[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   88.140745][   T27] audit: type=1800 audit(1579482541.364:25): pid=9443 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   88.160849][   T27] audit: type=1800 audit(1579482541.364:26): pid=9443 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   88.224978][   T27] audit: type=1800 audit(1579482541.364:27): pid=9443 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   99.020602][ T9597] ==================================================================
[   99.029179][ T9597] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.037852][ T9597] Read of size 8 at addr ffff88809e126b40 by task syz-executor256/9597
[   99.046423][ T9597] 
[   99.048947][ T9597] CPU: 0 PID: 9597 Comm: syz-executor256 Not tainted 5.5.0-rc5-syzkaller #0
[   99.057743][ T9597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   99.067909][ T9597] Call Trace:
[   99.071196][ T9597]  dump_stack+0x197/0x210
[   99.075628][ T9597]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.081542][ T9597]  print_address_description.constprop.0.cold+0xd4/0x30b
[   99.088557][ T9597]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.094705][ T9597]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.100445][ T9597]  __kasan_report.cold+0x1b/0x41
[   99.105683][ T9597]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.111322][ T9597]  kasan_report+0x12/0x20
[   99.115763][ T9597]  check_memory_region+0x134/0x1a0
[   99.120869][ T9597]  __kasan_check_read+0x11/0x20
[   99.125711][ T9597]  bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.131451][ T9597]  bitmap_ipmac_destroy+0x180/0x1d0
[   99.136649][ T9597]  ip_set_create+0xe47/0x1500
[   99.141491][ T9597]  ? ip_set_destroy+0xb70/0xb70
[   99.146564][ T9597]  ? ip_set_destroy+0xb70/0xb70
[   99.151625][ T9597]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   99.156731][ T9597]  ? nfnetlink_bind+0x2c0/0x2c0
[   99.161589][ T9597]  ? __kasan_check_read+0x11/0x20
[   99.166798][ T9597]  ? __lock_acquire+0x8a0/0x4a00
[   99.171885][ T9597]  ? save_stack+0x5c/0x90
[   99.176314][ T9597]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.182548][ T9597]  ? apparmor_capable+0x497/0x900
[   99.187827][ T9597]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.194065][ T9597]  ? __kasan_check_read+0x11/0x20
[   99.199088][ T9597]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   99.204708][ T9597]  netlink_rcv_skb+0x177/0x450
[   99.209651][ T9597]  ? nfnetlink_bind+0x2c0/0x2c0
[   99.214506][ T9597]  ? netlink_ack+0xb50/0xb50
[   99.219093][ T9597]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.225542][ T9597]  ? ns_capable_common+0x93/0x100
[   99.230698][ T9597]  ? ns_capable+0x20/0x30
[   99.235321][ T9597]  ? __netlink_ns_capable+0x104/0x140
[   99.241118][ T9597]  nfnetlink_rcv+0x1ba/0x460
[   99.245955][ T9597]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   99.251616][ T9597]  ? netlink_deliver_tap+0x24a/0xbe0
[   99.256902][ T9597]  ? __kasan_check_write+0x14/0x20
[   99.262109][ T9597]  netlink_unicast+0x58c/0x7d0
[   99.267069][ T9597]  ? netlink_attachskb+0x870/0x870
[   99.272194][ T9597]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   99.278105][ T9597]  ? __check_object_size+0x3d/0x437
[   99.283634][ T9597]  netlink_sendmsg+0x91c/0xea0
[   99.288395][ T9597]  ? netlink_unicast+0x7d0/0x7d0
[   99.293549][ T9597]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   99.299099][ T9597]  ? apparmor_socket_sendmsg+0x2a/0x30
[   99.304565][ T9597]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.310813][ T9597]  ? security_socket_sendmsg+0x8d/0xc0
[   99.316435][ T9597]  ? netlink_unicast+0x7d0/0x7d0
[   99.321373][ T9597]  sock_sendmsg+0xd7/0x130
[   99.325784][ T9597]  ____sys_sendmsg+0x753/0x880
[   99.330545][ T9597]  ? kernel_sendmsg+0x50/0x50
[   99.335657][ T9597]  ? mark_held_locks+0xa4/0xf0
[   99.340635][ T9597]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   99.347329][ T9597]  ? __handle_mm_fault+0x3145/0x3cc0
[   99.352636][ T9597]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   99.358857][ T9597]  ___sys_sendmsg+0x100/0x170
[   99.363652][ T9597]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   99.369630][ T9597]  ? sendmsg_copy_msghdr+0x70/0x70
[   99.375025][ T9597]  ? __do_page_fault+0x56a/0xd80
[   99.380144][ T9597]  ? find_held_lock+0x35/0x130
[   99.385157][ T9597]  ? __do_page_fault+0x56a/0xd80
[   99.390093][ T9597]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.396526][ T9597]  ? __fget_light+0x1a9/0x230
[   99.401205][ T9597]  ? __fdget+0x1b/0x20
[   99.405278][ T9597]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   99.412016][ T9597]  __sys_sendmsg+0x105/0x1d0
[   99.416624][ T9597]  ? __sys_sendmsg_sock+0xc0/0xc0
[   99.421837][ T9597]  ? down_read_non_owner+0x490/0x490
[   99.427248][ T9597]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   99.432853][ T9597]  ? do_syscall_64+0x26/0x790
[   99.437831][ T9597]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   99.443918][ T9597]  ? do_syscall_64+0x26/0x790
[   99.448613][ T9597]  __x64_sys_sendmsg+0x78/0xb0
[   99.453574][ T9597]  do_syscall_64+0xfa/0x790
[   99.458112][ T9597]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   99.464000][ T9597] RIP: 0033:0x4413f9
[   99.468037][ T9597] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   99.488062][ T9597] RSP: 002b:00007ffeb99f7fc8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   99.496711][ T9597] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413f9
[   99.504966][ T9597] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[   99.512954][ T9597] RBP: 00000000000182b5 R08: 00000000004002c8 R09: 00000000004002c8
[   99.521369][ T9597] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220
[   99.529516][ T9597] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000
[   99.537653][ T9597] 
[   99.539988][ T9597] Allocated by task 9597:
[   99.544703][ T9597]  save_stack+0x23/0x90
[   99.548937][ T9597]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   99.554777][ T9597]  kasan_kmalloc+0x9/0x10
[   99.559106][ T9597]  __kmalloc+0x163/0x770
[   99.563364][ T9597]  ip_set_alloc+0x38/0x5e
[   99.567688][ T9597]  bitmap_ipmac_create+0x4e8/0xa00
[   99.573090][ T9597]  ip_set_create+0x6f1/0x1500
[   99.577879][ T9597]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   99.582815][ T9597]  netlink_rcv_skb+0x177/0x450
[   99.587732][ T9597]  nfnetlink_rcv+0x1ba/0x460
[   99.592437][ T9597]  netlink_unicast+0x58c/0x7d0
[   99.597284][ T9597]  netlink_sendmsg+0x91c/0xea0
[   99.602168][ T9597]  sock_sendmsg+0xd7/0x130
[   99.606585][ T9597]  ____sys_sendmsg+0x753/0x880
[   99.611343][ T9597]  ___sys_sendmsg+0x100/0x170
[   99.616375][ T9597]  __sys_sendmsg+0x105/0x1d0
[   99.621165][ T9597]  __x64_sys_sendmsg+0x78/0xb0
[   99.626037][ T9597]  do_syscall_64+0xfa/0x790
[   99.630805][ T9597]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   99.636880][ T9597] 
[   99.639218][ T9597] Freed by task 9327:
[   99.643571][ T9597]  save_stack+0x23/0x90
[   99.647852][ T9597]  __kasan_slab_free+0x102/0x150
[   99.652792][ T9597]  kasan_slab_free+0xe/0x10
[   99.657665][ T9597]  kfree+0x10a/0x2c0
[   99.661725][ T9597]  tomoyo_check_open_permission+0x19e/0x3e0
[   99.667759][ T9597]  tomoyo_file_open+0xa9/0xd0
[   99.672622][ T9597]  security_file_open+0x71/0x300
[   99.677699][ T9597]  do_dentry_open+0x37a/0x1380
[   99.682796][ T9597]  vfs_open+0xa0/0xd0
[   99.686773][ T9597]  path_openat+0x10df/0x4500
[   99.691354][ T9597]  do_filp_open+0x1a1/0x280
[   99.695849][ T9597]  do_sys_open+0x3fe/0x5d0
[   99.700504][ T9597]  __x64_sys_open+0x7e/0xc0
[   99.705405][ T9597]  do_syscall_64+0xfa/0x790
[   99.709909][ T9597]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   99.716173][ T9597] 
[   99.718620][ T9597] The buggy address belongs to the object at ffff88809e126b40
[   99.718620][ T9597]  which belongs to the cache kmalloc-32 of size 32
[   99.733233][ T9597] The buggy address is located 0 bytes inside of
[   99.733233][ T9597]  32-byte region [ffff88809e126b40, ffff88809e126b60)
[   99.746807][ T9597] The buggy address belongs to the page:
[   99.752559][ T9597] page:ffffea0002784980 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809e126fc1
[   99.763652][ T9597] raw: 00fffe0000000200 ffffea00028bebc8 ffffea00027ca4c8 ffff8880aa4001c0
[   99.772324][ T9597] raw: ffff88809e126fc1 ffff88809e126000 000000010000002b 0000000000000000
[   99.781406][ T9597] page dumped because: kasan: bad access detected
[   99.787939][ T9597] 
[   99.790438][ T9597] Memory state around the buggy address:
[   99.796299][ T9597]  ffff88809e126a00: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc
[   99.804752][ T9597]  ffff88809e126a80: 00 01 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   99.813163][ T9597] >ffff88809e126b00: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc
[   99.821456][ T9597]                                            ^
[   99.827927][ T9597]  ffff88809e126b80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   99.836246][ T9597]  ffff88809e126c00: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc
[   99.844537][ T9597] ==================================================================
[   99.853153][ T9597] Disabling lock debugging due to kernel taint
[   99.860414][ T9597] Kernel panic - not syncing: panic_on_warn set ...
[   99.867300][ T9597] CPU: 0 PID: 9597 Comm: syz-executor256 Tainted: G    B             5.5.0-rc5-syzkaller #0
[   99.877974][ T9597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   99.888142][ T9597] Call Trace:
[   99.891435][ T9597]  dump_stack+0x197/0x210
[   99.895805][ T9597]  panic+0x2e3/0x75c
[   99.899703][ T9597]  ? add_taint.cold+0x16/0x16
[   99.904674][ T9597]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.910468][ T9597]  ? preempt_schedule+0x4b/0x60
[   99.915672][ T9597]  ? ___preempt_schedule+0x16/0x18
[   99.921058][ T9597]  ? trace_hardirqs_on+0x5e/0x240
[   99.926294][ T9597]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.932084][ T9597]  end_report+0x47/0x4f
[   99.936599][ T9597]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.942410][ T9597]  __kasan_report.cold+0xe/0x41
[   99.947510][ T9597]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.953550][ T9597]  kasan_report+0x12/0x20
[   99.958440][ T9597]  check_memory_region+0x134/0x1a0
[   99.963707][ T9597]  __kasan_check_read+0x11/0x20
[   99.968552][ T9597]  bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.974174][ T9597]  bitmap_ipmac_destroy+0x180/0x1d0
[   99.979672][ T9597]  ip_set_create+0xe47/0x1500
[   99.984557][ T9597]  ? ip_set_destroy+0xb70/0xb70
[   99.989644][ T9597]  ? ip_set_destroy+0xb70/0xb70
[   99.994882][ T9597]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  100.000015][ T9597]  ? nfnetlink_bind+0x2c0/0x2c0
[  100.004866][ T9597]  ? __kasan_check_read+0x11/0x20
[  100.009940][ T9597]  ? __lock_acquire+0x8a0/0x4a00
[  100.014981][ T9597]  ? save_stack+0x5c/0x90
[  100.019428][ T9597]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  100.026377][ T9597]  ? apparmor_capable+0x497/0x900
[  100.031403][ T9597]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  100.037883][ T9597]  ? __kasan_check_read+0x11/0x20
[  100.043043][ T9597]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  100.048766][ T9597]  netlink_rcv_skb+0x177/0x450
[  100.054494][ T9597]  ? nfnetlink_bind+0x2c0/0x2c0
[  100.059345][ T9597]  ? netlink_ack+0xb50/0xb50
[  100.064062][ T9597]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  100.070914][ T9597]  ? ns_capable_common+0x93/0x100
[  100.076305][ T9597]  ? ns_capable+0x20/0x30
[  100.080633][ T9597]  ? __netlink_ns_capable+0x104/0x140
[  100.086008][ T9597]  nfnetlink_rcv+0x1ba/0x460
[  100.091009][ T9597]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  100.096480][ T9597]  ? netlink_deliver_tap+0x24a/0xbe0
[  100.102023][ T9597]  ? __kasan_check_write+0x14/0x20
[  100.107278][ T9597]  netlink_unicast+0x58c/0x7d0
[  100.112037][ T9597]  ? netlink_attachskb+0x870/0x870
[  100.117745][ T9597]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  100.123926][ T9597]  ? __check_object_size+0x3d/0x437
[  100.129553][ T9597]  netlink_sendmsg+0x91c/0xea0
[  100.134317][ T9597]  ? netlink_unicast+0x7d0/0x7d0
[  100.139409][ T9597]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  100.145115][ T9597]  ? apparmor_socket_sendmsg+0x2a/0x30
[  100.151220][ T9597]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  100.157619][ T9597]  ? security_socket_sendmsg+0x8d/0xc0
[  100.163178][ T9597]  ? netlink_unicast+0x7d0/0x7d0
[  100.168342][ T9597]  sock_sendmsg+0xd7/0x130
[  100.173444][ T9597]  ____sys_sendmsg+0x753/0x880
[  100.178229][ T9597]  ? kernel_sendmsg+0x50/0x50
[  100.183058][ T9597]  ? mark_held_locks+0xa4/0xf0
[  100.188041][ T9597]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  100.194106][ T9597]  ? __handle_mm_fault+0x3145/0x3cc0
[  100.199741][ T9597]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  100.205876][ T9597]  ___sys_sendmsg+0x100/0x170
[  100.210596][ T9597]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  100.216599][ T9597]  ? sendmsg_copy_msghdr+0x70/0x70
[  100.221838][ T9597]  ? __do_page_fault+0x56a/0xd80
[  100.227127][ T9597]  ? find_held_lock+0x35/0x130
[  100.231900][ T9597]  ? __do_page_fault+0x56a/0xd80
[  100.237032][ T9597]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  100.243519][ T9597]  ? __fget_light+0x1a9/0x230
[  100.248494][ T9597]  ? __fdget+0x1b/0x20
[  100.252573][ T9597]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  100.259193][ T9597]  __sys_sendmsg+0x105/0x1d0
[  100.263822][ T9597]  ? __sys_sendmsg_sock+0xc0/0xc0
[  100.269230][ T9597]  ? down_read_non_owner+0x490/0x490
[  100.274606][ T9597]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  100.280456][ T9597]  ? do_syscall_64+0x26/0x790
[  100.285134][ T9597]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  100.291196][ T9597]  ? do_syscall_64+0x26/0x790
[  100.296390][ T9597]  __x64_sys_sendmsg+0x78/0xb0
[  100.301414][ T9597]  do_syscall_64+0xfa/0x790
[  100.306212][ T9597]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  100.312103][ T9597] RIP: 0033:0x4413f9
[  100.316083][ T9597] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  100.336010][ T9597] RSP: 002b:00007ffeb99f7fc8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  100.344792][ T9597] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413f9
[  100.352755][ T9597] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  100.360730][ T9597] RBP: 00000000000182b5 R08: 00000000004002c8 R09: 00000000004002c8
[  100.368852][ T9597] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220
[  100.377103][ T9597] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000
[  100.387433][ T9597] Kernel Offset: disabled
[  100.391769][ T9597] Rebooting in 86400 seconds..