DUID 00:04:6d:8d:bc:0e:4f:6f:26:62:62:35:cf:10:b8:8b:0d:d5
forked to background, child pid 3173
[ 28.337855][ T3174] 8021q: adding VLAN 0 to HW filter on device bond0
[ 28.355243][ T3174] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.100' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 49.745747][ T3592] ==================================================================
[ 49.753990][ T3592] BUG: KASAN: slab-out-of-bounds in bpf_prog_test_run_xdp+0x10ac/0x1150
[ 49.762442][ T3592] Write of size 8 at addr ffff88801dc53000 by task syz-executor098/3592
[ 49.770788][ T3592]
[ 49.773119][ T3592] CPU: 1 PID: 3592 Comm: syz-executor098 Not tainted 5.16.0-syzkaller-11587-gdd5152ab338c #0
[ 49.783262][ T3592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 49.793316][ T3592] Call Trace:
[ 49.796594][ T3592]
[ 49.799525][ T3592] dump_stack_lvl+0xcd/0x134
[ 49.804138][ T3592] print_address_description.constprop.0.cold+0x8d/0x336
[ 49.811197][ T3592] ? bpf_prog_test_run_xdp+0x10ac/0x1150
[ 49.816880][ T3592] ? bpf_prog_test_run_xdp+0x10ac/0x1150
[ 49.823498][ T3592] kasan_report.cold+0x83/0xdf
[ 49.828393][ T3592] ? __sanitizer_cov_trace_const_cmp4+0x41/0x70
[ 49.834671][ T3592] ? bpf_prog_test_run_xdp+0x10ac/0x1150
[ 49.840368][ T3592] bpf_prog_test_run_xdp+0x10ac/0x1150
[ 49.845886][ T3592] ? bpf_prog_test_run_skb+0x1de0/0x1de0
[ 49.851585][ T3592] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 49.857874][ T3592] ? __fget_light+0x215/0x280
[ 49.862573][ T3592] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 49.868831][ T3592] ? bpf_prog_test_run_skb+0x1de0/0x1de0
[ 49.874482][ T3592] __sys_bpf+0x1858/0x59a0
[ 49.878919][ T3592] ? bpf_link_get_from_fd+0x110/0x110
[ 49.884311][ T3592] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 49.890316][ T3592] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 49.896325][ T3592] ? find_held_lock+0x2d/0x110
[ 49.901130][ T3592] ? trace_hardirqs_on+0x38/0x1c0
[ 49.906174][ T3592] __x64_sys_bpf+0x75/0xb0
[ 49.910691][ T3592] ? syscall_enter_from_user_mode+0x21/0x70
[ 49.916606][ T3592] do_syscall_64+0x35/0xb0
[ 49.921045][ T3592] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 49.926961][ T3592] RIP: 0033:0x7fada7c9e229
[ 49.931387][ T3592] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 49.951092][ T3592] RSP: 002b:00007fff58406588 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 49.959524][ T3592] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fada7c9e229
[ 49.967600][ T3592] RDX: 0000000000000048 RSI: 0000000020000000 RDI: 000000000000000a
[ 49.975797][ T3592] RBP: 00007fada7c62210 R08: 0000000000000000 R09: 0000000000000000
[ 49.983884][ T3592] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fada7c622a0
[ 49.992370][ T3592] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 50.000476][ T3592]
[ 50.003594][ T3592]
[ 50.005926][ T3592] Allocated by task 3592:
[ 50.010251][ T3592] kasan_save_stack+0x1e/0x50
[ 50.014955][ T3592] __kasan_kmalloc+0xa9/0xd0
[ 50.020729][ T3592] bpf_test_init.isra.0+0x9f/0x150
[ 50.025961][ T3592] bpf_prog_test_run_xdp+0x2f8/0x1150
[ 50.031348][ T3592] __sys_bpf+0x1858/0x59a0
[ 50.035860][ T3592] __x64_sys_bpf+0x75/0xb0
[ 50.040288][ T3592] do_syscall_64+0x35/0xb0
[ 50.044711][ T3592] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 50.050624][ T3592]
[ 50.052956][ T3592] The buggy address belongs to the object at ffff88801dc52000
[ 50.052956][ T3592] which belongs to the cache kmalloc-4k of size 4096
[ 50.067384][ T3592] The buggy address is located 0 bytes to the right of
[ 50.067384][ T3592] 4096-byte region [ffff88801dc52000, ffff88801dc53000)
[ 50.081284][ T3592] The buggy address belongs to the page:
[ 50.087438][ T3592] page:ffffea0000771400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1dc50
[ 50.097789][ T3592] head:ffffea0000771400 order:3 compound_mapcount:0 compound_pincount:0
[ 50.106558][ T3592] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 50.114648][ T3592] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888010c42140
[ 50.123679][ T3592] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[ 50.132869][ T3592] page dumped because: kasan: bad access detected
[ 50.140338][ T3592] page_owner tracks the page as allocated
[ 50.146071][ T3592] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3592, ts 49734537716, free_ts 49716400399
[ 50.165271][ T3592] get_page_from_freelist+0xa72/0x2f50
[ 50.170744][ T3592] __alloc_pages+0x1b2/0x500
[ 50.175438][ T3592] alloc_pages+0x1aa/0x310
[ 50.179865][ T3592] new_slab+0x28a/0x3b0
[ 50.184033][ T3592] ___slab_alloc+0x87c/0xe90
[ 50.188640][ T3592] __slab_alloc.constprop.0+0x4d/0xa0
[ 50.194033][ T3592] kmem_cache_alloc_trace+0x289/0x2c0
[ 50.199423][ T3592] ima_calc_file_hash_tfm+0x282/0x3b0
[ 50.204810][ T3592] ima_calc_file_hash+0x19d/0x4b0
[ 50.209847][ T3592] ima_collect_measurement+0x4c9/0x570
[ 50.215404][ T3592] process_measurement+0xd37/0x1920
[ 50.220615][ T3592] ima_bprm_check+0xd0/0x220
[ 50.225211][ T3592] security_bprm_check+0x7d/0xa0
[ 50.230162][ T3592] bprm_execve+0x732/0x19b0
[ 50.234714][ T3592] do_execveat_common+0x5e3/0x780
[ 50.239759][ T3592] __x64_sys_execve+0x8f/0xc0
[ 50.244449][ T3592] page last free stack trace:
[ 50.249209][ T3592] free_pcp_prepare+0x374/0x870
[ 50.254190][ T3592] free_unref_page+0x19/0x690
[ 50.258877][ T3592] __unfreeze_partials+0x320/0x340
[ 50.264090][ T3592] qlist_free_all+0x6d/0x160
[ 50.268687][ T3592] kasan_quarantine_reduce+0x180/0x200
[ 50.274168][ T3592] __kasan_slab_alloc+0xa2/0xc0
[ 50.279028][ T3592] kmem_cache_alloc+0x202/0x3a0
[ 50.283891][ T3592] getname_flags.part.0+0x50/0x4f0
[ 50.289126][ T3592] getname_flags+0x9a/0xe0
[ 50.293550][ T3592] user_path_at_empty+0x2b/0x60
[ 50.298412][ T3592] vfs_statx+0x142/0x390
[ 50.302710][ T3592] __do_sys_newfstatat+0x96/0x120
[ 50.307744][ T3592] do_syscall_64+0x35/0xb0
[ 50.312169][ T3592] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 50.318173][ T3592]
[ 50.320579][ T3592] Memory state around the buggy address:
[ 50.326910][ T3592] ffff88801dc52f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.334985][ T3592] ffff88801dc52f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.343051][ T3592] >ffff88801dc53000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.351115][ T3592] ^
[ 50.355201][ T3592] ffff88801dc53080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.363271][ T3592] ffff88801dc53100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.371331][ T3592] ==================================================================
[ 50.379394][ T3592] Disabling lock debugging due to kernel taint
[ 50.385829][ T3592] Kernel panic - not syncing: panic_on_warn set ...
[ 50.392606][ T3592] CPU: 0 PID: 3592 Comm: syz-executor098 Tainted: G B 5.16.0-syzkaller-11587-gdd5152ab338c #0
[ 50.404141][ T3592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 50.414208][ T3592] Call Trace:
[ 50.417501][ T3592]
[ 50.420616][ T3592] dump_stack_lvl+0xcd/0x134
[ 50.425244][ T3592] panic+0x2b0/0x6dd
[ 50.431172][ T3592] ? __warn_printk+0xf3/0xf3
[ 50.436032][ T3592] ? preempt_schedule_common+0x59/0xc0
[ 50.441599][ T3592] ? bpf_prog_test_run_xdp+0x10ac/0x1150
[ 50.447405][ T3592] ? preempt_schedule_thunk+0x16/0x18
[ 50.452841][ T3592] ? trace_hardirqs_on+0x38/0x1c0
[ 50.457901][ T3592] ? trace_hardirqs_on+0x51/0x1c0
[ 50.462960][ T3592] ? bpf_prog_test_run_xdp+0x10ac/0x1150
[ 50.468597][ T3592] ? bpf_prog_test_run_xdp+0x10ac/0x1150
[ 50.474679][ T3592] end_report.cold+0x63/0x6f
[ 50.479276][ T3592] kasan_report.cold+0x71/0xdf
[ 50.484236][ T3592] ? __sanitizer_cov_trace_const_cmp4+0x41/0x70
[ 50.490493][ T3592] ? bpf_prog_test_run_xdp+0x10ac/0x1150
[ 50.496406][ T3592] bpf_prog_test_run_xdp+0x10ac/0x1150
[ 50.502067][ T3592] ? bpf_prog_test_run_skb+0x1de0/0x1de0
[ 50.507857][ T3592] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.514136][ T3592] ? __fget_light+0x215/0x280
[ 50.518821][ T3592] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.525258][ T3592] ? bpf_prog_test_run_skb+0x1de0/0x1de0
[ 50.530979][ T3592] __sys_bpf+0x1858/0x59a0
[ 50.535401][ T3592] ? bpf_link_get_from_fd+0x110/0x110
[ 50.540854][ T3592] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 50.546832][ T3592] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 50.552823][ T3592] ? find_held_lock+0x2d/0x110
[ 50.557592][ T3592] ? trace_hardirqs_on+0x38/0x1c0
[ 50.562636][ T3592] __x64_sys_bpf+0x75/0xb0
[ 50.567153][ T3592] ? syscall_enter_from_user_mode+0x21/0x70
[ 50.573049][ T3592] do_syscall_64+0x35/0xb0
[ 50.577692][ T3592] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 50.583707][ T3592] RIP: 0033:0x7fada7c9e229
[ 50.588133][ T3592] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 50.607749][ T3592] RSP: 002b:00007fff58406588 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 50.616158][ T3592] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fada7c9e229
[ 50.624822][ T3592] RDX: 0000000000000048 RSI: 0000000020000000 RDI: 000000000000000a
[ 50.632813][ T3592] RBP: 00007fada7c62210 R08: 0000000000000000 R09: 0000000000000000
[ 50.640972][ T3592] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fada7c622a0
[ 50.649109][ T3592] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 50.657086][ T3592]
[ 50.660781][ T3592] Kernel Offset: disabled
[ 50.665126][ T3592] Rebooting in 86400 seconds..