[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   55.259237][   T27] audit: type=1800 audit(1579381464.210:25): pid=8546 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   55.278731][   T27] audit: type=1800 audit(1579381464.210:26): pid=8546 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   55.319730][   T27] audit: type=1800 audit(1579381464.210:27): pid=8546 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   74.985613][ T8696] ==================================================================
[   74.993896][ T8696] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40d/0xcb0
[   75.001421][ T8696] Read of size 8 at addr ffff8880a990d040 by task syz-executor442/8696
[   75.009673][ T8696] 
[   75.012033][ T8696] CPU: 1 PID: 8696 Comm: syz-executor442 Not tainted 5.5.0-rc6-syzkaller #0
[   75.020684][ T8696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.030769][ T8696] Call Trace:
[   75.034047][ T8696]  dump_stack+0x1fb/0x318
[   75.038360][ T8696]  print_address_description+0x74/0x5c0
[   75.043879][ T8696]  ? vprintk_func+0x158/0x170
[   75.048564][ T8696]  ? printk+0x62/0x8d
[   75.052536][ T8696]  ? vprintk_emit+0x2d4/0x3a0
[   75.057194][ T8696]  __kasan_report+0x149/0x1c0
[   75.061855][ T8696]  ? bitmap_ip_list+0x40d/0xcb0
[   75.066693][ T8696]  kasan_report+0x26/0x50
[   75.071007][ T8696]  ? debug_smp_processor_id+0x9/0x20
[   75.076316][ T8696]  check_memory_region+0x2b6/0x2f0
[   75.081403][ T8696]  __kasan_check_read+0x11/0x20
[   75.086231][ T8696]  bitmap_ip_list+0x40d/0xcb0
[   75.090904][ T8696]  ip_set_dump_start+0x10f9/0x1800
[   75.096012][ T8696]  netlink_dump+0x4ed/0x1170
[   75.100592][ T8696]  __netlink_dump_start+0x5cb/0x7b0
[   75.105782][ T8696]  ip_set_dump+0x107/0x160
[   75.110179][ T8696]  ? __find_set_type_get+0x540/0x540
[   75.115443][ T8696]  ? ip_set_dump_start+0x1800/0x1800
[   75.120723][ T8696]  ? ip_set_swap+0x730/0x730
[   75.125325][ T8696]  nfnetlink_rcv_msg+0x9ae/0xcd0
[   75.130273][ T8696]  ? cap_capable+0x25b/0x290
[   75.134849][ T8696]  ? cap_capable+0x25b/0x290
[   75.139440][ T8696]  netlink_rcv_skb+0x19e/0x3e0
[   75.144191][ T8696]  ? nfnetlink_bind+0x250/0x250
[   75.149036][ T8696]  nfnetlink_rcv+0x1e0/0x1e50
[   75.153718][ T8696]  ? rcu_lock_release+0x9/0x30
[   75.158463][ T8696]  ? rcu_lock_release+0x21/0x30
[   75.163305][ T8696]  ? netlink_deliver_tap+0x142/0x880
[   75.168582][ T8696]  netlink_unicast+0x767/0x920
[   75.173341][ T8696]  netlink_sendmsg+0xa2c/0xd50
[   75.178112][ T8696]  ? netlink_getsockopt+0x9f0/0x9f0
[   75.183301][ T8696]  ____sys_sendmsg+0x4f7/0x7f0
[   75.188055][ T8696]  __sys_sendmsg+0x1ed/0x290
[   75.192656][ T8696]  ? check_preemption_disabled+0xb4/0x260
[   75.198354][ T8696]  ? debug_smp_processor_id+0x9/0x20
[   75.203727][ T8696]  ? debug_smp_processor_id+0x1c/0x20
[   75.209128][ T8696]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   75.215196][ T8696]  ? prepare_exit_to_usermode+0x221/0x5b0
[   75.220989][ T8696]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[   75.226685][ T8696]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   75.232134][ T8696]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[   75.238010][ T8696]  ? do_syscall_64+0x1d/0x1c0
[   75.242683][ T8696]  __x64_sys_sendmsg+0x7f/0x90
[   75.247525][ T8696]  do_syscall_64+0xf7/0x1c0
[   75.252022][ T8696]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   75.257898][ T8696] RIP: 0033:0x440559
[   75.261873][ T8696] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   75.281506][ T8696] RSP: 002b:00007ffc440c16f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   75.289901][ T8696] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440559
[   75.297962][ T8696] RDX: 0000000000000080 RSI: 00000000200000c0 RDI: 0000000000000004
[   75.305916][ T8696] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   75.313875][ T8696] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000401de0
[   75.321832][ T8696] R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000
[   75.329796][ T8696] 
[   75.332113][ T8696] Allocated by task 8696:
[   75.336550][ T8696]  __kasan_kmalloc+0x118/0x1c0
[   75.341343][ T8696]  kasan_kmalloc+0x9/0x10
[   75.345650][ T8696]  __kmalloc+0x254/0x340
[   75.349880][ T8696]  kzalloc+0x21/0x40
[   75.353857][ T8696]  ip_set_alloc+0x32/0x60
[   75.358188][ T8696]  bitmap_ip_create+0x48b/0xac0
[   75.363059][ T8696]  ip_set_create+0x421/0xfd0
[   75.367663][ T8696]  nfnetlink_rcv_msg+0x9ae/0xcd0
[   75.372574][ T8696]  netlink_rcv_skb+0x19e/0x3e0
[   75.377364][ T8696]  nfnetlink_rcv+0x1e0/0x1e50
[   75.382032][ T8696]  netlink_unicast+0x767/0x920
[   75.386894][ T8696]  netlink_sendmsg+0xa2c/0xd50
[   75.391637][ T8696]  ____sys_sendmsg+0x4f7/0x7f0
[   75.396380][ T8696]  __sys_sendmsg+0x1ed/0x290
[   75.400954][ T8696]  __x64_sys_sendmsg+0x7f/0x90
[   75.405701][ T8696]  do_syscall_64+0xf7/0x1c0
[   75.410177][ T8696]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   75.416045][ T8696] 
[   75.418400][ T8696] Freed by task 8407:
[   75.422367][ T8696]  __kasan_slab_free+0x12e/0x1e0
[   75.427283][ T8696]  kasan_slab_free+0xe/0x10
[   75.431910][ T8696]  kfree+0x10d/0x220
[   75.435785][ T8696]  tomoyo_check_open_permission+0x79c/0x9d0
[   75.441662][ T8696]  tomoyo_file_open+0x141/0x190
[   75.446518][ T8696]  security_file_open+0x50/0x2e0
[   75.451468][ T8696]  do_dentry_open+0x351/0x10c0
[   75.456216][ T8696]  vfs_open+0x73/0x80
[   75.460183][ T8696]  path_openat+0x1367/0x4250
[   75.464759][ T8696]  do_filp_open+0x192/0x3d0
[   75.469250][ T8696]  do_sys_open+0x29f/0x560
[   75.473651][ T8696]  __x64_sys_open+0x87/0x90
[   75.478131][ T8696]  do_syscall_64+0xf7/0x1c0
[   75.482625][ T8696]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   75.488488][ T8696] 
[   75.490796][ T8696] The buggy address belongs to the object at ffff8880a990d040
[   75.490796][ T8696]  which belongs to the cache kmalloc-32 of size 32
[   75.504833][ T8696] The buggy address is located 0 bytes inside of
[   75.504833][ T8696]  32-byte region [ffff8880a990d040, ffff8880a990d060)
[   75.517840][ T8696] The buggy address belongs to the page:
[   75.523584][ T8696] page:ffffea0002a64340 refcount:1 mapcount:0 mapping:ffff8880aa8001c0 index:0xffff8880a990dfc1
[   75.533981][ T8696] raw: 00fffe0000000200 ffffea00029c52c8 ffffea0002a557c8 ffff8880aa8001c0
[   75.542543][ T8696] raw: ffff8880a990dfc1 ffff8880a990d000 000000010000003f 0000000000000000
[   75.551110][ T8696] page dumped because: kasan: bad access detected
[   75.557495][ T8696] 
[   75.559807][ T8696] Memory state around the buggy address:
[   75.565422][ T8696]  ffff8880a990cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.576411][ T8696]  ffff8880a990cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.584442][ T8696] >ffff8880a990d000: 00 03 fc fc fc fc fc fc 04 fc fc fc fc fc fc fc
[   75.592722][ T8696]                                            ^
[   75.598907][ T8696]  ffff8880a990d080: 06 fc fc fc fc fc fc fc 00 00 fc fc fc fc fc fc
[   75.606946][ T8696]  ffff8880a990d100: 00 07 fc fc fc fc fc fc 00 00 01 fc fc fc fc fc
[   75.614994][ T8696] ==================================================================
[   75.623051][ T8696] Disabling lock debugging due to kernel taint
[   75.629815][ T8696] Kernel panic - not syncing: panic_on_warn set ...
[   75.636413][ T8696] CPU: 1 PID: 8696 Comm: syz-executor442 Tainted: G    B             5.5.0-rc6-syzkaller #0
[   75.646457][ T8696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.656491][ T8696] Call Trace:
[   75.659796][ T8696]  dump_stack+0x1fb/0x318
[   75.664161][ T8696]  panic+0x264/0x7a9
[   75.668047][ T8696]  ? __kasan_report+0x193/0x1c0
[   75.672884][ T8696]  ? trace_hardirqs_on+0x34/0x80
[   75.677818][ T8696]  ? __kasan_report+0x193/0x1c0
[   75.682650][ T8696]  __kasan_report+0x1b9/0x1c0
[   75.687315][ T8696]  ? bitmap_ip_list+0x40d/0xcb0
[   75.692138][ T8696]  kasan_report+0x26/0x50
[   75.696451][ T8696]  ? debug_smp_processor_id+0x9/0x20
[   75.701755][ T8696]  check_memory_region+0x2b6/0x2f0
[   75.706848][ T8696]  __kasan_check_read+0x11/0x20
[   75.711672][ T8696]  bitmap_ip_list+0x40d/0xcb0
[   75.716345][ T8696]  ip_set_dump_start+0x10f9/0x1800
[   75.721482][ T8696]  netlink_dump+0x4ed/0x1170
[   75.726077][ T8696]  __netlink_dump_start+0x5cb/0x7b0
[   75.731264][ T8696]  ip_set_dump+0x107/0x160
[   75.735657][ T8696]  ? __find_set_type_get+0x540/0x540
[   75.740936][ T8696]  ? ip_set_dump_start+0x1800/0x1800
[   75.746208][ T8696]  ? ip_set_swap+0x730/0x730
[   75.750780][ T8696]  nfnetlink_rcv_msg+0x9ae/0xcd0
[   75.755752][ T8696]  ? cap_capable+0x25b/0x290
[   75.760377][ T8696]  ? cap_capable+0x25b/0x290
[   75.764951][ T8696]  netlink_rcv_skb+0x19e/0x3e0
[   75.769706][ T8696]  ? nfnetlink_bind+0x250/0x250
[   75.774538][ T8696]  nfnetlink_rcv+0x1e0/0x1e50
[   75.779206][ T8696]  ? rcu_lock_release+0x9/0x30
[   75.783945][ T8696]  ? rcu_lock_release+0x21/0x30
[   75.788774][ T8696]  ? netlink_deliver_tap+0x142/0x880
[   75.794048][ T8696]  netlink_unicast+0x767/0x920
[   75.798800][ T8696]  netlink_sendmsg+0xa2c/0xd50
[   75.803551][ T8696]  ? netlink_getsockopt+0x9f0/0x9f0
[   75.808727][ T8696]  ____sys_sendmsg+0x4f7/0x7f0
[   75.813495][ T8696]  __sys_sendmsg+0x1ed/0x290
[   75.818227][ T8696]  ? check_preemption_disabled+0xb4/0x260
[   75.823962][ T8696]  ? debug_smp_processor_id+0x9/0x20
[   75.829231][ T8696]  ? debug_smp_processor_id+0x1c/0x20
[   75.834591][ T8696]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   75.840646][ T8696]  ? prepare_exit_to_usermode+0x221/0x5b0
[   75.846343][ T8696]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[   75.852035][ T8696]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   75.857481][ T8696]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[   75.863191][ T8696]  ? do_syscall_64+0x1d/0x1c0
[   75.867845][ T8696]  __x64_sys_sendmsg+0x7f/0x90
[   75.872590][ T8696]  do_syscall_64+0xf7/0x1c0
[   75.877077][ T8696]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   75.882959][ T8696] RIP: 0033:0x440559
[   75.886831][ T8696] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   75.906417][ T8696] RSP: 002b:00007ffc440c16f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   75.914864][ T8696] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440559
[   75.922813][ T8696] RDX: 0000000000000080 RSI: 00000000200000c0 RDI: 0000000000000004
[   75.930804][ T8696] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   75.938787][ T8696] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000401de0
[   75.946731][ T8696] R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000
[   75.956192][ T8696] Kernel Offset: disabled
[   75.960513][ T8696] Rebooting in 86400 seconds..