[ 33.499140][ T3174] 8021q: adding VLAN 0 to HW filter on device bond0
[ 33.510662][ T3174] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
syzkaller login: [ 40.733692][ T26] kauditd_printk_skb: 37 callbacks suppressed
[ 40.733709][ T26] audit: type=1400 audit(1644266360.715:73): avc: denied { transition } for pid=3379 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 40.768546][ T26] audit: type=1400 audit(1644266360.755:74): avc: denied { write } for pid=3379 comm="sh" path="pipe:[26522]" dev="pipefs" ino=26522 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts.
executing program
[ 48.916934][ T26] audit: type=1400 audit(1644266368.905:75): avc: denied { execmem } for pid=3589 comm="syz-executor143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 48.938308][ T3589] ==================================================================
[ 48.946604][ T3589] BUG: KASAN: use-after-free in strcmp+0x9b/0xb0
[ 48.953316][ T3589] Read of size 1 at addr ffff8880195e3204 by task syz-executor143/3589
[ 48.961637][ T3589]
[ 48.963953][ T3589] CPU: 0 PID: 3589 Comm: syz-executor143 Not tainted 5.17.0-rc3-syzkaller #0
[ 48.972708][ T3589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 48.982750][ T3589] Call Trace:
[ 48.986022][ T3589]
[ 48.988940][ T3589] dump_stack_lvl+0xcd/0x134
[ 48.993542][ T3589] print_address_description.constprop.0.cold+0x8d/0x303
[ 49.000582][ T3589] ? strcmp+0x9b/0xb0
[ 49.004589][ T3589] ? strcmp+0x9b/0xb0
[ 49.009012][ T3589] kasan_report.cold+0x83/0xdf
[ 49.013818][ T3589] ? strcmp+0x9b/0xb0
[ 49.017800][ T3589] strcmp+0x9b/0xb0
[ 49.021600][ T3589] madvise_update_vma+0x4e6/0x7f0
[ 49.026631][ T3589] madvise_vma_behavior+0x116/0x1910
[ 49.031948][ T3589] ? madvise_vma_anon_name+0xc0/0xc0
[ 49.037232][ T3589] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 49.042944][ T3589] ? vmacache_find+0x62/0x330
[ 49.047696][ T3589] ? find_vma+0xbd/0x270
[ 49.051927][ T3589] madvise_walk_vmas+0x1d5/0x2d0
[ 49.056878][ T3589] ? madvise_vma_anon_name+0xc0/0xc0
[ 49.062245][ T3589] ? __remove_memory+0x40/0x40
[ 49.067007][ T3589] ? __down_timeout+0x10/0x10
[ 49.071702][ T3589] ? find_held_lock+0x2d/0x110
[ 49.076465][ T3589] do_madvise+0x249/0x3c0
[ 49.080803][ T3589] ? madvise_set_anon_name+0xe0/0xe0
[ 49.086083][ T3589] __x64_sys_madvise+0xa6/0x110
[ 49.090926][ T3589] ? syscall_enter_from_user_mode+0x21/0x70
[ 49.096811][ T3589] do_syscall_64+0x35/0xb0
[ 49.101217][ T3589] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 49.107185][ T3589] RIP: 0033:0x7fe15c6b9ff9
[ 49.111587][ T3589] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 49.131210][ T3589] RSP: 002b:00007fff15ec74b8 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[ 49.139616][ T3589] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe15c6b9ff9
[ 49.147575][ T3589] RDX: 000000000000000b RSI: 0000000000001000 RDI: 0000000020ffc000
[ 49.155531][ T3589] RBP: 00007fe15c67dfe0 R08: 0000000000000000 R09: 0000000000000000
[ 49.163529][ T3589] R10: 0000000020000000 R11: 0000000000000246 R12: 00007fe15c67e070
[ 49.171492][ T3589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 49.179468][ T3589]
[ 49.182472][ T3589]
[ 49.184775][ T3589] Allocated by task 3589:
[ 49.189090][ T3589] kasan_save_stack+0x1e/0x40
[ 49.193771][ T3589] __kasan_kmalloc+0xa6/0xd0
[ 49.198351][ T3589] __kmalloc+0x209/0x4d0
[ 49.202592][ T3589] madvise_update_vma+0x546/0x7f0
[ 49.207609][ T3589] madvise_vma_anon_name+0x7c/0xc0
[ 49.212737][ T3589] madvise_walk_vmas+0x1d5/0x2d0
[ 49.217659][ T3589] madvise_set_anon_name+0xac/0xe0
[ 49.222759][ T3589] __do_sys_prctl+0xeb5/0x12d0
[ 49.227511][ T3589] do_syscall_64+0x35/0xb0
[ 49.231912][ T3589] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 49.237799][ T3589]
[ 49.240144][ T3589] Freed by task 3589:
[ 49.244103][ T3589] kasan_save_stack+0x1e/0x40
[ 49.248770][ T3589] kasan_set_track+0x21/0x30
[ 49.253353][ T3589] kasan_set_free_info+0x20/0x30
[ 49.258281][ T3589] __kasan_slab_free+0xee/0x130
[ 49.263224][ T3589] kfree+0xf6/0x290
[ 49.267033][ T3589] free_vma_anon_name+0xeb/0x110
[ 49.271962][ T3589] vm_area_free+0x11/0x30
[ 49.276276][ T3589] __vma_adjust+0x836/0x24a0
[ 49.280848][ T3589] vma_merge+0x860/0xeb0
[ 49.285073][ T3589] madvise_update_vma+0x1b6/0x7f0
[ 49.290083][ T3589] madvise_vma_behavior+0x116/0x1910
[ 49.295355][ T3589] madvise_walk_vmas+0x1d5/0x2d0
[ 49.300279][ T3589] do_madvise+0x249/0x3c0
[ 49.304592][ T3589] __x64_sys_madvise+0xa6/0x110
[ 49.309428][ T3589] do_syscall_64+0x35/0xb0
[ 49.314350][ T3589] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 49.320314][ T3589]
[ 49.322621][ T3589] The buggy address belongs to the object at ffff8880195e3200
[ 49.322621][ T3589] which belongs to the cache kmalloc-32 of size 32
[ 49.336484][ T3589] The buggy address is located 4 bytes inside of
[ 49.336484][ T3589] 32-byte region [ffff8880195e3200, ffff8880195e3220)
[ 49.349480][ T3589] The buggy address belongs to the page:
[ 49.355093][ T3589] page:ffffea00006578c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880195e3fc1 pfn:0x195e3
[ 49.366532][ T3589] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 49.374064][ T3589] raw: 00fff00000000200 ffffea00008f1408 ffffea0000604788 ffff888010c40100
[ 49.382633][ T3589] raw: ffff8880195e3fc1 ffff8880195e3000 000000010000003c 0000000000000000
[ 49.391195][ T3589] page dumped because: kasan: bad access detected
[ 49.397594][ T3589] page_owner tracks the page as allocated
[ 49.403306][ T3589] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 1, ts 7402281409, free_ts 7402132763
[ 49.420681][ T3589] get_page_from_freelist+0xa72/0x2f50
[ 49.426134][ T3589] __alloc_pages+0x1b2/0x500
[ 49.430713][ T3589] cache_grow_begin+0x75/0x350
[ 49.435462][ T3589] cache_alloc_refill+0x27f/0x380
[ 49.440470][ T3589] __kmalloc_track_caller+0x3b0/0x4d0
[ 49.445827][ T3589] kstrdup+0x36/0x70
[ 49.449706][ T3589] kstrdup_const+0x53/0x80
[ 49.454105][ T3589] __kernfs_new_node+0x9d/0x8b0
[ 49.458943][ T3589] kernfs_new_node+0x93/0x120
[ 49.463685][ T3589] kernfs_create_link+0xcb/0x230
[ 49.468612][ T3589] sysfs_do_create_link_sd+0x90/0x140
[ 49.473983][ T3589] sysfs_create_link+0x5f/0xc0
[ 49.478745][ T3589] device_add+0x789/0x1ee0
[ 49.483147][ T3589] tty_register_device_attr+0x38e/0x7a0
[ 49.488681][ T3589] tty_register_driver+0x428/0x800
[ 49.493776][ T3589] pty_init+0x648/0xdfc
[ 49.497916][ T3589] page last free stack trace:
[ 49.502575][ T3589] free_pcp_prepare+0x374/0x870
[ 49.507431][ T3589] free_unref_page+0x19/0x690
[ 49.512094][ T3589] __vunmap+0x798/0xc50
[ 49.516237][ T3589] free_work+0x58/0x70
[ 49.520297][ T3589] process_one_work+0x9ac/0x1650
[ 49.525219][ T3589] worker_thread+0x657/0x1110
[ 49.529884][ T3589] kthread+0x2e9/0x3a0
[ 49.533951][ T3589] ret_from_fork+0x1f/0x30
[ 49.538358][ T3589]
[ 49.540667][ T3589] Memory state around the buggy address:
[ 49.546280][ T3589] ffff8880195e3100: 00 00 01 fc fc fc fc fc 06 fc fc fc fc fc fc fc
[ 49.555279][ T3589] ffff8880195e3180: 06 fc fc fc fc fc fc fc 06 fc fc fc fc fc fc fc
[ 49.563414][ T3589] >ffff8880195e3200: fa fb fb fb fc fc fc fc 06 fc fc fc fc fc fc fc
[ 49.571456][ T3589] ^
[ 49.575508][ T3589] ffff8880195e3280: fa fb fb fb fc fc fc fc 06 fc fc fc fc fc fc fc
[ 49.583560][ T3589] ffff8880195e3300: 06 fc fc fc fc fc fc fc 06 fc fc fc fc fc fc fc
[ 49.591604][ T3589] ==================================================================
[ 49.599649][ T3589] Disabling lock debugging due to kernel taint
[ 49.606061][ T3589] Kernel panic - not syncing: panic_on_warn set ...
[ 49.612998][ T3589] CPU: 0 PID: 3589 Comm: syz-executor143 Tainted: G B 5.17.0-rc3-syzkaller #0
[ 49.623159][ T3589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 49.633215][ T3589] Call Trace:
[ 49.636488][ T3589]
[ 49.639412][ T3589] dump_stack_lvl+0xcd/0x134
[ 49.644009][ T3589] panic+0x2b0/0x6dd
[ 49.647903][ T3589] ? __warn_printk+0xf3/0xf3
[ 49.652500][ T3589] ? preempt_schedule_common+0x59/0xc0
[ 49.657962][ T3589] ? strcmp+0x9b/0xb0
[ 49.661941][ T3589] ? preempt_schedule_thunk+0x16/0x18
[ 49.667323][ T3589] ? trace_hardirqs_on+0x38/0x1c0
[ 49.672356][ T3589] ? trace_hardirqs_on+0x51/0x1c0
[ 49.677378][ T3589] ? strcmp+0x9b/0xb0
[ 49.681354][ T3589] ? strcmp+0x9b/0xb0
[ 49.685336][ T3589] end_report.cold+0x63/0x6f
[ 49.689932][ T3589] kasan_report.cold+0x71/0xdf
[ 49.694701][ T3589] ? strcmp+0x9b/0xb0
[ 49.698770][ T3589] strcmp+0x9b/0xb0
[ 49.702577][ T3589] madvise_update_vma+0x4e6/0x7f0
[ 49.707622][ T3589] madvise_vma_behavior+0x116/0x1910
[ 49.712921][ T3589] ? madvise_vma_anon_name+0xc0/0xc0
[ 49.718212][ T3589] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 49.723937][ T3589] ? vmacache_find+0x62/0x330
[ 49.728705][ T3589] ? find_vma+0xbd/0x270
[ 49.732945][ T3589] madvise_walk_vmas+0x1d5/0x2d0
[ 49.737883][ T3589] ? madvise_vma_anon_name+0xc0/0xc0
[ 49.743167][ T3589] ? __remove_memory+0x40/0x40
[ 49.747931][ T3589] ? __down_timeout+0x10/0x10
[ 49.752609][ T3589] ? find_held_lock+0x2d/0x110
[ 49.757379][ T3589] do_madvise+0x249/0x3c0
[ 49.761714][ T3589] ? madvise_set_anon_name+0xe0/0xe0
[ 49.767002][ T3589] __x64_sys_madvise+0xa6/0x110
[ 49.771854][ T3589] ? syscall_enter_from_user_mode+0x21/0x70
[ 49.777751][ T3589] do_syscall_64+0x35/0xb0
[ 49.782169][ T3589] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 49.788061][ T3589] RIP: 0033:0x7fe15c6b9ff9
[ 49.792469][ T3589] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 49.812085][ T3589] RSP: 002b:00007fff15ec74b8 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[ 49.820498][ T3589] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe15c6b9ff9
[ 49.828465][ T3589] RDX: 000000000000000b RSI: 0000000000001000 RDI: 0000000020ffc000
[ 49.836432][ T3589] RBP: 00007fe15c67dfe0 R08: 0000000000000000 R09: 0000000000000000
[ 49.844403][ T3589] R10: 0000000020000000 R11: 0000000000000246 R12: 00007fe15c67e070
[ 49.852384][ T3589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 49.860358][ T3589]
[ 49.863531][ T3589] Kernel Offset: disabled
[ 49.867843][ T3589] Rebooting in 86400 seconds..