Warning: Permanently added '10.128.0.200' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 68.766672][ T8717] ================================================================== [ 68.774842][ T8717] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x40d/0xdd0 [ 68.782666][ T8717] Read of size 8 at addr ffff8880a3f15200 by task syz-executor820/8717 [ 68.790951][ T8717] [ 68.793491][ T8717] CPU: 1 PID: 8717 Comm: syz-executor820 Not tainted 5.5.0-rc6-syzkaller #0 [ 68.802165][ T8717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.812501][ T8717] Call Trace: [ 68.815778][ T8717] dump_stack+0x1fb/0x318 [ 68.820102][ T8717] print_address_description+0x74/0x5c0 [ 68.825902][ T8717] ? vprintk_func+0x158/0x170 [ 68.830711][ T8717] ? printk+0x62/0x8d [ 68.834697][ T8717] ? vprintk_emit+0x2d4/0x3a0 [ 68.839372][ T8717] __kasan_report+0x149/0x1c0 [ 68.844141][ T8717] ? bitmap_ipmac_list+0x40d/0xdd0 [ 68.849341][ T8717] kasan_report+0x26/0x50 [ 68.853771][ T8717] ? debug_smp_processor_id+0x9/0x20 [ 68.859184][ T8717] check_memory_region+0x2b6/0x2f0 [ 68.864302][ T8717] __kasan_check_read+0x11/0x20 [ 68.869144][ T8717] bitmap_ipmac_list+0x40d/0xdd0 [ 68.874080][ T8717] ? ip_set_put_flags+0x15c/0x250 [ 68.879106][ T8717] ip_set_dump_start+0x10f9/0x1800 [ 68.884585][ T8717] netlink_dump+0x4ed/0x1170 [ 68.889178][ T8717] __netlink_dump_start+0x5cb/0x7b0 [ 68.894384][ T8717] ip_set_dump+0x107/0x160 [ 68.898796][ T8717] ? __find_set_type_get+0x540/0x540 [ 68.904071][ T8717] ? ip_set_dump_start+0x1800/0x1800 [ 68.909479][ T8717] ? ip_set_swap+0x730/0x730 [ 68.914380][ T8717] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 68.919325][ T8717] ? cap_capable+0x25b/0x290 [ 68.924033][ T8717] ? cap_capable+0x25b/0x290 [ 68.928620][ T8717] netlink_rcv_skb+0x19e/0x3e0 [ 68.933383][ T8717] ? nfnetlink_bind+0x250/0x250 [ 68.938230][ T8717] nfnetlink_rcv+0x1e0/0x1e50 [ 68.943031][ T8717] ? rcu_lock_release+0x9/0x30 [ 68.947837][ T8717] ? rcu_lock_release+0x21/0x30 [ 68.952794][ T8717] ? netlink_deliver_tap+0x142/0x880 [ 68.958292][ T8717] netlink_unicast+0x767/0x920 [ 68.963051][ T8717] netlink_sendmsg+0xa2c/0xd50 [ 68.967813][ T8717] ? netlink_getsockopt+0x9f0/0x9f0 [ 68.973008][ T8717] ____sys_sendmsg+0x4f7/0x7f0 [ 68.977988][ T8717] __sys_sendmsg+0x1ed/0x290 [ 68.982778][ T8717] ? check_preemption_disabled+0xb4/0x260 [ 68.990338][ T8717] ? debug_smp_processor_id+0x9/0x20 [ 68.995623][ T8717] ? debug_smp_processor_id+0x1c/0x20 [ 69.000992][ T8717] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 69.007064][ T8717] ? prepare_exit_to_usermode+0x221/0x5b0 [ 69.013033][ T8717] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 69.018742][ T8717] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 69.024200][ T8717] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 69.029916][ T8717] ? do_syscall_64+0x1d/0x1c0 [ 69.034607][ T8717] __x64_sys_sendmsg+0x7f/0x90 [ 69.039373][ T8717] do_syscall_64+0xf7/0x1c0 [ 69.043887][ T8717] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.049771][ T8717] RIP: 0033:0x440529 [ 69.053665][ T8717] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.073518][ T8717] RSP: 002b:00007ffeac493058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 69.081939][ T8717] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 69.089919][ T8717] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004 [ 69.098007][ T8717] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 69.105973][ T8717] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0 [ 69.114075][ T8717] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 69.122158][ T8717] [ 69.124482][ T8717] Allocated by task 8717: [ 69.129068][ T8717] __kasan_kmalloc+0x118/0x1c0 [ 69.133823][ T8717] kasan_kmalloc+0x9/0x10 [ 69.138145][ T8717] __kmalloc+0x254/0x340 [ 69.142368][ T8717] kzalloc+0x21/0x40 [ 69.146302][ T8717] ip_set_alloc+0x32/0x60 [ 69.150622][ T8717] bitmap_ipmac_create+0x3d9/0x840 [ 69.155716][ T8717] ip_set_create+0x421/0xfd0 [ 69.160573][ T8717] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 69.165546][ T8717] netlink_rcv_skb+0x19e/0x3e0 [ 69.170475][ T8717] nfnetlink_rcv+0x1e0/0x1e50 [ 69.175154][ T8717] netlink_unicast+0x767/0x920 [ 69.179908][ T8717] netlink_sendmsg+0xa2c/0xd50 [ 69.184654][ T8717] ____sys_sendmsg+0x4f7/0x7f0 [ 69.189435][ T8717] __sys_sendmsg+0x1ed/0x290 [ 69.194003][ T8717] __x64_sys_sendmsg+0x7f/0x90 [ 69.198759][ T8717] do_syscall_64+0xf7/0x1c0 [ 69.203288][ T8717] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.209270][ T8717] [ 69.211632][ T8717] Freed by task 8437: [ 69.215741][ T8717] __kasan_slab_free+0x12e/0x1e0 [ 69.220660][ T8717] kasan_slab_free+0xe/0x10 [ 69.225152][ T8717] kfree+0x10d/0x220 [ 69.229040][ T8717] tomoyo_path_perm+0x6ae/0x850 [ 69.233879][ T8717] tomoyo_inode_getattr+0x1c/0x20 [ 69.238891][ T8717] security_inode_getattr+0xc0/0x140 [ 69.244166][ T8717] vfs_getattr+0x2a/0x6d0 [ 69.248475][ T8717] __se_sys_newstat+0x95/0x150 [ 69.253228][ T8717] __x64_sys_newstat+0x5b/0x70 [ 69.257981][ T8717] do_syscall_64+0xf7/0x1c0 [ 69.262481][ T8717] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.268358][ T8717] [ 69.270705][ T8717] The buggy address belongs to the object at ffff8880a3f15200 [ 69.270705][ T8717] which belongs to the cache kmalloc-32 of size 32 [ 69.284588][ T8717] The buggy address is located 0 bytes inside of [ 69.284588][ T8717] 32-byte region [ffff8880a3f15200, ffff8880a3f15220) [ 69.297586][ T8717] The buggy address belongs to the page: [ 69.303212][ T8717] page:ffffea00028fc540 refcount:1 mapcount:0 mapping:ffff8880aa8001c0 index:0xffff8880a3f15fc1 [ 69.313607][ T8717] raw: 00fffe0000000200 ffffea00027c1e88 ffffea000293f1c8 ffff8880aa8001c0 [ 69.322166][ T8717] raw: ffff8880a3f15fc1 ffff8880a3f15000 000000010000003f 0000000000000000 [ 69.330736][ T8717] page dumped because: kasan: bad access detected [ 69.337507][ T8717] [ 69.339815][ T8717] Memory state around the buggy address: [ 69.345426][ T8717] ffff8880a3f15100: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc [ 69.353488][ T8717] ffff8880a3f15180: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 69.361548][ T8717] >ffff8880a3f15200: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 69.369602][ T8717] ^ [ 69.373651][ T8717] ffff8880a3f15280: 00 00 01 fc fc fc fc fc fb fb fb fb fc fc fc fc [ 69.381703][ T8717] ffff8880a3f15300: 00 00 01 fc fc fc fc fc fb fb fb fb fc fc fc fc [ 69.389741][ T8717] ================================================================== [ 69.397779][ T8717] Disabling lock debugging due to kernel taint [ 69.404672][ T8717] Kernel panic - not syncing: panic_on_warn set ... [ 69.411267][ T8717] CPU: 1 PID: 8717 Comm: syz-executor820 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 69.421314][ T8717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.431358][ T8717] Call Trace: [ 69.434706][ T8717] dump_stack+0x1fb/0x318 [ 69.439028][ T8717] panic+0x264/0x7a9 [ 69.442903][ T8717] ? __kasan_report+0x193/0x1c0 [ 69.447739][ T8717] ? trace_hardirqs_on+0x34/0x80 [ 69.452714][ T8717] ? __kasan_report+0x193/0x1c0 [ 69.457823][ T8717] __kasan_report+0x1b9/0x1c0 [ 69.462514][ T8717] ? bitmap_ipmac_list+0x40d/0xdd0 [ 69.467640][ T8717] kasan_report+0x26/0x50 [ 69.471970][ T8717] ? debug_smp_processor_id+0x9/0x20 [ 69.477247][ T8717] check_memory_region+0x2b6/0x2f0 [ 69.482431][ T8717] __kasan_check_read+0x11/0x20 [ 69.487280][ T8717] bitmap_ipmac_list+0x40d/0xdd0 [ 69.492211][ T8717] ? ip_set_put_flags+0x15c/0x250 [ 69.497234][ T8717] ip_set_dump_start+0x10f9/0x1800 [ 69.502454][ T8717] netlink_dump+0x4ed/0x1170 [ 69.507024][ T8717] __netlink_dump_start+0x5cb/0x7b0 [ 69.512218][ T8717] ip_set_dump+0x107/0x160 [ 69.516624][ T8717] ? __find_set_type_get+0x540/0x540 [ 69.521911][ T8717] ? ip_set_dump_start+0x1800/0x1800 [ 69.527274][ T8717] ? ip_set_swap+0x730/0x730 [ 69.531883][ T8717] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 69.536831][ T8717] ? cap_capable+0x25b/0x290 [ 69.541447][ T8717] ? cap_capable+0x25b/0x290 [ 69.546040][ T8717] netlink_rcv_skb+0x19e/0x3e0 [ 69.550790][ T8717] ? nfnetlink_bind+0x250/0x250 [ 69.555680][ T8717] nfnetlink_rcv+0x1e0/0x1e50 [ 69.560369][ T8717] ? rcu_lock_release+0x9/0x30 [ 69.565138][ T8717] ? rcu_lock_release+0x21/0x30 [ 69.569975][ T8717] ? netlink_deliver_tap+0x142/0x880 [ 69.575373][ T8717] netlink_unicast+0x767/0x920 [ 69.580244][ T8717] netlink_sendmsg+0xa2c/0xd50 [ 69.584996][ T8717] ? netlink_getsockopt+0x9f0/0x9f0 [ 69.590170][ T8717] ____sys_sendmsg+0x4f7/0x7f0 [ 69.594928][ T8717] __sys_sendmsg+0x1ed/0x290 [ 69.599705][ T8717] ? check_preemption_disabled+0xb4/0x260 [ 69.605409][ T8717] ? debug_smp_processor_id+0x9/0x20 [ 69.610802][ T8717] ? debug_smp_processor_id+0x1c/0x20 [ 69.616165][ T8717] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 69.622366][ T8717] ? prepare_exit_to_usermode+0x221/0x5b0 [ 69.628077][ T8717] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 69.633783][ T8717] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 69.639233][ T8717] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 69.644933][ T8717] ? do_syscall_64+0x1d/0x1c0 [ 69.649600][ T8717] __x64_sys_sendmsg+0x7f/0x90 [ 69.654351][ T8717] do_syscall_64+0xf7/0x1c0 [ 69.658841][ T8717] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.664719][ T8717] RIP: 0033:0x440529 [ 69.668596][ T8717] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.688320][ T8717] RSP: 002b:00007ffeac493058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 69.696827][ T8717] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 69.704788][ T8717] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004 [ 69.712752][ T8717] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 69.720720][ T8717] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0 [ 69.728766][ T8717] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 69.738318][ T8717] Kernel Offset: disabled [ 69.742656][ T8717] Rebooting in 86400 seconds..