[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   88.765177][   T27] audit: type=1800 audit(1579406301.975:25): pid=9468 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   88.786141][   T27] audit: type=1800 audit(1579406301.995:26): pid=9468 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   88.839499][   T27] audit: type=1800 audit(1579406301.995:27): pid=9468 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.130' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  109.773389][ T9624] ==================================================================
[  109.781728][ T9624] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40f/0xf20
[  109.789278][ T9624] Read of size 8 at addr ffff88809ee5f840 by task syz-executor276/9624
[  109.797497][ T9624] 
[  109.799816][ T9624] CPU: 0 PID: 9624 Comm: syz-executor276 Not tainted 5.5.0-rc6-syzkaller #0
[  109.808473][ T9624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  109.821210][ T9624] Call Trace:
[  109.824504][ T9624]  dump_stack+0x197/0x210
[  109.828835][ T9624]  ? bitmap_ip_list+0x40f/0xf20
[  109.833675][ T9624]  print_address_description.constprop.0.cold+0xd4/0x30b
[  109.840726][ T9624]  ? bitmap_ip_list+0x40f/0xf20
[  109.845562][ T9624]  ? bitmap_ip_list+0x40f/0xf20
[  109.850397][ T9624]  __kasan_report.cold+0x1b/0x41
[  109.855319][ T9624]  ? bitmap_ip_list+0x40f/0xf20
[  109.860167][ T9624]  kasan_report+0x12/0x20
[  109.864922][ T9624]  check_memory_region+0x134/0x1a0
[  109.870017][ T9624]  __kasan_check_read+0x11/0x20
[  109.874864][ T9624]  bitmap_ip_list+0x40f/0xf20
[  109.879529][ T9624]  ? bitmap_ip_add+0xe60/0xe60
[  109.884277][ T9624]  ? nla_put+0x110/0x150
[  109.888507][ T9624]  ip_set_dump_start+0x96c/0x1ca0
[  109.893522][ T9624]  ? ip_set_rename+0x720/0x720
[  109.898283][ T9624]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  109.903840][ T9624]  ? perf_trace_lock_acquire+0x4a0/0x530
[  109.909632][ T9624]  ? __kasan_check_write+0x14/0x20
[  109.914747][ T9624]  netlink_dump+0x558/0xfb0
[  109.919364][ T9624]  ? __netlink_sendskb+0xc0/0xc0
[  109.924401][ T9624]  __netlink_dump_start+0x66a/0x930
[  109.929597][ T9624]  ip_set_dump+0x15a/0x1d0
[  109.934006][ T9624]  ? call_ad+0x5a0/0x5a0
[  109.938288][ T9624]  ? ip_set_rename+0x720/0x720
[  109.943041][ T9624]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[  109.948844][ T9624]  ? call_ad+0x5a0/0x5a0
[  109.953087][ T9624]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  109.958115][ T9624]  ? nfnetlink_bind+0x2c0/0x2c0
[  109.962961][ T9624]  ? __kasan_check_read+0x11/0x20
[  109.967989][ T9624]  ? __lock_acquire+0x8a0/0x4a00
[  109.973006][ T9624]  ? save_stack+0x5c/0x90
[  109.977352][ T9624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  109.983629][ T9624]  ? apparmor_capable+0x497/0x900
[  109.988644][ T9624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  109.994873][ T9624]  ? __kasan_check_read+0x11/0x20
[  109.999974][ T9624]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  110.005434][ T9624]  netlink_rcv_skb+0x177/0x450
[  110.010353][ T9624]  ? nfnetlink_bind+0x2c0/0x2c0
[  110.016329][ T9624]  ? netlink_ack+0xb50/0xb50
[  110.020915][ T9624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.028472][ T9624]  ? ns_capable_common+0x93/0x100
[  110.033478][ T9624]  ? ns_capable+0x20/0x30
[  110.037895][ T9624]  ? __netlink_ns_capable+0x104/0x140
[  110.043294][ T9624]  nfnetlink_rcv+0x1ba/0x460
[  110.047942][ T9624]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  110.053503][ T9624]  ? netlink_deliver_tap+0x24a/0xbe0
[  110.058987][ T9624]  ? __kasan_check_write+0x14/0x20
[  110.064113][ T9624]  netlink_unicast+0x58c/0x7d0
[  110.068896][ T9624]  ? netlink_attachskb+0x870/0x870
[  110.073997][ T9624]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  110.079710][ T9624]  ? __check_object_size+0x3d/0x437
[  110.084944][ T9624]  netlink_sendmsg+0x91c/0xea0
[  110.089712][ T9624]  ? netlink_unicast+0x7d0/0x7d0
[  110.094753][ T9624]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  110.100296][ T9624]  ? apparmor_socket_sendmsg+0x2a/0x30
[  110.105805][ T9624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.112037][ T9624]  ? security_socket_sendmsg+0x8d/0xc0
[  110.118539][ T9624]  ? netlink_unicast+0x7d0/0x7d0
[  110.123487][ T9624]  sock_sendmsg+0xd7/0x130
[  110.128013][ T9624]  ____sys_sendmsg+0x753/0x880
[  110.132950][ T9624]  ? kernel_sendmsg+0x50/0x50
[  110.137627][ T9624]  ? lockdep_init_map+0x1be/0x6d0
[  110.142659][ T9624]  ___sys_sendmsg+0x100/0x170
[  110.147327][ T9624]  ? sendmsg_copy_msghdr+0x70/0x70
[  110.152479][ T9624]  ? __kasan_check_read+0x11/0x20
[  110.157534][ T9624]  ? __lock_acquire+0x8a0/0x4a00
[  110.162470][ T9624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.169496][ T9624]  ? __this_cpu_preempt_check+0x35/0x190
[  110.175119][ T9624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.181343][ T9624]  ? percpu_counter_add_batch+0x13c/0x190
[  110.187118][ T9624]  ? __fd_install+0x1bc/0x640
[  110.191795][ T9624]  ? find_held_lock+0x35/0x130
[  110.196552][ T9624]  ? __fd_install+0x1bc/0x640
[  110.203083][ T9624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.209321][ T9624]  ? __fget_light+0x1a9/0x230
[  110.213988][ T9624]  ? __fdget+0x1b/0x20
[  110.218129][ T9624]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  110.224354][ T9624]  __sys_sendmsg+0x105/0x1d0
[  110.228939][ T9624]  ? __sys_sendmsg_sock+0xc0/0xc0
[  110.233950][ T9624]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  110.239390][ T9624]  ? do_fast_syscall_32+0xd1/0xe16
[  110.244482][ T9624]  ? entry_SYSENTER_compat+0x70/0x7f
[  110.249748][ T9624]  ? do_fast_syscall_32+0xd1/0xe16
[  110.254845][ T9624]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[  110.260286][ T9624]  do_fast_syscall_32+0x27b/0xe16
[  110.265297][ T9624]  entry_SYSENTER_compat+0x70/0x7f
[  110.270388][ T9624] RIP: 0023:0xf7f509a9
[  110.274434][ T9624] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  110.294041][ T9624] RSP: 002b:00000000ff918e7c EFLAGS: 00000246 ORIG_RAX: 0000000000000172
[  110.302445][ T9624] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200000c0
[  110.310398][ T9624] RDX: 0000000000000080 RSI: 00000000080ea080 RDI: 00000000ff918ed0
[  110.318363][ T9624] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  110.326321][ T9624] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  110.334285][ T9624] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  110.342278][ T9624] 
[  110.344668][ T9624] Allocated by task 9624:
[  110.349009][ T9624]  save_stack+0x23/0x90
[  110.353152][ T9624]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  110.358780][ T9624]  kasan_kmalloc+0x9/0x10
[  110.363116][ T9624]  __kmalloc+0x163/0x770
[  110.367359][ T9624]  ip_set_alloc+0x38/0x5e
[  110.371682][ T9624]  bitmap_ip_create+0x6ec/0xc20
[  110.376514][ T9624]  ip_set_create+0x6f1/0x1500
[  110.381182][ T9624]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  110.386173][ T9624]  netlink_rcv_skb+0x177/0x450
[  110.390949][ T9624]  nfnetlink_rcv+0x1ba/0x460
[  110.396057][ T9624]  netlink_unicast+0x58c/0x7d0
[  110.400817][ T9624]  netlink_sendmsg+0x91c/0xea0
[  110.405589][ T9624]  sock_sendmsg+0xd7/0x130
[  110.410000][ T9624]  ____sys_sendmsg+0x753/0x880
[  110.414769][ T9624]  ___sys_sendmsg+0x100/0x170
[  110.419439][ T9624]  __sys_sendmsg+0x105/0x1d0
[  110.424023][ T9624]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[  110.429474][ T9624]  do_fast_syscall_32+0x27b/0xe16
[  110.434498][ T9624]  entry_SYSENTER_compat+0x70/0x7f
[  110.439590][ T9624] 
[  110.441914][ T9624] Freed by task 9302:
[  110.445889][ T9624]  save_stack+0x23/0x90
[  110.450043][ T9624]  __kasan_slab_free+0x102/0x150
[  110.454984][ T9624]  kasan_slab_free+0xe/0x10
[  110.459492][ T9624]  kfree+0x10a/0x2c0
[  110.463373][ T9624]  tomoyo_check_open_permission+0x19e/0x3e0
[  110.469309][ T9624]  tomoyo_file_open+0xa9/0xd0
[  110.474030][ T9624]  security_file_open+0x71/0x300
[  110.478982][ T9624]  do_dentry_open+0x37a/0x1380
[  110.483736][ T9624]  vfs_open+0xa0/0xd0
[  110.487752][ T9624]  path_openat+0x118b/0x3180
[  110.492410][ T9624]  do_filp_open+0x1a1/0x280
[  110.496904][ T9624]  do_sys_open+0x3fe/0x5d0
[  110.501317][ T9624]  __x64_sys_open+0x7e/0xc0
[  110.505821][ T9624]  do_syscall_64+0xfa/0x790
[  110.510313][ T9624]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  110.516318][ T9624] 
[  110.518635][ T9624] The buggy address belongs to the object at ffff88809ee5f840
[  110.518635][ T9624]  which belongs to the cache kmalloc-32 of size 32
[  110.532507][ T9624] The buggy address is located 0 bytes inside of
[  110.532507][ T9624]  32-byte region [ffff88809ee5f840, ffff88809ee5f860)
[  110.545505][ T9624] The buggy address belongs to the page:
[  110.551233][ T9624] page:ffffea00027b97c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809ee5ffc1
[  110.561732][ T9624] raw: 00fffe0000000200 ffffea000289fdc8 ffffea0002943f88 ffff8880aa4001c0
[  110.570318][ T9624] raw: ffff88809ee5ffc1 ffff88809ee5f000 0000000100000031 0000000000000000
[  110.578888][ T9624] page dumped because: kasan: bad access detected
[  110.585372][ T9624] 
[  110.587690][ T9624] Memory state around the buggy address:
[  110.593304][ T9624]  ffff88809ee5f700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  110.601350][ T9624]  ffff88809ee5f780: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  110.609488][ T9624] >ffff88809ee5f800: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc
[  110.617529][ T9624]                                            ^
[  110.623660][ T9624]  ffff88809ee5f880: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  110.631698][ T9624]  ffff88809ee5f900: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[  110.639738][ T9624] ==================================================================
[  110.647793][ T9624] Disabling lock debugging due to kernel taint
[  110.654542][ T9624] Kernel panic - not syncing: panic_on_warn set ...
[  110.661133][ T9624] CPU: 0 PID: 9624 Comm: syz-executor276 Tainted: G    B             5.5.0-rc6-syzkaller #0
[  110.671185][ T9624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  110.681218][ T9624] Call Trace:
[  110.684495][ T9624]  dump_stack+0x197/0x210
[  110.688822][ T9624]  panic+0x2e3/0x75c
[  110.692692][ T9624]  ? add_taint.cold+0x16/0x16
[  110.697348][ T9624]  ? bitmap_ip_list+0x40f/0xf20
[  110.702175][ T9624]  ? preempt_schedule+0x4b/0x60
[  110.707003][ T9624]  ? ___preempt_schedule+0x16/0x18
[  110.712092][ T9624]  ? trace_hardirqs_on+0x5e/0x240
[  110.717112][ T9624]  ? bitmap_ip_list+0x40f/0xf20
[  110.721951][ T9624]  end_report+0x47/0x4f
[  110.726097][ T9624]  ? bitmap_ip_list+0x40f/0xf20
[  110.730939][ T9624]  __kasan_report.cold+0xe/0x41
[  110.735774][ T9624]  ? bitmap_ip_list+0x40f/0xf20
[  110.740622][ T9624]  kasan_report+0x12/0x20
[  110.744995][ T9624]  check_memory_region+0x134/0x1a0
[  110.750110][ T9624]  __kasan_check_read+0x11/0x20
[  110.754961][ T9624]  bitmap_ip_list+0x40f/0xf20
[  110.759618][ T9624]  ? bitmap_ip_add+0xe60/0xe60
[  110.764360][ T9624]  ? nla_put+0x110/0x150
[  110.768585][ T9624]  ip_set_dump_start+0x96c/0x1ca0
[  110.773590][ T9624]  ? ip_set_rename+0x720/0x720
[  110.778340][ T9624]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  110.783864][ T9624]  ? perf_trace_lock_acquire+0x4a0/0x530
[  110.789487][ T9624]  ? __kasan_check_write+0x14/0x20
[  110.794593][ T9624]  netlink_dump+0x558/0xfb0
[  110.799096][ T9624]  ? __netlink_sendskb+0xc0/0xc0
[  110.804027][ T9624]  __netlink_dump_start+0x66a/0x930
[  110.809208][ T9624]  ip_set_dump+0x15a/0x1d0
[  110.813606][ T9624]  ? call_ad+0x5a0/0x5a0
[  110.817830][ T9624]  ? ip_set_rename+0x720/0x720
[  110.822586][ T9624]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[  110.828396][ T9624]  ? call_ad+0x5a0/0x5a0
[  110.832630][ T9624]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  110.837548][ T9624]  ? nfnetlink_bind+0x2c0/0x2c0
[  110.842377][ T9624]  ? __kasan_check_read+0x11/0x20
[  110.847378][ T9624]  ? __lock_acquire+0x8a0/0x4a00
[  110.852292][ T9624]  ? save_stack+0x5c/0x90
[  110.856599][ T9624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.862815][ T9624]  ? apparmor_capable+0x497/0x900
[  110.867831][ T9624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.874059][ T9624]  ? __kasan_check_read+0x11/0x20
[  110.879064][ T9624]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  110.884564][ T9624]  netlink_rcv_skb+0x177/0x450
[  110.889325][ T9624]  ? nfnetlink_bind+0x2c0/0x2c0
[  110.894161][ T9624]  ? netlink_ack+0xb50/0xb50
[  110.898737][ T9624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.905141][ T9624]  ? ns_capable_common+0x93/0x100
[  110.910260][ T9624]  ? ns_capable+0x20/0x30
[  110.914581][ T9624]  ? __netlink_ns_capable+0x104/0x140
[  110.919947][ T9624]  nfnetlink_rcv+0x1ba/0x460
[  110.924522][ T9624]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  110.929959][ T9624]  ? netlink_deliver_tap+0x24a/0xbe0
[  110.935249][ T9624]  ? __kasan_check_write+0x14/0x20
[  110.940536][ T9624]  netlink_unicast+0x58c/0x7d0
[  110.945291][ T9624]  ? netlink_attachskb+0x870/0x870
[  110.950433][ T9624]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  110.956171][ T9624]  ? __check_object_size+0x3d/0x437
[  110.961547][ T9624]  netlink_sendmsg+0x91c/0xea0
[  110.966306][ T9624]  ? netlink_unicast+0x7d0/0x7d0
[  110.971294][ T9624]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  110.977023][ T9624]  ? apparmor_socket_sendmsg+0x2a/0x30
[  110.982480][ T9624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.988701][ T9624]  ? security_socket_sendmsg+0x8d/0xc0
[  110.994137][ T9624]  ? netlink_unicast+0x7d0/0x7d0
[  110.999067][ T9624]  sock_sendmsg+0xd7/0x130
[  111.003480][ T9624]  ____sys_sendmsg+0x753/0x880
[  111.008225][ T9624]  ? kernel_sendmsg+0x50/0x50
[  111.012907][ T9624]  ? lockdep_init_map+0x1be/0x6d0
[  111.017918][ T9624]  ___sys_sendmsg+0x100/0x170
[  111.022573][ T9624]  ? sendmsg_copy_msghdr+0x70/0x70
[  111.027677][ T9624]  ? __kasan_check_read+0x11/0x20
[  111.032676][ T9624]  ? __lock_acquire+0x8a0/0x4a00
[  111.037611][ T9624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  111.043849][ T9624]  ? __this_cpu_preempt_check+0x35/0x190
[  111.049468][ T9624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  111.055737][ T9624]  ? percpu_counter_add_batch+0x13c/0x190
[  111.061454][ T9624]  ? __fd_install+0x1bc/0x640
[  111.066116][ T9624]  ? find_held_lock+0x35/0x130
[  111.070881][ T9624]  ? __fd_install+0x1bc/0x640
[  111.075542][ T9624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  111.081758][ T9624]  ? __fget_light+0x1a9/0x230
[  111.086411][ T9624]  ? __fdget+0x1b/0x20
[  111.090455][ T9624]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  111.096672][ T9624]  __sys_sendmsg+0x105/0x1d0
[  111.101237][ T9624]  ? __sys_sendmsg_sock+0xc0/0xc0
[  111.106265][ T9624]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  111.111754][ T9624]  ? do_fast_syscall_32+0xd1/0xe16
[  111.116852][ T9624]  ? entry_SYSENTER_compat+0x70/0x7f
[  111.122171][ T9624]  ? do_fast_syscall_32+0xd1/0xe16
[  111.127266][ T9624]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[  111.132704][ T9624]  do_fast_syscall_32+0x27b/0xe16
[  111.137709][ T9624]  entry_SYSENTER_compat+0x70/0x7f
[  111.142807][ T9624] RIP: 0023:0xf7f509a9
[  111.146860][ T9624] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  111.166446][ T9624] RSP: 002b:00000000ff918e7c EFLAGS: 00000246 ORIG_RAX: 0000000000000172
[  111.174837][ T9624] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200000c0
[  111.182784][ T9624] RDX: 0000000000000080 RSI: 00000000080ea080 RDI: 00000000ff918ed0
[  111.190754][ T9624] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  111.199230][ T9624] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  111.207193][ T9624] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  111.216475][ T9624] Kernel Offset: disabled
[  111.220820][ T9624] Rebooting in 86400 seconds..