[   87.739174][   T27] audit: type=1800 audit(1579611241.273:25): pid=9671 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   88.643043][   T27] kauditd_printk_skb: 3 callbacks suppressed
[   88.643055][   T27] audit: type=1800 audit(1579611242.173:29): pid=9671 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   88.669641][   T27] audit: type=1800 audit(1579611242.183:30): pid=9671 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.174' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   98.287635][ T9830] ==================================================================
[   98.296233][ T9830] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_ext_cleanup+0xd8/0x290
[   98.304578][ T9830] Read of size 8 at addr ffff8880a8d3f4c0 by task syz-executor699/9830
[   98.312799][ T9830] 
[   98.315128][ T9830] CPU: 1 PID: 9830 Comm: syz-executor699 Not tainted 5.5.0-rc7-syzkaller #0
[   98.323786][ T9830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   98.333829][ T9830] Call Trace:
[   98.337199][ T9830]  dump_stack+0x197/0x210
[   98.341538][ T9830]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   98.347175][ T9830]  print_address_description.constprop.0.cold+0xd4/0x30b
[   98.354196][ T9830]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   98.359866][ T9830]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   98.365490][ T9830]  __kasan_report.cold+0x1b/0x41
[   98.370417][ T9830]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   98.376964][ T9830]  kasan_report+0x12/0x20
[   98.381348][ T9830]  check_memory_region+0x134/0x1a0
[   98.386462][ T9830]  __kasan_check_read+0x11/0x20
[   98.391308][ T9830]  bitmap_ipmac_ext_cleanup+0xd8/0x290
[   98.396767][ T9830]  bitmap_ipmac_destroy+0x180/0x1d0
[   98.402048][ T9830]  ip_set_create+0xe47/0x1500
[   98.406754][ T9830]  ? ip_set_destroy+0xb70/0xb70
[   98.411626][ T9830]  ? ip_set_destroy+0xb70/0xb70
[   98.416483][ T9830]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   98.421787][ T9830]  ? nfnetlink_bind+0x2c0/0x2c0
[   98.426679][ T9830]  ? __kasan_check_read+0x11/0x20
[   98.431720][ T9830]  ? __lock_acquire+0x8a0/0x4a00
[   98.436659][ T9830]  ? save_stack+0x5c/0x90
[   98.440983][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.447231][ T9830]  ? apparmor_capable+0x497/0x900
[   98.452251][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.458495][ T9830]  ? __kasan_check_read+0x11/0x20
[   98.463533][ T9830]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   98.469000][ T9830]  netlink_rcv_skb+0x177/0x450
[   98.473753][ T9830]  ? nfnetlink_bind+0x2c0/0x2c0
[   98.478596][ T9830]  ? netlink_ack+0xb50/0xb50
[   98.483218][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.489448][ T9830]  ? ns_capable_common+0x93/0x100
[   98.494499][ T9830]  ? ns_capable+0x20/0x30
[   98.498929][ T9830]  ? __netlink_ns_capable+0x104/0x140
[   98.504302][ T9830]  nfnetlink_rcv+0x1ba/0x460
[   98.509073][ T9830]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   98.514624][ T9830]  ? netlink_deliver_tap+0x24a/0xbe0
[   98.519906][ T9830]  ? __kasan_check_write+0x14/0x20
[   98.525016][ T9830]  netlink_unicast+0x58c/0x7d0
[   98.529790][ T9830]  ? netlink_attachskb+0x870/0x870
[   98.534896][ T9830]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   98.540622][ T9830]  ? __check_object_size+0x3d/0x437
[   98.545828][ T9830]  netlink_sendmsg+0x91c/0xea0
[   98.550601][ T9830]  ? netlink_unicast+0x7d0/0x7d0
[   98.555540][ T9830]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   98.561084][ T9830]  ? apparmor_socket_sendmsg+0x2a/0x30
[   98.566538][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.572820][ T9830]  ? security_socket_sendmsg+0x8d/0xc0
[   98.578366][ T9830]  ? netlink_unicast+0x7d0/0x7d0
[   98.583319][ T9830]  sock_sendmsg+0xd7/0x130
[   98.587725][ T9830]  ____sys_sendmsg+0x753/0x880
[   98.592500][ T9830]  ? kernel_sendmsg+0x50/0x50
[   98.597173][ T9830]  ? mark_held_locks+0xa4/0xf0
[   98.601975][ T9830]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   98.608521][ T9830]  ? __handle_mm_fault+0x3145/0x3cc0
[   98.613825][ T9830]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   98.619995][ T9830]  ___sys_sendmsg+0x100/0x170
[   98.624671][ T9830]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   98.630686][ T9830]  ? sendmsg_copy_msghdr+0x70/0x70
[   98.635813][ T9830]  ? __do_page_fault+0x56a/0xd80
[   98.640748][ T9830]  ? find_held_lock+0x35/0x130
[   98.645504][ T9830]  ? __do_page_fault+0x56a/0xd80
[   98.650454][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.656731][ T9830]  ? __fget_light+0x1a9/0x230
[   98.661392][ T9830]  ? __fdget+0x1b/0x20
[   98.665559][ T9830]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   98.671797][ T9830]  __sys_sendmsg+0x105/0x1d0
[   98.676868][ T9830]  ? __sys_sendmsg_sock+0xc0/0xc0
[   98.682647][ T9830]  ? down_read_non_owner+0x490/0x490
[   98.687940][ T9830]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   98.693393][ T9830]  ? do_syscall_64+0x26/0x790
[   98.698059][ T9830]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   98.704111][ T9830]  ? do_syscall_64+0x26/0x790
[   98.708801][ T9830]  __x64_sys_sendmsg+0x78/0xb0
[   98.713573][ T9830]  do_syscall_64+0xfa/0x790
[   98.718110][ T9830]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   98.724007][ T9830] RIP: 0033:0x4413f9
[   98.728007][ T9830] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   98.750063][ T9830] RSP: 002b:00007ffe0faf66d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   98.758611][ T9830] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413f9
[   98.767149][ T9830] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[   98.776348][ T9830] RBP: 0000000000017fce R08: 00000000004002c8 R09: 00000000004002c8
[   98.786402][ T9830] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220
[   98.797509][ T9830] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000
[   98.806725][ T9830] 
[   98.809054][ T9830] Allocated by task 9830:
[   98.813562][ T9830]  save_stack+0x23/0x90
[   98.817927][ T9830]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   98.824639][ T9830]  kasan_kmalloc+0x9/0x10
[   98.828986][ T9830]  __kmalloc+0x163/0x770
[   98.833264][ T9830]  ip_set_alloc+0x38/0x5e
[   98.838563][ T9830]  bitmap_ipmac_create+0x4e8/0xa00
[   98.843848][ T9830]  ip_set_create+0x6f1/0x1500
[   98.848634][ T9830]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   98.853850][ T9830]  netlink_rcv_skb+0x177/0x450
[   98.858607][ T9830]  nfnetlink_rcv+0x1ba/0x460
[   98.863190][ T9830]  netlink_unicast+0x58c/0x7d0
[   98.867952][ T9830]  netlink_sendmsg+0x91c/0xea0
[   98.872705][ T9830]  sock_sendmsg+0xd7/0x130
[   98.877844][ T9830]  ____sys_sendmsg+0x753/0x880
[   98.882713][ T9830]  ___sys_sendmsg+0x100/0x170
[   98.896849][ T9830]  __sys_sendmsg+0x105/0x1d0
[   98.901967][ T9830]  __x64_sys_sendmsg+0x78/0xb0
[   98.908304][ T9830]  do_syscall_64+0xfa/0x790
[   98.912909][ T9830]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   98.918828][ T9830] 
[   98.921144][ T9830] Freed by task 9555:
[   98.926690][ T9830]  save_stack+0x23/0x90
[   98.931018][ T9830]  __kasan_slab_free+0x102/0x150
[   98.936062][ T9830]  kasan_slab_free+0xe/0x10
[   98.940866][ T9830]  kfree+0x10a/0x2c0
[   98.945300][ T9830]  single_release+0x95/0xc0
[   98.949899][ T9830]  __fput+0x2ff/0x890
[   98.953964][ T9830]  ____fput+0x16/0x20
[   98.957943][ T9830]  task_work_run+0x145/0x1c0
[   98.963613][ T9830]  exit_to_usermode_loop+0x316/0x380
[   98.968912][ T9830]  do_syscall_64+0x676/0x790
[   98.973507][ T9830]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   98.980442][ T9830] 
[   98.982791][ T9830] The buggy address belongs to the object at ffff8880a8d3f4c0
[   98.982791][ T9830]  which belongs to the cache kmalloc-32 of size 32
[   98.999062][ T9830] The buggy address is located 0 bytes inside of
[   98.999062][ T9830]  32-byte region [ffff8880a8d3f4c0, ffff8880a8d3f4e0)
[   99.013767][ T9830] The buggy address belongs to the page:
[   99.020428][ T9830] page:ffffea0002a34fc0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a8d3ffc1
[   99.032371][ T9830] raw: 00fffe0000000200 ffffea0002a14648 ffffea0002806388 ffff8880aa4001c0
[   99.040960][ T9830] raw: ffff8880a8d3ffc1 ffff8880a8d3f000 000000010000003f 0000000000000000
[   99.050388][ T9830] page dumped because: kasan: bad access detected
[   99.058621][ T9830] 
[   99.061641][ T9830] Memory state around the buggy address:
[   99.068537][ T9830]  ffff8880a8d3f380: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc
[   99.076648][ T9830]  ffff8880a8d3f400: 00 00 fc fc fc fc fc fc 00 07 fc fc fc fc fc fc
[   99.085768][ T9830] >ffff8880a8d3f480: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc
[   99.094901][ T9830]                                            ^
[   99.101844][ T9830]  ffff8880a8d3f500: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   99.110263][ T9830]  ffff8880a8d3f580: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   99.119919][ T9830] ==================================================================
[   99.130764][ T9830] Disabling lock debugging due to kernel taint
[   99.141753][ T9830] Kernel panic - not syncing: panic_on_warn set ...
[   99.150486][ T9830] CPU: 1 PID: 9830 Comm: syz-executor699 Tainted: G    B             5.5.0-rc7-syzkaller #0
[   99.163405][ T9830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   99.176665][ T9830] Call Trace:
[   99.180062][ T9830]  dump_stack+0x197/0x210
[   99.184592][ T9830]  panic+0x2e3/0x75c
[   99.189621][ T9830]  ? add_taint.cold+0x16/0x16
[   99.196555][ T9830]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.204583][ T9830]  ? preempt_schedule+0x4b/0x60
[   99.210831][ T9830]  ? ___preempt_schedule+0x16/0x18
[   99.216425][ T9830]  ? trace_hardirqs_on+0x5e/0x240
[   99.221560][ T9830]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.227283][ T9830]  end_report+0x47/0x4f
[   99.231662][ T9830]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.237414][ T9830]  __kasan_report.cold+0xe/0x41
[   99.243788][ T9830]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.249521][ T9830]  kasan_report+0x12/0x20
[   99.255102][ T9830]  check_memory_region+0x134/0x1a0
[   99.260541][ T9830]  __kasan_check_read+0x11/0x20
[   99.265385][ T9830]  bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.271415][ T9830]  bitmap_ipmac_destroy+0x180/0x1d0
[   99.276634][ T9830]  ip_set_create+0xe47/0x1500
[   99.283480][ T9830]  ? ip_set_destroy+0xb70/0xb70
[   99.288617][ T9830]  ? ip_set_destroy+0xb70/0xb70
[   99.294157][ T9830]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   99.299680][ T9830]  ? nfnetlink_bind+0x2c0/0x2c0
[   99.305021][ T9830]  ? __kasan_check_read+0x11/0x20
[   99.310718][ T9830]  ? __lock_acquire+0x8a0/0x4a00
[   99.316448][ T9830]  ? save_stack+0x5c/0x90
[   99.321287][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.327854][ T9830]  ? apparmor_capable+0x497/0x900
[   99.334229][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.340465][ T9830]  ? __kasan_check_read+0x11/0x20
[   99.345665][ T9830]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   99.351245][ T9830]  netlink_rcv_skb+0x177/0x450
[   99.356143][ T9830]  ? nfnetlink_bind+0x2c0/0x2c0
[   99.361089][ T9830]  ? netlink_ack+0xb50/0xb50
[   99.365764][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.372326][ T9830]  ? ns_capable_common+0x93/0x100
[   99.377892][ T9830]  ? ns_capable+0x20/0x30
[   99.382236][ T9830]  ? __netlink_ns_capable+0x104/0x140
[   99.390033][ T9830]  nfnetlink_rcv+0x1ba/0x460
[   99.395066][ T9830]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   99.400684][ T9830]  ? netlink_deliver_tap+0x24a/0xbe0
[   99.406612][ T9830]  ? __kasan_check_write+0x14/0x20
[   99.413761][ T9830]  netlink_unicast+0x58c/0x7d0
[   99.418525][ T9830]  ? netlink_attachskb+0x870/0x870
[   99.423831][ T9830]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   99.430004][ T9830]  ? __check_object_size+0x3d/0x437
[   99.435937][ T9830]  netlink_sendmsg+0x91c/0xea0
[   99.440779][ T9830]  ? netlink_unicast+0x7d0/0x7d0
[   99.449403][ T9830]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   99.460414][ T9830]  ? apparmor_socket_sendmsg+0x2a/0x30
[   99.465862][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.472216][ T9830]  ? security_socket_sendmsg+0x8d/0xc0
[   99.477781][ T9830]  ? netlink_unicast+0x7d0/0x7d0
[   99.482849][ T9830]  sock_sendmsg+0xd7/0x130
[   99.487287][ T9830]  ____sys_sendmsg+0x753/0x880
[   99.492050][ T9830]  ? kernel_sendmsg+0x50/0x50
[   99.496767][ T9830]  ? mark_held_locks+0xa4/0xf0
[   99.501525][ T9830]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   99.507620][ T9830]  ? __handle_mm_fault+0x3145/0x3cc0
[   99.512898][ T9830]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   99.519106][ T9830]  ___sys_sendmsg+0x100/0x170
[   99.523799][ T9830]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   99.529785][ T9830]  ? sendmsg_copy_msghdr+0x70/0x70
[   99.535035][ T9830]  ? __do_page_fault+0x56a/0xd80
[   99.539980][ T9830]  ? find_held_lock+0x35/0x130
[   99.544864][ T9830]  ? __do_page_fault+0x56a/0xd80
[   99.549964][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.556618][ T9830]  ? __fget_light+0x1a9/0x230
[   99.561407][ T9830]  ? __fdget+0x1b/0x20
[   99.565668][ T9830]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   99.571933][ T9830]  __sys_sendmsg+0x105/0x1d0
[   99.576521][ T9830]  ? __sys_sendmsg_sock+0xc0/0xc0
[   99.581801][ T9830]  ? down_read_non_owner+0x490/0x490
[   99.587097][ T9830]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   99.592751][ T9830]  ? do_syscall_64+0x26/0x790
[   99.597423][ T9830]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   99.603497][ T9830]  ? do_syscall_64+0x26/0x790
[   99.608387][ T9830]  __x64_sys_sendmsg+0x78/0xb0
[   99.613285][ T9830]  do_syscall_64+0xfa/0x790
[   99.617785][ T9830]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   99.623694][ T9830] RIP: 0033:0x4413f9
[   99.627580][ T9830] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   99.647255][ T9830] RSP: 002b:00007ffe0faf66d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   99.655916][ T9830] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413f9
[   99.663879][ T9830] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[   99.671952][ T9830] RBP: 0000000000017fce R08: 00000000004002c8 R09: 00000000004002c8
[   99.680344][ T9830] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220
[   99.688314][ T9830] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000
[   99.697124][ T9830] Kernel Offset: disabled
[   99.701570][ T9830] Rebooting in 86400 seconds..