Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. executing program [ 36.596096] ================================================================== [ 36.603599] BUG: KASAN: slab-out-of-bounds in queue_stack_map_push_elem+0x185/0x290 [ 36.611393] Write of size 262146 at addr ffff8881bf6196c8 by task syz-executor055/5988 [ 36.619423] [ 36.621038] CPU: 0 PID: 5988 Comm: syz-executor055 Not tainted 4.20.0-rc3+ #348 [ 36.628461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.637807] Call Trace: [ 36.640388] dump_stack+0x244/0x39d [ 36.644005] ? dump_stack_print_info.cold.1+0x20/0x20 [ 36.649176] ? printk+0xa7/0xcf [ 36.652557] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.657297] print_address_description.cold.7+0x9/0x1ff [ 36.662652] kasan_report.cold.8+0x242/0x309 [ 36.667050] ? queue_stack_map_push_elem+0x185/0x290 [ 36.672140] check_memory_region+0x13e/0x1b0 [ 36.676532] memcpy+0x37/0x50 [ 36.679624] queue_stack_map_push_elem+0x185/0x290 [ 36.684535] ? queue_map_pop_elem+0x30/0x30 [ 36.688863] map_update_elem+0x605/0xf60 [ 36.692929] __x64_sys_bpf+0x32d/0x520 [ 36.696799] ? bpf_prog_get+0x20/0x20 [ 36.700595] do_syscall_64+0x1b9/0x820 [ 36.704467] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.709819] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.714732] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.719562] ? trace_hardirqs_on_caller+0x310/0x310 [ 36.724645] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.729736] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.734739] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.739570] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.744743] RIP: 0033:0x4400e9 [ 36.747943] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 36.766838] RSP: 002b:00007ffd1a9a4618 EFLAGS: 00000213 ORIG_RAX: 0000000000000141 [ 36.774531] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004400e9 [ 36.781791] RDX: 0000000000000020 RSI: 0000000020000040 RDI: 0000000000000002 [ 36.789042] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 36.796291] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401970 [ 36.803541] R13: 0000000000401a00 R14: 0000000000000000 R15: 0000000000000000 [ 36.810807] [ 36.812424] Allocated by task 5988: [ 36.816039] save_stack+0x43/0xd0 [ 36.819475] kasan_kmalloc+0xc7/0xe0 [ 36.823170] __kmalloc_node+0x50/0x70 [ 36.826957] bpf_map_area_alloc+0x3f/0x90 [ 36.831109] queue_stack_map_alloc+0x192/0x290 [ 36.835671] map_create+0x3bd/0x1110 [ 36.839366] __x64_sys_bpf+0x303/0x520 [ 36.843238] do_syscall_64+0x1b9/0x820 [ 36.847110] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.852275] [ 36.853880] Freed by task 3717: [ 36.857142] save_stack+0x43/0xd0 [ 36.860575] __kasan_slab_free+0x102/0x150 [ 36.864790] kasan_slab_free+0xe/0x10 [ 36.868570] kfree+0xcf/0x230 [ 36.871656] skb_free_head+0x99/0xc0 [ 36.875350] skb_release_data+0x70c/0x9a0 [ 36.879480] skb_release_all+0x4a/0x60 [ 36.883350] consume_skb+0x1ae/0x570 [ 36.887047] skb_free_datagram+0x1a/0xf0 [ 36.891092] unix_dgram_recvmsg+0xd6d/0x1b10 [ 36.895482] sock_recvmsg+0xd0/0x110 [ 36.899182] __sys_recvfrom+0x311/0x5d0 [ 36.903137] __x64_sys_recvfrom+0xe1/0x1a0 [ 36.907364] do_syscall_64+0x1b9/0x820 [ 36.911234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.916397] [ 36.918010] The buggy address belongs to the object at ffff8881bf619580 [ 36.918010] which belongs to the cache kmalloc-512 of size 512 [ 36.930648] The buggy address is located 328 bytes inside of [ 36.930648] 512-byte region [ffff8881bf619580, ffff8881bf619780) [ 36.942501] The buggy address belongs to the page: [ 36.947412] page:ffffea0006fd8640 count:1 mapcount:0 mapping:ffff8881da800940 index:0x0 [ 36.955534] flags: 0x2fffc0000000200(slab) [ 36.959755] raw: 02fffc0000000200 ffffea0006fd2a88 ffffea0006fd2d88 ffff8881da800940 [ 36.967619] raw: 0000000000000000 ffff8881bf619080 0000000100000006 0000000000000000 [ 36.975474] page dumped because: kasan: bad access detected [ 36.981157] [ 36.982763] Memory state around the buggy address: [ 36.987673] ffff8881bf619600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.995013] ffff8881bf619680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.002353] >ffff8881bf619700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.009726] ^ [ 37.013073] ffff8881bf619780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.020433] ffff8881bf619800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.027783] ================================================================== [ 37.035125] Disabling lock debugging due to kernel taint [ 37.040555] Kernel panic - not syncing: panic_on_warn set ... [ 37.046421] CPU: 0 PID: 5988 Comm: syz-executor055 Tainted: G B 4.20.0-rc3+ #348 [ 37.055236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.064566] Call Trace: [ 37.067146] dump_stack+0x244/0x39d [ 37.070757] ? dump_stack_print_info.cold.1+0x20/0x20 [ 37.075941] panic+0x2ad/0x55c [ 37.079119] ? add_taint.cold.5+0x16/0x16 [ 37.083257] ? add_taint.cold.5+0x5/0x16 [ 37.087299] ? trace_hardirqs_off+0xaf/0x310 [ 37.091691] kasan_end_report+0x47/0x4f [ 37.095643] kasan_report.cold.8+0x76/0x309 [ 37.099954] ? queue_stack_map_push_elem+0x185/0x290 [ 37.105041] check_memory_region+0x13e/0x1b0 [ 37.109433] memcpy+0x37/0x50 [ 37.112519] queue_stack_map_push_elem+0x185/0x290 [ 37.117429] ? queue_map_pop_elem+0x30/0x30 [ 37.121734] map_update_elem+0x605/0xf60 [ 37.125776] __x64_sys_bpf+0x32d/0x520 [ 37.129658] ? bpf_prog_get+0x20/0x20 [ 37.133447] do_syscall_64+0x1b9/0x820 [ 37.137317] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.142691] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.147600] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.152426] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.157429] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.162430] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.167430] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.172257] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.177429] RIP: 0033:0x4400e9 [ 37.177926] kobject: 'regulatory.0' (0000000048db67aa): kobject_uevent_env [ 37.180609] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 37.187616] kobject: 'regulatory.0' (0000000048db67aa): fill_kobj_path: path = '/devices/platform/regulatory.0' [ 37.206565] RSP: 002b:00007ffd1a9a4618 EFLAGS: 00000213 ORIG_RAX: 0000000000000141 [ 37.206578] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004400e9 [ 37.206585] RDX: 0000000000000020 RSI: 0000000020000040 RDI: 0000000000000002 [ 37.206593] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 37.206601] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401970 [ 37.206608] R13: 0000000000401a00 R14: 0000000000000000 R15: 0000000000000000 [ 37.217859] Kernel Offset: disabled [ 37.265387] Rebooting in 86400 seconds..