[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   53.261253][   T28] audit: type=1800 audit(1579332006.442:25): pid=8411 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   53.286774][   T28] audit: type=1800 audit(1579332006.442:26): pid=8411 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   53.329593][   T28] audit: type=1800 audit(1579332006.442:27): pid=8411 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.191' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   77.352281][ T8566] ==================================================================
[   77.360559][ T8566] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x40d/0xdd0
[   77.368335][ T8566] Read of size 8 at addr ffff8880a06e5d00 by task syz-executor278/8566
[   77.376543][ T8566] 
[   77.378849][ T8566] CPU: 1 PID: 8566 Comm: syz-executor278 Not tainted 5.5.0-rc6-syzkaller #0
[   77.387502][ T8566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   77.397530][ T8566] Call Trace:
[   77.400812][ T8566]  dump_stack+0x1fb/0x318
[   77.405119][ T8566]  print_address_description+0x74/0x5c0
[   77.410761][ T8566]  ? vprintk_func+0x158/0x170
[   77.415498][ T8566]  ? printk+0x62/0x8d
[   77.419543][ T8566]  ? vprintk_emit+0x2d4/0x3a0
[   77.424191][ T8566]  __kasan_report+0x149/0x1c0
[   77.428841][ T8566]  ? bitmap_ipmac_list+0x40d/0xdd0
[   77.433924][ T8566]  kasan_report+0x26/0x50
[   77.438227][ T8566]  ? debug_smp_processor_id+0x9/0x20
[   77.443487][ T8566]  check_memory_region+0x2b6/0x2f0
[   77.448572][ T8566]  __kasan_check_read+0x11/0x20
[   77.453396][ T8566]  bitmap_ipmac_list+0x40d/0xdd0
[   77.458312][ T8566]  ? ip_set_put_flags+0x15c/0x250
[   77.463315][ T8566]  ip_set_dump_start+0x10f9/0x1800
[   77.468413][ T8566]  netlink_dump+0x4ed/0x1170
[   77.472984][ T8566]  __netlink_dump_start+0x5cb/0x7b0
[   77.478175][ T8566]  ip_set_dump+0x107/0x160
[   77.482563][ T8566]  ? __find_set_type_get+0x540/0x540
[   77.487822][ T8566]  ? ip_set_dump_start+0x1800/0x1800
[   77.493078][ T8566]  ? ip_set_swap+0x730/0x730
[   77.497789][ T8566]  nfnetlink_rcv_msg+0x9ae/0xcd0
[   77.502791][ T8566]  ? cap_capable+0x25b/0x290
[   77.507366][ T8566]  ? cap_capable+0x25b/0x290
[   77.511932][ T8566]  netlink_rcv_skb+0x19e/0x3e0
[   77.516671][ T8566]  ? nfnetlink_bind+0x250/0x250
[   77.521500][ T8566]  nfnetlink_rcv+0x1e0/0x1e50
[   77.526162][ T8566]  ? rcu_lock_release+0x9/0x30
[   77.530899][ T8566]  ? rcu_lock_release+0x21/0x30
[   77.535721][ T8566]  ? netlink_deliver_tap+0x142/0x880
[   77.540981][ T8566]  netlink_unicast+0x767/0x920
[   77.545730][ T8566]  netlink_sendmsg+0xa2c/0xd50
[   77.550471][ T8566]  ? netlink_getsockopt+0x9f0/0x9f0
[   77.555637][ T8566]  ____sys_sendmsg+0x4f7/0x7f0
[   77.560381][ T8566]  __sys_sendmsg+0x1ed/0x290
[   77.564949][ T8566]  ? check_preemption_disabled+0xb4/0x260
[   77.570678][ T8566]  ? debug_smp_processor_id+0x9/0x20
[   77.575936][ T8566]  ? debug_smp_processor_id+0x1c/0x20
[   77.581289][ T8566]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   77.587330][ T8566]  ? prepare_exit_to_usermode+0x221/0x5b0
[   77.593024][ T8566]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[   77.598721][ T8566]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   77.604151][ T8566]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[   77.609842][ T8566]  ? do_syscall_64+0x1d/0x1c0
[   77.614494][ T8566]  __x64_sys_sendmsg+0x7f/0x90
[   77.619233][ T8566]  do_syscall_64+0xf7/0x1c0
[   77.623715][ T8566]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.629613][ T8566] RIP: 0033:0x440539
[   77.633485][ T8566] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   77.653171][ T8566] RSP: 002b:00007ffef7b9cde8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   77.661579][ T8566] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440539
[   77.669532][ T8566] RDX: 0000000000000040 RSI: 0000000020000680 RDI: 0000000000000004
[   77.677479][ T8566] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   77.685421][ T8566] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401dc0
[   77.693365][ T8566] R13: 0000000000401e50 R14: 0000000000000000 R15: 0000000000000000
[   77.701321][ T8566] 
[   77.703624][ T8566] Allocated by task 8566:
[   77.707936][ T8566]  __kasan_kmalloc+0x118/0x1c0
[   77.712682][ T8566]  kasan_kmalloc+0x9/0x10
[   77.716986][ T8566]  __kmalloc+0x254/0x340
[   77.721209][ T8566]  kzalloc+0x21/0x40
[   77.725076][ T8566]  ip_set_alloc+0x32/0x60
[   77.729385][ T8566]  bitmap_ipmac_create+0x3d9/0x840
[   77.734489][ T8566]  ip_set_create+0x421/0xfd0
[   77.739052][ T8566]  nfnetlink_rcv_msg+0x9ae/0xcd0
[   77.743967][ T8566]  netlink_rcv_skb+0x19e/0x3e0
[   77.748705][ T8566]  nfnetlink_rcv+0x1e0/0x1e50
[   77.753355][ T8566]  netlink_unicast+0x767/0x920
[   77.758096][ T8566]  netlink_sendmsg+0xa2c/0xd50
[   77.762836][ T8566]  ____sys_sendmsg+0x4f7/0x7f0
[   77.767582][ T8566]  __sys_sendmsg+0x1ed/0x290
[   77.772150][ T8566]  __x64_sys_sendmsg+0x7f/0x90
[   77.776896][ T8566]  do_syscall_64+0xf7/0x1c0
[   77.781372][ T8566]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.787283][ T8566] 
[   77.789639][ T8566] Freed by task 8261:
[   77.793605][ T8566]  __kasan_slab_free+0x12e/0x1e0
[   77.798515][ T8566]  kasan_slab_free+0xe/0x10
[   77.802987][ T8566]  kfree+0x10d/0x220
[   77.806856][ T8566]  tomoyo_check_open_permission+0x79c/0x9d0
[   77.812716][ T8566]  tomoyo_file_open+0x141/0x190
[   77.817545][ T8566]  security_file_open+0x50/0x2e0
[   77.822456][ T8566]  do_dentry_open+0x351/0x10c0
[   77.827295][ T8566]  vfs_open+0x73/0x80
[   77.831314][ T8566]  path_openat+0x1367/0x4250
[   77.835886][ T8566]  do_filp_open+0x192/0x3d0
[   77.840370][ T8566]  do_sys_open+0x29f/0x560
[   77.844767][ T8566]  __x64_sys_open+0x87/0x90
[   77.849251][ T8566]  do_syscall_64+0xf7/0x1c0
[   77.853738][ T8566]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.859604][ T8566] 
[   77.861911][ T8566] The buggy address belongs to the object at ffff8880a06e5d00
[   77.861911][ T8566]  which belongs to the cache kmalloc-32 of size 32
[   77.875790][ T8566] The buggy address is located 0 bytes inside of
[   77.875790][ T8566]  32-byte region [ffff8880a06e5d00, ffff8880a06e5d20)
[   77.888774][ T8566] The buggy address belongs to the page:
[   77.894387][ T8566] page:ffffea000281b940 refcount:1 mapcount:0 mapping:ffff8880aa8001c0 index:0xffff8880a06e5fc1
[   77.904815][ T8566] raw: 00fffe0000000200 ffffea0002a6f648 ffffea00028b0648 ffff8880aa8001c0
[   77.913379][ T8566] raw: ffff8880a06e5fc1 ffff8880a06e5000 000000010000003f 0000000000000000
[   77.921934][ T8566] page dumped because: kasan: bad access detected
[   77.928321][ T8566] 
[   77.930624][ T8566] Memory state around the buggy address:
[   77.936230][ T8566]  ffff8880a06e5c00: fb fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   77.944267][ T8566]  ffff8880a06e5c80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   77.952309][ T8566] >ffff8880a06e5d00: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   77.960407][ T8566]                    ^
[   77.964452][ T8566]  ffff8880a06e5d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   77.972488][ T8566]  ffff8880a06e5e00: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   77.980571][ T8566] ==================================================================
[   77.988612][ T8566] Disabling lock debugging due to kernel taint
[   77.995154][ T8566] Kernel panic - not syncing: panic_on_warn set ...
[   78.001731][ T8566] CPU: 1 PID: 8566 Comm: syz-executor278 Tainted: G    B             5.5.0-rc6-syzkaller #0
[   78.011766][ T8566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   78.021796][ T8566] Call Trace:
[   78.025127][ T8566]  dump_stack+0x1fb/0x318
[   78.029441][ T8566]  panic+0x264/0x7a9
[   78.033313][ T8566]  ? __kasan_report+0x193/0x1c0
[   78.038192][ T8566]  ? trace_hardirqs_on+0x34/0x80
[   78.043104][ T8566]  ? __kasan_report+0x193/0x1c0
[   78.047926][ T8566]  __kasan_report+0x1b9/0x1c0
[   78.052611][ T8566]  ? bitmap_ipmac_list+0x40d/0xdd0
[   78.057741][ T8566]  kasan_report+0x26/0x50
[   78.062070][ T8566]  ? debug_smp_processor_id+0x9/0x20
[   78.067336][ T8566]  check_memory_region+0x2b6/0x2f0
[   78.072427][ T8566]  __kasan_check_read+0x11/0x20
[   78.077256][ T8566]  bitmap_ipmac_list+0x40d/0xdd0
[   78.082179][ T8566]  ? ip_set_put_flags+0x15c/0x250
[   78.087180][ T8566]  ip_set_dump_start+0x10f9/0x1800
[   78.092296][ T8566]  netlink_dump+0x4ed/0x1170
[   78.096863][ T8566]  __netlink_dump_start+0x5cb/0x7b0
[   78.102080][ T8566]  ip_set_dump+0x107/0x160
[   78.106524][ T8566]  ? __find_set_type_get+0x540/0x540
[   78.111798][ T8566]  ? ip_set_dump_start+0x1800/0x1800
[   78.117056][ T8566]  ? ip_set_swap+0x730/0x730
[   78.121625][ T8566]  nfnetlink_rcv_msg+0x9ae/0xcd0
[   78.126564][ T8566]  ? cap_capable+0x25b/0x290
[   78.131190][ T8566]  ? cap_capable+0x25b/0x290
[   78.135751][ T8566]  netlink_rcv_skb+0x19e/0x3e0
[   78.140487][ T8566]  ? nfnetlink_bind+0x250/0x250
[   78.145310][ T8566]  nfnetlink_rcv+0x1e0/0x1e50
[   78.149966][ T8566]  ? rcu_lock_release+0x9/0x30
[   78.154767][ T8566]  ? rcu_lock_release+0x21/0x30
[   78.159600][ T8566]  ? netlink_deliver_tap+0x142/0x880
[   78.164866][ T8566]  netlink_unicast+0x767/0x920
[   78.169605][ T8566]  netlink_sendmsg+0xa2c/0xd50
[   78.174342][ T8566]  ? netlink_getsockopt+0x9f0/0x9f0
[   78.179518][ T8566]  ____sys_sendmsg+0x4f7/0x7f0
[   78.184263][ T8566]  __sys_sendmsg+0x1ed/0x290
[   78.188832][ T8566]  ? check_preemption_disabled+0xb4/0x260
[   78.194523][ T8566]  ? debug_smp_processor_id+0x9/0x20
[   78.199782][ T8566]  ? debug_smp_processor_id+0x1c/0x20
[   78.205129][ T8566]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   78.211171][ T8566]  ? prepare_exit_to_usermode+0x221/0x5b0
[   78.216875][ T8566]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[   78.222597][ T8566]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   78.228027][ T8566]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[   78.233719][ T8566]  ? do_syscall_64+0x1d/0x1c0
[   78.238373][ T8566]  __x64_sys_sendmsg+0x7f/0x90
[   78.243114][ T8566]  do_syscall_64+0xf7/0x1c0
[   78.247599][ T8566]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   78.253463][ T8566] RIP: 0033:0x440539
[   78.257337][ T8566] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   78.276916][ T8566] RSP: 002b:00007ffef7b9cde8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   78.285298][ T8566] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440539
[   78.293264][ T8566] RDX: 0000000000000040 RSI: 0000000020000680 RDI: 0000000000000004
[   78.301264][ T8566] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   78.309210][ T8566] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401dc0
[   78.317162][ T8566] R13: 0000000000401e50 R14: 0000000000000000 R15: 0000000000000000
[   78.326138][ T8566] Kernel Offset: disabled
[   78.330453][ T8566] Rebooting in 86400 seconds..