[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   65.299123][   T27] audit: type=1800 audit(1580646325.062:25): pid=9527 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   65.333000][   T27] audit: type=1800 audit(1580646325.072:26): pid=9527 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   65.362979][   T27] audit: type=1800 audit(1580646325.072:27): pid=9527 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   87.302530][ T9681] ==================================================================
[   87.310721][ T9681] BUG: KASAN: slab-out-of-bounds in bitmap_ip_ext_cleanup+0xd8/0x290
[   87.318792][ T9681] Read of size 8 at addr ffff8880a91f8980 by task syz-executor025/9681
[   87.327008][ T9681] 
[   87.329323][ T9681] CPU: 1 PID: 9681 Comm: syz-executor025 Not tainted 5.5.0-rc6-next-20200116-syzkaller #0
[   87.339218][ T9681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   87.349283][ T9681] Call Trace:
[   87.352574][ T9681]  dump_stack+0x197/0x210
[   87.356887][ T9681]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   87.362261][ T9681]  print_address_description.constprop.0.cold+0xd4/0x30b
[   87.369277][ T9681]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   87.374642][ T9681]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   87.380012][ T9681]  __kasan_report.cold+0x1b/0x32
[   87.385037][ T9681]  ? ip_set_net_exit+0x500/0x5c0
[   87.390482][ T9681]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   87.395853][ T9681]  kasan_report+0x12/0x20
[   87.400186][ T9681]  check_memory_region+0x134/0x1a0
[   87.405290][ T9681]  __kasan_check_read+0x11/0x20
[   87.410198][ T9681]  bitmap_ip_ext_cleanup+0xd8/0x290
[   87.415385][ T9681]  bitmap_ip_destroy+0x180/0x1d0
[   87.420318][ T9681]  ip_set_create+0xe47/0x1500
[   87.425016][ T9681]  ? ip_set_destroy+0xb70/0xb70
[   87.429872][ T9681]  ? ip_set_destroy+0xb70/0xb70
[   87.434713][ T9681]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   87.439638][ T9681]  ? nfnetlink_bind+0x2c0/0x2c0
[   87.444482][ T9681]  ? __kasan_check_read+0x11/0x20
[   87.449492][ T9681]  ? __lock_acquire+0x8a0/0x4a00
[   87.454420][ T9681]  ? save_stack+0x5c/0x90
[   87.458743][ T9681]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.464974][ T9681]  ? apparmor_capable+0x4df/0x910
[   87.469989][ T9681]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.476273][ T9681]  ? __kasan_check_read+0x11/0x20
[   87.481290][ T9681]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   87.486779][ T9681]  netlink_rcv_skb+0x177/0x450
[   87.491556][ T9681]  ? nfnetlink_bind+0x2c0/0x2c0
[   87.496401][ T9681]  ? netlink_ack+0xb50/0xb50
[   87.500978][ T9681]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.507201][ T9681]  ? ns_capable_common+0x93/0x100
[   87.512212][ T9681]  ? ns_capable+0x20/0x30
[   87.516525][ T9681]  ? __netlink_ns_capable+0x104/0x140
[   87.521891][ T9681]  nfnetlink_rcv+0x1ba/0x460
[   87.526473][ T9681]  ? nfnetlink_rcv_batch+0x1780/0x1780
[   87.531923][ T9681]  ? netlink_deliver_tap+0x248/0xbf0
[   87.537205][ T9681]  ? __kasan_check_write+0x14/0x20
[   87.542309][ T9681]  netlink_unicast+0x59e/0x7e0
[   87.547062][ T9681]  ? netlink_attachskb+0x870/0x870
[   87.552248][ T9681]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   87.557960][ T9681]  ? __check_object_size+0x3d/0x437
[   87.563147][ T9681]  netlink_sendmsg+0x91c/0xea0
[   87.572849][ T9681]  ? netlink_unicast+0x7e0/0x7e0
[   87.577779][ T9681]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   87.584518][ T9681]  ? apparmor_socket_sendmsg+0x2a/0x30
[   87.589982][ T9681]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.596210][ T9681]  ? security_socket_sendmsg+0x8d/0xc0
[   87.601656][ T9681]  ? netlink_unicast+0x7e0/0x7e0
[   87.606579][ T9681]  sock_sendmsg+0xd7/0x130
[   87.610995][ T9681]  ____sys_sendmsg+0x753/0x880
[   87.615752][ T9681]  ? kernel_sendmsg+0x50/0x50
[   87.620489][ T9681]  ___sys_sendmsg+0x100/0x170
[   87.625155][ T9681]  ? sendmsg_copy_msghdr+0x70/0x70
[   87.630255][ T9681]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   87.636231][ T9681]  ? prep_transhuge_page+0xa0/0xa0
[   87.641343][ T9681]  ? do_page_fault+0x579/0x12e1
[   87.646224][ T9681]  ? find_held_lock+0x35/0x130
[   87.650975][ T9681]  ? do_page_fault+0x579/0x12e1
[   87.655814][ T9681]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.662041][ T9681]  ? __fget_light+0x1ad/0x270
[   87.666889][ T9681]  ? __fdget+0x1b/0x20
[   87.670947][ T9681]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   87.677171][ T9681]  __sys_sendmsg+0x105/0x1d0
[   87.681747][ T9681]  ? __sys_sendmsg_sock+0xc0/0xc0
[   87.686766][ T9681]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   87.692216][ T9681]  ? do_syscall_64+0x26/0x790
[   87.696910][ T9681]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.702971][ T9681]  ? do_syscall_64+0x26/0x790
[   87.707641][ T9681]  __x64_sys_sendmsg+0x78/0xb0
[   87.712444][ T9681]  do_syscall_64+0xfa/0x790
[   87.716939][ T9681]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.722817][ T9681] RIP: 0033:0x441459
[   87.726954][ T9681] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   87.746538][ T9681] RSP: 002b:00007ffc974d7a28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   87.754939][ T9681] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441459
[   87.762923][ T9681] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[   87.770940][ T9681] RBP: 00000000000154da R08: 00000000004002c8 R09: 00000000004002c8
[   87.778895][ T9681] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402280
[   87.786955][ T9681] R13: 0000000000402310 R14: 0000000000000000 R15: 0000000000000000
[   87.794919][ T9681] 
[   87.797228][ T9681] Allocated by task 9681:
[   87.801548][ T9681]  save_stack+0x23/0x90
[   87.805692][ T9681]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   87.811310][ T9681]  kasan_kmalloc+0x9/0x10
[   87.815705][ T9681]  __kmalloc+0x163/0x770
[   87.819931][ T9681]  ip_set_alloc+0x38/0x5e
[   87.824249][ T9681]  bitmap_ip_create+0x6ec/0xc20
[   87.829078][ T9681]  ip_set_create+0x6f1/0x1500
[   87.833743][ T9681]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   87.838665][ T9681]  netlink_rcv_skb+0x177/0x450
[   87.843485][ T9681]  nfnetlink_rcv+0x1ba/0x460
[   87.848055][ T9681]  netlink_unicast+0x59e/0x7e0
[   87.852832][ T9681]  netlink_sendmsg+0x91c/0xea0
[   87.857590][ T9681]  sock_sendmsg+0xd7/0x130
[   87.861992][ T9681]  ____sys_sendmsg+0x753/0x880
[   87.866740][ T9681]  ___sys_sendmsg+0x100/0x170
[   87.871401][ T9681]  __sys_sendmsg+0x105/0x1d0
[   87.875969][ T9681]  __x64_sys_sendmsg+0x78/0xb0
[   87.880723][ T9681]  do_syscall_64+0xfa/0x790
[   87.885215][ T9681]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.891083][ T9681] 
[   87.893392][ T9681] Freed by task 9378:
[   87.897376][ T9681]  save_stack+0x23/0x90
[   87.901520][ T9681]  __kasan_slab_free+0x102/0x150
[   87.906444][ T9681]  kasan_slab_free+0xe/0x10
[   87.910931][ T9681]  kfree+0x10a/0x2c0
[   87.914849][ T9681]  tomoyo_path_perm+0x24e/0x430
[   87.919682][ T9681]  tomoyo_inode_getattr+0x1d/0x30
[   87.924692][ T9681]  security_inode_getattr+0xf2/0x150
[   87.929963][ T9681]  vfs_getattr+0x25/0x70
[   87.934259][ T9681]  vfs_statx+0x15d/0x200
[   87.938538][ T9681]  __do_sys_newstat+0xa4/0x130
[   87.943305][ T9681]  __x64_sys_newstat+0x54/0x80
[   87.948143][ T9681]  do_syscall_64+0xfa/0x790
[   87.952636][ T9681]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.958509][ T9681] 
[   87.960888][ T9681] The buggy address belongs to the object at ffff8880a91f8980
[   87.960888][ T9681]  which belongs to the cache kmalloc-32 of size 32
[   87.974837][ T9681] The buggy address is located 0 bytes inside of
[   87.974837][ T9681]  32-byte region [ffff8880a91f8980, ffff8880a91f89a0)
[   87.987825][ T9681] The buggy address belongs to the page:
[   87.993445][ T9681] page:ffffea0002a47e00 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a91f8fc1
[   88.003970][ T9681] flags: 0xfffe0000000200(slab)
[   88.008829][ T9681] raw: 00fffe0000000200 ffffea00028a76c8 ffffea00029a4ac8 ffff8880aa4001c0
[   88.017413][ T9681] raw: ffff8880a91f8fc1 ffff8880a91f8000 000000010000003a 0000000000000000
[   88.025975][ T9681] page dumped because: kasan: bad access detected
[   88.032413][ T9681] 
[   88.034836][ T9681] Memory state around the buggy address:
[   88.040458][ T9681]  ffff8880a91f8880: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   88.048604][ T9681]  ffff8880a91f8900: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   88.056644][ T9681] >ffff8880a91f8980: 04 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   88.064770][ T9681]                    ^
[   88.068825][ T9681]  ffff8880a91f8a00: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc
[   88.076870][ T9681]  ffff8880a91f8a80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   88.084954][ T9681] ==================================================================
[   88.092998][ T9681] Disabling lock debugging due to kernel taint
[   88.101541][ T9681] Kernel panic - not syncing: panic_on_warn set ...
[   88.108131][ T9681] CPU: 1 PID: 9681 Comm: syz-executor025 Tainted: G    B             5.5.0-rc6-next-20200116-syzkaller #0
[   88.119384][ T9681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   88.130115][ T9681] Call Trace:
[   88.133411][ T9681]  dump_stack+0x197/0x210
[   88.137724][ T9681]  panic+0x2e3/0x75c
[   88.141606][ T9681]  ? add_taint.cold+0x16/0x16
[   88.146275][ T9681]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   88.151632][ T9681]  ? preempt_schedule+0x4b/0x60
[   88.156479][ T9681]  ? ___preempt_schedule+0x16/0x18
[   88.161578][ T9681]  ? trace_hardirqs_on+0x5e/0x240
[   88.166587][ T9681]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   88.171943][ T9681]  end_report+0x47/0x4f
[   88.176134][ T9681]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   88.181492][ T9681]  __kasan_report.cold+0xe/0x32
[   88.186330][ T9681]  ? ip_set_net_exit+0x500/0x5c0
[   88.191252][ T9681]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   88.196608][ T9681]  kasan_report+0x12/0x20
[   88.200930][ T9681]  check_memory_region+0x134/0x1a0
[   88.206038][ T9681]  __kasan_check_read+0x11/0x20
[   88.210871][ T9681]  bitmap_ip_ext_cleanup+0xd8/0x290
[   88.216221][ T9681]  bitmap_ip_destroy+0x180/0x1d0
[   88.221150][ T9681]  ip_set_create+0xe47/0x1500
[   88.225818][ T9681]  ? ip_set_destroy+0xb70/0xb70
[   88.230671][ T9681]  ? ip_set_destroy+0xb70/0xb70
[   88.235513][ T9681]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   88.240437][ T9681]  ? nfnetlink_bind+0x2c0/0x2c0
[   88.245270][ T9681]  ? __kasan_check_read+0x11/0x20
[   88.250381][ T9681]  ? __lock_acquire+0x8a0/0x4a00
[   88.255341][ T9681]  ? save_stack+0x5c/0x90
[   88.259660][ T9681]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.265928][ T9681]  ? apparmor_capable+0x4df/0x910
[   88.270954][ T9681]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.277203][ T9681]  ? __kasan_check_read+0x11/0x20
[   88.282223][ T9681]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   88.287666][ T9681]  netlink_rcv_skb+0x177/0x450
[   88.292414][ T9681]  ? nfnetlink_bind+0x2c0/0x2c0
[   88.297293][ T9681]  ? netlink_ack+0xb50/0xb50
[   88.301870][ T9681]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.308101][ T9681]  ? ns_capable_common+0x93/0x100
[   88.313105][ T9681]  ? ns_capable+0x20/0x30
[   88.317414][ T9681]  ? __netlink_ns_capable+0x104/0x140
[   88.322774][ T9681]  nfnetlink_rcv+0x1ba/0x460
[   88.327381][ T9681]  ? nfnetlink_rcv_batch+0x1780/0x1780
[   88.332899][ T9681]  ? netlink_deliver_tap+0x248/0xbf0
[   88.339000][ T9681]  ? __kasan_check_write+0x14/0x20
[   88.344145][ T9681]  netlink_unicast+0x59e/0x7e0
[   88.348897][ T9681]  ? netlink_attachskb+0x870/0x870
[   88.354043][ T9681]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   88.361185][ T9681]  ? __check_object_size+0x3d/0x437
[   88.366422][ T9681]  netlink_sendmsg+0x91c/0xea0
[   88.371174][ T9681]  ? netlink_unicast+0x7e0/0x7e0
[   88.376098][ T9681]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   88.381686][ T9681]  ? apparmor_socket_sendmsg+0x2a/0x30
[   88.387152][ T9681]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.393377][ T9681]  ? security_socket_sendmsg+0x8d/0xc0
[   88.398864][ T9681]  ? netlink_unicast+0x7e0/0x7e0
[   88.403789][ T9681]  sock_sendmsg+0xd7/0x130
[   88.408190][ T9681]  ____sys_sendmsg+0x753/0x880
[   88.412955][ T9681]  ? kernel_sendmsg+0x50/0x50
[   88.417623][ T9681]  ___sys_sendmsg+0x100/0x170
[   88.422337][ T9681]  ? sendmsg_copy_msghdr+0x70/0x70
[   88.427432][ T9681]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   88.433393][ T9681]  ? prep_transhuge_page+0xa0/0xa0
[   88.438578][ T9681]  ? do_page_fault+0x579/0x12e1
[   88.443759][ T9681]  ? find_held_lock+0x35/0x130
[   88.448506][ T9681]  ? do_page_fault+0x579/0x12e1
[   88.453341][ T9681]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.459575][ T9681]  ? __fget_light+0x1ad/0x270
[   88.464237][ T9681]  ? __fdget+0x1b/0x20
[   88.468287][ T9681]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   88.474507][ T9681]  __sys_sendmsg+0x105/0x1d0
[   88.479091][ T9681]  ? __sys_sendmsg_sock+0xc0/0xc0
[   88.484106][ T9681]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   88.489551][ T9681]  ? do_syscall_64+0x26/0x790
[   88.494255][ T9681]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   88.500350][ T9681]  ? do_syscall_64+0x26/0x790
[   88.505073][ T9681]  __x64_sys_sendmsg+0x78/0xb0
[   88.509821][ T9681]  do_syscall_64+0xfa/0x790
[   88.514312][ T9681]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   88.520185][ T9681] RIP: 0033:0x441459
[   88.524087][ T9681] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   88.543718][ T9681] RSP: 002b:00007ffc974d7a28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   88.552109][ T9681] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441459
[   88.560212][ T9681] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[   88.568189][ T9681] RBP: 00000000000154da R08: 00000000004002c8 R09: 00000000004002c8
[   88.576207][ T9681] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402280
[   88.584161][ T9681] R13: 0000000000402310 R14: 0000000000000000 R15: 0000000000000000
[   88.593526][ T9681] Kernel Offset: disabled
[   88.597957][ T9681] Rebooting in 86400 seconds..