Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts. executing program [ 113.422322][ T9604] ================================================================== [ 113.431018][ T9604] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080 [ 113.438905][ T9604] Read of size 8 at addr ffff8880a68065c0 by task syz-executor148/9604 [ 113.447404][ T9604] [ 113.449828][ T9604] CPU: 1 PID: 9604 Comm: syz-executor148 Not tainted 5.5.0-rc6-next-20200116-syzkaller #0 [ 113.459824][ T9604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.469877][ T9604] Call Trace: [ 113.473178][ T9604] dump_stack+0x197/0x210 [ 113.477500][ T9604] ? bitmap_ipmac_list+0x635/0x1080 [ 113.482784][ T9604] print_address_description.constprop.0.cold+0xd4/0x30b [ 113.489813][ T9604] ? bitmap_ipmac_list+0x635/0x1080 [ 113.496486][ T9604] ? bitmap_ipmac_list+0x635/0x1080 [ 113.501800][ T9604] __kasan_report.cold+0x1b/0x32 [ 113.506731][ T9604] ? bitmap_ipmac_list+0x635/0x1080 [ 113.511944][ T9604] kasan_report+0x12/0x20 [ 113.516273][ T9604] check_memory_region+0x134/0x1a0 [ 113.521383][ T9604] __kasan_check_read+0x11/0x20 [ 113.526222][ T9604] bitmap_ipmac_list+0x635/0x1080 [ 113.531252][ T9604] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 113.536353][ T9604] ? nla_put+0x110/0x150 [ 113.540594][ T9604] ip_set_dump_start+0x96c/0x1ca0 [ 113.545840][ T9604] ? ip_set_rename+0x720/0x720 [ 113.550911][ T9604] ? __kmalloc_reserve.isra.0+0x70/0xf0 [ 113.556457][ T9604] ? __lock_acquire+0x2660/0x4a00 [ 113.561523][ T9604] ? __kasan_check_write+0x14/0x20 [ 113.566651][ T9604] netlink_dump+0x558/0xfb0 [ 113.571155][ T9604] ? __netlink_sendskb+0xc0/0xc0 [ 113.576092][ T9604] __netlink_dump_start+0x673/0x930 [ 113.581762][ T9604] ip_set_dump+0x15a/0x1d0 [ 113.586170][ T9604] ? call_ad+0x5a0/0x5a0 [ 113.590408][ T9604] ? ip_set_rename+0x720/0x720 [ 113.595158][ T9604] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 113.600951][ T9604] ? call_ad+0x5a0/0x5a0 [ 113.605186][ T9604] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 113.610120][ T9604] ? nfnetlink_bind+0x2c0/0x2c0 [ 113.614980][ T9604] ? __kasan_check_read+0x11/0x20 [ 113.619993][ T9604] ? __lock_acquire+0x8a0/0x4a00 [ 113.625052][ T9604] ? save_stack+0x5c/0x90 [ 113.629394][ T9604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.635632][ T9604] ? apparmor_capable+0x4df/0x910 [ 113.640660][ T9604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.646901][ T9604] ? __kasan_check_read+0x11/0x20 [ 113.652795][ T9604] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 113.658370][ T9604] netlink_rcv_skb+0x177/0x450 [ 113.663118][ T9604] ? nfnetlink_bind+0x2c0/0x2c0 [ 113.667954][ T9604] ? netlink_ack+0xb50/0xb50 [ 113.672639][ T9604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.678919][ T9604] ? ns_capable_common+0x93/0x100 [ 113.683951][ T9604] ? ns_capable+0x20/0x30 [ 113.688331][ T9604] ? __netlink_ns_capable+0x104/0x140 [ 113.693703][ T9604] nfnetlink_rcv+0x1ba/0x460 [ 113.698293][ T9604] ? nfnetlink_rcv_batch+0x1780/0x1780 [ 113.703761][ T9604] ? netlink_deliver_tap+0x248/0xbf0 [ 113.709039][ T9604] ? __kasan_check_write+0x14/0x20 [ 113.714221][ T9604] netlink_unicast+0x59e/0x7e0 [ 113.718989][ T9604] ? netlink_attachskb+0x870/0x870 [ 113.724090][ T9604] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 113.729808][ T9604] ? __check_object_size+0x3d/0x437 [ 113.735106][ T9604] netlink_sendmsg+0x91c/0xea0 [ 113.739867][ T9604] ? netlink_unicast+0x7e0/0x7e0 [ 113.744807][ T9604] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 113.750569][ T9604] ? apparmor_socket_sendmsg+0x2a/0x30 [ 113.756026][ T9604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.762269][ T9604] ? security_socket_sendmsg+0x8d/0xc0 [ 113.767716][ T9604] ? netlink_unicast+0x7e0/0x7e0 [ 113.772719][ T9604] sock_sendmsg+0xd7/0x130 [ 113.777262][ T9604] ____sys_sendmsg+0x753/0x880 [ 113.782029][ T9604] ? kernel_sendmsg+0x50/0x50 [ 113.786832][ T9604] ? lockdep_init_map+0x1be/0x6d0 [ 113.791959][ T9604] ___sys_sendmsg+0x100/0x170 [ 113.796775][ T9604] ? sendmsg_copy_msghdr+0x70/0x70 [ 113.801883][ T9604] ? __kasan_check_read+0x11/0x20 [ 113.806908][ T9604] ? __lock_acquire+0x8a0/0x4a00 [ 113.811846][ T9604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.818195][ T9604] ? __this_cpu_preempt_check+0x35/0x190 [ 113.823846][ T9604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.830114][ T9604] ? percpu_counter_add_batch+0x13c/0x190 [ 113.835827][ T9604] ? __fd_install+0x1bc/0x640 [ 113.840570][ T9604] ? find_held_lock+0x35/0x130 [ 113.845340][ T9604] ? __fd_install+0x1bc/0x640 [ 113.850033][ T9604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.856269][ T9604] ? __fget_light+0x1ad/0x270 [ 113.860960][ T9604] ? __fdget+0x1b/0x20 [ 113.865049][ T9604] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 113.871292][ T9604] __sys_sendmsg+0x105/0x1d0 [ 113.875922][ T9604] ? __sys_sendmsg_sock+0xc0/0xc0 [ 113.880969][ T9604] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 113.886425][ T9604] ? do_syscall_64+0x26/0x790 [ 113.891104][ T9604] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.897171][ T9604] ? do_syscall_64+0x26/0x790 [ 113.901968][ T9604] __x64_sys_sendmsg+0x78/0xb0 [ 113.906744][ T9604] do_syscall_64+0xfa/0x790 [ 113.911249][ T9604] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.917130][ T9604] RIP: 0033:0x440529 [ 113.921018][ T9604] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 113.940620][ T9604] RSP: 002b:00007ffd0a7b0e78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 113.949032][ T9604] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 113.957018][ T9604] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004 [ 113.965010][ T9604] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 113.972998][ T9604] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0 [ 113.981000][ T9604] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 113.989112][ T9604] [ 113.991469][ T9604] Allocated by task 9604: [ 113.995797][ T9604] save_stack+0x23/0x90 [ 114.000014][ T9604] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 114.005744][ T9604] kasan_kmalloc+0x9/0x10 [ 114.010242][ T9604] __kmalloc+0x163/0x770 [ 114.014525][ T9604] ip_set_alloc+0x38/0x5e [ 114.018868][ T9604] bitmap_ipmac_create+0x4e8/0xa00 [ 114.023976][ T9604] ip_set_create+0x6f1/0x1500 [ 114.028725][ T9604] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 114.033654][ T9604] netlink_rcv_skb+0x177/0x450 [ 114.038440][ T9604] nfnetlink_rcv+0x1ba/0x460 [ 114.043021][ T9604] netlink_unicast+0x59e/0x7e0 [ 114.047944][ T9604] netlink_sendmsg+0x91c/0xea0 [ 114.052702][ T9604] sock_sendmsg+0xd7/0x130 [ 114.057115][ T9604] ____sys_sendmsg+0x753/0x880 [ 114.061870][ T9604] ___sys_sendmsg+0x100/0x170 [ 114.066535][ T9604] __sys_sendmsg+0x105/0x1d0 [ 114.071188][ T9604] __x64_sys_sendmsg+0x78/0xb0 [ 114.075948][ T9604] do_syscall_64+0xfa/0x790 [ 114.082356][ T9604] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 114.088346][ T9604] [ 114.090681][ T9604] Freed by task 4240: [ 114.094734][ T9604] save_stack+0x23/0x90 [ 114.098897][ T9604] __kasan_slab_free+0x102/0x150 [ 114.103936][ T9604] kasan_slab_free+0xe/0x10 [ 114.108444][ T9604] kfree+0x10a/0x2c0 [ 114.112339][ T9604] kvfree+0x4a/0x60 [ 114.116181][ T9604] __vunmap+0x6ba/0x950 [ 114.120368][ T9604] __vfree+0x41/0xd0 [ 114.124243][ T9604] vfree+0x5f/0x90 [ 114.127959][ T9604] n_tty_close+0xc3/0x130 [ 114.132284][ T9604] tty_ldisc_close.isra.0+0x119/0x1a0 [ 114.137765][ T9604] tty_ldisc_kill+0x9c/0x160 [ 114.142356][ T9604] tty_ldisc_release+0xe9/0x2b0 [ 114.147193][ T9604] tty_release_struct+0x1b/0x50 [ 114.152060][ T9604] tty_release+0xbcb/0xe90 [ 114.156466][ T9604] __fput+0x2ff/0x890 [ 114.160445][ T9604] ____fput+0x16/0x20 [ 114.164411][ T9604] task_work_run+0x145/0x1c0 [ 114.168992][ T9604] exit_to_usermode_loop+0x316/0x380 [ 114.174308][ T9604] do_syscall_64+0x676/0x790 [ 114.178911][ T9604] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 114.184792][ T9604] [ 114.187171][ T9604] The buggy address belongs to the object at ffff8880a68065c0 [ 114.187171][ T9604] which belongs to the cache kmalloc-32 of size 32 [ 114.201060][ T9604] The buggy address is located 0 bytes inside of [ 114.201060][ T9604] 32-byte region [ffff8880a68065c0, ffff8880a68065e0) [ 114.214234][ T9604] The buggy address belongs to the page: [ 114.219884][ T9604] page:ffffea00029a0180 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a6806fc1 [ 114.230287][ T9604] flags: 0xfffe0000000200(slab) [ 114.235137][ T9604] raw: 00fffe0000000200 ffffea00029be548 ffffea0002884988 ffff8880aa4001c0 [ 114.243725][ T9604] raw: ffff8880a6806fc1 ffff8880a6806000 0000000100000020 0000000000000000 [ 114.252416][ T9604] page dumped because: kasan: bad access detected [ 114.258817][ T9604] [ 114.261139][ T9604] Memory state around the buggy address: [ 114.266773][ T9604] ffff8880a6806480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 114.274854][ T9604] ffff8880a6806500: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 114.282912][ T9604] >ffff8880a6806580: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 114.290966][ T9604] ^ [ 114.297219][ T9604] ffff8880a6806600: fb fb fb fb fc fc fc fc 00 03 fc fc fc fc fc fc [ 114.305266][ T9604] ffff8880a6806680: 00 03 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 114.313319][ T9604] ================================================================== [ 114.321720][ T9604] Disabling lock debugging due to kernel taint [ 114.328556][ T9604] Kernel panic - not syncing: panic_on_warn set ... [ 114.335158][ T9604] CPU: 1 PID: 9604 Comm: syz-executor148 Tainted: G B 5.5.0-rc6-next-20200116-syzkaller #0 [ 114.346420][ T9604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.356466][ T9604] Call Trace: [ 114.359815][ T9604] dump_stack+0x197/0x210 [ 114.364421][ T9604] panic+0x2e3/0x75c [ 114.368313][ T9604] ? add_taint.cold+0x16/0x16 [ 114.373091][ T9604] ? bitmap_ipmac_list+0x635/0x1080 [ 114.378283][ T9604] ? preempt_schedule+0x4b/0x60 [ 114.383241][ T9604] ? ___preempt_schedule+0x16/0x18 [ 114.388366][ T9604] ? trace_hardirqs_on+0x5e/0x240 [ 114.393390][ T9604] ? bitmap_ipmac_list+0x635/0x1080 [ 114.398585][ T9604] end_report+0x47/0x4f [ 114.402723][ T9604] ? bitmap_ipmac_list+0x635/0x1080 [ 114.407918][ T9604] __kasan_report.cold+0xe/0x32 [ 114.412761][ T9604] ? bitmap_ipmac_list+0x635/0x1080 [ 114.418017][ T9604] kasan_report+0x12/0x20 [ 114.422349][ T9604] check_memory_region+0x134/0x1a0 [ 114.427466][ T9604] __kasan_check_read+0x11/0x20 [ 114.432318][ T9604] bitmap_ipmac_list+0x635/0x1080 [ 114.437348][ T9604] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 114.442451][ T9604] ? nla_put+0x110/0x150 [ 114.446698][ T9604] ip_set_dump_start+0x96c/0x1ca0 [ 114.451731][ T9604] ? ip_set_rename+0x720/0x720 [ 114.456494][ T9604] ? __kmalloc_reserve.isra.0+0x70/0xf0 [ 114.462030][ T9604] ? __lock_acquire+0x2660/0x4a00 [ 114.467054][ T9604] ? __kasan_check_write+0x14/0x20 [ 114.472288][ T9604] netlink_dump+0x558/0xfb0 [ 114.476802][ T9604] ? __netlink_sendskb+0xc0/0xc0 [ 114.481852][ T9604] __netlink_dump_start+0x673/0x930 [ 114.487045][ T9604] ip_set_dump+0x15a/0x1d0 [ 114.492601][ T9604] ? call_ad+0x5a0/0x5a0 [ 114.496920][ T9604] ? ip_set_rename+0x720/0x720 [ 114.501678][ T9604] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 114.507477][ T9604] ? call_ad+0x5a0/0x5a0 [ 114.511702][ T9604] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 114.516742][ T9604] ? nfnetlink_bind+0x2c0/0x2c0 [ 114.521593][ T9604] ? __kasan_check_read+0x11/0x20 [ 114.526790][ T9604] ? __lock_acquire+0x8a0/0x4a00 [ 114.531743][ T9604] ? save_stack+0x5c/0x90 [ 114.536069][ T9604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 114.542292][ T9604] ? apparmor_capable+0x4df/0x910 [ 114.547309][ T9604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 114.553992][ T9604] ? __kasan_check_read+0x11/0x20 [ 114.559412][ T9604] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 114.564885][ T9604] netlink_rcv_skb+0x177/0x450 [ 114.569666][ T9604] ? nfnetlink_bind+0x2c0/0x2c0 [ 114.574518][ T9604] ? netlink_ack+0xb50/0xb50 [ 114.579095][ T9604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 114.585322][ T9604] ? ns_capable_common+0x93/0x100 [ 114.590343][ T9604] ? ns_capable+0x20/0x30 [ 114.594676][ T9604] ? __netlink_ns_capable+0x104/0x140 [ 114.600041][ T9604] nfnetlink_rcv+0x1ba/0x460 [ 114.604632][ T9604] ? nfnetlink_rcv_batch+0x1780/0x1780 [ 114.610105][ T9604] ? netlink_deliver_tap+0x248/0xbf0 [ 114.615540][ T9604] ? __kasan_check_write+0x14/0x20 [ 114.620741][ T9604] netlink_unicast+0x59e/0x7e0 [ 114.625530][ T9604] ? netlink_attachskb+0x870/0x870 [ 114.630632][ T9604] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 114.636353][ T9604] ? __check_object_size+0x3d/0x437 [ 114.641660][ T9604] netlink_sendmsg+0x91c/0xea0 [ 114.646414][ T9604] ? netlink_unicast+0x7e0/0x7e0 [ 114.651362][ T9604] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 114.656904][ T9604] ? apparmor_socket_sendmsg+0x2a/0x30 [ 114.662358][ T9604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 114.668602][ T9604] ? security_socket_sendmsg+0x8d/0xc0 [ 114.674042][ T9604] ? netlink_unicast+0x7e0/0x7e0 [ 114.678986][ T9604] sock_sendmsg+0xd7/0x130 [ 114.683385][ T9604] ____sys_sendmsg+0x753/0x880 [ 114.688154][ T9604] ? kernel_sendmsg+0x50/0x50 [ 114.693017][ T9604] ? lockdep_init_map+0x1be/0x6d0 [ 114.698135][ T9604] ___sys_sendmsg+0x100/0x170 [ 114.702808][ T9604] ? sendmsg_copy_msghdr+0x70/0x70 [ 114.708015][ T9604] ? __kasan_check_read+0x11/0x20 [ 114.713053][ T9604] ? __lock_acquire+0x8a0/0x4a00 [ 114.717991][ T9604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 114.724244][ T9604] ? __this_cpu_preempt_check+0x35/0x190 [ 114.729878][ T9604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 114.736116][ T9604] ? percpu_counter_add_batch+0x13c/0x190 [ 114.741834][ T9604] ? __fd_install+0x1bc/0x640 [ 114.746620][ T9604] ? find_held_lock+0x35/0x130 [ 114.751492][ T9604] ? __fd_install+0x1bc/0x640 [ 114.756715][ T9604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 114.762937][ T9604] ? __fget_light+0x1ad/0x270 [ 114.767609][ T9604] ? __fdget+0x1b/0x20 [ 114.771677][ T9604] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 114.778255][ T9604] __sys_sendmsg+0x105/0x1d0 [ 114.782843][ T9604] ? __sys_sendmsg_sock+0xc0/0xc0 [ 114.787880][ T9604] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 114.793563][ T9604] ? do_syscall_64+0x26/0x790 [ 114.798349][ T9604] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 114.804398][ T9604] ? do_syscall_64+0x26/0x790 [ 114.809063][ T9604] __x64_sys_sendmsg+0x78/0xb0 [ 114.813826][ T9604] do_syscall_64+0xfa/0x790 [ 114.818452][ T9604] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 114.824325][ T9604] RIP: 0033:0x440529 [ 114.828213][ T9604] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 114.847805][ T9604] RSP: 002b:00007ffd0a7b0e78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 114.856292][ T9604] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 114.864347][ T9604] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004 [ 114.876834][ T9604] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 114.884839][ T9604] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0 [ 114.892912][ T9604] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 114.902335][ T9604] Kernel Offset: disabled [ 114.906665][ T9604] Rebooting in 86400 seconds..