[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   81.271309][   T27] audit: type=1800 audit(1579379212.869:25): pid=9763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   81.291305][   T27] audit: type=1800 audit(1579379212.869:26): pid=9763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   81.329725][   T27] audit: type=1800 audit(1579379212.879:27): pid=9763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   93.373952][ T9915] ==================================================================
[   93.382294][ T9915] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40f/0xf20
[   93.389826][ T9915] Read of size 8 at addr ffff88809ab25e40 by task syz-executor730/9915
[   93.398050][ T9915] 
[   93.400372][ T9915] CPU: 0 PID: 9915 Comm: syz-executor730 Not tainted 5.5.0-rc6-syzkaller #0
[   93.409255][ T9915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   93.419312][ T9915] Call Trace:
[   93.422623][ T9915]  dump_stack+0x197/0x210
[   93.427130][ T9915]  ? bitmap_ip_list+0x40f/0xf20
[   93.432135][ T9915]  print_address_description.constprop.0.cold+0xd4/0x30b
[   93.439157][ T9915]  ? bitmap_ip_list+0x40f/0xf20
[   93.444033][ T9915]  ? bitmap_ip_list+0x40f/0xf20
[   93.448896][ T9915]  __kasan_report.cold+0x1b/0x41
[   93.453837][ T9915]  ? bitmap_ip_list+0x40f/0xf20
[   93.458730][ T9915]  kasan_report+0x12/0x20
[   93.463196][ T9915]  check_memory_region+0x134/0x1a0
[   93.468357][ T9915]  __kasan_check_read+0x11/0x20
[   93.473212][ T9915]  bitmap_ip_list+0x40f/0xf20
[   93.477893][ T9915]  ? bitmap_ip_add+0xe60/0xe60
[   93.482654][ T9915]  ? nla_put+0x110/0x150
[   93.486909][ T9915]  ip_set_dump_start+0x96c/0x1ca0
[   93.491939][ T9915]  ? ip_set_rename+0x720/0x720
[   93.496739][ T9915]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[   93.502312][ T9915]  ? perf_trace_lock_acquire+0x4c0/0x530
[   93.507962][ T9915]  ? __kasan_check_write+0x14/0x20
[   93.513096][ T9915]  netlink_dump+0x558/0xfb0
[   93.517613][ T9915]  ? __netlink_sendskb+0xc0/0xc0
[   93.522734][ T9915]  __netlink_dump_start+0x66a/0x930
[   93.528197][ T9915]  ip_set_dump+0x15a/0x1d0
[   93.532830][ T9915]  ? call_ad+0x5a0/0x5a0
[   93.537059][ T9915]  ? ip_set_rename+0x720/0x720
[   93.541863][ T9915]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[   93.547673][ T9915]  ? call_ad+0x5a0/0x5a0
[   93.551904][ T9915]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   93.557010][ T9915]  ? nfnetlink_bind+0x2c0/0x2c0
[   93.561924][ T9915]  ? __kasan_check_read+0x11/0x20
[   93.567086][ T9915]  ? __lock_acquire+0x8a0/0x4a00
[   93.572041][ T9915]  ? save_stack+0x5c/0x90
[   93.576366][ T9915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   93.582705][ T9915]  ? apparmor_capable+0x497/0x900
[   93.587793][ T9915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   93.594130][ T9915]  ? __kasan_check_read+0x11/0x20
[   93.599164][ T9915]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   93.604619][ T9915]  netlink_rcv_skb+0x177/0x450
[   93.609433][ T9915]  ? nfnetlink_bind+0x2c0/0x2c0
[   93.614361][ T9915]  ? netlink_ack+0xb50/0xb50
[   93.618956][ T9915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   93.625190][ T9915]  ? ns_capable_common+0x93/0x100
[   93.630206][ T9915]  ? ns_capable+0x20/0x30
[   93.634669][ T9915]  ? __netlink_ns_capable+0x104/0x140
[   93.640332][ T9915]  nfnetlink_rcv+0x1ba/0x460
[   93.644952][ T9915]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   93.650550][ T9915]  ? netlink_deliver_tap+0x24a/0xbe0
[   93.655834][ T9915]  ? __kasan_check_write+0x14/0x20
[   93.661082][ T9915]  netlink_unicast+0x58c/0x7d0
[   93.665914][ T9915]  ? netlink_attachskb+0x870/0x870
[   93.671022][ T9915]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   93.676750][ T9915]  ? __check_object_size+0x3d/0x437
[   93.681939][ T9915]  netlink_sendmsg+0x91c/0xea0
[   93.686942][ T9915]  ? netlink_unicast+0x7d0/0x7d0
[   93.692012][ T9915]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   93.697639][ T9915]  ? apparmor_socket_sendmsg+0x2a/0x30
[   93.703096][ T9915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   93.709389][ T9915]  ? security_socket_sendmsg+0x8d/0xc0
[   93.714849][ T9915]  ? netlink_unicast+0x7d0/0x7d0
[   93.719790][ T9915]  sock_sendmsg+0xd7/0x130
[   93.724205][ T9915]  ____sys_sendmsg+0x753/0x880
[   93.729148][ T9915]  ? kernel_sendmsg+0x50/0x50
[   93.733833][ T9915]  ? lockdep_init_map+0x1be/0x6d0
[   93.738886][ T9915]  ___sys_sendmsg+0x100/0x170
[   93.743566][ T9915]  ? sendmsg_copy_msghdr+0x70/0x70
[   93.748815][ T9915]  ? __kasan_check_read+0x11/0x20
[   93.753827][ T9915]  ? __lock_acquire+0x8a0/0x4a00
[   93.758762][ T9915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   93.765331][ T9915]  ? __this_cpu_preempt_check+0x35/0x190
[   93.771294][ T9915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   93.778169][ T9915]  ? percpu_counter_add_batch+0x13c/0x190
[   93.783884][ T9915]  ? __fd_install+0x1bc/0x640
[   93.788872][ T9915]  ? find_held_lock+0x35/0x130
[   93.793762][ T9915]  ? __fd_install+0x1bc/0x640
[   93.798452][ T9915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   93.804790][ T9915]  ? __fget_light+0x1a9/0x230
[   93.809736][ T9915]  ? __fdget+0x1b/0x20
[   93.814070][ T9915]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   93.820780][ T9915]  __sys_sendmsg+0x105/0x1d0
[   93.825374][ T9915]  ? __sys_sendmsg_sock+0xc0/0xc0
[   93.830770][ T9915]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   93.836223][ T9915]  ? do_syscall_64+0x26/0x790
[   93.841011][ T9915]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   93.847246][ T9915]  ? do_syscall_64+0x26/0x790
[   93.851961][ T9915]  __x64_sys_sendmsg+0x78/0xb0
[   93.856739][ T9915]  do_syscall_64+0xfa/0x790
[   93.861728][ T9915]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   93.867925][ T9915] RIP: 0033:0x440529
[   93.872064][ T9915] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   93.892550][ T9915] RSP: 002b:00007ffcbbb3db08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   93.901059][ T9915] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529
[   93.909254][ T9915] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004
[   93.917223][ T9915] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   93.925464][ T9915] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0
[   93.933541][ T9915] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000
[   93.941795][ T9915] 
[   93.944257][ T9915] Allocated by task 9915:
[   93.948745][ T9915]  save_stack+0x23/0x90
[   93.953094][ T9915]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   93.958874][ T9915]  kasan_kmalloc+0x9/0x10
[   93.963214][ T9915]  __kmalloc+0x163/0x770
[   93.967567][ T9915]  ip_set_alloc+0x38/0x5e
[   93.972143][ T9915]  bitmap_ip_create+0x6ec/0xc20
[   93.977435][ T9915]  ip_set_create+0x6f1/0x1500
[   93.982107][ T9915]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   93.987249][ T9915]  netlink_rcv_skb+0x177/0x450
[   93.992134][ T9915]  nfnetlink_rcv+0x1ba/0x460
[   93.996721][ T9915]  netlink_unicast+0x58c/0x7d0
[   94.001659][ T9915]  netlink_sendmsg+0x91c/0xea0
[   94.007330][ T9915]  sock_sendmsg+0xd7/0x130
[   94.012121][ T9915]  ____sys_sendmsg+0x753/0x880
[   94.016949][ T9915]  ___sys_sendmsg+0x100/0x170
[   94.022379][ T9915]  __sys_sendmsg+0x105/0x1d0
[   94.026992][ T9915]  __x64_sys_sendmsg+0x78/0xb0
[   94.031743][ T9915]  do_syscall_64+0xfa/0x790
[   94.036241][ T9915]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   94.042144][ T9915] 
[   94.044470][ T9915] Freed by task 9657:
[   94.048466][ T9915]  save_stack+0x23/0x90
[   94.052616][ T9915]  __kasan_slab_free+0x102/0x150
[   94.057582][ T9915]  kasan_slab_free+0xe/0x10
[   94.062113][ T9915]  kfree+0x10a/0x2c0
[   94.066033][ T9915]  tomoyo_unix_entry+0x469/0x5d0
[   94.071227][ T9915]  tomoyo_socket_connect_permission+0x331/0x380
[   94.077479][ T9915]  tomoyo_socket_connect+0x26/0x30
[   94.082624][ T9915]  security_socket_connect+0x77/0xc0
[   94.088199][ T9915]  __sys_connect_file+0xae/0x1c0
[   94.093790][ T9915]  __sys_connect+0x174/0x1b0
[   94.098661][ T9915]  __x64_sys_connect+0x73/0xb0
[   94.103496][ T9915]  do_syscall_64+0xfa/0x790
[   94.108041][ T9915]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   94.114121][ T9915] 
[   94.116471][ T9915] The buggy address belongs to the object at ffff88809ab25e40
[   94.116471][ T9915]  which belongs to the cache kmalloc-32 of size 32
[   94.130621][ T9915] The buggy address is located 0 bytes inside of
[   94.130621][ T9915]  32-byte region [ffff88809ab25e40, ffff88809ab25e60)
[   94.143884][ T9915] The buggy address belongs to the page:
[   94.149621][ T9915] page:ffffea00026ac940 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809ab25fc1
[   94.160128][ T9915] raw: 00fffe0000000200 ffffea00029ada88 ffffea00026863c8 ffff8880aa4001c0
[   94.168716][ T9915] raw: ffff88809ab25fc1 ffff88809ab25000 000000010000003e 0000000000000000
[   94.177550][ T9915] page dumped because: kasan: bad access detected
[   94.183956][ T9915] 
[   94.186303][ T9915] Memory state around the buggy address:
[   94.193490][ T9915]  ffff88809ab25d00: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc
[   94.201679][ T9915]  ffff88809ab25d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   94.209751][ T9915] >ffff88809ab25e00: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc
[   94.217848][ T9915]                                            ^
[   94.224008][ T9915]  ffff88809ab25e80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   94.232477][ T9915]  ffff88809ab25f00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   94.240645][ T9915] ==================================================================
[   94.248815][ T9915] Disabling lock debugging due to kernel taint
[   94.256409][ T9915] Kernel panic - not syncing: panic_on_warn set ...
[   94.263572][ T9915] CPU: 0 PID: 9915 Comm: syz-executor730 Tainted: G    B             5.5.0-rc6-syzkaller #0
[   94.274424][ T9915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   94.284566][ T9915] Call Trace:
[   94.287856][ T9915]  dump_stack+0x197/0x210
[   94.292228][ T9915]  panic+0x2e3/0x75c
[   94.296133][ T9915]  ? add_taint.cold+0x16/0x16
[   94.300804][ T9915]  ? bitmap_ip_list+0x40f/0xf20
[   94.305649][ T9915]  ? preempt_schedule+0x4b/0x60
[   94.310596][ T9915]  ? ___preempt_schedule+0x16/0x18
[   94.315904][ T9915]  ? trace_hardirqs_on+0x5e/0x240
[   94.321043][ T9915]  ? bitmap_ip_list+0x40f/0xf20
[   94.325882][ T9915]  end_report+0x47/0x4f
[   94.330133][ T9915]  ? bitmap_ip_list+0x40f/0xf20
[   94.335010][ T9915]  __kasan_report.cold+0xe/0x41
[   94.339850][ T9915]  ? bitmap_ip_list+0x40f/0xf20
[   94.344832][ T9915]  kasan_report+0x12/0x20
[   94.349221][ T9915]  check_memory_region+0x134/0x1a0
[   94.354443][ T9915]  __kasan_check_read+0x11/0x20
[   94.359377][ T9915]  bitmap_ip_list+0x40f/0xf20
[   94.364245][ T9915]  ? bitmap_ip_add+0xe60/0xe60
[   94.369091][ T9915]  ? nla_put+0x110/0x150
[   94.373576][ T9915]  ip_set_dump_start+0x96c/0x1ca0
[   94.379924][ T9915]  ? ip_set_rename+0x720/0x720
[   94.384787][ T9915]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[   94.390328][ T9915]  ? perf_trace_lock_acquire+0x4c0/0x530
[   94.395983][ T9915]  ? __kasan_check_write+0x14/0x20
[   94.401111][ T9915]  netlink_dump+0x558/0xfb0
[   94.405603][ T9915]  ? __netlink_sendskb+0xc0/0xc0
[   94.410662][ T9915]  __netlink_dump_start+0x66a/0x930
[   94.415963][ T9915]  ip_set_dump+0x15a/0x1d0
[   94.420376][ T9915]  ? call_ad+0x5a0/0x5a0
[   94.424613][ T9915]  ? ip_set_rename+0x720/0x720
[   94.429734][ T9915]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[   94.435705][ T9915]  ? call_ad+0x5a0/0x5a0
[   94.440380][ T9915]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   94.445390][ T9915]  ? nfnetlink_bind+0x2c0/0x2c0
[   94.450338][ T9915]  ? __kasan_check_read+0x11/0x20
[   94.455448][ T9915]  ? __lock_acquire+0x8a0/0x4a00
[   94.460382][ T9915]  ? save_stack+0x5c/0x90
[   94.464711][ T9915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   94.471030][ T9915]  ? apparmor_capable+0x497/0x900
[   94.476051][ T9915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   94.482392][ T9915]  ? __kasan_check_read+0x11/0x20
[   94.487415][ T9915]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   94.493244][ T9915]  netlink_rcv_skb+0x177/0x450
[   94.498033][ T9915]  ? nfnetlink_bind+0x2c0/0x2c0
[   94.502907][ T9915]  ? netlink_ack+0xb50/0xb50
[   94.507507][ T9915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   94.513886][ T9915]  ? ns_capable_common+0x93/0x100
[   94.518919][ T9915]  ? ns_capable+0x20/0x30
[   94.523349][ T9915]  ? __netlink_ns_capable+0x104/0x140
[   94.528868][ T9915]  nfnetlink_rcv+0x1ba/0x460
[   94.533567][ T9915]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   94.539019][ T9915]  ? netlink_deliver_tap+0x24a/0xbe0
[   94.544616][ T9915]  ? __kasan_check_write+0x14/0x20
[   94.549897][ T9915]  netlink_unicast+0x58c/0x7d0
[   94.554793][ T9915]  ? netlink_attachskb+0x870/0x870
[   94.559936][ T9915]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   94.565667][ T9915]  ? __check_object_size+0x3d/0x437
[   94.570971][ T9915]  netlink_sendmsg+0x91c/0xea0
[   94.575848][ T9915]  ? netlink_unicast+0x7d0/0x7d0
[   94.580887][ T9915]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   94.586560][ T9915]  ? apparmor_socket_sendmsg+0x2a/0x30
[   94.592017][ T9915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   94.600697][ T9915]  ? security_socket_sendmsg+0x8d/0xc0
[   94.606616][ T9915]  ? netlink_unicast+0x7d0/0x7d0
[   94.611674][ T9915]  sock_sendmsg+0xd7/0x130
[   94.616106][ T9915]  ____sys_sendmsg+0x753/0x880
[   94.620993][ T9915]  ? kernel_sendmsg+0x50/0x50
[   94.625813][ T9915]  ? lockdep_init_map+0x1be/0x6d0
[   94.630832][ T9915]  ___sys_sendmsg+0x100/0x170
[   94.635651][ T9915]  ? sendmsg_copy_msghdr+0x70/0x70
[   94.640758][ T9915]  ? __kasan_check_read+0x11/0x20
[   94.645783][ T9915]  ? __lock_acquire+0x8a0/0x4a00
[   94.651008][ T9915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   94.657250][ T9915]  ? __this_cpu_preempt_check+0x35/0x190
[   94.662869][ T9915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   94.669288][ T9915]  ? percpu_counter_add_batch+0x13c/0x190
[   94.674994][ T9915]  ? __fd_install+0x1bc/0x640
[   94.679661][ T9915]  ? find_held_lock+0x35/0x130
[   94.684620][ T9915]  ? __fd_install+0x1bc/0x640
[   94.689397][ T9915]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   94.695625][ T9915]  ? __fget_light+0x1a9/0x230
[   94.700315][ T9915]  ? __fdget+0x1b/0x20
[   94.704501][ T9915]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   94.710877][ T9915]  __sys_sendmsg+0x105/0x1d0
[   94.715940][ T9915]  ? __sys_sendmsg_sock+0xc0/0xc0
[   94.720962][ T9915]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   94.726404][ T9915]  ? do_syscall_64+0x26/0x790
[   94.731352][ T9915]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   94.737613][ T9915]  ? do_syscall_64+0x26/0x790
[   94.742281][ T9915]  __x64_sys_sendmsg+0x78/0xb0
[   94.747030][ T9915]  do_syscall_64+0xfa/0x790
[   94.751596][ T9915]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   94.757498][ T9915] RIP: 0033:0x440529
[   94.761392][ T9915] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   94.781519][ T9915] RSP: 002b:00007ffcbbb3db08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   94.790539][ T9915] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529
[   94.798505][ T9915] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004
[   94.806470][ T9915] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   94.815343][ T9915] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0
[   94.823309][ T9915] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000
[   94.833559][ T9915] Kernel Offset: disabled
[   94.838416][ T9915] Rebooting in 86400 seconds..