[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   82.356600][   T28] kauditd_printk_skb: 4 callbacks suppressed
[   82.356614][   T28] audit: type=1800 audit(1579872401.564:29): pid=9845 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   82.385305][   T28] audit: type=1800 audit(1579872401.564:30): pid=9845 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.111' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   90.405063][T10002] ==================================================================
[   90.413513][T10002] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_ext_cleanup+0xd8/0x290
[   90.421855][T10002] Read of size 8 at addr ffff8880a027de00 by task syz-executor859/10002
[   90.430200][T10002] 
[   90.432591][T10002] CPU: 1 PID: 10002 Comm: syz-executor859 Not tainted 5.5.0-rc7-syzkaller #0
[   90.441338][T10002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   90.451590][T10002] Call Trace:
[   90.454874][T10002]  dump_stack+0x197/0x210
[   90.459203][T10002]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   90.464952][T10002]  print_address_description.constprop.0.cold+0xd4/0x30b
[   90.472052][T10002]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   90.477690][T10002]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   90.483665][T10002]  __kasan_report.cold+0x1b/0x41
[   90.488602][T10002]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   90.494246][T10002]  kasan_report+0x12/0x20
[   90.498634][T10002]  check_memory_region+0x134/0x1a0
[   90.503757][T10002]  __kasan_check_read+0x11/0x20
[   90.508668][T10002]  bitmap_ipmac_ext_cleanup+0xd8/0x290
[   90.514209][T10002]  bitmap_ipmac_destroy+0x180/0x1d0
[   90.519525][T10002]  ip_set_create+0xe47/0x1500
[   90.525184][T10002]  ? ip_set_destroy+0xb70/0xb70
[   90.530214][T10002]  ? ip_set_destroy+0xb70/0xb70
[   90.535437][T10002]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   90.540549][T10002]  ? nfnetlink_bind+0x2c0/0x2c0
[   90.545407][T10002]  ? __kasan_check_read+0x11/0x20
[   90.550559][T10002]  ? __lock_acquire+0x8a0/0x4a00
[   90.555496][T10002]  ? save_stack+0x5c/0x90
[   90.559839][T10002]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   90.566209][T10002]  ? apparmor_capable+0x497/0x900
[   90.571280][T10002]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   90.577598][T10002]  ? __kasan_check_read+0x11/0x20
[   90.582711][T10002]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   90.588179][T10002]  netlink_rcv_skb+0x177/0x450
[   90.593047][T10002]  ? nfnetlink_bind+0x2c0/0x2c0
[   90.597912][T10002]  ? netlink_ack+0xb50/0xb50
[   90.602509][T10002]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   90.608758][T10002]  ? ns_capable_common+0x93/0x100
[   90.613918][T10002]  ? ns_capable+0x20/0x30
[   90.618309][T10002]  ? __netlink_ns_capable+0x104/0x140
[   90.623698][T10002]  nfnetlink_rcv+0x1ba/0x460
[   90.628320][T10002]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   90.634235][T10002]  ? netlink_deliver_tap+0x24a/0xbe0
[   90.639731][T10002]  ? __kasan_check_write+0x14/0x20
[   90.644861][T10002]  netlink_unicast+0x58c/0x7d0
[   90.650448][T10002]  ? netlink_attachskb+0x870/0x870
[   90.655572][T10002]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   90.661297][T10002]  ? __check_object_size+0x3d/0x437
[   90.666815][T10002]  netlink_sendmsg+0x91c/0xea0
[   90.671610][T10002]  ? netlink_unicast+0x7d0/0x7d0
[   90.676542][T10002]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   90.682089][T10002]  ? apparmor_socket_sendmsg+0x2a/0x30
[   90.687545][T10002]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   90.693799][T10002]  ? security_socket_sendmsg+0x8d/0xc0
[   90.699400][T10002]  ? netlink_unicast+0x7d0/0x7d0
[   90.704801][T10002]  sock_sendmsg+0xd7/0x130
[   90.709226][T10002]  ____sys_sendmsg+0x753/0x880
[   90.714113][T10002]  ? kernel_sendmsg+0x50/0x50
[   90.718890][T10002]  ? mark_held_locks+0xa4/0xf0
[   90.723891][T10002]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   90.730326][T10002]  ___sys_sendmsg+0x100/0x170
[   90.735058][T10002]  ? sendmsg_copy_msghdr+0x70/0x70
[   90.740395][T10002]  ? prep_transhuge_page+0xa0/0xa0
[   90.745750][T10002]  ? __do_page_fault+0x56a/0xd80
[   90.750762][T10002]  ? find_held_lock+0x35/0x130
[   90.755523][T10002]  ? __do_page_fault+0x56a/0xd80
[   90.760465][T10002]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   90.766700][T10002]  ? __fget_light+0x1a9/0x230
[   90.771380][T10002]  ? __fdget+0x1b/0x20
[   90.775440][T10002]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   90.781903][T10002]  __sys_sendmsg+0x105/0x1d0
[   90.786490][T10002]  ? __sys_sendmsg_sock+0xc0/0xc0
[   90.791515][T10002]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   90.797170][T10002]  ? do_fast_syscall_32+0xd1/0xe16
[   90.802284][T10002]  ? entry_SYSENTER_compat+0x70/0x7f
[   90.807771][T10002]  ? do_fast_syscall_32+0xd1/0xe16
[   90.812883][T10002]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[   90.818518][T10002]  do_fast_syscall_32+0x27b/0xe16
[   90.823544][T10002]  entry_SYSENTER_compat+0x70/0x7f
[   90.828759][T10002] RIP: 0023:0xf7f759a9
[   90.832819][T10002] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   90.852415][T10002] RSP: 002b:00000000ff8c606c EFLAGS: 00000202 ORIG_RAX: 0000000000000172
[   90.860822][T10002] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000300
[   90.869024][T10002] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000ff8c6184
[   90.876996][T10002] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   90.885033][T10002] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   90.893017][T10002] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   90.901043][T10002] 
[   90.903370][T10002] Allocated by task 10002:
[   90.907794][T10002]  save_stack+0x23/0x90
[   90.911947][T10002]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   90.917738][T10002]  kasan_kmalloc+0x9/0x10
[   90.922173][T10002]  __kmalloc+0x163/0x770
[   90.926663][T10002]  ip_set_alloc+0x38/0x5e
[   90.930988][T10002]  bitmap_ipmac_create+0x4e8/0xa00
[   90.936195][T10002]  ip_set_create+0x6f1/0x1500
[   90.940859][T10002]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   90.945789][T10002]  netlink_rcv_skb+0x177/0x450
[   90.950544][T10002]  nfnetlink_rcv+0x1ba/0x460
[   90.955119][T10002]  netlink_unicast+0x58c/0x7d0
[   90.959874][T10002]  netlink_sendmsg+0x91c/0xea0
[   90.964625][T10002]  sock_sendmsg+0xd7/0x130
[   90.969035][T10002]  ____sys_sendmsg+0x753/0x880
[   90.973826][T10002]  ___sys_sendmsg+0x100/0x170
[   90.978600][T10002]  __sys_sendmsg+0x105/0x1d0
[   90.983185][T10002]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[   90.988636][T10002]  do_fast_syscall_32+0x27b/0xe16
[   90.993657][T10002]  entry_SYSENTER_compat+0x70/0x7f
[   90.998752][T10002] 
[   91.001292][T10002] Freed by task 9734:
[   91.005335][T10002]  save_stack+0x23/0x90
[   91.009495][T10002]  __kasan_slab_free+0x102/0x150
[   91.014590][T10002]  kasan_slab_free+0xe/0x10
[   91.019424][T10002]  kfree+0x10a/0x2c0
[   91.023493][T10002]  tomoyo_init_log+0x15b5/0x2070
[   91.028600][T10002]  tomoyo_supervisor+0x33f/0xef0
[   91.033544][T10002]  tomoyo_env_perm+0x18e/0x210
[   91.038323][T10002]  tomoyo_find_next_domain+0x1354/0x1f6c
[   91.044305][T10002]  tomoyo_bprm_check_security+0x124/0x1a0
[   91.050944][T10002]  security_bprm_check+0x63/0xb0
[   91.056020][T10002]  search_binary_handler+0x71/0x570
[   91.061231][T10002]  __do_execve_file.isra.0+0x1329/0x22b0
[   91.066876][T10002]  __x64_sys_execve+0x8f/0xc0
[   91.071547][T10002]  do_syscall_64+0xfa/0x790
[   91.076051][T10002]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   91.081943][T10002] 
[   91.084261][T10002] The buggy address belongs to the object at ffff8880a027c000
[   91.084261][T10002]  which belongs to the cache kmalloc-8k of size 8192
[   91.098462][T10002] The buggy address is located 7680 bytes inside of
[   91.098462][T10002]  8192-byte region [ffff8880a027c000, ffff8880a027e000)
[   91.111946][T10002] The buggy address belongs to the page:
[   91.117591][T10002] page:ffffea0002809f00 refcount:1 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0
[   91.128518][T10002] raw: 00fffe0000010200 ffffea00022d4908 ffffea0002436208 ffff8880aa4021c0
[   91.137107][T10002] raw: 0000000000000000 ffff8880a027c000 0000000100000001 0000000000000000
[   91.145681][T10002] page dumped because: kasan: bad access detected
[   91.152077][T10002] 
[   91.154478][T10002] Memory state around the buggy address:
[   91.160165][T10002]  ffff8880a027dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   91.169354][T10002]  ffff8880a027dd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   91.177430][T10002] >ffff8880a027de00: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   91.185934][T10002]                    ^
[   91.190055][T10002]  ffff8880a027de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   91.198475][T10002]  ffff8880a027df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   91.206771][T10002] ==================================================================
[   91.215052][T10002] Disabling lock debugging due to kernel taint
[   91.221706][T10002] Kernel panic - not syncing: panic_on_warn set ...
[   91.228298][T10002] CPU: 1 PID: 10002 Comm: syz-executor859 Tainted: G    B             5.5.0-rc7-syzkaller #0
[   91.238778][T10002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   91.248823][T10002] Call Trace:
[   91.252116][T10002]  dump_stack+0x197/0x210
[   91.256488][T10002]  panic+0x2e3/0x75c
[   91.260394][T10002]  ? add_taint.cold+0x16/0x16
[   91.265602][T10002]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   91.271231][T10002]  ? preempt_schedule+0x4b/0x60
[   91.276150][T10002]  ? ___preempt_schedule+0x16/0x18
[   91.281388][T10002]  ? trace_hardirqs_on+0x5e/0x240
[   91.286420][T10002]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   91.292043][T10002]  end_report+0x47/0x4f
[   91.296192][T10002]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   91.301834][T10002]  __kasan_report.cold+0xe/0x41
[   91.306778][T10002]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   91.312428][T10002]  kasan_report+0x12/0x20
[   91.316844][T10002]  check_memory_region+0x134/0x1a0
[   91.322080][T10002]  __kasan_check_read+0x11/0x20
[   91.327039][T10002]  bitmap_ipmac_ext_cleanup+0xd8/0x290
[   91.332586][T10002]  bitmap_ipmac_destroy+0x180/0x1d0
[   91.337941][T10002]  ip_set_create+0xe47/0x1500
[   91.342616][T10002]  ? ip_set_destroy+0xb70/0xb70
[   91.347521][T10002]  ? ip_set_destroy+0xb70/0xb70
[   91.352366][T10002]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   91.357308][T10002]  ? nfnetlink_bind+0x2c0/0x2c0
[   91.362271][T10002]  ? __kasan_check_read+0x11/0x20
[   91.367543][T10002]  ? __lock_acquire+0x8a0/0x4a00
[   91.372565][T10002]  ? save_stack+0x5c/0x90
[   91.376890][T10002]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.383127][T10002]  ? apparmor_capable+0x497/0x900
[   91.388152][T10002]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.394387][T10002]  ? __kasan_check_read+0x11/0x20
[   91.399421][T10002]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   91.404920][T10002]  netlink_rcv_skb+0x177/0x450
[   91.409678][T10002]  ? nfnetlink_bind+0x2c0/0x2c0
[   91.414523][T10002]  ? netlink_ack+0xb50/0xb50
[   91.419227][T10002]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.425635][T10002]  ? ns_capable_common+0x93/0x100
[   91.430806][T10002]  ? ns_capable+0x20/0x30
[   91.435129][T10002]  ? __netlink_ns_capable+0x104/0x140
[   91.440595][T10002]  nfnetlink_rcv+0x1ba/0x460
[   91.445279][T10002]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   91.450899][T10002]  ? netlink_deliver_tap+0x24a/0xbe0
[   91.456347][T10002]  ? __kasan_check_write+0x14/0x20
[   91.461607][T10002]  netlink_unicast+0x58c/0x7d0
[   91.466445][T10002]  ? netlink_attachskb+0x870/0x870
[   91.471814][T10002]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   91.478175][T10002]  ? __check_object_size+0x3d/0x437
[   91.483374][T10002]  netlink_sendmsg+0x91c/0xea0
[   91.488283][T10002]  ? netlink_unicast+0x7d0/0x7d0
[   91.493224][T10002]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   91.499804][T10002]  ? apparmor_socket_sendmsg+0x2a/0x30
[   91.505266][T10002]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.511507][T10002]  ? security_socket_sendmsg+0x8d/0xc0
[   91.517058][T10002]  ? netlink_unicast+0x7d0/0x7d0
[   91.521996][T10002]  sock_sendmsg+0xd7/0x130
[   91.526407][T10002]  ____sys_sendmsg+0x753/0x880
[   91.531528][T10002]  ? kernel_sendmsg+0x50/0x50
[   91.536513][T10002]  ? mark_held_locks+0xa4/0xf0
[   91.541271][T10002]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   91.547873][T10002]  ___sys_sendmsg+0x100/0x170
[   91.552653][T10002]  ? sendmsg_copy_msghdr+0x70/0x70
[   91.557870][T10002]  ? prep_transhuge_page+0xa0/0xa0
[   91.563083][T10002]  ? __do_page_fault+0x56a/0xd80
[   91.568144][T10002]  ? find_held_lock+0x35/0x130
[   91.572952][T10002]  ? __do_page_fault+0x56a/0xd80
[   91.577983][T10002]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.584260][T10002]  ? __fget_light+0x1a9/0x230
[   91.588935][T10002]  ? __fdget+0x1b/0x20
[   91.592999][T10002]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   91.599257][T10002]  __sys_sendmsg+0x105/0x1d0
[   91.604176][T10002]  ? __sys_sendmsg_sock+0xc0/0xc0
[   91.609224][T10002]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   91.614922][T10002]  ? do_fast_syscall_32+0xd1/0xe16
[   91.620123][T10002]  ? entry_SYSENTER_compat+0x70/0x7f
[   91.625401][T10002]  ? do_fast_syscall_32+0xd1/0xe16
[   91.630672][T10002]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[   91.636271][T10002]  do_fast_syscall_32+0x27b/0xe16
[   91.641386][T10002]  entry_SYSENTER_compat+0x70/0x7f
[   91.646764][T10002] RIP: 0023:0xf7f759a9
[   91.650908][T10002] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   91.670618][T10002] RSP: 002b:00000000ff8c606c EFLAGS: 00000202 ORIG_RAX: 0000000000000172
[   91.679022][T10002] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000300
[   91.686994][T10002] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000ff8c6184
[   91.694957][T10002] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   91.702930][T10002] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   91.710918][T10002] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   91.720803][T10002] Kernel Offset: disabled
[   91.725197][T10002] Rebooting in 86400 seconds..