Warning: Permanently added '10.128.0.197' (ECDSA) to the list of known hosts. executing program [ 85.194961][ T9419] ================================================================== [ 85.203738][ T9419] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080 [ 85.211606][ T9419] Read of size 8 at addr ffff8880977712c0 by task syz-executor890/9419 [ 85.219813][ T9419] [ 85.222121][ T9419] CPU: 0 PID: 9419 Comm: syz-executor890 Not tainted 5.5.0-rc6-next-20200116-syzkaller #0 [ 85.231981][ T9419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.242023][ T9419] Call Trace: [ 85.245296][ T9419] dump_stack+0x197/0x210 [ 85.249606][ T9419] ? bitmap_ipmac_list+0x635/0x1080 [ 85.254786][ T9419] print_address_description.constprop.0.cold+0xd4/0x30b [ 85.261872][ T9419] ? bitmap_ipmac_list+0x635/0x1080 [ 85.267049][ T9419] ? bitmap_ipmac_list+0x635/0x1080 [ 85.272224][ T9419] __kasan_report.cold+0x1b/0x32 [ 85.277140][ T9419] ? bitmap_ipmac_list+0x635/0x1080 [ 85.282358][ T9419] kasan_report+0x12/0x20 [ 85.286678][ T9419] check_memory_region+0x134/0x1a0 [ 85.291762][ T9419] __kasan_check_read+0x11/0x20 [ 85.296592][ T9419] bitmap_ipmac_list+0x635/0x1080 [ 85.302185][ T9419] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 85.307290][ T9419] ? nla_put+0x110/0x150 [ 85.311513][ T9419] ip_set_dump_start+0x96c/0x1ca0 [ 85.316534][ T9419] ? ip_set_rename+0x720/0x720 [ 85.321280][ T9419] ? __kmalloc_reserve.isra.0+0x70/0xf0 [ 85.326804][ T9419] ? __lock_acquire+0x2660/0x4a00 [ 85.331807][ T9419] ? __kasan_check_write+0x14/0x20 [ 85.336897][ T9419] netlink_dump+0x558/0xfb0 [ 85.341378][ T9419] ? __netlink_sendskb+0xc0/0xc0 [ 85.346306][ T9419] __netlink_dump_start+0x673/0x930 [ 85.351484][ T9419] ip_set_dump+0x15a/0x1d0 [ 85.355878][ T9419] ? call_ad+0x5a0/0x5a0 [ 85.360135][ T9419] ? ip_set_rename+0x720/0x720 [ 85.364874][ T9419] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 85.370665][ T9419] ? call_ad+0x5a0/0x5a0 [ 85.374897][ T9419] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 85.379854][ T9419] ? nfnetlink_bind+0x2c0/0x2c0 [ 85.384689][ T9419] ? __kasan_check_read+0x11/0x20 [ 85.389689][ T9419] ? __lock_acquire+0x8a0/0x4a00 [ 85.394608][ T9419] ? save_stack+0x5c/0x90 [ 85.398918][ T9419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.405142][ T9419] ? apparmor_capable+0x4df/0x910 [ 85.410144][ T9419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.416362][ T9419] ? __kasan_check_read+0x11/0x20 [ 85.421363][ T9419] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 85.426800][ T9419] netlink_rcv_skb+0x177/0x450 [ 85.431549][ T9419] ? nfnetlink_bind+0x2c0/0x2c0 [ 85.436378][ T9419] ? netlink_ack+0xb50/0xb50 [ 85.440943][ T9419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.447158][ T9419] ? ns_capable_common+0x93/0x100 [ 85.452159][ T9419] ? ns_capable+0x20/0x30 [ 85.456467][ T9419] ? __netlink_ns_capable+0x104/0x140 [ 85.461818][ T9419] nfnetlink_rcv+0x1ba/0x460 [ 85.466425][ T9419] ? nfnetlink_rcv_batch+0x1780/0x1780 [ 85.471889][ T9419] ? netlink_deliver_tap+0x248/0xbf0 [ 85.477166][ T9419] ? __kasan_check_write+0x14/0x20 [ 85.482257][ T9419] netlink_unicast+0x59e/0x7e0 [ 85.487000][ T9419] ? netlink_attachskb+0x870/0x870 [ 85.492088][ T9419] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 85.497786][ T9419] ? __check_object_size+0x3d/0x437 [ 85.502965][ T9419] netlink_sendmsg+0x91c/0xea0 [ 85.507709][ T9419] ? netlink_unicast+0x7e0/0x7e0 [ 85.512646][ T9419] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 85.518184][ T9419] ? apparmor_socket_sendmsg+0x2a/0x30 [ 85.523640][ T9419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.529872][ T9419] ? security_socket_sendmsg+0x8d/0xc0 [ 85.535323][ T9419] ? netlink_unicast+0x7e0/0x7e0 [ 85.540239][ T9419] sock_sendmsg+0xd7/0x130 [ 85.544637][ T9419] ____sys_sendmsg+0x753/0x880 [ 85.549380][ T9419] ? kernel_sendmsg+0x50/0x50 [ 85.554031][ T9419] ? lockdep_init_map+0x1be/0x6d0 [ 85.559034][ T9419] ___sys_sendmsg+0x100/0x170 [ 85.563704][ T9419] ? sendmsg_copy_msghdr+0x70/0x70 [ 85.568805][ T9419] ? __kasan_check_read+0x11/0x20 [ 85.573808][ T9419] ? __lock_acquire+0x8a0/0x4a00 [ 85.578725][ T9419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.584942][ T9419] ? __this_cpu_preempt_check+0x35/0x190 [ 85.590549][ T9419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.596850][ T9419] ? percpu_counter_add_batch+0x13c/0x190 [ 85.602567][ T9419] ? __fd_install+0x1bc/0x640 [ 85.607226][ T9419] ? find_held_lock+0x35/0x130 [ 85.611964][ T9419] ? __fd_install+0x1bc/0x640 [ 85.616657][ T9419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.622887][ T9419] ? __fget_light+0x1ad/0x270 [ 85.627541][ T9419] ? __fdget+0x1b/0x20 [ 85.631589][ T9419] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 85.637810][ T9419] __sys_sendmsg+0x105/0x1d0 [ 85.642375][ T9419] ? __sys_sendmsg_sock+0xc0/0xc0 [ 85.647396][ T9419] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 85.652844][ T9419] ? do_syscall_64+0x26/0x790 [ 85.657512][ T9419] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.663559][ T9419] ? do_syscall_64+0x26/0x790 [ 85.668220][ T9419] __x64_sys_sendmsg+0x78/0xb0 [ 85.673010][ T9419] do_syscall_64+0xfa/0x790 [ 85.677496][ T9419] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.683402][ T9419] RIP: 0033:0x4402c9 [ 85.687273][ T9419] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 85.706853][ T9419] RSP: 002b:00007ffd422614a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.715240][ T9419] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9 [ 85.723186][ T9419] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 85.731134][ T9419] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 85.739082][ T9419] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401b50 [ 85.747029][ T9419] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 85.754986][ T9419] [ 85.757291][ T9419] Allocated by task 9419: [ 85.761600][ T9419] save_stack+0x23/0x90 [ 85.765732][ T9419] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 85.771340][ T9419] kasan_kmalloc+0x9/0x10 [ 85.775646][ T9419] __kmalloc+0x163/0x770 [ 85.779864][ T9419] ip_set_alloc+0x38/0x5e [ 85.784169][ T9419] bitmap_ipmac_create+0x4e8/0xa00 [ 85.789257][ T9419] ip_set_create+0x6f1/0x1500 [ 85.793908][ T9419] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 85.798817][ T9419] netlink_rcv_skb+0x177/0x450 [ 85.803557][ T9419] nfnetlink_rcv+0x1ba/0x460 [ 85.808123][ T9419] netlink_unicast+0x59e/0x7e0 [ 85.812861][ T9419] netlink_sendmsg+0x91c/0xea0 [ 85.817599][ T9419] sock_sendmsg+0xd7/0x130 [ 85.822002][ T9419] ____sys_sendmsg+0x753/0x880 [ 85.826743][ T9419] ___sys_sendmsg+0x100/0x170 [ 85.831393][ T9419] __sys_sendmsg+0x105/0x1d0 [ 85.835956][ T9419] __x64_sys_sendmsg+0x78/0xb0 [ 85.840698][ T9419] do_syscall_64+0xfa/0x790 [ 85.845182][ T9419] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.851044][ T9419] [ 85.853361][ T9419] Freed by task 9117: [ 85.857319][ T9419] save_stack+0x23/0x90 [ 85.861453][ T9419] __kasan_slab_free+0x102/0x150 [ 85.866372][ T9419] kasan_slab_free+0xe/0x10 [ 85.870853][ T9419] kfree+0x10a/0x2c0 [ 85.874728][ T9419] tomoyo_path_perm+0x24e/0x430 [ 85.879553][ T9419] tomoyo_inode_getattr+0x1d/0x30 [ 85.884562][ T9419] security_inode_getattr+0xf2/0x150 [ 85.889828][ T9419] vfs_getattr+0x25/0x70 [ 85.894051][ T9419] vfs_statx+0x15d/0x200 [ 85.898282][ T9419] __do_sys_newstat+0xa4/0x130 [ 85.903032][ T9419] __x64_sys_newstat+0x54/0x80 [ 85.907774][ T9419] do_syscall_64+0xfa/0x790 [ 85.912254][ T9419] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.918125][ T9419] [ 85.920435][ T9419] The buggy address belongs to the object at ffff8880977712c0 [ 85.920435][ T9419] which belongs to the cache kmalloc-32 of size 32 [ 85.934291][ T9419] The buggy address is located 0 bytes inside of [ 85.934291][ T9419] 32-byte region [ffff8880977712c0, ffff8880977712e0) [ 85.947271][ T9419] The buggy address belongs to the page: [ 85.952881][ T9419] page:ffffea00025ddc40 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff888097771fc1 [ 85.963367][ T9419] flags: 0xfffe0000000200(slab) [ 85.968198][ T9419] raw: 00fffe0000000200 ffffea00025237c8 ffffea0002a55b48 ffff8880aa4001c0 [ 85.976758][ T9419] raw: ffff888097771fc1 ffff888097771000 000000010000003f 0000000000000000 [ 85.985319][ T9419] page dumped because: kasan: bad access detected [ 85.991706][ T9419] [ 85.994009][ T9419] Memory state around the buggy address: [ 85.999627][ T9419] ffff888097771180: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 86.008250][ T9419] ffff888097771200: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 86.016313][ T9419] >ffff888097771280: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 86.024361][ T9419] ^ [ 86.030495][ T9419] ffff888097771300: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc [ 86.038637][ T9419] ffff888097771380: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 86.046682][ T9419] ================================================================== [ 86.054766][ T9419] Disabling lock debugging due to kernel taint [ 86.061428][ T9419] Kernel panic - not syncing: panic_on_warn set ... [ 86.068012][ T9419] CPU: 0 PID: 9419 Comm: syz-executor890 Tainted: G B 5.5.0-rc6-next-20200116-syzkaller #0 [ 86.079271][ T9419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.089302][ T9419] Call Trace: [ 86.092581][ T9419] dump_stack+0x197/0x210 [ 86.096888][ T9419] panic+0x2e3/0x75c [ 86.100768][ T9419] ? add_taint.cold+0x16/0x16 [ 86.105423][ T9419] ? bitmap_ipmac_list+0x635/0x1080 [ 86.110598][ T9419] ? preempt_schedule+0x4b/0x60 [ 86.115424][ T9419] ? ___preempt_schedule+0x16/0x18 [ 86.120523][ T9419] ? trace_hardirqs_on+0x5e/0x240 [ 86.125523][ T9419] ? bitmap_ipmac_list+0x635/0x1080 [ 86.130694][ T9419] end_report+0x47/0x4f [ 86.134820][ T9419] ? bitmap_ipmac_list+0x635/0x1080 [ 86.139989][ T9419] __kasan_report.cold+0xe/0x32 [ 86.144816][ T9419] ? bitmap_ipmac_list+0x635/0x1080 [ 86.149990][ T9419] kasan_report+0x12/0x20 [ 86.154296][ T9419] check_memory_region+0x134/0x1a0 [ 86.159379][ T9419] __kasan_check_read+0x11/0x20 [ 86.164204][ T9419] bitmap_ipmac_list+0x635/0x1080 [ 86.169205][ T9419] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 86.174289][ T9419] ? nla_put+0x110/0x150 [ 86.178504][ T9419] ip_set_dump_start+0x96c/0x1ca0 [ 86.183506][ T9419] ? ip_set_rename+0x720/0x720 [ 86.188246][ T9419] ? __kmalloc_reserve.isra.0+0x70/0xf0 [ 86.193765][ T9419] ? __lock_acquire+0x2660/0x4a00 [ 86.198776][ T9419] ? __kasan_check_write+0x14/0x20 [ 86.203866][ T9419] netlink_dump+0x558/0xfb0 [ 86.208347][ T9419] ? __netlink_sendskb+0xc0/0xc0 [ 86.213266][ T9419] __netlink_dump_start+0x673/0x930 [ 86.218441][ T9419] ip_set_dump+0x15a/0x1d0 [ 86.222873][ T9419] ? call_ad+0x5a0/0x5a0 [ 86.227088][ T9419] ? ip_set_rename+0x720/0x720 [ 86.231826][ T9419] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 86.237605][ T9419] ? call_ad+0x5a0/0x5a0 [ 86.241825][ T9419] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 86.246912][ T9419] ? nfnetlink_bind+0x2c0/0x2c0 [ 86.251737][ T9419] ? __kasan_check_read+0x11/0x20 [ 86.256750][ T9419] ? __lock_acquire+0x8a0/0x4a00 [ 86.261710][ T9419] ? save_stack+0x5c/0x90 [ 86.266055][ T9419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.272273][ T9419] ? apparmor_capable+0x4df/0x910 [ 86.277283][ T9419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.283500][ T9419] ? __kasan_check_read+0x11/0x20 [ 86.288631][ T9419] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 86.294073][ T9419] netlink_rcv_skb+0x177/0x450 [ 86.298812][ T9419] ? nfnetlink_bind+0x2c0/0x2c0 [ 86.303677][ T9419] ? netlink_ack+0xb50/0xb50 [ 86.308244][ T9419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.314463][ T9419] ? ns_capable_common+0x93/0x100 [ 86.319466][ T9419] ? ns_capable+0x20/0x30 [ 86.323773][ T9419] ? __netlink_ns_capable+0x104/0x140 [ 86.329121][ T9419] nfnetlink_rcv+0x1ba/0x460 [ 86.333689][ T9419] ? nfnetlink_rcv_batch+0x1780/0x1780 [ 86.339259][ T9419] ? netlink_deliver_tap+0x248/0xbf0 [ 86.344542][ T9419] ? __kasan_check_write+0x14/0x20 [ 86.349763][ T9419] netlink_unicast+0x59e/0x7e0 [ 86.354506][ T9419] ? netlink_attachskb+0x870/0x870 [ 86.359609][ T9419] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 86.365319][ T9419] ? __check_object_size+0x3d/0x437 [ 86.370510][ T9419] netlink_sendmsg+0x91c/0xea0 [ 86.375252][ T9419] ? netlink_unicast+0x7e0/0x7e0 [ 86.380166][ T9419] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 86.385730][ T9419] ? apparmor_socket_sendmsg+0x2a/0x30 [ 86.391197][ T9419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.397455][ T9419] ? security_socket_sendmsg+0x8d/0xc0 [ 86.403257][ T9419] ? netlink_unicast+0x7e0/0x7e0 [ 86.408172][ T9419] sock_sendmsg+0xd7/0x130 [ 86.412565][ T9419] ____sys_sendmsg+0x753/0x880 [ 86.417307][ T9419] ? kernel_sendmsg+0x50/0x50 [ 86.421959][ T9419] ? lockdep_init_map+0x1be/0x6d0 [ 86.426960][ T9419] ___sys_sendmsg+0x100/0x170 [ 86.431610][ T9419] ? sendmsg_copy_msghdr+0x70/0x70 [ 86.436694][ T9419] ? __kasan_check_read+0x11/0x20 [ 86.441703][ T9419] ? __lock_acquire+0x8a0/0x4a00 [ 86.446729][ T9419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.452957][ T9419] ? __this_cpu_preempt_check+0x35/0x190 [ 86.458577][ T9419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.464801][ T9419] ? percpu_counter_add_batch+0x13c/0x190 [ 86.470502][ T9419] ? __fd_install+0x1bc/0x640 [ 86.475163][ T9419] ? find_held_lock+0x35/0x130 [ 86.479946][ T9419] ? __fd_install+0x1bc/0x640 [ 86.484612][ T9419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.490825][ T9419] ? __fget_light+0x1ad/0x270 [ 86.495490][ T9419] ? __fdget+0x1b/0x20 [ 86.499548][ T9419] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 86.505774][ T9419] __sys_sendmsg+0x105/0x1d0 [ 86.510336][ T9419] ? __sys_sendmsg_sock+0xc0/0xc0 [ 86.515345][ T9419] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 86.520787][ T9419] ? do_syscall_64+0x26/0x790 [ 86.525452][ T9419] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.531532][ T9419] ? do_syscall_64+0x26/0x790 [ 86.536226][ T9419] __x64_sys_sendmsg+0x78/0xb0 [ 86.540973][ T9419] do_syscall_64+0xfa/0x790 [ 86.545460][ T9419] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.551326][ T9419] RIP: 0033:0x4402c9 [ 86.555201][ T9419] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 86.574823][ T9419] RSP: 002b:00007ffd422614a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 86.583212][ T9419] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9 [ 86.591159][ T9419] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 86.599253][ T9419] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 86.607207][ T9419] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401b50 [ 86.615157][ T9419] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 86.624354][ T9419] Kernel Offset: disabled [ 86.628677][ T9419] Rebooting in 86400 seconds..