[   74.713409][   T27] audit: type=1800 audit(1579975759.721:25): pid=9750 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   75.587796][   T27] kauditd_printk_skb: 3 callbacks suppressed
[   75.587808][   T27] audit: type=1800 audit(1579975760.591:29): pid=9750 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   75.615200][   T27] audit: type=1800 audit(1579975760.591:30): pid=9750 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.245' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   84.760228][ T9906] ==================================================================
[   84.768445][ T9906] BUG: KASAN: slab-out-of-bounds in bitmap_port_ext_cleanup+0xe6/0x2a0
[   84.776666][ T9906] Read of size 8 at addr ffff88809e590f40 by task syz-executor244/9906
[   84.784886][ T9906] 
[   84.787323][ T9906] CPU: 1 PID: 9906 Comm: syz-executor244 Not tainted 5.5.0-rc7-syzkaller #0
[   84.796162][ T9906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   84.806274][ T9906] Call Trace:
[   84.809559][ T9906]  dump_stack+0x197/0x210
[   84.813953][ T9906]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   84.819497][ T9906]  print_address_description.constprop.0.cold+0xd4/0x30b
[   84.827023][ T9906]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   84.832574][ T9906]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   84.838107][ T9906]  __kasan_report.cold+0x1b/0x41
[   84.843033][ T9906]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   84.848575][ T9906]  kasan_report+0x12/0x20
[   84.853006][ T9906]  check_memory_region+0x134/0x1a0
[   84.858104][ T9906]  __kasan_check_read+0x11/0x20
[   84.862942][ T9906]  bitmap_port_ext_cleanup+0xe6/0x2a0
[   84.868327][ T9906]  bitmap_port_destroy+0x180/0x1d0
[   84.873546][ T9906]  ip_set_create+0xe47/0x1500
[   84.878337][ T9906]  ? ip_set_destroy+0xb70/0xb70
[   84.883314][ T9906]  ? ip_set_destroy+0xb70/0xb70
[   84.888165][ T9906]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   84.893113][ T9906]  ? nfnetlink_bind+0x2c0/0x2c0
[   84.897963][ T9906]  ? __kasan_check_read+0x11/0x20
[   84.902984][ T9906]  ? __lock_acquire+0x8a0/0x4a00
[   84.907912][ T9906]  ? save_stack+0x5c/0x90
[   84.912250][ T9906]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   84.918628][ T9906]  ? apparmor_capable+0x497/0x900
[   84.923659][ T9906]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   84.930336][ T9906]  ? __kasan_check_read+0x11/0x20
[   84.935372][ T9906]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   84.941069][ T9906]  netlink_rcv_skb+0x177/0x450
[   84.946313][ T9906]  ? nfnetlink_bind+0x2c0/0x2c0
[   84.951196][ T9906]  ? netlink_ack+0xb50/0xb50
[   84.955781][ T9906]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   84.962016][ T9906]  ? ns_capable_common+0x93/0x100
[   84.967038][ T9906]  ? ns_capable+0x20/0x30
[   84.971362][ T9906]  ? __netlink_ns_capable+0x104/0x140
[   84.976748][ T9906]  nfnetlink_rcv+0x1ba/0x460
[   84.981427][ T9906]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   84.987033][ T9906]  ? netlink_deliver_tap+0x24a/0xbe0
[   84.992338][ T9906]  ? __kasan_check_write+0x14/0x20
[   84.997565][ T9906]  netlink_unicast+0x58c/0x7d0
[   85.002352][ T9906]  ? netlink_attachskb+0x870/0x870
[   85.007471][ T9906]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   85.013207][ T9906]  ? __check_object_size+0x3d/0x437
[   85.018520][ T9906]  netlink_sendmsg+0x91c/0xea0
[   85.023279][ T9906]  ? netlink_unicast+0x7d0/0x7d0
[   85.028224][ T9906]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   85.033804][ T9906]  ? apparmor_socket_sendmsg+0x2a/0x30
[   85.039363][ T9906]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.045608][ T9906]  ? security_socket_sendmsg+0x8d/0xc0
[   85.051062][ T9906]  ? netlink_unicast+0x7d0/0x7d0
[   85.056193][ T9906]  sock_sendmsg+0xd7/0x130
[   85.060619][ T9906]  ____sys_sendmsg+0x753/0x880
[   85.065422][ T9906]  ? kernel_sendmsg+0x50/0x50
[   85.070106][ T9906]  ? mark_held_locks+0xa4/0xf0
[   85.074888][ T9906]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   85.080954][ T9906]  ? __handle_mm_fault+0x3145/0x3cc0
[   85.086446][ T9906]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   85.092532][ T9906]  ___sys_sendmsg+0x100/0x170
[   85.097206][ T9906]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   85.103631][ T9906]  ? sendmsg_copy_msghdr+0x70/0x70
[   85.108810][ T9906]  ? __do_page_fault+0x56a/0xd80
[   85.113822][ T9906]  ? find_held_lock+0x35/0x130
[   85.118709][ T9906]  ? __do_page_fault+0x56a/0xd80
[   85.123663][ T9906]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.129915][ T9906]  ? __fget_light+0x1a9/0x230
[   85.134686][ T9906]  ? __fdget+0x1b/0x20
[   85.138884][ T9906]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   85.145133][ T9906]  __sys_sendmsg+0x105/0x1d0
[   85.149832][ T9906]  ? __sys_sendmsg_sock+0xc0/0xc0
[   85.156019][ T9906]  ? down_read_non_owner+0x490/0x490
[   85.161324][ T9906]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   85.166820][ T9906]  ? do_syscall_64+0x26/0x790
[   85.171531][ T9906]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.177603][ T9906]  ? do_syscall_64+0x26/0x790
[   85.182296][ T9906]  __x64_sys_sendmsg+0x78/0xb0
[   85.187057][ T9906]  do_syscall_64+0xfa/0x790
[   85.191563][ T9906]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.197449][ T9906] RIP: 0033:0x441399
[   85.201336][ T9906] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   85.221342][ T9906] RSP: 002b:00007ffe460e5648 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.229935][ T9906] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441399
[   85.238098][ T9906] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
[   85.246138][ T9906] RBP: 0000000000014ae3 R08: 00000000004002c8 R09: 00000000004002c8
[   85.254277][ T9906] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004021c0
[   85.262247][ T9906] R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000
[   85.270228][ T9906] 
[   85.272550][ T9906] Allocated by task 9906:
[   85.276870][ T9906]  save_stack+0x23/0x90
[   85.281550][ T9906]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   85.287176][ T9906]  kasan_kmalloc+0x9/0x10
[   85.291508][ T9906]  __kmalloc+0x163/0x770
[   85.295762][ T9906]  ip_set_alloc+0x38/0x5e
[   85.300093][ T9906]  bitmap_port_create+0x3dc/0x7c0
[   85.305110][ T9906]  ip_set_create+0x6f1/0x1500
[   85.309791][ T9906]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   85.314740][ T9906]  netlink_rcv_skb+0x177/0x450
[   85.319598][ T9906]  nfnetlink_rcv+0x1ba/0x460
[   85.324250][ T9906]  netlink_unicast+0x58c/0x7d0
[   85.329042][ T9906]  netlink_sendmsg+0x91c/0xea0
[   85.333902][ T9906]  sock_sendmsg+0xd7/0x130
[   85.338314][ T9906]  ____sys_sendmsg+0x753/0x880
[   85.343265][ T9906]  ___sys_sendmsg+0x100/0x170
[   85.347938][ T9906]  __sys_sendmsg+0x105/0x1d0
[   85.352565][ T9906]  __x64_sys_sendmsg+0x78/0xb0
[   85.357325][ T9906]  do_syscall_64+0xfa/0x790
[   85.361822][ T9906]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.367702][ T9906] 
[   85.370025][ T9906] Freed by task 9634:
[   85.374031][ T9906]  save_stack+0x23/0x90
[   85.378173][ T9906]  __kasan_slab_free+0x102/0x150
[   85.383103][ T9906]  kasan_slab_free+0xe/0x10
[   85.388029][ T9906]  kfree+0x10a/0x2c0
[   85.391919][ T9906]  tomoyo_check_open_permission+0x19e/0x3e0
[   85.397811][ T9906]  tomoyo_file_open+0xa9/0xd0
[   85.402580][ T9906]  security_file_open+0x71/0x300
[   85.407704][ T9906]  do_dentry_open+0x37a/0x1380
[   85.412754][ T9906]  vfs_open+0xa0/0xd0
[   85.416841][ T9906]  path_openat+0x118b/0x3180
[   85.421536][ T9906]  do_filp_open+0x1a1/0x280
[   85.426022][ T9906]  do_sys_open+0x3fe/0x5d0
[   85.430428][ T9906]  __x64_sys_open+0x7e/0xc0
[   85.435054][ T9906]  do_syscall_64+0xfa/0x790
[   85.439573][ T9906]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.445450][ T9906] 
[   85.447770][ T9906] The buggy address belongs to the object at ffff88809e590f40
[   85.447770][ T9906]  which belongs to the cache kmalloc-32 of size 32
[   85.461676][ T9906] The buggy address is located 0 bytes inside of
[   85.461676][ T9906]  32-byte region [ffff88809e590f40, ffff88809e590f60)
[   85.475546][ T9906] The buggy address belongs to the page:
[   85.481398][ T9906] page:ffffea0002796400 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809e590fc1
[   85.492138][ T9906] raw: 00fffe0000000200 ffffea00029458c8 ffffea00025bfa48 ffff8880aa4001c0
[   85.500952][ T9906] raw: ffff88809e590fc1 ffff88809e590000 000000010000002d 0000000000000000
[   85.509612][ T9906] page dumped because: kasan: bad access detected
[   85.516163][ T9906] 
[   85.518513][ T9906] Memory state around the buggy address:
[   85.524195][ T9906]  ffff88809e590e00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   85.532264][ T9906]  ffff88809e590e80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   85.540581][ T9906] >ffff88809e590f00: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc
[   85.548630][ T9906]                                            ^
[   85.554775][ T9906]  ffff88809e590f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   85.562843][ T9906]  ffff88809e591000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   85.570894][ T9906] ==================================================================
[   85.578948][ T9906] Disabling lock debugging due to kernel taint
[   85.585801][ T9906] Kernel panic - not syncing: panic_on_warn set ...
[   85.592397][ T9906] CPU: 1 PID: 9906 Comm: syz-executor244 Tainted: G    B             5.5.0-rc7-syzkaller #0
[   85.602445][ T9906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.613443][ T9906] Call Trace:
[   85.616825][ T9906]  dump_stack+0x197/0x210
[   85.621936][ T9906]  panic+0x2e3/0x75c
[   85.625829][ T9906]  ? add_taint.cold+0x16/0x16
[   85.630695][ T9906]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   85.636936][ T9906]  ? preempt_schedule+0x4b/0x60
[   85.641891][ T9906]  ? ___preempt_schedule+0x16/0x18
[   85.647000][ T9906]  ? trace_hardirqs_on+0x5e/0x240
[   85.652078][ T9906]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   85.657628][ T9906]  end_report+0x47/0x4f
[   85.661769][ T9906]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   85.667304][ T9906]  __kasan_report.cold+0xe/0x41
[   85.672149][ T9906]  ? bitmap_port_ext_cleanup+0xe6/0x2a0
[   85.677689][ T9906]  kasan_report+0x12/0x20
[   85.682016][ T9906]  check_memory_region+0x134/0x1a0
[   85.687134][ T9906]  __kasan_check_read+0x11/0x20
[   85.692004][ T9906]  bitmap_port_ext_cleanup+0xe6/0x2a0
[   85.698326][ T9906]  bitmap_port_destroy+0x180/0x1d0
[   85.703557][ T9906]  ip_set_create+0xe47/0x1500
[   85.708219][ T9906]  ? ip_set_destroy+0xb70/0xb70
[   85.713071][ T9906]  ? ip_set_destroy+0xb70/0xb70
[   85.718003][ T9906]  nfnetlink_rcv_msg+0xcf2/0xfb0
[   85.723210][ T9906]  ? nfnetlink_bind+0x2c0/0x2c0
[   85.728066][ T9906]  ? __kasan_check_read+0x11/0x20
[   85.733187][ T9906]  ? __lock_acquire+0x8a0/0x4a00
[   85.738128][ T9906]  ? save_stack+0x5c/0x90
[   85.742451][ T9906]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.748683][ T9906]  ? apparmor_capable+0x497/0x900
[   85.753717][ T9906]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.760214][ T9906]  ? __kasan_check_read+0x11/0x20
[   85.765225][ T9906]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   85.770847][ T9906]  netlink_rcv_skb+0x177/0x450
[   85.775596][ T9906]  ? nfnetlink_bind+0x2c0/0x2c0
[   85.780445][ T9906]  ? netlink_ack+0xb50/0xb50
[   85.785044][ T9906]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.791534][ T9906]  ? ns_capable_common+0x93/0x100
[   85.796552][ T9906]  ? ns_capable+0x20/0x30
[   85.800880][ T9906]  ? __netlink_ns_capable+0x104/0x140
[   85.806243][ T9906]  nfnetlink_rcv+0x1ba/0x460
[   85.810834][ T9906]  ? nfnetlink_rcv_batch+0x17a0/0x17a0
[   85.816286][ T9906]  ? netlink_deliver_tap+0x24a/0xbe0
[   85.821561][ T9906]  ? __kasan_check_write+0x14/0x20
[   85.826666][ T9906]  netlink_unicast+0x58c/0x7d0
[   85.831432][ T9906]  ? netlink_attachskb+0x870/0x870
[   85.836645][ T9906]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   85.842543][ T9906]  ? __check_object_size+0x3d/0x437
[   85.847881][ T9906]  netlink_sendmsg+0x91c/0xea0
[   85.852636][ T9906]  ? netlink_unicast+0x7d0/0x7d0
[   85.857590][ T9906]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   85.863138][ T9906]  ? apparmor_socket_sendmsg+0x2a/0x30
[   85.868627][ T9906]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.874887][ T9906]  ? security_socket_sendmsg+0x8d/0xc0
[   85.880354][ T9906]  ? netlink_unicast+0x7d0/0x7d0
[   85.885275][ T9906]  sock_sendmsg+0xd7/0x130
[   85.889680][ T9906]  ____sys_sendmsg+0x753/0x880
[   85.894509][ T9906]  ? kernel_sendmsg+0x50/0x50
[   85.899184][ T9906]  ? mark_held_locks+0xa4/0xf0
[   85.903949][ T9906]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   85.910125][ T9906]  ? __handle_mm_fault+0x3145/0x3cc0
[   85.915402][ T9906]  ? do_huge_pmd_anonymous_page+0x1463/0x1a50
[   85.921460][ T9906]  ___sys_sendmsg+0x100/0x170
[   85.926132][ T9906]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[   85.932104][ T9906]  ? sendmsg_copy_msghdr+0x70/0x70
[   85.937335][ T9906]  ? __do_page_fault+0x56a/0xd80
[   85.942305][ T9906]  ? find_held_lock+0x35/0x130
[   85.947403][ T9906]  ? __do_page_fault+0x56a/0xd80
[   85.952334][ T9906]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.958582][ T9906]  ? __fget_light+0x1a9/0x230
[   85.963312][ T9906]  ? __fdget+0x1b/0x20
[   85.969024][ T9906]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   85.975281][ T9906]  __sys_sendmsg+0x105/0x1d0
[   85.979860][ T9906]  ? __sys_sendmsg_sock+0xc0/0xc0
[   85.984889][ T9906]  ? down_read_non_owner+0x490/0x490
[   85.990177][ T9906]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   85.995691][ T9906]  ? do_syscall_64+0x26/0x790
[   86.000487][ T9906]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.006539][ T9906]  ? do_syscall_64+0x26/0x790
[   86.011350][ T9906]  __x64_sys_sendmsg+0x78/0xb0
[   86.016097][ T9906]  do_syscall_64+0xfa/0x790
[   86.020696][ T9906]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.026681][ T9906] RIP: 0033:0x441399
[   86.030560][ T9906] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   86.050364][ T9906] RSP: 002b:00007ffe460e5648 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   86.058782][ T9906] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441399
[   86.066826][ T9906] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
[   86.074989][ T9906] RBP: 0000000000014ae3 R08: 00000000004002c8 R09: 00000000004002c8
[   86.082951][ T9906] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004021c0
[   86.091066][ T9906] R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000
[   86.100632][ T9906] Kernel Offset: disabled
[   86.104989][ T9906] Rebooting in 86400 seconds..