[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   89.881859][   T27] audit: type=1800 audit(1579353442.769:25): pid=9591 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   89.918938][   T27] audit: type=1800 audit(1579353442.769:26): pid=9591 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   89.959600][   T27] audit: type=1800 audit(1579353442.769:27): pid=9591 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  118.141827][ T9747] ==================================================================
[  118.150252][ T9747] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080
[  118.158140][ T9747] Read of size 8 at addr ffff888095bcab00 by task syz-executor018/9747
[  118.166491][ T9747] 
[  118.168855][ T9747] CPU: 1 PID: 9747 Comm: syz-executor018 Not tainted 5.5.0-rc5-syzkaller #0
[  118.177538][ T9747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  118.187591][ T9747] Call Trace:
[  118.190893][ T9747]  dump_stack+0x197/0x210
[  118.195207][ T9747]  ? bitmap_ipmac_list+0x635/0x1080
[  118.200419][ T9747]  print_address_description.constprop.0.cold+0xd4/0x30b
[  118.207421][ T9747]  ? bitmap_ipmac_list+0x635/0x1080
[  118.212617][ T9747]  ? bitmap_ipmac_list+0x635/0x1080
[  118.217906][ T9747]  __kasan_report.cold+0x1b/0x41
[  118.222949][ T9747]  ? bitmap_ipmac_list+0x635/0x1080
[  118.228160][ T9747]  kasan_report+0x12/0x20
[  118.232490][ T9747]  check_memory_region+0x134/0x1a0
[  118.237604][ T9747]  __kasan_check_read+0x11/0x20
[  118.242549][ T9747]  bitmap_ipmac_list+0x635/0x1080
[  118.247661][ T9747]  ? bitmap_ipmac_head+0x8a0/0x8a0
[  118.252762][ T9747]  ? nla_put+0x110/0x150
[  118.257021][ T9747]  ip_set_dump_start+0x96c/0x1ca0
[  118.262050][ T9747]  ? ip_set_rename+0x720/0x720
[  118.266803][ T9747]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  118.272349][ T9747]  ? zap_class+0xe40/0xe60
[  118.276755][ T9747]  ? __kasan_check_write+0x14/0x20
[  118.281875][ T9747]  netlink_dump+0x558/0xfb0
[  118.286507][ T9747]  ? __netlink_sendskb+0xc0/0xc0
[  118.291438][ T9747]  __netlink_dump_start+0x673/0x930
[  118.296623][ T9747]  ip_set_dump+0x15a/0x1d0
[  118.301124][ T9747]  ? call_ad+0x5a0/0x5a0
[  118.305416][ T9747]  ? ip_set_rename+0x720/0x720
[  118.310176][ T9747]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[  118.315974][ T9747]  ? call_ad+0x5a0/0x5a0
[  118.320233][ T9747]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  118.325187][ T9747]  ? nfnetlink_bind+0x2c0/0x2c0
[  118.330047][ T9747]  ? __kasan_check_read+0x11/0x20
[  118.335162][ T9747]  ? __lock_acquire+0x8a0/0x4a00
[  118.340161][ T9747]  ? save_stack+0x5c/0x90
[  118.344491][ T9747]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  118.350882][ T9747]  ? apparmor_capable+0x497/0x900
[  118.355909][ T9747]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  118.362851][ T9747]  ? __kasan_check_read+0x11/0x20
[  118.368239][ T9747]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  118.373963][ T9747]  netlink_rcv_skb+0x177/0x450
[  118.378888][ T9747]  ? nfnetlink_bind+0x2c0/0x2c0
[  118.384066][ T9747]  ? netlink_ack+0xb50/0xb50
[  118.388675][ T9747]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  118.394920][ T9747]  ? ns_capable_common+0x93/0x100
[  118.399958][ T9747]  ? ns_capable+0x20/0x30
[  118.404275][ T9747]  ? __netlink_ns_capable+0x104/0x140
[  118.409681][ T9747]  nfnetlink_rcv+0x1ba/0x460
[  118.414290][ T9747]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  118.419746][ T9747]  ? netlink_deliver_tap+0x24a/0xbf0
[  118.425048][ T9747]  ? __kasan_check_write+0x14/0x20
[  118.430150][ T9747]  netlink_unicast+0x59e/0x7e0
[  118.435002][ T9747]  ? netlink_attachskb+0x870/0x870
[  118.440316][ T9747]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  118.446030][ T9747]  ? __check_object_size+0x3d/0x437
[  118.451239][ T9747]  netlink_sendmsg+0x91c/0xea0
[  118.455993][ T9747]  ? netlink_unicast+0x7e0/0x7e0
[  118.460925][ T9747]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  118.466466][ T9747]  ? apparmor_socket_sendmsg+0x2a/0x30
[  118.471966][ T9747]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  118.478197][ T9747]  ? security_socket_sendmsg+0x8d/0xc0
[  118.483664][ T9747]  ? netlink_unicast+0x7e0/0x7e0
[  118.488604][ T9747]  sock_sendmsg+0xd7/0x130
[  118.493008][ T9747]  ____sys_sendmsg+0x753/0x880
[  118.497804][ T9747]  ? kernel_sendmsg+0x50/0x50
[  118.502587][ T9747]  ? lockdep_init_map+0x1be/0x6d0
[  118.507610][ T9747]  ___sys_sendmsg+0x100/0x170
[  118.512322][ T9747]  ? sendmsg_copy_msghdr+0x70/0x70
[  118.517416][ T9747]  ? __kasan_check_read+0x11/0x20
[  118.522442][ T9747]  ? __lock_acquire+0x8a0/0x4a00
[  118.527430][ T9747]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  118.533738][ T9747]  ? __this_cpu_preempt_check+0x35/0x190
[  118.539368][ T9747]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  118.545611][ T9747]  ? percpu_counter_add_batch+0x13c/0x190
[  118.551329][ T9747]  ? __fd_install+0x1bc/0x640
[  118.556008][ T9747]  ? find_held_lock+0x35/0x130
[  118.560772][ T9747]  ? __fd_install+0x1bc/0x640
[  118.565470][ T9747]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  118.571717][ T9747]  ? __fget_light+0x1a9/0x230
[  118.576395][ T9747]  ? __fdget+0x1b/0x20
[  118.580511][ T9747]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  118.586753][ T9747]  __sys_sendmsg+0x105/0x1d0
[  118.591339][ T9747]  ? __sys_sendmsg_sock+0xc0/0xc0
[  118.596647][ T9747]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  118.602103][ T9747]  ? do_syscall_64+0x26/0x790
[  118.606767][ T9747]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  118.612950][ T9747]  ? do_syscall_64+0x26/0x790
[  118.617628][ T9747]  __x64_sys_sendmsg+0x78/0xb0
[  118.622394][ T9747]  do_syscall_64+0xfa/0x790
[  118.626891][ T9747]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  118.632813][ T9747] RIP: 0033:0x440529
[  118.636953][ T9747] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  118.656550][ T9747] RSP: 002b:00007ffd953bbe08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  118.664998][ T9747] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529
[  118.672969][ T9747] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004
[  118.680928][ T9747] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[  118.689078][ T9747] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0
[  118.697162][ T9747] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000
[  118.705183][ T9747] 
[  118.707542][ T9747] Allocated by task 9747:
[  118.711952][ T9747]  save_stack+0x23/0x90
[  118.716098][ T9747]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  118.721716][ T9747]  kasan_kmalloc+0x9/0x10
[  118.726557][ T9747]  __kmalloc+0x163/0x770
[  118.730777][ T9747]  ip_set_alloc+0x38/0x5e
[  118.735097][ T9747]  bitmap_ipmac_create+0x4e8/0xa00
[  118.740210][ T9747]  ip_set_create+0x6f1/0x1500
[  118.744924][ T9747]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  118.749875][ T9747]  netlink_rcv_skb+0x177/0x450
[  118.754632][ T9747]  nfnetlink_rcv+0x1ba/0x460
[  118.759506][ T9747]  netlink_unicast+0x59e/0x7e0
[  118.764253][ T9747]  netlink_sendmsg+0x91c/0xea0
[  118.769013][ T9747]  sock_sendmsg+0xd7/0x130
[  118.773460][ T9747]  ____sys_sendmsg+0x753/0x880
[  118.778218][ T9747]  ___sys_sendmsg+0x100/0x170
[  118.782881][ T9747]  __sys_sendmsg+0x105/0x1d0
[  118.787456][ T9747]  __x64_sys_sendmsg+0x78/0xb0
[  118.792217][ T9747]  do_syscall_64+0xfa/0x790
[  118.796703][ T9747]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  118.802577][ T9747] 
[  118.804890][ T9747] Freed by task 9467:
[  118.808865][ T9747]  save_stack+0x23/0x90
[  118.813047][ T9747]  __kasan_slab_free+0x102/0x150
[  118.818192][ T9747]  kasan_slab_free+0xe/0x10
[  118.822703][ T9747]  kfree+0x10a/0x2c0
[  118.826594][ T9747]  single_release+0x95/0xc0
[  118.831082][ T9747]  __fput+0x2ff/0x890
[  118.835043][ T9747]  ____fput+0x16/0x20
[  118.839019][ T9747]  task_work_run+0x145/0x1c0
[  118.843660][ T9747]  exit_to_usermode_loop+0x316/0x380
[  118.848958][ T9747]  do_syscall_64+0x676/0x790
[  118.853543][ T9747]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  118.859412][ T9747] 
[  118.861728][ T9747] The buggy address belongs to the object at ffff888095bcab00
[  118.861728][ T9747]  which belongs to the cache kmalloc-32 of size 32
[  118.875604][ T9747] The buggy address is located 0 bytes inside of
[  118.875604][ T9747]  32-byte region [ffff888095bcab00, ffff888095bcab20)
[  118.888723][ T9747] The buggy address belongs to the page:
[  118.894349][ T9747] page:ffffea000256f280 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff888095bcafc1
[  118.904753][ T9747] raw: 00fffe0000000200 ffffea0002560308 ffffea00028f3088 ffff8880aa4001c0
[  118.913460][ T9747] raw: ffff888095bcafc1 ffff888095bca000 000000010000003f 0000000000000000
[  118.922079][ T9747] page dumped because: kasan: bad access detected
[  118.928479][ T9747] 
[  118.930798][ T9747] Memory state around the buggy address:
[  118.936503][ T9747]  ffff888095bcaa00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  118.944570][ T9747]  ffff888095bcaa80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  118.952707][ T9747] >ffff888095bcab00: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[  118.960753][ T9747]                    ^
[  118.964811][ T9747]  ffff888095bcab80: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc
[  118.972935][ T9747]  ffff888095bcac00: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc
[  118.980980][ T9747] ==================================================================
[  118.989028][ T9747] Disabling lock debugging due to kernel taint
[  118.995880][ T9747] Kernel panic - not syncing: panic_on_warn set ...
[  119.002481][ T9747] CPU: 0 PID: 9747 Comm: syz-executor018 Tainted: G    B             5.5.0-rc5-syzkaller #0
[  119.012646][ T9747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  119.022690][ T9747] Call Trace:
[  119.025971][ T9747]  dump_stack+0x197/0x210
[  119.030280][ T9747]  panic+0x2e3/0x75c
[  119.034264][ T9747]  ? add_taint.cold+0x16/0x16
[  119.038933][ T9747]  ? bitmap_ipmac_list+0x635/0x1080
[  119.044125][ T9747]  ? preempt_schedule+0x4b/0x60
[  119.048960][ T9747]  ? ___preempt_schedule+0x16/0x18
[  119.054085][ T9747]  ? trace_hardirqs_on+0x5e/0x240
[  119.059106][ T9747]  ? bitmap_ipmac_list+0x635/0x1080
[  119.064289][ T9747]  end_report+0x47/0x4f
[  119.068559][ T9747]  ? bitmap_ipmac_list+0x635/0x1080
[  119.073764][ T9747]  __kasan_report.cold+0xe/0x41
[  119.078705][ T9747]  ? bitmap_ipmac_list+0x635/0x1080
[  119.083943][ T9747]  kasan_report+0x12/0x20
[  119.088358][ T9747]  check_memory_region+0x134/0x1a0
[  119.093455][ T9747]  __kasan_check_read+0x11/0x20
[  119.098350][ T9747]  bitmap_ipmac_list+0x635/0x1080
[  119.103470][ T9747]  ? bitmap_ipmac_head+0x8a0/0x8a0
[  119.108578][ T9747]  ? nla_put+0x110/0x150
[  119.112837][ T9747]  ip_set_dump_start+0x96c/0x1ca0
[  119.117846][ T9747]  ? ip_set_rename+0x720/0x720
[  119.122709][ T9747]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  119.128359][ T9747]  ? zap_class+0xe40/0xe60
[  119.133019][ T9747]  ? __kasan_check_write+0x14/0x20
[  119.138116][ T9747]  netlink_dump+0x558/0xfb0
[  119.142706][ T9747]  ? __netlink_sendskb+0xc0/0xc0
[  119.147643][ T9747]  __netlink_dump_start+0x673/0x930
[  119.152835][ T9747]  ip_set_dump+0x15a/0x1d0
[  119.157245][ T9747]  ? call_ad+0x5a0/0x5a0
[  119.161700][ T9747]  ? ip_set_rename+0x720/0x720
[  119.166500][ T9747]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[  119.172303][ T9747]  ? call_ad+0x5a0/0x5a0
[  119.176545][ T9747]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  119.181480][ T9747]  ? nfnetlink_bind+0x2c0/0x2c0
[  119.186317][ T9747]  ? __kasan_check_read+0x11/0x20
[  119.191376][ T9747]  ? __lock_acquire+0x8a0/0x4a00
[  119.196309][ T9747]  ? save_stack+0x5c/0x90
[  119.200664][ T9747]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  119.206899][ T9747]  ? apparmor_capable+0x497/0x900
[  119.211913][ T9747]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  119.218213][ T9747]  ? __kasan_check_read+0x11/0x20
[  119.223360][ T9747]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  119.228863][ T9747]  netlink_rcv_skb+0x177/0x450
[  119.233633][ T9747]  ? nfnetlink_bind+0x2c0/0x2c0
[  119.238484][ T9747]  ? netlink_ack+0xb50/0xb50
[  119.243066][ T9747]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  119.249297][ T9747]  ? ns_capable_common+0x93/0x100
[  119.254317][ T9747]  ? ns_capable+0x20/0x30
[  119.258658][ T9747]  ? __netlink_ns_capable+0x104/0x140
[  119.264027][ T9747]  nfnetlink_rcv+0x1ba/0x460
[  119.268667][ T9747]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  119.274122][ T9747]  ? netlink_deliver_tap+0x24a/0xbf0
[  119.279408][ T9747]  ? __kasan_check_write+0x14/0x20
[  119.284515][ T9747]  netlink_unicast+0x59e/0x7e0
[  119.289284][ T9747]  ? netlink_attachskb+0x870/0x870
[  119.294394][ T9747]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  119.300105][ T9747]  ? __check_object_size+0x3d/0x437
[  119.305323][ T9747]  netlink_sendmsg+0x91c/0xea0
[  119.310082][ T9747]  ? netlink_unicast+0x7e0/0x7e0
[  119.315057][ T9747]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  119.320593][ T9747]  ? apparmor_socket_sendmsg+0x2a/0x30
[  119.326135][ T9747]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  119.332381][ T9747]  ? security_socket_sendmsg+0x8d/0xc0
[  119.337891][ T9747]  ? netlink_unicast+0x7e0/0x7e0
[  119.342835][ T9747]  sock_sendmsg+0xd7/0x130
[  119.347256][ T9747]  ____sys_sendmsg+0x753/0x880
[  119.352012][ T9747]  ? kernel_sendmsg+0x50/0x50
[  119.356719][ T9747]  ? lockdep_init_map+0x1be/0x6d0
[  119.361781][ T9747]  ___sys_sendmsg+0x100/0x170
[  119.366558][ T9747]  ? sendmsg_copy_msghdr+0x70/0x70
[  119.371683][ T9747]  ? __kasan_check_read+0x11/0x20
[  119.376736][ T9747]  ? __lock_acquire+0x8a0/0x4a00
[  119.381665][ T9747]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  119.387950][ T9747]  ? __this_cpu_preempt_check+0x35/0x190
[  119.393623][ T9747]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  119.399864][ T9747]  ? percpu_counter_add_batch+0x13c/0x190
[  119.406268][ T9747]  ? __fd_install+0x1bc/0x640
[  119.411084][ T9747]  ? find_held_lock+0x35/0x130
[  119.415838][ T9747]  ? __fd_install+0x1bc/0x640
[  119.420601][ T9747]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  119.426832][ T9747]  ? __fget_light+0x1a9/0x230
[  119.431504][ T9747]  ? __fdget+0x1b/0x20
[  119.435567][ T9747]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  119.441794][ T9747]  __sys_sendmsg+0x105/0x1d0
[  119.446383][ T9747]  ? __sys_sendmsg_sock+0xc0/0xc0
[  119.451436][ T9747]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  119.456890][ T9747]  ? do_syscall_64+0x26/0x790
[  119.461576][ T9747]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  119.467642][ T9747]  ? do_syscall_64+0x26/0x790
[  119.472317][ T9747]  __x64_sys_sendmsg+0x78/0xb0
[  119.477089][ T9747]  do_syscall_64+0xfa/0x790
[  119.481588][ T9747]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  119.487459][ T9747] RIP: 0033:0x440529
[  119.491391][ T9747] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  119.511247][ T9747] RSP: 002b:00007ffd953bbe08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  119.520656][ T9747] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529
[  119.528706][ T9747] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004
[  119.536725][ T9747] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[  119.544690][ T9747] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0
[  119.553005][ T9747] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000
[  119.562472][ T9747] Kernel Offset: disabled
[  119.566847][ T9747] Rebooting in 86400 seconds..