forked to background, child pid 3172
no interfaces have a carrier
[ 24.195830][ T3173] 8021q: adding VLAN 0 to HW filter on device bond0
[ 24.208116][ T3173] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.90' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 38.109902][ T3585] ==================================================================
[ 38.118382][ T3585] BUG: KASAN: use-after-free in strcmp+0x9b/0xb0
[ 38.124791][ T3585] Read of size 1 at addr ffff888022436144 by task syz-executor631/3585
[ 38.133060][ T3585]
[ 38.135374][ T3585] CPU: 1 PID: 3585 Comm: syz-executor631 Not tainted 5.17.0-rc3-syzkaller #0
[ 38.144127][ T3585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 38.154191][ T3585] Call Trace:
[ 38.157470][ T3585]
[ 38.160428][ T3585] dump_stack_lvl+0xcd/0x134
[ 38.165055][ T3585] print_address_description.constprop.0.cold+0x8d/0x336
[ 38.172101][ T3585] ? strcmp+0x9b/0xb0
[ 38.176093][ T3585] ? strcmp+0x9b/0xb0
[ 38.180059][ T3585] kasan_report.cold+0x83/0xdf
[ 38.184836][ T3585] ? strcmp+0x9b/0xb0
[ 38.188854][ T3585] strcmp+0x9b/0xb0
[ 38.192694][ T3585] madvise_update_vma+0x4e6/0x7f0
[ 38.197776][ T3585] madvise_vma_behavior+0x116/0x1910
[ 38.203064][ T3585] ? madvise_vma_anon_name+0xc0/0xc0
[ 38.208355][ T3585] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 38.214084][ T3585] ? vmacache_find+0x62/0x330
[ 38.218769][ T3585] ? find_vma+0xbd/0x270
[ 38.223011][ T3585] madvise_walk_vmas+0x1d5/0x2d0
[ 38.228067][ T3585] ? madvise_vma_anon_name+0xc0/0xc0
[ 38.233358][ T3585] ? __remove_memory+0x40/0x40
[ 38.238127][ T3585] ? __down_timeout+0x10/0x10
[ 38.242808][ T3585] ? find_held_lock+0x2d/0x110
[ 38.247827][ T3585] do_madvise+0x249/0x3c0
[ 38.252167][ T3585] ? madvise_set_anon_name+0xe0/0xe0
[ 38.257464][ T3585] __x64_sys_madvise+0xa6/0x110
[ 38.262316][ T3585] ? syscall_enter_from_user_mode+0x21/0x70
[ 38.268220][ T3585] do_syscall_64+0x35/0xb0
[ 38.272649][ T3585] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 38.278694][ T3585] RIP: 0033:0x7f697f40aff9
[ 38.283115][ T3585] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 38.302918][ T3585] RSP: 002b:00007ffd5c1eda68 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[ 38.311344][ T3585] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f697f40aff9
[ 38.319311][ T3585] RDX: 000000000000000b RSI: 0000000000001000 RDI: 0000000020ffc000
[ 38.327269][ T3585] RBP: 00007f697f3cefe0 R08: 0000000000000000 R09: 0000000000000000
[ 38.335228][ T3585] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f697f3cf070
[ 38.343185][ T3585] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 38.351162][ T3585]
[ 38.354167][ T3585]
[ 38.356474][ T3585] Allocated by task 3585:
[ 38.360781][ T3585] kasan_save_stack+0x1e/0x40
[ 38.365462][ T3585] __kasan_kmalloc+0xa9/0xd0
[ 38.370037][ T3585] madvise_update_vma+0x546/0x7f0
[ 38.375140][ T3585] madvise_vma_anon_name+0x7c/0xc0
[ 38.380240][ T3585] madvise_walk_vmas+0x1d5/0x2d0
[ 38.385167][ T3585] madvise_set_anon_name+0xac/0xe0
[ 38.390618][ T3585] __do_sys_prctl+0xeb5/0x12d0
[ 38.395372][ T3585] do_syscall_64+0x35/0xb0
[ 38.399778][ T3585] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 38.405659][ T3585]
[ 38.407964][ T3585] Freed by task 3585:
[ 38.411920][ T3585] kasan_save_stack+0x1e/0x40
[ 38.416580][ T3585] kasan_set_track+0x21/0x30
[ 38.421152][ T3585] kasan_set_free_info+0x20/0x30
[ 38.426077][ T3585] ____kasan_slab_free+0x130/0x160
[ 38.431170][ T3585] slab_free_freelist_hook+0x8b/0x1c0
[ 38.436530][ T3585] kfree+0xcb/0x280
[ 38.440323][ T3585] free_vma_anon_name+0xeb/0x110
[ 38.445408][ T3585] vm_area_free+0x11/0x30
[ 38.449725][ T3585] __vma_adjust+0x836/0x24a0
[ 38.454436][ T3585] vma_merge+0x860/0xeb0
[ 38.458725][ T3585] madvise_update_vma+0x1b6/0x7f0
[ 38.463740][ T3585] madvise_vma_behavior+0x116/0x1910
[ 38.469014][ T3585] madvise_walk_vmas+0x1d5/0x2d0
[ 38.473942][ T3585] do_madvise+0x249/0x3c0
[ 38.478258][ T3585] __x64_sys_madvise+0xa6/0x110
[ 38.483098][ T3585] do_syscall_64+0x35/0xb0
[ 38.487506][ T3585] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 38.493395][ T3585]
[ 38.495702][ T3585] The buggy address belongs to the object at ffff888022436140
[ 38.495702][ T3585] which belongs to the cache kmalloc-32 of size 32
[ 38.509590][ T3585] The buggy address is located 4 bytes inside of
[ 38.509590][ T3585] 32-byte region [ffff888022436140, ffff888022436160)
[ 38.522598][ T3585] The buggy address belongs to the page:
[ 38.528238][ T3585] page:ffffea0000890d80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22436
[ 38.538380][ T3585] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 38.545938][ T3585] raw: 00fff00000000200 ffffea0001fce5c0 dead000000000003 ffff888010c41500
[ 38.554540][ T3585] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000
[ 38.563120][ T3585] page dumped because: kasan: bad access detected
[ 38.569518][ T3585] page_owner tracks the page as allocated
[ 38.575211][ T3585] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 2963, ts 14421373143, free_ts 12715492965
[ 38.591369][ T3585] get_page_from_freelist+0xa72/0x2f50
[ 38.596862][ T3585] __alloc_pages+0x1b2/0x500
[ 38.601446][ T3585] alloc_pages+0x1aa/0x310
[ 38.605852][ T3585] new_slab+0x28a/0x3b0
[ 38.609994][ T3585] ___slab_alloc+0x87c/0xe90
[ 38.614574][ T3585] __slab_alloc.constprop.0+0x4d/0xa0
[ 38.619939][ T3585] __kmalloc+0x2fb/0x340
[ 38.624171][ T3585] kobject_get_path+0xbe/0x230
[ 38.628930][ T3585] kobject_uevent_env+0x259/0x1600
[ 38.634029][ T3585] kobject_synth_uevent+0x701/0x850
[ 38.639232][ T3585] uevent_store+0x42/0x90
[ 38.643548][ T3585] drv_attr_store+0x6d/0xa0
[ 38.648062][ T3585] sysfs_kf_write+0x110/0x160
[ 38.652723][ T3585] kernfs_fop_write_iter+0x342/0x500
[ 38.657997][ T3585] new_sync_write+0x431/0x660
[ 38.662665][ T3585] vfs_write+0x7cd/0xae0
[ 38.666897][ T3585] page last free stack trace:
[ 38.671573][ T3585] free_pcp_prepare+0x374/0x870
[ 38.676413][ T3585] free_unref_page+0x19/0x690
[ 38.681085][ T3585] kasan_depopulate_vmalloc_pte+0x5c/0x70
[ 38.686852][ T3585] __apply_to_page_range+0x686/0x1030
[ 38.692452][ T3585] kasan_release_vmalloc+0xa7/0xc0
[ 38.697598][ T3585] __purge_vmap_area_lazy+0x8f9/0x1c50
[ 38.703086][ T3585] _vm_unmap_aliases.part.0+0x3f0/0x500
[ 38.708712][ T3585] vm_unmap_aliases+0x45/0x50
[ 38.713412][ T3585] change_page_attr_set_clr+0x241/0x500
[ 38.719004][ T3585] set_memory_nx+0xb2/0x110
[ 38.723512][ T3585] free_init_pages+0x73/0xc0
[ 38.728404][ T3585] kernel_init+0x2e/0x1d0
[ 38.732748][ T3585] ret_from_fork+0x1f/0x30
[ 38.737190][ T3585]
[ 38.739507][ T3585] Memory state around the buggy address:
[ 38.745175][ T3585] ffff888022436000: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[ 38.753268][ T3585] ffff888022436080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[ 38.761348][ T3585] >ffff888022436100: fb fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[ 38.769397][ T3585] ^
[ 38.775690][ T3585] ffff888022436180: 00 00 01 fc fc fc fc fc 00 00 00 04 fc fc fc fc
[ 38.784137][ T3585] ffff888022436200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[ 38.792220][ T3585] ==================================================================
[ 38.800290][ T3585] Disabling lock debugging due to kernel taint
[ 38.807515][ T3585] Kernel panic - not syncing: panic_on_warn set ...
[ 38.814172][ T3585] CPU: 0 PID: 3585 Comm: syz-executor631 Tainted: G B 5.17.0-rc3-syzkaller #0
[ 38.824346][ T3585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 38.834416][ T3585] Call Trace:
[ 38.837695][ T3585]
[ 38.840619][ T3585] dump_stack_lvl+0xcd/0x134
[ 38.845305][ T3585] panic+0x2b0/0x6dd
[ 38.849200][ T3585] ? __warn_printk+0xf3/0xf3
[ 38.853782][ T3585] ? preempt_schedule_common+0x59/0xc0
[ 38.859241][ T3585] ? strcmp+0x9b/0xb0
[ 38.863224][ T3585] ? preempt_schedule_thunk+0x16/0x18
[ 38.868595][ T3585] ? trace_hardirqs_on+0x38/0x1c0
[ 38.873607][ T3585] ? trace_hardirqs_on+0x51/0x1c0
[ 38.878627][ T3585] ? strcmp+0x9b/0xb0
[ 38.882600][ T3585] ? strcmp+0x9b/0xb0
[ 38.886573][ T3585] end_report.cold+0x63/0x6f
[ 38.891330][ T3585] kasan_report.cold+0x71/0xdf
[ 38.896102][ T3585] ? strcmp+0x9b/0xb0
[ 38.900073][ T3585] strcmp+0x9b/0xb0
[ 38.903879][ T3585] madvise_update_vma+0x4e6/0x7f0
[ 38.908915][ T3585] madvise_vma_behavior+0x116/0x1910
[ 38.914374][ T3585] ? madvise_vma_anon_name+0xc0/0xc0
[ 38.919668][ T3585] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 38.925399][ T3585] ? vmacache_find+0x62/0x330
[ 38.930093][ T3585] ? find_vma+0xbd/0x270
[ 38.934328][ T3585] madvise_walk_vmas+0x1d5/0x2d0
[ 38.939268][ T3585] ? madvise_vma_anon_name+0xc0/0xc0
[ 38.944546][ T3585] ? __remove_memory+0x40/0x40
[ 38.949302][ T3585] ? __down_timeout+0x10/0x10
[ 38.953981][ T3585] ? find_held_lock+0x2d/0x110
[ 38.958746][ T3585] do_madvise+0x249/0x3c0
[ 38.963080][ T3585] ? madvise_set_anon_name+0xe0/0xe0
[ 38.968481][ T3585] __x64_sys_madvise+0xa6/0x110
[ 38.973342][ T3585] ? syscall_enter_from_user_mode+0x21/0x70
[ 38.979260][ T3585] do_syscall_64+0x35/0xb0
[ 38.984452][ T3585] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 38.990355][ T3585] RIP: 0033:0x7f697f40aff9
[ 38.994781][ T3585] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 39.014520][ T3585] RSP: 002b:00007ffd5c1eda68 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[ 39.022956][ T3585] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f697f40aff9
[ 39.031232][ T3585] RDX: 000000000000000b RSI: 0000000000001000 RDI: 0000000020ffc000
[ 39.039230][ T3585] RBP: 00007f697f3cefe0 R08: 0000000000000000 R09: 0000000000000000
[ 39.047198][ T3585] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f697f3cf070
[ 39.055166][ T3585] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 39.063137][ T3585]
[ 39.066854][ T3585] Kernel Offset: disabled
[ 39.071176][ T3585] Rebooting in 86400 seconds..