[   88.250081][   T27] audit: type=1800 audit(1579499669.010:25): pid=9627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   89.204479][   T27] kauditd_printk_skb: 3 callbacks suppressed
[   89.204493][   T27] audit: type=1800 audit(1579499669.970:29): pid=9627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   89.232223][   T27] audit: type=1800 audit(1579499669.970:30): pid=9627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   99.711138][ T9781] ==================================================================
[   99.719505][ T9781] BUG: KASAN: use-after-free in bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.727486][ T9781] Read of size 8 at addr ffff888097bdaac0 by task syz-executor541/9781
[   99.735922][ T9781] 
[   99.738249][ T9781] CPU: 1 PID: 9781 Comm: syz-executor541 Not tainted 5.5.0-rc6-syzkaller #0
[   99.747022][ T9781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   99.757596][ T9781] Call Trace:
[   99.760979][ T9781]  dump_stack+0x197/0x210
[   99.765463][ T9781]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.771153][ T9781]  print_address_description.constprop.0.cold+0xd4/0x30b
[   99.778168][ T9781]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.783798][ T9781]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.789536][ T9781]  __kasan_report.cold+0x1b/0x41
[   99.794464][ T9781]  ? kfree+0x210/0x2c0
[   99.798533][ T9781]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.804164][ T9781]  kasan_report+0x12/0x20
[   99.808560][ T9781]  check_memory_region+0x134/0x1a0
[   99.814534][ T9781]  __kasan_check_read+0x11/0x20
[   99.819372][ T9781]  bitmap_ipmac_ext_cleanup+0xd8/0x290
[   99.824838][ T9781]  bitmap_ipmac_destroy+0x17c/0x1d0
[   99.830182][ T9781]  ip_set_create+0xe47/0x1500
[   99.834871][ T9781]  ? ip_set_destroy+0xb70/0xb70
[   99.839747][ T9781]  ? ip_set_destroy+0xb70/0xb70
[   99.844604][ T9781]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   99.849549][ T9781]  ? nfnetlink_bind+0x2c0/0x2c0
[   99.854406][ T9781]  ? __kasan_check_read+0x11/0x20
[   99.859620][ T9781]  ? __lock_acquire+0x8a0/0x4a00
[   99.864549][ T9781]  ? save_stack+0x5c/0x90
[   99.868960][ T9781]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.875202][ T9781]  ? apparmor_capable+0x497/0x900
[   99.880222][ T9781]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.886463][ T9781]  ? __kasan_check_read+0x11/0x20
[   99.891617][ T9781]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   99.897081][ T9781]  netlink_rcv_skb+0x177/0x450
[   99.901843][ T9781]  ? nfnetlink_bind+0x2c0/0x2c0
[   99.906692][ T9781]  ? netlink_ack+0xb50/0xb50
[   99.911283][ T9781]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   99.917612][ T9781]  ? ns_capable_common+0x93/0x100
[   99.922642][ T9781]  ? ns_capable+0x20/0x30
[   99.926969][ T9781]  ? __netlink_ns_capable+0x104/0x140
[   99.932335][ T9781]  nfnetlink_rcv+0x1ba/0x460
[   99.936931][ T9781]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   99.942383][ T9781]  ? netlink_deliver_tap+0x24a/0xbe0
[   99.947653][ T9781]  ? __kasan_check_write+0x14/0x20
[   99.952764][ T9781]  netlink_unicast+0x58c/0x7d0
[   99.957583][ T9781]  ? netlink_attachskb+0x870/0x870
[   99.962688][ T9781]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   99.968398][ T9781]  ? __check_object_size+0x3d/0x437
[   99.973702][ T9781]  netlink_sendmsg+0x91c/0xea0
[   99.978534][ T9781]  ? netlink_unicast+0x7d0/0x7d0
[   99.983474][ T9781]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   99.989047][ T9781]  ? apparmor_socket_sendmsg+0x2a/0x30
[   99.994557][ T9781]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  100.000794][ T9781]  ? security_socket_sendmsg+0x8d/0xc0
[  100.006258][ T9781]  ? netlink_unicast+0x7d0/0x7d0
[  100.011243][ T9781]  sock_sendmsg+0xd7/0x130
[  100.015683][ T9781]  ____sys_sendmsg+0x753/0x880
[  100.020448][ T9781]  ? kernel_sendmsg+0x50/0x50
[  100.025114][ T9781]  ? mark_held_locks+0xa4/0xf0
[  100.029880][ T9781]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  100.036044][ T9781]  ___sys_sendmsg+0x100/0x170
[  100.040718][ T9781]  ? sendmsg_copy_msghdr+0x70/0x70
[  100.045975][ T9781]  ? prep_transhuge_page+0xa0/0xa0
[  100.051196][ T9781]  ? __do_page_fault+0x56a/0xd80
[  100.056116][ T9781]  ? find_held_lock+0x35/0x130
[  100.060886][ T9781]  ? __do_page_fault+0x56a/0xd80
[  100.065818][ T9781]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  100.072051][ T9781]  ? __fget_light+0x1a9/0x230
[  100.076718][ T9781]  ? __fdget+0x1b/0x20
[  100.080779][ T9781]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  100.087122][ T9781]  __sys_sendmsg+0x105/0x1d0
[  100.091784][ T9781]  ? __sys_sendmsg_sock+0xc0/0xc0
[  100.096834][ T9781]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  100.102319][ T9781]  ? do_fast_syscall_32+0xd1/0xe16
[  100.107434][ T9781]  ? entry_SYSENTER_compat+0x70/0x7f
[  100.112775][ T9781]  ? do_fast_syscall_32+0xd1/0xe16
[  100.117888][ T9781]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[  100.123349][ T9781]  do_fast_syscall_32+0x27b/0xe16
[  100.128375][ T9781]  entry_SYSENTER_compat+0x70/0x7f
[  100.133534][ T9781] RIP: 0023:0xf7ff89a9
[  100.137592][ T9781] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  100.157512][ T9781] RSP: 002b:00000000ffbe31bc EFLAGS: 00000202 ORIG_RAX: 0000000000000172
[  100.166026][ T9781] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000300
[  100.174262][ T9781] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000ffbe32d4
[  100.182233][ T9781] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  100.190198][ T9781] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  100.198248][ T9781] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  100.206221][ T9781] 
[  100.208634][ T9781] Allocated by task 9781:
[  100.212975][ T9781]  save_stack+0x23/0x90
[  100.217246][ T9781]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  100.222886][ T9781]  kasan_kmalloc+0x9/0x10
[  100.227226][ T9781]  __kmalloc+0x163/0x770
[  100.231462][ T9781]  ip_set_alloc+0x38/0x5e
[  100.235804][ T9781]  bitmap_ipmac_create+0x4e8/0xa00
[  100.241026][ T9781]  ip_set_create+0x6f1/0x1500
[  100.245698][ T9781]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  100.250671][ T9781]  netlink_rcv_skb+0x177/0x450
[  100.255458][ T9781]  nfnetlink_rcv+0x1ba/0x460
[  100.260081][ T9781]  netlink_unicast+0x58c/0x7d0
[  100.264839][ T9781]  netlink_sendmsg+0x91c/0xea0
[  100.269595][ T9781]  sock_sendmsg+0xd7/0x130
[  100.274003][ T9781]  ____sys_sendmsg+0x753/0x880
[  100.278930][ T9781]  ___sys_sendmsg+0x100/0x170
[  100.283830][ T9781]  __sys_sendmsg+0x105/0x1d0
[  100.288534][ T9781]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[  100.293993][ T9781]  do_fast_syscall_32+0x27b/0xe16
[  100.299064][ T9781]  entry_SYSENTER_compat+0x70/0x7f
[  100.304172][ T9781] 
[  100.306486][ T9781] Freed by task 9781:
[  100.310476][ T9781]  save_stack+0x23/0x90
[  100.314641][ T9781]  __kasan_slab_free+0x102/0x150
[  100.319655][ T9781]  kasan_slab_free+0xe/0x10
[  100.324144][ T9781]  kfree+0x10a/0x2c0
[  100.328048][ T9781]  kvfree+0x61/0x70
[  100.331864][ T9781]  ip_set_free+0x16/0x20
[  100.336105][ T9781]  bitmap_ipmac_destroy+0xae/0x1d0
[  100.341202][ T9781]  ip_set_create+0xe47/0x1500
[  100.345969][ T9781]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  100.351012][ T9781]  netlink_rcv_skb+0x177/0x450
[  100.355930][ T9781]  nfnetlink_rcv+0x1ba/0x460
[  100.360511][ T9781]  netlink_unicast+0x58c/0x7d0
[  100.365266][ T9781]  netlink_sendmsg+0x91c/0xea0
[  100.370112][ T9781]  sock_sendmsg+0xd7/0x130
[  100.374524][ T9781]  ____sys_sendmsg+0x753/0x880
[  100.379280][ T9781]  ___sys_sendmsg+0x100/0x170
[  100.383963][ T9781]  __sys_sendmsg+0x105/0x1d0
[  100.388544][ T9781]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[  100.394000][ T9781]  do_fast_syscall_32+0x27b/0xe16
[  100.399061][ T9781]  entry_SYSENTER_compat+0x70/0x7f
[  100.404227][ T9781] 
[  100.406543][ T9781] The buggy address belongs to the object at ffff888097bdaac0
[  100.406543][ T9781]  which belongs to the cache kmalloc-32 of size 32
[  100.420751][ T9781] The buggy address is located 0 bytes inside of
[  100.420751][ T9781]  32-byte region [ffff888097bdaac0, ffff888097bdaae0)
[  100.434826][ T9781] The buggy address belongs to the page:
[  100.440457][ T9781] page:ffffea00025ef680 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff888097bdafc1
[  100.450858][ T9781] raw: 00fffe0000000200 ffffea00025e2948 ffffea0002a26848 ffff8880aa4001c0
[  100.459526][ T9781] raw: ffff888097bdafc1 ffff888097bda000 000000010000002d 0000000000000000
[  100.468125][ T9781] page dumped because: kasan: bad access detected
[  100.474524][ T9781] 
[  100.476862][ T9781] Memory state around the buggy address:
[  100.482477][ T9781]  ffff888097bda980: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  100.490531][ T9781]  ffff888097bdaa00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  100.498579][ T9781] >ffff888097bdaa80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  100.506731][ T9781]                                            ^
[  100.512878][ T9781]  ffff888097bdab00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  100.520997][ T9781]  ffff888097bdab80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  100.529040][ T9781] ==================================================================
[  100.537166][ T9781] Disabling lock debugging due to kernel taint
[  100.544165][ T9781] Kernel panic - not syncing: panic_on_warn set ...
[  100.550760][ T9781] CPU: 1 PID: 9781 Comm: syz-executor541 Tainted: G    B             5.5.0-rc6-syzkaller #0
[  100.560802][ T9781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  100.570973][ T9781] Call Trace:
[  100.574250][ T9781]  dump_stack+0x197/0x210
[  100.578570][ T9781]  panic+0x2e3/0x75c
[  100.582461][ T9781]  ? add_taint.cold+0x16/0x16
[  100.587234][ T9781]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  100.592862][ T9781]  ? preempt_schedule+0x4b/0x60
[  100.597730][ T9781]  ? ___preempt_schedule+0x16/0x18
[  100.602833][ T9781]  ? trace_hardirqs_on+0x5e/0x240
[  100.607855][ T9781]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  100.613549][ T9781]  end_report+0x47/0x4f
[  100.617693][ T9781]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  100.623318][ T9781]  __kasan_report.cold+0xe/0x41
[  100.628164][ T9781]  ? kfree+0x210/0x2c0
[  100.632219][ T9781]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  100.637841][ T9781]  kasan_report+0x12/0x20
[  100.642162][ T9781]  check_memory_region+0x134/0x1a0
[  100.647307][ T9781]  __kasan_check_read+0x11/0x20
[  100.652150][ T9781]  bitmap_ipmac_ext_cleanup+0xd8/0x290
[  100.657598][ T9781]  bitmap_ipmac_destroy+0x17c/0x1d0
[  100.662781][ T9781]  ip_set_create+0xe47/0x1500
[  100.667469][ T9781]  ? ip_set_destroy+0xb70/0xb70
[  100.672320][ T9781]  ? ip_set_destroy+0xb70/0xb70
[  100.677166][ T9781]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  100.682196][ T9781]  ? nfnetlink_bind+0x2c0/0x2c0
[  100.687037][ T9781]  ? __kasan_check_read+0x11/0x20
[  100.693005][ T9781]  ? __lock_acquire+0x8a0/0x4a00
[  100.697937][ T9781]  ? save_stack+0x5c/0x90
[  100.702251][ T9781]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  100.708495][ T9781]  ? apparmor_capable+0x497/0x900
[  100.713535][ T9781]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  100.721185][ T9781]  ? __kasan_check_read+0x11/0x20
[  100.726197][ T9781]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  100.731643][ T9781]  netlink_rcv_skb+0x177/0x450
[  100.736392][ T9781]  ? nfnetlink_bind+0x2c0/0x2c0
[  100.741429][ T9781]  ? netlink_ack+0xb50/0xb50
[  100.746017][ T9781]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  100.752244][ T9781]  ? ns_capable_common+0x93/0x100
[  100.757263][ T9781]  ? ns_capable+0x20/0x30
[  100.761578][ T9781]  ? __netlink_ns_capable+0x104/0x140
[  100.766942][ T9781]  nfnetlink_rcv+0x1ba/0x460
[  100.771620][ T9781]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  100.777182][ T9781]  ? netlink_deliver_tap+0x24a/0xbe0
[  100.782495][ T9781]  ? __kasan_check_write+0x14/0x20
[  100.787659][ T9781]  netlink_unicast+0x58c/0x7d0
[  100.792420][ T9781]  ? netlink_attachskb+0x870/0x870
[  100.797520][ T9781]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  100.803239][ T9781]  ? __check_object_size+0x3d/0x437
[  100.808426][ T9781]  netlink_sendmsg+0x91c/0xea0
[  100.813231][ T9781]  ? netlink_unicast+0x7d0/0x7d0
[  100.818225][ T9781]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  100.823856][ T9781]  ? apparmor_socket_sendmsg+0x2a/0x30
[  100.829296][ T9781]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  100.835570][ T9781]  ? security_socket_sendmsg+0x8d/0xc0
[  100.841109][ T9781]  ? netlink_unicast+0x7d0/0x7d0
[  100.846075][ T9781]  sock_sendmsg+0xd7/0x130
[  100.850487][ T9781]  ____sys_sendmsg+0x753/0x880
[  100.855235][ T9781]  ? kernel_sendmsg+0x50/0x50
[  100.859931][ T9781]  ? mark_held_locks+0xa4/0xf0
[  100.864679][ T9781]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  100.870742][ T9781]  ___sys_sendmsg+0x100/0x170
[  100.875422][ T9781]  ? sendmsg_copy_msghdr+0x70/0x70
[  100.880518][ T9781]  ? prep_transhuge_page+0xa0/0xa0
[  100.885622][ T9781]  ? __do_page_fault+0x56a/0xd80
[  100.890653][ T9781]  ? find_held_lock+0x35/0x130
[  100.895467][ T9781]  ? __do_page_fault+0x56a/0xd80
[  100.900551][ T9781]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  100.906777][ T9781]  ? __fget_light+0x1a9/0x230
[  100.911588][ T9781]  ? __fdget+0x1b/0x20
[  100.915649][ T9781]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  100.921888][ T9781]  __sys_sendmsg+0x105/0x1d0
[  100.926492][ T9781]  ? __sys_sendmsg_sock+0xc0/0xc0
[  100.931508][ T9781]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  100.936956][ T9781]  ? do_fast_syscall_32+0xd1/0xe16
[  100.942051][ T9781]  ? entry_SYSENTER_compat+0x70/0x7f
[  100.947329][ T9781]  ? do_fast_syscall_32+0xd1/0xe16
[  100.952443][ T9781]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[  100.957890][ T9781]  do_fast_syscall_32+0x27b/0xe16
[  100.963254][ T9781]  entry_SYSENTER_compat+0x70/0x7f
[  100.968476][ T9781] RIP: 0023:0xf7ff89a9
[  100.972548][ T9781] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  100.992140][ T9781] RSP: 002b:00000000ffbe31bc EFLAGS: 00000202 ORIG_RAX: 0000000000000172
[  101.000542][ T9781] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000300
[  101.008561][ T9781] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000ffbe32d4
[  101.016670][ T9781] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  101.024655][ T9781] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  101.032715][ T9781] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  101.042531][ T9781] Kernel Offset: disabled
[  101.047010][ T9781] Rebooting in 86400 seconds..