[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   99.410435][   T28] audit: type=1800 audit(1579544988.804:25): pid=9554 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   99.430288][   T28] audit: type=1800 audit(1579544988.804:26): pid=9554 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   99.465090][   T28] audit: type=1800 audit(1579544988.814:27): pid=9554 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.47' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [  109.918559][ T9710] ==================================================================
[  109.926737][ T9710] BUG: KASAN: slab-out-of-bounds in bitmap_ip_ext_cleanup+0xd8/0x290
[  109.934944][ T9710] Read of size 8 at addr ffff88809dc83100 by task syz-executor362/9710
[  109.943172][ T9710] 
[  109.945498][ T9710] CPU: 1 PID: 9710 Comm: syz-executor362 Not tainted 5.5.0-rc7-syzkaller #0
[  109.954149][ T9710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  109.964189][ T9710] Call Trace:
[  109.967477][ T9710]  dump_stack+0x197/0x210
[  109.971806][ T9710]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  109.977214][ T9710]  print_address_description.constprop.0.cold+0xd4/0x30b
[  109.988633][ T9710]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  109.994011][ T9710]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  109.999424][ T9710]  __kasan_report.cold+0x1b/0x41
[  110.004426][ T9710]  ? ip_set_net_exit+0x510/0x5c0
[  110.009376][ T9710]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  110.014757][ T9710]  kasan_report+0x12/0x20
[  110.019133][ T9710]  check_memory_region+0x134/0x1a0
[  110.024238][ T9710]  __kasan_check_read+0x11/0x20
[  110.029080][ T9710]  bitmap_ip_ext_cleanup+0xd8/0x290
[  110.034429][ T9710]  bitmap_ip_destroy+0x180/0x1d0
[  110.039391][ T9710]  ip_set_create+0xe47/0x1500
[  110.044353][ T9710]  ? ip_set_destroy+0xb70/0xb70
[  110.049308][ T9710]  ? ip_set_destroy+0xb70/0xb70
[  110.054155][ T9710]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  110.059116][ T9710]  ? nfnetlink_bind+0x2c0/0x2c0
[  110.063962][ T9710]  ? __kasan_check_read+0x11/0x20
[  110.068975][ T9710]  ? __lock_acquire+0x8a0/0x4a00
[  110.073906][ T9710]  ? save_stack+0x5c/0x90
[  110.078232][ T9710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.084456][ T9710]  ? apparmor_capable+0x497/0x900
[  110.089481][ T9710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.095710][ T9710]  ? __kasan_check_read+0x11/0x20
[  110.100737][ T9710]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  110.106192][ T9710]  netlink_rcv_skb+0x177/0x450
[  110.110941][ T9710]  ? nfnetlink_bind+0x2c0/0x2c0
[  110.115775][ T9710]  ? netlink_ack+0xb50/0xb50
[  110.120348][ T9710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.126737][ T9710]  ? ns_capable_common+0x93/0x100
[  110.131751][ T9710]  ? ns_capable+0x20/0x30
[  110.136079][ T9710]  ? __netlink_ns_capable+0x104/0x140
[  110.141489][ T9710]  nfnetlink_rcv+0x1ba/0x460
[  110.146086][ T9710]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  110.151638][ T9710]  ? netlink_deliver_tap+0x24a/0xbe0
[  110.156907][ T9710]  ? __kasan_check_write+0x14/0x20
[  110.162003][ T9710]  netlink_unicast+0x58c/0x7d0
[  110.167720][ T9710]  ? netlink_attachskb+0x870/0x870
[  110.172824][ T9710]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  110.178532][ T9710]  ? __check_object_size+0x3d/0x437
[  110.183731][ T9710]  netlink_sendmsg+0x91c/0xea0
[  110.188498][ T9710]  ? netlink_unicast+0x7d0/0x7d0
[  110.193418][ T9710]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  110.198956][ T9710]  ? apparmor_socket_sendmsg+0x2a/0x30
[  110.204405][ T9710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.210648][ T9710]  ? security_socket_sendmsg+0x8d/0xc0
[  110.216250][ T9710]  ? netlink_unicast+0x7d0/0x7d0
[  110.221178][ T9710]  sock_sendmsg+0xd7/0x130
[  110.225584][ T9710]  ____sys_sendmsg+0x753/0x880
[  110.230339][ T9710]  ? kernel_sendmsg+0x50/0x50
[  110.235015][ T9710]  ? mark_held_locks+0xa4/0xf0
[  110.239781][ T9710]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  110.245837][ T9710]  ? __handle_mm_fault+0x3145/0x3cc0
[  110.251107][ T9710]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  110.257400][ T9710]  ___sys_sendmsg+0x100/0x170
[  110.262072][ T9710]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  110.268042][ T9710]  ? sendmsg_copy_msghdr+0x70/0x70
[  110.273163][ T9710]  ? __do_page_fault+0x56a/0xd80
[  110.278100][ T9710]  ? find_held_lock+0x35/0x130
[  110.282854][ T9710]  ? __do_page_fault+0x56a/0xd80
[  110.287786][ T9710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.294017][ T9710]  ? __fget_light+0x1a9/0x230
[  110.298736][ T9710]  ? __fdget+0x1b/0x20
[  110.302893][ T9710]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  110.309237][ T9710]  __sys_sendmsg+0x105/0x1d0
[  110.313848][ T9710]  ? __sys_sendmsg_sock+0xc0/0xc0
[  110.318868][ T9710]  ? down_read_non_owner+0x490/0x490
[  110.324197][ T9710]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  110.329654][ T9710]  ? do_syscall_64+0x26/0x790
[  110.334379][ T9710]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  110.340434][ T9710]  ? do_syscall_64+0x26/0x790
[  110.345106][ T9710]  __x64_sys_sendmsg+0x78/0xb0
[  110.349895][ T9710]  do_syscall_64+0xfa/0x790
[  110.354393][ T9710]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  110.360538][ T9710] RIP: 0033:0x441459
[  110.364421][ T9710] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  110.384099][ T9710] RSP: 002b:00007ffc4b72e9f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  110.392559][ T9710] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441459
[  110.400570][ T9710] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  110.408579][ T9710] RBP: 000000000001ad26 R08: 00000000004002c8 R09: 00000000004002c8
[  110.416671][ T9710] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402280
[  110.424631][ T9710] R13: 0000000000402310 R14: 0000000000000000 R15: 0000000000000000
[  110.432602][ T9710] 
[  110.434955][ T9710] Allocated by task 9710:
[  110.439363][ T9710]  save_stack+0x23/0x90
[  110.443516][ T9710]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  110.449141][ T9710]  kasan_kmalloc+0x9/0x10
[  110.453499][ T9710]  __kmalloc+0x163/0x770
[  110.457725][ T9710]  ip_set_alloc+0x38/0x5e
[  110.462042][ T9710]  bitmap_ip_create+0x6ec/0xc20
[  110.466876][ T9710]  ip_set_create+0x6f1/0x1500
[  110.471535][ T9710]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  110.476458][ T9710]  netlink_rcv_skb+0x177/0x450
[  110.481207][ T9710]  nfnetlink_rcv+0x1ba/0x460
[  110.485828][ T9710]  netlink_unicast+0x58c/0x7d0
[  110.490686][ T9710]  netlink_sendmsg+0x91c/0xea0
[  110.495484][ T9710]  sock_sendmsg+0xd7/0x130
[  110.499980][ T9710]  ____sys_sendmsg+0x753/0x880
[  110.504742][ T9710]  ___sys_sendmsg+0x100/0x170
[  110.509405][ T9710]  __sys_sendmsg+0x105/0x1d0
[  110.514501][ T9710]  __x64_sys_sendmsg+0x78/0xb0
[  110.519286][ T9710]  do_syscall_64+0xfa/0x790
[  110.523778][ T9710]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  110.529650][ T9710] 
[  110.531978][ T9710] Freed by task 9429:
[  110.535992][ T9710]  save_stack+0x23/0x90
[  110.540135][ T9710]  __kasan_slab_free+0x102/0x150
[  110.545069][ T9710]  kasan_slab_free+0xe/0x10
[  110.549569][ T9710]  kfree+0x10a/0x2c0
[  110.553499][ T9710]  single_release+0x95/0xc0
[  110.558000][ T9710]  __fput+0x2ff/0x890
[  110.561987][ T9710]  ____fput+0x16/0x20
[  110.566050][ T9710]  task_work_run+0x145/0x1c0
[  110.570630][ T9710]  exit_to_usermode_loop+0x316/0x380
[  110.575902][ T9710]  do_syscall_64+0x676/0x790
[  110.580478][ T9710]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  110.586350][ T9710] 
[  110.588661][ T9710] The buggy address belongs to the object at ffff88809dc83100
[  110.588661][ T9710]  which belongs to the cache kmalloc-32 of size 32
[  110.602527][ T9710] The buggy address is located 0 bytes inside of
[  110.602527][ T9710]  32-byte region [ffff88809dc83100, ffff88809dc83120)
[  110.615521][ T9710] The buggy address belongs to the page:
[  110.621147][ T9710] page:ffffea00027720c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809dc83fc1
[  110.631542][ T9710] raw: 00fffe0000000200 ffffea00027a7c08 ffffea000282af48 ffff8880aa4001c0
[  110.640167][ T9710] raw: ffff88809dc83fc1 ffff88809dc83000 000000010000003e 0000000000000000
[  110.648732][ T9710] page dumped because: kasan: bad access detected
[  110.655127][ T9710] 
[  110.657550][ T9710] Memory state around the buggy address:
[  110.663261][ T9710]  ffff88809dc83000: fb fb fb fb fc fc fc fc 06 fc fc fc fc fc fc fc
[  110.672365][ T9710]  ffff88809dc83080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  110.680418][ T9710] >ffff88809dc83100: 04 fc fc fc fc fc fc fc 00 01 fc fc fc fc fc fc
[  110.688463][ T9710]                    ^
[  110.692524][ T9710]  ffff88809dc83180: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  110.700761][ T9710]  ffff88809dc83200: fb fb fb fb fc fc fc fc 00 fc fc fc fc fc fc fc
[  110.708814][ T9710] ==================================================================
[  110.716861][ T9710] Disabling lock debugging due to kernel taint
[  110.725341][ T9710] Kernel panic - not syncing: panic_on_warn set ...
[  110.732058][ T9710] CPU: 1 PID: 9710 Comm: syz-executor362 Tainted: G    B             5.5.0-rc7-syzkaller #0
[  110.742217][ T9710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  110.752294][ T9710] Call Trace:
[  110.755597][ T9710]  dump_stack+0x197/0x210
[  110.759916][ T9710]  panic+0x2e3/0x75c
[  110.763823][ T9710]  ? add_taint.cold+0x16/0x16
[  110.768484][ T9710]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  110.774113][ T9710]  ? preempt_schedule+0x4b/0x60
[  110.779086][ T9710]  ? ___preempt_schedule+0x16/0x18
[  110.784193][ T9710]  ? trace_hardirqs_on+0x5e/0x240
[  110.789234][ T9710]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  110.794626][ T9710]  end_report+0x47/0x4f
[  110.798815][ T9710]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  110.804190][ T9710]  __kasan_report.cold+0xe/0x41
[  110.809473][ T9710]  ? ip_set_net_exit+0x510/0x5c0
[  110.814404][ T9710]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  110.819782][ T9710]  kasan_report+0x12/0x20
[  110.824107][ T9710]  check_memory_region+0x134/0x1a0
[  110.829318][ T9710]  __kasan_check_read+0x11/0x20
[  110.834239][ T9710]  bitmap_ip_ext_cleanup+0xd8/0x290
[  110.839446][ T9710]  bitmap_ip_destroy+0x180/0x1d0
[  110.844368][ T9710]  ip_set_create+0xe47/0x1500
[  110.849041][ T9710]  ? ip_set_destroy+0xb70/0xb70
[  110.853888][ T9710]  ? ip_set_destroy+0xb70/0xb70
[  110.858842][ T9710]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  110.863837][ T9710]  ? nfnetlink_bind+0x2c0/0x2c0
[  110.868765][ T9710]  ? __kasan_check_read+0x11/0x20
[  110.873817][ T9710]  ? __lock_acquire+0x8a0/0x4a00
[  110.878766][ T9710]  ? save_stack+0x5c/0x90
[  110.883084][ T9710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.889368][ T9710]  ? apparmor_capable+0x497/0x900
[  110.894486][ T9710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.900745][ T9710]  ? __kasan_check_read+0x11/0x20
[  110.905758][ T9710]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  110.911208][ T9710]  netlink_rcv_skb+0x177/0x450
[  110.915996][ T9710]  ? nfnetlink_bind+0x2c0/0x2c0
[  110.920844][ T9710]  ? netlink_ack+0xb50/0xb50
[  110.925419][ T9710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.931795][ T9710]  ? ns_capable_common+0x93/0x100
[  110.936924][ T9710]  ? ns_capable+0x20/0x30
[  110.941255][ T9710]  ? __netlink_ns_capable+0x104/0x140
[  110.946619][ T9710]  nfnetlink_rcv+0x1ba/0x460
[  110.951200][ T9710]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  110.956645][ T9710]  ? netlink_deliver_tap+0x24a/0xbe0
[  110.962792][ T9710]  ? __kasan_check_write+0x14/0x20
[  110.968031][ T9710]  netlink_unicast+0x58c/0x7d0
[  110.972788][ T9710]  ? netlink_attachskb+0x870/0x870
[  110.977891][ T9710]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  110.983644][ T9710]  ? __check_object_size+0x3d/0x437
[  110.988885][ T9710]  netlink_sendmsg+0x91c/0xea0
[  110.993678][ T9710]  ? netlink_unicast+0x7d0/0x7d0
[  110.998697][ T9710]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  111.004285][ T9710]  ? apparmor_socket_sendmsg+0x2a/0x30
[  111.009763][ T9710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  111.016124][ T9710]  ? security_socket_sendmsg+0x8d/0xc0
[  111.021572][ T9710]  ? netlink_unicast+0x7d0/0x7d0
[  111.026496][ T9710]  sock_sendmsg+0xd7/0x130
[  111.030895][ T9710]  ____sys_sendmsg+0x753/0x880
[  111.035657][ T9710]  ? kernel_sendmsg+0x50/0x50
[  111.040318][ T9710]  ? mark_held_locks+0xa4/0xf0
[  111.045102][ T9710]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  111.051191][ T9710]  ? __handle_mm_fault+0x3145/0x3cc0
[  111.056528][ T9710]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  111.062831][ T9710]  ___sys_sendmsg+0x100/0x170
[  111.067495][ T9710]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  111.073467][ T9710]  ? sendmsg_copy_msghdr+0x70/0x70
[  111.078763][ T9710]  ? __do_page_fault+0x56a/0xd80
[  111.083682][ T9710]  ? find_held_lock+0x35/0x130
[  111.089147][ T9710]  ? __do_page_fault+0x56a/0xd80
[  111.094087][ T9710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  111.100319][ T9710]  ? __fget_light+0x1a9/0x230
[  111.104984][ T9710]  ? __fdget+0x1b/0x20
[  111.109060][ T9710]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  111.115402][ T9710]  __sys_sendmsg+0x105/0x1d0
[  111.119971][ T9710]  ? __sys_sendmsg_sock+0xc0/0xc0
[  111.124982][ T9710]  ? down_read_non_owner+0x490/0x490
[  111.130249][ T9710]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  111.135687][ T9710]  ? do_syscall_64+0x26/0x790
[  111.140359][ T9710]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  111.146419][ T9710]  ? do_syscall_64+0x26/0x790
[  111.151090][ T9710]  __x64_sys_sendmsg+0x78/0xb0
[  111.155844][ T9710]  do_syscall_64+0xfa/0x790
[  111.160378][ T9710]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  111.166302][ T9710] RIP: 0033:0x441459
[  111.170177][ T9710] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  111.189764][ T9710] RSP: 002b:00007ffc4b72e9f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  111.198167][ T9710] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441459
[  111.206181][ T9710] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  111.214315][ T9710] RBP: 000000000001ad26 R08: 00000000004002c8 R09: 00000000004002c8
[  111.222371][ T9710] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402280
[  111.230325][ T9710] R13: 0000000000402310 R14: 0000000000000000 R15: 0000000000000000
[  111.240037][ T9710] Kernel Offset: disabled
[  111.244722][ T9710] Rebooting in 86400 seconds..