[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   66.285781][   T28] audit: type=1800 audit(1580223442.756:25): pid=9470 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   66.305576][   T28] audit: type=1800 audit(1580223442.756:26): pid=9470 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   66.333479][   T28] audit: type=1800 audit(1580223442.766:27): pid=9470 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.188' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   76.268083][ T9622] ==================================================================
[   76.276279][ T9622] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080
[   76.284284][ T9622] Read of size 8 at addr ffff88809f754c00 by task syz-executor852/9622
[   76.292514][ T9622] 
[   76.294835][ T9622] CPU: 0 PID: 9622 Comm: syz-executor852 Not tainted 5.5.0-rc6-next-20200116-syzkaller #0
[   76.304703][ T9622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.314743][ T9622] Call Trace:
[   76.318077][ T9622]  dump_stack+0x197/0x210
[   76.322399][ T9622]  ? bitmap_ipmac_list+0x635/0x1080
[   76.327710][ T9622]  print_address_description.constprop.0.cold+0xd4/0x30b
[   76.334728][ T9622]  ? bitmap_ipmac_list+0x635/0x1080
[   76.339921][ T9622]  ? bitmap_ipmac_list+0x635/0x1080
[   76.345109][ T9622]  __kasan_report.cold+0x1b/0x32
[   76.350047][ T9622]  ? bitmap_ipmac_list+0x635/0x1080
[   76.355232][ T9622]  kasan_report+0x12/0x20
[   76.359556][ T9622]  check_memory_region+0x134/0x1a0
[   76.364667][ T9622]  __kasan_check_read+0x11/0x20
[   76.369516][ T9622]  bitmap_ipmac_list+0x635/0x1080
[   76.374532][ T9622]  ? bitmap_ipmac_head+0x8a0/0x8a0
[   76.379640][ T9622]  ? nla_put+0x110/0x150
[   76.384867][ T9622]  ip_set_dump_start+0x96c/0x1ca0
[   76.389903][ T9622]  ? ip_set_rename+0x720/0x720
[   76.394652][ T9622]  ? __kmalloc_reserve.isra.0+0x70/0xf0
[   76.400199][ T9622]  ? __lock_acquire+0x2660/0x4a00
[   76.405221][ T9622]  ? __kasan_check_write+0x14/0x20
[   76.410334][ T9622]  netlink_dump+0x558/0xfb0
[   76.414874][ T9622]  ? __netlink_sendskb+0xc0/0xc0
[   76.419822][ T9622]  __netlink_dump_start+0x673/0x930
[   76.425025][ T9622]  ip_set_dump+0x15a/0x1d0
[   76.429481][ T9622]  ? call_ad+0x5a0/0x5a0
[   76.433756][ T9622]  ? ip_set_rename+0x720/0x720
[   76.438507][ T9622]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[   76.444308][ T9622]  ? call_ad+0x5a0/0x5a0
[   76.448884][ T9622]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   76.453810][ T9622]  ? nfnetlink_bind+0x2c0/0x2c0
[   76.459222][ T9622]  ? __kasan_check_read+0x11/0x20
[   76.464243][ T9622]  ? __lock_acquire+0x8a0/0x4a00
[   76.469184][ T9622]  ? save_stack+0x5c/0x90
[   76.473515][ T9622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.479741][ T9622]  ? apparmor_capable+0x4df/0x910
[   76.484748][ T9622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.490973][ T9622]  ? __kasan_check_read+0x11/0x20
[   76.495996][ T9622]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   76.501458][ T9622]  netlink_rcv_skb+0x177/0x450
[   76.506224][ T9622]  ? nfnetlink_bind+0x2c0/0x2c0
[   76.511116][ T9622]  ? netlink_ack+0xb50/0xb50
[   76.515710][ T9622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.521953][ T9622]  ? ns_capable_common+0x93/0x100
[   76.526979][ T9622]  ? ns_capable+0x20/0x30
[   76.531319][ T9622]  ? __netlink_ns_capable+0x104/0x140
[   76.536688][ T9622]  nfnetlink_rcv+0x1ba/0x460
[   76.541271][ T9622]  ? nfnetlink_rcv_batch+0x1780/0x1780
[   76.546723][ T9622]  ? netlink_deliver_tap+0x248/0xbf0
[   76.552003][ T9622]  ? __kasan_check_write+0x14/0x20
[   76.557109][ T9622]  netlink_unicast+0x59e/0x7e0
[   76.561869][ T9622]  ? netlink_attachskb+0x870/0x870
[   76.566975][ T9622]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   76.572685][ T9622]  ? __check_object_size+0x3d/0x437
[   76.577881][ T9622]  netlink_sendmsg+0x91c/0xea0
[   76.582638][ T9622]  ? netlink_unicast+0x7e0/0x7e0
[   76.587567][ T9622]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   76.593108][ T9622]  ? apparmor_socket_sendmsg+0x2a/0x30
[   76.598610][ T9622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.604853][ T9622]  ? security_socket_sendmsg+0x8d/0xc0
[   76.610295][ T9622]  ? netlink_unicast+0x7e0/0x7e0
[   76.615228][ T9622]  sock_sendmsg+0xd7/0x130
[   76.619634][ T9622]  ____sys_sendmsg+0x753/0x880
[   76.624393][ T9622]  ? kernel_sendmsg+0x50/0x50
[   76.629071][ T9622]  ? lockdep_init_map+0x1be/0x6d0
[   76.634099][ T9622]  ___sys_sendmsg+0x100/0x170
[   76.638827][ T9622]  ? sendmsg_copy_msghdr+0x70/0x70
[   76.643937][ T9622]  ? __kasan_check_read+0x11/0x20
[   76.648958][ T9622]  ? __lock_acquire+0x8a0/0x4a00
[   76.653884][ T9622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.660121][ T9622]  ? __this_cpu_preempt_check+0x35/0x190
[   76.665781][ T9622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.672022][ T9622]  ? percpu_counter_add_batch+0x13c/0x190
[   76.677736][ T9622]  ? __fd_install+0x1bc/0x640
[   76.682447][ T9622]  ? find_held_lock+0x35/0x130
[   76.687204][ T9622]  ? __fd_install+0x1bc/0x640
[   76.691879][ T9622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.698107][ T9622]  ? __fget_light+0x1ad/0x270
[   76.702792][ T9622]  ? __fdget+0x1b/0x20
[   76.706851][ T9622]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   76.713078][ T9622]  __sys_sendmsg+0x105/0x1d0
[   76.717664][ T9622]  ? __sys_sendmsg_sock+0xc0/0xc0
[   76.722698][ T9622]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   76.728150][ T9622]  ? do_syscall_64+0x26/0x790
[   76.732876][ T9622]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.738938][ T9622]  ? do_syscall_64+0x26/0x790
[   76.743661][ T9622]  __x64_sys_sendmsg+0x78/0xb0
[   76.748412][ T9622]  do_syscall_64+0xfa/0x790
[   76.752912][ T9622]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.758799][ T9622] RIP: 0033:0x440529
[   76.762997][ T9622] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   76.782613][ T9622] RSP: 002b:00007ffd604d75b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   76.791029][ T9622] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529
[   76.798990][ T9622] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004
[   76.807064][ T9622] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   76.815031][ T9622] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0
[   76.823062][ T9622] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000
[   76.831096][ T9622] 
[   76.833417][ T9622] Allocated by task 9622:
[   76.837749][ T9622]  save_stack+0x23/0x90
[   76.841889][ T9622]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   76.847506][ T9622]  kasan_kmalloc+0x9/0x10
[   76.851889][ T9622]  __kmalloc+0x163/0x770
[   76.856132][ T9622]  ip_set_alloc+0x38/0x5e
[   76.860460][ T9622]  bitmap_ipmac_create+0x4e8/0xa00
[   76.865562][ T9622]  ip_set_create+0x6f1/0x1500
[   76.870228][ T9622]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   76.875152][ T9622]  netlink_rcv_skb+0x177/0x450
[   76.879895][ T9622]  nfnetlink_rcv+0x1ba/0x460
[   76.884470][ T9622]  netlink_unicast+0x59e/0x7e0
[   76.889218][ T9622]  netlink_sendmsg+0x91c/0xea0
[   76.894018][ T9622]  sock_sendmsg+0xd7/0x130
[   76.898427][ T9622]  ____sys_sendmsg+0x753/0x880
[   76.903180][ T9622]  ___sys_sendmsg+0x100/0x170
[   76.907842][ T9622]  __sys_sendmsg+0x105/0x1d0
[   76.912417][ T9622]  __x64_sys_sendmsg+0x78/0xb0
[   76.917162][ T9622]  do_syscall_64+0xfa/0x790
[   76.921657][ T9622]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.927528][ T9622] 
[   76.929840][ T9622] Freed by task 9354:
[   76.933810][ T9622]  save_stack+0x23/0x90
[   76.937959][ T9622]  __kasan_slab_free+0x102/0x150
[   76.942874][ T9622]  kasan_slab_free+0xe/0x10
[   76.947422][ T9622]  kfree+0x10a/0x2c0
[   76.951304][ T9622]  tomoyo_check_open_permission+0x19e/0x3e0
[   76.957184][ T9622]  tomoyo_file_open+0xa9/0xd0
[   76.961840][ T9622]  security_file_open+0x71/0x300
[   76.966873][ T9622]  do_dentry_open+0x365/0x1350
[   76.971626][ T9622]  vfs_open+0xa0/0xd0
[   76.975606][ T9622]  path_openat+0x12fd/0x34d0
[   76.980178][ T9622]  do_filp_open+0x192/0x260
[   76.984684][ T9622]  do_sys_openat2+0x633/0x840
[   76.989349][ T9622]  do_sys_open+0xfc/0x190
[   76.993660][ T9622]  __x64_sys_open+0x7e/0xc0
[   76.998146][ T9622]  do_syscall_64+0xfa/0x790
[   77.002637][ T9622]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.008564][ T9622] 
[   77.010885][ T9622] The buggy address belongs to the object at ffff88809f754c00
[   77.010885][ T9622]  which belongs to the cache kmalloc-32 of size 32
[   77.024749][ T9622] The buggy address is located 0 bytes inside of
[   77.024749][ T9622]  32-byte region [ffff88809f754c00, ffff88809f754c20)
[   77.037875][ T9622] The buggy address belongs to the page:
[   77.043506][ T9622] page:ffffea00027dd500 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809f754fc1
[   77.053907][ T9622] flags: 0xfffe0000000200(slab)
[   77.058743][ T9622] raw: 00fffe0000000200 ffffea000280bb48 ffffea000258ae48 ffff8880aa4001c0
[   77.067314][ T9622] raw: ffff88809f754fc1 ffff88809f754000 0000000100000035 0000000000000000
[   77.075884][ T9622] page dumped because: kasan: bad access detected
[   77.082274][ T9622] 
[   77.084586][ T9622] Memory state around the buggy address:
[   77.090202][ T9622]  ffff88809f754b00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   77.098246][ T9622]  ffff88809f754b80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   77.106295][ T9622] >ffff88809f754c00: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   77.114336][ T9622]                    ^
[   77.118384][ T9622]  ffff88809f754c80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   77.126433][ T9622]  ffff88809f754d00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   77.134476][ T9622] ==================================================================
[   77.142523][ T9622] Disabling lock debugging due to kernel taint
[   77.149143][ T9622] Kernel panic - not syncing: panic_on_warn set ...
[   77.155745][ T9622] CPU: 0 PID: 9622 Comm: syz-executor852 Tainted: G    B             5.5.0-rc6-next-20200116-syzkaller #0
[   77.167128][ T9622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   77.177170][ T9622] Call Trace:
[   77.180456][ T9622]  dump_stack+0x197/0x210
[   77.184775][ T9622]  panic+0x2e3/0x75c
[   77.188739][ T9622]  ? add_taint.cold+0x16/0x16
[   77.193513][ T9622]  ? bitmap_ipmac_list+0x635/0x1080
[   77.198718][ T9622]  ? preempt_schedule+0x4b/0x60
[   77.203565][ T9622]  ? ___preempt_schedule+0x16/0x18
[   77.208678][ T9622]  ? trace_hardirqs_on+0x5e/0x240
[   77.213688][ T9622]  ? bitmap_ipmac_list+0x635/0x1080
[   77.218877][ T9622]  end_report+0x47/0x4f
[   77.223012][ T9622]  ? bitmap_ipmac_list+0x635/0x1080
[   77.228194][ T9622]  __kasan_report.cold+0xe/0x32
[   77.233040][ T9622]  ? bitmap_ipmac_list+0x635/0x1080
[   77.238223][ T9622]  kasan_report+0x12/0x20
[   77.242539][ T9622]  check_memory_region+0x134/0x1a0
[   77.247648][ T9622]  __kasan_check_read+0x11/0x20
[   77.255610][ T9622]  bitmap_ipmac_list+0x635/0x1080
[   77.260620][ T9622]  ? bitmap_ipmac_head+0x8a0/0x8a0
[   77.265725][ T9622]  ? nla_put+0x110/0x150
[   77.269949][ T9622]  ip_set_dump_start+0x96c/0x1ca0
[   77.274959][ T9622]  ? ip_set_rename+0x720/0x720
[   77.279718][ T9622]  ? __kmalloc_reserve.isra.0+0x70/0xf0
[   77.285251][ T9622]  ? __lock_acquire+0x2660/0x4a00
[   77.290389][ T9622]  ? __kasan_check_write+0x14/0x20
[   77.295492][ T9622]  netlink_dump+0x558/0xfb0
[   77.299983][ T9622]  ? __netlink_sendskb+0xc0/0xc0
[   77.304968][ T9622]  __netlink_dump_start+0x673/0x930
[   77.310150][ T9622]  ip_set_dump+0x15a/0x1d0
[   77.314554][ T9622]  ? call_ad+0x5a0/0x5a0
[   77.318795][ T9622]  ? ip_set_rename+0x720/0x720
[   77.323659][ T9622]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[   77.329451][ T9622]  ? call_ad+0x5a0/0x5a0
[   77.333676][ T9622]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   77.338684][ T9622]  ? nfnetlink_bind+0x2c0/0x2c0
[   77.343531][ T9622]  ? __kasan_check_read+0x11/0x20
[   77.348545][ T9622]  ? __lock_acquire+0x8a0/0x4a00
[   77.353483][ T9622]  ? save_stack+0x5c/0x90
[   77.357866][ T9622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.364149][ T9622]  ? apparmor_capable+0x4df/0x910
[   77.369171][ T9622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.375454][ T9622]  ? __kasan_check_read+0x11/0x20
[   77.380459][ T9622]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   77.385899][ T9622]  netlink_rcv_skb+0x177/0x450
[   77.390687][ T9622]  ? nfnetlink_bind+0x2c0/0x2c0
[   77.395519][ T9622]  ? netlink_ack+0xb50/0xb50
[   77.400089][ T9622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.406370][ T9622]  ? ns_capable_common+0x93/0x100
[   77.411382][ T9622]  ? ns_capable+0x20/0x30
[   77.415707][ T9622]  ? __netlink_ns_capable+0x104/0x140
[   77.421061][ T9622]  nfnetlink_rcv+0x1ba/0x460
[   77.425634][ T9622]  ? nfnetlink_rcv_batch+0x1780/0x1780
[   77.431083][ T9622]  ? netlink_deliver_tap+0x248/0xbf0
[   77.436358][ T9622]  ? __kasan_check_write+0x14/0x20
[   77.441492][ T9622]  netlink_unicast+0x59e/0x7e0
[   77.446238][ T9622]  ? netlink_attachskb+0x870/0x870
[   77.451389][ T9622]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   77.457089][ T9622]  ? __check_object_size+0x3d/0x437
[   77.462278][ T9622]  netlink_sendmsg+0x91c/0xea0
[   77.467030][ T9622]  ? netlink_unicast+0x7e0/0x7e0
[   77.471946][ T9622]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   77.477475][ T9622]  ? apparmor_socket_sendmsg+0x2a/0x30
[   77.482928][ T9622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.489278][ T9622]  ? security_socket_sendmsg+0x8d/0xc0
[   77.494720][ T9622]  ? netlink_unicast+0x7e0/0x7e0
[   77.499653][ T9622]  sock_sendmsg+0xd7/0x130
[   77.504058][ T9622]  ____sys_sendmsg+0x753/0x880
[   77.508812][ T9622]  ? kernel_sendmsg+0x50/0x50
[   77.513823][ T9622]  ? lockdep_init_map+0x1be/0x6d0
[   77.518834][ T9622]  ___sys_sendmsg+0x100/0x170
[   77.523501][ T9622]  ? sendmsg_copy_msghdr+0x70/0x70
[   77.528629][ T9622]  ? __kasan_check_read+0x11/0x20
[   77.533639][ T9622]  ? __lock_acquire+0x8a0/0x4a00
[   77.538569][ T9622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.544801][ T9622]  ? __this_cpu_preempt_check+0x35/0x190
[   77.550410][ T9622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.556636][ T9622]  ? percpu_counter_add_batch+0x13c/0x190
[   77.562406][ T9622]  ? __fd_install+0x1bc/0x640
[   77.567066][ T9622]  ? find_held_lock+0x35/0x130
[   77.571809][ T9622]  ? __fd_install+0x1bc/0x640
[   77.576479][ T9622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.582710][ T9622]  ? __fget_light+0x1ad/0x270
[   77.587374][ T9622]  ? __fdget+0x1b/0x20
[   77.591430][ T9622]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   77.597703][ T9622]  __sys_sendmsg+0x105/0x1d0
[   77.602325][ T9622]  ? __sys_sendmsg_sock+0xc0/0xc0
[   77.607346][ T9622]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   77.612795][ T9622]  ? do_syscall_64+0x26/0x790
[   77.617461][ T9622]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.623515][ T9622]  ? do_syscall_64+0x26/0x790
[   77.628184][ T9622]  __x64_sys_sendmsg+0x78/0xb0
[   77.632934][ T9622]  do_syscall_64+0xfa/0x790
[   77.637426][ T9622]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.643295][ T9622] RIP: 0033:0x440529
[   77.647174][ T9622] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   77.666775][ T9622] RSP: 002b:00007ffd604d75b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   77.675170][ T9622] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529
[   77.683129][ T9622] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004
[   77.691089][ T9622] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   77.699130][ T9622] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0
[   77.707191][ T9622] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000
[   77.716616][ T9622] Kernel Offset: disabled
[   77.720945][ T9622] Rebooting in 86400 seconds..