Warning: Permanently added '10.128.0.88' (ECDSA) to the list of known hosts.
executing program
executing program
[  102.340563][ T9602] ==================================================================
[  102.348912][ T9602] BUG: KASAN: slab-out-of-bounds in bitmap_port_list+0x3cf/0xdb0
[  102.356624][ T9602] Read of size 8 at addr ffff8880a2d5d3c0 by task syz-executor058/9602
[  102.364967][ T9602] 
[  102.367289][ T9602] CPU: 1 PID: 9602 Comm: syz-executor058 Not tainted 5.5.0-rc6-next-20200116-syzkaller #0
[  102.377264][ T9602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  102.387354][ T9602] Call Trace:
[  102.390649][ T9602]  dump_stack+0x197/0x210
[  102.394980][ T9602]  ? bitmap_port_list+0x3cf/0xdb0
[  102.400005][ T9602]  print_address_description.constprop.0.cold+0xd4/0x30b
[  102.407137][ T9602]  ? bitmap_port_list+0x3cf/0xdb0
[  102.412161][ T9602]  ? bitmap_port_list+0x3cf/0xdb0
[  102.417188][ T9602]  __kasan_report.cold+0x1b/0x32
[  102.422227][ T9602]  ? bitmap_port_list+0x3cf/0xdb0
[  102.427254][ T9602]  kasan_report+0x12/0x20
[  102.431580][ T9602]  check_memory_region+0x134/0x1a0
[  102.436684][ T9602]  __kasan_check_read+0x11/0x20
[  102.441525][ T9602]  bitmap_port_list+0x3cf/0xdb0
[  102.446379][ T9602]  ? bitmap_port_head+0x296/0x600
[  102.451407][ T9602]  ? bitmap_port_del+0x380/0x380
[  102.456350][ T9602]  ? nla_put+0x110/0x150
[  102.460625][ T9602]  ip_set_dump_start+0x96c/0x1ca0
[  102.465644][ T9602]  ? ip_set_rename+0x720/0x720
[  102.470404][ T9602]  ? __kmalloc_reserve.isra.0+0x70/0xf0
[  102.475942][ T9602]  ? __lock_acquire+0x2660/0x4a00
[  102.480964][ T9602]  ? __kasan_check_write+0x14/0x20
[  102.486069][ T9602]  netlink_dump+0x558/0xfb0
[  102.490572][ T9602]  ? __netlink_sendskb+0xc0/0xc0
[  102.495559][ T9602]  __netlink_dump_start+0x673/0x930
[  102.500799][ T9602]  ip_set_dump+0x15a/0x1d0
[  102.505214][ T9602]  ? call_ad+0x5a0/0x5a0
[  102.509520][ T9602]  ? ip_set_rename+0x720/0x720
[  102.514338][ T9602]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[  102.520226][ T9602]  ? call_ad+0x5a0/0x5a0
[  102.524486][ T9602]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  102.531008][ T9602]  ? nfnetlink_bind+0x2c0/0x2c0
[  102.535923][ T9602]  ? __kasan_check_read+0x11/0x20
[  102.540940][ T9602]  ? __lock_acquire+0x8a0/0x4a00
[  102.545911][ T9602]  ? save_stack+0x5c/0x90
[  102.550240][ T9602]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.556471][ T9602]  ? apparmor_capable+0x4df/0x910
[  102.561492][ T9602]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.567847][ T9602]  ? __kasan_check_read+0x11/0x20
[  102.572900][ T9602]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  102.578361][ T9602]  netlink_rcv_skb+0x177/0x450
[  102.583126][ T9602]  ? nfnetlink_bind+0x2c0/0x2c0
[  102.588159][ T9602]  ? netlink_ack+0xb50/0xb50
[  102.592746][ T9602]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.598985][ T9602]  ? ns_capable_common+0x93/0x100
[  102.604002][ T9602]  ? ns_capable+0x20/0x30
[  102.608371][ T9602]  ? __netlink_ns_capable+0x104/0x140
[  102.613745][ T9602]  nfnetlink_rcv+0x1ba/0x460
[  102.618384][ T9602]  ? nfnetlink_rcv_batch+0x1780/0x1780
[  102.623853][ T9602]  ? netlink_deliver_tap+0x248/0xbf0
[  102.629280][ T9602]  ? __kasan_check_write+0x14/0x20
[  102.634383][ T9602]  netlink_unicast+0x59e/0x7e0
[  102.639142][ T9602]  ? netlink_attachskb+0x870/0x870
[  102.644319][ T9602]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  102.650095][ T9602]  ? __check_object_size+0x3d/0x437
[  102.655340][ T9602]  netlink_sendmsg+0x91c/0xea0
[  102.660108][ T9602]  ? netlink_unicast+0x7e0/0x7e0
[  102.665042][ T9602]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  102.670592][ T9602]  ? apparmor_socket_sendmsg+0x2a/0x30
[  102.676097][ T9602]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.682346][ T9602]  ? security_socket_sendmsg+0x8d/0xc0
[  102.687807][ T9602]  ? netlink_unicast+0x7e0/0x7e0
[  102.692748][ T9602]  sock_sendmsg+0xd7/0x130
[  102.697188][ T9602]  ____sys_sendmsg+0x753/0x880
[  102.701978][ T9602]  ? kernel_sendmsg+0x50/0x50
[  102.706658][ T9602]  ___sys_sendmsg+0x100/0x170
[  102.711411][ T9602]  ? sendmsg_copy_msghdr+0x70/0x70
[  102.716522][ T9602]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  102.722501][ T9602]  ? prep_transhuge_page+0xa0/0xa0
[  102.727602][ T9602]  ? do_page_fault+0x579/0x12e1
[  102.732572][ T9602]  ? find_held_lock+0x35/0x130
[  102.737333][ T9602]  ? do_page_fault+0x579/0x12e1
[  102.742299][ T9602]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  102.748604][ T9602]  ? __fget_light+0x1ad/0x270
[  102.753277][ T9602]  ? __fdget+0x1b/0x20
[  102.757340][ T9602]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  102.763581][ T9602]  __sys_sendmsg+0x105/0x1d0
[  102.768167][ T9602]  ? __sys_sendmsg_sock+0xc0/0xc0
[  102.773198][ T9602]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  102.778709][ T9602]  ? do_syscall_64+0x26/0x790
[  102.783434][ T9602]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  102.789560][ T9602]  ? do_syscall_64+0x26/0x790
[  102.794359][ T9602]  __x64_sys_sendmsg+0x78/0xb0
[  102.799123][ T9602]  do_syscall_64+0xfa/0x790
[  102.803737][ T9602]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  102.809625][ T9602] RIP: 0033:0x441479
[  102.813558][ T9602] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  102.833259][ T9602] RSP: 002b:00007ffeccc5ded8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  102.841718][ T9602] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441479
[  102.849848][ T9602] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
[  102.857879][ T9602] RBP: 0000000000018fa3 R08: 00000000004002c8 R09: 00000000004002c8
[  102.865883][ T9602] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004022a0
[  102.873911][ T9602] R13: 0000000000402330 R14: 0000000000000000 R15: 0000000000000000
[  102.881885][ T9602] 
[  102.884216][ T9602] Allocated by task 9601:
[  102.888549][ T9602]  save_stack+0x23/0x90
[  102.892743][ T9602]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  102.898489][ T9602]  kasan_kmalloc+0x9/0x10
[  102.902816][ T9602]  __kmalloc+0x163/0x770
[  102.907056][ T9602]  ip_set_alloc+0x38/0x5e
[  102.911385][ T9602]  bitmap_port_create+0x3dc/0x7c0
[  102.916518][ T9602]  ip_set_create+0x6f1/0x1500
[  102.921203][ T9602]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  102.926180][ T9602]  netlink_rcv_skb+0x177/0x450
[  102.930945][ T9602]  nfnetlink_rcv+0x1ba/0x460
[  102.935537][ T9602]  netlink_unicast+0x59e/0x7e0
[  102.940300][ T9602]  netlink_sendmsg+0x91c/0xea0
[  102.945055][ T9602]  sock_sendmsg+0xd7/0x130
[  102.949465][ T9602]  ____sys_sendmsg+0x753/0x880
[  102.954252][ T9602]  ___sys_sendmsg+0x100/0x170
[  102.958932][ T9602]  __sys_sendmsg+0x105/0x1d0
[  102.963507][ T9602]  __x64_sys_sendmsg+0x78/0xb0
[  102.968259][ T9602]  do_syscall_64+0xfa/0x790
[  102.972752][ T9602]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  102.978630][ T9602] 
[  102.980957][ T9602] Freed by task 9268:
[  102.985038][ T9602]  save_stack+0x23/0x90
[  102.989353][ T9602]  __kasan_slab_free+0x102/0x150
[  102.994430][ T9602]  kasan_slab_free+0xe/0x10
[  102.998938][ T9602]  kfree+0x10a/0x2c0
[  103.002948][ T9602]  tomoyo_check_open_permission+0x19e/0x3e0
[  103.009528][ T9602]  tomoyo_file_open+0xa9/0xd0
[  103.014241][ T9602]  security_file_open+0x71/0x300
[  103.019211][ T9602]  do_dentry_open+0x365/0x1350
[  103.023965][ T9602]  vfs_open+0xa0/0xd0
[  103.027945][ T9602]  path_openat+0x12fd/0x34d0
[  103.032599][ T9602]  do_filp_open+0x192/0x260
[  103.037262][ T9602]  do_sys_openat2+0x633/0x840
[  103.041940][ T9602]  do_sys_open+0xfc/0x190
[  103.046324][ T9602]  __x64_sys_open+0x7e/0xc0
[  103.050865][ T9602]  do_syscall_64+0xfa/0x790
[  103.055379][ T9602]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  103.061952][ T9602] 
[  103.064275][ T9602] The buggy address belongs to the object at ffff8880a2d5d3c0
[  103.064275][ T9602]  which belongs to the cache kmalloc-32 of size 32
[  103.078152][ T9602] The buggy address is located 0 bytes inside of
[  103.078152][ T9602]  32-byte region [ffff8880a2d5d3c0, ffff8880a2d5d3e0)
[  103.091465][ T9602] The buggy address belongs to the page:
[  103.097106][ T9602] page:ffffea00028b5740 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a2d5dfc1
[  103.107503][ T9602] flags: 0xfffe0000000200(slab)
[  103.112362][ T9602] raw: 00fffe0000000200 ffffea00028d4448 ffffea00026d8a48 ffff8880aa4001c0
[  103.120959][ T9602] raw: ffff8880a2d5dfc1 ffff8880a2d5d000 0000000100000033 0000000000000000
[  103.129597][ T9602] page dumped because: kasan: bad access detected
[  103.135996][ T9602] 
[  103.138313][ T9602] Memory state around the buggy address:
[  103.143987][ T9602]  ffff8880a2d5d280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  103.152039][ T9602]  ffff8880a2d5d300: 00 00 00 00 fc fc fc fc fb fb fb fb fc fc fc fc
[  103.160091][ T9602] >ffff8880a2d5d380: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc
[  103.168247][ T9602]                                            ^
[  103.174416][ T9602]  ffff8880a2d5d400: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  103.182473][ T9602]  ffff8880a2d5d480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  103.190606][ T9602] ==================================================================
[  103.198665][ T9602] Disabling lock debugging due to kernel taint
[  103.205191][ T9602] Kernel panic - not syncing: panic_on_warn set ...
[  103.211780][ T9602] CPU: 1 PID: 9602 Comm: syz-executor058 Tainted: G    B             5.5.0-rc6-next-20200116-syzkaller #0
[  103.223036][ T9602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  103.233095][ T9602] Call Trace:
[  103.236434][ T9602]  dump_stack+0x197/0x210
[  103.240763][ T9602]  panic+0x2e3/0x75c
[  103.244653][ T9602]  ? add_taint.cold+0x16/0x16
[  103.249328][ T9602]  ? bitmap_port_list+0x3cf/0xdb0
[  103.254350][ T9602]  ? preempt_schedule+0x4b/0x60
[  103.259302][ T9602]  ? ___preempt_schedule+0x16/0x18
[  103.264413][ T9602]  ? trace_hardirqs_on+0x5e/0x240
[  103.269426][ T9602]  ? bitmap_port_list+0x3cf/0xdb0
[  103.274474][ T9602]  end_report+0x47/0x4f
[  103.278693][ T9602]  ? bitmap_port_list+0x3cf/0xdb0
[  103.283751][ T9602]  __kasan_report.cold+0xe/0x32
[  103.288634][ T9602]  ? bitmap_port_list+0x3cf/0xdb0
[  103.293727][ T9602]  kasan_report+0x12/0x20
[  103.298050][ T9602]  check_memory_region+0x134/0x1a0
[  103.303159][ T9602]  __kasan_check_read+0x11/0x20
[  103.308009][ T9602]  bitmap_port_list+0x3cf/0xdb0
[  103.312847][ T9602]  ? bitmap_port_head+0x296/0x600
[  103.317866][ T9602]  ? bitmap_port_del+0x380/0x380
[  103.322788][ T9602]  ? nla_put+0x110/0x150
[  103.327020][ T9602]  ip_set_dump_start+0x96c/0x1ca0
[  103.332175][ T9602]  ? ip_set_rename+0x720/0x720
[  103.336937][ T9602]  ? __kmalloc_reserve.isra.0+0x70/0xf0
[  103.342521][ T9602]  ? __lock_acquire+0x2660/0x4a00
[  103.347542][ T9602]  ? __kasan_check_write+0x14/0x20
[  103.352658][ T9602]  netlink_dump+0x558/0xfb0
[  103.357307][ T9602]  ? __netlink_sendskb+0xc0/0xc0
[  103.363484][ T9602]  __netlink_dump_start+0x673/0x930
[  103.368790][ T9602]  ip_set_dump+0x15a/0x1d0
[  103.373198][ T9602]  ? call_ad+0x5a0/0x5a0
[  103.377431][ T9602]  ? ip_set_rename+0x720/0x720
[  103.382334][ T9602]  ? __ip_set_put_netlink.isra.0+0x90/0x90
[  103.388187][ T9602]  ? call_ad+0x5a0/0x5a0
[  103.392430][ T9602]  nfnetlink_rcv_msg+0xcf2/0xfb0
[  103.397392][ T9602]  ? nfnetlink_bind+0x2c0/0x2c0
[  103.402229][ T9602]  ? __kasan_check_read+0x11/0x20
[  103.407251][ T9602]  ? __lock_acquire+0x8a0/0x4a00
[  103.412189][ T9602]  ? save_stack+0x5c/0x90
[  103.416514][ T9602]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.422794][ T9602]  ? apparmor_capable+0x4df/0x910
[  103.427811][ T9602]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.434174][ T9602]  ? __kasan_check_read+0x11/0x20
[  103.439243][ T9602]  ? apparmor_cred_prepare+0x7b0/0x7b0
[  103.444727][ T9602]  netlink_rcv_skb+0x177/0x450
[  103.449486][ T9602]  ? nfnetlink_bind+0x2c0/0x2c0
[  103.454357][ T9602]  ? netlink_ack+0xb50/0xb50
[  103.459057][ T9602]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.465290][ T9602]  ? ns_capable_common+0x93/0x100
[  103.470319][ T9602]  ? ns_capable+0x20/0x30
[  103.474638][ T9602]  ? __netlink_ns_capable+0x104/0x140
[  103.479996][ T9602]  nfnetlink_rcv+0x1ba/0x460
[  103.484573][ T9602]  ? nfnetlink_rcv_batch+0x1780/0x1780
[  103.490016][ T9602]  ? netlink_deliver_tap+0x248/0xbf0
[  103.495294][ T9602]  ? __kasan_check_write+0x14/0x20
[  103.500419][ T9602]  netlink_unicast+0x59e/0x7e0
[  103.505172][ T9602]  ? netlink_attachskb+0x870/0x870
[  103.510346][ T9602]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  103.516054][ T9602]  ? __check_object_size+0x3d/0x437
[  103.521242][ T9602]  netlink_sendmsg+0x91c/0xea0
[  103.526046][ T9602]  ? netlink_unicast+0x7e0/0x7e0
[  103.530976][ T9602]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  103.536556][ T9602]  ? apparmor_socket_sendmsg+0x2a/0x30
[  103.542107][ T9602]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.548340][ T9602]  ? security_socket_sendmsg+0x8d/0xc0
[  103.553787][ T9602]  ? netlink_unicast+0x7e0/0x7e0
[  103.558762][ T9602]  sock_sendmsg+0xd7/0x130
[  103.563170][ T9602]  ____sys_sendmsg+0x753/0x880
[  103.567929][ T9602]  ? kernel_sendmsg+0x50/0x50
[  103.572601][ T9602]  ___sys_sendmsg+0x100/0x170
[  103.577351][ T9602]  ? sendmsg_copy_msghdr+0x70/0x70
[  103.582707][ T9602]  ? do_huge_pmd_anonymous_page+0xceb/0x1a50
[  103.588733][ T9602]  ? prep_transhuge_page+0xa0/0xa0
[  103.593875][ T9602]  ? do_page_fault+0x579/0x12e1
[  103.598718][ T9602]  ? find_held_lock+0x35/0x130
[  103.603591][ T9602]  ? do_page_fault+0x579/0x12e1
[  103.608539][ T9602]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.614807][ T9602]  ? __fget_light+0x1ad/0x270
[  103.619475][ T9602]  ? __fdget+0x1b/0x20
[  103.623528][ T9602]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  103.629761][ T9602]  __sys_sendmsg+0x105/0x1d0
[  103.634340][ T9602]  ? __sys_sendmsg_sock+0xc0/0xc0
[  103.639372][ T9602]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  103.644822][ T9602]  ? do_syscall_64+0x26/0x790
[  103.649487][ T9602]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  103.655545][ T9602]  ? do_syscall_64+0x26/0x790
[  103.660287][ T9602]  __x64_sys_sendmsg+0x78/0xb0
[  103.665038][ T9602]  do_syscall_64+0xfa/0x790
[  103.669538][ T9602]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  103.675528][ T9602] RIP: 0033:0x441479
[  103.679409][ T9602] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  103.699066][ T9602] RSP: 002b:00007ffeccc5ded8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  103.707482][ T9602] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441479
[  103.715493][ T9602] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
[  103.723447][ T9602] RBP: 0000000000018fa3 R08: 00000000004002c8 R09: 00000000004002c8
[  103.731410][ T9602] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004022a0
[  103.739370][ T9602] R13: 0000000000402330 R14: 0000000000000000 R15: 0000000000000000
[  103.748790][ T9602] Kernel Offset: disabled
[  103.753125][ T9602] Rebooting in 86400 seconds..