[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 88.765177][ T27] audit: type=1800 audit(1579406301.975:25): pid=9468 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 88.786141][ T27] audit: type=1800 audit(1579406301.995:26): pid=9468 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 88.839499][ T27] audit: type=1800 audit(1579406301.995:27): pid=9468 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.130' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 109.773389][ T9624] ==================================================================
[ 109.781728][ T9624] BUG: KASAN: slab-out-of-bounds in bitmap_ip_list+0x40f/0xf20
[ 109.789278][ T9624] Read of size 8 at addr ffff88809ee5f840 by task syz-executor276/9624
[ 109.797497][ T9624]
[ 109.799816][ T9624] CPU: 0 PID: 9624 Comm: syz-executor276 Not tainted 5.5.0-rc6-syzkaller #0
[ 109.808473][ T9624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 109.821210][ T9624] Call Trace:
[ 109.824504][ T9624] dump_stack+0x197/0x210
[ 109.828835][ T9624] ? bitmap_ip_list+0x40f/0xf20
[ 109.833675][ T9624] print_address_description.constprop.0.cold+0xd4/0x30b
[ 109.840726][ T9624] ? bitmap_ip_list+0x40f/0xf20
[ 109.845562][ T9624] ? bitmap_ip_list+0x40f/0xf20
[ 109.850397][ T9624] __kasan_report.cold+0x1b/0x41
[ 109.855319][ T9624] ? bitmap_ip_list+0x40f/0xf20
[ 109.860167][ T9624] kasan_report+0x12/0x20
[ 109.864922][ T9624] check_memory_region+0x134/0x1a0
[ 109.870017][ T9624] __kasan_check_read+0x11/0x20
[ 109.874864][ T9624] bitmap_ip_list+0x40f/0xf20
[ 109.879529][ T9624] ? bitmap_ip_add+0xe60/0xe60
[ 109.884277][ T9624] ? nla_put+0x110/0x150
[ 109.888507][ T9624] ip_set_dump_start+0x96c/0x1ca0
[ 109.893522][ T9624] ? ip_set_rename+0x720/0x720
[ 109.898283][ T9624] ? __kmalloc_reserve.isra.0+0xf0/0xf0
[ 109.903840][ T9624] ? perf_trace_lock_acquire+0x4a0/0x530
[ 109.909632][ T9624] ? __kasan_check_write+0x14/0x20
[ 109.914747][ T9624] netlink_dump+0x558/0xfb0
[ 109.919364][ T9624] ? __netlink_sendskb+0xc0/0xc0
[ 109.924401][ T9624] __netlink_dump_start+0x66a/0x930
[ 109.929597][ T9624] ip_set_dump+0x15a/0x1d0
[ 109.934006][ T9624] ? call_ad+0x5a0/0x5a0
[ 109.938288][ T9624] ? ip_set_rename+0x720/0x720
[ 109.943041][ T9624] ? __ip_set_put_netlink.isra.0+0x90/0x90
[ 109.948844][ T9624] ? call_ad+0x5a0/0x5a0
[ 109.953087][ T9624] nfnetlink_rcv_msg+0xcf2/0xfb0
[ 109.958115][ T9624] ? nfnetlink_bind+0x2c0/0x2c0
[ 109.962961][ T9624] ? __kasan_check_read+0x11/0x20
[ 109.967989][ T9624] ? __lock_acquire+0x8a0/0x4a00
[ 109.973006][ T9624] ? save_stack+0x5c/0x90
[ 109.977352][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 109.983629][ T9624] ? apparmor_capable+0x497/0x900
[ 109.988644][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 109.994873][ T9624] ? __kasan_check_read+0x11/0x20
[ 109.999974][ T9624] ? apparmor_cred_prepare+0x7b0/0x7b0
[ 110.005434][ T9624] netlink_rcv_skb+0x177/0x450
[ 110.010353][ T9624] ? nfnetlink_bind+0x2c0/0x2c0
[ 110.016329][ T9624] ? netlink_ack+0xb50/0xb50
[ 110.020915][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 110.028472][ T9624] ? ns_capable_common+0x93/0x100
[ 110.033478][ T9624] ? ns_capable+0x20/0x30
[ 110.037895][ T9624] ? __netlink_ns_capable+0x104/0x140
[ 110.043294][ T9624] nfnetlink_rcv+0x1ba/0x460
[ 110.047942][ T9624] ? nfnetlink_rcv_batch+0x17a0/0x17a0
[ 110.053503][ T9624] ? netlink_deliver_tap+0x24a/0xbe0
[ 110.058987][ T9624] ? __kasan_check_write+0x14/0x20
[ 110.064113][ T9624] netlink_unicast+0x58c/0x7d0
[ 110.068896][ T9624] ? netlink_attachskb+0x870/0x870
[ 110.073997][ T9624] ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 110.079710][ T9624] ? __check_object_size+0x3d/0x437
[ 110.084944][ T9624] netlink_sendmsg+0x91c/0xea0
[ 110.089712][ T9624] ? netlink_unicast+0x7d0/0x7d0
[ 110.094753][ T9624] ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 110.100296][ T9624] ? apparmor_socket_sendmsg+0x2a/0x30
[ 110.105805][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 110.112037][ T9624] ? security_socket_sendmsg+0x8d/0xc0
[ 110.118539][ T9624] ? netlink_unicast+0x7d0/0x7d0
[ 110.123487][ T9624] sock_sendmsg+0xd7/0x130
[ 110.128013][ T9624] ____sys_sendmsg+0x753/0x880
[ 110.132950][ T9624] ? kernel_sendmsg+0x50/0x50
[ 110.137627][ T9624] ? lockdep_init_map+0x1be/0x6d0
[ 110.142659][ T9624] ___sys_sendmsg+0x100/0x170
[ 110.147327][ T9624] ? sendmsg_copy_msghdr+0x70/0x70
[ 110.152479][ T9624] ? __kasan_check_read+0x11/0x20
[ 110.157534][ T9624] ? __lock_acquire+0x8a0/0x4a00
[ 110.162470][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 110.169496][ T9624] ? __this_cpu_preempt_check+0x35/0x190
[ 110.175119][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 110.181343][ T9624] ? percpu_counter_add_batch+0x13c/0x190
[ 110.187118][ T9624] ? __fd_install+0x1bc/0x640
[ 110.191795][ T9624] ? find_held_lock+0x35/0x130
[ 110.196552][ T9624] ? __fd_install+0x1bc/0x640
[ 110.203083][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 110.209321][ T9624] ? __fget_light+0x1a9/0x230
[ 110.213988][ T9624] ? __fdget+0x1b/0x20
[ 110.218129][ T9624] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 110.224354][ T9624] __sys_sendmsg+0x105/0x1d0
[ 110.228939][ T9624] ? __sys_sendmsg_sock+0xc0/0xc0
[ 110.233950][ T9624] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 110.239390][ T9624] ? do_fast_syscall_32+0xd1/0xe16
[ 110.244482][ T9624] ? entry_SYSENTER_compat+0x70/0x7f
[ 110.249748][ T9624] ? do_fast_syscall_32+0xd1/0xe16
[ 110.254845][ T9624] __ia32_compat_sys_sendmsg+0x7a/0xb0
[ 110.260286][ T9624] do_fast_syscall_32+0x27b/0xe16
[ 110.265297][ T9624] entry_SYSENTER_compat+0x70/0x7f
[ 110.270388][ T9624] RIP: 0023:0xf7f509a9
[ 110.274434][ T9624] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 110.294041][ T9624] RSP: 002b:00000000ff918e7c EFLAGS: 00000246 ORIG_RAX: 0000000000000172
[ 110.302445][ T9624] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200000c0
[ 110.310398][ T9624] RDX: 0000000000000080 RSI: 00000000080ea080 RDI: 00000000ff918ed0
[ 110.318363][ T9624] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 110.326321][ T9624] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 110.334285][ T9624] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 110.342278][ T9624]
[ 110.344668][ T9624] Allocated by task 9624:
[ 110.349009][ T9624] save_stack+0x23/0x90
[ 110.353152][ T9624] __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 110.358780][ T9624] kasan_kmalloc+0x9/0x10
[ 110.363116][ T9624] __kmalloc+0x163/0x770
[ 110.367359][ T9624] ip_set_alloc+0x38/0x5e
[ 110.371682][ T9624] bitmap_ip_create+0x6ec/0xc20
[ 110.376514][ T9624] ip_set_create+0x6f1/0x1500
[ 110.381182][ T9624] nfnetlink_rcv_msg+0xcf2/0xfb0
[ 110.386173][ T9624] netlink_rcv_skb+0x177/0x450
[ 110.390949][ T9624] nfnetlink_rcv+0x1ba/0x460
[ 110.396057][ T9624] netlink_unicast+0x58c/0x7d0
[ 110.400817][ T9624] netlink_sendmsg+0x91c/0xea0
[ 110.405589][ T9624] sock_sendmsg+0xd7/0x130
[ 110.410000][ T9624] ____sys_sendmsg+0x753/0x880
[ 110.414769][ T9624] ___sys_sendmsg+0x100/0x170
[ 110.419439][ T9624] __sys_sendmsg+0x105/0x1d0
[ 110.424023][ T9624] __ia32_compat_sys_sendmsg+0x7a/0xb0
[ 110.429474][ T9624] do_fast_syscall_32+0x27b/0xe16
[ 110.434498][ T9624] entry_SYSENTER_compat+0x70/0x7f
[ 110.439590][ T9624]
[ 110.441914][ T9624] Freed by task 9302:
[ 110.445889][ T9624] save_stack+0x23/0x90
[ 110.450043][ T9624] __kasan_slab_free+0x102/0x150
[ 110.454984][ T9624] kasan_slab_free+0xe/0x10
[ 110.459492][ T9624] kfree+0x10a/0x2c0
[ 110.463373][ T9624] tomoyo_check_open_permission+0x19e/0x3e0
[ 110.469309][ T9624] tomoyo_file_open+0xa9/0xd0
[ 110.474030][ T9624] security_file_open+0x71/0x300
[ 110.478982][ T9624] do_dentry_open+0x37a/0x1380
[ 110.483736][ T9624] vfs_open+0xa0/0xd0
[ 110.487752][ T9624] path_openat+0x118b/0x3180
[ 110.492410][ T9624] do_filp_open+0x1a1/0x280
[ 110.496904][ T9624] do_sys_open+0x3fe/0x5d0
[ 110.501317][ T9624] __x64_sys_open+0x7e/0xc0
[ 110.505821][ T9624] do_syscall_64+0xfa/0x790
[ 110.510313][ T9624] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 110.516318][ T9624]
[ 110.518635][ T9624] The buggy address belongs to the object at ffff88809ee5f840
[ 110.518635][ T9624] which belongs to the cache kmalloc-32 of size 32
[ 110.532507][ T9624] The buggy address is located 0 bytes inside of
[ 110.532507][ T9624] 32-byte region [ffff88809ee5f840, ffff88809ee5f860)
[ 110.545505][ T9624] The buggy address belongs to the page:
[ 110.551233][ T9624] page:ffffea00027b97c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809ee5ffc1
[ 110.561732][ T9624] raw: 00fffe0000000200 ffffea000289fdc8 ffffea0002943f88 ffff8880aa4001c0
[ 110.570318][ T9624] raw: ffff88809ee5ffc1 ffff88809ee5f000 0000000100000031 0000000000000000
[ 110.578888][ T9624] page dumped because: kasan: bad access detected
[ 110.585372][ T9624]
[ 110.587690][ T9624] Memory state around the buggy address:
[ 110.593304][ T9624] ffff88809ee5f700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[ 110.601350][ T9624] ffff88809ee5f780: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[ 110.609488][ T9624] >ffff88809ee5f800: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc
[ 110.617529][ T9624] ^
[ 110.623660][ T9624] ffff88809ee5f880: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[ 110.631698][ T9624] ffff88809ee5f900: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[ 110.639738][ T9624] ==================================================================
[ 110.647793][ T9624] Disabling lock debugging due to kernel taint
[ 110.654542][ T9624] Kernel panic - not syncing: panic_on_warn set ...
[ 110.661133][ T9624] CPU: 0 PID: 9624 Comm: syz-executor276 Tainted: G B 5.5.0-rc6-syzkaller #0
[ 110.671185][ T9624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 110.681218][ T9624] Call Trace:
[ 110.684495][ T9624] dump_stack+0x197/0x210
[ 110.688822][ T9624] panic+0x2e3/0x75c
[ 110.692692][ T9624] ? add_taint.cold+0x16/0x16
[ 110.697348][ T9624] ? bitmap_ip_list+0x40f/0xf20
[ 110.702175][ T9624] ? preempt_schedule+0x4b/0x60
[ 110.707003][ T9624] ? ___preempt_schedule+0x16/0x18
[ 110.712092][ T9624] ? trace_hardirqs_on+0x5e/0x240
[ 110.717112][ T9624] ? bitmap_ip_list+0x40f/0xf20
[ 110.721951][ T9624] end_report+0x47/0x4f
[ 110.726097][ T9624] ? bitmap_ip_list+0x40f/0xf20
[ 110.730939][ T9624] __kasan_report.cold+0xe/0x41
[ 110.735774][ T9624] ? bitmap_ip_list+0x40f/0xf20
[ 110.740622][ T9624] kasan_report+0x12/0x20
[ 110.744995][ T9624] check_memory_region+0x134/0x1a0
[ 110.750110][ T9624] __kasan_check_read+0x11/0x20
[ 110.754961][ T9624] bitmap_ip_list+0x40f/0xf20
[ 110.759618][ T9624] ? bitmap_ip_add+0xe60/0xe60
[ 110.764360][ T9624] ? nla_put+0x110/0x150
[ 110.768585][ T9624] ip_set_dump_start+0x96c/0x1ca0
[ 110.773590][ T9624] ? ip_set_rename+0x720/0x720
[ 110.778340][ T9624] ? __kmalloc_reserve.isra.0+0xf0/0xf0
[ 110.783864][ T9624] ? perf_trace_lock_acquire+0x4a0/0x530
[ 110.789487][ T9624] ? __kasan_check_write+0x14/0x20
[ 110.794593][ T9624] netlink_dump+0x558/0xfb0
[ 110.799096][ T9624] ? __netlink_sendskb+0xc0/0xc0
[ 110.804027][ T9624] __netlink_dump_start+0x66a/0x930
[ 110.809208][ T9624] ip_set_dump+0x15a/0x1d0
[ 110.813606][ T9624] ? call_ad+0x5a0/0x5a0
[ 110.817830][ T9624] ? ip_set_rename+0x720/0x720
[ 110.822586][ T9624] ? __ip_set_put_netlink.isra.0+0x90/0x90
[ 110.828396][ T9624] ? call_ad+0x5a0/0x5a0
[ 110.832630][ T9624] nfnetlink_rcv_msg+0xcf2/0xfb0
[ 110.837548][ T9624] ? nfnetlink_bind+0x2c0/0x2c0
[ 110.842377][ T9624] ? __kasan_check_read+0x11/0x20
[ 110.847378][ T9624] ? __lock_acquire+0x8a0/0x4a00
[ 110.852292][ T9624] ? save_stack+0x5c/0x90
[ 110.856599][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 110.862815][ T9624] ? apparmor_capable+0x497/0x900
[ 110.867831][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 110.874059][ T9624] ? __kasan_check_read+0x11/0x20
[ 110.879064][ T9624] ? apparmor_cred_prepare+0x7b0/0x7b0
[ 110.884564][ T9624] netlink_rcv_skb+0x177/0x450
[ 110.889325][ T9624] ? nfnetlink_bind+0x2c0/0x2c0
[ 110.894161][ T9624] ? netlink_ack+0xb50/0xb50
[ 110.898737][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 110.905141][ T9624] ? ns_capable_common+0x93/0x100
[ 110.910260][ T9624] ? ns_capable+0x20/0x30
[ 110.914581][ T9624] ? __netlink_ns_capable+0x104/0x140
[ 110.919947][ T9624] nfnetlink_rcv+0x1ba/0x460
[ 110.924522][ T9624] ? nfnetlink_rcv_batch+0x17a0/0x17a0
[ 110.929959][ T9624] ? netlink_deliver_tap+0x24a/0xbe0
[ 110.935249][ T9624] ? __kasan_check_write+0x14/0x20
[ 110.940536][ T9624] netlink_unicast+0x58c/0x7d0
[ 110.945291][ T9624] ? netlink_attachskb+0x870/0x870
[ 110.950433][ T9624] ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 110.956171][ T9624] ? __check_object_size+0x3d/0x437
[ 110.961547][ T9624] netlink_sendmsg+0x91c/0xea0
[ 110.966306][ T9624] ? netlink_unicast+0x7d0/0x7d0
[ 110.971294][ T9624] ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 110.977023][ T9624] ? apparmor_socket_sendmsg+0x2a/0x30
[ 110.982480][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 110.988701][ T9624] ? security_socket_sendmsg+0x8d/0xc0
[ 110.994137][ T9624] ? netlink_unicast+0x7d0/0x7d0
[ 110.999067][ T9624] sock_sendmsg+0xd7/0x130
[ 111.003480][ T9624] ____sys_sendmsg+0x753/0x880
[ 111.008225][ T9624] ? kernel_sendmsg+0x50/0x50
[ 111.012907][ T9624] ? lockdep_init_map+0x1be/0x6d0
[ 111.017918][ T9624] ___sys_sendmsg+0x100/0x170
[ 111.022573][ T9624] ? sendmsg_copy_msghdr+0x70/0x70
[ 111.027677][ T9624] ? __kasan_check_read+0x11/0x20
[ 111.032676][ T9624] ? __lock_acquire+0x8a0/0x4a00
[ 111.037611][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 111.043849][ T9624] ? __this_cpu_preempt_check+0x35/0x190
[ 111.049468][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 111.055737][ T9624] ? percpu_counter_add_batch+0x13c/0x190
[ 111.061454][ T9624] ? __fd_install+0x1bc/0x640
[ 111.066116][ T9624] ? find_held_lock+0x35/0x130
[ 111.070881][ T9624] ? __fd_install+0x1bc/0x640
[ 111.075542][ T9624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 111.081758][ T9624] ? __fget_light+0x1a9/0x230
[ 111.086411][ T9624] ? __fdget+0x1b/0x20
[ 111.090455][ T9624] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 111.096672][ T9624] __sys_sendmsg+0x105/0x1d0
[ 111.101237][ T9624] ? __sys_sendmsg_sock+0xc0/0xc0
[ 111.106265][ T9624] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 111.111754][ T9624] ? do_fast_syscall_32+0xd1/0xe16
[ 111.116852][ T9624] ? entry_SYSENTER_compat+0x70/0x7f
[ 111.122171][ T9624] ? do_fast_syscall_32+0xd1/0xe16
[ 111.127266][ T9624] __ia32_compat_sys_sendmsg+0x7a/0xb0
[ 111.132704][ T9624] do_fast_syscall_32+0x27b/0xe16
[ 111.137709][ T9624] entry_SYSENTER_compat+0x70/0x7f
[ 111.142807][ T9624] RIP: 0023:0xf7f509a9
[ 111.146860][ T9624] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 111.166446][ T9624] RSP: 002b:00000000ff918e7c EFLAGS: 00000246 ORIG_RAX: 0000000000000172
[ 111.174837][ T9624] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200000c0
[ 111.182784][ T9624] RDX: 0000000000000080 RSI: 00000000080ea080 RDI: 00000000ff918ed0
[ 111.190754][ T9624] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 111.199230][ T9624] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 111.207193][ T9624] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 111.216475][ T9624] Kernel Offset: disabled
[ 111.220820][ T9624] Rebooting in 86400 seconds..