Warning: Permanently added '10.128.0.82' (ECDSA) to the list of known hosts. executing program executing program [ 68.587318][ T8742] ================================================================== [ 68.596950][ T8742] BUG: KASAN: slab-out-of-bounds in bitmap_port_list+0x386/0xb60 [ 68.605165][ T8742] Read of size 8 at addr ffff8880a757a3c0 by task syz-executor872/8742 [ 68.613534][ T8742] [ 68.616130][ T8742] CPU: 0 PID: 8742 Comm: syz-executor872 Not tainted 5.5.0-rc6-syzkaller #0 [ 68.625269][ T8742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.635519][ T8742] Call Trace: [ 68.638826][ T8742] dump_stack+0x1fb/0x318 [ 68.643261][ T8742] print_address_description+0x74/0x5c0 [ 68.648815][ T8742] ? vprintk_func+0x158/0x170 [ 68.653490][ T8742] ? printk+0x62/0x8d [ 68.657457][ T8742] ? vprintk_emit+0x2d4/0x3a0 [ 68.662117][ T8742] __kasan_report+0x149/0x1c0 [ 68.666880][ T8742] ? bitmap_port_list+0x386/0xb60 [ 68.671914][ T8742] kasan_report+0x26/0x50 [ 68.676245][ T8742] ? debug_smp_processor_id+0x9/0x20 [ 68.681533][ T8742] check_memory_region+0x2b6/0x2f0 [ 68.687257][ T8742] __kasan_check_read+0x11/0x20 [ 68.692091][ T8742] bitmap_port_list+0x386/0xb60 [ 68.696928][ T8742] ? ip_set_put_flags+0x15c/0x250 [ 68.701953][ T8742] ip_set_dump_start+0x10f9/0x1800 [ 68.707264][ T8742] netlink_dump+0x4ed/0x1170 [ 68.711950][ T8742] __netlink_dump_start+0x5cb/0x7b0 [ 68.717137][ T8742] ip_set_dump+0x107/0x160 [ 68.721535][ T8742] ? __find_set_type_get+0x540/0x540 [ 68.726799][ T8742] ? ip_set_dump_start+0x1800/0x1800 [ 68.732249][ T8742] ? ip_set_swap+0x730/0x730 [ 68.736842][ T8742] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 68.743462][ T8742] ? cap_capable+0x25b/0x290 [ 68.748042][ T8742] ? cap_capable+0x25b/0x290 [ 68.752747][ T8742] netlink_rcv_skb+0x19e/0x3e0 [ 68.758094][ T8742] ? nfnetlink_bind+0x250/0x250 [ 68.763309][ T8742] nfnetlink_rcv+0x1e0/0x1e50 [ 68.768096][ T8742] ? rcu_lock_release+0x9/0x30 [ 68.772892][ T8742] ? rcu_lock_release+0x21/0x30 [ 68.777741][ T8742] ? netlink_deliver_tap+0x142/0x880 [ 68.783147][ T8742] netlink_unicast+0x767/0x920 [ 68.787907][ T8742] netlink_sendmsg+0xa2c/0xd50 [ 68.792669][ T8742] ? netlink_getsockopt+0x9f0/0x9f0 [ 68.797876][ T8742] ____sys_sendmsg+0x4f7/0x7f0 [ 68.802636][ T8742] __sys_sendmsg+0x1ed/0x290 [ 68.807236][ T8742] ? up_read+0x1d/0x20 [ 68.811299][ T8742] ? do_user_addr_fault+0x654/0xaf0 [ 68.816505][ T8742] ? check_preemption_disabled+0xb4/0x260 [ 68.822236][ T8742] ? debug_smp_processor_id+0x9/0x20 [ 68.827534][ T8742] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 68.833107][ T8742] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 68.838809][ T8742] ? do_syscall_64+0x1d/0x1c0 [ 68.843469][ T8742] __x64_sys_sendmsg+0x7f/0x90 [ 68.848241][ T8742] do_syscall_64+0xf7/0x1c0 [ 68.852830][ T8742] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.858834][ T8742] RIP: 0033:0x441479 [ 68.862735][ T8742] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 68.882382][ T8742] RSP: 002b:00007ffe8d651888 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 68.890930][ T8742] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441479 [ 68.898898][ T8742] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 68.906855][ T8742] RBP: 0000000000010bcc R08: 00000000004002c8 R09: 00000000004002c8 [ 68.914906][ T8742] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004022a0 [ 68.922900][ T8742] R13: 0000000000402330 R14: 0000000000000000 R15: 0000000000000000 [ 68.931043][ T8742] [ 68.933356][ T8742] Allocated by task 8741: [ 68.937676][ T8742] __kasan_kmalloc+0x118/0x1c0 [ 68.942434][ T8742] kasan_kmalloc+0x9/0x10 [ 68.946750][ T8742] __kmalloc+0x254/0x340 [ 68.950994][ T8742] kzalloc+0x21/0x40 [ 68.954883][ T8742] ip_set_alloc+0x32/0x60 [ 68.959339][ T8742] bitmap_port_create+0x32c/0x790 [ 68.964352][ T8742] ip_set_create+0x421/0xfd0 [ 68.969018][ T8742] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 68.973978][ T8742] netlink_rcv_skb+0x19e/0x3e0 [ 68.978768][ T8742] nfnetlink_rcv+0x1e0/0x1e50 [ 68.983781][ T8742] netlink_unicast+0x767/0x920 [ 68.988594][ T8742] netlink_sendmsg+0xa2c/0xd50 [ 68.993338][ T8742] ____sys_sendmsg+0x4f7/0x7f0 [ 68.998079][ T8742] __sys_sendmsg+0x1ed/0x290 [ 69.002639][ T8742] __x64_sys_sendmsg+0x7f/0x90 [ 69.007381][ T8742] do_syscall_64+0xf7/0x1c0 [ 69.011863][ T8742] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.017741][ T8742] [ 69.020047][ T8742] Freed by task 8472: [ 69.024030][ T8742] __kasan_slab_free+0x12e/0x1e0 [ 69.028940][ T8742] kasan_slab_free+0xe/0x10 [ 69.035068][ T8742] kfree+0x10d/0x220 [ 69.038952][ T8742] tomoyo_check_open_permission+0x79c/0x9d0 [ 69.044816][ T8742] tomoyo_file_open+0x141/0x190 [ 69.049655][ T8742] security_file_open+0x50/0x2e0 [ 69.054566][ T8742] do_dentry_open+0x351/0x10c0 [ 69.059304][ T8742] vfs_open+0x73/0x80 [ 69.063262][ T8742] path_openat+0x1367/0x4250 [ 69.067826][ T8742] do_filp_open+0x192/0x3d0 [ 69.072310][ T8742] do_sys_open+0x29f/0x560 [ 69.076712][ T8742] __x64_sys_open+0x87/0x90 [ 69.081198][ T8742] do_syscall_64+0xf7/0x1c0 [ 69.085681][ T8742] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.091545][ T8742] [ 69.093855][ T8742] The buggy address belongs to the object at ffff8880a757a3c0 [ 69.093855][ T8742] which belongs to the cache kmalloc-32 of size 32 [ 69.108244][ T8742] The buggy address is located 0 bytes inside of [ 69.108244][ T8742] 32-byte region [ffff8880a757a3c0, ffff8880a757a3e0) [ 69.121232][ T8742] The buggy address belongs to the page: [ 69.126840][ T8742] page:ffffea00029d5e80 refcount:1 mapcount:0 mapping:ffff8880aa8001c0 index:0xffff8880a757afc1 [ 69.137247][ T8742] raw: 00fffe0000000200 ffffea00029d6148 ffffea0002848148 ffff8880aa8001c0 [ 69.145852][ T8742] raw: ffff8880a757afc1 ffff8880a757a000 000000010000003e 0000000000000000 [ 69.154528][ T8742] page dumped because: kasan: bad access detected [ 69.160917][ T8742] [ 69.163231][ T8742] Memory state around the buggy address: [ 69.168840][ T8742] ffff8880a757a280: fb fb fb fb fc fc fc fc 00 02 fc fc fc fc fc fc [ 69.176877][ T8742] ffff8880a757a300: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 69.184936][ T8742] >ffff8880a757a380: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 69.192973][ T8742] ^ [ 69.199186][ T8742] ffff8880a757a400: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 69.207235][ T8742] ffff8880a757a480: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc [ 69.215280][ T8742] ================================================================== [ 69.223335][ T8742] Disabling lock debugging due to kernel taint [ 69.231663][ T8742] Kernel panic - not syncing: panic_on_warn set ... [ 69.238289][ T8742] CPU: 0 PID: 8742 Comm: syz-executor872 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 69.250772][ T8742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.261258][ T8742] Call Trace: [ 69.264580][ T8742] dump_stack+0x1fb/0x318 [ 69.268895][ T8742] panic+0x264/0x7a9 [ 69.272773][ T8742] ? __kasan_report+0x193/0x1c0 [ 69.277613][ T8742] ? trace_hardirqs_on+0x34/0x80 [ 69.282543][ T8742] ? __kasan_report+0x193/0x1c0 [ 69.287382][ T8742] __kasan_report+0x1b9/0x1c0 [ 69.292080][ T8742] ? bitmap_port_list+0x386/0xb60 [ 69.297112][ T8742] kasan_report+0x26/0x50 [ 69.301436][ T8742] ? debug_smp_processor_id+0x9/0x20 [ 69.306726][ T8742] check_memory_region+0x2b6/0x2f0 [ 69.312055][ T8742] __kasan_check_read+0x11/0x20 [ 69.316899][ T8742] bitmap_port_list+0x386/0xb60 [ 69.321782][ T8742] ? ip_set_put_flags+0x15c/0x250 [ 69.326832][ T8742] ip_set_dump_start+0x10f9/0x1800 [ 69.331942][ T8742] netlink_dump+0x4ed/0x1170 [ 69.336528][ T8742] __netlink_dump_start+0x5cb/0x7b0 [ 69.341766][ T8742] ip_set_dump+0x107/0x160 [ 69.346181][ T8742] ? __find_set_type_get+0x540/0x540 [ 69.351593][ T8742] ? ip_set_dump_start+0x1800/0x1800 [ 69.356855][ T8742] ? ip_set_swap+0x730/0x730 [ 69.361426][ T8742] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 69.366368][ T8742] ? cap_capable+0x25b/0x290 [ 69.370963][ T8742] ? cap_capable+0x25b/0x290 [ 69.375531][ T8742] netlink_rcv_skb+0x19e/0x3e0 [ 69.380279][ T8742] ? nfnetlink_bind+0x250/0x250 [ 69.385112][ T8742] nfnetlink_rcv+0x1e0/0x1e50 [ 69.389777][ T8742] ? rcu_lock_release+0x9/0x30 [ 69.394532][ T8742] ? rcu_lock_release+0x21/0x30 [ 69.399358][ T8742] ? netlink_deliver_tap+0x142/0x880 [ 69.404619][ T8742] netlink_unicast+0x767/0x920 [ 69.409369][ T8742] netlink_sendmsg+0xa2c/0xd50 [ 69.414140][ T8742] ? netlink_getsockopt+0x9f0/0x9f0 [ 69.419329][ T8742] ____sys_sendmsg+0x4f7/0x7f0 [ 69.424095][ T8742] __sys_sendmsg+0x1ed/0x290 [ 69.428669][ T8742] ? up_read+0x1d/0x20 [ 69.432718][ T8742] ? do_user_addr_fault+0x654/0xaf0 [ 69.437912][ T8742] ? check_preemption_disabled+0xb4/0x260 [ 69.443623][ T8742] ? debug_smp_processor_id+0x9/0x20 [ 69.448880][ T8742] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 69.454415][ T8742] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 69.460123][ T8742] ? do_syscall_64+0x1d/0x1c0 [ 69.464774][ T8742] __x64_sys_sendmsg+0x7f/0x90 [ 69.469525][ T8742] do_syscall_64+0xf7/0x1c0 [ 69.474020][ T8742] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.479892][ T8742] RIP: 0033:0x441479 [ 69.483820][ T8742] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.503509][ T8742] RSP: 002b:00007ffe8d651888 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 69.511904][ T8742] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441479 [ 69.525946][ T8742] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 69.533900][ T8742] RBP: 0000000000010bcc R08: 00000000004002c8 R09: 00000000004002c8 [ 69.541847][ T8742] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000004022a0 [ 69.549834][ T8742] R13: 0000000000402330 R14: 0000000000000000 R15: 0000000000000000 [ 69.559029][ T8742] Kernel Offset: disabled [ 69.563363][ T8742] Rebooting in 86400 seconds..