Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.607237][ T8743] ================================================================== [ 69.615564][ T8743] BUG: KASAN: slab-out-of-bounds in bitmap_port_list+0x386/0xb60 [ 69.623282][ T8743] Read of size 8 at addr ffff88809dfc1c80 by task syz-executor671/8743 [ 69.631524][ T8743] [ 69.633845][ T8743] CPU: 1 PID: 8743 Comm: syz-executor671 Not tainted 5.5.0-rc6-syzkaller #0 [ 69.642521][ T8743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.652749][ T8743] Call Trace: [ 69.656066][ T8743] dump_stack+0x1fb/0x318 [ 69.660383][ T8743] print_address_description+0x74/0x5c0 [ 69.665948][ T8743] ? vprintk_func+0x158/0x170 [ 69.670642][ T8743] ? printk+0x62/0x8d [ 69.674623][ T8743] ? vprintk_emit+0x2d4/0x3a0 [ 69.679348][ T8743] __kasan_report+0x149/0x1c0 [ 69.684020][ T8743] ? bitmap_port_list+0x386/0xb60 [ 69.689100][ T8743] kasan_report+0x26/0x50 [ 69.693416][ T8743] ? debug_smp_processor_id+0x9/0x20 [ 69.698694][ T8743] check_memory_region+0x2b6/0x2f0 [ 69.703799][ T8743] __kasan_check_read+0x11/0x20 [ 69.708659][ T8743] bitmap_port_list+0x386/0xb60 [ 69.713503][ T8743] ? ip_set_put_flags+0x15c/0x250 [ 69.718698][ T8743] ip_set_dump_start+0x10f9/0x1800 [ 69.723818][ T8743] netlink_dump+0x4ed/0x1170 [ 69.728568][ T8743] __netlink_dump_start+0x5cb/0x7b0 [ 69.733780][ T8743] ip_set_dump+0x107/0x160 [ 69.738188][ T8743] ? __find_set_type_get+0x540/0x540 [ 69.743475][ T8743] ? ip_set_dump_start+0x1800/0x1800 [ 69.748823][ T8743] ? ip_set_swap+0x730/0x730 [ 69.753638][ T8743] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 69.758798][ T8743] ? cap_capable+0x25b/0x290 [ 69.763570][ T8743] ? cap_capable+0x25b/0x290 [ 69.768328][ T8743] netlink_rcv_skb+0x19e/0x3e0 [ 69.773077][ T8743] ? nfnetlink_bind+0x250/0x250 [ 69.777912][ T8743] nfnetlink_rcv+0x1e0/0x1e50 [ 69.782600][ T8743] ? rcu_lock_release+0x9/0x30 [ 69.787353][ T8743] ? rcu_lock_release+0x21/0x30 [ 69.792222][ T8743] ? netlink_deliver_tap+0x142/0x880 [ 69.797509][ T8743] netlink_unicast+0x767/0x920 [ 69.802303][ T8743] netlink_sendmsg+0xa2c/0xd50 [ 69.807086][ T8743] ? netlink_getsockopt+0x9f0/0x9f0 [ 69.812293][ T8743] ____sys_sendmsg+0x4f7/0x7f0 [ 69.817060][ T8743] __sys_sendmsg+0x1ed/0x290 [ 69.821695][ T8743] ? check_preemption_disabled+0xb4/0x260 [ 69.827417][ T8743] ? debug_smp_processor_id+0x9/0x20 [ 69.832717][ T8743] ? debug_smp_processor_id+0x1c/0x20 [ 69.838082][ T8743] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 69.844916][ T8743] ? prepare_exit_to_usermode+0x221/0x5b0 [ 69.850681][ T8743] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 69.856399][ T8743] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 69.862099][ T8743] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 69.867939][ T8743] ? do_syscall_64+0x1d/0x1c0 [ 69.872606][ T8743] __x64_sys_sendmsg+0x7f/0x90 [ 69.877401][ T8743] do_syscall_64+0xf7/0x1c0 [ 69.881906][ T8743] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.887787][ T8743] RIP: 0033:0x4404e9 [ 69.891692][ T8743] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.911416][ T8743] RSP: 002b:00007fff040823a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 69.919820][ T8743] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404e9 [ 69.927792][ T8743] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 69.935981][ T8743] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 69.943971][ T8743] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d70 [ 69.951952][ T8743] R13: 0000000000401e00 R14: 0000000000000000 R15: 0000000000000000 [ 69.959926][ T8743] [ 69.962240][ T8743] Allocated by task 8743: [ 69.966559][ T8743] __kasan_kmalloc+0x118/0x1c0 [ 69.971351][ T8743] kasan_kmalloc+0x9/0x10 [ 69.975703][ T8743] __kmalloc+0x254/0x340 [ 69.980070][ T8743] kzalloc+0x21/0x40 [ 69.983995][ T8743] ip_set_alloc+0x32/0x60 [ 69.988351][ T8743] bitmap_port_create+0x32c/0x790 [ 69.993368][ T8743] ip_set_create+0x421/0xfd0 [ 69.997971][ T8743] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 70.002903][ T8743] netlink_rcv_skb+0x19e/0x3e0 [ 70.007666][ T8743] nfnetlink_rcv+0x1e0/0x1e50 [ 70.012333][ T8743] netlink_unicast+0x767/0x920 [ 70.017205][ T8743] netlink_sendmsg+0xa2c/0xd50 [ 70.021964][ T8743] ____sys_sendmsg+0x4f7/0x7f0 [ 70.026801][ T8743] __sys_sendmsg+0x1ed/0x290 [ 70.031405][ T8743] __x64_sys_sendmsg+0x7f/0x90 [ 70.036434][ T8743] do_syscall_64+0xf7/0x1c0 [ 70.040987][ T8743] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.046890][ T8743] [ 70.049664][ T8743] Freed by task 8462: [ 70.053640][ T8743] __kasan_slab_free+0x12e/0x1e0 [ 70.058669][ T8743] kasan_slab_free+0xe/0x10 [ 70.063155][ T8743] kfree+0x10d/0x220 [ 70.067044][ T8743] tomoyo_path_perm+0x6ae/0x850 [ 70.071907][ T8743] tomoyo_inode_getattr+0x1c/0x20 [ 70.076961][ T8743] security_inode_getattr+0xc0/0x140 [ 70.082239][ T8743] vfs_getattr+0x2a/0x6d0 [ 70.086753][ T8743] __se_sys_newstat+0x95/0x150 [ 70.091915][ T8743] __x64_sys_newstat+0x5b/0x70 [ 70.096675][ T8743] do_syscall_64+0xf7/0x1c0 [ 70.101328][ T8743] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.107205][ T8743] [ 70.109515][ T8743] The buggy address belongs to the object at ffff88809dfc1c80 [ 70.109515][ T8743] which belongs to the cache kmalloc-32 of size 32 [ 70.123434][ T8743] The buggy address is located 0 bytes inside of [ 70.123434][ T8743] 32-byte region [ffff88809dfc1c80, ffff88809dfc1ca0) [ 70.136444][ T8743] The buggy address belongs to the page: [ 70.142057][ T8743] page:ffffea000277f040 refcount:1 mapcount:0 mapping:ffff8880aa8001c0 index:0xffff88809dfc1fc1 [ 70.152447][ T8743] raw: 00fffe0000000200 ffffea0002774648 ffffea0002aa0c08 ffff8880aa8001c0 [ 70.161023][ T8743] raw: ffff88809dfc1fc1 ffff88809dfc1000 000000010000003f 0000000000000000 [ 70.169576][ T8743] page dumped because: kasan: bad access detected [ 70.175978][ T8743] [ 70.178278][ T8743] Memory state around the buggy address: [ 70.183896][ T8743] ffff88809dfc1b80: 06 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 70.191930][ T8743] ffff88809dfc1c00: 00 00 01 fc fc fc fc fc 06 fc fc fc fc fc fc fc [ 70.199983][ T8743] >ffff88809dfc1c80: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 70.208033][ T8743] ^ [ 70.212106][ T8743] ffff88809dfc1d00: 06 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 70.220152][ T8743] ffff88809dfc1d80: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc [ 70.228203][ T8743] ================================================================== [ 70.236248][ T8743] Disabling lock debugging due to kernel taint [ 70.243116][ T8743] Kernel panic - not syncing: panic_on_warn set ... [ 70.249865][ T8743] CPU: 1 PID: 8743 Comm: syz-executor671 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 70.259907][ T8743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.269996][ T8743] Call Trace: [ 70.273281][ T8743] dump_stack+0x1fb/0x318 [ 70.277725][ T8743] panic+0x264/0x7a9 [ 70.281624][ T8743] ? __kasan_report+0x193/0x1c0 [ 70.286458][ T8743] ? trace_hardirqs_on+0x34/0x80 [ 70.291432][ T8743] ? __kasan_report+0x193/0x1c0 [ 70.296282][ T8743] __kasan_report+0x1b9/0x1c0 [ 70.300938][ T8743] ? bitmap_port_list+0x386/0xb60 [ 70.306039][ T8743] kasan_report+0x26/0x50 [ 70.310401][ T8743] ? debug_smp_processor_id+0x9/0x20 [ 70.315729][ T8743] check_memory_region+0x2b6/0x2f0 [ 70.320859][ T8743] __kasan_check_read+0x11/0x20 [ 70.325701][ T8743] bitmap_port_list+0x386/0xb60 [ 70.330545][ T8743] ? ip_set_put_flags+0x15c/0x250 [ 70.335573][ T8743] ip_set_dump_start+0x10f9/0x1800 [ 70.340686][ T8743] netlink_dump+0x4ed/0x1170 [ 70.345265][ T8743] __netlink_dump_start+0x5cb/0x7b0 [ 70.350620][ T8743] ip_set_dump+0x107/0x160 [ 70.355207][ T8743] ? __find_set_type_get+0x540/0x540 [ 70.360491][ T8743] ? ip_set_dump_start+0x1800/0x1800 [ 70.365764][ T8743] ? ip_set_swap+0x730/0x730 [ 70.370331][ T8743] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 70.375275][ T8743] ? cap_capable+0x25b/0x290 [ 70.379885][ T8743] ? cap_capable+0x25b/0x290 [ 70.384454][ T8743] netlink_rcv_skb+0x19e/0x3e0 [ 70.389211][ T8743] ? nfnetlink_bind+0x250/0x250 [ 70.394047][ T8743] nfnetlink_rcv+0x1e0/0x1e50 [ 70.398718][ T8743] ? rcu_lock_release+0x9/0x30 [ 70.403512][ T8743] ? rcu_lock_release+0x21/0x30 [ 70.408343][ T8743] ? netlink_deliver_tap+0x142/0x880 [ 70.413613][ T8743] netlink_unicast+0x767/0x920 [ 70.418365][ T8743] netlink_sendmsg+0xa2c/0xd50 [ 70.423120][ T8743] ? netlink_getsockopt+0x9f0/0x9f0 [ 70.428298][ T8743] ____sys_sendmsg+0x4f7/0x7f0 [ 70.433056][ T8743] __sys_sendmsg+0x1ed/0x290 [ 70.437634][ T8743] ? check_preemption_disabled+0xb4/0x260 [ 70.443380][ T8743] ? debug_smp_processor_id+0x9/0x20 [ 70.448643][ T8743] ? debug_smp_processor_id+0x1c/0x20 [ 70.454002][ T8743] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 70.460089][ T8743] ? prepare_exit_to_usermode+0x221/0x5b0 [ 70.465814][ T8743] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 70.471520][ T8743] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 70.476969][ T8743] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 70.482797][ T8743] ? do_syscall_64+0x1d/0x1c0 [ 70.487469][ T8743] __x64_sys_sendmsg+0x7f/0x90 [ 70.492224][ T8743] do_syscall_64+0xf7/0x1c0 [ 70.496713][ T8743] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.502618][ T8743] RIP: 0033:0x4404e9 [ 70.506497][ T8743] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 70.526092][ T8743] RSP: 002b:00007fff040823a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 70.534533][ T8743] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404e9 [ 70.542489][ T8743] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000004 [ 70.550450][ T8743] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 70.558408][ T8743] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d70 [ 70.566375][ T8743] R13: 0000000000401e00 R14: 0000000000000000 R15: 0000000000000000 [ 70.575637][ T8743] Kernel Offset: disabled [ 70.580152][ T8743] Rebooting in 86400 seconds..