[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   74.991029][   T27] audit: type=1800 audit(1579541725.355:25): pid=9678 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   75.012041][   T27] audit: type=1800 audit(1579541725.355:26): pid=9678 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   75.048352][   T27] audit: type=1800 audit(1579541725.365:27): pid=9678 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.10' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   91.079531][ T9829] ==================================================================
[   91.087828][ T9829] BUG: KASAN: slab-out-of-bounds in bitmap_ip_del+0xdb/0x380
[   91.095303][ T9829] Write of size 8 at addr ffff888098efca00 by task syz-executor934/9829
[   91.103610][ T9829] 
[   91.105927][ T9829] CPU: 1 PID: 9829 Comm: syz-executor934 Not tainted 5.5.0-rc7-syzkaller #0
[   91.114844][ T9829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   91.124892][ T9829] Call Trace:
[   91.128181][ T9829]  dump_stack+0x197/0x210
[   91.132509][ T9829]  ? bitmap_ip_del+0xdb/0x380
[   91.137246][ T9829]  print_address_description.constprop.0.cold+0xd4/0x30b
[   91.144265][ T9829]  ? bitmap_ip_del+0xdb/0x380
[   91.148930][ T9829]  ? bitmap_ip_del+0xdb/0x380
[   91.153602][ T9829]  __kasan_report.cold+0x1b/0x41
[   91.158541][ T9829]  ? __sanitizer_cov_trace_cmp2+0x1/0x20
[   91.164440][ T9829]  ? bitmap_ip_del+0xdb/0x380
[   91.169858][ T9829]  kasan_report+0x12/0x20
[   91.174175][ T9829]  check_memory_region+0x134/0x1a0
[   91.179282][ T9829]  __kasan_check_write+0x14/0x20
[   91.184213][ T9829]  bitmap_ip_del+0xdb/0x380
[   91.188759][ T9829]  bitmap_ip_uadt+0x73e/0xa10
[   91.193470][ T9829]  ? bitmap_ip_create+0xc20/0xc20
[   91.198497][ T9829]  ? bitmap_ip_kadt+0x5a0/0x5a0
[   91.203404][ T9829]  ? __kasan_check_write+0x14/0x20
[   91.208537][ T9829]  ? lock_set_class+0x3b0/0x7a0
[   91.213459][ T9829]  call_ad+0x1a0/0x5a0
[   91.217526][ T9829]  ? start_msg+0x220/0x220
[   91.221980][ T9829]  ? nla_memcpy+0xb0/0xb0
[   91.226362][ T9829]  ? __nla_parse+0x43/0x60
[   91.231126][ T9829]  ip_set_ad.isra.0+0x572/0xb20
[   91.235968][ T9829]  ? ip_set_nfnl_get_byindex+0x460/0x460
[   91.241709][ T9829]  ? nla_memcpy+0xb0/0xb0
[   91.246088][ T9829]  ? lock_downgrade+0x920/0x920
[   91.250937][ T9829]  ip_set_udel+0x3a/0x50
[   91.255177][ T9829]  ? ip_set_ad.isra.0+0xb20/0xb20
[   91.260200][ T9829]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   91.265141][ T9829]  ? nfnetlink_bind+0x2c0/0x2c0
[   91.269995][ T9829]  ? __kasan_check_read+0x11/0x20
[   91.275077][ T9829]  ? __lock_acquire+0x8a0/0x4a00
[   91.280056][ T9829]  ? save_stack+0x5c/0x90
[   91.284385][ T9829]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.290623][ T9829]  ? apparmor_capable+0x497/0x900
[   91.295748][ T9829]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.301990][ T9829]  ? __kasan_check_read+0x11/0x20
[   91.307010][ T9829]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   91.312463][ T9829]  netlink_rcv_skb+0x177/0x450
[   91.317229][ T9829]  ? nfnetlink_bind+0x2c0/0x2c0
[   91.322073][ T9829]  ? netlink_ack+0xb50/0xb50
[   91.326661][ T9829]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.332945][ T9829]  ? ns_capable_common+0x93/0x100
[   91.337966][ T9829]  ? ns_capable+0x20/0x30
[   91.342287][ T9829]  ? __netlink_ns_capable+0x104/0x140
[   91.347776][ T9829]  nfnetlink_rcv+0x1ba/0x460
[   91.352363][ T9829]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   91.357863][ T9829]  ? netlink_deliver_tap+0x24a/0xbe0
[   91.363189][ T9829]  ? __kasan_check_write+0x14/0x20
[   91.368414][ T9829]  netlink_unicast+0x58c/0x7d0
[   91.373376][ T9829]  ? netlink_attachskb+0x870/0x870
[   91.378758][ T9829]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   91.384668][ T9829]  ? __check_object_size+0x3d/0x437
[   91.389954][ T9829]  netlink_sendmsg+0x91c/0xea0
[   91.394717][ T9829]  ? netlink_unicast+0x7d0/0x7d0
[   91.399706][ T9829]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   91.405243][ T9829]  ? apparmor_socket_sendmsg+0x2a/0x30
[   91.410950][ T9829]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.417184][ T9829]  ? security_socket_sendmsg+0x8d/0xc0
[   91.422638][ T9829]  ? netlink_unicast+0x7d0/0x7d0
[   91.427580][ T9829]  sock_sendmsg+0xd7/0x130
[   91.431987][ T9829]  ____sys_sendmsg+0x753/0x880
[   91.436748][ T9829]  ? kernel_sendmsg+0x50/0x50
[   91.441426][ T9829]  ? lockdep_init_map+0x1be/0x6d0
[   91.446447][ T9829]  ___sys_sendmsg+0x100/0x170
[   91.451119][ T9829]  ? sendmsg_copy_msghdr+0x70/0x70
[   91.456230][ T9829]  ? __kasan_check_read+0x11/0x20
[   91.461254][ T9829]  ? __lock_acquire+0x8a0/0x4a00
[   91.466197][ T9829]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.472497][ T9829]  ? __this_cpu_preempt_check+0x35/0x190
[   91.478161][ T9829]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.484397][ T9829]  ? percpu_counter_add_batch+0x13c/0x190
[   91.490117][ T9829]  ? __fd_install+0x1bc/0x640
[   91.494834][ T9829]  ? find_held_lock+0x35/0x130
[   91.499594][ T9829]  ? __fd_install+0x1bc/0x640
[   91.504261][ T9829]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.510502][ T9829]  ? __fget_light+0x1a9/0x230
[   91.515193][ T9829]  ? __fdget+0x1b/0x20
[   91.519249][ T9829]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   91.525484][ T9829]  __sys_sendmsg+0x105/0x1d0
[   91.530063][ T9829]  ? __sys_sendmsg_sock+0xc0/0xc0
[   91.535087][ T9829]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   91.540549][ T9829]  ? do_fast_syscall_32+0xd1/0xe16
[   91.545747][ T9829]  ? entry_SYSENTER_compat+0x70/0x7f
[   91.551096][ T9829]  ? do_fast_syscall_32+0xd1/0xe16
[   91.556314][ T9829]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[   91.561772][ T9829]  do_fast_syscall_32+0x27b/0xe16
[   91.566992][ T9829]  entry_SYSENTER_compat+0x70/0x7f
[   91.572198][ T9829] RIP: 0023:0xf7f3a9a9
[   91.576401][ T9829] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   91.595996][ T9829] RSP: 002b:00000000ffd7e03c EFLAGS: 00000202 ORIG_RAX: 0000000000000172
[   91.604408][ T9829] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000080
[   91.612374][ T9829] RDX: 0000000000000000 RSI: 00000000080ea080 RDI: 00000000ffd7e090
[   91.620341][ T9829] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   91.628372][ T9829] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   91.636441][ T9829] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   91.644407][ T9829] 
[   91.646731][ T9829] Allocated by task 9829:
[   91.651050][ T9829]  save_stack+0x23/0x90
[   91.655188][ T9829]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   91.660810][ T9829]  kasan_kmalloc+0x9/0x10
[   91.665142][ T9829]  __kmalloc+0x163/0x770
[   91.669531][ T9829]  ip_set_alloc+0x38/0x5e
[   91.673861][ T9829]  bitmap_ip_create+0x6ec/0xc20
[   91.678702][ T9829]  ip_set_create+0x6f1/0x1500
[   91.683468][ T9829]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   91.688392][ T9829]  netlink_rcv_skb+0x177/0x450
[   91.693148][ T9829]  nfnetlink_rcv+0x1ba/0x460
[   91.697743][ T9829]  netlink_unicast+0x58c/0x7d0
[   91.702497][ T9829]  netlink_sendmsg+0x91c/0xea0
[   91.707268][ T9829]  sock_sendmsg+0xd7/0x130
[   91.711673][ T9829]  ____sys_sendmsg+0x753/0x880
[   91.716426][ T9829]  ___sys_sendmsg+0x100/0x170
[   91.721089][ T9829]  __sys_sendmsg+0x105/0x1d0
[   91.725672][ T9829]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[   91.731177][ T9829]  do_fast_syscall_32+0x27b/0xe16
[   91.736192][ T9829]  entry_SYSENTER_compat+0x70/0x7f
[   91.741282][ T9829] 
[   91.743755][ T9829] Freed by task 9573:
[   91.747734][ T9829]  save_stack+0x23/0x90
[   91.751882][ T9829]  __kasan_slab_free+0x102/0x150
[   91.756912][ T9829]  kasan_slab_free+0xe/0x10
[   91.761415][ T9829]  kfree+0x10a/0x2c0
[   91.765301][ T9829]  tomoyo_init_log+0x15a9/0x2070
[   91.770225][ T9829]  tomoyo_supervisor+0x33f/0xef0
[   91.775152][ T9829]  tomoyo_env_perm+0x18e/0x210
[   91.779909][ T9829]  tomoyo_find_next_domain+0x1354/0x1f6c
[   91.785533][ T9829]  tomoyo_bprm_check_security+0x124/0x1a0
[   91.791236][ T9829]  security_bprm_check+0x63/0xb0
[   91.796174][ T9829]  search_binary_handler+0x71/0x570
[   91.801422][ T9829]  __do_execve_file.isra.0+0x1329/0x22b0
[   91.807038][ T9829]  __x64_sys_execve+0x8f/0xc0
[   91.811771][ T9829]  do_syscall_64+0xfa/0x790
[   91.816268][ T9829]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   91.822140][ T9829] 
[   91.824456][ T9829] The buggy address belongs to the object at ffff888098efca00
[   91.824456][ T9829]  which belongs to the cache kmalloc-32 of size 32
[   91.838429][ T9829] The buggy address is located 0 bytes inside of
[   91.838429][ T9829]  32-byte region [ffff888098efca00, ffff888098efca20)
[   91.851425][ T9829] The buggy address belongs to the page:
[   91.857159][ T9829] page:ffffea000263bf00 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff888098efcfc1
[   91.867563][ T9829] raw: 00fffe0000000200 ffffea0002990508 ffffea00027f5588 ffff8880aa4001c0
[   91.876199][ T9829] raw: ffff888098efcfc1 ffff888098efc000 000000010000002a 0000000000000000
[   91.884769][ T9829] page dumped because: kasan: bad access detected
[   91.891162][ T9829] 
[   91.893478][ T9829] Memory state around the buggy address:
[   91.899171][ T9829]  ffff888098efc900: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   91.907231][ T9829]  ffff888098efc980: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   91.915348][ T9829] >ffff888098efca00: 04 fc fc fc fc fc fc fc 06 fc fc fc fc fc fc fc
[   91.924008][ T9829]                    ^
[   91.928116][ T9829]  ffff888098efca80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   91.936173][ T9829]  ffff888098efcb00: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   91.944278][ T9829] ==================================================================
[   91.954881][ T9829] Disabling lock debugging due to kernel taint
[   91.961070][ T9829] Kernel panic - not syncing: panic_on_warn set ...
[   91.967662][ T9829] CPU: 1 PID: 9829 Comm: syz-executor934 Tainted: G    B             5.5.0-rc7-syzkaller #0
[   91.977808][ T9829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   91.987852][ T9829] Call Trace:
[   91.991130][ T9829]  dump_stack+0x197/0x210
[   91.995451][ T9829]  panic+0x2e3/0x75c
[   91.999336][ T9829]  ? add_taint.cold+0x16/0x16
[   92.004008][ T9829]  ? retint_kernel+0x2b/0x2b
[   92.008691][ T9829]  ? trace_hardirqs_on+0x5e/0x240
[   92.013707][ T9829]  ? bitmap_ip_del+0xdb/0x380
[   92.018396][ T9829]  end_report+0x47/0x4f
[   92.022540][ T9829]  ? bitmap_ip_del+0xdb/0x380
[   92.027215][ T9829]  __kasan_report.cold+0xe/0x41
[   92.032060][ T9829]  ? __sanitizer_cov_trace_cmp2+0x1/0x20
[   92.037683][ T9829]  ? bitmap_ip_del+0xdb/0x380
[   92.042431][ T9829]  kasan_report+0x12/0x20
[   92.046795][ T9829]  check_memory_region+0x134/0x1a0
[   92.051901][ T9829]  __kasan_check_write+0x14/0x20
[   92.056831][ T9829]  bitmap_ip_del+0xdb/0x380
[   92.061319][ T9829]  bitmap_ip_uadt+0x73e/0xa10
[   92.065987][ T9829]  ? bitmap_ip_create+0xc20/0xc20
[   92.071000][ T9829]  ? bitmap_ip_kadt+0x5a0/0x5a0
[   92.077580][ T9829]  ? __kasan_check_write+0x14/0x20
[   92.082671][ T9829]  ? lock_set_class+0x3b0/0x7a0
[   92.087540][ T9829]  call_ad+0x1a0/0x5a0
[   92.091605][ T9829]  ? start_msg+0x220/0x220
[   92.096021][ T9829]  ? nla_memcpy+0xb0/0xb0
[   92.100347][ T9829]  ? __nla_parse+0x43/0x60
[   92.104755][ T9829]  ip_set_ad.isra.0+0x572/0xb20
[   92.109651][ T9829]  ? ip_set_nfnl_get_byindex+0x460/0x460
[   92.115269][ T9829]  ? nla_memcpy+0xb0/0xb0
[   92.119590][ T9829]  ? lock_downgrade+0x920/0x920
[   92.124429][ T9829]  ip_set_udel+0x3a/0x50
[   92.128662][ T9829]  ? ip_set_ad.isra.0+0xb20/0xb20
[   92.133728][ T9829]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   92.138701][ T9829]  ? nfnetlink_bind+0x2c0/0x2c0
[   92.143548][ T9829]  ? __kasan_check_read+0x11/0x20
[   92.148604][ T9829]  ? __lock_acquire+0x8a0/0x4a00
[   92.153535][ T9829]  ? save_stack+0x5c/0x90
[   92.157860][ T9829]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   92.164090][ T9829]  ? apparmor_capable+0x497/0x900
[   92.169099][ T9829]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   92.175332][ T9829]  ? __kasan_check_read+0x11/0x20
[   92.180464][ T9829]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   92.185911][ T9829]  netlink_rcv_skb+0x177/0x450
[   92.190664][ T9829]  ? nfnetlink_bind+0x2c0/0x2c0
[   92.195506][ T9829]  ? netlink_ack+0xb50/0xb50
[   92.200076][ T9829]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   92.206299][ T9829]  ? ns_capable_common+0x93/0x100
[   92.211310][ T9829]  ? ns_capable+0x20/0x30
[   92.215620][ T9829]  ? __netlink_ns_capable+0x104/0x140
[   92.220986][ T9829]  nfnetlink_rcv+0x1ba/0x460
[   92.225672][ T9829]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   92.231126][ T9829]  ? netlink_deliver_tap+0x24a/0xbe0
[   92.236398][ T9829]  ? __kasan_check_write+0x14/0x20
[   92.241681][ T9829]  netlink_unicast+0x58c/0x7d0
[   92.246424][ T9829]  ? netlink_attachskb+0x870/0x870
[   92.251516][ T9829]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   92.257229][ T9829]  ? __check_object_size+0x3d/0x437
[   92.262415][ T9829]  netlink_sendmsg+0x91c/0xea0
[   92.267225][ T9829]  ? netlink_unicast+0x7d0/0x7d0
[   92.272152][ T9829]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   92.277717][ T9829]  ? apparmor_socket_sendmsg+0x2a/0x30
[   92.283164][ T9829]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   92.289389][ T9829]  ? security_socket_sendmsg+0x8d/0xc0
[   92.294833][ T9829]  ? netlink_unicast+0x7d0/0x7d0
[   92.299757][ T9829]  sock_sendmsg+0xd7/0x130
[   92.304201][ T9829]  ____sys_sendmsg+0x753/0x880
[   92.308963][ T9829]  ? kernel_sendmsg+0x50/0x50
[   92.313628][ T9829]  ? lockdep_init_map+0x1be/0x6d0
[   92.318639][ T9829]  ___sys_sendmsg+0x100/0x170
[   92.323308][ T9829]  ? sendmsg_copy_msghdr+0x70/0x70
[   92.328404][ T9829]  ? __kasan_check_read+0x11/0x20
[   92.333559][ T9829]  ? __lock_acquire+0x8a0/0x4a00
[   92.338549][ T9829]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   92.345010][ T9829]  ? __this_cpu_preempt_check+0x35/0x190
[   92.350686][ T9829]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   92.356914][ T9829]  ? percpu_counter_add_batch+0x13c/0x190
[   92.362619][ T9829]  ? __fd_install+0x1bc/0x640
[   92.367502][ T9829]  ? find_held_lock+0x35/0x130
[   92.372268][ T9829]  ? __fd_install+0x1bc/0x640
[   92.376936][ T9829]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   92.383158][ T9829]  ? __fget_light+0x1a9/0x230
[   92.387849][ T9829]  ? __fdget+0x1b/0x20
[   92.391933][ T9829]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   92.398169][ T9829]  __sys_sendmsg+0x105/0x1d0
[   92.402745][ T9829]  ? __sys_sendmsg_sock+0xc0/0xc0
[   92.407762][ T9829]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   92.413212][ T9829]  ? do_fast_syscall_32+0xd1/0xe16
[   92.418420][ T9829]  ? entry_SYSENTER_compat+0x70/0x7f
[   92.423746][ T9829]  ? do_fast_syscall_32+0xd1/0xe16
[   92.428850][ T9829]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[   92.434290][ T9829]  do_fast_syscall_32+0x27b/0xe16
[   92.439301][ T9829]  entry_SYSENTER_compat+0x70/0x7f
[   92.444439][ T9829] RIP: 0023:0xf7f3a9a9
[   92.448493][ T9829] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   92.468124][ T9829] RSP: 002b:00000000ffd7e03c EFLAGS: 00000202 ORIG_RAX: 0000000000000172
[   92.476525][ T9829] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000080
[   92.484486][ T9829] RDX: 0000000000000000 RSI: 00000000080ea080 RDI: 00000000ffd7e090
[   92.492442][ T9829] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   92.500403][ T9829] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   92.508368][ T9829] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   92.517925][ T9829] Kernel Offset: disabled
[   92.522277][ T9829] Rebooting in 86400 seconds..