[   91.806853][   T27] audit: type=1800 audit(1580852580.628:26): pid=9515 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   92.493958][   T27] kauditd_printk_skb: 2 callbacks suppressed
[   92.493969][   T27] audit: type=1800 audit(1580852581.338:29): pid=9515 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   92.520800][   T27] audit: type=1800 audit(1580852581.338:30): pid=9515 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.216' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [  116.528928][ T9672] ==================================================================
[  116.537418][ T9672] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_ext_cleanup+0xd8/0x290
[  116.545847][ T9672] Read of size 8 at addr ffff8880a33ec000 by task syz-executor018/9672
[  116.554221][ T9672] 
[  116.556541][ T9672] CPU: 1 PID: 9672 Comm: syz-executor018 Not tainted 5.5.0-rc6-next-20200116-syzkaller #0
[  116.566410][ T9672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  116.576471][ T9672] Call Trace:
[  116.579751][ T9672]  dump_stack+0x197/0x210
[  116.584069][ T9672]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  116.589692][ T9672]  print_address_description.constprop.0.cold+0xd4/0x30b
[  116.598271][ T9672]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  116.603908][ T9672]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  116.609532][ T9672]  __kasan_report.cold+0x1b/0x32
[  116.614472][ T9672]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  116.620091][ T9672]  kasan_report+0x12/0x20
[  116.624409][ T9672]  check_memory_region+0x134/0x1a0
[  116.629518][ T9672]  __kasan_check_read+0x11/0x20
[  116.634362][ T9672]  bitmap_ipmac_ext_cleanup+0xd8/0x290
[  116.639815][ T9672]  bitmap_ipmac_destroy+0x180/0x1d0
[  116.645008][ T9672]  ip_set_create+0xe47/0x1500
[  116.649673][ T9672]  ? ip_set_destroy+0xb70/0xb70
[  116.654534][ T9672]  ? ip_set_destroy+0xb70/0xb70
[  116.659402][ T9672]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  116.664359][ T9672]  ? nfnetlink_bind+0x2c0/0x2c0
[  116.669204][ T9672]  ? __kasan_check_read+0x11/0x20
[  116.674243][ T9672]  ? __lock_acquire+0x8a0/0x4a00
[  116.679169][ T9672]  ? save_stack+0x5c/0x90
[  116.683490][ T9672]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  116.689812][ T9672]  ? apparmor_capable+0x4df/0x910
[  116.694843][ T9672]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  116.701081][ T9672]  ? __kasan_check_read+0x11/0x20
[  116.706095][ T9672]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  116.711563][ T9672]  netlink_rcv_skb+0x177/0x450
[  116.716330][ T9672]  ? nfnetlink_bind+0x2c0/0x2c0
[  116.721165][ T9672]  ? netlink_ack+0xb50/0xb50
[  116.725740][ T9672]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  116.731977][ T9672]  ? ns_capable_common+0x93/0x100
[  116.736986][ T9672]  ? ns_capable+0x20/0x30
[  116.741298][ T9672]  ? __netlink_ns_capable+0x104/0x140
[  116.746661][ T9672]  nfnetlink_rcv+0x1ba/0x460
[  116.751254][ T9672]  ? nfnetlink_rcv_batch+0x1780/0x1780
[  116.756805][ T9672]  ? netlink_deliver_tap+0x248/0xbf0
[  116.762075][ T9672]  ? __kasan_check_write+0x14/0x20
[  116.767168][ T9672]  netlink_unicast+0x59e/0x7e0
[  116.771931][ T9672]  ? netlink_attachskb+0x870/0x870
[  116.777059][ T9672]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  116.782774][ T9672]  ? __check_object_size+0x3d/0x437
[  116.787979][ T9672]  netlink_sendmsg+0x91c/0xea0
[  116.792732][ T9672]  ? netlink_unicast+0x7e0/0x7e0
[  116.797657][ T9672]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  116.803226][ T9672]  ? apparmor_socket_sendmsg+0x2a/0x30
[  116.808687][ T9672]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  116.814916][ T9672]  ? security_socket_sendmsg+0x8d/0xc0
[  116.820377][ T9672]  ? netlink_unicast+0x7e0/0x7e0
[  116.825304][ T9672]  sock_sendmsg+0xd7/0x130
[  116.829723][ T9672]  ____sys_sendmsg+0x753/0x880
[  116.834484][ T9672]  ? kernel_sendmsg+0x50/0x50
[  116.839164][ T9672]  ___sys_sendmsg+0x100/0x170
[  116.843855][ T9672]  ? sendmsg_copy_msghdr+0x70/0x70
[  116.848973][ T9672]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  116.854972][ T9672]  ? prep_transhuge_page+0xa0/0xa0
[  116.860099][ T9672]  ? do_page_fault+0x579/0x12e1
[  116.864940][ T9672]  ? find_held_lock+0x35/0x130
[  116.869687][ T9672]  ? do_page_fault+0x579/0x12e1
[  116.874544][ T9672]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  116.880776][ T9672]  ? __fget_light+0x1ad/0x270
[  116.885440][ T9672]  ? __fdget+0x1b/0x20
[  116.889493][ T9672]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  116.898330][ T9672]  __sys_sendmsg+0x105/0x1d0
[  116.902929][ T9672]  ? __sys_sendmsg_sock+0xc0/0xc0
[  116.907974][ T9672]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  116.918567][ T9672]  ? do_syscall_64+0x26/0x790
[  116.923247][ T9672]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  116.929353][ T9672]  ? do_syscall_64+0x26/0x790
[  116.934028][ T9672]  __x64_sys_sendmsg+0x78/0xb0
[  116.938789][ T9672]  do_syscall_64+0xfa/0x790
[  116.943281][ T9672]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  116.949167][ T9672] RIP: 0033:0x4413f9
[  116.953046][ T9672] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  116.972636][ T9672] RSP: 002b:00007ffe6ef77788 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  116.981235][ T9672] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413f9
[  116.989277][ T9672] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  116.997297][ T9672] RBP: 000000000001c70f R08: 00000000004002c8 R09: 00000000004002c8
[  117.005302][ T9672] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220
[  117.013263][ T9672] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000
[  117.021241][ T9672] 
[  117.023586][ T9672] Allocated by task 9672:
[  117.027907][ T9672]  save_stack+0x23/0x90
[  117.032046][ T9672]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  117.037660][ T9672]  kasan_kmalloc+0x9/0x10
[  117.041987][ T9672]  __kmalloc+0x163/0x770
[  117.046259][ T9672]  ip_set_alloc+0x38/0x5e
[  117.050689][ T9672]  bitmap_ipmac_create+0x4e8/0xa00
[  117.055786][ T9672]  ip_set_create+0x6f1/0x1500
[  117.060462][ T9672]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  117.065392][ T9672]  netlink_rcv_skb+0x177/0x450
[  117.070134][ T9672]  nfnetlink_rcv+0x1ba/0x460
[  117.074704][ T9672]  netlink_unicast+0x59e/0x7e0
[  117.079449][ T9672]  netlink_sendmsg+0x91c/0xea0
[  117.084194][ T9672]  sock_sendmsg+0xd7/0x130
[  117.088604][ T9672]  ____sys_sendmsg+0x753/0x880
[  117.093361][ T9672]  ___sys_sendmsg+0x100/0x170
[  117.098109][ T9672]  __sys_sendmsg+0x105/0x1d0
[  117.102794][ T9672]  __x64_sys_sendmsg+0x78/0xb0
[  117.107638][ T9672]  do_syscall_64+0xfa/0x790
[  117.112138][ T9672]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  117.118013][ T9672] 
[  117.120386][ T9672] Freed by task 4258:
[  117.124419][ T9672]  save_stack+0x23/0x90
[  117.128592][ T9672]  __kasan_slab_free+0x102/0x150
[  117.133568][ T9672]  kasan_slab_free+0xe/0x10
[  117.138066][ T9672]  kfree+0x10a/0x2c0
[  117.141957][ T9672]  tomoyo_check_open_permission+0x19e/0x3e0
[  117.147889][ T9672]  tomoyo_file_open+0xa9/0xd0
[  117.152617][ T9672]  security_file_open+0x71/0x300
[  117.157548][ T9672]  do_dentry_open+0x365/0x1350
[  117.162357][ T9672]  vfs_open+0xa0/0xd0
[  117.166332][ T9672]  path_openat+0x12fd/0x34d0
[  117.170919][ T9672]  do_filp_open+0x192/0x260
[  117.175415][ T9672]  do_sys_openat2+0x633/0x840
[  117.180136][ T9672]  do_sys_open+0xfc/0x190
[  117.184461][ T9672]  __x64_sys_open+0x7e/0xc0
[  117.188962][ T9672]  do_syscall_64+0xfa/0x790
[  117.193457][ T9672]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  117.199471][ T9672] 
[  117.201788][ T9672] The buggy address belongs to the object at ffff8880a33ec000
[  117.201788][ T9672]  which belongs to the cache kmalloc-32 of size 32
[  117.215825][ T9672] The buggy address is located 0 bytes inside of
[  117.215825][ T9672]  32-byte region [ffff8880a33ec000, ffff8880a33ec020)
[  117.229068][ T9672] The buggy address belongs to the page:
[  117.234918][ T9672] page:ffffea00028cfb00 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a33ecfc1
[  117.245473][ T9672] flags: 0xfffe0000000200(slab)
[  117.250321][ T9672] raw: 00fffe0000000200 ffffea000281e308 ffffea000268c708 ffff8880aa4001c0
[  117.258904][ T9672] raw: ffff8880a33ecfc1 ffff8880a33ec000 0000000100000030 0000000000000000
[  117.267479][ T9672] page dumped because: kasan: bad access detected
[  117.273881][ T9672] 
[  117.276201][ T9672] Memory state around the buggy address:
[  117.281825][ T9672]  ffff8880a33ebf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  117.289932][ T9672]  ffff8880a33ebf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  117.298116][ T9672] >ffff8880a33ec000: 04 fc fc fc fc fc fc fc 00 06 fc fc fc fc fc fc
[  117.306194][ T9672]                    ^
[  117.310262][ T9672]  ffff8880a33ec080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  117.318697][ T9672]  ffff8880a33ec100: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  117.326750][ T9672] ==================================================================
[  117.334855][ T9672] Disabling lock debugging due to kernel taint
[  117.342808][ T9672] Kernel panic - not syncing: panic_on_warn set ...
[  117.349435][ T9672] CPU: 0 PID: 9672 Comm: syz-executor018 Tainted: G    B             5.5.0-rc6-next-20200116-syzkaller #0
[  117.360817][ T9672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  117.370865][ T9672] Call Trace:
[  117.374145][ T9672]  dump_stack+0x197/0x210
[  117.378458][ T9672]  panic+0x2e3/0x75c
[  117.382344][ T9672]  ? add_taint.cold+0x16/0x16
[  117.387029][ T9672]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  117.392673][ T9672]  ? preempt_schedule+0x4b/0x60
[  117.397578][ T9672]  ? ___preempt_schedule+0x16/0x18
[  117.404103][ T9672]  ? trace_hardirqs_on+0x5e/0x240
[  117.409121][ T9672]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  117.414824][ T9672]  end_report+0x47/0x4f
[  117.418981][ T9672]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  117.424650][ T9672]  __kasan_report.cold+0xe/0x32
[  117.429503][ T9672]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  117.435122][ T9672]  kasan_report+0x12/0x20
[  117.439498][ T9672]  check_memory_region+0x134/0x1a0
[  117.444606][ T9672]  __kasan_check_read+0x11/0x20
[  117.449757][ T9672]  bitmap_ipmac_ext_cleanup+0xd8/0x290
[  117.455226][ T9672]  bitmap_ipmac_destroy+0x180/0x1d0
[  117.460535][ T9672]  ip_set_create+0xe47/0x1500
[  117.465228][ T9672]  ? ip_set_destroy+0xb70/0xb70
[  117.470131][ T9672]  ? ip_set_destroy+0xb70/0xb70
[  117.474984][ T9672]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  117.479965][ T9672]  ? nfnetlink_bind+0x2c0/0x2c0
[  117.484925][ T9672]  ? __kasan_check_read+0x11/0x20
[  117.490074][ T9672]  ? __lock_acquire+0x8a0/0x4a00
[  117.495011][ T9672]  ? save_stack+0x5c/0x90
[  117.499449][ T9672]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  117.505684][ T9672]  ? apparmor_capable+0x4df/0x910
[  117.510718][ T9672]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  117.516956][ T9672]  ? __kasan_check_read+0x11/0x20
[  117.521987][ T9672]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  117.527484][ T9672]  netlink_rcv_skb+0x177/0x450
[  117.532251][ T9672]  ? nfnetlink_bind+0x2c0/0x2c0
[  117.537184][ T9672]  ? netlink_ack+0xb50/0xb50
[  117.542209][ T9672]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  117.548499][ T9672]  ? ns_capable_common+0x93/0x100
[  117.553525][ T9672]  ? ns_capable+0x20/0x30
[  117.557853][ T9672]  ? __netlink_ns_capable+0x104/0x140
[  117.563263][ T9672]  nfnetlink_rcv+0x1ba/0x460
[  117.567848][ T9672]  ? nfnetlink_rcv_batch+0x1780/0x1780
[  117.573305][ T9672]  ? netlink_deliver_tap+0x248/0xbf0
[  117.578578][ T9672]  ? __kasan_check_write+0x14/0x20
[  117.583742][ T9672]  netlink_unicast+0x59e/0x7e0
[  117.588492][ T9672]  ? netlink_attachskb+0x870/0x870
[  117.593647][ T9672]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  117.599355][ T9672]  ? __check_object_size+0x3d/0x437
[  117.604607][ T9672]  netlink_sendmsg+0x91c/0xea0
[  117.609436][ T9672]  ? netlink_unicast+0x7e0/0x7e0
[  117.614366][ T9672]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  117.619916][ T9672]  ? apparmor_socket_sendmsg+0x2a/0x30
[  117.625475][ T9672]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  117.632955][ T9672]  ? security_socket_sendmsg+0x8d/0xc0
[  117.638415][ T9672]  ? netlink_unicast+0x7e0/0x7e0
[  117.643430][ T9672]  sock_sendmsg+0xd7/0x130
[  117.647849][ T9672]  ____sys_sendmsg+0x753/0x880
[  117.652715][ T9672]  ? kernel_sendmsg+0x50/0x50
[  117.657382][ T9672]  ___sys_sendmsg+0x100/0x170
[  117.662062][ T9672]  ? sendmsg_copy_msghdr+0x70/0x70
[  117.667169][ T9672]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  117.673149][ T9672]  ? prep_transhuge_page+0xa0/0xa0
[  117.678246][ T9672]  ? do_page_fault+0x579/0x12e1
[  117.683143][ T9672]  ? find_held_lock+0x35/0x130
[  117.687995][ T9672]  ? do_page_fault+0x579/0x12e1
[  117.692885][ T9672]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  117.699162][ T9672]  ? __fget_light+0x1ad/0x270
[  117.703835][ T9672]  ? __fdget+0x1b/0x20
[  117.707931][ T9672]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  117.714166][ T9672]  __sys_sendmsg+0x105/0x1d0
[  117.718744][ T9672]  ? __sys_sendmsg_sock+0xc0/0xc0
[  117.723767][ T9672]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  117.729224][ T9672]  ? do_syscall_64+0x26/0x790
[  117.734037][ T9672]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  117.740223][ T9672]  ? do_syscall_64+0x26/0x790
[  117.744900][ T9672]  __x64_sys_sendmsg+0x78/0xb0
[  117.749658][ T9672]  do_syscall_64+0xfa/0x790
[  117.754197][ T9672]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  117.760141][ T9672] RIP: 0033:0x4413f9
[  117.764024][ T9672] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  117.783650][ T9672] RSP: 002b:00007ffe6ef77788 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  117.792060][ T9672] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413f9
[  117.800019][ T9672] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  117.807974][ T9672] RBP: 000000000001c70f R08: 00000000004002c8 R09: 00000000004002c8
[  117.815950][ T9672] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220
[  117.823955][ T9672] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000
[  117.833366][ T9672] Kernel Offset: disabled
[  117.837695][ T9672] Rebooting in 86400 seconds..