forked to background, child pid 3179
no interfaces have a carri[   22.089904][ T3180] 8021q: adding VLAN 0 to HW filter on device bond0
er
[   22.107095][ T3180] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.150' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   36.645080][ T3615] ==================================================================
[   36.653364][ T3615] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0xc7/0x150
[   36.660784][ T3615] Read of size 42 at addr ffff8880183b8980 by task syz-executor274/3615
[   36.669192][ T3615] 
[   36.671516][ T3615] CPU: 1 PID: 3615 Comm: syz-executor274 Not tainted 5.16.0-rc5-syzkaller #0
[   36.680271][ T3615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.690328][ T3615] Call Trace:
[   36.693605][ T3615]  <TASK>
[   36.696531][ T3615]  dump_stack_lvl+0xcd/0x134
[   36.701143][ T3615]  print_address_description.constprop.0.cold+0x8d/0x320
[   36.708176][ T3615]  ? _copy_to_user+0xc7/0x150
[   36.712857][ T3615]  ? _copy_to_user+0xc7/0x150
[   36.717628][ T3615]  kasan_report.cold+0x83/0xdf
[   36.722398][ T3615]  ? _copy_to_user+0xc7/0x150
[   36.727080][ T3615]  kasan_check_range+0x13d/0x180
[   36.732467][ T3615]  _copy_to_user+0xc7/0x150
[   36.736978][ T3615]  __htab_map_lookup_and_delete_batch+0xec3/0x1880
[   36.743507][ T3615]  ? htab_of_map_alloc+0xf0/0xf0
[   36.748453][ T3615]  ? htab_map_lookup_batch+0x30/0x30
[   36.753746][ T3615]  bpf_map_do_batch+0x2dd/0x5c0
[   36.758608][ T3615]  __sys_bpf+0x288b/0x5950
[   36.763116][ T3615]  ? bpf_link_get_from_fd+0x110/0x110
[   36.768489][ T3615]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   36.774480][ T3615]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   36.780493][ T3615]  ? find_held_lock+0x2d/0x110
[   36.785289][ T3615]  ? trace_hardirqs_on+0x38/0x1c0
[   36.790408][ T3615]  __x64_sys_bpf+0x75/0xb0
[   36.794853][ T3615]  ? syscall_enter_from_user_mode+0x21/0x70
[   36.800772][ T3615]  do_syscall_64+0x35/0xb0
[   36.805198][ T3615]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   36.811095][ T3615] RIP: 0033:0x7fb117482b89
[   36.815874][ T3615] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   36.836285][ T3615] RSP: 002b:00007fb1174132f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   36.844881][ T3615] RAX: ffffffffffffffda RBX: 00007fb11750b3f0 RCX: 00007fb117482b89
[   36.852951][ T3615] RDX: 0000000000000038 RSI: 0000000020000080 RDI: 0000000000000019
[   36.861051][ T3615] RBP: 00007fb1174d88f0 R08: 00007fb117413700 R09: 0000000000000000
[   36.869472][ T3615] R10: 00007fb117413700 R11: 0000000000000246 R12: 00000000200031c0
[   36.877461][ T3615] R13: 00007fb1174d8078 R14: 00000000200021c0 R15: 00007fb11750b3f8
[   36.885469][ T3615]  </TASK>
[   36.888519][ T3615] 
[   36.890837][ T3615] Allocated by task 3615:
[   36.895160][ T3615]  kasan_save_stack+0x1e/0x50
[   36.899851][ T3615]  __kasan_kmalloc+0xa9/0xd0
[   36.904453][ T3615]  kvmalloc_node+0x61/0x120
[   36.908958][ T3615]  __htab_map_lookup_and_delete_batch+0x525/0x1880
[   36.915644][ T3615]  bpf_map_do_batch+0x2dd/0x5c0
[   36.920515][ T3615]  __sys_bpf+0x288b/0x5950
[   36.924939][ T3615]  __x64_sys_bpf+0x75/0xb0
[   36.929368][ T3615]  do_syscall_64+0x35/0xb0
[   36.933798][ T3615]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   36.939899][ T3615] 
[   36.942224][ T3615] The buggy address belongs to the object at ffff8880183b8980
[   36.942224][ T3615]  which belongs to the cache kmalloc-64 of size 64
[   36.956283][ T3615] The buggy address is located 0 bytes inside of
[   36.956283][ T3615]  64-byte region [ffff8880183b8980, ffff8880183b89c0)
[   36.969344][ T3615] The buggy address belongs to the page:
[   36.975000][ T3615] page:ffffea000060ee00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x183b8
[   36.985416][ T3615] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   36.993091][ T3615] raw: 00fff00000000200 ffffea0000714c80 dead000000000005 ffff888010c41640
[   37.001775][ T3615] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[   37.010359][ T3615] page dumped because: kasan: bad access detected
[   37.016770][ T3615] page_owner tracks the page as allocated
[   37.022595][ T3615] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 2970, ts 13072649837, free_ts 11258641957
[   37.039024][ T3615]  get_page_from_freelist+0xa72/0x2f50
[   37.044501][ T3615]  __alloc_pages+0x1b2/0x500
[   37.049091][ T3615]  alloc_pages+0x1a7/0x300
[   37.053509][ T3615]  new_slab+0x32d/0x4a0
[   37.057673][ T3615]  ___slab_alloc+0x918/0xfe0
[   37.062266][ T3615]  __slab_alloc.constprop.0+0x4d/0xa0
[   37.067642][ T3615]  __kmalloc+0x2fb/0x340
[   37.072061][ T3615]  tomoyo_encode2.part.0+0xe9/0x3a0
[   37.077270][ T3615]  tomoyo_encode+0x28/0x50
[   37.081695][ T3615]  tomoyo_realpath_from_path+0x186/0x620
[   37.087355][ T3615]  tomoyo_check_open_permission+0x272/0x380
[   37.093263][ T3615]  tomoyo_file_open+0xa3/0xd0
[   37.098033][ T3615]  security_file_open+0x45/0xb0
[   37.102887][ T3615]  do_dentry_open+0x353/0x1250
[   37.107653][ T3615]  path_openat+0x1cad/0x2750
[   37.112329][ T3615]  do_filp_open+0x1aa/0x400
[   37.116832][ T3615] page last free stack trace:
[   37.121493][ T3615]  free_pcp_prepare+0x374/0x870
[   37.126346][ T3615]  free_unref_page+0x19/0x690
[   37.131028][ T3615]  kasan_depopulate_vmalloc_pte+0x5c/0x70
[   37.136751][ T3615]  __apply_to_page_range+0x694/0x1080
[   37.142121][ T3615]  kasan_release_vmalloc+0xa7/0xc0
[   37.147313][ T3615]  __purge_vmap_area_lazy+0x8f9/0x1c50
[   37.152773][ T3615]  _vm_unmap_aliases.part.0+0x3f0/0x500
[   37.158405][ T3615]  vm_unmap_aliases+0x45/0x50
[   37.163258][ T3615]  change_page_attr_set_clr+0x241/0x500
[   37.168825][ T3615]  set_memory_nx+0xb2/0x110
[   37.173328][ T3615]  free_init_pages+0x73/0xc0
[   37.177913][ T3615]  kernel_init+0x2e/0x1d0
[   37.182246][ T3615]  ret_from_fork+0x1f/0x30
[   37.186665][ T3615] 
[   37.188980][ T3615] Memory state around the buggy address:
[   37.194799][ T3615]  ffff8880183b8880: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   37.202856][ T3615]  ffff8880183b8900: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   37.210910][ T3615] >ffff8880183b8980: 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc fc
[   37.218961][ T3615]                                ^
[   37.224063][ T3615]  ffff8880183b8a00: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   37.232673][ T3615]  ffff8880183b8a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   37.240812][ T3615] ==================================================================
[   37.248948][ T3615] Disabling lock debugging due to kernel taint
executing program
executing program
executing program
executing program
executing program
[   38.963543][ T3615] Kernel panic - not syncing: panic_on_warn set ...
[   38.970155][ T3615] CPU: 0 PID: 3615 Comm: syz-executor274 Tainted: G    B             5.16.0-rc5-syzkaller #0
[   38.980302][ T3615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   38.990350][ T3615] Call Trace:
[   38.993621][ T3615]  <TASK>
[   38.996543][ T3615]  dump_stack_lvl+0xcd/0x134
[   39.001137][ T3615]  panic+0x2b0/0x6dd
[   39.005034][ T3615]  ? __warn_printk+0xf3/0xf3
[   39.009649][ T3615]  ? preempt_schedule_common+0x59/0xc0
[   39.015161][ T3615]  ? _copy_to_user+0xc7/0x150
[   39.019863][ T3615]  ? preempt_schedule_thunk+0x16/0x18
[   39.025241][ T3615]  ? trace_hardirqs_on+0x38/0x1c0
[   39.030439][ T3615]  ? trace_hardirqs_on+0x51/0x1c0
[   39.035472][ T3615]  ? _copy_to_user+0xc7/0x150
[   39.040172][ T3615]  ? _copy_to_user+0xc7/0x150
[   39.044844][ T3615]  end_report.cold+0x63/0x6f
[   39.049433][ T3615]  kasan_report.cold+0x71/0xdf
[   39.054318][ T3615]  ? _copy_to_user+0xc7/0x150
[   39.058994][ T3615]  kasan_check_range+0x13d/0x180
[   39.064019][ T3615]  _copy_to_user+0xc7/0x150
[   39.068543][ T3615]  __htab_map_lookup_and_delete_batch+0xec3/0x1880
[   39.075180][ T3615]  ? htab_of_map_alloc+0xf0/0xf0
[   39.080117][ T3615]  ? htab_map_lookup_batch+0x30/0x30
[   39.085423][ T3615]  bpf_map_do_batch+0x2dd/0x5c0
[   39.090282][ T3615]  __sys_bpf+0x288b/0x5950
[   39.094694][ T3615]  ? bpf_link_get_from_fd+0x110/0x110
[   39.100224][ T3615]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   39.106205][ T3615]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   39.112207][ T3615]  ? find_held_lock+0x2d/0x110
[   39.117063][ T3615]  ? trace_hardirqs_on+0x38/0x1c0
[   39.122091][ T3615]  __x64_sys_bpf+0x75/0xb0
[   39.126504][ T3615]  ? syscall_enter_from_user_mode+0x21/0x70
[   39.132589][ T3615]  do_syscall_64+0x35/0xb0
[   39.137004][ T3615]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   39.142896][ T3615] RIP: 0033:0x7fb117482b89
[   39.147303][ T3615] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   39.166990][ T3615] RSP: 002b:00007fb1174132f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   39.175394][ T3615] RAX: ffffffffffffffda RBX: 00007fb11750b3f0 RCX: 00007fb117482b89
[   39.183359][ T3615] RDX: 0000000000000038 RSI: 0000000020000080 RDI: 0000000000000019
[   39.191321][ T3615] RBP: 00007fb1174d88f0 R08: 00007fb117413700 R09: 0000000000000000
[   39.199283][ T3615] R10: 00007fb117413700 R11: 0000000000000246 R12: 00000000200031c0
[   39.207363][ T3615] R13: 00007fb1174d8078 R14: 00000000200021c0 R15: 00007fb11750b3f8
[   39.215758][ T3615]  </TASK>
[   39.219995][ T3615] Kernel Offset: disabled
[   39.225236][ T3615] Rebooting in 86400 seconds..