./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1335656235

<...>
forked to background, child pid 4869
[   33.985670][ T4870] 8021q: adding VLAN 0 to HW filter on device bond0
[   34.003960][ T4870] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: [   34.614200][ T4964] sshd (4964) used greatest stack depth: 22712 bytes left
OK

syzkaller
Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts.
execve("./syz-executor1335656235", ["./syz-executor1335656235"], 0x7ffe7f099450 /* 10 vars */) = 0
brk(NULL)                               = 0x555556b2d000
brk(0x555556b2dc40)                     = 0x555556b2dc40
arch_prctl(ARCH_SET_FS, 0x555556b2d300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1335656235", 4096) = 28
brk(0x555556b4ec40)                     = 0x555556b4ec40
brk(0x555556b4f000)                     = 0x555556b4f000
mprotect(0x7fdec573f000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=14, insns=0x20001100, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 3
syzkaller login: [   57.084881][ T5293] ==================================================================
[   57.092967][ T5293] BUG: KASAN: slab-out-of-bounds in __build_skb_around+0x235/0x340
[   57.100869][ T5293] Write of size 32 at addr ffff88807b9d2ac0 by task syz-executor133/5293
[   57.109262][ T5293] 
[   57.111572][ T5293] CPU: 0 PID: 5293 Comm: syz-executor133 Not tainted 6.1.0-rc6-next-20221125-syzkaller #0
[   57.121441][ T5293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.131477][ T5293] Call Trace:
[   57.134742][ T5293]  <TASK>
[   57.137664][ T5293]  dump_stack_lvl+0xd1/0x138
[   57.142245][ T5293]  print_report+0x15e/0x45d
[   57.146745][ T5293]  ? __phys_addr+0xc8/0x140
[   57.151241][ T5293]  ? __build_skb_around+0x235/0x340
[   57.156438][ T5293]  kasan_report+0xbf/0x1f0
[   57.160862][ T5293]  ? __build_skb_around+0x235/0x340
[   57.166084][ T5293]  kasan_check_range+0x141/0x190
[   57.171031][ T5293]  memset+0x24/0x50
[   57.174847][ T5293]  __build_skb_around+0x235/0x340
[   57.179896][ T5293]  __build_skb+0x4f/0x60
[   57.184155][ T5293]  build_skb+0x22/0x280
[   57.188339][ T5293]  bpf_prog_test_run_skb+0x343/0x1e10
[   57.193728][ T5293]  ? bpf_prog_test_run_raw_tp+0x620/0x620
[   57.199461][ T5293]  ? __fget_light+0x20a/0x270
[   57.204159][ T5293]  ? bpf_prog_test_run_raw_tp+0x620/0x620
[   57.209892][ T5293]  __sys_bpf+0x1599/0x4ff0
[   57.214312][ T5293]  ? lock_release+0x810/0x810
[   57.219008][ T5293]  ? bpf_perf_link_attach+0x520/0x520
[   57.224388][ T5293]  ? do_raw_spin_lock+0x124/0x2b0
[   57.229416][ T5293]  ? rwlock_bug.part.0+0x90/0x90
[   57.234354][ T5293]  ? _raw_spin_lock_irq+0x45/0x50
[   57.239402][ T5293]  ? find_held_lock+0x2d/0x110
[   57.244191][ T5293]  ? _raw_spin_unlock_irq+0x23/0x50
[   57.249413][ T5293]  ? lockdep_hardirqs_on+0x7d/0x100
[   57.254635][ T5293]  __x64_sys_bpf+0x79/0xc0
[   57.259058][ T5293]  do_syscall_64+0x39/0xb0
[   57.263482][ T5293]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.269393][ T5293] RIP: 0033:0x7fdec56d2d39
[   57.273813][ T5293] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.293424][ T5293] RSP: 002b:00007ffdbb94f408 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   57.301840][ T5293] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdec56d2d39
[   57.309815][ T5293] RDX: 000000000000002c RSI: 0000000020000080 RDI: 000000000000000a
[   57.317788][ T5293] RBP: 00007fdec5696ee0 R08: 0000000000000000 R09: 0000000000000000
[   57.325756][ T5293] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdec5696f70
[   57.333730][ T5293] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   57.341799][ T5293]  </TASK>
[   57.344818][ T5293] 
[   57.347142][ T5293] Allocated by task 5293:
[   57.351462][ T5293]  kasan_save_stack+0x22/0x40
[   57.356166][ T5293]  kasan_set_track+0x25/0x30
[   57.360774][ T5293]  __kasan_kmalloc+0xa5/0xb0
[   57.365381][ T5293]  __kmalloc+0x5a/0xd0
[   57.369457][ T5293]  bpf_test_init.isra.0+0xa5/0x150
[   57.374578][ T5293]  bpf_prog_test_run_skb+0x22e/0x1e10
[   57.379958][ T5293]  __sys_bpf+0x1599/0x4ff0
[   57.384374][ T5293]  __x64_sys_bpf+0x79/0xc0
[   57.388792][ T5293]  do_syscall_64+0x39/0xb0
[   57.393213][ T5293]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.399117][ T5293] 
[   57.401434][ T5293] The buggy address belongs to the object at ffff88807b9d2800
[   57.401434][ T5293]  which belongs to the cache kmalloc-1k of size 1024
[   57.415486][ T5293] The buggy address is located 704 bytes inside of
[   57.415486][ T5293]  1024-byte region [ffff88807b9d2800, ffff88807b9d2c00)
[   57.428849][ T5293] 
[   57.431166][ T5293] The buggy address belongs to the physical page:
[   57.437568][ T5293] page:ffffea0001ee7400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b9d0
[   57.447737][ T5293] head:ffffea0001ee7400 order:3 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
[   57.457885][ T5293] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   57.465875][ T5293] raw: 00fff00000010200 ffff888012441dc0 dead000000000122 0000000000000000
[   57.474461][ T5293] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   57.483037][ T5293] page dumped because: kasan: bad access detected
[   57.489443][ T5293] page_owner tracks the page as allocated
[   57.495147][ T5293] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5290, tgid 5290 (sh), ts 57015125770, free_ts 56992452841
[   57.514875][ T5293]  get_page_from_freelist+0x119c/0x2cd0
[   57.520429][ T5293]  __alloc_pages+0x1cb/0x5b0
[   57.525023][ T5293]  alloc_pages+0x1aa/0x270
[   57.529441][ T5293]  allocate_slab+0x25f/0x350
[   57.534042][ T5293]  ___slab_alloc+0xa91/0x1400
[   57.538734][ T5293]  __slab_alloc.constprop.0+0x56/0xa0
[   57.544120][ T5293]  __kmem_cache_alloc_node+0x1a9/0x430
[   57.549597][ T5293]  __kmalloc+0x4a/0xd0
[   57.553679][ T5293]  tomoyo_init_log+0x1282/0x1ec0
[   57.558623][ T5293]  tomoyo_supervisor+0x354/0xf10
[   57.563571][ T5293]  tomoyo_env_perm+0x183/0x200
[   57.568342][ T5293]  tomoyo_find_next_domain+0x13d2/0x1f80
[   57.573986][ T5293]  tomoyo_bprm_check_security+0x133/0x1c0
[   57.579711][ T5293]  security_bprm_check+0x49/0xb0
[   57.584661][ T5293]  bprm_execve+0x732/0x19f0
[   57.589180][ T5293]  do_execveat_common+0x724/0x890
[   57.594219][ T5293] page last free stack trace:
[   57.598881][ T5293]  free_pcp_prepare+0x65c/0xc00
[   57.603734][ T5293]  free_unref_page+0x1d/0x490
[   57.608415][ T5293]  __unfreeze_partials+0x17c/0x1a0
[   57.613540][ T5293]  qlist_free_all+0x6a/0x170
[   57.618138][ T5293]  kasan_quarantine_reduce+0x192/0x220
[   57.623605][ T5293]  __kasan_slab_alloc+0x66/0x90
[   57.628455][ T5293]  kmem_cache_alloc+0x1e3/0x430
[   57.633326][ T5293]  vm_area_alloc+0x20/0x100
[   57.637844][ T5293]  mmap_region+0x44c/0x1dd0
[   57.642347][ T5293]  do_mmap+0x831/0xf60
[   57.646428][ T5293]  vm_mmap_pgoff+0x1af/0x280
[   57.651024][ T5293]  ksys_mmap_pgoff+0x7d/0x5a0
[   57.655718][ T5293]  do_syscall_64+0x39/0xb0
[   57.660140][ T5293]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.666052][ T5293] 
[   57.668372][ T5293] Memory state around the buggy address:
[   57.673994][ T5293]  ffff88807b9d2980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.682056][ T5293]  ffff88807b9d2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.690115][ T5293] >ffff88807b9d2a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.698172][ T5293]                                            ^
[   57.704324][ T5293]  ffff88807b9d2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.712380][ T5293]  ffff88807b9d2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.720434][ T5293] ==================================================================
[   57.729031][ T5293] Kernel panic - not syncing: panic_on_warn set ...
[   57.735625][ T5293] CPU: 1 PID: 5293 Comm: syz-executor133 Not tainted 6.1.0-rc6-next-20221125-syzkaller #0
[   57.745527][ T5293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.755579][ T5293] Call Trace:
[   57.758856][ T5293]  <TASK>
[   57.761787][ T5293]  dump_stack_lvl+0xd1/0x138
[   57.766383][ T5293]  panic+0x2cc/0x626
[   57.770284][ T5293]  ? panic_print_sys_info.part.0+0x110/0x110
[   57.776274][ T5293]  ? preempt_schedule_common+0x59/0xc0
[   57.781742][ T5293]  ? preempt_schedule_thunk+0x1a/0x20
[   57.787135][ T5293]  end_report.part.0+0x3f/0x7c
[   57.791912][ T5293]  ? __build_skb_around+0x235/0x340
[   57.797125][ T5293]  kasan_report.cold+0xa/0xf
[   57.801727][ T5293]  ? __build_skb_around+0x235/0x340
[   57.806945][ T5293]  kasan_check_range+0x141/0x190
[   57.811897][ T5293]  memset+0x24/0x50
[   57.815713][ T5293]  __build_skb_around+0x235/0x340
[   57.820751][ T5293]  __build_skb+0x4f/0x60
[   57.825015][ T5293]  build_skb+0x22/0x280
[   57.829189][ T5293]  bpf_prog_test_run_skb+0x343/0x1e10
[   57.834577][ T5293]  ? bpf_prog_test_run_raw_tp+0x620/0x620
[   57.840308][ T5293]  ? __fget_light+0x20a/0x270
[   57.845010][ T5293]  ? bpf_prog_test_run_raw_tp+0x620/0x620
[   57.850741][ T5293]  __sys_bpf+0x1599/0x4ff0
[   57.855162][ T5293]  ? lock_release+0x810/0x810
[   57.859872][ T5293]  ? bpf_perf_link_attach+0x520/0x520
[   57.865247][ T5293]  ? do_raw_spin_lock+0x124/0x2b0
[   57.870280][ T5293]  ? rwlock_bug.part.0+0x90/0x90
[   57.875220][ T5293]  ? _raw_spin_lock_irq+0x45/0x50
[   57.880267][ T5293]  ? find_held_lock+0x2d/0x110
[   57.885054][ T5293]  ? _raw_spin_unlock_irq+0x23/0x50
[   57.890270][ T5293]  ? lockdep_hardirqs_on+0x7d/0x100
[   57.895482][ T5293]  __x64_sys_bpf+0x79/0xc0
[   57.899904][ T5293]  do_syscall_64+0x39/0xb0
[   57.904328][ T5293]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.910334][ T5293] RIP: 0033:0x7fdec56d2d39
[   57.914753][ T5293] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.934363][ T5293] RSP: 002b:00007ffdbb94f408 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   57.942778][ T5293] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdec56d2d39
[   57.950796][ T5293] RDX: 000000000000002c RSI: 0000000020000080 RDI: 000000000000000a
[   57.958771][ T5293] RBP: 00007fdec5696ee0 R08: 0000000000000000 R09: 0000000000000000
[   57.966747][ T5293] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdec5696f70
[   57.974730][ T5293] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   57.982706][ T5293]  </TASK>
[   57.985886][ T5293] Kernel Offset: disabled
[   57.990203][ T5293] Rebooting in 86400 seconds..