[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   75.749535][   T28] audit: type=1800 audit(1579393734.960:25): pid=8810 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   75.770743][   T28] audit: type=1800 audit(1579393734.960:26): pid=8810 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   75.820763][   T28] audit: type=1800 audit(1579393734.960:27): pid=8810 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   86.410619][ T8965] ==================================================================
[   86.418894][ T8965] BUG: KASAN: slab-out-of-bounds in bitmap_port_ext_cleanup+0xe6/0x2a0
[   86.427126][ T8965] Read of size 8 at addr ffff88809f6c0d00 by task syz-executor172/8965
[   86.435369][ T8965] 
[   86.437674][ T8965] CPU: 1 PID: 8965 Comm: syz-executor172 Not tainted 5.5.0-rc5-syzkaller #0
[   86.446317][ T8965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   86.456344][ T8965] Call Trace:
[   86.459612][ T8965]  dump_stack+0x197/0x210
[   86.463914][ T8965]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   86.469469][ T8965]  print_address_description.constprop.0.cold+0xd4/0x30b
[   86.476520][ T8965]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   86.482050][ T8965]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   86.487569][ T8965]  __kasan_report.cold+0x1b/0x41
[   86.492482][ T8965]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   86.498008][ T8965]  kasan_report+0x12/0x20
[   86.502319][ T8965]  check_memory_region+0x134/0x1a0
[   86.507404][ T8965]  __kasan_check_read+0x11/0x20
[   86.512228][ T8965]  bitmap_port_ext_cleanup+0xe6/0x2a0
[   86.517590][ T8965]  bitmap_port_destroy+0x180/0x1d0
[   86.522694][ T8965]  ip_set_create+0xe47/0x1500
[   86.527350][ T8965]  ? ip_set_destroy+0xb70/0xb70
[   86.532188][ T8965]  ? ip_set_destroy+0xb70/0xb70
[   86.537039][ T8965]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   86.541954][ T8965]  ? nfnetlink_bind+0x2c0/0x2c0
[   86.546780][ T8965]  ? __kasan_check_read+0x11/0x20
[   86.551784][ T8965]  ? __lock_acquire+0x8a0/0x4a00
[   86.556703][ T8965]  ? save_stack+0x5c/0x90
[   86.561008][ T8965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.567505][ T8965]  ? apparmor_capable+0x497/0x900
[   86.572515][ T8965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.578733][ T8965]  ? __kasan_check_read+0x11/0x20
[   86.583735][ T8965]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   86.589218][ T8965]  netlink_rcv_skb+0x177/0x450
[   86.593962][ T8965]  ? nfnetlink_bind+0x2c0/0x2c0
[   86.598840][ T8965]  ? netlink_ack+0xb50/0xb50
[   86.603410][ T8965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.609626][ T8965]  ? ns_capable_common+0x93/0x100
[   86.614626][ T8965]  ? ns_capable+0x20/0x30
[   86.618940][ T8965]  ? __netlink_ns_capable+0x104/0x140
[   86.624314][ T8965]  nfnetlink_rcv+0x1ba/0x460
[   86.628886][ T8965]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   86.634318][ T8965]  ? netlink_deliver_tap+0x24a/0xbe0
[   86.639579][ T8965]  ? __kasan_check_write+0x14/0x20
[   86.644669][ T8965]  netlink_unicast+0x58c/0x7d0
[   86.649413][ T8965]  ? netlink_attachskb+0x870/0x870
[   86.654548][ T8965]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   86.660255][ T8965]  ? __check_object_size+0x3d/0x437
[   86.665429][ T8965]  netlink_sendmsg+0x91c/0xea0
[   86.670168][ T8965]  ? netlink_unicast+0x7d0/0x7d0
[   86.675081][ T8965]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   86.680599][ T8965]  ? apparmor_socket_sendmsg+0x2a/0x30
[   86.686033][ T8965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.692249][ T8965]  ? security_socket_sendmsg+0x8d/0xc0
[   86.697683][ T8965]  ? netlink_unicast+0x7d0/0x7d0
[   86.702596][ T8965]  sock_sendmsg+0xd7/0x130
[   86.706987][ T8965]  ____sys_sendmsg+0x753/0x880
[   86.711723][ T8965]  ? kernel_sendmsg+0x50/0x50
[   86.716374][ T8965]  ? mark_held_locks+0xa4/0xf0
[   86.721110][ T8965]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   86.727150][ T8965]  ? __handle_mm_fault+0x3145/0x3cc0
[   86.732428][ T8965]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   86.738471][ T8965]  ___sys_sendmsg+0x100/0x170
[   86.743207][ T8965]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   86.749162][ T8965]  ? sendmsg_copy_msghdr+0x70/0x70
[   86.754287][ T8965]  ? __do_page_fault+0x56a/0xd80
[   86.759208][ T8965]  ? find_held_lock+0x35/0x130
[   86.763972][ T8965]  ? __do_page_fault+0x56a/0xd80
[   86.768888][ T8965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.775102][ T8965]  ? __fget_light+0x1a9/0x230
[   86.779768][ T8965]  ? __fdget+0x1b/0x20
[   86.783807][ T8965]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   86.790025][ T8965]  __sys_sendmsg+0x105/0x1d0
[   86.794594][ T8965]  ? __sys_sendmsg_sock+0xc0/0xc0
[   86.799598][ T8965]  ? down_read_non_owner+0x490/0x490
[   86.804857][ T8965]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   86.810340][ T8965]  ? do_syscall_64+0x26/0x790
[   86.815000][ T8965]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.821038][ T8965]  ? do_syscall_64+0x26/0x790
[   86.825697][ T8965]  __x64_sys_sendmsg+0x78/0xb0
[   86.830433][ T8965]  do_syscall_64+0xfa/0x790
[   86.834909][ T8965]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.840789][ T8965] RIP: 0033:0x441399
[   86.844659][ T8965] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   86.864230][ T8965] RSP: 002b:00007ffd3c76f208 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   86.872610][ T8965] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441399
[   86.880555][ T8965] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003
[   86.888517][ T8965] RBP: 0000000000015169 R08: 00000000004002c8 R09: 00000000004002c8
[   86.896464][ T8965] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004021c0
[   86.904411][ T8965] R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000
[   86.912356][ T8965] 
[   86.914663][ T8965] Allocated by task 8965:
[   86.918968][ T8965]  save_stack+0x23/0x90
[   86.923094][ T8965]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   86.928694][ T8965]  kasan_kmalloc+0x9/0x10
[   86.932994][ T8965]  __kmalloc+0x163/0x770
[   86.937208][ T8965]  ip_set_alloc+0x38/0x5e
[   86.941509][ T8965]  bitmap_port_create+0x3dc/0x7c0
[   86.946506][ T8965]  ip_set_create+0x6f1/0x1500
[   86.951161][ T8965]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   86.956068][ T8965]  netlink_rcv_skb+0x177/0x450
[   86.960804][ T8965]  nfnetlink_rcv+0x1ba/0x460
[   86.965362][ T8965]  netlink_unicast+0x58c/0x7d0
[   86.970096][ T8965]  netlink_sendmsg+0x91c/0xea0
[   86.974838][ T8965]  sock_sendmsg+0xd7/0x130
[   86.979228][ T8965]  ____sys_sendmsg+0x753/0x880
[   86.983971][ T8965]  ___sys_sendmsg+0x100/0x170
[   86.988616][ T8965]  __sys_sendmsg+0x105/0x1d0
[   86.993174][ T8965]  __x64_sys_sendmsg+0x78/0xb0
[   86.997910][ T8965]  do_syscall_64+0xfa/0x790
[   87.002414][ T8965]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.008270][ T8965] 
[   87.010569][ T8965] Freed by task 8710:
[   87.014526][ T8965]  save_stack+0x23/0x90
[   87.018661][ T8965]  __kasan_slab_free+0x102/0x150
[   87.023567][ T8965]  kasan_slab_free+0xe/0x10
[   87.028038][ T8965]  kfree+0x10a/0x2c0
[   87.031907][ T8965]  tomoyo_check_open_permission+0x19e/0x3e0
[   87.037803][ T8965]  tomoyo_file_open+0xa9/0xd0
[   87.042462][ T8965]  security_file_open+0x71/0x300
[   87.047378][ T8965]  do_dentry_open+0x37a/0x1380
[   87.052117][ T8965]  vfs_open+0xa0/0xd0
[   87.056077][ T8965]  path_openat+0x10df/0x4500
[   87.060654][ T8965]  do_filp_open+0x1a1/0x280
[   87.065148][ T8965]  do_sys_open+0x3fe/0x5d0
[   87.069640][ T8965]  __x64_sys_open+0x7e/0xc0
[   87.074190][ T8965]  do_syscall_64+0xfa/0x790
[   87.078713][ T8965]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.084579][ T8965] 
[   87.086890][ T8965] The buggy address belongs to the object at ffff88809f6c0d00
[   87.086890][ T8965]  which belongs to the cache kmalloc-32 of size 32
[   87.100787][ T8965] The buggy address is located 0 bytes inside of
[   87.100787][ T8965]  32-byte region [ffff88809f6c0d00, ffff88809f6c0d20)
[   87.113770][ T8965] The buggy address belongs to the page:
[   87.119385][ T8965] page:ffffea00027db000 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809f6c0fc1
[   87.129775][ T8965] raw: 00fffe0000000200 ffffea00027cca88 ffffea0002a27908 ffff8880aa4001c0
[   87.138335][ T8965] raw: ffff88809f6c0fc1 ffff88809f6c0000 000000010000003c 0000000000000000
[   87.147025][ T8965] page dumped because: kasan: bad access detected
[   87.153408][ T8965] 
[   87.155708][ T8965] Memory state around the buggy address:
[   87.161310][ T8965]  ffff88809f6c0c00: 00 00 00 fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   87.169345][ T8965]  ffff88809f6c0c80: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   87.177392][ T8965] >ffff88809f6c0d00: 04 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   87.185429][ T8965]                    ^
[   87.189483][ T8965]  ffff88809f6c0d80: 00 fc fc fc fc fc fc fc 00 04 fc fc fc fc fc fc
[   87.197515][ T8965]  ffff88809f6c0e00: 00 04 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   87.205546][ T8965] ==================================================================
[   87.213581][ T8965] Disabling lock debugging due to kernel taint
[   87.221790][ T8965] Kernel panic - not syncing: panic_on_warn set ...
[   87.228364][ T8965] CPU: 1 PID: 8965 Comm: syz-executor172 Tainted: G    B             5.5.0-rc5-syzkaller #0
[   87.238396][ T8965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   87.248425][ T8965] Call Trace:
[   87.251696][ T8965]  dump_stack+0x197/0x210
[   87.256009][ T8965]  panic+0x2e3/0x75c
[   87.259882][ T8965]  ? add_taint.cold+0x16/0x16
[   87.264530][ T8965]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   87.270057][ T8965]  ? preempt_schedule+0x4b/0x60
[   87.274878][ T8965]  ? ___preempt_schedule+0x16/0x18
[   87.279982][ T8965]  ? trace_hardirqs_on+0x5e/0x240
[   87.284976][ T8965]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   87.290508][ T8965]  end_report+0x47/0x4f
[   87.294645][ T8965]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   87.300174][ T8965]  __kasan_report.cold+0xe/0x41
[   87.304995][ T8965]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   87.310508][ T8965]  kasan_report+0x12/0x20
[   87.314809][ T8965]  check_memory_region+0x134/0x1a0
[   87.319902][ T8965]  __kasan_check_read+0x11/0x20
[   87.324729][ T8965]  bitmap_port_ext_cleanup+0xe6/0x2a0
[   87.330070][ T8965]  bitmap_port_destroy+0x180/0x1d0
[   87.335150][ T8965]  ip_set_create+0xe47/0x1500
[   87.339796][ T8965]  ? ip_set_destroy+0xb70/0xb70
[   87.344623][ T8965]  ? ip_set_destroy+0xb70/0xb70
[   87.349443][ T8965]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   87.354354][ T8965]  ? nfnetlink_bind+0x2c0/0x2c0
[   87.359217][ T8965]  ? __kasan_check_read+0x11/0x20
[   87.364216][ T8965]  ? __lock_acquire+0x8a0/0x4a00
[   87.369125][ T8965]  ? save_stack+0x5c/0x90
[   87.373431][ T8965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.379661][ T8965]  ? apparmor_capable+0x497/0x900
[   87.384659][ T8965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.390871][ T8965]  ? __kasan_check_read+0x11/0x20
[   87.395880][ T8965]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   87.401311][ T8965]  netlink_rcv_skb+0x177/0x450
[   87.406052][ T8965]  ? nfnetlink_bind+0x2c0/0x2c0
[   87.410875][ T8965]  ? netlink_ack+0xb50/0xb50
[   87.415438][ T8965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.421649][ T8965]  ? ns_capable_common+0x93/0x100
[   87.426662][ T8965]  ? ns_capable+0x20/0x30
[   87.431054][ T8965]  ? __netlink_ns_capable+0x104/0x140
[   87.436412][ T8965]  nfnetlink_rcv+0x1ba/0x460
[   87.441034][ T8965]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   87.446477][ T8965]  ? netlink_deliver_tap+0x24a/0xbe0
[   87.451740][ T8965]  ? __kasan_check_write+0x14/0x20
[   87.456836][ T8965]  netlink_unicast+0x58c/0x7d0
[   87.461577][ T8965]  ? netlink_attachskb+0x870/0x870
[   87.466662][ T8965]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   87.472358][ T8965]  ? __check_object_size+0x3d/0x437
[   87.477541][ T8965]  netlink_sendmsg+0x91c/0xea0
[   87.482279][ T8965]  ? netlink_unicast+0x7d0/0x7d0
[   87.487198][ T8965]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   87.492729][ T8965]  ? apparmor_socket_sendmsg+0x2a/0x30
[   87.498186][ T8965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.504406][ T8965]  ? security_socket_sendmsg+0x8d/0xc0
[   87.509842][ T8965]  ? netlink_unicast+0x7d0/0x7d0
[   87.514757][ T8965]  sock_sendmsg+0xd7/0x130
[   87.519147][ T8965]  ____sys_sendmsg+0x753/0x880
[   87.523899][ T8965]  ? kernel_sendmsg+0x50/0x50
[   87.528551][ T8965]  ? mark_held_locks+0xa4/0xf0
[   87.533292][ T8965]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   87.539340][ T8965]  ? __handle_mm_fault+0x3145/0x3cc0
[   87.544610][ T8965]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   87.550656][ T8965]  ___sys_sendmsg+0x100/0x170
[   87.555354][ T8965]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   87.561310][ T8965]  ? sendmsg_copy_msghdr+0x70/0x70
[   87.566400][ T8965]  ? __do_page_fault+0x56a/0xd80
[   87.571310][ T8965]  ? find_held_lock+0x35/0x130
[   87.576053][ T8965]  ? __do_page_fault+0x56a/0xd80
[   87.580969][ T8965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.587190][ T8965]  ? __fget_light+0x1a9/0x230
[   87.591841][ T8965]  ? __fdget+0x1b/0x20
[   87.595897][ T8965]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   87.602113][ T8965]  __sys_sendmsg+0x105/0x1d0
[   87.606678][ T8965]  ? __sys_sendmsg_sock+0xc0/0xc0
[   87.611681][ T8965]  ? down_read_non_owner+0x490/0x490
[   87.616943][ T8965]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   87.622519][ T8965]  ? do_syscall_64+0x26/0x790
[   87.627175][ T8965]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.633389][ T8965]  ? do_syscall_64+0x26/0x790
[   87.638046][ T8965]  __x64_sys_sendmsg+0x78/0xb0
[   87.642798][ T8965]  do_syscall_64+0xfa/0x790
[   87.647288][ T8965]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.653155][ T8965] RIP: 0033:0x441399
[   87.657027][ T8965] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   87.676606][ T8965] RSP: 002b:00007ffd3c76f208 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   87.684991][ T8965] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441399
[   87.692937][ T8965] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003
[   87.700883][ T8965] RBP: 0000000000015169 R08: 00000000004002c8 R09: 00000000004002c8
[   87.708829][ T8965] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004021c0
[   87.716785][ T8965] R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000
[   87.726162][ T8965] Kernel Offset: disabled
[   87.730480][ T8965] Rebooting in 86400 seconds..