[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.17' (ECDSA) to the list of known hosts. syzkaller login: [ 33.516422] IPVS: ftp: loaded support on port[0] = 21 executing program [ 33.606730] netlink: 4 bytes leftover after parsing attributes in process `syz-executor323'. [ 33.616038] ================================================================== [ 33.623400] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x2cb4/0x3ff0 [ 33.630398] Read of size 8 at addr ffff88823597dec0 by task syz-executor323/8102 [ 33.637991] [ 33.639637] CPU: 0 PID: 8102 Comm: syz-executor323 Not tainted 4.19.211-syzkaller #0 [ 33.647520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 33.656851] Call Trace: [ 33.659421] dump_stack+0x1fc/0x2ef [ 33.663030] print_address_description.cold+0x54/0x219 [ 33.668287] kasan_report_error.cold+0x8a/0x1b9 [ 33.672936] ? __lock_acquire+0x2cb4/0x3ff0 [ 33.677239] __asan_report_load8_noabort+0x88/0x90 [ 33.682149] ? unwind_get_return_address+0x70/0x90 [ 33.687057] ? __lock_acquire+0x2cb4/0x3ff0 [ 33.691360] __lock_acquire+0x2cb4/0x3ff0 [ 33.695489] ? mark_held_locks+0xf0/0xf0 [ 33.699565] ? check_usage+0x19a/0x670 [ 33.703448] ? check_usage_backwards+0x300/0x300 [ 33.708205] ? __kernel_text_address+0x9/0x30 [ 33.712863] ? check_usage_forwards+0x310/0x310 [ 33.717652] ? __save_stack_trace+0xaf/0x190 [ 33.722052] lock_acquire+0x170/0x3c0 [ 33.725923] ? xt_find_match+0xa3/0x280 [ 33.729883] ? xt_find_match+0xa3/0x280 [ 33.733842] __mutex_lock+0xd7/0x1190 [ 33.737642] ? xt_find_match+0xa3/0x280 [ 33.741603] ? check_usage_forwards+0x310/0x310 [ 33.746255] ? xt_find_match+0xa3/0x280 [ 33.750211] ? mutex_trylock+0x1a0/0x1a0 [ 33.754254] ? mark_held_locks+0xf0/0xf0 [ 33.758444] ? mark_held_locks+0xf0/0xf0 [ 33.762489] ? fs_reclaim_release+0xd0/0x110 [ 33.766895] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 33.772071] xt_find_match+0xa3/0x280 [ 33.775860] xt_request_find_match+0x88/0x110 [ 33.780432] em_ipt_change+0x1c7/0x470 [ 33.784307] ? check_match+0x1e0/0x1e0 [ 33.788181] ? lock_acquire+0x170/0x3c0 [ 33.792137] ? tcf_em_lookup+0x1c/0x150 [ 33.796096] ? do_raw_read_unlock+0x3b/0x70 [ 33.800406] ? _raw_read_unlock+0x29/0x40 [ 33.804545] ? check_match+0x1e0/0x1e0 [ 33.808416] tcf_em_tree_validate+0x8fa/0xea0 [ 33.812892] ? tcf_em_tree_destroy+0x50/0x50 [ 33.817281] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 33.822279] basic_change+0x1173/0x1260 [ 33.826234] ? basic_delete+0x630/0x630 [ 33.830200] ? check_preemption_disabled+0x41/0x280 [ 33.835195] ? basic_delete+0x630/0x630 [ 33.839148] tc_new_tfilter+0xb52/0x16c0 [ 33.843189] ? tcf_chain_tp_remove+0x2c0/0x2c0 [ 33.847749] ? __mutex_lock+0x368/0x1190 [ 33.851788] ? apparmor_capable+0x147/0x750 [ 33.856091] ? apparmor_capable+0x147/0x750 [ 33.860399] ? rtnetlink_rcv_msg+0x3fe/0xb80 [ 33.864785] ? mutex_trylock+0x1a0/0x1a0 [ 33.868857] ? tcf_chain_tp_remove+0x2c0/0x2c0 [ 33.873421] rtnetlink_rcv_msg+0x453/0xb80 [ 33.877638] ? rtnl_calcit.isra.0+0x430/0x430 [ 33.882133] ? __netlink_lookup+0x3fc/0x730 [ 33.886455] ? lock_downgrade+0x720/0x720 [ 33.890591] ? check_preemption_disabled+0x41/0x280 [ 33.895599] netlink_rcv_skb+0x160/0x440 [ 33.899649] ? rtnl_calcit.isra.0+0x430/0x430 [ 33.904128] ? netlink_ack+0xae0/0xae0 [ 33.908001] netlink_unicast+0x4d5/0x690 [ 33.912044] ? netlink_sendskb+0x110/0x110 [ 33.916270] ? _copy_from_iter_full+0x229/0x7c0 [ 33.920917] ? __phys_addr_symbol+0x2c/0x70 [ 33.925219] ? __check_object_size+0x17b/0x3e0 [ 33.929873] netlink_sendmsg+0x6c3/0xc50 [ 33.934004] ? aa_af_perm+0x230/0x230 [ 33.937795] ? nlmsg_notify+0x1f0/0x1f0 [ 33.941757] ? kernel_recvmsg+0x220/0x220 [ 33.945889] ? nlmsg_notify+0x1f0/0x1f0 [ 33.949845] sock_sendmsg+0xc3/0x120 [ 33.953549] ___sys_sendmsg+0x7bb/0x8e0 [ 33.957530] ? mark_held_locks+0xf0/0xf0 [ 33.961622] ? copy_msghdr_from_user+0x440/0x440 [ 33.966360] ? lock_downgrade+0x720/0x720 [ 33.970504] ? __wake_up_common_lock+0xb0/0x170 [ 33.975156] ? __might_fault+0x11f/0x1d0 [ 33.979291] ? lock_downgrade+0x720/0x720 [ 33.983422] ? lock_acquire+0x170/0x3c0 [ 33.987380] ? __might_fault+0xef/0x1d0 [ 33.991419] ? __might_fault+0x192/0x1d0 [ 33.995465] ? _copy_to_user+0xb8/0x100 [ 33.999493] ? move_addr_to_user+0x190/0x1d0 [ 34.003901] ? __fdget+0x1a0/0x230 [ 34.007434] __x64_sys_sendmsg+0x132/0x220 [ 34.012031] ? __sys_sendmsg+0x1b0/0x1b0 [ 34.016079] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.021593] ? trace_hardirqs_off_caller+0x6e/0x210 [ 34.026692] ? do_syscall_64+0x21/0x620 [ 34.030681] do_syscall_64+0xf9/0x620 [ 34.034477] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.039646] RIP: 0033:0x7f42408e5789 [ 34.043355] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 34.062242] RSP: 002b:00007ffdbe6d2cd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 34.069934] RAX: ffffffffffffffda RBX: 00007f4240952ed0 RCX: 00007f42408e5789 [ 34.077186] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 34.084438] RBP: 00007ffdbe6d2ce8 R08: 00007f4240952e40 R09: 00007f4240952e40 [ 34.091691] R10: 00007f4240952e40 R11: 0000000000000246 R12: 00007ffdbe6d2cf0 [ 34.099035] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 34.106284] [ 34.107891] Allocated by task 1: [ 34.111331] kmem_cache_alloc_trace+0x12f/0x380 [ 34.116007] xt_init+0x128/0x2a9 [ 34.119356] do_one_initcall+0xf1/0x740 [ 34.123315] kernel_init_freeable+0x9c5/0xab7 [ 34.127811] kernel_init+0xd/0x1ba [ 34.131332] ret_from_fork+0x24/0x30 [ 34.135019] [ 34.136623] Freed by task 0: [ 34.139615] (stack is not available) [ 34.143300] [ 34.144911] The buggy address belongs to the object at ffff88823597cdc0 [ 34.144911] which belongs to the cache kmalloc-4096 of size 4096 [ 34.157806] The buggy address is located 256 bytes to the right of [ 34.157806] 4096-byte region [ffff88823597cdc0, ffff88823597ddc0) [ 34.170267] The buggy address belongs to the page: [ 34.175267] page:ffffea0008d65f00 count:1 mapcount:0 mapping:ffff88813bff0dc0 index:0x0 compound_mapcount: 0 [ 34.185299] flags: 0x57ff00000008100(slab|head) [ 34.189948] raw: 057ff00000008100 ffffea0008d65e88 ffffea0008d67008 ffff88813bff0dc0 [ 34.197816] raw: 0000000000000000 ffff88823597cdc0 0000000100000001 0000000000000000 [ 34.205846] page dumped because: kasan: bad access detected [ 34.211530] [ 34.213134] Memory state around the buggy address: [ 34.218043] ffff88823597dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.226679] ffff88823597de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.234030] >ffff88823597de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.241367] ^ [ 34.246799] ffff88823597df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.254138] ffff88823597df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.261472] ================================================================== [ 34.268804] Disabling lock debugging due to kernel taint [ 34.274226] Kernel panic - not syncing: panic_on_warn set ... [ 34.274226] [ 34.281571] CPU: 0 PID: 8102 Comm: syz-executor323 Tainted: G B 4.19.211-syzkaller #0 [ 34.290900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 34.300228] Call Trace: [ 34.302795] dump_stack+0x1fc/0x2ef [ 34.306742] panic+0x26a/0x50e [ 34.310012] ? __warn_printk+0xf3/0xf3 [ 34.313965] ? lock_downgrade+0x720/0x720 [ 34.318090] ? print_shadow_for_address+0xb8/0x114 [ 34.323005] ? trace_hardirqs_off+0x64/0x200 [ 34.327404] kasan_end_report+0x43/0x49 [ 34.331368] kasan_report_error.cold+0xa7/0x1b9 [ 34.336021] ? __lock_acquire+0x2cb4/0x3ff0 [ 34.340320] __asan_report_load8_noabort+0x88/0x90 [ 34.345317] ? unwind_get_return_address+0x70/0x90 [ 34.350223] ? __lock_acquire+0x2cb4/0x3ff0 [ 34.354605] __lock_acquire+0x2cb4/0x3ff0 [ 34.358730] ? mark_held_locks+0xf0/0xf0 [ 34.362766] ? check_usage+0x19a/0x670 [ 34.366636] ? check_usage_backwards+0x300/0x300 [ 34.371458] ? __kernel_text_address+0x9/0x30 [ 34.375930] ? check_usage_forwards+0x310/0x310 [ 34.380573] ? __save_stack_trace+0xaf/0x190 [ 34.384965] lock_acquire+0x170/0x3c0 [ 34.388742] ? xt_find_match+0xa3/0x280 [ 34.392691] ? xt_find_match+0xa3/0x280 [ 34.396644] __mutex_lock+0xd7/0x1190 [ 34.400509] ? xt_find_match+0xa3/0x280 [ 34.404460] ? check_usage_forwards+0x310/0x310 [ 34.409109] ? xt_find_match+0xa3/0x280 [ 34.413058] ? mutex_trylock+0x1a0/0x1a0 [ 34.417100] ? mark_held_locks+0xf0/0xf0 [ 34.421136] ? mark_held_locks+0xf0/0xf0 [ 34.425173] ? fs_reclaim_release+0xd0/0x110 [ 34.429571] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 34.434738] xt_find_match+0xa3/0x280 [ 34.438539] xt_request_find_match+0x88/0x110 [ 34.443016] em_ipt_change+0x1c7/0x470 [ 34.446987] ? check_match+0x1e0/0x1e0 [ 34.450852] ? lock_acquire+0x170/0x3c0 [ 34.454813] ? tcf_em_lookup+0x1c/0x150 [ 34.458763] ? do_raw_read_unlock+0x3b/0x70 [ 34.463060] ? _raw_read_unlock+0x29/0x40 [ 34.467183] ? check_match+0x1e0/0x1e0 [ 34.471047] tcf_em_tree_validate+0x8fa/0xea0 [ 34.475608] ? tcf_em_tree_destroy+0x50/0x50 [ 34.479992] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 34.485073] basic_change+0x1173/0x1260 [ 34.489023] ? basic_delete+0x630/0x630 [ 34.492976] ? check_preemption_disabled+0x41/0x280 [ 34.497968] ? basic_delete+0x630/0x630 [ 34.502006] tc_new_tfilter+0xb52/0x16c0 [ 34.506044] ? tcf_chain_tp_remove+0x2c0/0x2c0 [ 34.511241] ? __mutex_lock+0x368/0x1190 [ 34.515367] ? apparmor_capable+0x147/0x750 [ 34.519669] ? apparmor_capable+0x147/0x750 [ 34.523972] ? rtnetlink_rcv_msg+0x3fe/0xb80 [ 34.528360] ? mutex_trylock+0x1a0/0x1a0 [ 34.532406] ? tcf_chain_tp_remove+0x2c0/0x2c0 [ 34.536966] rtnetlink_rcv_msg+0x453/0xb80 [ 34.541183] ? rtnl_calcit.isra.0+0x430/0x430 [ 34.545658] ? __netlink_lookup+0x3fc/0x730 [ 34.549974] ? lock_downgrade+0x720/0x720 [ 34.554191] ? check_preemption_disabled+0x41/0x280 [ 34.559198] netlink_rcv_skb+0x160/0x440 [ 34.563411] ? rtnl_calcit.isra.0+0x430/0x430 [ 34.567882] ? netlink_ack+0xae0/0xae0 [ 34.571748] netlink_unicast+0x4d5/0x690 [ 34.575878] ? netlink_sendskb+0x110/0x110 [ 34.580089] ? _copy_from_iter_full+0x229/0x7c0 [ 34.584787] ? __phys_addr_symbol+0x2c/0x70 [ 34.589095] ? __check_object_size+0x17b/0x3e0 [ 34.593664] netlink_sendmsg+0x6c3/0xc50 [ 34.597790] ? aa_af_perm+0x230/0x230 [ 34.601570] ? nlmsg_notify+0x1f0/0x1f0 [ 34.605519] ? kernel_recvmsg+0x220/0x220 [ 34.609644] ? nlmsg_notify+0x1f0/0x1f0 [ 34.613592] sock_sendmsg+0xc3/0x120 [ 34.617284] ___sys_sendmsg+0x7bb/0x8e0 [ 34.621243] ? mark_held_locks+0xf0/0xf0 [ 34.625282] ? copy_msghdr_from_user+0x440/0x440 [ 34.630092] ? lock_downgrade+0x720/0x720 [ 34.634218] ? __wake_up_common_lock+0xb0/0x170 [ 34.638874] ? __might_fault+0x11f/0x1d0 [ 34.642913] ? lock_downgrade+0x720/0x720 [ 34.647035] ? lock_acquire+0x170/0x3c0 [ 34.651007] ? __might_fault+0xef/0x1d0 [ 34.654961] ? __might_fault+0x192/0x1d0 [ 34.659019] ? _copy_to_user+0xb8/0x100 [ 34.662979] ? move_addr_to_user+0x190/0x1d0 [ 34.667368] ? __fdget+0x1a0/0x230 [ 34.670972] __x64_sys_sendmsg+0x132/0x220 [ 34.675191] ? __sys_sendmsg+0x1b0/0x1b0 [ 34.679247] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.684588] ? trace_hardirqs_off_caller+0x6e/0x210 [ 34.689580] ? do_syscall_64+0x21/0x620 [ 34.693539] do_syscall_64+0xf9/0x620 [ 34.697318] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.702482] RIP: 0033:0x7f42408e5789 [ 34.706175] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 34.725054] RSP: 002b:00007ffdbe6d2cd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 34.732736] RAX: ffffffffffffffda RBX: 00007f4240952ed0 RCX: 00007f42408e5789 [ 34.739992] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 34.747237] RBP: 00007ffdbe6d2ce8 R08: 00007f4240952e40 R09: 00007f4240952e40 [ 34.754481] R10: 00007f4240952e40 R11: 0000000000000246 R12: 00007ffdbe6d2cf0 [ 34.761725] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 34.769049] Kernel Offset: disabled [ 34.772659] Rebooting in 86400 seconds..