[   85.359440][   T27] audit: type=1800 audit(1579871050.546:25): pid=9549 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   86.161626][   T27] kauditd_printk_skb: 3 callbacks suppressed
[   86.161640][   T27] audit: type=1800 audit(1579871051.346:29): pid=9549 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   86.191561][   T27] audit: type=1800 audit(1579871051.346:30): pid=9549 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [  112.633978][ T9704] ==================================================================
[  112.642216][ T9704] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_ext_cleanup+0xd8/0x290
[  112.650660][ T9704] Read of size 8 at addr ffff88808dc0de00 by task syz-executor137/9704
[  112.658891][ T9704] 
[  112.661220][ T9704] CPU: 0 PID: 9704 Comm: syz-executor137 Not tainted 5.5.0-rc6-syzkaller #0
[  112.669893][ T9704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  112.679984][ T9704] Call Trace:
[  112.683438][ T9704]  dump_stack+0x197/0x210
[  112.687825][ T9704]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  112.693534][ T9704]  print_address_description.constprop.0.cold+0xd4/0x30b
[  112.700553][ T9704]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  112.706181][ T9704]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  112.711816][ T9704]  __kasan_report.cold+0x1b/0x41
[  112.716747][ T9704]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  112.722387][ T9704]  kasan_report+0x12/0x20
[  112.726908][ T9704]  check_memory_region+0x134/0x1a0
[  112.732049][ T9704]  __kasan_check_read+0x11/0x20
[  112.736895][ T9704]  bitmap_ipmac_ext_cleanup+0xd8/0x290
[  112.742357][ T9704]  bitmap_ipmac_destroy+0x180/0x1d0
[  112.747557][ T9704]  ip_set_create+0xe47/0x1500
[  112.752342][ T9704]  ? ip_set_destroy+0xb70/0xb70
[  112.757319][ T9704]  ? ip_set_destroy+0xb70/0xb70
[  112.762177][ T9704]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  112.767125][ T9704]  ? nfnetlink_bind+0x2c0/0x2c0
[  112.771983][ T9704]  ? __kasan_check_read+0x11/0x20
[  112.776998][ T9704]  ? __lock_acquire+0x8a0/0x4a00
[  112.782026][ T9704]  ? save_stack+0x5c/0x90
[  112.786361][ T9704]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  112.792600][ T9704]  ? apparmor_capable+0x497/0x900
[  112.797624][ T9704]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  112.803854][ T9704]  ? __kasan_check_read+0x11/0x20
[  112.808881][ T9704]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  112.814331][ T9704]  netlink_rcv_skb+0x177/0x450
[  112.819100][ T9704]  ? nfnetlink_bind+0x2c0/0x2c0
[  112.823955][ T9704]  ? netlink_ack+0xb50/0xb50
[  112.828868][ T9704]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  112.835105][ T9704]  ? ns_capable_common+0x93/0x100
[  112.840125][ T9704]  ? ns_capable+0x20/0x30
[  112.844452][ T9704]  ? __netlink_ns_capable+0x104/0x140
[  112.849878][ T9704]  nfnetlink_rcv+0x1ba/0x460
[  112.854467][ T9704]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  112.859966][ T9704]  ? netlink_deliver_tap+0x24a/0xbe0
[  112.865247][ T9704]  ? __kasan_check_write+0x14/0x20
[  112.870400][ T9704]  netlink_unicast+0x58c/0x7d0
[  112.875302][ T9704]  ? netlink_attachskb+0x870/0x870
[  112.880404][ T9704]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  112.887424][ T9704]  ? __check_object_size+0x3d/0x437
[  112.892652][ T9704]  netlink_sendmsg+0x91c/0xea0
[  112.897424][ T9704]  ? netlink_unicast+0x7d0/0x7d0
[  112.902372][ T9704]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  112.907917][ T9704]  ? apparmor_socket_sendmsg+0x2a/0x30
[  112.913432][ T9704]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  112.919675][ T9704]  ? security_socket_sendmsg+0x8d/0xc0
[  112.925127][ T9704]  ? netlink_unicast+0x7d0/0x7d0
[  112.930052][ T9704]  sock_sendmsg+0xd7/0x130
[  112.934469][ T9704]  ____sys_sendmsg+0x753/0x880
[  112.939233][ T9704]  ? kernel_sendmsg+0x50/0x50
[  112.944267][ T9704]  ? mark_held_locks+0xa4/0xf0
[  112.949049][ T9704]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  112.955119][ T9704]  ? __handle_mm_fault+0x3145/0x3cc0
[  112.960567][ T9704]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  112.966640][ T9704]  ___sys_sendmsg+0x100/0x170
[  112.971472][ T9704]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  112.977457][ T9704]  ? sendmsg_copy_msghdr+0x70/0x70
[  112.982584][ T9704]  ? __do_page_fault+0x56a/0xd80
[  112.987519][ T9704]  ? find_held_lock+0x35/0x130
[  112.992290][ T9704]  ? __do_page_fault+0x56a/0xd80
[  112.997228][ T9704]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  113.003497][ T9704]  ? __fget_light+0x1a9/0x230
[  113.008164][ T9704]  ? __fdget+0x1b/0x20
[  113.012271][ T9704]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  113.018524][ T9704]  __sys_sendmsg+0x105/0x1d0
[  113.023127][ T9704]  ? __sys_sendmsg_sock+0xc0/0xc0
[  113.028144][ T9704]  ? down_read_non_owner+0x490/0x490
[  113.033424][ T9704]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  113.038884][ T9704]  ? do_syscall_64+0x26/0x790
[  113.043820][ T9704]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  113.050416][ T9704]  ? do_syscall_64+0x26/0x790
[  113.055103][ T9704]  __x64_sys_sendmsg+0x78/0xb0
[  113.059876][ T9704]  do_syscall_64+0xfa/0x790
[  113.064378][ T9704]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  113.070407][ T9704] RIP: 0033:0x4413f9
[  113.074297][ T9704] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  113.093891][ T9704] RSP: 002b:00007ffd82d40598 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  113.104415][ T9704] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413f9
[  113.112416][ T9704] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  113.120882][ T9704] RBP: 000000000001b7c3 R08: 00000000004002c8 R09: 00000000004002c8
[  113.129292][ T9704] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220
[  113.137258][ T9704] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000
[  113.145227][ T9704] 
[  113.147539][ T9704] Allocated by task 9704:
[  113.151864][ T9704]  save_stack+0x23/0x90
[  113.156021][ T9704]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  113.161644][ T9704]  kasan_kmalloc+0x9/0x10
[  113.165959][ T9704]  __kmalloc+0x163/0x770
[  113.170256][ T9704]  ip_set_alloc+0x38/0x5e
[  113.174576][ T9704]  bitmap_ipmac_create+0x4e8/0xa00
[  113.179794][ T9704]  ip_set_create+0x6f1/0x1500
[  113.184645][ T9704]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  113.189569][ T9704]  netlink_rcv_skb+0x177/0x450
[  113.194325][ T9704]  nfnetlink_rcv+0x1ba/0x460
[  113.198919][ T9704]  netlink_unicast+0x58c/0x7d0
[  113.203676][ T9704]  netlink_sendmsg+0x91c/0xea0
[  113.208434][ T9704]  sock_sendmsg+0xd7/0x130
[  113.212859][ T9704]  ____sys_sendmsg+0x753/0x880
[  113.217617][ T9704]  ___sys_sendmsg+0x100/0x170
[  113.222294][ T9704]  __sys_sendmsg+0x105/0x1d0
[  113.226953][ T9704]  __x64_sys_sendmsg+0x78/0xb0
[  113.231702][ T9704]  do_syscall_64+0xfa/0x790
[  113.236199][ T9704]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  113.242240][ T9704] 
[  113.244548][ T9704] Freed by task 0:
[  113.248250][ T9704] (stack is not available)
[  113.252650][ T9704] 
[  113.254981][ T9704] The buggy address belongs to the object at ffff88808dc0c000
[  113.254981][ T9704]  which belongs to the cache kmalloc-8k of size 8192
[  113.269066][ T9704] The buggy address is located 7680 bytes inside of
[  113.269066][ T9704]  8192-byte region [ffff88808dc0c000, ffff88808dc0e000)
[  113.282624][ T9704] The buggy address belongs to the page:
[  113.288265][ T9704] page:ffffea0002370300 refcount:1 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0
[  113.299424][ T9704] raw: 00fffe0000010200 ffffea000285b008 ffff8880aa401b48 ffff8880aa4021c0
[  113.308015][ T9704] raw: 0000000000000000 ffff88808dc0c000 0000000100000001 0000000000000000
[  113.316582][ T9704] page dumped because: kasan: bad access detected
[  113.323012][ T9704] 
[  113.325358][ T9704] Memory state around the buggy address:
[  113.330972][ T9704]  ffff88808dc0dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  113.339013][ T9704]  ffff88808dc0dd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  113.347060][ T9704] >ffff88808dc0de00: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  113.355123][ T9704]                    ^
[  113.359175][ T9704]  ffff88808dc0de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  113.367216][ T9704]  ffff88808dc0df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  113.375255][ T9704] ==================================================================
[  113.383304][ T9704] Disabling lock debugging due to kernel taint
[  113.389988][ T9704] Kernel panic - not syncing: panic_on_warn set ...
[  113.396595][ T9704] CPU: 0 PID: 9704 Comm: syz-executor137 Tainted: G    B             5.5.0-rc6-syzkaller #0
[  113.406639][ T9704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  113.416802][ T9704] Call Trace:
[  113.420092][ T9704]  dump_stack+0x197/0x210
[  113.424414][ T9704]  panic+0x2e3/0x75c
[  113.428291][ T9704]  ? add_taint.cold+0x16/0x16
[  113.432947][ T9704]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  113.438559][ T9704]  ? preempt_schedule+0x4b/0x60
[  113.443408][ T9704]  ? ___preempt_schedule+0x16/0x18
[  113.448513][ T9704]  ? trace_hardirqs_on+0x5e/0x240
[  113.453525][ T9704]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  113.459133][ T9704]  end_report+0x47/0x4f
[  113.463286][ T9704]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  113.468897][ T9704]  __kasan_report.cold+0xe/0x41
[  113.473748][ T9704]  ? bitmap_ipmac_ext_cleanup+0xd8/0x290
[  113.479363][ T9704]  kasan_report+0x12/0x20
[  113.483694][ T9704]  check_memory_region+0x134/0x1a0
[  113.488784][ T9704]  __kasan_check_read+0x11/0x20
[  113.493614][ T9704]  bitmap_ipmac_ext_cleanup+0xd8/0x290
[  113.499063][ T9704]  bitmap_ipmac_destroy+0x180/0x1d0
[  113.504256][ T9704]  ip_set_create+0xe47/0x1500
[  113.508915][ T9704]  ? ip_set_destroy+0xb70/0xb70
[  113.513765][ T9704]  ? ip_set_destroy+0xb70/0xb70
[  113.518601][ T9704]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  113.523538][ T9704]  ? nfnetlink_bind+0x2c0/0x2c0
[  113.528377][ T9704]  ? __kasan_check_read+0x11/0x20
[  113.533384][ T9704]  ? __lock_acquire+0x8a0/0x4a00
[  113.538298][ T9704]  ? save_stack+0x5c/0x90
[  113.542609][ T9704]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  113.548828][ T9704]  ? apparmor_capable+0x497/0x900
[  113.553859][ T9704]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  113.560088][ T9704]  ? __kasan_check_read+0x11/0x20
[  113.565094][ T9704]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  113.570534][ T9704]  netlink_rcv_skb+0x177/0x450
[  113.575293][ T9704]  ? nfnetlink_bind+0x2c0/0x2c0
[  113.580123][ T9704]  ? netlink_ack+0xb50/0xb50
[  113.584696][ T9704]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  113.590917][ T9704]  ? ns_capable_common+0x93/0x100
[  113.595920][ T9704]  ? ns_capable+0x20/0x30
[  113.600239][ T9704]  ? __netlink_ns_capable+0x104/0x140
[  113.605598][ T9704]  nfnetlink_rcv+0x1ba/0x460
[  113.610180][ T9704]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  113.615614][ T9704]  ? netlink_deliver_tap+0x24a/0xbe0
[  113.620880][ T9704]  ? __kasan_check_write+0x14/0x20
[  113.625968][ T9704]  netlink_unicast+0x58c/0x7d0
[  113.630714][ T9704]  ? netlink_attachskb+0x870/0x870
[  113.635805][ T9704]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  113.641514][ T9704]  ? __check_object_size+0x3d/0x437
[  113.646694][ T9704]  netlink_sendmsg+0x91c/0xea0
[  113.651439][ T9704]  ? netlink_unicast+0x7d0/0x7d0
[  113.656360][ T9704]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  113.661899][ T9704]  ? apparmor_socket_sendmsg+0x2a/0x30
[  113.667361][ T9704]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  113.673608][ T9704]  ? security_socket_sendmsg+0x8d/0xc0
[  113.679287][ T9704]  ? netlink_unicast+0x7d0/0x7d0
[  113.684293][ T9704]  sock_sendmsg+0xd7/0x130
[  113.688715][ T9704]  ____sys_sendmsg+0x753/0x880
[  113.693483][ T9704]  ? kernel_sendmsg+0x50/0x50
[  113.698151][ T9704]  ? mark_held_locks+0xa4/0xf0
[  113.702909][ T9704]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  113.709098][ T9704]  ? __handle_mm_fault+0x3145/0x3cc0
[  113.714510][ T9704]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  113.720572][ T9704]  ___sys_sendmsg+0x100/0x170
[  113.725425][ T9704]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  113.731393][ T9704]  ? sendmsg_copy_msghdr+0x70/0x70
[  113.736499][ T9704]  ? __do_page_fault+0x56a/0xd80
[  113.741485][ T9704]  ? find_held_lock+0x35/0x130
[  113.746259][ T9704]  ? __do_page_fault+0x56a/0xd80
[  113.751197][ T9704]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  113.757421][ T9704]  ? __fget_light+0x1a9/0x230
[  113.762195][ T9704]  ? __fdget+0x1b/0x20
[  113.766249][ T9704]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  113.772486][ T9704]  __sys_sendmsg+0x105/0x1d0
[  113.777060][ T9704]  ? __sys_sendmsg_sock+0xc0/0xc0
[  113.782068][ T9704]  ? down_read_non_owner+0x490/0x490
[  113.787439][ T9704]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  113.793002][ T9704]  ? do_syscall_64+0x26/0x790
[  113.797664][ T9704]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  113.803722][ T9704]  ? do_syscall_64+0x26/0x790
[  113.808569][ T9704]  __x64_sys_sendmsg+0x78/0xb0
[  113.813476][ T9704]  do_syscall_64+0xfa/0x790
[  113.817970][ T9704]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  113.823868][ T9704] RIP: 0033:0x4413f9
[  113.828003][ T9704] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  113.847699][ T9704] RSP: 002b:00007ffd82d40598 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  113.856112][ T9704] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413f9
[  113.864077][ T9704] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  113.872082][ T9704] RBP: 000000000001b7c3 R08: 00000000004002c8 R09: 00000000004002c8
[  113.880109][ T9704] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220
[  113.888069][ T9704] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000
[  113.897263][ T9704] Kernel Offset: disabled
[  113.901591][ T9704] Rebooting in 86400 seconds..