1c0
[   70.268324][ T8635]  ? trace_hardirqs_on+0x34/0x80
[   70.273248][ T8635]  ? __kasan_report+0x193/0x1c0
[   70.278103][ T8635]  __kasan_report+0x1b9/0x1c0
[   70.282784][ T8635]  ? bitmap_ip_list+0x40d/0xcb0
[   70.287611][ T8635]  kasan_report+0x26/0x50
[   70.291917][ T8635]  ? debug_smp_processor_id+0x9/0x20
[   70.297173][ T8635]  check_memory_region+0x2b6/0x2f0
[   70.302269][ T8635]  __kasan_check_read+0x11/0x20
[   70.307248][ T8635]  bitmap_ip_list+0x40d/0xcb0
[   70.311908][ T8635]  ip_set_dump_start+0x10f9/0x1800
[   70.317006][ T8635]  netlink_dump+0x4ed/0x1170
[   70.321589][ T8635]  __netlink_dump_start+0x5cb/0x7b0
[   70.326825][ T8635]  ip_set_dump+0x107/0x160
[   70.331226][ T8635]  ? __find_set_type_get+0x540/0x540
[   70.336485][ T8635]  ? ip_set_dump_start+0x1800/0x1800
[   70.341839][ T8635]  ? ip_set_swap+0x730/0x730
[   70.346526][ T8635]  nfnetlink_rcv_msg+0x9ae/0xcd0
[   70.351518][ T8635]  ? cap_capable+0x25b/0x290
[   70.356093][ T8635]  ? cap_capable+0x25b/0x290
[   70.360713][ T8635]  netlink_rcv_skb+0x19e/0x3e0
[   70.365511][ T8635]  ? nfnetlink_bind+0x250/0x250
[   70.370347][ T8635]  nfnetlink_rcv+0x1e0/0x1e50
[   70.375017][ T8635]  ? rcu_lock_release+0x9/0x30
[   70.379811][ T8635]  ? rcu_lock_release+0x21/0x30
[   70.384634][ T8635]  ? netlink_deliver_tap+0x142/0x880
[   70.389950][ T8635]  netlink_unicast+0x767/0x920
[   70.394705][ T8635]  netlink_sendmsg+0xa2c/0xd50
[   70.399454][ T8635]  ? netlink_getsockopt+0x9f0/0x9f0
[   70.404698][ T8635]  ____sys_sendmsg+0x4f7/0x7f0
[   70.409455][ T8635]  __sys_sendmsg+0x1ed/0x290
[   70.414091][ T8635]  ? check_preemption_disabled+0xb4/0x260
[   70.420620][ T8635]  ? debug_smp_processor_id+0x9/0x20
[   70.425950][ T8635]  ? debug_smp_processor_id+0x1c/0x20
[   70.431302][ T8635]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   70.437385][ T8635]  ? prepare_exit_to_usermode+0x221/0x5b0
[   70.443144][ T8635]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[   70.448857][ T8635]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   70.454323][ T8635]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[   70.460030][ T8635]  ? do_syscall_64+0x1d/0x1c0
[   70.464738][ T8635]  __x64_sys_sendmsg+0x7f/0x90
[   70.469518][ T8635]  do_syscall_64+0xf7/0x1c0
[   70.474047][ T8635]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.479923][ T8635] RIP: 0033:0x440529
[   70.483814][ T8635] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   70.503451][ T8635] RSP: 002b:00007ffc658b0d28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   70.511891][ T8635] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529
[   70.519851][ T8635] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004
[   70.527927][ T8635] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   70.536026][ T8635] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0
[   70.544002][ T8635] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000
[   70.553357][ T8635] Kernel Offset: disabled
[   70.557690][ T8635] Rebooting in 86400 seconds..