[   92.634354][   T27] audit: type=1800 audit(1579377994.096:27): pid=9807 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   92.656699][   T27] audit: type=1800 audit(1579377994.116:28): pid=9807 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   93.683825][   T27] audit: type=1800 audit(1579377995.206:29): pid=9807 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   93.704695][   T27] audit: type=1800 audit(1579377995.206:30): pid=9807 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.130' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  103.342548][ T9960] ==================================================================
[  103.351141][ T9960] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080
[  103.359770][ T9960] Read of size 8 at addr ffff8880a2b83600 by task syz-executor159/9960
[  103.368210][ T9960] 
[  103.370533][ T9960] CPU: 0 PID: 9960 Comm: syz-executor159 Not tainted 5.5.0-rc5-syzkaller #0
[  103.379693][ T9960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  103.390101][ T9960] Call Trace:
[  103.393404][ T9960]  dump_stack+0x197/0x210
[  103.397804][ T9960]  ? bitmap_ipmac_list+0x635/0x1080
[  103.403010][ T9960]  print_address_description.constprop.0.cold+0xd4/0x30b
[  103.410145][ T9960]  ? bitmap_ipmac_list+0x635/0x1080
[  103.415391][ T9960]  ? bitmap_ipmac_list+0x635/0x1080
[  103.420882][ T9960]  __kasan_report.cold+0x1b/0x41
[  103.426140][ T9960]  ? bitmap_ipmac_list+0x635/0x1080
[  103.432149][ T9960]  kasan_report+0x12/0x20
[  103.436486][ T9960]  check_memory_region+0x134/0x1a0
[  103.441609][ T9960]  __kasan_check_read+0x11/0x20
[  103.446465][ T9960]  bitmap_ipmac_list+0x635/0x1080
[  103.451517][ T9960]  ? bitmap_ipmac_head+0x8a0/0x8a0
[  103.456911][ T9960]  ? nla_put+0x110/0x150
[  103.461167][ T9960]  ip_set_dump_start+0x96c/0x1ca0
[  103.466201][ T9960]  ? ip_set_rename+0x720/0x720
[  103.471170][ T9960]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  103.477249][ T9960]  ? perf_trace_lock_acquire+0x4b0/0x530
[  103.483346][ T9960]  ? __kasan_check_write+0x14/0x20
[  103.488705][ T9960]  netlink_dump+0x558/0xfb0
[  103.493325][ T9960]  ? __netlink_sendskb+0xc0/0xc0
[  103.498443][ T9960]  __netlink_dump_start+0x66a/0x930
[  103.503673][ T9960]  ip_set_dump+0x15a/0x1d0
[  103.508110][ T9960]  ? call_ad+0x5a0/0x5a0
[  103.512468][ T9960]  ? ip_set_rename+0x720/0x720
[  103.517443][ T9960]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[  103.524176][ T9960]  ? call_ad+0x5a0/0x5a0
[  103.528430][ T9960]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  103.534045][ T9960]  ? nfnetlink_bind+0x2c0/0x2c0
[  103.538961][ T9960]  ? __kasan_check_read+0x11/0x20
[  103.544427][ T9960]  ? __lock_acquire+0x8a0/0x4a00
[  103.549640][ T9960]  ? save_stack+0x5c/0x90
[  103.553973][ T9960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.560219][ T9960]  ? apparmor_capable+0x497/0x900
[  103.565526][ T9960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.571859][ T9960]  ? __kasan_check_read+0x11/0x20
[  103.577005][ T9960]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  103.582480][ T9960]  netlink_rcv_skb+0x177/0x450
[  103.587254][ T9960]  ? nfnetlink_bind+0x2c0/0x2c0
[  103.592113][ T9960]  ? netlink_ack+0xb50/0xb50
[  103.596706][ T9960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.603012][ T9960]  ? ns_capable_common+0x93/0x100
[  103.608066][ T9960]  ? ns_capable+0x20/0x30
[  103.612390][ T9960]  ? __netlink_ns_capable+0x104/0x140
[  103.617811][ T9960]  nfnetlink_rcv+0x1ba/0x460
[  103.622806][ T9960]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  103.628301][ T9960]  ? netlink_deliver_tap+0x24a/0xbe0
[  103.633672][ T9960]  ? __kasan_check_write+0x14/0x20
[  103.639091][ T9960]  netlink_unicast+0x58c/0x7d0
[  103.643873][ T9960]  ? netlink_attachskb+0x870/0x870
[  103.648996][ T9960]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  103.654719][ T9960]  ? __check_object_size+0x3d/0x437
[  103.659932][ T9960]  netlink_sendmsg+0x91c/0xea0
[  103.664913][ T9960]  ? netlink_unicast+0x7d0/0x7d0
[  103.669967][ T9960]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  103.675530][ T9960]  ? apparmor_socket_sendmsg+0x2a/0x30
[  103.681357][ T9960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.687635][ T9960]  ? security_socket_sendmsg+0x8d/0xc0
[  103.693350][ T9960]  ? netlink_unicast+0x7d0/0x7d0
[  103.698386][ T9960]  sock_sendmsg+0xd7/0x130
[  103.703098][ T9960]  ____sys_sendmsg+0x753/0x880
[  103.708020][ T9960]  ? kernel_sendmsg+0x50/0x50
[  103.712689][ T9960]  ? lockdep_init_map+0x1be/0x6d0
[  103.718819][ T9960]  ___sys_sendmsg+0x100/0x170
[  103.723793][ T9960]  ? sendmsg_copy_msghdr+0x70/0x70
[  103.729710][ T9960]  ? __kasan_check_read+0x11/0x20
[  103.734828][ T9960]  ? __lock_acquire+0x8a0/0x4a00
[  103.739869][ T9960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.746134][ T9960]  ? __this_cpu_preempt_check+0x35/0x190
[  103.752036][ T9960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.759398][ T9960]  ? percpu_counter_add_batch+0x13c/0x190
[  103.765121][ T9960]  ? __fd_install+0x1bc/0x640
[  103.770319][ T9960]  ? find_held_lock+0x35/0x130
[  103.775080][ T9960]  ? __fd_install+0x1bc/0x640
[  103.779770][ T9960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.786336][ T9960]  ? __fget_light+0x1a9/0x230
[  103.791532][ T9960]  ? __fdget+0x1b/0x20
[  103.796222][ T9960]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  103.802556][ T9960]  __sys_sendmsg+0x105/0x1d0
[  103.808206][ T9960]  ? __sys_sendmsg_sock+0xc0/0xc0
[  103.813824][ T9960]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  103.820390][ T9960]  ? do_syscall_64+0x26/0x790
[  103.825182][ T9960]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  103.831707][ T9960]  ? do_syscall_64+0x26/0x790
[  103.837803][ T9960]  __x64_sys_sendmsg+0x78/0xb0
[  103.843349][ T9960]  do_syscall_64+0xfa/0x790
[  103.847879][ T9960]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  103.854789][ T9960] RIP: 0033:0x440539
[  103.858957][ T9960] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  103.879135][ T9960] RSP: 002b:00007fffb06ecf78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  103.887545][ T9960] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440539
[  103.896105][ T9960] RDX: 0000000000000040 RSI: 0000000020000680 RDI: 0000000000000004
[  103.904077][ T9960] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[  103.912211][ T9960] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401dc0
[  103.920592][ T9960] R13: 0000000000401e50 R14: 0000000000000000 R15: 0000000000000000
[  103.933248][ T9960] 
[  103.935735][ T9960] Allocated by task 9960:
[  103.940248][ T9960]  save_stack+0x23/0x90
[  103.944788][ T9960]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  103.950446][ T9960]  kasan_kmalloc+0x9/0x10
[  103.954785][ T9960]  __kmalloc+0x163/0x770
[  103.959278][ T9960]  ip_set_alloc+0x38/0x5e
[  103.965244][ T9960]  bitmap_ipmac_create+0x4e8/0xa00
[  103.970357][ T9960]  ip_set_create+0x6f1/0x1500
[  103.975037][ T9960]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  103.980207][ T9960]  netlink_rcv_skb+0x177/0x450
[  103.985099][ T9960]  nfnetlink_rcv+0x1ba/0x460
[  103.990210][ T9960]  netlink_unicast+0x58c/0x7d0
[  103.995254][ T9960]  netlink_sendmsg+0x91c/0xea0
[  104.000000][ T9960]  sock_sendmsg+0xd7/0x130
[  104.004401][ T9960]  ____sys_sendmsg+0x753/0x880
[  104.009209][ T9960]  ___sys_sendmsg+0x100/0x170
[  104.013889][ T9960]  __sys_sendmsg+0x105/0x1d0
[  104.018609][ T9960]  __x64_sys_sendmsg+0x78/0xb0
[  104.023448][ T9960]  do_syscall_64+0xfa/0x790
[  104.028009][ T9960]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  104.033893][ T9960] 
[  104.036211][ T9960] Freed by task 9691:
[  104.041686][ T9960]  save_stack+0x23/0x90
[  104.045925][ T9960]  __kasan_slab_free+0x102/0x150
[  104.050857][ T9960]  kasan_slab_free+0xe/0x10
[  104.055348][ T9960]  kfree+0x10a/0x2c0
[  104.059293][ T9960]  tomoyo_check_open_permission+0x19e/0x3e0
[  104.065278][ T9960]  tomoyo_file_open+0xa9/0xd0
[  104.069957][ T9960]  security_file_open+0x71/0x300
[  104.075148][ T9960]  do_dentry_open+0x37a/0x1380
[  104.079895][ T9960]  vfs_open+0xa0/0xd0
[  104.083859][ T9960]  path_openat+0x10df/0x4500
[  104.088448][ T9960]  do_filp_open+0x1a1/0x280
[  104.092942][ T9960]  do_sys_open+0x3fe/0x5d0
[  104.097354][ T9960]  __x64_sys_open+0x7e/0xc0
[  104.101841][ T9960]  do_syscall_64+0xfa/0x790
[  104.106403][ T9960]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  104.112280][ T9960] 
[  104.114601][ T9960] The buggy address belongs to the object at ffff8880a2b83600
[  104.114601][ T9960]  which belongs to the cache kmalloc-32 of size 32
[  104.130020][ T9960] The buggy address is located 0 bytes inside of
[  104.130020][ T9960]  32-byte region [ffff8880a2b83600, ffff8880a2b83620)
[  104.143079][ T9960] The buggy address belongs to the page:
[  104.148716][ T9960] page:ffffea00028ae0c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a2b83fc1
[  104.159908][ T9960] raw: 00fffe0000000200 ffffea0002a32448 ffffea0002515788 ffff8880aa4001c0
[  104.169670][ T9960] raw: ffff8880a2b83fc1 ffff8880a2b83000 000000010000002e 0000000000000000
[  104.178596][ T9960] page dumped because: kasan: bad access detected
[  104.186409][ T9960] 
[  104.189603][ T9960] Memory state around the buggy address:
[  104.196174][ T9960]  ffff8880a2b83500: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  104.204240][ T9960]  ffff8880a2b83580: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  104.212797][ T9960] >ffff8880a2b83600: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[  104.221201][ T9960]                    ^
[  104.225344][ T9960]  ffff8880a2b83680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  104.233457][ T9960]  ffff8880a2b83700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  104.241665][ T9960] ==================================================================
[  104.250443][ T9960] Disabling lock debugging due to kernel taint
[  104.258335][ T9960] Kernel panic - not syncing: panic_on_warn set ...
[  104.265043][ T9960] CPU: 0 PID: 9960 Comm: syz-executor159 Tainted: G    B             5.5.0-rc5-syzkaller #0
[  104.275085][ T9960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  104.285471][ T9960] Call Trace:
[  104.288778][ T9960]  dump_stack+0x197/0x210
[  104.293339][ T9960]  panic+0x2e3/0x75c
[  104.298342][ T9960]  ? add_taint.cold+0x16/0x16
[  104.305454][ T9960]  ? bitmap_ipmac_list+0x635/0x1080
[  104.310864][ T9960]  ? preempt_schedule+0x4b/0x60
[  104.315713][ T9960]  ? ___preempt_schedule+0x16/0x18
[  104.320819][ T9960]  ? trace_hardirqs_on+0x5e/0x240
[  104.327852][ T9960]  ? bitmap_ipmac_list+0x635/0x1080
[  104.333642][ T9960]  end_report+0x47/0x4f
[  104.337795][ T9960]  ? bitmap_ipmac_list+0x635/0x1080
[  104.343143][ T9960]  __kasan_report.cold+0xe/0x41
[  104.349293][ T9960]  ? bitmap_ipmac_list+0x635/0x1080
[  104.356267][ T9960]  kasan_report+0x12/0x20
[  104.360963][ T9960]  check_memory_region+0x134/0x1a0
[  104.367318][ T9960]  __kasan_check_read+0x11/0x20
[  104.372176][ T9960]  bitmap_ipmac_list+0x635/0x1080
[  104.377664][ T9960]  ? bitmap_ipmac_head+0x8a0/0x8a0
[  104.383101][ T9960]  ? nla_put+0x110/0x150
[  104.388702][ T9960]  ip_set_dump_start+0x96c/0x1ca0
[  104.393759][ T9960]  ? ip_set_rename+0x720/0x720
[  104.398573][ T9960]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  104.404462][ T9960]  ? perf_trace_lock_acquire+0x4b0/0x530
[  104.410286][ T9960]  ? __kasan_check_write+0x14/0x20
[  104.415409][ T9960]  netlink_dump+0x558/0xfb0
[  104.419901][ T9960]  ? __netlink_sendskb+0xc0/0xc0
[  104.426396][ T9960]  __netlink_dump_start+0x66a/0x930
[  104.431649][ T9960]  ip_set_dump+0x15a/0x1d0
[  104.436676][ T9960]  ? call_ad+0x5a0/0x5a0
[  104.440928][ T9960]  ? ip_set_rename+0x720/0x720
[  104.445821][ T9960]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[  104.451663][ T9960]  ? call_ad+0x5a0/0x5a0
[  104.456040][ T9960]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  104.461364][ T9960]  ? nfnetlink_bind+0x2c0/0x2c0
[  104.466956][ T9960]  ? __kasan_check_read+0x11/0x20
[  104.473104][ T9960]  ? __lock_acquire+0x8a0/0x4a00
[  104.478149][ T9960]  ? save_stack+0x5c/0x90
[  104.482468][ T9960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.488697][ T9960]  ? apparmor_capable+0x497/0x900
[  104.494068][ T9960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.500525][ T9960]  ? __kasan_check_read+0x11/0x20
[  104.506237][ T9960]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  104.511692][ T9960]  netlink_rcv_skb+0x177/0x450
[  104.516620][ T9960]  ? nfnetlink_bind+0x2c0/0x2c0
[  104.521622][ T9960]  ? netlink_ack+0xb50/0xb50
[  104.526200][ T9960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.532567][ T9960]  ? ns_capable_common+0x93/0x100
[  104.537791][ T9960]  ? ns_capable+0x20/0x30
[  104.542159][ T9960]  ? __netlink_ns_capable+0x104/0x140
[  104.547815][ T9960]  nfnetlink_rcv+0x1ba/0x460
[  104.552440][ T9960]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  104.558950][ T9960]  ? netlink_deliver_tap+0x24a/0xbe0
[  104.565010][ T9960]  ? __kasan_check_write+0x14/0x20
[  104.570344][ T9960]  netlink_unicast+0x58c/0x7d0
[  104.575587][ T9960]  ? netlink_attachskb+0x870/0x870
[  104.580702][ T9960]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  104.587547][ T9960]  ? __check_object_size+0x3d/0x437
[  104.592877][ T9960]  netlink_sendmsg+0x91c/0xea0
[  104.597639][ T9960]  ? netlink_unicast+0x7d0/0x7d0
[  104.602578][ T9960]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  104.608214][ T9960]  ? apparmor_socket_sendmsg+0x2a/0x30
[  104.615102][ T9960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.621565][ T9960]  ? security_socket_sendmsg+0x8d/0xc0
[  104.627032][ T9960]  ? netlink_unicast+0x7d0/0x7d0
[  104.632077][ T9960]  sock_sendmsg+0xd7/0x130
[  104.636494][ T9960]  ____sys_sendmsg+0x753/0x880
[  104.641542][ T9960]  ? kernel_sendmsg+0x50/0x50
[  104.646522][ T9960]  ? lockdep_init_map+0x1be/0x6d0
[  104.651537][ T9960]  ___sys_sendmsg+0x100/0x170
[  104.656215][ T9960]  ? sendmsg_copy_msghdr+0x70/0x70
[  104.661414][ T9960]  ? __kasan_check_read+0x11/0x20
[  104.666543][ T9960]  ? __lock_acquire+0x8a0/0x4a00
[  104.671499][ T9960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.677912][ T9960]  ? __this_cpu_preempt_check+0x35/0x190
[  104.683686][ T9960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.689928][ T9960]  ? percpu_counter_add_batch+0x13c/0x190
[  104.695648][ T9960]  ? __fd_install+0x1bc/0x640
[  104.700311][ T9960]  ? find_held_lock+0x35/0x130
[  104.705062][ T9960]  ? __fd_install+0x1bc/0x640
[  104.709743][ T9960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.716101][ T9960]  ? __fget_light+0x1a9/0x230
[  104.720808][ T9960]  ? __fdget+0x1b/0x20
[  104.724878][ T9960]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  104.731452][ T9960]  __sys_sendmsg+0x105/0x1d0
[  104.736032][ T9960]  ? __sys_sendmsg_sock+0xc0/0xc0
[  104.741066][ T9960]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  104.746515][ T9960]  ? do_syscall_64+0x26/0x790
[  104.751293][ T9960]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  104.757360][ T9960]  ? do_syscall_64+0x26/0x790
[  104.762034][ T9960]  __x64_sys_sendmsg+0x78/0xb0
[  104.766817][ T9960]  do_syscall_64+0xfa/0x790
[  104.771438][ T9960]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  104.777329][ T9960] RIP: 0033:0x440539
[  104.781219][ T9960] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  104.800942][ T9960] RSP: 002b:00007fffb06ecf78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  104.809736][ T9960] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440539
[  104.817701][ T9960] RDX: 0000000000000040 RSI: 0000000020000680 RDI: 0000000000000004
[  104.825721][ T9960] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[  104.833695][ T9960] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401dc0
[  104.841706][ T9960] R13: 0000000000401e50 R14: 0000000000000000 R15: 0000000000000000
[  104.851139][ T9960] Kernel Offset: disabled
[  104.855474][ T9960] Rebooting in 86400 seconds..