[   82.995732][   T27] audit: type=1800 audit(1579811142.120:26): pid=9699 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   84.190596][   T27] kauditd_printk_skb: 2 callbacks suppressed
[   84.190607][   T27] audit: type=1800 audit(1579811143.340:29): pid=9699 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   84.217339][   T27] audit: type=1800 audit(1579811143.340:30): pid=9699 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.9' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   92.383283][ T9853] ==================================================================
[   92.391477][ T9853] BUG: KASAN: slab-out-of-bounds in bitmap_port_ext_cleanup+0xe6/0x2a0
[   92.399836][ T9853] Read of size 8 at addr ffff88809b263e40 by task syz-executor941/9853
[   92.408109][ T9853] 
[   92.410474][ T9853] CPU: 0 PID: 9853 Comm: syz-executor941 Not tainted 5.5.0-rc7-syzkaller #0
[   92.419156][ T9853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   92.429230][ T9853] Call Trace:
[   92.432612][ T9853]  dump_stack+0x197/0x210
[   92.436937][ T9853]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   92.442626][ T9853]  print_address_description.constprop.0.cold+0xd4/0x30b
[   92.449790][ T9853]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   92.455332][ T9853]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   92.460963][ T9853]  __kasan_report.cold+0x1b/0x41
[   92.465978][ T9853]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   92.471537][ T9853]  kasan_report+0x12/0x20
[   92.475874][ T9853]  check_memory_region+0x134/0x1a0
[   92.480991][ T9853]  __kasan_check_read+0x11/0x20
[   92.485842][ T9853]  bitmap_port_ext_cleanup+0xe6/0x2a0
[   92.491213][ T9853]  bitmap_port_destroy+0x180/0x1d0
[   92.496377][ T9853]  ip_set_create+0xe47/0x1500
[   92.501173][ T9853]  ? ip_set_destroy+0xb70/0xb70
[   92.506031][ T9853]  ? ip_set_destroy+0xb70/0xb70
[   92.510898][ T9853]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   92.515953][ T9853]  ? nfnetlink_bind+0x2c0/0x2c0
[   92.520801][ T9853]  ? __kasan_check_read+0x11/0x20
[   92.525824][ T9853]  ? __lock_acquire+0x8a0/0x4a00
[   92.530774][ T9853]  ? save_stack+0x5c/0x90
[   92.535113][ T9853]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   92.541359][ T9853]  ? apparmor_capable+0x497/0x900
[   92.546381][ T9853]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   92.552681][ T9853]  ? __kasan_check_read+0x11/0x20
[   92.557760][ T9853]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   92.563530][ T9853]  netlink_rcv_skb+0x177/0x450
[   92.568299][ T9853]  ? nfnetlink_bind+0x2c0/0x2c0
[   92.573147][ T9853]  ? netlink_ack+0xb50/0xb50
[   92.577738][ T9853]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   92.583969][ T9853]  ? ns_capable_common+0x93/0x100
[   92.589050][ T9853]  ? ns_capable+0x20/0x30
[   92.593539][ T9853]  ? __netlink_ns_capable+0x104/0x140
[   92.598921][ T9853]  nfnetlink_rcv+0x1ba/0x460
[   92.603516][ T9853]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   92.609092][ T9853]  ? netlink_deliver_tap+0x24a/0xbe0
[   92.614379][ T9853]  ? __kasan_check_write+0x14/0x20
[   92.619605][ T9853]  netlink_unicast+0x58c/0x7d0
[   92.624379][ T9853]  ? netlink_attachskb+0x870/0x870
[   92.629583][ T9853]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   92.635323][ T9853]  ? __check_object_size+0x3d/0x437
[   92.640521][ T9853]  netlink_sendmsg+0x91c/0xea0
[   92.645294][ T9853]  ? netlink_unicast+0x7d0/0x7d0
[   92.650336][ T9853]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   92.655947][ T9853]  ? apparmor_socket_sendmsg+0x2a/0x30
[   92.661520][ T9853]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   92.667759][ T9853]  ? security_socket_sendmsg+0x8d/0xc0
[   92.673213][ T9853]  ? netlink_unicast+0x7d0/0x7d0
[   92.678153][ T9853]  sock_sendmsg+0xd7/0x130
[   92.682705][ T9853]  ____sys_sendmsg+0x753/0x880
[   92.687524][ T9853]  ? kernel_sendmsg+0x50/0x50
[   92.692206][ T9853]  ? mark_held_locks+0xa4/0xf0
[   92.697249][ T9853]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   92.703418][ T9853]  ___sys_sendmsg+0x100/0x170
[   92.708261][ T9853]  ? sendmsg_copy_msghdr+0x70/0x70
[   92.713372][ T9853]  ? prep_transhuge_page+0xa0/0xa0
[   92.718895][ T9853]  ? __do_page_fault+0x56a/0xd80
[   92.723829][ T9853]  ? find_held_lock+0x35/0x130
[   92.728594][ T9853]  ? __do_page_fault+0x56a/0xd80
[   92.733532][ T9853]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   92.739771][ T9853]  ? __fget_light+0x1a9/0x230
[   92.744447][ T9853]  ? __fdget+0x1b/0x20
[   92.748507][ T9853]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   92.754861][ T9853]  __sys_sendmsg+0x105/0x1d0
[   92.759574][ T9853]  ? __sys_sendmsg_sock+0xc0/0xc0
[   92.764654][ T9853]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   92.770113][ T9853]  ? do_fast_syscall_32+0xd1/0xe16
[   92.775231][ T9853]  ? entry_SYSENTER_compat+0x70/0x7f
[   92.780535][ T9853]  ? do_fast_syscall_32+0xd1/0xe16
[   92.785740][ T9853]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[   92.791371][ T9853]  do_fast_syscall_32+0x27b/0xe16
[   92.796620][ T9853]  entry_SYSENTER_compat+0x70/0x7f
[   92.801988][ T9853] RIP: 0023:0xf7fe19a9
[   92.806048][ T9853] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   92.825767][ T9853] RSP: 002b:00000000ffbf262c EFLAGS: 00000202 ORIG_RAX: 0000000000000172
[   92.834187][ T9853] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000140
[   92.842364][ T9853] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000ffbf2744
[   92.850448][ T9853] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   92.858515][ T9853] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   92.866794][ T9853] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   92.874765][ T9853] 
[   92.877098][ T9853] Allocated by task 9853:
[   92.881441][ T9853]  save_stack+0x23/0x90
[   92.885877][ T9853]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   92.891507][ T9853]  kasan_kmalloc+0x9/0x10
[   92.895846][ T9853]  __kmalloc+0x163/0x770
[   92.900240][ T9853]  ip_set_alloc+0x38/0x5e
[   92.904711][ T9853]  bitmap_port_create+0x3dc/0x7c0
[   92.909876][ T9853]  ip_set_create+0x6f1/0x1500
[   92.914587][ T9853]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   92.919579][ T9853]  netlink_rcv_skb+0x177/0x450
[   92.924350][ T9853]  nfnetlink_rcv+0x1ba/0x460
[   92.928937][ T9853]  netlink_unicast+0x58c/0x7d0
[   92.933856][ T9853]  netlink_sendmsg+0x91c/0xea0
[   92.938607][ T9853]  sock_sendmsg+0xd7/0x130
[   92.943008][ T9853]  ____sys_sendmsg+0x753/0x880
[   92.947971][ T9853]  ___sys_sendmsg+0x100/0x170
[   92.952636][ T9853]  __sys_sendmsg+0x105/0x1d0
[   92.957260][ T9853]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[   92.963609][ T9853]  do_fast_syscall_32+0x27b/0xe16
[   92.968641][ T9853]  entry_SYSENTER_compat+0x70/0x7f
[   92.973750][ T9853] 
[   92.976072][ T9853] Freed by task 9594:
[   92.980047][ T9853]  save_stack+0x23/0x90
[   92.984331][ T9853]  __kasan_slab_free+0x102/0x150
[   92.989359][ T9853]  kasan_slab_free+0xe/0x10
[   92.993936][ T9853]  kfree+0x10a/0x2c0
[   92.997848][ T9853]  tomoyo_supervisor+0xc2c/0xef0
[   93.002989][ T9853]  tomoyo_env_perm+0x18e/0x210
[   93.007766][ T9853]  tomoyo_find_next_domain+0x1354/0x1f6c
[   93.013417][ T9853]  tomoyo_bprm_check_security+0x124/0x1a0
[   93.019136][ T9853]  security_bprm_check+0x63/0xb0
[   93.024158][ T9853]  search_binary_handler+0x71/0x570
[   93.029349][ T9853]  __do_execve_file.isra.0+0x1329/0x22b0
[   93.034971][ T9853]  __x64_sys_execve+0x8f/0xc0
[   93.039654][ T9853]  do_syscall_64+0xfa/0x790
[   93.044173][ T9853]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   93.050065][ T9853] 
[   93.052440][ T9853] The buggy address belongs to the object at ffff88809b263e40
[   93.052440][ T9853]  which belongs to the cache kmalloc-32 of size 32
[   93.066421][ T9853] The buggy address is located 0 bytes inside of
[   93.066421][ T9853]  32-byte region [ffff88809b263e40, ffff88809b263e60)
[   93.079444][ T9853] The buggy address belongs to the page:
[   93.085134][ T9853] page:ffffea00026c98c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809b263fc1
[   93.095537][ T9853] raw: 00fffe0000000200 ffffea000251ecc8 ffffea00027ee2c8 ffff8880aa4001c0
[   93.104120][ T9853] raw: ffff88809b263fc1 ffff88809b263000 000000010000003e 0000000000000000
[   93.112691][ T9853] page dumped because: kasan: bad access detected
[   93.119247][ T9853] 
[   93.121561][ T9853] Memory state around the buggy address:
[   93.128146][ T9853]  ffff88809b263d00: 00 00 fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   93.136218][ T9853]  ffff88809b263d80: 00 fc fc fc fc fc fc fc 07 fc fc fc fc fc fc fc
[   93.144286][ T9853] >ffff88809b263e00: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc
[   93.152395][ T9853]                                            ^
[   93.158874][ T9853]  ffff88809b263e80: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   93.166980][ T9853]  ffff88809b263f00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   93.175060][ T9853] ==================================================================
[   93.183108][ T9853] Disabling lock debugging due to kernel taint
[   93.189868][ T9853] Kernel panic - not syncing: panic_on_warn set ...
[   93.196881][ T9853] CPU: 0 PID: 9853 Comm: syz-executor941 Tainted: G    B             5.5.0-rc7-syzkaller #0
[   93.208828][ T9853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   93.219747][ T9853] Call Trace:
[   93.223117][ T9853]  dump_stack+0x197/0x210
[   93.227762][ T9853]  panic+0x2e3/0x75c
[   93.231705][ T9853]  ? add_taint.cold+0x16/0x16
[   93.236486][ T9853]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   93.242046][ T9853]  ? preempt_schedule+0x4b/0x60
[   93.246888][ T9853]  ? ___preempt_schedule+0x16/0x18
[   93.252001][ T9853]  ? trace_hardirqs_on+0x5e/0x240
[   93.257077][ T9853]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   93.262724][ T9853]  end_report+0x47/0x4f
[   93.266936][ T9853]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   93.272476][ T9853]  __kasan_report.cold+0xe/0x41
[   93.277329][ T9853]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   93.282878][ T9853]  kasan_report+0x12/0x20
[   93.287321][ T9853]  check_memory_region+0x134/0x1a0
[   93.292566][ T9853]  __kasan_check_read+0x11/0x20
[   93.297693][ T9853]  bitmap_port_ext_cleanup+0xe6/0x2a0
[   93.303081][ T9853]  bitmap_port_destroy+0x180/0x1d0
[   93.308248][ T9853]  ip_set_create+0xe47/0x1500
[   93.312918][ T9853]  ? ip_set_destroy+0xb70/0xb70
[   93.317771][ T9853]  ? ip_set_destroy+0xb70/0xb70
[   93.322683][ T9853]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   93.327776][ T9853]  ? nfnetlink_bind+0x2c0/0x2c0
[   93.332645][ T9853]  ? __kasan_check_read+0x11/0x20
[   93.337708][ T9853]  ? __lock_acquire+0x8a0/0x4a00
[   93.342851][ T9853]  ? save_stack+0x5c/0x90
[   93.347226][ T9853]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   93.353594][ T9853]  ? apparmor_capable+0x497/0x900
[   93.358724][ T9853]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   93.365094][ T9853]  ? __kasan_check_read+0x11/0x20
[   93.370105][ T9853]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   93.375568][ T9853]  netlink_rcv_skb+0x177/0x450
[   93.380334][ T9853]  ? nfnetlink_bind+0x2c0/0x2c0
[   93.385282][ T9853]  ? netlink_ack+0xb50/0xb50
[   93.389874][ T9853]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   93.396118][ T9853]  ? ns_capable_common+0x93/0x100
[   93.401250][ T9853]  ? ns_capable+0x20/0x30
[   93.405680][ T9853]  ? __netlink_ns_capable+0x104/0x140
[   93.411069][ T9853]  nfnetlink_rcv+0x1ba/0x460
[   93.415817][ T9853]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   93.421291][ T9853]  ? netlink_deliver_tap+0x24a/0xbe0
[   93.426722][ T9853]  ? __kasan_check_write+0x14/0x20
[   93.432106][ T9853]  netlink_unicast+0x58c/0x7d0
[   93.436884][ T9853]  ? netlink_attachskb+0x870/0x870
[   93.442031][ T9853]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   93.447767][ T9853]  ? __check_object_size+0x3d/0x437
[   93.453090][ T9853]  netlink_sendmsg+0x91c/0xea0
[   93.457940][ T9853]  ? netlink_unicast+0x7d0/0x7d0
[   93.462958][ T9853]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   93.468514][ T9853]  ? apparmor_socket_sendmsg+0x2a/0x30
[   93.474749][ T9853]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   93.481084][ T9853]  ? security_socket_sendmsg+0x8d/0xc0
[   93.486557][ T9853]  ? netlink_unicast+0x7d0/0x7d0
[   93.491498][ T9853]  sock_sendmsg+0xd7/0x130
[   93.495971][ T9853]  ____sys_sendmsg+0x753/0x880
[   93.500730][ T9853]  ? kernel_sendmsg+0x50/0x50
[   93.505658][ T9853]  ? mark_held_locks+0xa4/0xf0
[   93.510435][ T9853]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   93.516524][ T9853]  ___sys_sendmsg+0x100/0x170
[   93.521190][ T9853]  ? sendmsg_copy_msghdr+0x70/0x70
[   93.526295][ T9853]  ? prep_transhuge_page+0xa0/0xa0
[   93.531406][ T9853]  ? __do_page_fault+0x56a/0xd80
[   93.536343][ T9853]  ? find_held_lock+0x35/0x130
[   93.541095][ T9853]  ? __do_page_fault+0x56a/0xd80
[   93.546029][ T9853]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   93.552262][ T9853]  ? __fget_light+0x1a9/0x230
[   93.557036][ T9853]  ? __fdget+0x1b/0x20
[   93.561100][ T9853]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   93.567345][ T9853]  __sys_sendmsg+0x105/0x1d0
[   93.571933][ T9853]  ? __sys_sendmsg_sock+0xc0/0xc0
[   93.577475][ T9853]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   93.582931][ T9853]  ? do_fast_syscall_32+0xd1/0xe16
[   93.588032][ T9853]  ? entry_SYSENTER_compat+0x70/0x7f
[   93.593308][ T9853]  ? do_fast_syscall_32+0xd1/0xe16
[   93.598420][ T9853]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[   93.603978][ T9853]  do_fast_syscall_32+0x27b/0xe16
[   93.608994][ T9853]  entry_SYSENTER_compat+0x70/0x7f
[   93.614097][ T9853] RIP: 0023:0xf7fe19a9
[   93.618153][ T9853] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   93.637747][ T9853] RSP: 002b:00000000ffbf262c EFLAGS: 00000202 ORIG_RAX: 0000000000000172
[   93.646146][ T9853] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000140
[   93.654334][ T9853] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000ffbf2744
[   93.662329][ T9853] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   93.670452][ T9853] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   93.678588][ T9853] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   93.688191][ T9853] Kernel Offset: disabled
[   93.692691][ T9853] Rebooting in 86400 seconds..