[   96.392465][   T27] kauditd_printk_skb: 1 callbacks suppressed
[   96.392478][   T27] audit: type=1800 audit(1579551644.775:28): pid=9588 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   97.272430][   T27] audit: type=1800 audit(1579551645.655:29): pid=9588 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   97.292700][   T27] audit: type=1800 audit(1579551645.655:30): pid=9588 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [  106.310893][ T9742] ==================================================================
[  106.319112][ T9742] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_ext_cleanup+0xd8/0x290
[  106.329689][ T9742] Read of size 8 at addr ffff8880a6b3e8c0 by task syz-executor808/9742
[  106.338034][ T9742] 
[  106.340376][ T9742] CPU: 1 PID: 9742 Comm: syz-executor808 Not tainted 5.5.0-rc7-syzkaller #0
[  106.349052][ T9742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  106.359176][ T9742] Call Trace:
[  106.362464][ T9742]  dump_stack+0x197/0x210
[  106.366906][ T9742]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  106.372538][ T9742]  print_address_description.constprop.0.cold+0xd4/0x30b
[  106.379565][ T9742]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  106.385199][ T9742]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  106.390822][ T9742]  __kasan_report.cold+0x1b/0x41
[  106.395759][ T9742]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  106.401439][ T9742]  kasan_report+0x12/0x20
[  106.405777][ T9742]  check_memory_region+0x134/0x1a0
[  106.410882][ T9742]  __kasan_check_read+0x11/0x20
[  106.415727][ T9742]  bitmap_ipmac_ext_cleanup+0xd8/0x290
[  106.421267][ T9742]  bitmap_ipmac_destroy+0x180/0x1d0
[  106.426584][ T9742]  ip_set_create+0xe47/0x1500
[  106.431380][ T9742]  ? ip_set_destroy+0xb70/0xb70
[  106.436255][ T9742]  ? ip_set_destroy+0xb70/0xb70
[  106.441110][ T9742]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  106.446048][ T9742]  ? nfnetlink_bind+0x2c0/0x2c0
[  106.450917][ T9742]  ? __kasan_check_read+0x11/0x20
[  106.455939][ T9742]  ? __lock_acquire+0x8a0/0x4a00
[  106.460927][ T9742]  ? save_stack+0x5c/0x90
[  106.465317][ T9742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  106.471560][ T9742]  ? apparmor_capable+0x497/0x900
[  106.476684][ T9742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  106.482939][ T9742]  ? __kasan_check_read+0x11/0x20
[  106.488051][ T9742]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  106.493528][ T9742]  netlink_rcv_skb+0x177/0x450
[  106.498404][ T9742]  ? nfnetlink_bind+0x2c0/0x2c0
[  106.503311][ T9742]  ? netlink_ack+0xb50/0xb50
[  106.507894][ T9742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  106.514144][ T9742]  ? ns_capable_common+0x93/0x100
[  106.519310][ T9742]  ? ns_capable+0x20/0x30
[  106.523704][ T9742]  ? __netlink_ns_capable+0x104/0x140
[  106.529086][ T9742]  nfnetlink_rcv+0x1ba/0x460
[  106.533919][ T9742]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  106.539384][ T9742]  ? netlink_deliver_tap+0x24a/0xbe0
[  106.544737][ T9742]  ? __kasan_check_write+0x14/0x20
[  106.549853][ T9742]  netlink_unicast+0x58c/0x7d0
[  106.557151][ T9742]  ? netlink_attachskb+0x870/0x870
[  106.562490][ T9742]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  106.568205][ T9742]  ? __check_object_size+0x3d/0x437
[  106.573405][ T9742]  netlink_sendmsg+0x91c/0xea0
[  106.578172][ T9742]  ? netlink_unicast+0x7d0/0x7d0
[  106.583124][ T9742]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  106.588741][ T9742]  ? apparmor_socket_sendmsg+0x2a/0x30
[  106.594208][ T9742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  106.600440][ T9742]  ? security_socket_sendmsg+0x8d/0xc0
[  106.605950][ T9742]  ? netlink_unicast+0x7d0/0x7d0
[  106.610882][ T9742]  sock_sendmsg+0xd7/0x130
[  106.615297][ T9742]  ____sys_sendmsg+0x753/0x880
[  106.620077][ T9742]  ? kernel_sendmsg+0x50/0x50
[  106.624813][ T9742]  ? mark_held_locks+0xa4/0xf0
[  106.629582][ T9742]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  106.635648][ T9742]  ? __handle_mm_fault+0x3145/0x3cc0
[  106.641020][ T9742]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  106.647204][ T9742]  ___sys_sendmsg+0x100/0x170
[  106.651872][ T9742]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  106.657863][ T9742]  ? sendmsg_copy_msghdr+0x70/0x70
[  106.662972][ T9742]  ? __do_page_fault+0x56a/0xd80
[  106.667916][ T9742]  ? find_held_lock+0x35/0x130
[  106.672766][ T9742]  ? __do_page_fault+0x56a/0xd80
[  106.677714][ T9742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  106.683958][ T9742]  ? __fget_light+0x1a9/0x230
[  106.688628][ T9742]  ? __fdget+0x1b/0x20
[  106.692700][ T9742]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  106.698949][ T9742]  __sys_sendmsg+0x105/0x1d0
[  106.703541][ T9742]  ? __sys_sendmsg_sock+0xc0/0xc0
[  106.708617][ T9742]  ? down_read_non_owner+0x490/0x490
[  106.713915][ T9742]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  106.719460][ T9742]  ? do_syscall_64+0x26/0x790
[  106.724287][ T9742]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  106.730358][ T9742]  ? do_syscall_64+0x26/0x790
[  106.735036][ T9742]  __x64_sys_sendmsg+0x78/0xb0
[  106.739796][ T9742]  do_syscall_64+0xfa/0x790
[  106.744320][ T9742]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  106.750210][ T9742] RIP: 0033:0x4413f9
[  106.754096][ T9742] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  106.773807][ T9742] RSP: 002b:00007ffe56cab408 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  106.782317][ T9742] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413f9
[  106.790358][ T9742] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  106.798463][ T9742] RBP: 0000000000019f15 R08: 00000000004002c8 R09: 00000000004002c8
[  106.806434][ T9742] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220
[  106.814462][ T9742] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000
[  106.822446][ T9742] 
[  106.824768][ T9742] Allocated by task 9742:
[  106.829103][ T9742]  save_stack+0x23/0x90
[  106.833254][ T9742]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  106.839001][ T9742]  kasan_kmalloc+0x9/0x10
[  106.843333][ T9742]  __kmalloc+0x163/0x770
[  106.847569][ T9742]  ip_set_alloc+0x38/0x5e
[  106.851884][ T9742]  bitmap_ipmac_create+0x4e8/0xa00
[  106.857001][ T9742]  ip_set_create+0x6f1/0x1500
[  106.861722][ T9742]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  106.866708][ T9742]  netlink_rcv_skb+0x177/0x450
[  106.871479][ T9742]  nfnetlink_rcv+0x1ba/0x460
[  106.876066][ T9742]  netlink_unicast+0x58c/0x7d0
[  106.880837][ T9742]  netlink_sendmsg+0x91c/0xea0
[  106.885604][ T9742]  sock_sendmsg+0xd7/0x130
[  106.890147][ T9742]  ____sys_sendmsg+0x753/0x880
[  106.895154][ T9742]  ___sys_sendmsg+0x100/0x170
[  106.899949][ T9742]  __sys_sendmsg+0x105/0x1d0
[  106.904544][ T9742]  __x64_sys_sendmsg+0x78/0xb0
[  106.909470][ T9742]  do_syscall_64+0xfa/0x790
[  106.914151][ T9742]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  106.920036][ T9742] 
[  106.922356][ T9742] Freed by task 9497:
[  106.926330][ T9742]  save_stack+0x23/0x90
[  106.930479][ T9742]  __kasan_slab_free+0x102/0x150
[  106.935407][ T9742]  kasan_slab_free+0xe/0x10
[  106.939908][ T9742]  kfree+0x10a/0x2c0
[  106.943803][ T9742]  tomoyo_path_perm+0x24e/0x430
[  106.948654][ T9742]  tomoyo_inode_getattr+0x1d/0x30
[  106.953797][ T9742]  security_inode_getattr+0xf2/0x150
[  106.959124][ T9742]  vfs_getattr+0x25/0x70
[  106.963366][ T9742]  vfs_statx_fd+0x71/0xc0
[  106.967688][ T9742]  __do_sys_newfstat+0x9b/0x120
[  106.972683][ T9742]  __x64_sys_newfstat+0x54/0x80
[  106.977642][ T9742]  do_syscall_64+0xfa/0x790
[  106.982143][ T9742]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  106.988245][ T9742] 
[  106.990586][ T9742] The buggy address belongs to the object at ffff8880a6b3e8c0
[  106.990586][ T9742]  which belongs to the cache kmalloc-32 of size 32
[  107.004683][ T9742] The buggy address is located 0 bytes inside of
[  107.004683][ T9742]  32-byte region [ffff8880a6b3e8c0, ffff8880a6b3e8e0)
[  107.017814][ T9742] The buggy address belongs to the page:
[  107.023633][ T9742] page:ffffea00029acf80 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a6b3efc1
[  107.034257][ T9742] raw: 00fffe0000000200 ffffea00029ad848 ffffea00029fe1c8 ffff8880aa4001c0
[  107.043146][ T9742] raw: ffff8880a6b3efc1 ffff8880a6b3e000 0000000100000024 0000000000000000
[  107.052101][ T9742] page dumped because: kasan: bad access detected
[  107.058648][ T9742] 
[  107.061241][ T9742] Memory state around the buggy address:
[  107.066877][ T9742]  ffff8880a6b3e780: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[  107.075154][ T9742]  ffff8880a6b3e800: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  107.083218][ T9742] >ffff8880a6b3e880: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc
[  107.091388][ T9742]                                            ^
[  107.097734][ T9742]  ffff8880a6b3e900: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  107.105923][ T9742]  ffff8880a6b3e980: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc
[  107.114126][ T9742] ==================================================================
[  107.122304][ T9742] Disabling lock debugging due to kernel taint
[  107.130907][ T9742] Kernel panic - not syncing: panic_on_warn set ...
[  107.130922][ T9742] CPU: 1 PID: 9742 Comm: syz-executor808 Tainted: G    B             5.5.0-rc7-syzkaller #0
[  107.130936][ T9742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  107.159033][ T9742] Call Trace:
[  107.162686][ T9742]  dump_stack+0x197/0x210
[  107.167403][ T9742]  panic+0x2e3/0x75c
[  107.171393][ T9742]  ? add_taint.cold+0x16/0x16
[  107.176346][ T9742]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  107.182096][ T9742]  ? preempt_schedule+0x4b/0x60
[  107.187034][ T9742]  ? ___preempt_schedule+0x16/0x18
[  107.192143][ T9742]  ? trace_hardirqs_on+0x5e/0x240
[  107.197541][ T9742]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  107.203326][ T9742]  end_report+0x47/0x4f
[  107.207650][ T9742]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  107.213286][ T9742]  __kasan_report.cold+0xe/0x41
[  107.218404][ T9742]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  107.224330][ T9742]  kasan_report+0x12/0x20
[  107.228869][ T9742]  check_memory_region+0x134/0x1a0
[  107.234140][ T9742]  __kasan_check_read+0x11/0x20
[  107.239250][ T9742]  bitmap_ipmac_ext_cleanup+0xd8/0x290
[  107.244931][ T9742]  bitmap_ipmac_destroy+0x180/0x1d0
[  107.250495][ T9742]  ip_set_create+0xe47/0x1500
[  107.255498][ T9742]  ? ip_set_destroy+0xb70/0xb70
[  107.260608][ T9742]  ? ip_set_destroy+0xb70/0xb70
[  107.265621][ T9742]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  107.270654][ T9742]  ? nfnetlink_bind+0x2c0/0x2c0
[  107.275655][ T9742]  ? __kasan_check_read+0x11/0x20
[  107.280892][ T9742]  ? __lock_acquire+0x8a0/0x4a00
[  107.286228][ T9742]  ? save_stack+0x5c/0x90
[  107.291793][ T9742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.298155][ T9742]  ? apparmor_capable+0x497/0x900
[  107.303522][ T9742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.309898][ T9742]  ? __kasan_check_read+0x11/0x20
[  107.315423][ T9742]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  107.321120][ T9742]  netlink_rcv_skb+0x177/0x450
[  107.326031][ T9742]  ? nfnetlink_bind+0x2c0/0x2c0
[  107.331175][ T9742]  ? netlink_ack+0xb50/0xb50
[  107.335951][ T9742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.342704][ T9742]  ? ns_capable_common+0x93/0x100
[  107.348118][ T9742]  ? ns_capable+0x20/0x30
[  107.352552][ T9742]  ? __netlink_ns_capable+0x104/0x140
[  107.358377][ T9742]  nfnetlink_rcv+0x1ba/0x460
[  107.363655][ T9742]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  107.369443][ T9742]  ? netlink_deliver_tap+0x24a/0xbe0
[  107.375672][ T9742]  ? __kasan_check_write+0x14/0x20
[  107.381067][ T9742]  netlink_unicast+0x58c/0x7d0
[  107.385848][ T9742]  ? netlink_attachskb+0x870/0x870
[  107.391432][ T9742]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  107.397300][ T9742]  ? __check_object_size+0x3d/0x437
[  107.402952][ T9742]  netlink_sendmsg+0x91c/0xea0
[  107.408243][ T9742]  ? netlink_unicast+0x7d0/0x7d0
[  107.413247][ T9742]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  107.419218][ T9742]  ? apparmor_socket_sendmsg+0x2a/0x30
[  107.424682][ T9742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.431049][ T9742]  ? security_socket_sendmsg+0x8d/0xc0
[  107.436746][ T9742]  ? netlink_unicast+0x7d0/0x7d0
[  107.442044][ T9742]  sock_sendmsg+0xd7/0x130
[  107.446590][ T9742]  ____sys_sendmsg+0x753/0x880
[  107.451363][ T9742]  ? kernel_sendmsg+0x50/0x50
[  107.456134][ T9742]  ? mark_held_locks+0xa4/0xf0
[  107.460920][ T9742]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  107.467127][ T9742]  ? __handle_mm_fault+0x3145/0x3cc0
[  107.472541][ T9742]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  107.479107][ T9742]  ___sys_sendmsg+0x100/0x170
[  107.483976][ T9742]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  107.490027][ T9742]  ? sendmsg_copy_msghdr+0x70/0x70
[  107.495314][ T9742]  ? __do_page_fault+0x56a/0xd80
[  107.500394][ T9742]  ? find_held_lock+0x35/0x130
[  107.505177][ T9742]  ? __do_page_fault+0x56a/0xd80
[  107.510239][ T9742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.516745][ T9742]  ? __fget_light+0x1a9/0x230
[  107.521828][ T9742]  ? __fdget+0x1b/0x20
[  107.526263][ T9742]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  107.532886][ T9742]  __sys_sendmsg+0x105/0x1d0
[  107.537731][ T9742]  ? __sys_sendmsg_sock+0xc0/0xc0
[  107.542902][ T9742]  ? down_read_non_owner+0x490/0x490
[  107.548628][ T9742]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  107.554324][ T9742]  ? do_syscall_64+0x26/0x790
[  107.559270][ T9742]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  107.565537][ T9742]  ? do_syscall_64+0x26/0x790
[  107.570524][ T9742]  __x64_sys_sendmsg+0x78/0xb0
[  107.575297][ T9742]  do_syscall_64+0xfa/0x790
[  107.579969][ T9742]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  107.586244][ T9742] RIP: 0033:0x4413f9
[  107.590294][ T9742] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  107.610785][ T9742] RSP: 002b:00007ffe56cab408 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  107.619649][ T9742] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413f9
[  107.627805][ T9742] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  107.636093][ T9742] RBP: 0000000000019f15 R08: 00000000004002c8 R09: 00000000004002c8
[  107.644299][ T9742] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220
[  107.652314][ T9742] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000
[  107.662194][ T9742] Kernel Offset: disabled
[  107.666946][ T9742] Rebooting in 86400 seconds..