Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 63.695336][ T8473] ================================================================== [ 63.703907][ T8473] BUG: KASAN: vmalloc-out-of-bounds in bpf_lru_populate+0x56d/0x5e0 [ 63.712010][ T8473] Write of size 1 at addr ffffc9000ade1fba by task syz-executor328/8473 [ 63.720329][ T8473] [ 63.722650][ T8473] CPU: 1 PID: 8473 Comm: syz-executor328 Not tainted 5.10.0-rc6-syzkaller #0 [ 63.731608][ T8473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.742106][ T8473] Call Trace: [ 63.745395][ T8473] dump_stack+0x107/0x163 [ 63.749719][ T8473] ? bpf_lru_populate+0x56d/0x5e0 [ 63.755029][ T8473] ? bpf_lru_populate+0x56d/0x5e0 [ 63.760141][ T8473] print_address_description.constprop.0.cold+0x5/0x4c8 [ 63.767085][ T8473] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 63.772491][ T8473] ? vprintk_func+0x95/0x1e0 [ 63.777075][ T8473] ? bpf_lru_populate+0x56d/0x5e0 [ 63.782089][ T8473] ? bpf_lru_populate+0x56d/0x5e0 [ 63.787145][ T8473] kasan_report.cold+0x1f/0x37 [ 63.791900][ T8473] ? lockdep_init_map_waits+0x221/0x720 [ 63.797447][ T8473] ? bpf_lru_populate+0x56d/0x5e0 [ 63.802658][ T8473] bpf_lru_populate+0x56d/0x5e0 [ 63.807508][ T8473] ? bpf_lru_init+0x6c3/0x990 [ 63.812194][ T8473] htab_map_alloc+0xf6e/0x1230 [ 63.816967][ T8473] ? htab_map_alloc_check+0x2ee/0x430 [ 63.822367][ T8473] ? htab_percpu_map_seq_show_elem+0x4a0/0x4a0 [ 63.828741][ T8473] __do_sys_bpf+0xa81/0x5170 [ 63.833346][ T8473] ? bpf_link_get_from_fd+0x110/0x110 [ 63.838717][ T8473] ? __up_read+0x1a1/0x7b0 [ 63.843169][ T8473] ? _down_write_nest_lock+0x150/0x150 [ 63.848958][ T8473] ? syscall_enter_from_user_mode+0x1d/0x50 [ 63.854846][ T8473] do_syscall_64+0x2d/0x70 [ 63.859348][ T8473] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.866320][ T8473] RIP: 0033:0x4402d9 [ 63.870244][ T8473] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.889982][ T8473] RSP: 002b:00007fff580768b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 63.898397][ T8473] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402d9 [ 63.906494][ T8473] RDX: 0000000000000040 RSI: 00000000200000c0 RDI: 0000000000000000 [ 63.914570][ T8473] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 63.922530][ T8473] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000401ae0 [ 63.930495][ T8473] R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000 [ 63.938512][ T8473] [ 63.940825][ T8473] [ 63.943138][ T8473] Memory state around the buggy address: [ 63.948760][ T8473] ffffc9000ade1e80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 63.956810][ T8473] ffffc9000ade1f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 63.964860][ T8473] >ffffc9000ade1f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 63.972938][ T8473] ^ [ 63.978817][ T8473] ffffc9000ade2000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 63.986866][ T8473] ffffc9000ade2080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 63.994999][ T8473] ================================================================== [ 64.003048][ T8473] Disabling lock debugging due to kernel taint [ 64.009338][ T8473] Kernel panic - not syncing: panic_on_warn set ... [ 64.016013][ T8473] CPU: 1 PID: 8473 Comm: syz-executor328 Tainted: G B 5.10.0-rc6-syzkaller #0 [ 64.026153][ T8473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.036286][ T8473] Call Trace: [ 64.039691][ T8473] dump_stack+0x107/0x163 [ 64.044012][ T8473] ? bpf_lru_populate+0x4b0/0x5e0 [ 64.049279][ T8473] panic+0x306/0x73d [ 64.053218][ T8473] ? __warn_printk+0xf3/0xf3 [ 64.057858][ T8473] ? preempt_schedule_common+0x59/0xc0 [ 64.063308][ T8473] ? bpf_lru_populate+0x56d/0x5e0 [ 64.068436][ T8473] ? preempt_schedule_thunk+0x16/0x18 [ 64.073913][ T8473] ? trace_hardirqs_on+0x51/0x1c0 [ 64.079049][ T8473] ? bpf_lru_populate+0x56d/0x5e0 [ 64.084201][ T8473] ? bpf_lru_populate+0x56d/0x5e0 [ 64.089448][ T8473] end_report+0x58/0x5e [ 64.093636][ T8473] kasan_report.cold+0xd/0x37 [ 64.098348][ T8473] ? lockdep_init_map_waits+0x221/0x720 [ 64.103890][ T8473] ? bpf_lru_populate+0x56d/0x5e0 [ 64.108904][ T8473] bpf_lru_populate+0x56d/0x5e0 [ 64.114044][ T8473] ? bpf_lru_init+0x6c3/0x990 [ 64.118819][ T8473] htab_map_alloc+0xf6e/0x1230 [ 64.123601][ T8473] ? htab_map_alloc_check+0x2ee/0x430 [ 64.129002][ T8473] ? htab_percpu_map_seq_show_elem+0x4a0/0x4a0 [ 64.135163][ T8473] __do_sys_bpf+0xa81/0x5170 [ 64.139742][ T8473] ? bpf_link_get_from_fd+0x110/0x110 [ 64.145187][ T8473] ? __up_read+0x1a1/0x7b0 [ 64.149592][ T8473] ? _down_write_nest_lock+0x150/0x150 [ 64.155042][ T8473] ? syscall_enter_from_user_mode+0x1d/0x50 [ 64.161247][ T8473] do_syscall_64+0x2d/0x70 [ 64.165792][ T8473] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.171924][ T8473] RIP: 0033:0x4402d9 [ 64.175807][ T8473] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.196331][ T8473] RSP: 002b:00007fff580768b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 64.205065][ T8473] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402d9 [ 64.213309][ T8473] RDX: 0000000000000040 RSI: 00000000200000c0 RDI: 0000000000000000 [ 64.221632][ T8473] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 64.229728][ T8473] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000401ae0 [ 64.237967][ T8473] R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000 [ 64.247041][ T8473] Kernel Offset: disabled [ 64.252359][ T8473] Rebooting in 86400 seconds..