[v6.1] KASAN: slab-out-of-bounds Read in data_sock_setsockopt
0 views
Skip to first unread message
syzbot
Feb 27, 2026, 9:00:37 AM (yesterday) Feb 27
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 779f9571ac3e Linux 6.1.164
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1183bde6580000
kernel config: https://syzkaller.appspot.com/x/.config?x=b1adc0bfde2d8a4a
dashboard link: https://syzkaller.appspot.com/bug?extid=6091fa5ce6f8c7b38428
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/85e761437fc4/disk-779f9571.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0f3aa7ae77ae/vmlinux-779f9571.xz
kernel image: https://storage.googleapis.com/syzbot-assets/baba59a67bd9/Image-779f9571.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6091fa...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:59 [inline]
BUG: KASAN: slab-out-of-bounds in data_sock_setsockopt+0x3a8/0x3d0 drivers/isdn/mISDN/socket.c:417
Read of size 4 at addr ffff0001059b3803 by task syz.2.723/7507
CPU: 1 PID: 7507 Comm: syz.2.723 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
dump_backtrace+0x1c0/0x1ec arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack+0x30/0x40 lib/dump_stack.c:88
dump_stack_lvl+0xf4/0x15c lib/dump_stack.c:106
print_address_description+0x88/0x218 mm/kasan/report.c:316
print_report+0x50/0x68 mm/kasan/report.c:420
kasan_report+0xa8/0xfc mm/kasan/report.c:524
__asan_report_load_n_noabort+0x28/0x34 mm/kasan/report_generic.c:361
copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
copy_from_sockptr include/linux/sockptr.h:59 [inline]
data_sock_setsockopt+0x3a8/0x3d0 drivers/isdn/mISDN/socket.c:417
__sys_setsockopt+0x2fc/0x50c net/socket.c:2287
__do_sys_setsockopt net/socket.c:2298 [inline]
__se_sys_setsockopt net/socket.c:2295 [inline]
__arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2295
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Allocated by task 7507:
kasan_save_stack mm/kasan/common.c:46 [inline]
kasan_set_track+0x4c/0x80 mm/kasan/common.c:53
kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505
____kasan_kmalloc mm/kasan/common.c:375 [inline]
__kasan_kmalloc+0xa0/0xb8 mm/kasan/common.c:384
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slab_common.c:936 [inline]
__kmalloc+0xec/0x178 mm/slab_common.c:949
kmalloc include/linux/slab.h:568 [inline]
__cgroup_bpf_run_filter_setsockopt+0xa18/0xbe0 kernel/bpf/cgroup.c:1873
__sys_setsockopt+0x4c0/0x50c net/socket.c:2270
__do_sys_setsockopt net/socket.c:2298 [inline]
__se_sys_setsockopt net/socket.c:2295 [inline]
__arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2295
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
The buggy address belongs to the object at ffff0001059b3800
which belongs to the cache kmalloc-128 of size 128
The buggy address is located 3 bytes inside of
128-byte region [ffff0001059b3800, ffff0001059b3880)
The buggy address belongs to the physical page:
page:00000000e54bd4cf refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1459b3
flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000000200 fffffc0004166340 dead000000000003 ffff0000c0002300
raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff0001059b3700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
ffff0001059b3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff0001059b3800: 03 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff0001059b3880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff0001059b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 779f9571ac3e Linux 6.1.164
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1183bde6580000
kernel config: https://syzkaller.appspot.com/x/.config?x=b1adc0bfde2d8a4a
dashboard link: https://syzkaller.appspot.com/bug?extid=6091fa5ce6f8c7b38428
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/85e761437fc4/disk-779f9571.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0f3aa7ae77ae/vmlinux-779f9571.xz
kernel image: https://storage.googleapis.com/syzbot-assets/baba59a67bd9/Image-779f9571.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6091fa...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:59 [inline]
BUG: KASAN: slab-out-of-bounds in data_sock_setsockopt+0x3a8/0x3d0 drivers/isdn/mISDN/socket.c:417
Read of size 4 at addr ffff0001059b3803 by task syz.2.723/7507
CPU: 1 PID: 7507 Comm: syz.2.723 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
dump_backtrace+0x1c0/0x1ec arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack+0x30/0x40 lib/dump_stack.c:88
dump_stack_lvl+0xf4/0x15c lib/dump_stack.c:106
print_address_description+0x88/0x218 mm/kasan/report.c:316
print_report+0x50/0x68 mm/kasan/report.c:420
kasan_report+0xa8/0xfc mm/kasan/report.c:524
__asan_report_load_n_noabort+0x28/0x34 mm/kasan/report_generic.c:361
copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
copy_from_sockptr include/linux/sockptr.h:59 [inline]
data_sock_setsockopt+0x3a8/0x3d0 drivers/isdn/mISDN/socket.c:417
__sys_setsockopt+0x2fc/0x50c net/socket.c:2287
__do_sys_setsockopt net/socket.c:2298 [inline]
__se_sys_setsockopt net/socket.c:2295 [inline]
__arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2295
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Allocated by task 7507:
kasan_save_stack mm/kasan/common.c:46 [inline]
kasan_set_track+0x4c/0x80 mm/kasan/common.c:53
kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505
____kasan_kmalloc mm/kasan/common.c:375 [inline]
__kasan_kmalloc+0xa0/0xb8 mm/kasan/common.c:384
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slab_common.c:936 [inline]
__kmalloc+0xec/0x178 mm/slab_common.c:949
kmalloc include/linux/slab.h:568 [inline]
__cgroup_bpf_run_filter_setsockopt+0xa18/0xbe0 kernel/bpf/cgroup.c:1873
__sys_setsockopt+0x4c0/0x50c net/socket.c:2270
__do_sys_setsockopt net/socket.c:2298 [inline]
__se_sys_setsockopt net/socket.c:2295 [inline]
__arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2295
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
The buggy address belongs to the object at ffff0001059b3800
which belongs to the cache kmalloc-128 of size 128
The buggy address is located 3 bytes inside of
128-byte region [ffff0001059b3800, ffff0001059b3880)
The buggy address belongs to the physical page:
page:00000000e54bd4cf refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1459b3
flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000000200 fffffc0004166340 dead000000000003 ffff0000c0002300
raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff0001059b3700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
ffff0001059b3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff0001059b3800: 03 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff0001059b3880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff0001059b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Feb 27, 2026, 8:40:27 PM (12 hours ago) Feb 27
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 779f9571ac3e Linux 6.1.164
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=136750ba580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=125f555a580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/85e761437fc4/disk-779f9571.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0f3aa7ae77ae/vmlinux-779f9571.xz
kernel image: https://storage.googleapis.com/syzbot-assets/baba59a67bd9/Image-779f9571.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6091fa...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:59 [inline]
BUG: KASAN: slab-out-of-bounds in data_sock_setsockopt+0x3a8/0x3d0 drivers/isdn/mISDN/socket.c:417
Read of size 4 at addr ffff0000ef19f603 by task syz.0.17/4503
CPU: 0 PID: 4503 Comm: syz.0.17 Not tainted syzkaller #0
The buggy address belongs to the physical page:
page:000000009e91189f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12f19f
ffff0000ef19f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff0000ef19f600: 03 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff0000ef19f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff0000ef19f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 779f9571ac3e Linux 6.1.164
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=b1adc0bfde2d8a4a
dashboard link: https://syzkaller.appspot.com/bug?extid=6091fa5ce6f8c7b38428
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=131d0952580000
dashboard link: https://syzkaller.appspot.com/bug?extid=6091fa5ce6f8c7b38428
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=125f555a580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/85e761437fc4/disk-779f9571.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0f3aa7ae77ae/vmlinux-779f9571.xz
kernel image: https://storage.googleapis.com/syzbot-assets/baba59a67bd9/Image-779f9571.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6091fa...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:59 [inline]
BUG: KASAN: slab-out-of-bounds in data_sock_setsockopt+0x3a8/0x3d0 drivers/isdn/mISDN/socket.c:417
CPU: 0 PID: 4503 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
dump_backtrace+0x1c0/0x1ec arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack+0x30/0x40 lib/dump_stack.c:88
dump_stack_lvl+0xf4/0x15c lib/dump_stack.c:106
print_address_description+0x88/0x218 mm/kasan/report.c:316
print_report+0x50/0x68 mm/kasan/report.c:420
kasan_report+0xa8/0xfc mm/kasan/report.c:524
__asan_report_load_n_noabort+0x28/0x34 mm/kasan/report_generic.c:361
copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
copy_from_sockptr include/linux/sockptr.h:59 [inline]
data_sock_setsockopt+0x3a8/0x3d0 drivers/isdn/mISDN/socket.c:417
__sys_setsockopt+0x2fc/0x50c net/socket.c:2287
__do_sys_setsockopt net/socket.c:2298 [inline]
__se_sys_setsockopt net/socket.c:2295 [inline]
__arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2295
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Allocated by task 4503:
Call trace:
dump_backtrace+0x1c0/0x1ec arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack+0x30/0x40 lib/dump_stack.c:88
dump_stack_lvl+0xf4/0x15c lib/dump_stack.c:106
print_address_description+0x88/0x218 mm/kasan/report.c:316
print_report+0x50/0x68 mm/kasan/report.c:420
kasan_report+0xa8/0xfc mm/kasan/report.c:524
__asan_report_load_n_noabort+0x28/0x34 mm/kasan/report_generic.c:361
copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
copy_from_sockptr include/linux/sockptr.h:59 [inline]
data_sock_setsockopt+0x3a8/0x3d0 drivers/isdn/mISDN/socket.c:417
__sys_setsockopt+0x2fc/0x50c net/socket.c:2287
__do_sys_setsockopt net/socket.c:2298 [inline]
__se_sys_setsockopt net/socket.c:2295 [inline]
__arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2295
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
kasan_save_stack mm/kasan/common.c:46 [inline]
kasan_set_track+0x4c/0x80 mm/kasan/common.c:53
kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505
____kasan_kmalloc mm/kasan/common.c:375 [inline]
__kasan_kmalloc+0xa0/0xb8 mm/kasan/common.c:384
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slab_common.c:936 [inline]
__kmalloc+0xec/0x178 mm/slab_common.c:949
kmalloc include/linux/slab.h:568 [inline]
__cgroup_bpf_run_filter_setsockopt+0xa18/0xbe0 kernel/bpf/cgroup.c:1873
__sys_setsockopt+0x4c0/0x50c net/socket.c:2270
__do_sys_setsockopt net/socket.c:2298 [inline]
__se_sys_setsockopt net/socket.c:2295 [inline]
__arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2295
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
The buggy address belongs to the object at ffff0000ef19f600
kasan_set_track+0x4c/0x80 mm/kasan/common.c:53
kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505
____kasan_kmalloc mm/kasan/common.c:375 [inline]
__kasan_kmalloc+0xa0/0xb8 mm/kasan/common.c:384
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slab_common.c:936 [inline]
__kmalloc+0xec/0x178 mm/slab_common.c:949
kmalloc include/linux/slab.h:568 [inline]
__cgroup_bpf_run_filter_setsockopt+0xa18/0xbe0 kernel/bpf/cgroup.c:1873
__sys_setsockopt+0x4c0/0x50c net/socket.c:2270
__do_sys_setsockopt net/socket.c:2298 [inline]
__se_sys_setsockopt net/socket.c:2295 [inline]
__arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2295
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
which belongs to the cache kmalloc-128 of size 128
The buggy address is located 3 bytes inside of
128-byte region [ffff0000ef19f600, ffff0000ef19f680)
The buggy address is located 3 bytes inside of
The buggy address belongs to the physical page:
flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000000200 0000000000000000 dead000000000122 ffff0000c0002300
raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff0000ef19f500: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff0000ef19f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff0000ef19f600: 03 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff0000ef19f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff0000ef19f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages