DUID 00:04:98:96:05:40:f2:aa:0a:66:7a:29:c2:20:2e:76:e0:ec
forked to background, child pid 3172
[   29.907714][ T3173] 8021q: adding VLAN 0 to HW filter on device bond0
[   29.919951][ T3173] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.27' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   51.466897][ T3595] ==================================================================
[   51.475081][ T3595] BUG: KASAN: use-after-free in strcmp+0x9b/0xb0
[   51.481419][ T3595] Read of size 1 at addr ffff888012f86504 by task syz-executor365/3595
[   51.489644][ T3595] 
[   51.491954][ T3595] CPU: 1 PID: 3595 Comm: syz-executor365 Not tainted 5.17.0-rc3-syzkaller #0
[   51.500711][ T3595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.510748][ T3595] Call Trace:
[   51.514028][ T3595]  <TASK>
[   51.516949][ T3595]  dump_stack_lvl+0xcd/0x134
[   51.521551][ T3595]  print_address_description.constprop.0.cold+0x8d/0x336
[   51.528567][ T3595]  ? strcmp+0x9b/0xb0
[   51.532543][ T3595]  ? strcmp+0x9b/0xb0
[   51.536512][ T3595]  kasan_report.cold+0x83/0xdf
[   51.541278][ T3595]  ? strcmp+0x9b/0xb0
[   51.545247][ T3595]  strcmp+0x9b/0xb0
[   51.549041][ T3595]  madvise_update_vma+0x4e6/0x7f0
[   51.554078][ T3595]  madvise_vma_behavior+0x116/0x1910
[   51.559352][ T3595]  ? madvise_vma_anon_name+0xc0/0xc0
[   51.564624][ T3595]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[   51.570330][ T3595]  ? vmacache_find+0x62/0x330
[   51.574994][ T3595]  ? find_vma+0xbd/0x270
[   51.579222][ T3595]  madvise_walk_vmas+0x1d5/0x2d0
[   51.584158][ T3595]  ? madvise_vma_anon_name+0xc0/0xc0
[   51.589432][ T3595]  ? __remove_memory+0x40/0x40
[   51.594180][ T3595]  ? __down_timeout+0x10/0x10
[   51.598854][ T3595]  ? find_held_lock+0x2d/0x110
[   51.603612][ T3595]  do_madvise+0x249/0x3c0
[   51.607932][ T3595]  ? madvise_set_anon_name+0xe0/0xe0
[   51.613212][ T3595]  __x64_sys_madvise+0xa6/0x110
[   51.618048][ T3595]  ? syscall_enter_from_user_mode+0x21/0x70
[   51.623929][ T3595]  do_syscall_64+0x35/0xb0
[   51.628333][ T3595]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   51.634841][ T3595] RIP: 0033:0x7f2656061ff9
[   51.639329][ T3595] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   51.658922][ T3595] RSP: 002b:00007ffd2b728f88 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   51.667321][ T3595] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2656061ff9
[   51.675277][ T3595] RDX: 000000000000000b RSI: 0000000000001000 RDI: 0000000020ffc000
[   51.683230][ T3595] RBP: 00007f2656025fe0 R08: 0000000000000000 R09: 0000000000000000
[   51.691204][ T3595] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f2656026070
[   51.699160][ T3595] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   51.707124][ T3595]  </TASK>
[   51.710128][ T3595] 
[   51.712432][ T3595] Allocated by task 3595:
[   51.716741][ T3595]  kasan_save_stack+0x1e/0x40
[   51.721402][ T3595]  __kasan_kmalloc+0xa9/0xd0
[   51.725973][ T3595]  madvise_update_vma+0x546/0x7f0
[   51.730994][ T3595]  madvise_vma_anon_name+0x7c/0xc0
[   51.736089][ T3595]  madvise_walk_vmas+0x1d5/0x2d0
[   51.741009][ T3595]  madvise_set_anon_name+0xac/0xe0
[   51.746105][ T3595]  __do_sys_prctl+0xeb5/0x12d0
[   51.750853][ T3595]  do_syscall_64+0x35/0xb0
[   51.755275][ T3595]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   51.761166][ T3595] 
[   51.763471][ T3595] Freed by task 3595:
[   51.767427][ T3595]  kasan_save_stack+0x1e/0x40
[   51.772092][ T3595]  kasan_set_track+0x21/0x30
[   51.776663][ T3595]  kasan_set_free_info+0x20/0x30
[   51.781584][ T3595]  ____kasan_slab_free+0x130/0x160
[   51.786674][ T3595]  slab_free_freelist_hook+0x8b/0x1c0
[   51.792047][ T3595]  kfree+0xcb/0x280
[   51.795841][ T3595]  free_vma_anon_name+0xeb/0x110
[   51.800761][ T3595]  vm_area_free+0x11/0x30
[   51.805085][ T3595]  __vma_adjust+0x836/0x24a0
[   51.809655][ T3595]  vma_merge+0x860/0xeb0
[   51.813880][ T3595]  madvise_update_vma+0x1b6/0x7f0
[   51.818889][ T3595]  madvise_vma_behavior+0x116/0x1910
[   51.824160][ T3595]  madvise_walk_vmas+0x1d5/0x2d0
[   51.829080][ T3595]  do_madvise+0x249/0x3c0
[   51.833392][ T3595]  __x64_sys_madvise+0xa6/0x110
[   51.838227][ T3595]  do_syscall_64+0x35/0xb0
[   51.842626][ T3595]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   51.848506][ T3595] 
[   51.850813][ T3595] The buggy address belongs to the object at ffff888012f86500
[   51.850813][ T3595]  which belongs to the cache kmalloc-32 of size 32
[   51.864673][ T3595] The buggy address is located 4 bytes inside of
[   51.864673][ T3595]  32-byte region [ffff888012f86500, ffff888012f86520)
[   51.877680][ T3595] The buggy address belongs to the page:
[   51.883291][ T3595] page:ffffea00004be180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12f86
[   51.893436][ T3595] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   51.900975][ T3595] raw: 00fff00000000200 ffffea00008dcb40 dead000000000002 ffff888010c41500
[   51.909539][ T3595] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000
[   51.918106][ T3595] page dumped because: kasan: bad access detected
[   51.924497][ T3595] page_owner tracks the page as allocated
[   51.930192][ T3595] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 2233967433, free_ts 0
[   51.945018][ T3595]  get_page_from_freelist+0xa72/0x2f50
[   51.950554][ T3595]  __alloc_pages+0x1b2/0x500
[   51.955129][ T3595]  alloc_page_interleave+0x1e/0x200
[   51.960314][ T3595]  alloc_pages+0x2b1/0x310
[   51.964800][ T3595]  new_slab+0x28a/0x3b0
[   51.968935][ T3595]  ___slab_alloc+0x87c/0xe90
[   51.973517][ T3595]  __slab_alloc.constprop.0+0x4d/0xa0
[   51.978874][ T3595]  __kmalloc_track_caller+0x2e7/0x320
[   51.984234][ T3595]  krealloc+0x87/0xf0
[   51.988197][ T3595]  add_sysfs_param+0x152/0x960
[   51.992949][ T3595]  param_sysfs_init+0x301/0x43b
[   51.997783][ T3595]  do_one_initcall+0x103/0x650
[   52.002529][ T3595]  kernel_init_freeable+0x6b1/0x73a
[   52.007721][ T3595]  kernel_init+0x1a/0x1d0
[   52.012035][ T3595]  ret_from_fork+0x1f/0x30
[   52.016694][ T3595] page_owner free stack trace missing
[   52.022040][ T3595] 
[   52.024343][ T3595] Memory state around the buggy address:
[   52.029953][ T3595]  ffff888012f86400: 00 00 00 00 fc fc fc fc fb fb fb fb fc fc fc fc
[   52.037995][ T3595]  ffff888012f86480: 00 00 00 05 fc fc fc fc 00 00 00 00 fc fc fc fc
[   52.046034][ T3595] >ffff888012f86500: fa fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   52.054075][ T3595]                    ^
[   52.058125][ T3595]  ffff888012f86580: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   52.066177][ T3595]  ffff888012f86600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   52.074216][ T3595] ==================================================================
[   52.082262][ T3595] Disabling lock debugging due to kernel taint
[   52.089014][ T3595] Kernel panic - not syncing: panic_on_warn set ...
[   52.095599][ T3595] CPU: 1 PID: 3595 Comm: syz-executor365 Tainted: G    B             5.17.0-rc3-syzkaller #0
[   52.105730][ T3595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.116320][ T3595] Call Trace:
[   52.119582][ T3595]  <TASK>
[   52.122580][ T3595]  dump_stack_lvl+0xcd/0x134
[   52.127155][ T3595]  panic+0x2b0/0x6dd
[   52.131047][ T3595]  ? __warn_printk+0xf3/0xf3
[   52.135619][ T3595]  ? preempt_schedule_common+0x59/0xc0
[   52.141060][ T3595]  ? strcmp+0x9b/0xb0
[   52.145024][ T3595]  ? preempt_schedule_thunk+0x16/0x18
[   52.150398][ T3595]  ? trace_hardirqs_on+0x38/0x1c0
[   52.155406][ T3595]  ? trace_hardirqs_on+0x51/0x1c0
[   52.160419][ T3595]  ? strcmp+0x9b/0xb0
[   52.164389][ T3595]  ? strcmp+0x9b/0xb0
[   52.168380][ T3595]  end_report.cold+0x63/0x6f
[   52.172984][ T3595]  kasan_report.cold+0x71/0xdf
[   52.177733][ T3595]  ? strcmp+0x9b/0xb0
[   52.181709][ T3595]  strcmp+0x9b/0xb0
[   52.185512][ T3595]  madvise_update_vma+0x4e6/0x7f0
[   52.190526][ T3595]  madvise_vma_behavior+0x116/0x1910
[   52.195811][ T3595]  ? madvise_vma_anon_name+0xc0/0xc0
[   52.201079][ T3595]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[   52.206779][ T3595]  ? vmacache_find+0x62/0x330
[   52.211435][ T3595]  ? find_vma+0xbd/0x270
[   52.215666][ T3595]  madvise_walk_vmas+0x1d5/0x2d0
[   52.220584][ T3595]  ? madvise_vma_anon_name+0xc0/0xc0
[   52.225851][ T3595]  ? __remove_memory+0x40/0x40
[   52.230596][ T3595]  ? __down_timeout+0x10/0x10
[   52.235257][ T3595]  ? find_held_lock+0x2d/0x110
[   52.240021][ T3595]  do_madvise+0x249/0x3c0
[   52.244334][ T3595]  ? madvise_set_anon_name+0xe0/0xe0
[   52.249602][ T3595]  __x64_sys_madvise+0xa6/0x110
[   52.254436][ T3595]  ? syscall_enter_from_user_mode+0x21/0x70
[   52.260326][ T3595]  do_syscall_64+0x35/0xb0
[   52.264721][ T3595]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   52.270612][ T3595] RIP: 0033:0x7f2656061ff9
[   52.275019][ T3595] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   52.294611][ T3595] RSP: 002b:00007ffd2b728f88 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   52.303005][ T3595] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2656061ff9
[   52.310956][ T3595] RDX: 000000000000000b RSI: 0000000000001000 RDI: 0000000020ffc000
[   52.318904][ T3595] RBP: 00007f2656025fe0 R08: 0000000000000000 R09: 0000000000000000
[   52.326861][ T3595] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f2656026070
[   52.334812][ T3595] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   52.342766][ T3595]  </TASK>
[   52.345950][ T3595] Kernel Offset: disabled
[   52.350260][ T3595] Rebooting in 86400 seconds..