[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.865153][ T6840] x_tables: duplicate underflow at hook 1 [ 71.871415][ T6841] ================================================================== [ 71.879558][ T6841] BUG: KASAN: slab-out-of-bounds in xt_compat_target_from_user+0x232/0x470 [ 71.888116][ T6841] Write of size 4 at addr ffff88809c971ba1 by task syz-executor166/6841 [ 71.896410][ T6841] [ 71.898735][ T6841] CPU: 1 PID: 6841 Comm: syz-executor166 Not tainted 5.8.0-syzkaller #0 [ 71.907033][ T6841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.917067][ T6841] Call Trace: [ 71.920368][ T6841] dump_stack+0x18f/0x20d [ 71.924712][ T6841] ? xt_compat_target_from_user+0x232/0x470 [ 71.930611][ T6841] ? xt_compat_target_from_user+0x232/0x470 [ 71.936482][ T6841] print_address_description.constprop.0.cold+0xae/0x497 [ 71.943482][ T6841] ? fs_reclaim_release+0x90/0xd0 [ 71.948484][ T6841] ? vprintk_func+0x97/0x1a6 [ 71.953055][ T6841] ? xt_compat_target_from_user+0x232/0x470 [ 71.958923][ T6841] ? xt_compat_target_from_user+0x232/0x470 [ 71.964797][ T6841] kasan_report.cold+0x1f/0x37 [ 71.969548][ T6841] ? xt_compat_target_from_user+0x232/0x470 [ 71.975427][ T6841] check_memory_region+0x13d/0x180 [ 71.980514][ T6841] memset+0x20/0x40 [ 71.984298][ T6841] xt_compat_target_from_user+0x232/0x470 [ 71.989994][ T6841] ? xt_compat_match_from_user+0x470/0x470 [ 71.995794][ T6841] ? kasan_unpoison_shadow+0x40/0x40 [ 72.001057][ T6841] ? memset+0x20/0x40 [ 72.005018][ T6841] translate_compat_table+0x1011/0x1720 [ 72.010580][ T6841] ? ip6t_register_table+0x2f0/0x2f0 [ 72.015853][ T6841] ? lock_downgrade+0x830/0x830 [ 72.020696][ T6841] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 72.026240][ T6841] ? __lock_acquire+0x16cb/0x5640 [ 72.031248][ T6841] ? __might_fault+0x190/0x1d0 [ 72.035989][ T6841] compat_do_replace.constprop.0+0x1f0/0x470 [ 72.041943][ T6841] ? do_ip6t_get_ctl+0xa10/0xa10 [ 72.046857][ T6841] ? lock_acquire+0x1f1/0xad0 [ 72.051510][ T6841] ? nf_sockopt_find.constprop.0+0x2a/0x2a0 [ 72.057394][ T6841] ? bpf_lsm_capable+0x5/0x10 [ 72.062053][ T6841] ? security_capable+0x8f/0xc0 [ 72.066905][ T6841] do_ip6t_set_ctl+0x5b0/0xb73 [ 72.071645][ T6841] ? lock_downgrade+0x830/0x830 [ 72.076471][ T6841] ? nf_sockopt_find.constprop.0+0x2a/0x2a0 [ 72.082339][ T6841] ? compat_do_replace.constprop.0+0x470/0x470 [ 72.088471][ T6841] ? __mutex_unlock_slowpath+0xe2/0x610 [ 72.094001][ T6841] ? wait_for_completion+0x260/0x260 [ 72.099260][ T6841] ? lock_downgrade+0x830/0x830 [ 72.104101][ T6841] ? nf_sockopt_find.constprop.0+0x22d/0x2a0 [ 72.110077][ T6841] nf_setsockopt+0x83/0xe0 [ 72.114487][ T6841] ipv6_setsockopt+0x122/0x180 [ 72.119247][ T6841] udpv6_setsockopt+0x76/0xc0 [ 72.123899][ T6841] __sys_setsockopt+0x2db/0x610 [ 72.128724][ T6841] ? sock_common_recvmsg+0x1a0/0x1a0 [ 72.133983][ T6841] ? __ia32_sys_recv+0x100/0x100 [ 72.138898][ T6841] ? calculate_sigpending+0x42/0xa0 [ 72.144071][ T6841] ? find_held_lock+0x2d/0x110 [ 72.148828][ T6841] ? syscall_enter_from_user_mode+0x20/0x290 [ 72.154780][ T6841] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 72.160735][ T6841] __ia32_sys_setsockopt+0xb9/0x150 [ 72.165924][ T6841] ? syscall_enter_from_user_mode+0x20/0x290 [ 72.171891][ T6841] __do_fast_syscall_32+0x57/0x80 [ 72.176899][ T6841] do_fast_syscall_32+0x2f/0x70 [ 72.181724][ T6841] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 72.188023][ T6841] RIP: 0023:0xf7fd3549 [ 72.192089][ T6841] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 72.211678][ T6841] RSP: 002b:00000000f7fad18c EFLAGS: 00000292 ORIG_RAX: 000000000000016e [ 72.220072][ T6841] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000029 [ 72.228018][ T6841] RDX: 0000000000000040 RSI: 0000000020000a00 RDI: 0000000000000001 [ 72.235961][ T6841] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 72.243925][ T6841] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 72.251869][ T6841] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 72.259835][ T6841] [ 72.262138][ T6841] Allocated by task 6841: [ 72.266442][ T6841] kasan_save_stack+0x1b/0x40 [ 72.271092][ T6841] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 72.276711][ T6841] kvmalloc_node+0x61/0xf0 [ 72.281101][ T6841] xt_alloc_table_info+0x3c/0xa0 [ 72.286024][ T6841] translate_compat_table+0xc50/0x1720 [ 72.291471][ T6841] compat_do_replace.constprop.0+0x1f0/0x470 [ 72.297426][ T6841] do_ip6t_set_ctl+0x5b0/0xb73 [ 72.302164][ T6841] nf_setsockopt+0x83/0xe0 [ 72.306554][ T6841] ipv6_setsockopt+0x122/0x180 [ 72.311291][ T6841] udpv6_setsockopt+0x76/0xc0 [ 72.315951][ T6841] __sys_setsockopt+0x2db/0x610 [ 72.320772][ T6841] __ia32_sys_setsockopt+0xb9/0x150 [ 72.325941][ T6841] __do_fast_syscall_32+0x57/0x80 [ 72.330937][ T6841] do_fast_syscall_32+0x2f/0x70 [ 72.335759][ T6841] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 72.342052][ T6841] [ 72.344368][ T6841] The buggy address belongs to the object at ffff88809c971800 [ 72.344368][ T6841] which belongs to the cache kmalloc-1k of size 1024 [ 72.358393][ T6841] The buggy address is located 929 bytes inside of [ 72.358393][ T6841] 1024-byte region [ffff88809c971800, ffff88809c971c00) [ 72.371731][ T6841] The buggy address belongs to the page: [ 72.377338][ T6841] page:00000000d9974640 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88809c971000 pfn:0x9c971 [ 72.388759][ T6841] flags: 0xfffe0000000200(slab) [ 72.393584][ T6841] raw: 00fffe0000000200 ffffea000269a448 ffffea00027cc908 ffff8880aa040700 [ 72.402141][ T6841] raw: ffff88809c971000 ffff88809c971000 0000000100000001 0000000000000000 [ 72.410692][ T6841] page dumped because: kasan: bad access detected [ 72.417073][ T6841] [ 72.419374][ T6841] Memory state around the buggy address: [ 72.424977][ T6841] ffff88809c971a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.433011][ T6841] ffff88809c971b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.441045][ T6841] >ffff88809c971b80: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.449088][ T6841] ^ [ 72.454174][ T6841] ffff88809c971c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.462209][ T6841] ffff88809c971c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.470237][ T6841] ================================================================== [ 72.478264][ T6841] Disabling lock debugging due to kernel taint [ 72.485002][ T6841] Kernel panic - not syncing: panic_on_warn set ... [ 72.491598][ T6841] CPU: 1 PID: 6841 Comm: syz-executor166 Tainted: G B 5.8.0-syzkaller #0 [ 72.501295][ T6841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.511337][ T6841] Call Trace: [ 72.514622][ T6841] dump_stack+0x18f/0x20d [ 72.518946][ T6841] ? xt_compat_target_from_user+0x220/0x470 [ 72.524835][ T6841] panic+0x2e3/0x75c [ 72.528703][ T6841] ? __warn_printk+0xf3/0xf3 [ 72.533265][ T6841] ? preempt_schedule_common+0x59/0xc0 [ 72.538693][ T6841] ? xt_compat_target_from_user+0x232/0x470 [ 72.544557][ T6841] ? preempt_schedule_thunk+0x16/0x18 [ 72.549904][ T6841] ? trace_hardirqs_on+0x55/0x220 [ 72.554897][ T6841] ? xt_compat_target_from_user+0x232/0x470 [ 72.560759][ T6841] ? xt_compat_target_from_user+0x232/0x470 [ 72.566634][ T6841] end_report+0x4d/0x53 [ 72.570762][ T6841] kasan_report.cold+0xd/0x37 [ 72.575428][ T6841] ? xt_compat_target_from_user+0x232/0x470 [ 72.581304][ T6841] check_memory_region+0x13d/0x180 [ 72.586406][ T6841] memset+0x20/0x40 [ 72.590186][ T6841] xt_compat_target_from_user+0x232/0x470 [ 72.595874][ T6841] ? xt_compat_match_from_user+0x470/0x470 [ 72.601662][ T6841] ? kasan_unpoison_shadow+0x40/0x40 [ 72.606916][ T6841] ? memset+0x20/0x40 [ 72.610872][ T6841] translate_compat_table+0x1011/0x1720 [ 72.616391][ T6841] ? ip6t_register_table+0x2f0/0x2f0 [ 72.621676][ T6841] ? lock_downgrade+0x830/0x830 [ 72.626507][ T6841] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 72.632024][ T6841] ? __lock_acquire+0x16cb/0x5640 [ 72.637021][ T6841] ? __might_fault+0x190/0x1d0 [ 72.641768][ T6841] compat_do_replace.constprop.0+0x1f0/0x470 [ 72.647719][ T6841] ? do_ip6t_get_ctl+0xa10/0xa10 [ 72.652637][ T6841] ? lock_acquire+0x1f1/0xad0 [ 72.657287][ T6841] ? nf_sockopt_find.constprop.0+0x2a/0x2a0 [ 72.663153][ T6841] ? bpf_lsm_capable+0x5/0x10 [ 72.667799][ T6841] ? security_capable+0x8f/0xc0 [ 72.672621][ T6841] do_ip6t_set_ctl+0x5b0/0xb73 [ 72.677357][ T6841] ? lock_downgrade+0x830/0x830 [ 72.682178][ T6841] ? nf_sockopt_find.constprop.0+0x2a/0x2a0 [ 72.688039][ T6841] ? compat_do_replace.constprop.0+0x470/0x470 [ 72.694167][ T6841] ? __mutex_unlock_slowpath+0xe2/0x610 [ 72.699683][ T6841] ? wait_for_completion+0x260/0x260 [ 72.704951][ T6841] ? lock_downgrade+0x830/0x830 [ 72.709787][ T6841] ? nf_sockopt_find.constprop.0+0x22d/0x2a0 [ 72.715736][ T6841] nf_setsockopt+0x83/0xe0 [ 72.720141][ T6841] ipv6_setsockopt+0x122/0x180 [ 72.724881][ T6841] udpv6_setsockopt+0x76/0xc0 [ 72.729535][ T6841] __sys_setsockopt+0x2db/0x610 [ 72.734355][ T6841] ? sock_common_recvmsg+0x1a0/0x1a0 [ 72.739611][ T6841] ? __ia32_sys_recv+0x100/0x100 [ 72.744521][ T6841] ? calculate_sigpending+0x42/0xa0 [ 72.749692][ T6841] ? find_held_lock+0x2d/0x110 [ 72.754433][ T6841] ? syscall_enter_from_user_mode+0x20/0x290 [ 72.760385][ T6841] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 72.766350][ T6841] __ia32_sys_setsockopt+0xb9/0x150 [ 72.771531][ T6841] ? syscall_enter_from_user_mode+0x20/0x290 [ 72.777480][ T6841] __do_fast_syscall_32+0x57/0x80 [ 72.782488][ T6841] do_fast_syscall_32+0x2f/0x70 [ 72.787324][ T6841] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 72.793628][ T6841] RIP: 0023:0xf7fd3549 [ 72.797679][ T6841] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 72.817265][ T6841] RSP: 002b:00000000f7fad18c EFLAGS: 00000292 ORIG_RAX: 000000000000016e [ 72.825648][ T6841] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000029 [ 72.833591][ T6841] RDX: 0000000000000040 RSI: 0000000020000a00 RDI: 0000000000000001 [ 72.841546][ T6841] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 72.849505][ T6841] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 72.857565][ T6841] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 72.866605][ T6841] Kernel Offset: disabled [ 72.870916][ T6841] Rebooting in 86400 seconds..