[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   78.260852][   T27] audit: type=1800 audit(1578570445.715:25): pid=9286 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   78.281469][   T27] audit: type=1800 audit(1578570445.715:26): pid=9286 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   78.338433][   T27] audit: type=1800 audit(1578570445.725:27): pid=9286 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.211' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   97.736069][ T9441] ==================================================================
[   97.744261][ T9441] BUG: KASAN: use-after-free in bitmap_port_ext_cleanup+0xe6/0x2a0
[   97.752132][ T9441] Read of size 8 at addr ffff88809a043780 by task syz-executor597/9441
[   97.760353][ T9441] 
[   97.762669][ T9441] CPU: 0 PID: 9441 Comm: syz-executor597 Not tainted 5.5.0-rc4-syzkaller #0
[   97.771344][ T9441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   97.781378][ T9441] Call Trace:
[   97.784662][ T9441]  dump_stack+0x197/0x210
[   97.788971][ T9441]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   97.794497][ T9441]  print_address_description.constprop.0.cold+0xd4/0x30b
[   97.801499][ T9441]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   97.807024][ T9441]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   97.812552][ T9441]  __kasan_report.cold+0x1b/0x41
[   97.817469][ T9441]  ? kfree+0x160/0x2c0
[   97.821515][ T9441]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   97.827041][ T9441]  kasan_report+0x12/0x20
[   97.831349][ T9441]  check_memory_region+0x134/0x1a0
[   97.836437][ T9441]  __kasan_check_read+0x11/0x20
[   97.841268][ T9441]  bitmap_port_ext_cleanup+0xe6/0x2a0
[   97.846637][ T9441]  bitmap_port_destroy+0x17c/0x1d0
[   97.851729][ T9441]  ip_set_create+0xe47/0x1500
[   97.856397][ T9441]  ? ip_set_destroy+0xb70/0xb70
[   97.861277][ T9441]  ? ip_set_destroy+0xb70/0xb70
[   97.866119][ T9441]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   97.871051][ T9441]  ? nfnetlink_bind+0x2c0/0x2c0
[   97.875924][ T9441]  ? __kasan_check_read+0x11/0x20
[   97.881008][ T9441]  ? __lock_acquire+0x8a0/0x4a00
[   97.885937][ T9441]  ? save_stack+0x5c/0x90
[   97.890255][ T9441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   97.896472][ T9441]  ? apparmor_capable+0x497/0x900
[   97.901478][ T9441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   97.907704][ T9441]  ? __kasan_check_read+0x11/0x20
[   97.912719][ T9441]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   97.918220][ T9441]  netlink_rcv_skb+0x177/0x450
[   97.923013][ T9441]  ? nfnetlink_bind+0x2c0/0x2c0
[   97.927869][ T9441]  ? netlink_ack+0xb50/0xb50
[   97.932437][ T9441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   97.938672][ T9441]  ? ns_capable_common+0x93/0x100
[   97.943682][ T9441]  ? ns_capable+0x20/0x30
[   97.948021][ T9441]  ? __netlink_ns_capable+0x104/0x140
[   97.953411][ T9441]  nfnetlink_rcv+0x1ba/0x460
[   97.958035][ T9441]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   97.963480][ T9441]  ? netlink_deliver_tap+0x24a/0xbe0
[   97.968750][ T9441]  ? __kasan_check_write+0x14/0x20
[   97.973877][ T9441]  netlink_unicast+0x58c/0x7d0
[   97.978630][ T9441]  ? netlink_attachskb+0x870/0x870
[   97.983726][ T9441]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   97.989426][ T9441]  ? __check_object_size+0x3d/0x437
[   97.994614][ T9441]  netlink_sendmsg+0x91c/0xea0
[   97.999382][ T9441]  ? netlink_unicast+0x7d0/0x7d0
[   98.004337][ T9441]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   98.009871][ T9441]  ? apparmor_socket_sendmsg+0x2a/0x30
[   98.015309][ T9441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.021543][ T9441]  ? security_socket_sendmsg+0x8d/0xc0
[   98.026981][ T9441]  ? netlink_unicast+0x7d0/0x7d0
[   98.031909][ T9441]  sock_sendmsg+0xd7/0x130
[   98.036308][ T9441]  ____sys_sendmsg+0x753/0x880
[   98.041054][ T9441]  ? kernel_sendmsg+0x50/0x50
[   98.045714][ T9441]  ? mark_held_locks+0xa4/0xf0
[   98.050467][ T9441]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   98.056518][ T9441]  ? __handle_mm_fault+0x3145/0x3cc0
[   98.061783][ T9441]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   98.067848][ T9441]  ___sys_sendmsg+0x100/0x170
[   98.072510][ T9441]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   98.078476][ T9441]  ? sendmsg_copy_msghdr+0x70/0x70
[   98.083581][ T9441]  ? __do_page_fault+0x56a/0xd80
[   98.088505][ T9441]  ? find_held_lock+0x35/0x130
[   98.093255][ T9441]  ? __do_page_fault+0x56a/0xd80
[   98.098188][ T9441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.104421][ T9441]  ? __fget_light+0x1a9/0x230
[   98.109077][ T9441]  ? __fdget+0x1b/0x20
[   98.113140][ T9441]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   98.119370][ T9441]  __sys_sendmsg+0x105/0x1d0
[   98.123946][ T9441]  ? __sys_sendmsg_sock+0xc0/0xc0
[   98.128955][ T9441]  ? down_read_non_owner+0x490/0x490
[   98.134230][ T9441]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   98.139701][ T9441]  ? do_syscall_64+0x26/0x790
[   98.144375][ T9441]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   98.150696][ T9441]  ? do_syscall_64+0x26/0x790
[   98.155372][ T9441]  __x64_sys_sendmsg+0x78/0xb0
[   98.160121][ T9441]  do_syscall_64+0xfa/0x790
[   98.164617][ T9441]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   98.170487][ T9441] RIP: 0033:0x4413d9
[   98.174369][ T9441] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   98.193959][ T9441] RSP: 002b:00007fffb9b3ba28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   98.202350][ T9441] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413d9
[   98.210302][ T9441] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003
[   98.218266][ T9441] RBP: 0000000000017d9e R08: 00000000004002c8 R09: 00000000004002c8
[   98.226231][ T9441] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402200
[   98.234209][ T9441] R13: 0000000000402290 R14: 0000000000000000 R15: 0000000000000000
[   98.242174][ T9441] 
[   98.244491][ T9441] Allocated by task 9441:
[   98.248813][ T9441]  save_stack+0x23/0x90
[   98.252954][ T9441]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   98.258606][ T9441]  kasan_kmalloc+0x9/0x10
[   98.262913][ T9441]  __kmalloc+0x163/0x770
[   98.267137][ T9441]  ip_set_alloc+0x38/0x5e
[   98.271445][ T9441]  bitmap_port_create+0x3dc/0x7c0
[   98.276455][ T9441]  ip_set_create+0x6f1/0x1500
[   98.281113][ T9441]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   98.286043][ T9441]  netlink_rcv_skb+0x177/0x450
[   98.290784][ T9441]  nfnetlink_rcv+0x1ba/0x460
[   98.295348][ T9441]  netlink_unicast+0x58c/0x7d0
[   98.300101][ T9441]  netlink_sendmsg+0x91c/0xea0
[   98.304843][ T9441]  sock_sendmsg+0xd7/0x130
[   98.309235][ T9441]  ____sys_sendmsg+0x753/0x880
[   98.313977][ T9441]  ___sys_sendmsg+0x100/0x170
[   98.318653][ T9441]  __sys_sendmsg+0x105/0x1d0
[   98.323233][ T9441]  __x64_sys_sendmsg+0x78/0xb0
[   98.327985][ T9441]  do_syscall_64+0xfa/0x790
[   98.332474][ T9441]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   98.338363][ T9441] 
[   98.340682][ T9441] Freed by task 9441:
[   98.344653][ T9441]  save_stack+0x23/0x90
[   98.348787][ T9441]  __kasan_slab_free+0x102/0x150
[   98.353700][ T9441]  kasan_slab_free+0xe/0x10
[   98.358180][ T9441]  kfree+0x10a/0x2c0
[   98.362157][ T9441]  kvfree+0x61/0x70
[   98.365972][ T9441]  ip_set_free+0x16/0x20
[   98.370191][ T9441]  bitmap_port_destroy+0xae/0x1d0
[   98.375206][ T9441]  ip_set_create+0xe47/0x1500
[   98.379862][ T9441]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   98.384776][ T9441]  netlink_rcv_skb+0x177/0x450
[   98.389516][ T9441]  nfnetlink_rcv+0x1ba/0x460
[   98.394089][ T9441]  netlink_unicast+0x58c/0x7d0
[   98.398852][ T9441]  netlink_sendmsg+0x91c/0xea0
[   98.403609][ T9441]  sock_sendmsg+0xd7/0x130
[   98.408002][ T9441]  ____sys_sendmsg+0x753/0x880
[   98.412749][ T9441]  ___sys_sendmsg+0x100/0x170
[   98.417415][ T9441]  __sys_sendmsg+0x105/0x1d0
[   98.421982][ T9441]  __x64_sys_sendmsg+0x78/0xb0
[   98.426752][ T9441]  do_syscall_64+0xfa/0x790
[   98.431235][ T9441]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   98.437103][ T9441] 
[   98.439468][ T9441] The buggy address belongs to the object at ffff88809a043780
[   98.439468][ T9441]  which belongs to the cache kmalloc-32 of size 32
[   98.453446][ T9441] The buggy address is located 0 bytes inside of
[   98.453446][ T9441]  32-byte region [ffff88809a043780, ffff88809a0437a0)
[   98.466432][ T9441] The buggy address belongs to the page:
[   98.472046][ T9441] page:ffffea00026810c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809a043fc1
[   98.482434][ T9441] raw: 00fffe0000000200 ffffea000285d188 ffffea0002688508 ffff8880aa4001c0
[   98.491005][ T9441] raw: ffff88809a043fc1 ffff88809a043000 000000010000003f 0000000000000000
[   98.499562][ T9441] page dumped because: kasan: bad access detected
[   98.505961][ T9441] 
[   98.508269][ T9441] Memory state around the buggy address:
[   98.513883][ T9441]  ffff88809a043680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   98.521937][ T9441]  ffff88809a043700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   98.529992][ T9441] >ffff88809a043780: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   98.538031][ T9441]                    ^
[   98.542079][ T9441]  ffff88809a043800: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc
[   98.550122][ T9441]  ffff88809a043880: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   98.558157][ T9441] ==================================================================
[   98.566196][ T9441] Disabling lock debugging due to kernel taint
[   98.574589][ T9441] Kernel panic - not syncing: panic_on_warn set ...
[   98.581172][ T9441] CPU: 0 PID: 9441 Comm: syz-executor597 Tainted: G    B             5.5.0-rc4-syzkaller #0
[   98.591203][ T9441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   98.601231][ T9441] Call Trace:
[   98.604500][ T9441]  dump_stack+0x197/0x210
[   98.608823][ T9441]  panic+0x2e3/0x75c
[   98.612704][ T9441]  ? add_taint.cold+0x16/0x16
[   98.617372][ T9441]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   98.622898][ T9441]  ? preempt_schedule+0x4b/0x60
[   98.627766][ T9441]  ? ___preempt_schedule+0x16/0x18
[   98.632858][ T9441]  ? trace_hardirqs_on+0x5e/0x240
[   98.637861][ T9441]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   98.643391][ T9441]  end_report+0x47/0x4f
[   98.647534][ T9441]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   98.653061][ T9441]  __kasan_report.cold+0xe/0x41
[   98.657891][ T9441]  ? kfree+0x160/0x2c0
[   98.661942][ T9441]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   98.667467][ T9441]  kasan_report+0x12/0x20
[   98.671780][ T9441]  check_memory_region+0x134/0x1a0
[   98.676876][ T9441]  __kasan_check_read+0x11/0x20
[   98.681705][ T9441]  bitmap_port_ext_cleanup+0xe6/0x2a0
[   98.687064][ T9441]  bitmap_port_destroy+0x17c/0x1d0
[   98.692162][ T9441]  ip_set_create+0xe47/0x1500
[   98.696823][ T9441]  ? ip_set_destroy+0xb70/0xb70
[   98.701666][ T9441]  ? ip_set_destroy+0xb70/0xb70
[   98.706502][ T9441]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   98.711420][ T9441]  ? nfnetlink_bind+0x2c0/0x2c0
[   98.716255][ T9441]  ? __kasan_check_read+0x11/0x20
[   98.721393][ T9441]  ? __lock_acquire+0x8a0/0x4a00
[   98.726311][ T9441]  ? save_stack+0x5c/0x90
[   98.730622][ T9441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.736894][ T9441]  ? apparmor_capable+0x497/0x900
[   98.741898][ T9441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.748115][ T9441]  ? __kasan_check_read+0x11/0x20
[   98.753171][ T9441]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   98.758613][ T9441]  netlink_rcv_skb+0x177/0x450
[   98.763403][ T9441]  ? nfnetlink_bind+0x2c0/0x2c0
[   98.768258][ T9441]  ? netlink_ack+0xb50/0xb50
[   98.772826][ T9441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.779049][ T9441]  ? ns_capable_common+0x93/0x100
[   98.784052][ T9441]  ? ns_capable+0x20/0x30
[   98.788360][ T9441]  ? __netlink_ns_capable+0x104/0x140
[   98.793730][ T9441]  nfnetlink_rcv+0x1ba/0x460
[   98.798314][ T9441]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   98.803750][ T9441]  ? netlink_deliver_tap+0x24a/0xbe0
[   98.809019][ T9441]  ? __kasan_check_write+0x14/0x20
[   98.814117][ T9441]  netlink_unicast+0x58c/0x7d0
[   98.818872][ T9441]  ? netlink_attachskb+0x870/0x870
[   98.823970][ T9441]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   98.829671][ T9441]  ? __check_object_size+0x3d/0x437
[   98.834849][ T9441]  netlink_sendmsg+0x91c/0xea0
[   98.839596][ T9441]  ? netlink_unicast+0x7d0/0x7d0
[   98.844550][ T9441]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   98.850103][ T9441]  ? apparmor_socket_sendmsg+0x2a/0x30
[   98.855569][ T9441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.861797][ T9441]  ? security_socket_sendmsg+0x8d/0xc0
[   98.867237][ T9441]  ? netlink_unicast+0x7d0/0x7d0
[   98.872165][ T9441]  sock_sendmsg+0xd7/0x130
[   98.876572][ T9441]  ____sys_sendmsg+0x753/0x880
[   98.881337][ T9441]  ? kernel_sendmsg+0x50/0x50
[   98.885993][ T9441]  ? mark_held_locks+0xa4/0xf0
[   98.890745][ T9441]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   98.896794][ T9441]  ? __handle_mm_fault+0x3145/0x3cc0
[   98.902057][ T9441]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   98.908104][ T9441]  ___sys_sendmsg+0x100/0x170
[   98.912764][ T9441]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   98.918728][ T9441]  ? sendmsg_copy_msghdr+0x70/0x70
[   98.923833][ T9441]  ? __do_page_fault+0x56a/0xd80
[   98.928748][ T9441]  ? find_held_lock+0x35/0x130
[   98.933513][ T9441]  ? __do_page_fault+0x56a/0xd80
[   98.938433][ T9441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.944658][ T9441]  ? __fget_light+0x1a9/0x230
[   98.949367][ T9441]  ? __fdget+0x1b/0x20
[   98.953464][ T9441]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   98.959691][ T9441]  __sys_sendmsg+0x105/0x1d0
[   98.964271][ T9441]  ? __sys_sendmsg_sock+0xc0/0xc0
[   98.969322][ T9441]  ? down_read_non_owner+0x490/0x490
[   98.974593][ T9441]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   98.980038][ T9441]  ? do_syscall_64+0x26/0x790
[   98.984712][ T9441]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   98.990759][ T9441]  ? do_syscall_64+0x26/0x790
[   98.995419][ T9441]  __x64_sys_sendmsg+0x78/0xb0
[   99.000172][ T9441]  do_syscall_64+0xfa/0x790
[   99.004684][ T9441]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   99.010564][ T9441] RIP: 0033:0x4413d9
[   99.014464][ T9441] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   99.034174][ T9441] RSP: 002b:00007fffb9b3ba28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   99.042624][ T9441] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413d9
[   99.050579][ T9441] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003
[   99.058527][ T9441] RBP: 0000000000017d9e R08: 00000000004002c8 R09: 00000000004002c8
[   99.066486][ T9441] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402200
[   99.074433][ T9441] R13: 0000000000402290 R14: 0000000000000000 R15: 0000000000000000
[   99.083521][ T9441] Kernel Offset: disabled
[   99.087841][ T9441] Rebooting in 86400 seconds..