Warning: Permanently added '10.128.0.88' (ECDSA) to the list of known hosts. executing program executing program [ 102.340563][ T9602] ================================================================== [ 102.348912][ T9602] BUG: KASAN: slab-out-of-bounds in bitmap_port_list+0x3cf/0xdb0 [ 102.356624][ T9602] Read of size 8 at addr ffff8880a2d5d3c0 by task syz-executor058/9602 [ 102.364967][ T9602] [ 102.367289][ T9602] CPU: 1 PID: 9602 Comm: syz-executor058 Not tainted 5.5.0-rc6-next-20200116-syzkaller #0 [ 102.377264][ T9602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 102.387354][ T9602] Call Trace: [ 102.390649][ T9602] dump_stack+0x197/0x210 [ 102.394980][ T9602] ? bitmap_port_list+0x3cf/0xdb0 [ 102.400005][ T9602] print_address_description.constprop.0.cold+0xd4/0x30b [ 102.407137][ T9602] ? bitmap_port_list+0x3cf/0xdb0 [ 102.412161][ T9602] ? bitmap_port_list+0x3cf/0xdb0 [ 102.417188][ T9602] __kasan_report.cold+0x1b/0x32 [ 102.422227][ T9602] ? bitmap_port_list+0x3cf/0xdb0 [ 102.427254][ T9602] kasan_report+0x12/0x20 [ 102.431580][ T9602] check_memory_region+0x134/0x1a0 [ 102.436684][ T9602] __kasan_check_read+0x11/0x20 [ 102.441525][ T9602] bitmap_port_list+0x3cf/0xdb0 [ 102.446379][ T9602] ? bitmap_port_head+0x296/0x600 [ 102.451407][ T9602] ? bitmap_port_del+0x380/0x380 [ 102.456350][ T9602] ? nla_put+0x110/0x150 [ 102.460625][ T9602] ip_set_dump_start+0x96c/0x1ca0 [ 102.465644][ T9602] ? ip_set_rename+0x720/0x720 [ 102.470404][ T9602] ? __kmalloc_reserve.isra.0+0x70/0xf0 [ 102.475942][ T9602] ? __lock_acquire+0x2660/0x4a00 [ 102.480964][ T9602] ? __kasan_check_write+0x14/0x20 [ 102.486069][ T9602] netlink_dump+0x558/0xfb0 [ 102.490572][ T9602] ? __netlink_sendskb+0xc0/0xc0 [ 102.495559][ T9602] __netlink_dump_start+0x673/0x930 [ 102.500799][ T9602] ip_set_dump+0x15a/0x1d0 [ 102.505214][ T9602] ? call_ad+0x5a0/0x5a0 [ 102.509520][ T9602] ? ip_set_rename+0x720/0x720 [ 102.514338][ T9602] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 102.520226][ T9602] ? call_ad+0x5a0/0x5a0 [ 102.524486][ T9602] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 102.531008][ T9602] ? nfnetlink_bind+0x2c0/0x2c0 [ 102.535923][ T9602] ? __kasan_check_read+0x11/0x20 [ 102.540940][ T9602] ? __lock_acquire+0x8a0/0x4a00 [ 102.545911][ T9602] ? save_stack+0x5c/0x90 [ 102.550240][ T9602] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.556471][ T9602] ? apparmor_capable+0x4df/0x910 [ 102.561492][ T9602] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.567847][ T9602] ? __kasan_check_read+0x11/0x20 [ 102.572900][ T9602] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 102.578361][ T9602] netlink_rcv_skb+0x177/0x450 [ 102.583126][ T9602] ? nfnetlink_bind+0x2c0/0x2c0 [ 102.588159][ T9602] ? netlink_ack+0xb50/0xb50 [ 102.592746][ T9602] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.598985][ T9602] ? ns_capable_common+0x93/0x100 [ 102.604002][ T9602] ? ns_capable+0x20/0x30 [ 102.608371][ T9602] ? __netlink_ns_capable+0x104/0x140 [ 102.613745][ T9602] nfnetlink_rcv+0x1ba/0x460 [ 102.618384][ T9602] ? nfnetlink_rcv_batch+0x1780/0x1780 [ 102.623853][ T9602] ? netlink_deliver_tap+0x248/0xbf0 [ 102.629280][ T9602] ? __kasan_check_write+0x14/0x20 [ 102.634383][ T9602] netlink_unicast+0x59e/0x7e0 [ 102.639142][ T9602] ? netlink_attachskb+0x870/0x870 [ 102.644319][ T9602] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 102.650095][ T9602] ? __check_object_size+0x3d/0x437 [ 102.655340][ T9602] netlink_sendmsg+0x91c/0xea0 [ 102.660108][ T9602] ? netlink_unicast+0x7e0/0x7e0 [ 102.665042][ T9602] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 102.670592][ T9602] ? apparmor_socket_sendmsg+0x2a/0x30 [ 102.676097][ T9602] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.682346][ T9602] ? security_socket_sendmsg+0x8d/0xc0 [ 102.687807][ T9602] ? netlink_unicast+0x7e0/0x7e0 [ 102.692748][ T9602] sock_sendmsg+0xd7/0x130 [ 102.697188][ T9602] ____sys_sendmsg+0x753/0x880 [ 102.701978][ T9602] ? kernel_sendmsg+0x50/0x50 [ 102.706658][ T9602] ___sys_sendmsg+0x100/0x170 [ 102.711411][ T9602] ? sendmsg_copy_msghdr+0x70/0x70 [ 102.716522][ T9602] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 102.722501][ T9602] ? prep_transhuge_page+0xa0/0xa0 [ 102.727602][ T9602] ? do_page_fault+0x579/0x12e1 [ 102.732572][ T9602] ? find_held_lock+0x35/0x130 [ 102.737333][ T9602] ? do_page_fault+0x579/0x12e1 [ 102.742299][ T9602] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.748604][ T9602] ? __fget_light+0x1ad/0x270 [ 102.753277][ T9602] ? __fdget+0x1b/0x20 [ 102.757340][ T9602] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 102.763581][ T9602] __sys_sendmsg+0x105/0x1d0 [ 102.768167][ T9602] ? __sys_sendmsg_sock+0xc0/0xc0 [ 102.773198][ T9602] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 102.778709][ T9602] ? do_syscall_64+0x26/0x790 [ 102.783434][ T9602] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.789560][ T9602] ? do_syscall_64+0x26/0x790 [ 102.794359][ T9602] __x64_sys_sendmsg+0x78/0xb0 [ 102.799123][ T9602] do_syscall_64+0xfa/0x790 [ 102.803737][ T9602] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.809625][ T9602] RIP: 0033:0x441479 [ 102.813558][ T9602] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 102.833259][ T9602] RSP: 002b:00007ffeccc5ded8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 102.841718][ T9602] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441479 [ 102.849848][ T9602] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 102.857879][ T9602] RBP: 0000000000018fa3 R08: 00000000004002c8 R09: 00000000004002c8 [ 102.865883][ T9602] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004022a0 [ 102.873911][ T9602] R13: 0000000000402330 R14: 0000000000000000 R15: 0000000000000000 [ 102.881885][ T9602] [ 102.884216][ T9602] Allocated by task 9601: [ 102.888549][ T9602] save_stack+0x23/0x90 [ 102.892743][ T9602] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 102.898489][ T9602] kasan_kmalloc+0x9/0x10 [ 102.902816][ T9602] __kmalloc+0x163/0x770 [ 102.907056][ T9602] ip_set_alloc+0x38/0x5e [ 102.911385][ T9602] bitmap_port_create+0x3dc/0x7c0 [ 102.916518][ T9602] ip_set_create+0x6f1/0x1500 [ 102.921203][ T9602] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 102.926180][ T9602] netlink_rcv_skb+0x177/0x450 [ 102.930945][ T9602] nfnetlink_rcv+0x1ba/0x460 [ 102.935537][ T9602] netlink_unicast+0x59e/0x7e0 [ 102.940300][ T9602] netlink_sendmsg+0x91c/0xea0 [ 102.945055][ T9602] sock_sendmsg+0xd7/0x130 [ 102.949465][ T9602] ____sys_sendmsg+0x753/0x880 [ 102.954252][ T9602] ___sys_sendmsg+0x100/0x170 [ 102.958932][ T9602] __sys_sendmsg+0x105/0x1d0 [ 102.963507][ T9602] __x64_sys_sendmsg+0x78/0xb0 [ 102.968259][ T9602] do_syscall_64+0xfa/0x790 [ 102.972752][ T9602] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.978630][ T9602] [ 102.980957][ T9602] Freed by task 9268: [ 102.985038][ T9602] save_stack+0x23/0x90 [ 102.989353][ T9602] __kasan_slab_free+0x102/0x150 [ 102.994430][ T9602] kasan_slab_free+0xe/0x10 [ 102.998938][ T9602] kfree+0x10a/0x2c0 [ 103.002948][ T9602] tomoyo_check_open_permission+0x19e/0x3e0 [ 103.009528][ T9602] tomoyo_file_open+0xa9/0xd0 [ 103.014241][ T9602] security_file_open+0x71/0x300 [ 103.019211][ T9602] do_dentry_open+0x365/0x1350 [ 103.023965][ T9602] vfs_open+0xa0/0xd0 [ 103.027945][ T9602] path_openat+0x12fd/0x34d0 [ 103.032599][ T9602] do_filp_open+0x192/0x260 [ 103.037262][ T9602] do_sys_openat2+0x633/0x840 [ 103.041940][ T9602] do_sys_open+0xfc/0x190 [ 103.046324][ T9602] __x64_sys_open+0x7e/0xc0 [ 103.050865][ T9602] do_syscall_64+0xfa/0x790 [ 103.055379][ T9602] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 103.061952][ T9602] [ 103.064275][ T9602] The buggy address belongs to the object at ffff8880a2d5d3c0 [ 103.064275][ T9602] which belongs to the cache kmalloc-32 of size 32 [ 103.078152][ T9602] The buggy address is located 0 bytes inside of [ 103.078152][ T9602] 32-byte region [ffff8880a2d5d3c0, ffff8880a2d5d3e0) [ 103.091465][ T9602] The buggy address belongs to the page: [ 103.097106][ T9602] page:ffffea00028b5740 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a2d5dfc1 [ 103.107503][ T9602] flags: 0xfffe0000000200(slab) [ 103.112362][ T9602] raw: 00fffe0000000200 ffffea00028d4448 ffffea00026d8a48 ffff8880aa4001c0 [ 103.120959][ T9602] raw: ffff8880a2d5dfc1 ffff8880a2d5d000 0000000100000033 0000000000000000 [ 103.129597][ T9602] page dumped because: kasan: bad access detected [ 103.135996][ T9602] [ 103.138313][ T9602] Memory state around the buggy address: [ 103.143987][ T9602] ffff8880a2d5d280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 103.152039][ T9602] ffff8880a2d5d300: 00 00 00 00 fc fc fc fc fb fb fb fb fc fc fc fc [ 103.160091][ T9602] >ffff8880a2d5d380: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 103.168247][ T9602] ^ [ 103.174416][ T9602] ffff8880a2d5d400: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 103.182473][ T9602] ffff8880a2d5d480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 103.190606][ T9602] ================================================================== [ 103.198665][ T9602] Disabling lock debugging due to kernel taint [ 103.205191][ T9602] Kernel panic - not syncing: panic_on_warn set ... [ 103.211780][ T9602] CPU: 1 PID: 9602 Comm: syz-executor058 Tainted: G B 5.5.0-rc6-next-20200116-syzkaller #0 [ 103.223036][ T9602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 103.233095][ T9602] Call Trace: [ 103.236434][ T9602] dump_stack+0x197/0x210 [ 103.240763][ T9602] panic+0x2e3/0x75c [ 103.244653][ T9602] ? add_taint.cold+0x16/0x16 [ 103.249328][ T9602] ? bitmap_port_list+0x3cf/0xdb0 [ 103.254350][ T9602] ? preempt_schedule+0x4b/0x60 [ 103.259302][ T9602] ? ___preempt_schedule+0x16/0x18 [ 103.264413][ T9602] ? trace_hardirqs_on+0x5e/0x240 [ 103.269426][ T9602] ? bitmap_port_list+0x3cf/0xdb0 [ 103.274474][ T9602] end_report+0x47/0x4f [ 103.278693][ T9602] ? bitmap_port_list+0x3cf/0xdb0 [ 103.283751][ T9602] __kasan_report.cold+0xe/0x32 [ 103.288634][ T9602] ? bitmap_port_list+0x3cf/0xdb0 [ 103.293727][ T9602] kasan_report+0x12/0x20 [ 103.298050][ T9602] check_memory_region+0x134/0x1a0 [ 103.303159][ T9602] __kasan_check_read+0x11/0x20 [ 103.308009][ T9602] bitmap_port_list+0x3cf/0xdb0 [ 103.312847][ T9602] ? bitmap_port_head+0x296/0x600 [ 103.317866][ T9602] ? bitmap_port_del+0x380/0x380 [ 103.322788][ T9602] ? nla_put+0x110/0x150 [ 103.327020][ T9602] ip_set_dump_start+0x96c/0x1ca0 [ 103.332175][ T9602] ? ip_set_rename+0x720/0x720 [ 103.336937][ T9602] ? __kmalloc_reserve.isra.0+0x70/0xf0 [ 103.342521][ T9602] ? __lock_acquire+0x2660/0x4a00 [ 103.347542][ T9602] ? __kasan_check_write+0x14/0x20 [ 103.352658][ T9602] netlink_dump+0x558/0xfb0 [ 103.357307][ T9602] ? __netlink_sendskb+0xc0/0xc0 [ 103.363484][ T9602] __netlink_dump_start+0x673/0x930 [ 103.368790][ T9602] ip_set_dump+0x15a/0x1d0 [ 103.373198][ T9602] ? call_ad+0x5a0/0x5a0 [ 103.377431][ T9602] ? ip_set_rename+0x720/0x720 [ 103.382334][ T9602] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 103.388187][ T9602] ? call_ad+0x5a0/0x5a0 [ 103.392430][ T9602] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 103.397392][ T9602] ? nfnetlink_bind+0x2c0/0x2c0 [ 103.402229][ T9602] ? __kasan_check_read+0x11/0x20 [ 103.407251][ T9602] ? __lock_acquire+0x8a0/0x4a00 [ 103.412189][ T9602] ? save_stack+0x5c/0x90 [ 103.416514][ T9602] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.422794][ T9602] ? apparmor_capable+0x4df/0x910 [ 103.427811][ T9602] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.434174][ T9602] ? __kasan_check_read+0x11/0x20 [ 103.439243][ T9602] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 103.444727][ T9602] netlink_rcv_skb+0x177/0x450 [ 103.449486][ T9602] ? nfnetlink_bind+0x2c0/0x2c0 [ 103.454357][ T9602] ? netlink_ack+0xb50/0xb50 [ 103.459057][ T9602] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.465290][ T9602] ? ns_capable_common+0x93/0x100 [ 103.470319][ T9602] ? ns_capable+0x20/0x30 [ 103.474638][ T9602] ? __netlink_ns_capable+0x104/0x140 [ 103.479996][ T9602] nfnetlink_rcv+0x1ba/0x460 [ 103.484573][ T9602] ? nfnetlink_rcv_batch+0x1780/0x1780 [ 103.490016][ T9602] ? netlink_deliver_tap+0x248/0xbf0 [ 103.495294][ T9602] ? __kasan_check_write+0x14/0x20 [ 103.500419][ T9602] netlink_unicast+0x59e/0x7e0 [ 103.505172][ T9602] ? netlink_attachskb+0x870/0x870 [ 103.510346][ T9602] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 103.516054][ T9602] ? __check_object_size+0x3d/0x437 [ 103.521242][ T9602] netlink_sendmsg+0x91c/0xea0 [ 103.526046][ T9602] ? netlink_unicast+0x7e0/0x7e0 [ 103.530976][ T9602] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 103.536556][ T9602] ? apparmor_socket_sendmsg+0x2a/0x30 [ 103.542107][ T9602] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.548340][ T9602] ? security_socket_sendmsg+0x8d/0xc0 [ 103.553787][ T9602] ? netlink_unicast+0x7e0/0x7e0 [ 103.558762][ T9602] sock_sendmsg+0xd7/0x130 [ 103.563170][ T9602] ____sys_sendmsg+0x753/0x880 [ 103.567929][ T9602] ? kernel_sendmsg+0x50/0x50 [ 103.572601][ T9602] ___sys_sendmsg+0x100/0x170 [ 103.577351][ T9602] ? sendmsg_copy_msghdr+0x70/0x70 [ 103.582707][ T9602] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 103.588733][ T9602] ? prep_transhuge_page+0xa0/0xa0 [ 103.593875][ T9602] ? do_page_fault+0x579/0x12e1 [ 103.598718][ T9602] ? find_held_lock+0x35/0x130 [ 103.603591][ T9602] ? do_page_fault+0x579/0x12e1 [ 103.608539][ T9602] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.614807][ T9602] ? __fget_light+0x1ad/0x270 [ 103.619475][ T9602] ? __fdget+0x1b/0x20 [ 103.623528][ T9602] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 103.629761][ T9602] __sys_sendmsg+0x105/0x1d0 [ 103.634340][ T9602] ? __sys_sendmsg_sock+0xc0/0xc0 [ 103.639372][ T9602] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 103.644822][ T9602] ? do_syscall_64+0x26/0x790 [ 103.649487][ T9602] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 103.655545][ T9602] ? do_syscall_64+0x26/0x790 [ 103.660287][ T9602] __x64_sys_sendmsg+0x78/0xb0 [ 103.665038][ T9602] do_syscall_64+0xfa/0x790 [ 103.669538][ T9602] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 103.675528][ T9602] RIP: 0033:0x441479 [ 103.679409][ T9602] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 103.699066][ T9602] RSP: 002b:00007ffeccc5ded8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 103.707482][ T9602] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441479 [ 103.715493][ T9602] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 103.723447][ T9602] RBP: 0000000000018fa3 R08: 00000000004002c8 R09: 00000000004002c8 [ 103.731410][ T9602] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004022a0 [ 103.739370][ T9602] R13: 0000000000402330 R14: 0000000000000000 R15: 0000000000000000 [ 103.748790][ T9602] Kernel Offset: disabled [ 103.753125][ T9602] Rebooting in 86400 seconds..