Warning: Permanently added '10.128.0.162' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 103.413296][ T9869] ================================================================== [ 103.421612][ T9869] BUG: KASAN: slab-out-of-bounds in bitmap_ip_del+0xdb/0x380 [ 103.428971][ T9869] Write of size 8 at addr ffff888094779ec0 by task syz-executor498/9869 [ 103.438323][ T9869] [ 103.440643][ T9869] CPU: 0 PID: 9869 Comm: syz-executor498 Not tainted 5.5.0-rc5-syzkaller #0 [ 103.449295][ T9869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 103.459339][ T9869] Call Trace: [ 103.462628][ T9869] dump_stack+0x197/0x210 [ 103.467071][ T9869] ? bitmap_ip_del+0xdb/0x380 [ 103.471750][ T9869] print_address_description.constprop.0.cold+0xd4/0x30b [ 103.478765][ T9869] ? bitmap_ip_del+0xdb/0x380 [ 103.483447][ T9869] ? bitmap_ip_del+0xdb/0x380 [ 103.488244][ T9869] __kasan_report.cold+0x1b/0x41 [ 103.493185][ T9869] ? __sanitizer_cov_trace_const_cmp2+0x11/0x20 [ 103.499418][ T9869] ? bitmap_ip_del+0xdb/0x380 [ 103.504167][ T9869] kasan_report+0x12/0x20 [ 103.508633][ T9869] check_memory_region+0x134/0x1a0 [ 103.513756][ T9869] __kasan_check_write+0x14/0x20 [ 103.518745][ T9869] bitmap_ip_del+0xdb/0x380 [ 103.523367][ T9869] bitmap_ip_uadt+0x73e/0xa10 [ 103.528045][ T9869] ? bitmap_ip_create+0xc20/0xc20 [ 103.533123][ T9869] ? bitmap_ip_kadt+0x5a0/0x5a0 [ 103.538277][ T9869] ? __kasan_check_write+0x14/0x20 [ 103.543385][ T9869] ? lock_set_class+0x330/0x7a0 [ 103.548250][ T9869] call_ad+0x1a0/0x5a0 [ 103.552577][ T9869] ? start_msg+0x220/0x220 [ 103.557002][ T9869] ? nla_memcpy+0xb0/0xb0 [ 103.561387][ T9869] ? __nla_parse+0x43/0x60 [ 103.565897][ T9869] ip_set_ad.isra.0+0x572/0xb20 [ 103.570876][ T9869] ? ip_set_nfnl_get_byindex+0x460/0x460 [ 103.576603][ T9869] ? nla_memcpy+0xb0/0xb0 [ 103.580938][ T9869] ? lock_downgrade+0x920/0x920 [ 103.585804][ T9869] ip_set_udel+0x3a/0x50 [ 103.590063][ T9869] ? ip_set_ad.isra.0+0xb20/0xb20 [ 103.595176][ T9869] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 103.600124][ T9869] ? nfnetlink_bind+0x2c0/0x2c0 [ 103.604988][ T9869] ? __kasan_check_read+0x11/0x20 [ 103.610119][ T9869] ? __lock_acquire+0x8a0/0x4a00 [ 103.615165][ T9869] ? save_stack+0x5c/0x90 [ 103.619498][ T9869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.626351][ T9869] ? apparmor_capable+0x497/0x900 [ 103.631373][ T9869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.639015][ T9869] ? __kasan_check_read+0x11/0x20 [ 103.644172][ T9869] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 103.649648][ T9869] netlink_rcv_skb+0x177/0x450 [ 103.654496][ T9869] ? nfnetlink_bind+0x2c0/0x2c0 [ 103.659404][ T9869] ? netlink_ack+0xb50/0xb50 [ 103.664190][ T9869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.670941][ T9869] ? ns_capable_common+0x93/0x100 [ 103.675975][ T9869] ? ns_capable+0x20/0x30 [ 103.680438][ T9869] ? __netlink_ns_capable+0x104/0x140 [ 103.685857][ T9869] nfnetlink_rcv+0x1ba/0x460 [ 103.690456][ T9869] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 103.695912][ T9869] ? netlink_deliver_tap+0x24a/0xbe0 [ 103.701322][ T9869] ? __kasan_check_write+0x14/0x20 [ 103.706521][ T9869] netlink_unicast+0x58c/0x7d0 [ 103.711317][ T9869] ? netlink_attachskb+0x870/0x870 [ 103.716525][ T9869] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 103.723187][ T9869] ? __check_object_size+0x3d/0x437 [ 103.735110][ T9869] netlink_sendmsg+0x91c/0xea0 [ 103.740079][ T9869] ? netlink_unicast+0x7d0/0x7d0 [ 103.745417][ T9869] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 103.750972][ T9869] ? apparmor_socket_sendmsg+0x2a/0x30 [ 103.756549][ T9869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.762793][ T9869] ? security_socket_sendmsg+0x8d/0xc0 [ 103.768249][ T9869] ? netlink_unicast+0x7d0/0x7d0 [ 103.773189][ T9869] sock_sendmsg+0xd7/0x130 [ 103.777835][ T9869] ____sys_sendmsg+0x753/0x880 [ 103.782884][ T9869] ? kernel_sendmsg+0x50/0x50 [ 103.787676][ T9869] ? lockdep_init_map+0x1be/0x6d0 [ 103.792768][ T9869] ___sys_sendmsg+0x100/0x170 [ 103.797603][ T9869] ? sendmsg_copy_msghdr+0x70/0x70 [ 103.802731][ T9869] ? __kasan_check_read+0x11/0x20 [ 103.807958][ T9869] ? __lock_acquire+0x8a0/0x4a00 [ 103.813691][ T9869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.820077][ T9869] ? __this_cpu_preempt_check+0x35/0x190 [ 103.825713][ T9869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.832109][ T9869] ? percpu_counter_add_batch+0x13c/0x190 [ 103.837949][ T9869] ? __fd_install+0x1bc/0x640 [ 103.842633][ T9869] ? find_held_lock+0x35/0x130 [ 103.848533][ T9869] ? __fd_install+0x1bc/0x640 [ 103.853264][ T9869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 103.859619][ T9869] ? __fget_light+0x1a9/0x230 [ 103.864350][ T9869] ? __fdget+0x1b/0x20 [ 103.868447][ T9869] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 103.874784][ T9869] __sys_sendmsg+0x105/0x1d0 [ 103.879358][ T9869] ? __sys_sendmsg_sock+0xc0/0xc0 [ 103.884414][ T9869] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 103.889966][ T9869] ? do_syscall_64+0x26/0x790 [ 103.894643][ T9869] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 103.900701][ T9869] ? do_syscall_64+0x26/0x790 [ 103.905402][ T9869] __x64_sys_sendmsg+0x78/0xb0 [ 103.910200][ T9869] do_syscall_64+0xfa/0x790 [ 103.914749][ T9869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 103.920658][ T9869] RIP: 0033:0x440689 [ 103.924545][ T9869] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 103.945415][ T9869] RSP: 002b:00007ffc9c51e348 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 103.953833][ T9869] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440689 [ 103.961811][ T9869] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004 [ 103.969793][ T9869] RBP: 00000000006ca018 R08: 000000000000001c R09: 00000000004002c8 [ 103.977771][ T9869] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000401f10 [ 103.985735][ T9869] R13: 0000000000401fa0 R14: 0000000000000000 R15: 0000000000000000 [ 103.994565][ T9869] [ 103.996887][ T9869] Allocated by task 9869: [ 104.001222][ T9869] save_stack+0x23/0x90 [ 104.005378][ T9869] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 104.011090][ T9869] kasan_kmalloc+0x9/0x10 [ 104.015418][ T9869] __kmalloc+0x163/0x770 [ 104.019660][ T9869] ip_set_alloc+0x38/0x5e [ 104.023987][ T9869] bitmap_ip_create+0x6ec/0xc20 [ 104.028847][ T9869] ip_set_create+0x6f1/0x1500 [ 104.033513][ T9869] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 104.038473][ T9869] netlink_rcv_skb+0x177/0x450 [ 104.043244][ T9869] nfnetlink_rcv+0x1ba/0x460 [ 104.047832][ T9869] netlink_unicast+0x58c/0x7d0 [ 104.052602][ T9869] netlink_sendmsg+0x91c/0xea0 [ 104.057431][ T9869] sock_sendmsg+0xd7/0x130 [ 104.061980][ T9869] ____sys_sendmsg+0x753/0x880 [ 104.066816][ T9869] ___sys_sendmsg+0x100/0x170 [ 104.071471][ T9869] __sys_sendmsg+0x105/0x1d0 [ 104.076109][ T9869] __x64_sys_sendmsg+0x78/0xb0 [ 104.080899][ T9869] do_syscall_64+0xfa/0x790 [ 104.085401][ T9869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.091615][ T9869] [ 104.094021][ T9869] Freed by task 9598: [ 104.098123][ T9869] save_stack+0x23/0x90 [ 104.103222][ T9869] __kasan_slab_free+0x102/0x150 [ 104.108159][ T9869] kasan_slab_free+0xe/0x10 [ 104.112662][ T9869] kfree+0x10a/0x2c0 [ 104.116607][ T9869] tomoyo_check_open_permission+0x19e/0x3e0 [ 104.122632][ T9869] tomoyo_file_open+0xa9/0xd0 [ 104.127308][ T9869] security_file_open+0x71/0x300 [ 104.132287][ T9869] do_dentry_open+0x37a/0x1380 [ 104.137062][ T9869] vfs_open+0xa0/0xd0 [ 104.141049][ T9869] path_openat+0x10df/0x4500 [ 104.145631][ T9869] do_filp_open+0x1a1/0x280 [ 104.150130][ T9869] do_sys_open+0x3fe/0x5d0 [ 104.154546][ T9869] __x64_sys_open+0x7e/0xc0 [ 104.159062][ T9869] do_syscall_64+0xfa/0x790 [ 104.163561][ T9869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.169550][ T9869] [ 104.171893][ T9869] The buggy address belongs to the object at ffff888094779ec0 [ 104.171893][ T9869] which belongs to the cache kmalloc-32 of size 32 [ 104.186982][ T9869] The buggy address is located 0 bytes inside of [ 104.186982][ T9869] 32-byte region [ffff888094779ec0, ffff888094779ee0) [ 104.200832][ T9869] The buggy address belongs to the page: [ 104.206561][ T9869] page:ffffea000251de40 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff888094779fc1 [ 104.217084][ T9869] raw: 00fffe0000000200 ffffea00027fee88 ffffea0002a42888 ffff8880aa4001c0 [ 104.225873][ T9869] raw: ffff888094779fc1 ffff888094779000 000000010000002f 0000000000000000 [ 104.234457][ T9869] page dumped because: kasan: bad access detected [ 104.240865][ T9869] [ 104.243181][ T9869] Memory state around the buggy address: [ 104.249425][ T9869] ffff888094779d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 104.257493][ T9869] ffff888094779e00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 104.266783][ T9869] >ffff888094779e80: 00 00 05 fc fc fc fc fc 04 fc fc fc fc fc fc fc [ 104.275668][ T9869] ^ [ 104.281988][ T9869] ffff888094779f00: 00 fc fc fc fc fc fc fc 00 00 03 fc fc fc fc fc [ 104.290054][ T9869] ffff888094779f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 104.298108][ T9869] ================================================================== [ 104.306217][ T9869] Disabling lock debugging due to kernel taint [ 104.312659][ T9869] Kernel panic - not syncing: panic_on_warn set ... [ 104.319255][ T9869] CPU: 0 PID: 9869 Comm: syz-executor498 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 104.329313][ T9869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 104.339359][ T9869] Call Trace: [ 104.342754][ T9869] dump_stack+0x197/0x210 [ 104.347103][ T9869] panic+0x2e3/0x75c [ 104.351003][ T9869] ? add_taint.cold+0x16/0x16 [ 104.355676][ T9869] ? retint_kernel+0x2b/0x2b [ 104.360273][ T9869] ? trace_hardirqs_on+0x5e/0x240 [ 104.365304][ T9869] ? bitmap_ip_del+0xdb/0x380 [ 104.370081][ T9869] end_report+0x47/0x4f [ 104.374349][ T9869] ? bitmap_ip_del+0xdb/0x380 [ 104.379021][ T9869] __kasan_report.cold+0xe/0x41 [ 104.383865][ T9869] ? __sanitizer_cov_trace_const_cmp2+0x11/0x20 [ 104.390170][ T9869] ? bitmap_ip_del+0xdb/0x380 [ 104.394946][ T9869] kasan_report+0x12/0x20 [ 104.399308][ T9869] check_memory_region+0x134/0x1a0 [ 104.406282][ T9869] __kasan_check_write+0x14/0x20 [ 104.411337][ T9869] bitmap_ip_del+0xdb/0x380 [ 104.415834][ T9869] bitmap_ip_uadt+0x73e/0xa10 [ 104.420624][ T9869] ? bitmap_ip_create+0xc20/0xc20 [ 104.425640][ T9869] ? bitmap_ip_kadt+0x5a0/0x5a0 [ 104.430488][ T9869] ? __kasan_check_write+0x14/0x20 [ 104.435603][ T9869] ? lock_set_class+0x330/0x7a0 [ 104.440465][ T9869] call_ad+0x1a0/0x5a0 [ 104.444533][ T9869] ? start_msg+0x220/0x220 [ 104.449088][ T9869] ? nla_memcpy+0xb0/0xb0 [ 104.453403][ T9869] ? __nla_parse+0x43/0x60 [ 104.457817][ T9869] ip_set_ad.isra.0+0x572/0xb20 [ 104.462743][ T9869] ? ip_set_nfnl_get_byindex+0x460/0x460 [ 104.468440][ T9869] ? nla_memcpy+0xb0/0xb0 [ 104.472814][ T9869] ? lock_downgrade+0x920/0x920 [ 104.477682][ T9869] ip_set_udel+0x3a/0x50 [ 104.481910][ T9869] ? ip_set_ad.isra.0+0xb20/0xb20 [ 104.487145][ T9869] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 104.492094][ T9869] ? nfnetlink_bind+0x2c0/0x2c0 [ 104.497055][ T9869] ? __kasan_check_read+0x11/0x20 [ 104.502099][ T9869] ? __lock_acquire+0x8a0/0x4a00 [ 104.507036][ T9869] ? save_stack+0x5c/0x90 [ 104.511517][ T9869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.517951][ T9869] ? apparmor_capable+0x497/0x900 [ 104.522969][ T9869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.529198][ T9869] ? __kasan_check_read+0x11/0x20 [ 104.534213][ T9869] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 104.539783][ T9869] netlink_rcv_skb+0x177/0x450 [ 104.544538][ T9869] ? nfnetlink_bind+0x2c0/0x2c0 [ 104.549410][ T9869] ? netlink_ack+0xb50/0xb50 [ 104.553988][ T9869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.560242][ T9869] ? ns_capable_common+0x93/0x100 [ 104.565265][ T9869] ? ns_capable+0x20/0x30 [ 104.569591][ T9869] ? __netlink_ns_capable+0x104/0x140 [ 104.574964][ T9869] nfnetlink_rcv+0x1ba/0x460 [ 104.579644][ T9869] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 104.585096][ T9869] ? netlink_deliver_tap+0x24a/0xbe0 [ 104.590502][ T9869] ? __kasan_check_write+0x14/0x20 [ 104.595611][ T9869] netlink_unicast+0x58c/0x7d0 [ 104.600369][ T9869] ? netlink_attachskb+0x870/0x870 [ 104.605481][ T9869] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 104.611320][ T9869] ? __check_object_size+0x3d/0x437 [ 104.616520][ T9869] netlink_sendmsg+0x91c/0xea0 [ 104.621332][ T9869] ? netlink_unicast+0x7d0/0x7d0 [ 104.626267][ T9869] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 104.631810][ T9869] ? apparmor_socket_sendmsg+0x2a/0x30 [ 104.637264][ T9869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.643773][ T9869] ? security_socket_sendmsg+0x8d/0xc0 [ 104.649323][ T9869] ? netlink_unicast+0x7d0/0x7d0 [ 104.654343][ T9869] sock_sendmsg+0xd7/0x130 [ 104.658758][ T9869] ____sys_sendmsg+0x753/0x880 [ 104.663564][ T9869] ? kernel_sendmsg+0x50/0x50 [ 104.668256][ T9869] ? lockdep_init_map+0x1be/0x6d0 [ 104.673272][ T9869] ___sys_sendmsg+0x100/0x170 [ 104.677948][ T9869] ? sendmsg_copy_msghdr+0x70/0x70 [ 104.683125][ T9869] ? __kasan_check_read+0x11/0x20 [ 104.688138][ T9869] ? __lock_acquire+0x8a0/0x4a00 [ 104.693098][ T9869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.699474][ T9869] ? __this_cpu_preempt_check+0x35/0x190 [ 104.705115][ T9869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.711347][ T9869] ? percpu_counter_add_batch+0x13c/0x190 [ 104.717440][ T9869] ? __fd_install+0x1bc/0x640 [ 104.722118][ T9869] ? find_held_lock+0x35/0x130 [ 104.726893][ T9869] ? __fd_install+0x1bc/0x640 [ 104.732327][ T9869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.738734][ T9869] ? __fget_light+0x1a9/0x230 [ 104.743432][ T9869] ? __fdget+0x1b/0x20 [ 104.747498][ T9869] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 104.753745][ T9869] __sys_sendmsg+0x105/0x1d0 [ 104.758454][ T9869] ? __sys_sendmsg_sock+0xc0/0xc0 [ 104.763465][ T9869] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 104.769187][ T9869] ? do_syscall_64+0x26/0x790 [ 104.773937][ T9869] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.780135][ T9869] ? do_syscall_64+0x26/0x790 [ 104.784809][ T9869] __x64_sys_sendmsg+0x78/0xb0 [ 104.789581][ T9869] do_syscall_64+0xfa/0x790 [ 104.794083][ T9869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.799971][ T9869] RIP: 0033:0x440689 [ 104.803850][ T9869] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 104.823724][ T9869] RSP: 002b:00007ffc9c51e348 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 104.832362][ T9869] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440689 [ 104.840400][ T9869] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004 [ 104.848385][ T9869] RBP: 00000000006ca018 R08: 000000000000001c R09: 00000000004002c8 [ 104.856354][ T9869] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000401f10 [ 104.864413][ T9869] R13: 0000000000401fa0 R14: 0000000000000000 R15: 0000000000000000 [ 104.873811][ T9869] Kernel Offset: disabled [ 104.878148][ T9869] Rebooting in 86400 seconds..