Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. executing program [ 63.730688][ T8493] ================================================================== [ 63.739056][ T8493] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x40d/0xdd0 [ 63.746876][ T8493] Read of size 8 at addr ffff8880a4c90a40 by task syz-executor014/8493 [ 63.755210][ T8493] [ 63.757518][ T8493] CPU: 0 PID: 8493 Comm: syz-executor014 Not tainted 5.5.0-rc6-syzkaller #0 [ 63.766207][ T8493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.776238][ T8493] Call Trace: [ 63.779506][ T8493] dump_stack+0x1fb/0x318 [ 63.783820][ T8493] print_address_description+0x74/0x5c0 [ 63.789335][ T8493] ? vprintk_func+0x158/0x170 [ 63.793988][ T8493] ? printk+0x62/0x8d [ 63.797981][ T8493] ? vprintk_emit+0x2d4/0x3a0 [ 63.802676][ T8493] __kasan_report+0x149/0x1c0 [ 63.807347][ T8493] ? bitmap_ipmac_list+0x40d/0xdd0 [ 63.812447][ T8493] kasan_report+0x26/0x50 [ 63.816753][ T8493] ? debug_smp_processor_id+0x9/0x20 [ 63.822014][ T8493] check_memory_region+0x2b6/0x2f0 [ 63.827100][ T8493] __kasan_check_read+0x11/0x20 [ 63.832060][ T8493] bitmap_ipmac_list+0x40d/0xdd0 [ 63.837124][ T8493] ? ip_set_put_flags+0x15c/0x250 [ 63.842150][ T8493] ip_set_dump_start+0x10f9/0x1800 [ 63.847256][ T8493] netlink_dump+0x4ed/0x1170 [ 63.851828][ T8493] __netlink_dump_start+0x5cb/0x7b0 [ 63.857052][ T8493] ip_set_dump+0x107/0x160 [ 63.861439][ T8493] ? __find_set_type_get+0x540/0x540 [ 63.866735][ T8493] ? ip_set_dump_start+0x1800/0x1800 [ 63.871993][ T8493] ? ip_set_swap+0x730/0x730 [ 63.876558][ T8493] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 63.881525][ T8493] ? cap_capable+0x25b/0x290 [ 63.886090][ T8493] ? cap_capable+0x25b/0x290 [ 63.890659][ T8493] netlink_rcv_skb+0x19e/0x3e0 [ 63.895397][ T8493] ? nfnetlink_bind+0x250/0x250 [ 63.900223][ T8493] nfnetlink_rcv+0x1e0/0x1e50 [ 63.904890][ T8493] ? rcu_lock_release+0x9/0x30 [ 63.909633][ T8493] ? rcu_lock_release+0x21/0x30 [ 63.914456][ T8493] ? netlink_deliver_tap+0x142/0x880 [ 63.919718][ T8493] netlink_unicast+0x767/0x920 [ 63.924461][ T8493] netlink_sendmsg+0xa2c/0xd50 [ 63.929229][ T8493] ? netlink_getsockopt+0x9f0/0x9f0 [ 63.934416][ T8493] ____sys_sendmsg+0x4f7/0x7f0 [ 63.939170][ T8493] __sys_sendmsg+0x1ed/0x290 [ 63.943800][ T8493] ? check_preemption_disabled+0xb4/0x260 [ 63.949492][ T8493] ? debug_smp_processor_id+0x9/0x20 [ 63.954785][ T8493] ? debug_smp_processor_id+0x1c/0x20 [ 63.960131][ T8493] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 63.966172][ T8493] ? prepare_exit_to_usermode+0x221/0x5b0 [ 63.971874][ T8493] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 63.977566][ T8493] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 63.983011][ T8493] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 63.988706][ T8493] ? do_syscall_64+0x1d/0x1c0 [ 63.993371][ T8493] __x64_sys_sendmsg+0x7f/0x90 [ 63.998112][ T8493] do_syscall_64+0xf7/0x1c0 [ 64.002599][ T8493] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.008507][ T8493] RIP: 0033:0x4402c9 [ 64.012379][ T8493] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.031961][ T8493] RSP: 002b:00007ffe208ffb48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 64.040347][ T8493] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9 [ 64.048302][ T8493] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 64.056404][ T8493] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 64.064400][ T8493] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401b50 [ 64.072354][ T8493] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 64.080309][ T8493] [ 64.082616][ T8493] Allocated by task 8493: [ 64.086924][ T8493] __kasan_kmalloc+0x118/0x1c0 [ 64.091661][ T8493] kasan_kmalloc+0x9/0x10 [ 64.095971][ T8493] __kmalloc+0x254/0x340 [ 64.100192][ T8493] kzalloc+0x21/0x40 [ 64.104102][ T8493] ip_set_alloc+0x32/0x60 [ 64.108412][ T8493] bitmap_ipmac_create+0x3d9/0x840 [ 64.113536][ T8493] ip_set_create+0x421/0xfd0 [ 64.118144][ T8493] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 64.123096][ T8493] netlink_rcv_skb+0x19e/0x3e0 [ 64.127835][ T8493] nfnetlink_rcv+0x1e0/0x1e50 [ 64.132532][ T8493] netlink_unicast+0x767/0x920 [ 64.137365][ T8493] netlink_sendmsg+0xa2c/0xd50 [ 64.142130][ T8493] ____sys_sendmsg+0x4f7/0x7f0 [ 64.146886][ T8493] __sys_sendmsg+0x1ed/0x290 [ 64.151499][ T8493] __x64_sys_sendmsg+0x7f/0x90 [ 64.156243][ T8493] do_syscall_64+0xf7/0x1c0 [ 64.160719][ T8493] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.166586][ T8493] [ 64.168893][ T8493] Freed by task 8213: [ 64.172855][ T8493] __kasan_slab_free+0x12e/0x1e0 [ 64.177770][ T8493] kasan_slab_free+0xe/0x10 [ 64.182248][ T8493] kfree+0x10d/0x220 [ 64.186159][ T8493] tomoyo_check_open_permission+0x79c/0x9d0 [ 64.192032][ T8493] tomoyo_file_open+0x141/0x190 [ 64.197290][ T8493] security_file_open+0x50/0x2e0 [ 64.202214][ T8493] do_dentry_open+0x351/0x10c0 [ 64.207032][ T8493] vfs_open+0x73/0x80 [ 64.211043][ T8493] path_openat+0x1367/0x4250 [ 64.215613][ T8493] do_filp_open+0x192/0x3d0 [ 64.220110][ T8493] do_sys_open+0x29f/0x560 [ 64.224537][ T8493] __x64_sys_open+0x87/0x90 [ 64.229015][ T8493] do_syscall_64+0xf7/0x1c0 [ 64.233498][ T8493] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.239360][ T8493] [ 64.241668][ T8493] The buggy address belongs to the object at ffff8880a4c90a40 [ 64.241668][ T8493] which belongs to the cache kmalloc-32 of size 32 [ 64.255520][ T8493] The buggy address is located 0 bytes inside of [ 64.255520][ T8493] 32-byte region [ffff8880a4c90a40, ffff8880a4c90a60) [ 64.268506][ T8493] The buggy address belongs to the page: [ 64.274156][ T8493] page:ffffea0002932400 refcount:1 mapcount:0 mapping:ffff8880aa8001c0 index:0xffff8880a4c90fc1 [ 64.284544][ T8493] raw: 00fffe0000000200 ffffea0002768508 ffffea00028f8788 ffff8880aa8001c0 [ 64.293108][ T8493] raw: ffff8880a4c90fc1 ffff8880a4c90000 000000010000003f 0000000000000000 [ 64.301712][ T8493] page dumped because: kasan: bad access detected [ 64.308094][ T8493] [ 64.310397][ T8493] Memory state around the buggy address: [ 64.316001][ T8493] ffff8880a4c90900: fb fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc [ 64.324042][ T8493] ffff8880a4c90980: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 64.332084][ T8493] >ffff8880a4c90a00: 00 00 fc fc fc fc fc fc 04 fc fc fc fc fc fc fc [ 64.340393][ T8493] ^ [ 64.346593][ T8493] ffff8880a4c90a80: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc [ 64.354632][ T8493] ffff8880a4c90b00: 00 05 fc fc fc fc fc fc 00 00 fc fc fc fc fc fc [ 64.362664][ T8493] ================================================================== [ 64.370700][ T8493] Disabling lock debugging due to kernel taint [ 64.377095][ T8493] Kernel panic - not syncing: panic_on_warn set ... [ 64.383677][ T8493] CPU: 0 PID: 8493 Comm: syz-executor014 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 64.393707][ T8493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.403738][ T8493] Call Trace: [ 64.407007][ T8493] dump_stack+0x1fb/0x318 [ 64.411312][ T8493] panic+0x264/0x7a9 [ 64.415206][ T8493] ? __kasan_report+0x193/0x1c0 [ 64.420057][ T8493] ? trace_hardirqs_on+0x34/0x80 [ 64.424971][ T8493] ? __kasan_report+0x193/0x1c0 [ 64.429803][ T8493] __kasan_report+0x1b9/0x1c0 [ 64.434459][ T8493] ? bitmap_ipmac_list+0x40d/0xdd0 [ 64.439545][ T8493] kasan_report+0x26/0x50 [ 64.443850][ T8493] ? debug_smp_processor_id+0x9/0x20 [ 64.449112][ T8493] check_memory_region+0x2b6/0x2f0 [ 64.454256][ T8493] __kasan_check_read+0x11/0x20 [ 64.459082][ T8493] bitmap_ipmac_list+0x40d/0xdd0 [ 64.463995][ T8493] ? ip_set_put_flags+0x15c/0x250 [ 64.468997][ T8493] ip_set_dump_start+0x10f9/0x1800 [ 64.474089][ T8493] netlink_dump+0x4ed/0x1170 [ 64.478658][ T8493] __netlink_dump_start+0x5cb/0x7b0 [ 64.483836][ T8493] ip_set_dump+0x107/0x160 [ 64.488280][ T8493] ? __find_set_type_get+0x540/0x540 [ 64.493576][ T8493] ? ip_set_dump_start+0x1800/0x1800 [ 64.499108][ T8493] ? ip_set_swap+0x730/0x730 [ 64.503676][ T8493] nfnetlink_rcv_msg+0x9ae/0xcd0 [ 64.508598][ T8493] ? cap_capable+0x25b/0x290 [ 64.513163][ T8493] ? cap_capable+0x25b/0x290 [ 64.517730][ T8493] netlink_rcv_skb+0x19e/0x3e0 [ 64.522471][ T8493] ? nfnetlink_bind+0x250/0x250 [ 64.527411][ T8493] nfnetlink_rcv+0x1e0/0x1e50 [ 64.532077][ T8493] ? rcu_lock_release+0x9/0x30 [ 64.537440][ T8493] ? rcu_lock_release+0x21/0x30 [ 64.542326][ T8493] ? netlink_deliver_tap+0x142/0x880 [ 64.547593][ T8493] netlink_unicast+0x767/0x920 [ 64.552335][ T8493] netlink_sendmsg+0xa2c/0xd50 [ 64.557079][ T8493] ? netlink_getsockopt+0x9f0/0x9f0 [ 64.562292][ T8493] ____sys_sendmsg+0x4f7/0x7f0 [ 64.567034][ T8493] __sys_sendmsg+0x1ed/0x290 [ 64.571604][ T8493] ? check_preemption_disabled+0xb4/0x260 [ 64.577298][ T8493] ? debug_smp_processor_id+0x9/0x20 [ 64.582561][ T8493] ? debug_smp_processor_id+0x1c/0x20 [ 64.587912][ T8493] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 64.593983][ T8493] ? prepare_exit_to_usermode+0x221/0x5b0 [ 64.599677][ T8493] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 64.605415][ T8493] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 64.610866][ T8493] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 64.616777][ T8493] ? do_syscall_64+0x1d/0x1c0 [ 64.621430][ T8493] __x64_sys_sendmsg+0x7f/0x90 [ 64.626169][ T8493] do_syscall_64+0xf7/0x1c0 [ 64.630651][ T8493] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.636517][ T8493] RIP: 0033:0x4402c9 [ 64.640388][ T8493] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.660842][ T8493] RSP: 002b:00007ffe208ffb48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 64.669243][ T8493] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9 [ 64.677193][ T8493] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 64.685239][ T8493] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 64.693193][ T8493] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401b50 [ 64.701145][ T8493] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 64.710438][ T8493] Kernel Offset: disabled [ 64.714799][ T8493] Rebooting in 86400 seconds..