DUID 00:04:11:31:ea:d8:bb:db:47:a8:80:cb:7d:0b:3c:d8:ea:74
forked to background, child pid 3173
[   28.865508][ T3174] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.881978][ T3174] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.94' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   49.798599][ T3589] ==================================================================
[   49.806776][ T3589] BUG: KASAN: use-after-free in strcmp+0x9b/0xb0
[   49.813106][ T3589] Read of size 1 at addr ffff888022f65184 by task syz-executor301/3589
[   49.821328][ T3589] 
[   49.823664][ T3589] CPU: 0 PID: 3589 Comm: syz-executor301 Not tainted 5.17.0-rc3-syzkaller #0
[   49.832409][ T3589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.842450][ T3589] Call Trace:
[   49.845720][ T3589]  <TASK>
[   49.848658][ T3589]  dump_stack_lvl+0xcd/0x134
[   49.853251][ T3589]  print_address_description.constprop.0.cold+0x8d/0x336
[   49.860269][ T3589]  ? strcmp+0x9b/0xb0
[   49.864248][ T3589]  ? strcmp+0x9b/0xb0
[   49.868226][ T3589]  kasan_report.cold+0x83/0xdf
[   49.872981][ T3589]  ? strcmp+0x9b/0xb0
[   49.876951][ T3589]  strcmp+0x9b/0xb0
[   49.880751][ T3589]  madvise_update_vma+0x4e6/0x7f0
[   49.885779][ T3589]  madvise_vma_behavior+0x116/0x1910
[   49.891063][ T3589]  ? madvise_vma_anon_name+0xc0/0xc0
[   49.896338][ T3589]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[   49.902050][ T3589]  ? vmacache_find+0x62/0x330
[   49.906717][ T3589]  ? find_vma+0xbd/0x270
[   49.910953][ T3589]  madvise_walk_vmas+0x1d5/0x2d0
[   49.915888][ T3589]  ? madvise_vma_anon_name+0xc0/0xc0
[   49.921162][ T3589]  ? __remove_memory+0x40/0x40
[   49.925915][ T3589]  ? __down_timeout+0x10/0x10
[   49.930581][ T3589]  ? find_held_lock+0x2d/0x110
[   49.935341][ T3589]  do_madvise+0x249/0x3c0
[   49.939758][ T3589]  ? madvise_set_anon_name+0xe0/0xe0
[   49.945044][ T3589]  __x64_sys_madvise+0xa6/0x110
[   49.949901][ T3589]  ? syscall_enter_from_user_mode+0x21/0x70
[   49.955783][ T3589]  do_syscall_64+0x35/0xb0
[   49.960186][ T3589]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   49.966093][ T3589] RIP: 0033:0x7fbfbc791ff9
[   49.970502][ T3589] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   49.990616][ T3589] RSP: 002b:00007ffe49c648d8 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   49.999028][ T3589] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbfbc791ff9
[   50.007162][ T3589] RDX: 000000000000000b RSI: 0000000000001000 RDI: 0000000020ffc000
[   50.015120][ T3589] RBP: 00007fbfbc755fe0 R08: 0000000000000000 R09: 0000000000000000
[   50.023091][ T3589] R10: 0000000020000000 R11: 0000000000000246 R12: 00007fbfbc756070
[   50.031146][ T3589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   50.039221][ T3589]  </TASK>
[   50.042239][ T3589] 
[   50.044644][ T3589] Allocated by task 3589:
[   50.049002][ T3589]  kasan_save_stack+0x1e/0x40
[   50.053678][ T3589]  __kasan_kmalloc+0xa9/0xd0
[   50.058260][ T3589]  madvise_update_vma+0x546/0x7f0
[   50.063299][ T3589]  madvise_vma_anon_name+0x7c/0xc0
[   50.068402][ T3589]  madvise_walk_vmas+0x1d5/0x2d0
[   50.073328][ T3589]  madvise_set_anon_name+0xac/0xe0
[   50.078566][ T3589]  __do_sys_prctl+0xeb5/0x12d0
[   50.083505][ T3589]  do_syscall_64+0x35/0xb0
[   50.087913][ T3589]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.093881][ T3589] 
[   50.096191][ T3589] Freed by task 3589:
[   50.100149][ T3589]  kasan_save_stack+0x1e/0x40
[   50.104827][ T3589]  kasan_set_track+0x21/0x30
[   50.109405][ T3589]  kasan_set_free_info+0x20/0x30
[   50.114432][ T3589]  ____kasan_slab_free+0x130/0x160
[   50.119627][ T3589]  slab_free_freelist_hook+0x8b/0x1c0
[   50.124991][ T3589]  kfree+0xcb/0x280
[   50.128793][ T3589]  free_vma_anon_name+0xeb/0x110
[   50.133720][ T3589]  vm_area_free+0x11/0x30
[   50.138071][ T3589]  __vma_adjust+0x836/0x24a0
[   50.142652][ T3589]  vma_merge+0x860/0xeb0
[   50.146885][ T3589]  madvise_update_vma+0x1b6/0x7f0
[   50.151918][ T3589]  madvise_vma_behavior+0x116/0x1910
[   50.157304][ T3589]  madvise_walk_vmas+0x1d5/0x2d0
[   50.162229][ T3589]  do_madvise+0x249/0x3c0
[   50.166542][ T3589]  __x64_sys_madvise+0xa6/0x110
[   50.171381][ T3589]  do_syscall_64+0x35/0xb0
[   50.175786][ T3589]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.181668][ T3589] 
[   50.183973][ T3589] The buggy address belongs to the object at ffff888022f65180
[   50.183973][ T3589]  which belongs to the cache kmalloc-32 of size 32
[   50.197835][ T3589] The buggy address is located 4 bytes inside of
[   50.197835][ T3589]  32-byte region [ffff888022f65180, ffff888022f651a0)
[   50.210834][ T3589] The buggy address belongs to the page:
[   50.216456][ T3589] page:ffffea00008bd940 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22f65
[   50.226594][ T3589] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   50.234133][ T3589] raw: 00fff00000000200 ffffea00008be280 dead000000000003 ffff888010c41500
[   50.242789][ T3589] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000
[   50.251360][ T3589] page dumped because: kasan: bad access detected
[   50.257755][ T3589] page_owner tracks the page as allocated
[   50.263477][ T3589] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 2964, ts 17156172357, free_ts 15612795258
[   50.279623][ T3589]  get_page_from_freelist+0xa72/0x2f50
[   50.285094][ T3589]  __alloc_pages+0x1b2/0x500
[   50.289765][ T3589]  alloc_pages+0x1aa/0x310
[   50.294299][ T3589]  new_slab+0x28a/0x3b0
[   50.298455][ T3589]  ___slab_alloc+0x87c/0xe90
[   50.303050][ T3589]  __slab_alloc.constprop.0+0x4d/0xa0
[   50.308419][ T3589]  __kmalloc+0x2fb/0x340
[   50.312659][ T3589]  tomoyo_encode2.part.0+0xe9/0x3a0
[   50.317848][ T3589]  tomoyo_encode+0x28/0x50
[   50.322522][ T3589]  tomoyo_realpath_from_path+0x186/0x620
[   50.328140][ T3589]  tomoyo_path_perm+0x21b/0x400
[   50.332977][ T3589]  security_inode_getattr+0xcf/0x140
[   50.338263][ T3589]  vfs_statx+0x164/0x390
[   50.342497][ T3589]  __do_sys_newfstatat+0x96/0x120
[   50.347506][ T3589]  do_syscall_64+0x35/0xb0
[   50.351914][ T3589]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.357815][ T3589] page last free stack trace:
[   50.362490][ T3589]  free_pcp_prepare+0x374/0x870
[   50.367329][ T3589]  free_unref_page+0x19/0x690
[   50.371994][ T3589]  kasan_depopulate_vmalloc_pte+0x5c/0x70
[   50.377703][ T3589]  __apply_to_page_range+0x686/0x1030
[   50.383083][ T3589]  kasan_release_vmalloc+0xa7/0xc0
[   50.388190][ T3589]  __purge_vmap_area_lazy+0x8f9/0x1c50
[   50.393643][ T3589]  _vm_unmap_aliases.part.0+0x3f0/0x500
[   50.399362][ T3589]  vm_unmap_aliases+0x45/0x50
[   50.404069][ T3589]  change_page_attr_set_clr+0x241/0x500
[   50.414579][ T3589]  set_memory_nx+0xb2/0x110
[   50.419133][ T3589]  free_init_pages+0x73/0xc0
[   50.423715][ T3589]  kernel_init+0x2e/0x1d0
[   50.428030][ T3589]  ret_from_fork+0x1f/0x30
[   50.432433][ T3589] 
[   50.434740][ T3589] Memory state around the buggy address:
[   50.440352][ T3589]  ffff888022f65080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   50.448409][ T3589]  ffff888022f65100: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   50.456455][ T3589] >ffff888022f65180: fa fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   50.464515][ T3589]                    ^
[   50.468572][ T3589]  ffff888022f65200: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   50.476621][ T3589]  ffff888022f65280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   50.484662][ T3589] ==================================================================
[   50.492700][ T3589] Disabling lock debugging due to kernel taint
[   50.499877][ T3589] Kernel panic - not syncing: panic_on_warn set ...
[   50.506470][ T3589] CPU: 0 PID: 3589 Comm: syz-executor301 Tainted: G    B             5.17.0-rc3-syzkaller #0
[   50.516623][ T3589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.526664][ T3589] Call Trace:
[   50.529928][ T3589]  <TASK>
[   50.532847][ T3589]  dump_stack_lvl+0xcd/0x134
[   50.537425][ T3589]  panic+0x2b0/0x6dd
[   50.541320][ T3589]  ? __warn_printk+0xf3/0xf3
[   50.545894][ T3589]  ? preempt_schedule_common+0x59/0xc0
[   50.551411][ T3589]  ? strcmp+0x9b/0xb0
[   50.555388][ T3589]  ? preempt_schedule_thunk+0x16/0x18
[   50.560755][ T3589]  ? trace_hardirqs_on+0x38/0x1c0
[   50.565767][ T3589]  ? trace_hardirqs_on+0x51/0x1c0
[   50.570962][ T3589]  ? strcmp+0x9b/0xb0
[   50.574927][ T3589]  ? strcmp+0x9b/0xb0
[   50.578893][ T3589]  end_report.cold+0x63/0x6f
[   50.583480][ T3589]  kasan_report.cold+0x71/0xdf
[   50.588240][ T3589]  ? strcmp+0x9b/0xb0
[   50.592205][ T3589]  strcmp+0x9b/0xb0
[   50.596004][ T3589]  madvise_update_vma+0x4e6/0x7f0
[   50.601032][ T3589]  madvise_vma_behavior+0x116/0x1910
[   50.606314][ T3589]  ? madvise_vma_anon_name+0xc0/0xc0
[   50.611612][ T3589]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[   50.617339][ T3589]  ? vmacache_find+0x62/0x330
[   50.622011][ T3589]  ? find_vma+0xbd/0x270
[   50.626252][ T3589]  madvise_walk_vmas+0x1d5/0x2d0
[   50.631190][ T3589]  ? madvise_vma_anon_name+0xc0/0xc0
[   50.636565][ T3589]  ? __remove_memory+0x40/0x40
[   50.646119][ T3589]  ? __down_timeout+0x10/0x10
[   50.650810][ T3589]  ? find_held_lock+0x2d/0x110
[   50.655569][ T3589]  do_madvise+0x249/0x3c0
[   50.659899][ T3589]  ? madvise_set_anon_name+0xe0/0xe0
[   50.665190][ T3589]  __x64_sys_madvise+0xa6/0x110
[   50.670041][ T3589]  ? syscall_enter_from_user_mode+0x21/0x70
[   50.675929][ T3589]  do_syscall_64+0x35/0xb0
[   50.680337][ T3589]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.686225][ T3589] RIP: 0033:0x7fbfbc791ff9
[   50.690629][ T3589] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   50.710315][ T3589] RSP: 002b:00007ffe49c648d8 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   50.718722][ T3589] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbfbc791ff9
[   50.726683][ T3589] RDX: 000000000000000b RSI: 0000000000001000 RDI: 0000000020ffc000
[   50.734645][ T3589] RBP: 00007fbfbc755fe0 R08: 0000000000000000 R09: 0000000000000000
[   50.742608][ T3589] R10: 0000000020000000 R11: 0000000000000246 R12: 00007fbfbc756070
[   50.750572][ T3589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   50.758627][ T3589]  </TASK>
[   50.761793][ T3589] Kernel Offset: disabled
[   50.766193][ T3589] Rebooting in 86400 seconds..