Warning: Permanently added '10.128.0.85' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 93.945044][ T9664] ================================================================== [ 93.953267][ T9664] BUG: KASAN: slab-out-of-bounds in bitmap_ip_del+0xdb/0x380 [ 93.960636][ T9664] Write of size 8 at addr ffff8880a3ca6000 by task syz-executor217/9664 [ 93.968954][ T9664] [ 93.971271][ T9664] CPU: 0 PID: 9664 Comm: syz-executor217 Not tainted 5.5.0-rc7-syzkaller #0 [ 93.979946][ T9664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 93.990001][ T9664] Call Trace: [ 93.993285][ T9664] dump_stack+0x197/0x210 [ 93.997616][ T9664] ? bitmap_ip_del+0xdb/0x380 [ 94.002297][ T9664] print_address_description.constprop.0.cold+0xd4/0x30b [ 94.009308][ T9664] ? bitmap_ip_del+0xdb/0x380 [ 94.013991][ T9664] ? bitmap_ip_del+0xdb/0x380 [ 94.018681][ T9664] __kasan_report.cold+0x1b/0x41 [ 94.023627][ T9664] ? __sanitizer_cov_trace_cmp2+0x1/0x20 [ 94.029266][ T9664] ? bitmap_ip_del+0xdb/0x380 [ 94.033950][ T9664] kasan_report+0x12/0x20 [ 94.038288][ T9664] check_memory_region+0x134/0x1a0 [ 94.043435][ T9664] __kasan_check_write+0x14/0x20 [ 94.048379][ T9664] bitmap_ip_del+0xdb/0x380 [ 94.052891][ T9664] bitmap_ip_uadt+0x73e/0xa10 [ 94.057579][ T9664] ? bitmap_ip_create+0xc20/0xc20 [ 94.062618][ T9664] ? bitmap_ip_kadt+0x5a0/0x5a0 [ 94.067475][ T9664] ? __kasan_check_write+0x14/0x20 [ 94.072627][ T9664] ? lock_set_class+0x3b0/0x7a0 [ 94.077478][ T9664] call_ad+0x1a0/0x5a0 [ 94.081553][ T9664] ? start_msg+0x220/0x220 [ 94.085977][ T9664] ? nla_memcpy+0xb0/0xb0 [ 94.090401][ T9664] ? __nla_parse+0x43/0x60 [ 94.094834][ T9664] ip_set_ad.isra.0+0x572/0xb20 [ 94.099680][ T9664] ? ip_set_nfnl_get_byindex+0x460/0x460 [ 94.105322][ T9664] ? nla_memcpy+0xb0/0xb0 [ 94.109650][ T9664] ? lock_downgrade+0x920/0x920 [ 94.114608][ T9664] ip_set_udel+0x3a/0x50 [ 94.118848][ T9664] ? ip_set_ad.isra.0+0xb20/0xb20 [ 94.123881][ T9664] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 94.128837][ T9664] ? nfnetlink_bind+0x2c0/0x2c0 [ 94.133696][ T9664] ? __kasan_check_read+0x11/0x20 [ 94.138726][ T9664] ? __lock_acquire+0x8a0/0x4a00 [ 94.143663][ T9664] ? save_stack+0x5c/0x90 [ 94.148050][ T9664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.154272][ T9664] ? apparmor_capable+0x497/0x900 [ 94.159288][ T9664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.165510][ T9664] ? __kasan_check_read+0x11/0x20 [ 94.170514][ T9664] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 94.175954][ T9664] netlink_rcv_skb+0x177/0x450 [ 94.180846][ T9664] ? nfnetlink_bind+0x2c0/0x2c0 [ 94.185701][ T9664] ? netlink_ack+0xb50/0xb50 [ 94.190277][ T9664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.196496][ T9664] ? ns_capable_common+0x93/0x100 [ 94.201523][ T9664] ? ns_capable+0x20/0x30 [ 94.205870][ T9664] ? __netlink_ns_capable+0x104/0x140 [ 94.211227][ T9664] nfnetlink_rcv+0x1ba/0x460 [ 94.215798][ T9664] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 94.221233][ T9664] ? netlink_deliver_tap+0x24a/0xbe0 [ 94.226498][ T9664] ? __kasan_check_write+0x14/0x20 [ 94.231590][ T9664] netlink_unicast+0x58c/0x7d0 [ 94.236337][ T9664] ? netlink_attachskb+0x870/0x870 [ 94.241427][ T9664] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 94.247128][ T9664] ? __check_object_size+0x3d/0x437 [ 94.252306][ T9664] netlink_sendmsg+0x91c/0xea0 [ 94.257054][ T9664] ? netlink_unicast+0x7d0/0x7d0 [ 94.261971][ T9664] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 94.267501][ T9664] ? apparmor_socket_sendmsg+0x2a/0x30 [ 94.272939][ T9664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.279157][ T9664] ? security_socket_sendmsg+0x8d/0xc0 [ 94.284597][ T9664] ? netlink_unicast+0x7d0/0x7d0 [ 94.289514][ T9664] sock_sendmsg+0xd7/0x130 [ 94.293910][ T9664] ____sys_sendmsg+0x753/0x880 [ 94.298706][ T9664] ? kernel_sendmsg+0x50/0x50 [ 94.303486][ T9664] ? lockdep_init_map+0x1be/0x6d0 [ 94.308516][ T9664] ___sys_sendmsg+0x100/0x170 [ 94.313186][ T9664] ? sendmsg_copy_msghdr+0x70/0x70 [ 94.318325][ T9664] ? __kasan_check_read+0x11/0x20 [ 94.323330][ T9664] ? __lock_acquire+0x8a0/0x4a00 [ 94.328252][ T9664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.334499][ T9664] ? __this_cpu_preempt_check+0x35/0x190 [ 94.340124][ T9664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.346345][ T9664] ? percpu_counter_add_batch+0x13c/0x190 [ 94.352044][ T9664] ? __fd_install+0x1bc/0x640 [ 94.356704][ T9664] ? find_held_lock+0x35/0x130 [ 94.361447][ T9664] ? __fd_install+0x1bc/0x640 [ 94.366109][ T9664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.372331][ T9664] ? __fget_light+0x1a9/0x230 [ 94.376986][ T9664] ? __fdget+0x1b/0x20 [ 94.381036][ T9664] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 94.387260][ T9664] __sys_sendmsg+0x105/0x1d0 [ 94.391874][ T9664] ? __sys_sendmsg_sock+0xc0/0xc0 [ 94.396889][ T9664] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 94.402327][ T9664] ? do_syscall_64+0x26/0x790 [ 94.406988][ T9664] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.413033][ T9664] ? do_syscall_64+0x26/0x790 [ 94.417699][ T9664] __x64_sys_sendmsg+0x78/0xb0 [ 94.422485][ T9664] do_syscall_64+0xfa/0x790 [ 94.427015][ T9664] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.432904][ T9664] RIP: 0033:0x440689 [ 94.436794][ T9664] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 94.456383][ T9664] RSP: 002b:00007ffdaf256c58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.464777][ T9664] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440689 [ 94.472729][ T9664] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004 [ 94.480682][ T9664] RBP: 00000000006ca018 R08: 000000000000001c R09: 00000000004002c8 [ 94.488633][ T9664] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000401f10 [ 94.496585][ T9664] R13: 0000000000401fa0 R14: 0000000000000000 R15: 0000000000000000 [ 94.504545][ T9664] [ 94.506856][ T9664] Allocated by task 9664: [ 94.511167][ T9664] save_stack+0x23/0x90 [ 94.515302][ T9664] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 94.520908][ T9664] kasan_kmalloc+0x9/0x10 [ 94.525238][ T9664] __kmalloc+0x163/0x770 [ 94.529459][ T9664] ip_set_alloc+0x38/0x5e [ 94.533766][ T9664] bitmap_ip_create+0x6ec/0xc20 [ 94.538595][ T9664] ip_set_create+0x6f1/0x1500 [ 94.543252][ T9664] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 94.548172][ T9664] netlink_rcv_skb+0x177/0x450 [ 94.552914][ T9664] nfnetlink_rcv+0x1ba/0x460 [ 94.557481][ T9664] netlink_unicast+0x58c/0x7d0 [ 94.562227][ T9664] netlink_sendmsg+0x91c/0xea0 [ 94.566987][ T9664] sock_sendmsg+0xd7/0x130 [ 94.571383][ T9664] ____sys_sendmsg+0x753/0x880 [ 94.576125][ T9664] ___sys_sendmsg+0x100/0x170 [ 94.580778][ T9664] __sys_sendmsg+0x105/0x1d0 [ 94.585347][ T9664] __x64_sys_sendmsg+0x78/0xb0 [ 94.590114][ T9664] do_syscall_64+0xfa/0x790 [ 94.594598][ T9664] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.600464][ T9664] [ 94.602771][ T9664] Freed by task 9396: [ 94.606750][ T9664] save_stack+0x23/0x90 [ 94.610884][ T9664] __kasan_slab_free+0x102/0x150 [ 94.615804][ T9664] kasan_slab_free+0xe/0x10 [ 94.620287][ T9664] kfree+0x10a/0x2c0 [ 94.624163][ T9664] tomoyo_check_open_permission+0x19e/0x3e0 [ 94.630035][ T9664] tomoyo_file_open+0xa9/0xd0 [ 94.634705][ T9664] security_file_open+0x71/0x300 [ 94.639633][ T9664] do_dentry_open+0x37a/0x1380 [ 94.644373][ T9664] vfs_open+0xa0/0xd0 [ 94.648346][ T9664] path_openat+0x118b/0x3180 [ 94.652916][ T9664] do_filp_open+0x1a1/0x280 [ 94.657417][ T9664] do_sys_open+0x3fe/0x5d0 [ 94.661810][ T9664] __x64_sys_open+0x7e/0xc0 [ 94.666307][ T9664] do_syscall_64+0xfa/0x790 [ 94.670819][ T9664] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.676684][ T9664] [ 94.678993][ T9664] The buggy address belongs to the object at ffff8880a3ca6000 [ 94.678993][ T9664] which belongs to the cache kmalloc-32 of size 32 [ 94.692854][ T9664] The buggy address is located 0 bytes inside of [ 94.692854][ T9664] 32-byte region [ffff8880a3ca6000, ffff8880a3ca6020) [ 94.705838][ T9664] The buggy address belongs to the page: [ 94.711538][ T9664] page:ffffea00028f2980 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a3ca6fc1 [ 94.721926][ T9664] raw: 00fffe0000000200 ffffea00029437c8 ffffea0002a2e388 ffff8880aa4001c0 [ 94.730493][ T9664] raw: ffff8880a3ca6fc1 ffff8880a3ca6000 000000010000003e 0000000000000000 [ 94.739049][ T9664] page dumped because: kasan: bad access detected [ 94.745435][ T9664] [ 94.747741][ T9664] Memory state around the buggy address: [ 94.753353][ T9664] ffff8880a3ca5f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 94.761410][ T9664] ffff8880a3ca5f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 94.769463][ T9664] >ffff8880a3ca6000: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 94.777502][ T9664] ^ [ 94.781588][ T9664] ffff8880a3ca6080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 94.789631][ T9664] ffff8880a3ca6100: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 94.797705][ T9664] ================================================================== [ 94.805745][ T9664] Disabling lock debugging due to kernel taint [ 94.811912][ T9664] Kernel panic - not syncing: panic_on_warn set ... [ 94.818503][ T9664] CPU: 0 PID: 9664 Comm: syz-executor217 Tainted: G B 5.5.0-rc7-syzkaller #0 [ 94.828551][ T9664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.838585][ T9664] Call Trace: [ 94.841859][ T9664] dump_stack+0x197/0x210 [ 94.846175][ T9664] panic+0x2e3/0x75c [ 94.850046][ T9664] ? add_taint.cold+0x16/0x16 [ 94.854706][ T9664] ? retint_kernel+0x2b/0x2b [ 94.859411][ T9664] ? trace_hardirqs_on+0x5e/0x240 [ 94.864413][ T9664] ? bitmap_ip_del+0xdb/0x380 [ 94.869069][ T9664] end_report+0x47/0x4f [ 94.873201][ T9664] ? bitmap_ip_del+0xdb/0x380 [ 94.877855][ T9664] __kasan_report.cold+0xe/0x41 [ 94.882686][ T9664] ? __sanitizer_cov_trace_cmp2+0x1/0x20 [ 94.888295][ T9664] ? bitmap_ip_del+0xdb/0x380 [ 94.892969][ T9664] kasan_report+0x12/0x20 [ 94.897296][ T9664] check_memory_region+0x134/0x1a0 [ 94.902390][ T9664] __kasan_check_write+0x14/0x20 [ 94.907309][ T9664] bitmap_ip_del+0xdb/0x380 [ 94.911831][ T9664] bitmap_ip_uadt+0x73e/0xa10 [ 94.916506][ T9664] ? bitmap_ip_create+0xc20/0xc20 [ 94.921635][ T9664] ? bitmap_ip_kadt+0x5a0/0x5a0 [ 94.926481][ T9664] ? __kasan_check_write+0x14/0x20 [ 94.931573][ T9664] ? lock_set_class+0x3b0/0x7a0 [ 94.936408][ T9664] call_ad+0x1a0/0x5a0 [ 94.940459][ T9664] ? start_msg+0x220/0x220 [ 94.944853][ T9664] ? nla_memcpy+0xb0/0xb0 [ 94.949249][ T9664] ? __nla_parse+0x43/0x60 [ 94.953648][ T9664] ip_set_ad.isra.0+0x572/0xb20 [ 94.958502][ T9664] ? ip_set_nfnl_get_byindex+0x460/0x460 [ 94.964138][ T9664] ? nla_memcpy+0xb0/0xb0 [ 94.968473][ T9664] ? lock_downgrade+0x920/0x920 [ 94.973306][ T9664] ip_set_udel+0x3a/0x50 [ 94.977558][ T9664] ? ip_set_ad.isra.0+0xb20/0xb20 [ 94.982565][ T9664] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 94.987489][ T9664] ? nfnetlink_bind+0x2c0/0x2c0 [ 94.992320][ T9664] ? __kasan_check_read+0x11/0x20 [ 94.997472][ T9664] ? __lock_acquire+0x8a0/0x4a00 [ 95.002395][ T9664] ? save_stack+0x5c/0x90 [ 95.006707][ T9664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.012950][ T9664] ? apparmor_capable+0x497/0x900 [ 95.017982][ T9664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.024231][ T9664] ? __kasan_check_read+0x11/0x20 [ 95.029247][ T9664] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 95.034695][ T9664] netlink_rcv_skb+0x177/0x450 [ 95.039448][ T9664] ? nfnetlink_bind+0x2c0/0x2c0 [ 95.044276][ T9664] ? netlink_ack+0xb50/0xb50 [ 95.048845][ T9664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.055063][ T9664] ? ns_capable_common+0x93/0x100 [ 95.060061][ T9664] ? ns_capable+0x20/0x30 [ 95.064414][ T9664] ? __netlink_ns_capable+0x104/0x140 [ 95.069764][ T9664] nfnetlink_rcv+0x1ba/0x460 [ 95.074371][ T9664] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 95.079802][ T9664] ? netlink_deliver_tap+0x24a/0xbe0 [ 95.085090][ T9664] ? __kasan_check_write+0x14/0x20 [ 95.090179][ T9664] netlink_unicast+0x58c/0x7d0 [ 95.094958][ T9664] ? netlink_attachskb+0x870/0x870 [ 95.100051][ T9664] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 95.105751][ T9664] ? __check_object_size+0x3d/0x437 [ 95.110926][ T9664] netlink_sendmsg+0x91c/0xea0 [ 95.115666][ T9664] ? netlink_unicast+0x7d0/0x7d0 [ 95.120607][ T9664] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 95.126141][ T9664] ? apparmor_socket_sendmsg+0x2a/0x30 [ 95.131813][ T9664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.138040][ T9664] ? security_socket_sendmsg+0x8d/0xc0 [ 95.143477][ T9664] ? netlink_unicast+0x7d0/0x7d0 [ 95.148391][ T9664] sock_sendmsg+0xd7/0x130 [ 95.152783][ T9664] ____sys_sendmsg+0x753/0x880 [ 95.157526][ T9664] ? kernel_sendmsg+0x50/0x50 [ 95.162178][ T9664] ? lockdep_init_map+0x1be/0x6d0 [ 95.167185][ T9664] ___sys_sendmsg+0x100/0x170 [ 95.171839][ T9664] ? sendmsg_copy_msghdr+0x70/0x70 [ 95.176931][ T9664] ? __kasan_check_read+0x11/0x20 [ 95.181935][ T9664] ? __lock_acquire+0x8a0/0x4a00 [ 95.186851][ T9664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.193072][ T9664] ? __this_cpu_preempt_check+0x35/0x190 [ 95.198700][ T9664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.204927][ T9664] ? percpu_counter_add_batch+0x13c/0x190 [ 95.210622][ T9664] ? __fd_install+0x1bc/0x640 [ 95.215320][ T9664] ? find_held_lock+0x35/0x130 [ 95.220078][ T9664] ? __fd_install+0x1bc/0x640 [ 95.224742][ T9664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.230974][ T9664] ? __fget_light+0x1a9/0x230 [ 95.235630][ T9664] ? __fdget+0x1b/0x20 [ 95.239674][ T9664] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 95.245899][ T9664] __sys_sendmsg+0x105/0x1d0 [ 95.250467][ T9664] ? __sys_sendmsg_sock+0xc0/0xc0 [ 95.255492][ T9664] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 95.260945][ T9664] ? do_syscall_64+0x26/0x790 [ 95.265610][ T9664] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.271664][ T9664] ? do_syscall_64+0x26/0x790 [ 95.276402][ T9664] __x64_sys_sendmsg+0x78/0xb0 [ 95.281291][ T9664] do_syscall_64+0xfa/0x790 [ 95.285773][ T9664] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.291638][ T9664] RIP: 0033:0x440689 [ 95.295510][ T9664] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 95.315090][ T9664] RSP: 002b:00007ffdaf256c58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 95.323477][ T9664] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440689 [ 95.331429][ T9664] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004 [ 95.339414][ T9664] RBP: 00000000006ca018 R08: 000000000000001c R09: 00000000004002c8 [ 95.347365][ T9664] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000401f10 [ 95.355313][ T9664] R13: 0000000000401fa0 R14: 0000000000000000 R15: 0000000000000000 [ 95.364591][ T9664] Kernel Offset: disabled [ 95.368919][ T9664] Rebooting in 86400 seconds..