[   79.722726][   T27] audit: type=1800 audit(1579512888.854:26): pid=9679 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   80.785201][   T27] kauditd_printk_skb: 2 callbacks suppressed
[   80.785213][   T27] audit: type=1800 audit(1579512889.934:29): pid=9679 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   80.813326][   T27] audit: type=1800 audit(1579512889.934:30): pid=9679 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.222' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   90.897778][ T9834] ==================================================================
[   90.906732][ T9834] BUG: KASAN: slab-out-of-bounds in bitmap_ip_ext_cleanup+0xd8/0x290
[   90.915455][ T9834] Read of size 8 at addr ffff8880989e7cc0 by task syz-executor282/9834
[   90.923987][ T9834] 
[   90.926496][ T9834] CPU: 1 PID: 9834 Comm: syz-executor282 Not tainted 5.5.0-rc7-syzkaller #0
[   90.935708][ T9834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   90.946117][ T9834] Call Trace:
[   90.949651][ T9834]  dump_stack+0x197/0x210
[   90.953986][ T9834]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   90.959795][ T9834]  print_address_description.constprop.0.cold+0xd4/0x30b
[   90.967633][ T9834]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   90.973012][ T9834]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   90.978639][ T9834]  __kasan_report.cold+0x1b/0x41
[   90.983763][ T9834]  ? ip_set_net_exit+0x510/0x5c0
[   90.989116][ T9834]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   90.994877][ T9834]  kasan_report+0x12/0x20
[   90.999678][ T9834]  check_memory_region+0x134/0x1a0
[   91.004960][ T9834]  __kasan_check_read+0x11/0x20
[   91.010116][ T9834]  bitmap_ip_ext_cleanup+0xd8/0x290
[   91.015648][ T9834]  bitmap_ip_destroy+0x180/0x1d0
[   91.020612][ T9834]  ip_set_create+0xe47/0x1500
[   91.025484][ T9834]  ? ip_set_destroy+0xb70/0xb70
[   91.031041][ T9834]  ? ip_set_destroy+0xb70/0xb70
[   91.036150][ T9834]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   91.041464][ T9834]  ? nfnetlink_bind+0x2c0/0x2c0
[   91.046692][ T9834]  ? __kasan_check_read+0x11/0x20
[   91.052033][ T9834]  ? __lock_acquire+0x8a0/0x4a00
[   91.056975][ T9834]  ? save_stack+0x5c/0x90
[   91.061474][ T9834]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.067895][ T9834]  ? apparmor_capable+0x497/0x900
[   91.073161][ T9834]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.079737][ T9834]  ? __kasan_check_read+0x11/0x20
[   91.084768][ T9834]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   91.090578][ T9834]  netlink_rcv_skb+0x177/0x450
[   91.095724][ T9834]  ? nfnetlink_bind+0x2c0/0x2c0
[   91.101051][ T9834]  ? netlink_ack+0xb50/0xb50
[   91.105921][ T9834]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.112266][ T9834]  ? ns_capable_common+0x93/0x100
[   91.117903][ T9834]  ? ns_capable+0x20/0x30
[   91.122958][ T9834]  ? __netlink_ns_capable+0x104/0x140
[   91.128366][ T9834]  nfnetlink_rcv+0x1ba/0x460
[   91.133126][ T9834]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   91.138882][ T9834]  ? netlink_deliver_tap+0x24a/0xbe0
[   91.144552][ T9834]  ? __kasan_check_write+0x14/0x20
[   91.150761][ T9834]  netlink_unicast+0x58c/0x7d0
[   91.155801][ T9834]  ? netlink_attachskb+0x870/0x870
[   91.161399][ T9834]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   91.168270][ T9834]  ? __check_object_size+0x3d/0x437
[   91.173776][ T9834]  netlink_sendmsg+0x91c/0xea0
[   91.179442][ T9834]  ? netlink_unicast+0x7d0/0x7d0
[   91.184523][ T9834]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   91.190561][ T9834]  ? apparmor_socket_sendmsg+0x2a/0x30
[   91.196459][ T9834]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.203163][ T9834]  ? security_socket_sendmsg+0x8d/0xc0
[   91.209340][ T9834]  ? netlink_unicast+0x7d0/0x7d0
[   91.214415][ T9834]  sock_sendmsg+0xd7/0x130
[   91.218839][ T9834]  ____sys_sendmsg+0x753/0x880
[   91.224133][ T9834]  ? kernel_sendmsg+0x50/0x50
[   91.228962][ T9834]  ? mark_held_locks+0xa4/0xf0
[   91.233891][ T9834]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   91.240469][ T9834]  ? __handle_mm_fault+0x3145/0x3cc0
[   91.245757][ T9834]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   91.252289][ T9834]  ___sys_sendmsg+0x100/0x170
[   91.257341][ T9834]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   91.263563][ T9834]  ? sendmsg_copy_msghdr+0x70/0x70
[   91.269247][ T9834]  ? __do_page_fault+0x56a/0xd80
[   91.274698][ T9834]  ? find_held_lock+0x35/0x130
[   91.280421][ T9834]  ? __do_page_fault+0x56a/0xd80
[   91.285695][ T9834]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.292361][ T9834]  ? __fget_light+0x1a9/0x230
[   91.297131][ T9834]  ? __fdget+0x1b/0x20
[   91.301902][ T9834]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   91.308153][ T9834]  __sys_sendmsg+0x105/0x1d0
[   91.312905][ T9834]  ? __sys_sendmsg_sock+0xc0/0xc0
[   91.318219][ T9834]  ? down_read_non_owner+0x490/0x490
[   91.323672][ T9834]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   91.329312][ T9834]  ? do_syscall_64+0x26/0x790
[   91.334246][ T9834]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   91.340434][ T9834]  ? do_syscall_64+0x26/0x790
[   91.345119][ T9834]  __x64_sys_sendmsg+0x78/0xb0
[   91.350253][ T9834]  do_syscall_64+0xfa/0x790
[   91.355059][ T9834]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   91.361081][ T9834] RIP: 0033:0x441459
[   91.364979][ T9834] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   91.385005][ T9834] RSP: 002b:00007ffea338a8e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   91.393796][ T9834] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441459
[   91.402230][ T9834] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[   91.410491][ T9834] RBP: 00000000000162e8 R08: 00000000004002c8 R09: 00000000004002c8
[   91.418612][ T9834] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402280
[   91.427276][ T9834] R13: 0000000000402310 R14: 0000000000000000 R15: 0000000000000000
[   91.435604][ T9834] 
[   91.438054][ T9834] Allocated by task 9834:
[   91.442606][ T9834]  save_stack+0x23/0x90
[   91.446767][ T9834]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   91.452471][ T9834]  kasan_kmalloc+0x9/0x10
[   91.456799][ T9834]  __kmalloc+0x163/0x770
[   91.461429][ T9834]  ip_set_alloc+0x38/0x5e
[   91.465756][ T9834]  bitmap_ip_create+0x6ec/0xc20
[   91.470781][ T9834]  ip_set_create+0x6f1/0x1500
[   91.475602][ T9834]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   91.480599][ T9834]  netlink_rcv_skb+0x177/0x450
[   91.485496][ T9834]  nfnetlink_rcv+0x1ba/0x460
[   91.490356][ T9834]  netlink_unicast+0x58c/0x7d0
[   91.495251][ T9834]  netlink_sendmsg+0x91c/0xea0
[   91.500042][ T9834]  sock_sendmsg+0xd7/0x130
[   91.504585][ T9834]  ____sys_sendmsg+0x753/0x880
[   91.509558][ T9834]  ___sys_sendmsg+0x100/0x170
[   91.514313][ T9834]  __sys_sendmsg+0x105/0x1d0
[   91.519076][ T9834]  __x64_sys_sendmsg+0x78/0xb0
[   91.524446][ T9834]  do_syscall_64+0xfa/0x790
[   91.529022][ T9834]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   91.534928][ T9834] 
[   91.537245][ T9834] Freed by task 9561:
[   91.541288][ T9834]  save_stack+0x23/0x90
[   91.545584][ T9834]  __kasan_slab_free+0x102/0x150
[   91.550661][ T9834]  kasan_slab_free+0xe/0x10
[   91.555168][ T9834]  kfree+0x10a/0x2c0
[   91.559058][ T9834]  single_release+0x95/0xc0
[   91.563558][ T9834]  __fput+0x2ff/0x890
[   91.567633][ T9834]  ____fput+0x16/0x20
[   91.571732][ T9834]  task_work_run+0x145/0x1c0
[   91.576333][ T9834]  exit_to_usermode_loop+0x316/0x380
[   91.581615][ T9834]  do_syscall_64+0x676/0x790
[   91.586204][ T9834]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   91.592203][ T9834] 
[   91.594538][ T9834] The buggy address belongs to the object at ffff8880989e7cc0
[   91.594538][ T9834]  which belongs to the cache kmalloc-32 of size 32
[   91.608631][ T9834] The buggy address is located 0 bytes inside of
[   91.608631][ T9834]  32-byte region [ffff8880989e7cc0, ffff8880989e7ce0)
[   91.621629][ T9834] The buggy address belongs to the page:
[   91.627371][ T9834] page:ffffea00026279c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880989e7fc1
[   91.637890][ T9834] raw: 00fffe0000000200 ffffea0002845948 ffffea0002942a48 ffff8880aa4001c0
[   91.646634][ T9834] raw: ffff8880989e7fc1 ffff8880989e7000 000000010000003f 0000000000000000
[   91.655205][ T9834] page dumped because: kasan: bad access detected
[   91.661608][ T9834] 
[   91.663922][ T9834] Memory state around the buggy address:
[   91.669594][ T9834]  ffff8880989e7b80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   91.677657][ T9834]  ffff8880989e7c00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   91.685811][ T9834] >ffff8880989e7c80: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc
[   91.693855][ T9834]                                            ^
[   91.700136][ T9834]  ffff8880989e7d00: 00 01 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   91.708198][ T9834]  ffff8880989e7d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   91.716368][ T9834] ==================================================================
[   91.724420][ T9834] Disabling lock debugging due to kernel taint
[   91.731016][ T9834] Kernel panic - not syncing: panic_on_warn set ...
[   91.737610][ T9834] CPU: 1 PID: 9834 Comm: syz-executor282 Tainted: G    B             5.5.0-rc7-syzkaller #0
[   91.747678][ T9834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   91.757736][ T9834] Call Trace:
[   91.761033][ T9834]  dump_stack+0x197/0x210
[   91.765351][ T9834]  panic+0x2e3/0x75c
[   91.769321][ T9834]  ? add_taint.cold+0x16/0x16
[   91.774092][ T9834]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   91.779612][ T9834]  ? preempt_schedule+0x4b/0x60
[   91.784464][ T9834]  ? ___preempt_schedule+0x16/0x18
[   91.789569][ T9834]  ? trace_hardirqs_on+0x5e/0x240
[   91.794591][ T9834]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   91.800006][ T9834]  end_report+0x47/0x4f
[   91.804161][ T9834]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   91.809719][ T9834]  __kasan_report.cold+0xe/0x41
[   91.814565][ T9834]  ? ip_set_net_exit+0x510/0x5c0
[   91.819559][ T9834]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[   91.824924][ T9834]  kasan_report+0x12/0x20
[   91.829247][ T9834]  check_memory_region+0x134/0x1a0
[   91.834358][ T9834]  __kasan_check_read+0x11/0x20
[   91.839212][ T9834]  bitmap_ip_ext_cleanup+0xd8/0x290
[   91.844418][ T9834]  bitmap_ip_destroy+0x180/0x1d0
[   91.849444][ T9834]  ip_set_create+0xe47/0x1500
[   91.854195][ T9834]  ? ip_set_destroy+0xb70/0xb70
[   91.859053][ T9834]  ? ip_set_destroy+0xb70/0xb70
[   91.863970][ T9834]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   91.868906][ T9834]  ? nfnetlink_bind+0x2c0/0x2c0
[   91.873854][ T9834]  ? __kasan_check_read+0x11/0x20
[   91.879001][ T9834]  ? __lock_acquire+0x8a0/0x4a00
[   91.884067][ T9834]  ? save_stack+0x5c/0x90
[   91.888744][ T9834]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.895117][ T9834]  ? apparmor_capable+0x497/0x900
[   91.900172][ T9834]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.906483][ T9834]  ? __kasan_check_read+0x11/0x20
[   91.911533][ T9834]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   91.917031][ T9834]  netlink_rcv_skb+0x177/0x450
[   91.921966][ T9834]  ? nfnetlink_bind+0x2c0/0x2c0
[   91.926813][ T9834]  ? netlink_ack+0xb50/0xb50
[   91.931455][ T9834]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.937692][ T9834]  ? ns_capable_common+0x93/0x100
[   91.942874][ T9834]  ? ns_capable+0x20/0x30
[   91.947200][ T9834]  ? __netlink_ns_capable+0x104/0x140
[   91.952788][ T9834]  nfnetlink_rcv+0x1ba/0x460
[   91.957378][ T9834]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   91.962826][ T9834]  ? netlink_deliver_tap+0x24a/0xbe0
[   91.968239][ T9834]  ? __kasan_check_write+0x14/0x20
[   91.973368][ T9834]  netlink_unicast+0x58c/0x7d0
[   91.978198][ T9834]  ? netlink_attachskb+0x870/0x870
[   91.983455][ T9834]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   91.989325][ T9834]  ? __check_object_size+0x3d/0x437
[   91.994513][ T9834]  netlink_sendmsg+0x91c/0xea0
[   91.999279][ T9834]  ? netlink_unicast+0x7d0/0x7d0
[   92.004207][ T9834]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   92.009747][ T9834]  ? apparmor_socket_sendmsg+0x2a/0x30
[   92.015194][ T9834]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   92.022454][ T9834]  ? security_socket_sendmsg+0x8d/0xc0
[   92.028091][ T9834]  ? netlink_unicast+0x7d0/0x7d0
[   92.033016][ T9834]  sock_sendmsg+0xd7/0x130
[   92.037529][ T9834]  ____sys_sendmsg+0x753/0x880
[   92.042275][ T9834]  ? kernel_sendmsg+0x50/0x50
[   92.046971][ T9834]  ? mark_held_locks+0xa4/0xf0
[   92.051872][ T9834]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   92.057929][ T9834]  ? __handle_mm_fault+0x3145/0x3cc0
[   92.063336][ T9834]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   92.069393][ T9834]  ___sys_sendmsg+0x100/0x170
[   92.074078][ T9834]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   92.080185][ T9834]  ? sendmsg_copy_msghdr+0x70/0x70
[   92.085466][ T9834]  ? __do_page_fault+0x56a/0xd80
[   92.090431][ T9834]  ? find_held_lock+0x35/0x130
[   92.095188][ T9834]  ? __do_page_fault+0x56a/0xd80
[   92.100127][ T9834]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   92.106362][ T9834]  ? __fget_light+0x1a9/0x230
[   92.111135][ T9834]  ? __fdget+0x1b/0x20
[   92.115626][ T9834]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   92.121866][ T9834]  __sys_sendmsg+0x105/0x1d0
[   92.126544][ T9834]  ? __sys_sendmsg_sock+0xc0/0xc0
[   92.131650][ T9834]  ? down_read_non_owner+0x490/0x490
[   92.136933][ T9834]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   92.142381][ T9834]  ? do_syscall_64+0x26/0x790
[   92.147158][ T9834]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   92.153375][ T9834]  ? do_syscall_64+0x26/0x790
[   92.158119][ T9834]  __x64_sys_sendmsg+0x78/0xb0
[   92.162993][ T9834]  do_syscall_64+0xfa/0x790
[   92.167493][ T9834]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   92.173466][ T9834] RIP: 0033:0x441459
[   92.177358][ T9834] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   92.197157][ T9834] RSP: 002b:00007ffea338a8e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   92.205553][ T9834] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441459
[   92.213634][ T9834] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[   92.221609][ T9834] RBP: 00000000000162e8 R08: 00000000004002c8 R09: 00000000004002c8
[   92.229580][ T9834] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402280
[   92.237546][ T9834] R13: 0000000000402310 R14: 0000000000000000 R15: 0000000000000000
[   92.247344][ T9834] Kernel Offset: disabled
[   92.251718][ T9834] Rebooting in 86400 seconds..