[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   70.977006][   T27] audit: type=1800 audit(1579380784.181:25): pid=9736 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   71.007649][   T27] audit: type=1800 audit(1579380784.191:26): pid=9736 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   71.048664][   T27] audit: type=1800 audit(1579380784.191:27): pid=9736 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.71' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   88.929803][ T9890] ==================================================================
[   88.939821][ T9890] BUG: KASAN: use-after-free in bitmap_port_ext_cleanup+0xe6/0x2a0
[   88.948541][ T9890] Read of size 8 at addr ffff88809a964c00 by task syz-executor202/9890
[   88.957766][ T9890] 
[   88.960590][ T9890] CPU: 0 PID: 9890 Comm: syz-executor202 Not tainted 5.5.0-rc6-syzkaller #0
[   88.972620][ T9890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   88.983988][ T9890] Call Trace:
[   88.988964][ T9890]  dump_stack+0x197/0x210
[   88.994234][ T9890]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   89.001031][ T9890]  print_address_description.constprop.0.cold+0xd4/0x30b
[   89.009397][ T9890]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   89.016440][ T9890]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   89.022689][ T9890]  __kasan_report.cold+0x1b/0x41
[   89.028075][ T9890]  ? kfree+0x180/0x2c0
[   89.033249][ T9890]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   89.039220][ T9890]  kasan_report+0x12/0x20
[   89.043815][ T9890]  check_memory_region+0x134/0x1a0
[   89.051056][ T9890]  __kasan_check_read+0x11/0x20
[   89.056385][ T9890]  bitmap_port_ext_cleanup+0xe6/0x2a0
[   89.062780][ T9890]  bitmap_port_destroy+0x17c/0x1d0
[   89.069999][ T9890]  ip_set_create+0xe47/0x1500
[   89.075162][ T9890]  ? ip_set_destroy+0xb70/0xb70
[   89.081334][ T9890]  ? ip_set_destroy+0xb70/0xb70
[   89.087703][ T9890]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   89.093858][ T9890]  ? nfnetlink_bind+0x2c0/0x2c0
[   89.100170][ T9890]  ? __kasan_check_read+0x11/0x20
[   89.105575][ T9890]  ? __lock_acquire+0x8a0/0x4a00
[   89.110935][ T9890]  ? save_stack+0x5c/0x90
[   89.116733][ T9890]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.124960][ T9890]  ? apparmor_capable+0x497/0x900
[   89.131385][ T9890]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.139538][ T9890]  ? __kasan_check_read+0x11/0x20
[   89.146492][ T9890]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   89.152597][ T9890]  netlink_rcv_skb+0x177/0x450
[   89.157896][ T9890]  ? nfnetlink_bind+0x2c0/0x2c0
[   89.164702][ T9890]  ? netlink_ack+0xb50/0xb50
[   89.169513][ T9890]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.176045][ T9890]  ? ns_capable_common+0x93/0x100
[   89.181501][ T9890]  ? ns_capable+0x20/0x30
[   89.186171][ T9890]  ? __netlink_ns_capable+0x104/0x140
[   89.191897][ T9890]  nfnetlink_rcv+0x1ba/0x460
[   89.196864][ T9890]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   89.202766][ T9890]  ? netlink_deliver_tap+0x24a/0xbe0
[   89.208562][ T9890]  ? __kasan_check_write+0x14/0x20
[   89.213680][ T9890]  netlink_unicast+0x58c/0x7d0
[   89.218677][ T9890]  ? netlink_attachskb+0x870/0x870
[   89.224191][ T9890]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   89.230758][ T9890]  ? __check_object_size+0x3d/0x437
[   89.236447][ T9890]  netlink_sendmsg+0x91c/0xea0
[   89.241692][ T9890]  ? netlink_unicast+0x7d0/0x7d0
[   89.247586][ T9890]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   89.254328][ T9890]  ? apparmor_socket_sendmsg+0x2a/0x30
[   89.259927][ T9890]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.267107][ T9890]  ? security_socket_sendmsg+0x8d/0xc0
[   89.272964][ T9890]  ? netlink_unicast+0x7d0/0x7d0
[   89.278378][ T9890]  sock_sendmsg+0xd7/0x130
[   89.283422][ T9890]  ____sys_sendmsg+0x753/0x880
[   89.288767][ T9890]  ? kernel_sendmsg+0x50/0x50
[   89.293950][ T9890]  ? mark_held_locks+0xa4/0xf0
[   89.301320][ T9890]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   89.309386][ T9890]  ? __handle_mm_fault+0x3145/0x3cc0
[   89.315610][ T9890]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   89.323447][ T9890]  ___sys_sendmsg+0x100/0x170
[   89.328705][ T9890]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   89.335569][ T9890]  ? sendmsg_copy_msghdr+0x70/0x70
[   89.341683][ T9890]  ? __do_page_fault+0x56a/0xd80
[   89.347539][ T9890]  ? find_held_lock+0x35/0x130
[   89.352501][ T9890]  ? __do_page_fault+0x56a/0xd80
[   89.357854][ T9890]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.364645][ T9890]  ? __fget_light+0x1a9/0x230
[   89.370529][ T9890]  ? __fdget+0x1b/0x20
[   89.375169][ T9890]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   89.382139][ T9890]  __sys_sendmsg+0x105/0x1d0
[   89.387320][ T9890]  ? __sys_sendmsg_sock+0xc0/0xc0
[   89.392842][ T9890]  ? down_read_non_owner+0x490/0x490
[   89.398619][ T9890]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   89.404999][ T9890]  ? do_syscall_64+0x26/0x790
[   89.410383][ T9890]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   89.417329][ T9890]  ? do_syscall_64+0x26/0x790
[   89.423021][ T9890]  __x64_sys_sendmsg+0x78/0xb0
[   89.428626][ T9890]  do_syscall_64+0xfa/0x790
[   89.433859][ T9890]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   89.440479][ T9890] RIP: 0033:0x441399
[   89.444667][ T9890] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   89.469367][ T9890] RSP: 002b:00007ffe3e6a3a98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   89.479076][ T9890] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441399
[   89.489170][ T9890] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003
[   89.500362][ T9890] RBP: 0000000000015b2d R08: 00000000004002c8 R09: 00000000004002c8
[   89.508779][ T9890] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004021c0
[   89.516967][ T9890] R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000
[   89.525189][ T9890] 
[   89.528083][ T9890] Allocated by task 9890:
[   89.534521][ T9890]  save_stack+0x23/0x90
[   89.539201][ T9890]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   89.545523][ T9890]  kasan_kmalloc+0x9/0x10
[   89.550988][ T9890]  __kmalloc+0x163/0x770
[   89.555740][ T9890]  ip_set_alloc+0x38/0x5e
[   89.560471][ T9890]  bitmap_port_create+0x3dc/0x7c0
[   89.566066][ T9890]  ip_set_create+0x6f1/0x1500
[   89.571057][ T9890]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   89.576479][ T9890]  netlink_rcv_skb+0x177/0x450
[   89.582548][ T9890]  nfnetlink_rcv+0x1ba/0x460
[   89.587976][ T9890]  netlink_unicast+0x58c/0x7d0
[   89.594101][ T9890]  netlink_sendmsg+0x91c/0xea0
[   89.601425][ T9890]  sock_sendmsg+0xd7/0x130
[   89.608098][ T9890]  ____sys_sendmsg+0x753/0x880
[   89.613447][ T9890]  ___sys_sendmsg+0x100/0x170
[   89.618852][ T9890]  __sys_sendmsg+0x105/0x1d0
[   89.623894][ T9890]  __x64_sys_sendmsg+0x78/0xb0
[   89.629676][ T9890]  do_syscall_64+0xfa/0x790
[   89.635274][ T9890]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   89.642044][ T9890] 
[   89.645017][ T9890] Freed by task 9890:
[   89.650397][ T9890]  save_stack+0x23/0x90
[   89.656144][ T9890]  __kasan_slab_free+0x102/0x150
[   89.662438][ T9890]  kasan_slab_free+0xe/0x10
[   89.668094][ T9890]  kfree+0x10a/0x2c0
[   89.673142][ T9890]  kvfree+0x61/0x70
[   89.678023][ T9890]  ip_set_free+0x16/0x20
[   89.683431][ T9890]  bitmap_port_destroy+0xae/0x1d0
[   89.688468][ T9890]  ip_set_create+0xe47/0x1500
[   89.694035][ T9890]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   89.700743][ T9890]  netlink_rcv_skb+0x177/0x450
[   89.708219][ T9890]  nfnetlink_rcv+0x1ba/0x460
[   89.713833][ T9890]  netlink_unicast+0x58c/0x7d0
[   89.720568][ T9890]  netlink_sendmsg+0x91c/0xea0
[   89.726457][ T9890]  sock_sendmsg+0xd7/0x130
[   89.733549][ T9890]  ____sys_sendmsg+0x753/0x880
[   89.740734][ T9890]  ___sys_sendmsg+0x100/0x170
[   89.747122][ T9890]  __sys_sendmsg+0x105/0x1d0
[   89.752581][ T9890]  __x64_sys_sendmsg+0x78/0xb0
[   89.757966][ T9890]  do_syscall_64+0xfa/0x790
[   89.763771][ T9890]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   89.771036][ T9890] 
[   89.773989][ T9890] The buggy address belongs to the object at ffff88809a964c00
[   89.773989][ T9890]  which belongs to the cache kmalloc-32 of size 32
[   89.792554][ T9890] The buggy address is located 0 bytes inside of
[   89.792554][ T9890]  32-byte region [ffff88809a964c00, ffff88809a964c20)
[   89.809966][ T9890] The buggy address belongs to the page:
[   89.817173][ T9890] page:ffffea00026a5900 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809a964fc1
[   89.830462][ T9890] raw: 00fffe0000000200 ffffea00028f6988 ffffea00029dfd08 ffff8880aa4001c0
[   89.841702][ T9890] raw: ffff88809a964fc1 ffff88809a964000 000000010000003b 0000000000000000
[   89.852467][ T9890] page dumped because: kasan: bad access detected
[   89.859542][ T9890] 
[   89.875065][ T9890] Memory state around the buggy address:
[   89.885201][ T9890]  ffff88809a964b00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   89.899479][ T9890]  ffff88809a964b80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   89.909375][ T9890] >ffff88809a964c00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   89.918646][ T9890]                    ^
[   89.923172][ T9890]  ffff88809a964c80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   89.934620][ T9890]  ffff88809a964d00: 00 00 07 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   89.943348][ T9890] ==================================================================
[   89.953523][ T9890] Disabling lock debugging due to kernel taint
[   89.961871][ T9890] Kernel panic - not syncing: panic_on_warn set ...
[   89.969097][ T9890] CPU: 0 PID: 9890 Comm: syz-executor202 Tainted: G    B             5.5.0-rc6-syzkaller #0
[   89.982670][ T9890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   89.994255][ T9890] Call Trace:
[   89.997948][ T9890]  dump_stack+0x197/0x210
[   90.002282][ T9890]  panic+0x2e3/0x75c
[   90.006180][ T9890]  ? add_taint.cold+0x16/0x16
[   90.011331][ T9890]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   90.017167][ T9890]  ? preempt_schedule+0x4b/0x60
[   90.022152][ T9890]  ? ___preempt_schedule+0x16/0x18
[   90.027705][ T9890]  ? trace_hardirqs_on+0x5e/0x240
[   90.032730][ T9890]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   90.038361][ T9890]  end_report+0x47/0x4f
[   90.042690][ T9890]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   90.048521][ T9890]  __kasan_report.cold+0xe/0x41
[   90.053679][ T9890]  ? kfree+0x180/0x2c0
[   90.057909][ T9890]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   90.064433][ T9890]  kasan_report+0x12/0x20
[   90.069101][ T9890]  check_memory_region+0x134/0x1a0
[   90.074296][ T9890]  __kasan_check_read+0x11/0x20
[   90.079276][ T9890]  bitmap_port_ext_cleanup+0xe6/0x2a0
[   90.084819][ T9890]  bitmap_port_destroy+0x17c/0x1d0
[   90.090482][ T9890]  ip_set_create+0xe47/0x1500
[   90.095979][ T9890]  ? ip_set_destroy+0xb70/0xb70
[   90.100961][ T9890]  ? ip_set_destroy+0xb70/0xb70
[   90.106820][ T9890]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   90.112172][ T9890]  ? nfnetlink_bind+0x2c0/0x2c0
[   90.117023][ T9890]  ? __kasan_check_read+0x11/0x20
[   90.122305][ T9890]  ? __lock_acquire+0x8a0/0x4a00
[   90.127251][ T9890]  ? save_stack+0x5c/0x90
[   90.131579][ T9890]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   90.138187][ T9890]  ? apparmor_capable+0x497/0x900
[   90.143348][ T9890]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   90.150103][ T9890]  ? __kasan_check_read+0x11/0x20
[   90.155385][ T9890]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   90.160960][ T9890]  netlink_rcv_skb+0x177/0x450
[   90.165901][ T9890]  ? nfnetlink_bind+0x2c0/0x2c0
[   90.170754][ T9890]  ? netlink_ack+0xb50/0xb50
[   90.175695][ T9890]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   90.182294][ T9890]  ? ns_capable_common+0x93/0x100
[   90.188715][ T9890]  ? ns_capable+0x20/0x30
[   90.193252][ T9890]  ? __netlink_ns_capable+0x104/0x140
[   90.199007][ T9890]  nfnetlink_rcv+0x1ba/0x460
[   90.203618][ T9890]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   90.209126][ T9890]  ? netlink_deliver_tap+0x24a/0xbe0
[   90.214544][ T9890]  ? __kasan_check_write+0x14/0x20
[   90.219988][ T9890]  netlink_unicast+0x58c/0x7d0
[   90.225157][ T9890]  ? netlink_attachskb+0x870/0x870
[   90.231316][ T9890]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   90.237470][ T9890]  ? __check_object_size+0x3d/0x437
[   90.242869][ T9890]  netlink_sendmsg+0x91c/0xea0
[   90.247640][ T9890]  ? netlink_unicast+0x7d0/0x7d0
[   90.252583][ T9890]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   90.258564][ T9890]  ? apparmor_socket_sendmsg+0x2a/0x30
[   90.264767][ T9890]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   90.272210][ T9890]  ? security_socket_sendmsg+0x8d/0xc0
[   90.277882][ T9890]  ? netlink_unicast+0x7d0/0x7d0
[   90.283846][ T9890]  sock_sendmsg+0xd7/0x130
[   90.289329][ T9890]  ____sys_sendmsg+0x753/0x880
[   90.294522][ T9890]  ? kernel_sendmsg+0x50/0x50
[   90.299390][ T9890]  ? mark_held_locks+0xa4/0xf0
[   90.308413][ T9890]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   90.314975][ T9890]  ? __handle_mm_fault+0x3145/0x3cc0
[   90.320422][ T9890]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   90.326761][ T9890]  ___sys_sendmsg+0x100/0x170
[   90.331595][ T9890]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   90.342008][ T9890]  ? sendmsg_copy_msghdr+0x70/0x70
[   90.347172][ T9890]  ? __do_page_fault+0x56a/0xd80
[   90.352133][ T9890]  ? find_held_lock+0x35/0x130
[   90.357032][ T9890]  ? __do_page_fault+0x56a/0xd80
[   90.362337][ T9890]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   90.368614][ T9890]  ? __fget_light+0x1a9/0x230
[   90.373420][ T9890]  ? __fdget+0x1b/0x20
[   90.377701][ T9890]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   90.384026][ T9890]  __sys_sendmsg+0x105/0x1d0
[   90.388848][ T9890]  ? __sys_sendmsg_sock+0xc0/0xc0
[   90.393876][ T9890]  ? down_read_non_owner+0x490/0x490
[   90.399173][ T9890]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   90.404808][ T9890]  ? do_syscall_64+0x26/0x790
[   90.409717][ T9890]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   90.416029][ T9890]  ? do_syscall_64+0x26/0x790
[   90.420851][ T9890]  __x64_sys_sendmsg+0x78/0xb0
[   90.425703][ T9890]  do_syscall_64+0xfa/0x790
[   90.430215][ T9890]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   90.436172][ T9890] RIP: 0033:0x441399
[   90.440307][ T9890] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   90.460008][ T9890] RSP: 002b:00007ffe3e6a3a98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   90.468954][ T9890] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441399
[   90.477217][ T9890] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003
[   90.485732][ T9890] RBP: 0000000000015b2d R08: 00000000004002c8 R09: 00000000004002c8
[   90.493749][ T9890] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004021c0
[   90.501713][ T9890] R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000
[   90.511381][ T9890] Kernel Offset: disabled
[   90.517266][ T9890] Rebooting in 86400 seconds..