[   75.633197][   T27] audit: type=1800 audit(1579426698.521:24): pid=9650 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="sudo" dev="sda1" ino=2454 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   76.369347][   T27] audit: type=1800 audit(1579426699.381:25): pid=9650 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   76.389674][   T27] audit: type=1800 audit(1579426699.381:26): pid=9650 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.198' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   85.172496][ T9802] ==================================================================
[   85.180821][ T9802] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40f/0xf20
[   85.188362][ T9802] Read of size 8 at addr ffff8880a00c3580 by task syz-executor185/9802
[   85.196728][ T9802] 
[   85.199098][ T9802] CPU: 0 PID: 9802 Comm: syz-executor185 Not tainted 5.5.0-rc5-syzkaller #0
[   85.207939][ T9802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.218001][ T9802] Call Trace:
[   85.221295][ T9802]  dump_stack+0x197/0x210
[   85.225624][ T9802]  ? bitmap_ip_list+0x40f/0xf20
[   85.230635][ T9802]  print_address_description.constprop.0.cold+0xd4/0x30b
[   85.237763][ T9802]  ? bitmap_ip_list+0x40f/0xf20
[   85.242673][ T9802]  ? bitmap_ip_list+0x40f/0xf20
[   85.247528][ T9802]  __kasan_report.cold+0x1b/0x41
[   85.252511][ T9802]  ? bitmap_ip_list+0x40f/0xf20
[   85.257602][ T9802]  kasan_report+0x12/0x20
[   85.261938][ T9802]  check_memory_region+0x134/0x1a0
[   85.267057][ T9802]  __kasan_check_read+0x11/0x20
[   85.271994][ T9802]  bitmap_ip_list+0x40f/0xf20
[   85.276864][ T9802]  ? bitmap_ip_add+0xe60/0xe60
[   85.281841][ T9802]  ? nla_put+0x110/0x150
[   85.286189][ T9802]  ip_set_dump_start+0x96c/0x1ca0
[   85.291500][ T9802]  ? ip_set_rename+0x720/0x720
[   85.296275][ T9802]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[   85.301825][ T9802]  ? perf_trace_lock_acquire+0x4b0/0x530
[   85.307494][ T9802]  ? __kasan_check_write+0x14/0x20
[   85.312601][ T9802]  netlink_dump+0x558/0xfb0
[   85.317196][ T9802]  ? __netlink_sendskb+0xc0/0xc0
[   85.322258][ T9802]  __netlink_dump_start+0x66a/0x930
[   85.327784][ T9802]  ip_set_dump+0x15a/0x1d0
[   85.332196][ T9802]  ? call_ad+0x5a0/0x5a0
[   85.336444][ T9802]  ? ip_set_rename+0x720/0x720
[   85.341226][ T9802]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[   85.347050][ T9802]  ? call_ad+0x5a0/0x5a0
[   85.351345][ T9802]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   85.356299][ T9802]  ? nfnetlink_bind+0x2c0/0x2c0
[   85.361426][ T9802]  ? __kasan_check_read+0x11/0x20
[   85.366797][ T9802]  ? __lock_acquire+0x8a0/0x4a00
[   85.371737][ T9802]  ? save_stack+0x5c/0x90
[   85.376076][ T9802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.382314][ T9802]  ? apparmor_capable+0x497/0x900
[   85.387484][ T9802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.393746][ T9802]  ? __kasan_check_read+0x11/0x20
[   85.398898][ T9802]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   85.404538][ T9802]  netlink_rcv_skb+0x177/0x450
[   85.409305][ T9802]  ? nfnetlink_bind+0x2c0/0x2c0
[   85.414165][ T9802]  ? netlink_ack+0xb50/0xb50
[   85.419018][ T9802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.425260][ T9802]  ? ns_capable_common+0x93/0x100
[   85.430289][ T9802]  ? ns_capable+0x20/0x30
[   85.434620][ T9802]  ? __netlink_ns_capable+0x104/0x140
[   85.440097][ T9802]  nfnetlink_rcv+0x1ba/0x460
[   85.444689][ T9802]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   85.450147][ T9802]  ? netlink_deliver_tap+0x24a/0xbe0
[   85.455451][ T9802]  ? __kasan_check_write+0x14/0x20
[   85.460667][ T9802]  netlink_unicast+0x58c/0x7d0
[   85.465587][ T9802]  ? netlink_attachskb+0x870/0x870
[   85.470707][ T9802]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   85.476602][ T9802]  ? __check_object_size+0x3d/0x437
[   85.481810][ T9802]  netlink_sendmsg+0x91c/0xea0
[   85.486578][ T9802]  ? netlink_unicast+0x7d0/0x7d0
[   85.491543][ T9802]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   85.497099][ T9802]  ? apparmor_socket_sendmsg+0x2a/0x30
[   85.503433][ T9802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.509679][ T9802]  ? security_socket_sendmsg+0x8d/0xc0
[   85.515148][ T9802]  ? netlink_unicast+0x7d0/0x7d0
[   85.520296][ T9802]  sock_sendmsg+0xd7/0x130
[   85.524700][ T9802]  ____sys_sendmsg+0x753/0x880
[   85.529522][ T9802]  ? kernel_sendmsg+0x50/0x50
[   85.534207][ T9802]  ? lockdep_init_map+0x1be/0x6d0
[   85.539243][ T9802]  ___sys_sendmsg+0x100/0x170
[   85.544968][ T9802]  ? sendmsg_copy_msghdr+0x70/0x70
[   85.550093][ T9802]  ? __kasan_check_read+0x11/0x20
[   85.555124][ T9802]  ? __lock_acquire+0x8a0/0x4a00
[   85.560068][ T9802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.566407][ T9802]  ? __this_cpu_preempt_check+0x35/0x190
[   85.572278][ T9802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.578520][ T9802]  ? percpu_counter_add_batch+0x13c/0x190
[   85.584410][ T9802]  ? __fd_install+0x1bc/0x640
[   85.589091][ T9802]  ? find_held_lock+0x35/0x130
[   85.593887][ T9802]  ? __fd_install+0x1bc/0x640
[   85.598683][ T9802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.604988][ T9802]  ? __fget_light+0x1a9/0x230
[   85.609711][ T9802]  ? __fdget+0x1b/0x20
[   85.613772][ T9802]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   85.620277][ T9802]  __sys_sendmsg+0x105/0x1d0
[   85.624854][ T9802]  ? __sys_sendmsg_sock+0xc0/0xc0
[   85.630004][ T9802]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   85.635476][ T9802]  ? do_syscall_64+0x26/0x790
[   85.640167][ T9802]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.646241][ T9802]  ? do_syscall_64+0x26/0x790
[   85.651041][ T9802]  __x64_sys_sendmsg+0x78/0xb0
[   85.655824][ T9802]  do_syscall_64+0xfa/0x790
[   85.660342][ T9802]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.666476][ T9802] RIP: 0033:0x440569
[   85.670559][ T9802] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   85.690165][ T9802] RSP: 002b:00007fff706fc5e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.702690][ T9802] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440569
[   85.711141][ T9802] RDX: 0000000000000010 RSI: 00000000200003c0 RDI: 0000000000000004
[   85.719112][ T9802] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   85.727081][ T9802] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401df0
[   85.735061][ T9802] R13: 0000000000401e80 R14: 0000000000000000 R15: 0000000000000000
[   85.743145][ T9802] 
[   85.745474][ T9802] Allocated by task 9802:
[   85.749804][ T9802]  save_stack+0x23/0x90
[   85.753955][ T9802]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   85.759594][ T9802]  kasan_kmalloc+0x9/0x10
[   85.763911][ T9802]  __kmalloc+0x163/0x770
[   85.768327][ T9802]  ip_set_alloc+0x38/0x5e
[   85.772760][ T9802]  bitmap_ip_create+0x6ec/0xc20
[   85.777617][ T9802]  ip_set_create+0x6f1/0x1500
[   85.782309][ T9802]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   85.787317][ T9802]  netlink_rcv_skb+0x177/0x450
[   85.792112][ T9802]  nfnetlink_rcv+0x1ba/0x460
[   85.796728][ T9802]  netlink_unicast+0x58c/0x7d0
[   85.801503][ T9802]  netlink_sendmsg+0x91c/0xea0
[   85.806318][ T9802]  sock_sendmsg+0xd7/0x130
[   85.810731][ T9802]  ____sys_sendmsg+0x753/0x880
[   85.815501][ T9802]  ___sys_sendmsg+0x100/0x170
[   85.820366][ T9802]  __sys_sendmsg+0x105/0x1d0
[   85.824964][ T9802]  __x64_sys_sendmsg+0x78/0xb0
[   85.829733][ T9802]  do_syscall_64+0xfa/0x790
[   85.834239][ T9802]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.840127][ T9802] 
[   85.842453][ T9802] Freed by task 9534:
[   85.846434][ T9802]  save_stack+0x23/0x90
[   85.850704][ T9802]  __kasan_slab_free+0x102/0x150
[   85.855823][ T9802]  kasan_slab_free+0xe/0x10
[   85.860336][ T9802]  kfree+0x10a/0x2c0
[   85.864217][ T9802]  tomoyo_path_perm+0x24e/0x430
[   85.869070][ T9802]  tomoyo_inode_getattr+0x1d/0x30
[   85.874476][ T9802]  security_inode_getattr+0xf2/0x150
[   85.879759][ T9802]  vfs_getattr+0x25/0x70
[   85.883987][ T9802]  vfs_statx+0x157/0x200
[   85.888220][ T9802]  __do_sys_newstat+0xa4/0x130
[   85.892977][ T9802]  __x64_sys_newstat+0x54/0x80
[   85.897763][ T9802]  do_syscall_64+0xfa/0x790
[   85.902270][ T9802]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.908146][ T9802] 
[   85.910551][ T9802] The buggy address belongs to the object at ffff8880a00c3580
[   85.910551][ T9802]  which belongs to the cache kmalloc-32 of size 32
[   85.924431][ T9802] The buggy address is located 0 bytes inside of
[   85.924431][ T9802]  32-byte region [ffff8880a00c3580, ffff8880a00c35a0)
[   85.937569][ T9802] The buggy address belongs to the page:
[   85.943217][ T9802] page:ffffea00028030c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a00c3fc1
[   85.953684][ T9802] raw: 00fffe0000000200 ffffea0002a06908 ffffea0002592cc8 ffff8880aa4001c0
[   85.962313][ T9802] raw: ffff8880a00c3fc1 ffff8880a00c3000 000000010000002a 0000000000000000
[   85.970896][ T9802] page dumped because: kasan: bad access detected
[   85.977305][ T9802] 
[   85.979633][ T9802] Memory state around the buggy address:
[   85.985263][ T9802]  ffff8880a00c3480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   85.993322][ T9802]  ffff8880a00c3500: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   86.001384][ T9802] >ffff8880a00c3580: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   86.009457][ T9802]                    ^
[   86.013515][ T9802]  ffff8880a00c3600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   86.021576][ T9802]  ffff8880a00c3680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   86.029791][ T9802] ==================================================================
[   86.037844][ T9802] Disabling lock debugging due to kernel taint
[   86.044672][ T9802] Kernel panic - not syncing: panic_on_warn set ...
[   86.051289][ T9802] CPU: 0 PID: 9802 Comm: syz-executor185 Tainted: G    B             5.5.0-rc5-syzkaller #0
[   86.061340][ T9802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   86.071458][ T9802] Call Trace:
[   86.074746][ T9802]  dump_stack+0x197/0x210
[   86.079252][ T9802]  panic+0x2e3/0x75c
[   86.083150][ T9802]  ? add_taint.cold+0x16/0x16
[   86.087820][ T9802]  ? bitmap_ip_list+0x40f/0xf20
[   86.092674][ T9802]  ? preempt_schedule+0x4b/0x60
[   86.097526][ T9802]  ? ___preempt_schedule+0x16/0x18
[   86.102652][ T9802]  ? trace_hardirqs_on+0x5e/0x240
[   86.107675][ T9802]  ? bitmap_ip_list+0x40f/0xf20
[   86.112665][ T9802]  end_report+0x47/0x4f
[   86.117113][ T9802]  ? bitmap_ip_list+0x40f/0xf20
[   86.122239][ T9802]  __kasan_report.cold+0xe/0x41
[   86.127206][ T9802]  ? bitmap_ip_list+0x40f/0xf20
[   86.132116][ T9802]  kasan_report+0x12/0x20
[   86.136449][ T9802]  check_memory_region+0x134/0x1a0
[   86.141544][ T9802]  __kasan_check_read+0x11/0x20
[   86.146418][ T9802]  bitmap_ip_list+0x40f/0xf20
[   86.151181][ T9802]  ? bitmap_ip_add+0xe60/0xe60
[   86.156061][ T9802]  ? nla_put+0x110/0x150
[   86.160290][ T9802]  ip_set_dump_start+0x96c/0x1ca0
[   86.165339][ T9802]  ? ip_set_rename+0x720/0x720
[   86.170134][ T9802]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[   86.175681][ T9802]  ? perf_trace_lock_acquire+0x4b0/0x530
[   86.182128][ T9802]  ? __kasan_check_write+0x14/0x20
[   86.187240][ T9802]  netlink_dump+0x558/0xfb0
[   86.191797][ T9802]  ? __netlink_sendskb+0xc0/0xc0
[   86.196815][ T9802]  __netlink_dump_start+0x66a/0x930
[   86.202039][ T9802]  ip_set_dump+0x15a/0x1d0
[   86.206453][ T9802]  ? call_ad+0x5a0/0x5a0
[   86.210817][ T9802]  ? ip_set_rename+0x720/0x720
[   86.215701][ T9802]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[   86.221519][ T9802]  ? call_ad+0x5a0/0x5a0
[   86.225905][ T9802]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   86.230983][ T9802]  ? nfnetlink_bind+0x2c0/0x2c0
[   86.235846][ T9802]  ? __kasan_check_read+0x11/0x20
[   86.242314][ T9802]  ? __lock_acquire+0x8a0/0x4a00
[   86.247258][ T9802]  ? save_stack+0x5c/0x90
[   86.251728][ T9802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.258408][ T9802]  ? apparmor_capable+0x497/0x900
[   86.263421][ T9802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.269666][ T9802]  ? __kasan_check_read+0x11/0x20
[   86.274791][ T9802]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   86.280313][ T9802]  netlink_rcv_skb+0x177/0x450
[   86.285170][ T9802]  ? nfnetlink_bind+0x2c0/0x2c0
[   86.290153][ T9802]  ? netlink_ack+0xb50/0xb50
[   86.294748][ T9802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.300993][ T9802]  ? ns_capable_common+0x93/0x100
[   86.306017][ T9802]  ? ns_capable+0x20/0x30
[   86.310359][ T9802]  ? __netlink_ns_capable+0x104/0x140
[   86.315800][ T9802]  nfnetlink_rcv+0x1ba/0x460
[   86.320401][ T9802]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   86.326115][ T9802]  ? netlink_deliver_tap+0x24a/0xbe0
[   86.331556][ T9802]  ? __kasan_check_write+0x14/0x20
[   86.336766][ T9802]  netlink_unicast+0x58c/0x7d0
[   86.341545][ T9802]  ? netlink_attachskb+0x870/0x870
[   86.346684][ T9802]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   86.352543][ T9802]  ? __check_object_size+0x3d/0x437
[   86.357902][ T9802]  netlink_sendmsg+0x91c/0xea0
[   86.362679][ T9802]  ? netlink_unicast+0x7d0/0x7d0
[   86.367629][ T9802]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   86.373232][ T9802]  ? apparmor_socket_sendmsg+0x2a/0x30
[   86.378692][ T9802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.384934][ T9802]  ? security_socket_sendmsg+0x8d/0xc0
[   86.390481][ T9802]  ? netlink_unicast+0x7d0/0x7d0
[   86.395417][ T9802]  sock_sendmsg+0xd7/0x130
[   86.399835][ T9802]  ____sys_sendmsg+0x753/0x880
[   86.404644][ T9802]  ? kernel_sendmsg+0x50/0x50
[   86.409424][ T9802]  ? lockdep_init_map+0x1be/0x6d0
[   86.414670][ T9802]  ___sys_sendmsg+0x100/0x170
[   86.419359][ T9802]  ? sendmsg_copy_msghdr+0x70/0x70
[   86.424679][ T9802]  ? __kasan_check_read+0x11/0x20
[   86.429701][ T9802]  ? __lock_acquire+0x8a0/0x4a00
[   86.434641][ T9802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.440949][ T9802]  ? __this_cpu_preempt_check+0x35/0x190
[   86.446653][ T9802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.452947][ T9802]  ? percpu_counter_add_batch+0x13c/0x190
[   86.458754][ T9802]  ? __fd_install+0x1bc/0x640
[   86.463438][ T9802]  ? find_held_lock+0x35/0x130
[   86.468209][ T9802]  ? __fd_install+0x1bc/0x640
[   86.472899][ T9802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.479698][ T9802]  ? __fget_light+0x1a9/0x230
[   86.484358][ T9802]  ? __fdget+0x1b/0x20
[   86.488916][ T9802]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   86.495160][ T9802]  __sys_sendmsg+0x105/0x1d0
[   86.499741][ T9802]  ? __sys_sendmsg_sock+0xc0/0xc0
[   86.505556][ T9802]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   86.511010][ T9802]  ? do_syscall_64+0x26/0x790
[   86.515683][ T9802]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.521851][ T9802]  ? do_syscall_64+0x26/0x790
[   86.526532][ T9802]  __x64_sys_sendmsg+0x78/0xb0
[   86.531304][ T9802]  do_syscall_64+0xfa/0x790
[   86.535804][ T9802]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.541727][ T9802] RIP: 0033:0x440569
[   86.545793][ T9802] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   86.566059][ T9802] RSP: 002b:00007fff706fc5e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   86.574477][ T9802] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440569
[   86.582457][ T9802] RDX: 0000000000000010 RSI: 00000000200003c0 RDI: 0000000000000004
[   86.590454][ T9802] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   86.598507][ T9802] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401df0
[   86.606514][ T9802] R13: 0000000000401e80 R14: 0000000000000000 R15: 0000000000000000
[   86.616105][ T9802] Kernel Offset: disabled
[   86.620701][ T9802] Rebooting in 86400 seconds..