Warning: Permanently added '[localhost]:29156' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 101.596259][ T7937] ================================================================== [ 101.601744][ T7937] BUG: KASAN: vmalloc-out-of-bounds in compat_copy_entries+0x128b/0x1380 [ 101.601744][ T7937] Read of size 4 at addr ffffc900004461f4 by task syz-executor267/7937 [ 101.642007][ T7937] [ 101.642007][ T7937] CPU: 1 PID: 7937 Comm: syz-executor267 Not tainted 5.5.0-rc1-syzkaller #0 [ 101.642007][ T7937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 101.642007][ T7937] Call Trace: [ 101.642007][ T7937] dump_stack+0x197/0x210 [ 101.642007][ T7937] ? compat_copy_entries+0x128b/0x1380 [ 101.642007][ T7937] print_address_description.constprop.0.cold+0x5/0x30b [ 101.642007][ T7937] ? compat_copy_entries+0x128b/0x1380 [ 101.642007][ T7937] ? compat_copy_entries+0x128b/0x1380 [ 101.642007][ T7937] __kasan_report.cold+0x1b/0x41 [ 101.642007][ T7937] ? __kasan_check_read+0x10/0x20 [ 101.642007][ T7937] ? compat_copy_entries+0x128b/0x1380 [ 101.642007][ T7937] kasan_report+0x12/0x20 [ 101.642007][ T7937] __asan_report_load4_noabort+0x14/0x20 [ 101.642007][ T7937] compat_copy_entries+0x128b/0x1380 [ 101.642007][ T7937] ? compat_copy_everything_to_user+0xf50/0xf50 [ 101.642007][ T7937] ? vmalloc+0x6b/0x90 [ 101.642007][ T7937] ? xt_compat_init_offsets+0xe5/0x230 [ 101.642007][ T7937] ? xt_compat_init_offsets+0x1ad/0x230 [ 101.642007][ T7937] compat_do_replace+0x344/0x720 [ 101.642007][ T7937] ? do_ebt_set_ctl+0x110/0x110 [ 101.642007][ T7937] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 101.642007][ T7937] ? nf_sockopt_find.constprop.0+0x226/0x290 [ 101.642007][ T7937] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.642007][ T7937] ? ns_capable_common+0x93/0x100 [ 101.642007][ T7937] compat_do_ebt_set_ctl+0x22f/0x27e [ 101.642007][ T7937] ? compat_do_replace+0x720/0x720 [ 101.642007][ T7937] ? wait_for_completion+0x440/0x440 [ 101.642007][ T7937] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 101.642007][ T7937] ? mutex_unlock+0x1b/0x30 [ 101.642007][ T7937] ? nf_sockopt_find.constprop.0+0x226/0x290 [ 101.642007][ T7937] compat_nf_setsockopt+0x98/0x140 [ 101.642007][ T7937] ? compat_do_replace+0x720/0x720 [ 101.642007][ T7937] compat_ip_setsockopt+0x106/0x140 [ 101.642007][ T7937] compat_udp_setsockopt+0x68/0xb0 [ 101.642007][ T7937] compat_sock_common_setsockopt+0xb2/0x140 [ 101.642007][ T7937] ? udp_lib_setsockopt+0x9a0/0x9a0 [ 101.642007][ T7937] __compat_sys_setsockopt+0x185/0x380 [ 101.642007][ T7937] ? sock_common_setsockopt+0xd0/0xd0 [ 101.642007][ T7937] ? __compat_sys_getsockopt+0x2c0/0x2c0 [ 101.642007][ T7937] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 101.642007][ T7937] ? do_fast_syscall_32+0xd1/0xe16 [ 101.642007][ T7937] ? entry_SYSENTER_compat+0x70/0x7f [ 101.642007][ T7937] ? do_fast_syscall_32+0xd1/0xe16 [ 101.642007][ T7937] __ia32_compat_sys_setsockopt+0xbd/0x150 [ 101.642007][ T7937] do_fast_syscall_32+0x27b/0xe16 [ 101.642007][ T7937] entry_SYSENTER_compat+0x70/0x7f [ 101.642007][ T7937] RIP: 0023:0xf7fc3a39 [ 101.642007][ T7937] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 101.642007][ T7937] RSP: 002b:00000000ffab2b4c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 101.642007][ T7937] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 101.642007][ T7937] RDX: 0000000000000080 RSI: 0000000020000240 RDI: 0000000000000212 [ 101.642007][ T7937] RBP: 0000000000000012 R08: 0000000000000000 R09: 0000000000000000 [ 101.642007][ T7937] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 101.642007][ T7937] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 101.642007][ T7937] [ 101.642007][ T7937] [ 101.642007][ T7937] Memory state around the buggy address: [ 101.642007][ T7937] ffffc90000446080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 101.642007][ T7937] ffffc90000446100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 101.642007][ T7937] >ffffc90000446180: 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9 [ 101.642007][ T7937] ^ [ 101.642007][ T7937] ffffc90000446200: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 101.642007][ T7937] ffffc90000446280: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 101.642007][ T7937] ================================================================== [ 101.642007][ T7937] Disabling lock debugging due to kernel taint [ 102.626487][ T7937] Kernel panic - not syncing: panic_on_warn set ... [ 102.636150][ T7937] CPU: 1 PID: 7937 Comm: syz-executor267 Tainted: G B 5.5.0-rc1-syzkaller #0 [ 102.636150][ T7937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 102.636150][ T7937] Call Trace: [ 102.636150][ T7937] dump_stack+0x197/0x210 [ 102.636150][ T7937] panic+0x2e3/0x75c [ 102.636150][ T7937] ? add_taint.cold+0x16/0x16 [ 102.636150][ T7937] ? compat_copy_entries+0x128b/0x1380 [ 102.636150][ T7937] ? preempt_schedule+0x4b/0x60 [ 102.636150][ T7937] ? ___preempt_schedule+0x16/0x18 [ 102.636150][ T7937] ? trace_hardirqs_on+0x5e/0x240 [ 102.636150][ T7937] ? compat_copy_entries+0x128b/0x1380 [ 102.636150][ T7937] end_report+0x47/0x4f [ 102.636150][ T7937] ? compat_copy_entries+0x128b/0x1380 [ 102.636150][ T7937] __kasan_report.cold+0xe/0x41 [ 102.636150][ T7937] ? __kasan_check_read+0x10/0x20 [ 102.636150][ T7937] ? compat_copy_entries+0x128b/0x1380 [ 102.636150][ T7937] kasan_report+0x12/0x20 [ 102.636150][ T7937] __asan_report_load4_noabort+0x14/0x20 [ 102.636150][ T7937] compat_copy_entries+0x128b/0x1380 [ 102.636150][ T7937] ? compat_copy_everything_to_user+0xf50/0xf50 [ 102.636150][ T7937] ? vmalloc+0x6b/0x90 [ 102.636150][ T7937] ? xt_compat_init_offsets+0xe5/0x230 [ 102.636150][ T7937] ? xt_compat_init_offsets+0x1ad/0x230 [ 102.636150][ T7937] compat_do_replace+0x344/0x720 [ 102.636150][ T7937] ? do_ebt_set_ctl+0x110/0x110 [ 102.636150][ T7937] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 102.636150][ T7937] ? nf_sockopt_find.constprop.0+0x226/0x290 [ 102.636150][ T7937] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.636150][ T7937] ? ns_capable_common+0x93/0x100 [ 102.636150][ T7937] compat_do_ebt_set_ctl+0x22f/0x27e [ 102.636150][ T7937] ? compat_do_replace+0x720/0x720 [ 102.636150][ T7937] ? wait_for_completion+0x440/0x440 [ 102.636150][ T7937] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 102.636150][ T7937] ? mutex_unlock+0x1b/0x30 [ 102.636150][ T7937] ? nf_sockopt_find.constprop.0+0x226/0x290 [ 102.636150][ T7937] compat_nf_setsockopt+0x98/0x140 [ 102.636150][ T7937] ? compat_do_replace+0x720/0x720 [ 102.636150][ T7937] compat_ip_setsockopt+0x106/0x140 [ 102.636150][ T7937] compat_udp_setsockopt+0x68/0xb0 [ 102.636150][ T7937] compat_sock_common_setsockopt+0xb2/0x140 [ 102.636150][ T7937] ? udp_lib_setsockopt+0x9a0/0x9a0 [ 102.636150][ T7937] __compat_sys_setsockopt+0x185/0x380 [ 102.636150][ T7937] ? sock_common_setsockopt+0xd0/0xd0 [ 102.636150][ T7937] ? __compat_sys_getsockopt+0x2c0/0x2c0 [ 102.636150][ T7937] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 102.636150][ T7937] ? do_fast_syscall_32+0xd1/0xe16 [ 102.636150][ T7937] ? entry_SYSENTER_compat+0x70/0x7f [ 102.636150][ T7937] ? do_fast_syscall_32+0xd1/0xe16 [ 102.636150][ T7937] __ia32_compat_sys_setsockopt+0xbd/0x150 [ 102.636150][ T7937] do_fast_syscall_32+0x27b/0xe16 [ 102.636150][ T7937] entry_SYSENTER_compat+0x70/0x7f [ 102.636150][ T7937] RIP: 0023:0xf7fc3a39 [ 102.636150][ T7937] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 102.636150][ T7937] RSP: 002b:00000000ffab2b4c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 102.636150][ T7937] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 102.636150][ T7937] RDX: 0000000000000080 RSI: 0000000020000240 RDI: 0000000000000212 [ 102.636150][ T7937] RBP: 0000000000000012 R08: 0000000000000000 R09: 0000000000000000 [ 102.636150][ T7937] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 102.636150][ T7937] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 102.636150][ T7937] Kernel Offset: disabled [ 102.636150][ T7937] Rebooting in 86400 seconds..