[   98.791744][   T27] audit: type=1800 audit(1579465206.238:27): pid=9841 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   98.847089][   T27] audit: type=1800 audit(1579465206.238:28): pid=9841 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   99.887433][   T27] audit: type=1800 audit(1579465207.418:29): pid=9841 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   99.907648][   T27] audit: type=1800 audit(1579465207.418:30): pid=9841 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [  109.673794][ T9996] ==================================================================
[  109.682294][ T9996] BUG: KASAN: slab-out-of-bounds in bitmap_ip_ext_cleanup+0xd8/0x290
[  109.690386][ T9996] Read of size 8 at addr ffff8880a7d15c80 by task syz-executor874/9996
[  109.698614][ T9996] 
[  109.700949][ T9996] CPU: 1 PID: 9996 Comm: syz-executor874 Not tainted 5.5.0-rc5-syzkaller #0
[  109.709618][ T9996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  109.720011][ T9996] Call Trace:
[  109.723297][ T9996]  dump_stack+0x197/0x210
[  109.727625][ T9996]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  109.733001][ T9996]  print_address_description.constprop.0.cold+0xd4/0x30b
[  109.740043][ T9996]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  109.745406][ T9996]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  109.750815][ T9996]  __kasan_report.cold+0x1b/0x41
[  109.755872][ T9996]  ? ip_set_net_exit+0x510/0x5c0
[  109.760875][ T9996]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  109.766399][ T9996]  kasan_report+0x12/0x20
[  109.770738][ T9996]  check_memory_region+0x134/0x1a0
[  109.775841][ T9996]  __kasan_check_read+0x11/0x20
[  109.780703][ T9996]  bitmap_ip_ext_cleanup+0xd8/0x290
[  109.785896][ T9996]  bitmap_ip_destroy+0x180/0x1d0
[  109.790874][ T9996]  ip_set_create+0xe47/0x1500
[  109.795564][ T9996]  ? ip_set_destroy+0xb70/0xb70
[  109.800721][ T9996]  ? ip_set_destroy+0xb70/0xb70
[  109.805572][ T9996]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  109.811299][ T9996]  ? nfnetlink_bind+0x2c0/0x2c0
[  109.816351][ T9996]  ? __kasan_check_read+0x11/0x20
[  109.821499][ T9996]  ? __lock_acquire+0x8a0/0x4a00
[  109.826601][ T9996]  ? save_stack+0x5c/0x90
[  109.830991][ T9996]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  109.837240][ T9996]  ? apparmor_capable+0x497/0x900
[  109.842287][ T9996]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  109.848536][ T9996]  ? __kasan_check_read+0x11/0x20
[  109.853565][ T9996]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  109.859120][ T9996]  netlink_rcv_skb+0x177/0x450
[  109.863893][ T9996]  ? nfnetlink_bind+0x2c0/0x2c0
[  109.868747][ T9996]  ? netlink_ack+0xb50/0xb50
[  109.873548][ T9996]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  109.880206][ T9996]  ? ns_capable_common+0x93/0x100
[  109.885264][ T9996]  ? ns_capable+0x20/0x30
[  109.889630][ T9996]  ? __netlink_ns_capable+0x104/0x140
[  109.895539][ T9996]  nfnetlink_rcv+0x1ba/0x460
[  109.900204][ T9996]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  109.905722][ T9996]  ? netlink_deliver_tap+0x24a/0xbe0
[  109.911013][ T9996]  ? __kasan_check_write+0x14/0x20
[  109.916242][ T9996]  netlink_unicast+0x58c/0x7d0
[  109.921030][ T9996]  ? netlink_attachskb+0x870/0x870
[  109.926160][ T9996]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  109.931883][ T9996]  ? __check_object_size+0x3d/0x437
[  109.937173][ T9996]  netlink_sendmsg+0x91c/0xea0
[  109.941998][ T9996]  ? netlink_unicast+0x7d0/0x7d0
[  109.947070][ T9996]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  109.952610][ T9996]  ? apparmor_socket_sendmsg+0x2a/0x30
[  109.958089][ T9996]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  109.964342][ T9996]  ? security_socket_sendmsg+0x8d/0xc0
[  109.969921][ T9996]  ? netlink_unicast+0x7d0/0x7d0
[  109.974898][ T9996]  sock_sendmsg+0xd7/0x130
[  109.979363][ T9996]  ____sys_sendmsg+0x753/0x880
[  109.984306][ T9996]  ? kernel_sendmsg+0x50/0x50
[  109.989170][ T9996]  ? mark_held_locks+0xa4/0xf0
[  109.993936][ T9996]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  110.000262][ T9996]  ? __handle_mm_fault+0x3145/0x3cc0
[  110.005551][ T9996]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  110.011652][ T9996]  ___sys_sendmsg+0x100/0x170
[  110.016332][ T9996]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  110.022322][ T9996]  ? sendmsg_copy_msghdr+0x70/0x70
[  110.027433][ T9996]  ? __do_page_fault+0x56a/0xd80
[  110.032611][ T9996]  ? find_held_lock+0x35/0x130
[  110.037371][ T9996]  ? __do_page_fault+0x56a/0xd80
[  110.042318][ T9996]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.048681][ T9996]  ? __fget_light+0x1a9/0x230
[  110.053363][ T9996]  ? __fdget+0x1b/0x20
[  110.057422][ T9996]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  110.063664][ T9996]  __sys_sendmsg+0x105/0x1d0
[  110.068561][ T9996]  ? __sys_sendmsg_sock+0xc0/0xc0
[  110.073751][ T9996]  ? down_read_non_owner+0x490/0x490
[  110.079159][ T9996]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  110.084627][ T9996]  ? do_syscall_64+0x26/0x790
[  110.089317][ T9996]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  110.095482][ T9996]  ? do_syscall_64+0x26/0x790
[  110.100371][ T9996]  __x64_sys_sendmsg+0x78/0xb0
[  110.105148][ T9996]  do_syscall_64+0xfa/0x790
[  110.109770][ T9996]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  110.115683][ T9996] RIP: 0033:0x441459
[  110.119719][ T9996] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  110.139599][ T9996] RSP: 002b:00007ffee4e5cf88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  110.148007][ T9996] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441459
[  110.155982][ T9996] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  110.163960][ T9996] RBP: 000000000001ac44 R08: 00000000004002c8 R09: 00000000004002c8
[  110.171934][ T9996] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402280
[  110.179913][ T9996] R13: 0000000000402310 R14: 0000000000000000 R15: 0000000000000000
[  110.188027][ T9996] 
[  110.190353][ T9996] Allocated by task 9996:
[  110.194780][ T9996]  save_stack+0x23/0x90
[  110.199080][ T9996]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  110.204794][ T9996]  kasan_kmalloc+0x9/0x10
[  110.209542][ T9996]  __kmalloc+0x163/0x770
[  110.213871][ T9996]  ip_set_alloc+0x38/0x5e
[  110.218232][ T9996]  bitmap_ip_create+0x6ec/0xc20
[  110.223284][ T9996]  ip_set_create+0x6f1/0x1500
[  110.228027][ T9996]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  110.233053][ T9996]  netlink_rcv_skb+0x177/0x450
[  110.237811][ T9996]  nfnetlink_rcv+0x1ba/0x460
[  110.242653][ T9996]  netlink_unicast+0x58c/0x7d0
[  110.247502][ T9996]  netlink_sendmsg+0x91c/0xea0
[  110.252265][ T9996]  sock_sendmsg+0xd7/0x130
[  110.256802][ T9996]  ____sys_sendmsg+0x753/0x880
[  110.261573][ T9996]  ___sys_sendmsg+0x100/0x170
[  110.266425][ T9996]  __sys_sendmsg+0x105/0x1d0
[  110.271046][ T9996]  __x64_sys_sendmsg+0x78/0xb0
[  110.275824][ T9996]  do_syscall_64+0xfa/0x790
[  110.280330][ T9996]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  110.286211][ T9996] 
[  110.288534][ T9996] Freed by task 9722:
[  110.292724][ T9996]  save_stack+0x23/0x90
[  110.296907][ T9996]  __kasan_slab_free+0x102/0x150
[  110.302047][ T9996]  kasan_slab_free+0xe/0x10
[  110.306643][ T9996]  kfree+0x10a/0x2c0
[  110.310533][ T9996]  single_release+0x95/0xc0
[  110.315122][ T9996]  __fput+0x2ff/0x890
[  110.319110][ T9996]  ____fput+0x16/0x20
[  110.323109][ T9996]  task_work_run+0x145/0x1c0
[  110.327696][ T9996]  exit_to_usermode_loop+0x316/0x380
[  110.333206][ T9996]  do_syscall_64+0x676/0x790
[  110.337794][ T9996]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  110.343681][ T9996] 
[  110.346012][ T9996] The buggy address belongs to the object at ffff8880a7d15c80
[  110.346012][ T9996]  which belongs to the cache kmalloc-32 of size 32
[  110.360014][ T9996] The buggy address is located 0 bytes inside of
[  110.360014][ T9996]  32-byte region [ffff8880a7d15c80, ffff8880a7d15ca0)
[  110.373337][ T9996] The buggy address belongs to the page:
[  110.379073][ T9996] page:ffffea00029f4540 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a7d15fc1
[  110.389477][ T9996] raw: 00fffe0000000200 ffffea00027c0bc8 ffffea00029aa6c8 ffff8880aa4001c0
[  110.398228][ T9996] raw: ffff8880a7d15fc1 ffff8880a7d15000 0000000100000034 0000000000000000
[  110.406979][ T9996] page dumped because: kasan: bad access detected
[  110.413554][ T9996] 
[  110.415874][ T9996] Memory state around the buggy address:
[  110.421702][ T9996]  ffff8880a7d15b80: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[  110.429769][ T9996]  ffff8880a7d15c00: 00 00 00 fc fc fc fc fc 00 fc fc fc fc fc fc fc
[  110.437858][ T9996] >ffff8880a7d15c80: 04 fc fc fc fc fc fc fc 00 00 00 fc fc fc fc fc
[  110.445917][ T9996]                    ^
[  110.450116][ T9996]  ffff8880a7d15d00: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[  110.458287][ T9996]  ffff8880a7d15d80: 05 fc fc fc fc fc fc fc 00 00 fc fc fc fc fc fc
[  110.466578][ T9996] ==================================================================
[  110.474633][ T9996] Disabling lock debugging due to kernel taint
[  110.482696][ T9996] Kernel panic - not syncing: panic_on_warn set ...
[  110.490580][ T9996] CPU: 0 PID: 9996 Comm: syz-executor874 Tainted: G    B             5.5.0-rc5-syzkaller #0
[  110.500930][ T9996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  110.510991][ T9996] Call Trace:
[  110.514361][ T9996]  dump_stack+0x197/0x210
[  110.518711][ T9996]  panic+0x2e3/0x75c
[  110.522627][ T9996]  ? add_taint.cold+0x16/0x16
[  110.527314][ T9996]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  110.532686][ T9996]  ? preempt_schedule+0x4b/0x60
[  110.537603][ T9996]  ? ___preempt_schedule+0x16/0x18
[  110.542836][ T9996]  ? trace_hardirqs_on+0x5e/0x240
[  110.547867][ T9996]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  110.553473][ T9996]  end_report+0x47/0x4f
[  110.557747][ T9996]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  110.563133][ T9996]  __kasan_report.cold+0xe/0x41
[  110.568065][ T9996]  ? ip_set_net_exit+0x510/0x5c0
[  110.573011][ T9996]  ? bitmap_ip_ext_cleanup+0xd8/0x290
[  110.578419][ T9996]  kasan_report+0x12/0x20
[  110.582749][ T9996]  check_memory_region+0x134/0x1a0
[  110.587869][ T9996]  __kasan_check_read+0x11/0x20
[  110.592720][ T9996]  bitmap_ip_ext_cleanup+0xd8/0x290
[  110.599305][ T9996]  bitmap_ip_destroy+0x180/0x1d0
[  110.604241][ T9996]  ip_set_create+0xe47/0x1500
[  110.608951][ T9996]  ? ip_set_destroy+0xb70/0xb70
[  110.613835][ T9996]  ? ip_set_destroy+0xb70/0xb70
[  110.618680][ T9996]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  110.623640][ T9996]  ? nfnetlink_bind+0x2c0/0x2c0
[  110.628705][ T9996]  ? __kasan_check_read+0x11/0x20
[  110.633717][ T9996]  ? __lock_acquire+0x8a0/0x4a00
[  110.638639][ T9996]  ? save_stack+0x5c/0x90
[  110.642961][ T9996]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.649330][ T9996]  ? apparmor_capable+0x497/0x900
[  110.654497][ T9996]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.660738][ T9996]  ? __kasan_check_read+0x11/0x20
[  110.665902][ T9996]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  110.671472][ T9996]  netlink_rcv_skb+0x177/0x450
[  110.676222][ T9996]  ? nfnetlink_bind+0x2c0/0x2c0
[  110.681072][ T9996]  ? netlink_ack+0xb50/0xb50
[  110.685672][ T9996]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.691948][ T9996]  ? ns_capable_common+0x93/0x100
[  110.697109][ T9996]  ? ns_capable+0x20/0x30
[  110.701500][ T9996]  ? __netlink_ns_capable+0x104/0x140
[  110.706938][ T9996]  nfnetlink_rcv+0x1ba/0x460
[  110.711539][ T9996]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[  110.716994][ T9996]  ? netlink_deliver_tap+0x24a/0xbe0
[  110.722280][ T9996]  ? __kasan_check_write+0x14/0x20
[  110.727605][ T9996]  netlink_unicast+0x58c/0x7d0
[  110.732874][ T9996]  ? netlink_attachskb+0x870/0x870
[  110.737988][ T9996]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  110.744014][ T9996]  ? __check_object_size+0x3d/0x437
[  110.749198][ T9996]  netlink_sendmsg+0x91c/0xea0
[  110.754318][ T9996]  ? netlink_unicast+0x7d0/0x7d0
[  110.759258][ T9996]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  110.764805][ T9996]  ? apparmor_socket_sendmsg+0x2a/0x30
[  110.770275][ T9996]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.776508][ T9996]  ? security_socket_sendmsg+0x8d/0xc0
[  110.781964][ T9996]  ? netlink_unicast+0x7d0/0x7d0
[  110.786904][ T9996]  sock_sendmsg+0xd7/0x130
[  110.791335][ T9996]  ____sys_sendmsg+0x753/0x880
[  110.796109][ T9996]  ? kernel_sendmsg+0x50/0x50
[  110.800773][ T9996]  ? mark_held_locks+0xa4/0xf0
[  110.805694][ T9996]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  110.811818][ T9996]  ? __handle_mm_fault+0x3145/0x3cc0
[  110.817288][ T9996]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[  110.823762][ T9996]  ___sys_sendmsg+0x100/0x170
[  110.828428][ T9996]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  110.834411][ T9996]  ? sendmsg_copy_msghdr+0x70/0x70
[  110.839583][ T9996]  ? __do_page_fault+0x56a/0xd80
[  110.844521][ T9996]  ? find_held_lock+0x35/0x130
[  110.849333][ T9996]  ? __do_page_fault+0x56a/0xd80
[  110.854290][ T9996]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.860538][ T9996]  ? __fget_light+0x1a9/0x230
[  110.865287][ T9996]  ? __fdget+0x1b/0x20
[  110.869353][ T9996]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  110.875666][ T9996]  __sys_sendmsg+0x105/0x1d0
[  110.880305][ T9996]  ? __sys_sendmsg_sock+0xc0/0xc0
[  110.885348][ T9996]  ? down_read_non_owner+0x490/0x490
[  110.890670][ T9996]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  110.896165][ T9996]  ? do_syscall_64+0x26/0x790
[  110.900827][ T9996]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  110.906891][ T9996]  ? do_syscall_64+0x26/0x790
[  110.911566][ T9996]  __x64_sys_sendmsg+0x78/0xb0
[  110.916379][ T9996]  do_syscall_64+0xfa/0x790
[  110.920871][ T9996]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  110.926788][ T9996] RIP: 0033:0x441459
[  110.930683][ T9996] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  110.950366][ T9996] RSP: 002b:00007ffee4e5cf88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  110.958793][ T9996] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441459
[  110.967028][ T9996] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  110.975226][ T9996] RBP: 000000000001ac44 R08: 00000000004002c8 R09: 00000000004002c8
[  110.983333][ T9996] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402280
[  110.991453][ T9996] R13: 0000000000402310 R14: 0000000000000000 R15: 0000000000000000
[  111.001137][ T9996] Kernel Offset: disabled
[  111.005479][ T9996] Rebooting in 86400 seconds..