[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   76.088917][   T27] audit: type=1800 audit(1579986924.797:25): pid=9599 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   76.109097][   T27] audit: type=1800 audit(1579986924.797:26): pid=9599 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   76.161121][   T27] audit: type=1800 audit(1579986924.807:27): pid=9599 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.137' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   86.954324][ T9753] ==================================================================
[   86.962657][ T9753] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080
[   86.970660][ T9753] Read of size 8 at addr ffff88809e51f680 by task syz-executor427/9753
[   86.978886][ T9753] 
[   86.981227][ T9753] CPU: 1 PID: 9753 Comm: syz-executor427 Not tainted 5.5.0-rc6-next-20200116-syzkaller #0
[   86.991395][ T9753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   87.001452][ T9753] Call Trace:
[   87.004778][ T9753]  dump_stack+0x197/0x210
[   87.009104][ T9753]  ? bitmap_ipmac_list+0x635/0x1080
[   87.014310][ T9753]  print_address_description.constprop.0.cold+0xd4/0x30b
[   87.021329][ T9753]  ? bitmap_ipmac_list+0x635/0x1080
[   87.026544][ T9753]  ? bitmap_ipmac_list+0x635/0x1080
[   87.031846][ T9753]  __kasan_report.cold+0x1b/0x32
[   87.036886][ T9753]  ? bitmap_ipmac_list+0x635/0x1080
[   87.042113][ T9753]  kasan_report+0x12/0x20
[   87.046442][ T9753]  check_memory_region+0x134/0x1a0
[   87.051561][ T9753]  __kasan_check_read+0x11/0x20
[   87.056531][ T9753]  bitmap_ipmac_list+0x635/0x1080
[   87.061558][ T9753]  ? bitmap_ipmac_head+0x8a0/0x8a0
[   87.066798][ T9753]  ? nla_put+0x110/0x150
[   87.071034][ T9753]  ip_set_dump_start+0x96c/0x1ca0
[   87.076123][ T9753]  ? ip_set_rename+0x720/0x720
[   87.080960][ T9753]  ? __kmalloc_reserve.isra.0+0x70/0xf0
[   87.086505][ T9753]  ? __lock_acquire+0x2660/0x4a00
[   87.091532][ T9753]  ? __kasan_check_write+0x14/0x20
[   87.096753][ T9753]  netlink_dump+0x558/0xfb0
[   87.101349][ T9753]  ? __netlink_sendskb+0xc0/0xc0
[   87.106292][ T9753]  __netlink_dump_start+0x673/0x930
[   87.111528][ T9753]  ip_set_dump+0x15a/0x1d0
[   87.115941][ T9753]  ? call_ad+0x5a0/0x5a0
[   87.120245][ T9753]  ? ip_set_rename+0x720/0x720
[   87.125007][ T9753]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[   87.130859][ T9753]  ? call_ad+0x5a0/0x5a0
[   87.135109][ T9753]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   87.140052][ T9753]  ? nfnetlink_bind+0x2c0/0x2c0
[   87.144909][ T9753]  ? __kasan_check_read+0x11/0x20
[   87.149929][ T9753]  ? __lock_acquire+0x8a0/0x4a00
[   87.154920][ T9753]  ? save_stack+0x5c/0x90
[   87.159267][ T9753]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.166096][ T9753]  ? apparmor_capable+0x4df/0x910
[   87.171121][ T9753]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.177356][ T9753]  ? __kasan_check_read+0x11/0x20
[   87.182571][ T9753]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   87.188041][ T9753]  netlink_rcv_skb+0x177/0x450
[   87.192905][ T9753]  ? nfnetlink_bind+0x2c0/0x2c0
[   87.197845][ T9753]  ? netlink_ack+0xb50/0xb50
[   87.202426][ T9753]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.208673][ T9753]  ? ns_capable_common+0x93/0x100
[   87.213693][ T9753]  ? ns_capable+0x20/0x30
[   87.218165][ T9753]  ? __netlink_ns_capable+0x104/0x140
[   87.223641][ T9753]  nfnetlink_rcv+0x1ba/0x460
[   87.228226][ T9753]  ? nfnetlink_rcv_batch+0x1780/0x1780
[   87.233769][ T9753]  ? netlink_deliver_tap+0x248/0xbf0
[   87.239051][ T9753]  ? __kasan_check_write+0x14/0x20
[   87.244158][ T9753]  netlink_unicast+0x59e/0x7e0
[   87.248978][ T9753]  ? netlink_attachskb+0x870/0x870
[   87.254084][ T9753]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   87.259884][ T9753]  ? __check_object_size+0x3d/0x437
[   87.265081][ T9753]  netlink_sendmsg+0x91c/0xea0
[   87.269836][ T9753]  ? netlink_unicast+0x7e0/0x7e0
[   87.274765][ T9753]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   87.280428][ T9753]  ? apparmor_socket_sendmsg+0x2a/0x30
[   87.285888][ T9753]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.292387][ T9753]  ? security_socket_sendmsg+0x8d/0xc0
[   87.297839][ T9753]  ? netlink_unicast+0x7e0/0x7e0
[   87.302772][ T9753]  sock_sendmsg+0xd7/0x130
[   87.307196][ T9753]  ____sys_sendmsg+0x753/0x880
[   87.311962][ T9753]  ? kernel_sendmsg+0x50/0x50
[   87.316622][ T9753]  ? lockdep_init_map+0x1be/0x6d0
[   87.321633][ T9753]  ___sys_sendmsg+0x100/0x170
[   87.326308][ T9753]  ? sendmsg_copy_msghdr+0x70/0x70
[   87.331414][ T9753]  ? __kasan_check_read+0x11/0x20
[   87.336450][ T9753]  ? __lock_acquire+0x8a0/0x4a00
[   87.341395][ T9753]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.347633][ T9753]  ? __this_cpu_preempt_check+0x35/0x190
[   87.353343][ T9753]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.359692][ T9753]  ? percpu_counter_add_batch+0x13c/0x190
[   87.365410][ T9753]  ? __fd_install+0x1bc/0x640
[   87.370080][ T9753]  ? find_held_lock+0x35/0x130
[   87.374847][ T9753]  ? __fd_install+0x1bc/0x640
[   87.379624][ T9753]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.385872][ T9753]  ? __fget_light+0x1ad/0x270
[   87.390561][ T9753]  ? __fdget+0x1b/0x20
[   87.394732][ T9753]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   87.401021][ T9753]  __sys_sendmsg+0x105/0x1d0
[   87.405720][ T9753]  ? __sys_sendmsg_sock+0xc0/0xc0
[   87.410790][ T9753]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   87.416242][ T9753]  ? do_syscall_64+0x26/0x790
[   87.420910][ T9753]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.426970][ T9753]  ? do_syscall_64+0x26/0x790
[   87.431659][ T9753]  __x64_sys_sendmsg+0x78/0xb0
[   87.436432][ T9753]  do_syscall_64+0xfa/0x790
[   87.441054][ T9753]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.447056][ T9753] RIP: 0033:0x440539
[   87.451128][ T9753] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   87.470731][ T9753] RSP: 002b:00007ffcf3bf5238 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   87.479185][ T9753] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440539
[   87.487166][ T9753] RDX: 0000000000000040 RSI: 0000000020000680 RDI: 0000000000000004
[   87.495358][ T9753] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   87.503316][ T9753] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401dc0
[   87.511454][ T9753] R13: 0000000000401e50 R14: 0000000000000000 R15: 0000000000000000
[   87.519426][ T9753] 
[   87.521740][ T9753] Allocated by task 9753:
[   87.526066][ T9753]  save_stack+0x23/0x90
[   87.530695][ T9753]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   87.536372][ T9753]  kasan_kmalloc+0x9/0x10
[   87.540701][ T9753]  __kmalloc+0x163/0x770
[   87.545048][ T9753]  ip_set_alloc+0x38/0x5e
[   87.549374][ T9753]  bitmap_ipmac_create+0x4e8/0xa00
[   87.554480][ T9753]  ip_set_create+0x6f1/0x1500
[   87.559146][ T9753]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   87.564182][ T9753]  netlink_rcv_skb+0x177/0x450
[   87.568935][ T9753]  nfnetlink_rcv+0x1ba/0x460
[   87.573775][ T9753]  netlink_unicast+0x59e/0x7e0
[   87.578529][ T9753]  netlink_sendmsg+0x91c/0xea0
[   87.583284][ T9753]  sock_sendmsg+0xd7/0x130
[   87.587815][ T9753]  ____sys_sendmsg+0x753/0x880
[   87.592609][ T9753]  ___sys_sendmsg+0x100/0x170
[   87.597290][ T9753]  __sys_sendmsg+0x105/0x1d0
[   87.601874][ T9753]  __x64_sys_sendmsg+0x78/0xb0
[   87.606644][ T9753]  do_syscall_64+0xfa/0x790
[   87.611139][ T9753]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.617103][ T9753] 
[   87.619499][ T9753] Freed by task 9479:
[   87.623467][ T9753]  save_stack+0x23/0x90
[   87.627616][ T9753]  __kasan_slab_free+0x102/0x150
[   87.632546][ T9753]  kasan_slab_free+0xe/0x10
[   87.637052][ T9753]  kfree+0x10a/0x2c0
[   87.640981][ T9753]  tomoyo_check_open_permission+0x19e/0x3e0
[   87.646870][ T9753]  tomoyo_file_open+0xa9/0xd0
[   87.651551][ T9753]  security_file_open+0x71/0x300
[   87.656481][ T9753]  do_dentry_open+0x365/0x1350
[   87.661232][ T9753]  vfs_open+0xa0/0xd0
[   87.665340][ T9753]  path_openat+0x12fd/0x34d0
[   87.669922][ T9753]  do_filp_open+0x192/0x260
[   87.674571][ T9753]  do_sys_openat2+0x633/0x840
[   87.679240][ T9753]  do_sys_open+0xfc/0x190
[   87.683564][ T9753]  __x64_sys_open+0x7e/0xc0
[   87.688063][ T9753]  do_syscall_64+0xfa/0x790
[   87.693342][ T9753]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.699221][ T9753] 
[   87.701540][ T9753] The buggy address belongs to the object at ffff88809e51f680
[   87.701540][ T9753]  which belongs to the cache kmalloc-32 of size 32
[   87.715418][ T9753] The buggy address is located 0 bytes inside of
[   87.715418][ T9753]  32-byte region [ffff88809e51f680, ffff88809e51f6a0)
[   87.728599][ T9753] The buggy address belongs to the page:
[   87.734240][ T9753] page:ffffea00027947c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809e51ffc1
[   87.744886][ T9753] flags: 0xfffe0000000200(slab)
[   87.749901][ T9753] raw: 00fffe0000000200 ffffea0002573cc8 ffffea0002573288 ffff8880aa4001c0
[   87.758534][ T9753] raw: ffff88809e51ffc1 ffff88809e51f000 000000010000002f 0000000000000000
[   87.767357][ T9753] page dumped because: kasan: bad access detected
[   87.773763][ T9753] 
[   87.776189][ T9753] Memory state around the buggy address:
[   87.781809][ T9753]  ffff88809e51f580: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   87.789858][ T9753]  ffff88809e51f600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   87.797980][ T9753] >ffff88809e51f680: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   87.806119][ T9753]                    ^
[   87.810191][ T9753]  ffff88809e51f700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   87.818384][ T9753]  ffff88809e51f780: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   87.826443][ T9753] ==================================================================
[   87.834696][ T9753] Disabling lock debugging due to kernel taint
[   87.842619][ T9753] Kernel panic - not syncing: panic_on_warn set ...
[   87.849231][ T9753] CPU: 0 PID: 9753 Comm: syz-executor427 Tainted: G    B             5.5.0-rc6-next-20200116-syzkaller #0
[   87.860579][ T9753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   87.871848][ T9753] Call Trace:
[   87.875137][ T9753]  dump_stack+0x197/0x210
[   87.879455][ T9753]  panic+0x2e3/0x75c
[   87.883404][ T9753]  ? add_taint.cold+0x16/0x16
[   87.888233][ T9753]  ? bitmap_ipmac_list+0x635/0x1080
[   87.893423][ T9753]  ? preempt_schedule+0x4b/0x60
[   87.898267][ T9753]  ? ___preempt_schedule+0x16/0x18
[   87.903388][ T9753]  ? trace_hardirqs_on+0x5e/0x240
[   87.908402][ T9753]  ? bitmap_ipmac_list+0x635/0x1080
[   87.913595][ T9753]  end_report+0x47/0x4f
[   87.917745][ T9753]  ? bitmap_ipmac_list+0x635/0x1080
[   87.922932][ T9753]  __kasan_report.cold+0xe/0x32
[   87.927774][ T9753]  ? bitmap_ipmac_list+0x635/0x1080
[   87.932959][ T9753]  kasan_report+0x12/0x20
[   87.937333][ T9753]  check_memory_region+0x134/0x1a0
[   87.942539][ T9753]  __kasan_check_read+0x11/0x20
[   87.947490][ T9753]  bitmap_ipmac_list+0x635/0x1080
[   87.952519][ T9753]  ? bitmap_ipmac_head+0x8a0/0x8a0
[   87.957626][ T9753]  ? nla_put+0x110/0x150
[   87.961854][ T9753]  ip_set_dump_start+0x96c/0x1ca0
[   87.966927][ T9753]  ? ip_set_rename+0x720/0x720
[   87.971680][ T9753]  ? __kmalloc_reserve.isra.0+0x70/0xf0
[   87.977355][ T9753]  ? __lock_acquire+0x2660/0x4a00
[   87.982492][ T9753]  ? __kasan_check_write+0x14/0x20
[   87.987686][ T9753]  netlink_dump+0x558/0xfb0
[   87.992181][ T9753]  ? __netlink_sendskb+0xc0/0xc0
[   87.997132][ T9753]  __netlink_dump_start+0x673/0x930
[   88.002323][ T9753]  ip_set_dump+0x15a/0x1d0
[   88.006764][ T9753]  ? call_ad+0x5a0/0x5a0
[   88.010997][ T9753]  ? ip_set_rename+0x720/0x720
[   88.015847][ T9753]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[   88.021734][ T9753]  ? call_ad+0x5a0/0x5a0
[   88.026134][ T9753]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   88.031556][ T9753]  ? nfnetlink_bind+0x2c0/0x2c0
[   88.036488][ T9753]  ? __kasan_check_read+0x11/0x20
[   88.041541][ T9753]  ? __lock_acquire+0x8a0/0x4a00
[   88.046476][ T9753]  ? save_stack+0x5c/0x90
[   88.050802][ T9753]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.057041][ T9753]  ? apparmor_capable+0x4df/0x910
[   88.062117][ T9753]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.068786][ T9753]  ? __kasan_check_read+0x11/0x20
[   88.073801][ T9753]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   88.079255][ T9753]  netlink_rcv_skb+0x177/0x450
[   88.084040][ T9753]  ? nfnetlink_bind+0x2c0/0x2c0
[   88.088897][ T9753]  ? netlink_ack+0xb50/0xb50
[   88.093482][ T9753]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.099769][ T9753]  ? ns_capable_common+0x93/0x100
[   88.104788][ T9753]  ? ns_capable+0x20/0x30
[   88.109265][ T9753]  ? __netlink_ns_capable+0x104/0x140
[   88.114752][ T9753]  nfnetlink_rcv+0x1ba/0x460
[   88.119338][ T9753]  ? nfnetlink_rcv_batch+0x1780/0x1780
[   88.124789][ T9753]  ? netlink_deliver_tap+0x248/0xbf0
[   88.130079][ T9753]  ? __kasan_check_write+0x14/0x20
[   88.135233][ T9753]  netlink_unicast+0x59e/0x7e0
[   88.139988][ T9753]  ? netlink_attachskb+0x870/0x870
[   88.145093][ T9753]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   88.150814][ T9753]  ? __check_object_size+0x3d/0x437
[   88.156049][ T9753]  netlink_sendmsg+0x91c/0xea0
[   88.160945][ T9753]  ? netlink_unicast+0x7e0/0x7e0
[   88.166001][ T9753]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   88.171554][ T9753]  ? apparmor_socket_sendmsg+0x2a/0x30
[   88.177029][ T9753]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.183275][ T9753]  ? security_socket_sendmsg+0x8d/0xc0
[   88.188735][ T9753]  ? netlink_unicast+0x7e0/0x7e0
[   88.193737][ T9753]  sock_sendmsg+0xd7/0x130
[   88.198160][ T9753]  ____sys_sendmsg+0x753/0x880
[   88.203051][ T9753]  ? kernel_sendmsg+0x50/0x50
[   88.207722][ T9753]  ? lockdep_init_map+0x1be/0x6d0
[   88.212741][ T9753]  ___sys_sendmsg+0x100/0x170
[   88.217513][ T9753]  ? sendmsg_copy_msghdr+0x70/0x70
[   88.222637][ T9753]  ? __kasan_check_read+0x11/0x20
[   88.227701][ T9753]  ? __lock_acquire+0x8a0/0x4a00
[   88.232724][ T9753]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.239169][ T9753]  ? __this_cpu_preempt_check+0x35/0x190
[   88.244918][ T9753]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.251384][ T9753]  ? percpu_counter_add_batch+0x13c/0x190
[   88.257147][ T9753]  ? __fd_install+0x1bc/0x640
[   88.261893][ T9753]  ? find_held_lock+0x35/0x130
[   88.266784][ T9753]  ? __fd_install+0x1bc/0x640
[   88.271506][ T9753]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.277792][ T9753]  ? __fget_light+0x1ad/0x270
[   88.282495][ T9753]  ? __fdget+0x1b/0x20
[   88.286594][ T9753]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   88.292827][ T9753]  __sys_sendmsg+0x105/0x1d0
[   88.297482][ T9753]  ? __sys_sendmsg_sock+0xc0/0xc0
[   88.302610][ T9753]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   88.308057][ T9753]  ? do_syscall_64+0x26/0x790
[   88.312720][ T9753]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   88.318874][ T9753]  ? do_syscall_64+0x26/0x790
[   88.323537][ T9753]  __x64_sys_sendmsg+0x78/0xb0
[   88.328402][ T9753]  do_syscall_64+0xfa/0x790
[   88.332885][ T9753]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   88.338865][ T9753] RIP: 0033:0x440539
[   88.342754][ T9753] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   88.362630][ T9753] RSP: 002b:00007ffcf3bf5238 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   88.371029][ T9753] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440539
[   88.379136][ T9753] RDX: 0000000000000040 RSI: 0000000020000680 RDI: 0000000000000004
[   88.387142][ T9753] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   88.395272][ T9753] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401dc0
[   88.406187][ T9753] R13: 0000000000401e50 R14: 0000000000000000 R15: 0000000000000000
[   88.415805][ T9753] Kernel Offset: disabled
[   88.420189][ T9753] Rebooting in 86400 seconds..