DUID 00:04:8a:84:28:17:ce:93:6d:14:d5:a0:40:fa:67:36:71:42
forked to background, child pid 3176
[ 26.880291][ T3177] 8021q: adding VLAN 0 to HW filter on device bond0
[ 26.892833][ T3177] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.32' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 43.349517][ T3591] ==================================================================
[ 43.357688][ T3591] BUG: KASAN: slab-out-of-bounds in bpf_prog_test_run_xdp+0x10ac/0x1150
[ 43.366015][ T3591] Write of size 8 at addr ffff888077551000 by task syz-executor404/3591
[ 43.374372][ T3591]
[ 43.376691][ T3591] CPU: 1 PID: 3591 Comm: syz-executor404 Not tainted 5.17.0-rc1-syzkaller-00550-g000fe940e51f #0
[ 43.387170][ T3591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 43.397209][ T3591] Call Trace:
[ 43.400475][ T3591]
[ 43.403395][ T3591] dump_stack_lvl+0xcd/0x134
[ 43.407988][ T3591] print_address_description.constprop.0.cold+0x8d/0x336
[ 43.415181][ T3591] ? bpf_prog_test_run_xdp+0x10ac/0x1150
[ 43.420808][ T3591] ? bpf_prog_test_run_xdp+0x10ac/0x1150
[ 43.426440][ T3591] kasan_report.cold+0x83/0xdf
[ 43.431371][ T3591] ? __sanitizer_cov_trace_cmp2+0x11/0x80
[ 43.437078][ T3591] ? bpf_prog_test_run_xdp+0x10ac/0x1150
[ 43.442704][ T3591] bpf_prog_test_run_xdp+0x10ac/0x1150
[ 43.448160][ T3591] ? bpf_prog_test_run_skb+0x1de0/0x1de0
[ 43.453786][ T3591] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 43.460016][ T3591] ? __fget_light+0x215/0x280
[ 43.464697][ T3591] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 43.470930][ T3591] ? bpf_prog_test_run_skb+0x1de0/0x1de0
[ 43.476564][ T3591] __sys_bpf+0x1858/0x59a0
[ 43.480972][ T3591] ? bpf_link_get_from_fd+0x110/0x110
[ 43.486335][ T3591] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 43.492304][ T3591] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 43.498276][ T3591] ? find_held_lock+0x2d/0x110
[ 43.503041][ T3591] ? trace_hardirqs_on+0x38/0x1c0
[ 43.508053][ T3591] __x64_sys_bpf+0x75/0xb0
[ 43.512460][ T3591] ? syscall_enter_from_user_mode+0x21/0x70
[ 43.518345][ T3591] do_syscall_64+0x35/0xb0
[ 43.522747][ T3591] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 43.528634][ T3591] RIP: 0033:0x7fab0da64229
[ 43.533055][ T3591] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 43.552650][ T3591] RSP: 002b:00007ffcd63b93b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 43.561055][ T3591] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fab0da64229
[ 43.569015][ T3591] RDX: 0000000000000048 RSI: 0000000020000000 RDI: 000000000000000a
[ 43.576979][ T3591] RBP: 00007fab0da28210 R08: 0000000000000000 R09: 0000000000000000
[ 43.584939][ T3591] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fab0da282a0
[ 43.592897][ T3591] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 43.600865][ T3591]
[ 43.603869][ T3591]
[ 43.606177][ T3591] Allocated by task 3591:
[ 43.610485][ T3591] kasan_save_stack+0x1e/0x40
[ 43.615160][ T3591] __kasan_kmalloc+0xa9/0xd0
[ 43.619739][ T3591] bpf_test_init.isra.0+0x9f/0x150
[ 43.624841][ T3591] bpf_prog_test_run_xdp+0x2f8/0x1150
[ 43.630203][ T3591] __sys_bpf+0x1858/0x59a0
[ 43.634607][ T3591] __x64_sys_bpf+0x75/0xb0
[ 43.639008][ T3591] do_syscall_64+0x35/0xb0
[ 43.643419][ T3591] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 43.649299][ T3591]
[ 43.651606][ T3591] The buggy address belongs to the object at ffff888077550000
[ 43.651606][ T3591] which belongs to the cache kmalloc-4k of size 4096
[ 43.665811][ T3591] The buggy address is located 0 bytes to the right of
[ 43.665811][ T3591] 4096-byte region [ffff888077550000, ffff888077551000)
[ 43.679504][ T3591] The buggy address belongs to the page:
[ 43.685122][ T3591] page:ffffea0001dd5400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77550
[ 43.695255][ T3591] head:ffffea0001dd5400 order:3 compound_mapcount:0 compound_pincount:0
[ 43.703569][ T3591] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 43.711550][ T3591] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888010c42140
[ 43.720118][ T3591] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[ 43.728682][ T3591] page dumped because: kasan: bad access detected
[ 43.735073][ T3591] page_owner tracks the page as allocated
[ 43.740783][ T3591] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3591, ts 43349371784, free_ts 43330616571
[ 43.761287][ T3591] get_page_from_freelist+0xa72/0x2f50
[ 43.766736][ T3591] __alloc_pages+0x1b2/0x500
[ 43.771310][ T3591] alloc_pages+0x1aa/0x310
[ 43.775712][ T3591] new_slab+0x28a/0x3b0
[ 43.779902][ T3591] ___slab_alloc+0x87c/0xe90
[ 43.784489][ T3591] __slab_alloc.constprop.0+0x4d/0xa0
[ 43.789859][ T3591] __kmalloc+0x2fb/0x340
[ 43.794176][ T3591] bpf_test_init.isra.0+0x9f/0x150
[ 43.799288][ T3591] bpf_prog_test_run_xdp+0x2f8/0x1150
[ 43.804649][ T3591] __sys_bpf+0x1858/0x59a0
[ 43.809048][ T3591] __x64_sys_bpf+0x75/0xb0
[ 43.813476][ T3591] do_syscall_64+0x35/0xb0
[ 43.817887][ T3591] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 43.823767][ T3591] page last free stack trace:
[ 43.828432][ T3591] free_pcp_prepare+0x374/0x870
[ 43.833270][ T3591] free_unref_page+0x19/0x690
[ 43.837932][ T3591] __unfreeze_partials+0x320/0x340
[ 43.843029][ T3591] qlist_free_all+0x6d/0x160
[ 43.847607][ T3591] kasan_quarantine_reduce+0x180/0x200
[ 43.853051][ T3591] __kasan_slab_alloc+0xa2/0xc0
[ 43.857889][ T3591] kmem_cache_alloc+0x202/0x3a0
[ 43.862729][ T3591] getname_flags.part.0+0x50/0x4f0
[ 43.867831][ T3591] getname_flags+0x9a/0xe0
[ 43.872235][ T3591] user_path_at_empty+0x2b/0x60
[ 43.877071][ T3591] vfs_statx+0x142/0x390
[ 43.881302][ T3591] __do_sys_newfstatat+0x96/0x120
[ 43.886314][ T3591] do_syscall_64+0x35/0xb0
[ 43.890717][ T3591] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 43.896690][ T3591]
[ 43.898998][ T3591] Memory state around the buggy address:
[ 43.904610][ T3591] ffff888077550f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 43.912668][ T3591] ffff888077550f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 43.920713][ T3591] >ffff888077551000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 43.928843][ T3591] ^
[ 43.932896][ T3591] ffff888077551080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 43.940939][ T3591] ffff888077551100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 43.949413][ T3591] ==================================================================
[ 43.957468][ T3591] Disabling lock debugging due to kernel taint
[ 43.963817][ T3591] Kernel panic - not syncing: panic_on_warn set ...
[ 43.970422][ T3591] CPU: 1 PID: 3591 Comm: syz-executor404 Tainted: G B 5.17.0-rc1-syzkaller-00550-g000fe940e51f #0
[ 43.982303][ T3591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 43.992358][ T3591] Call Trace:
[ 43.995630][ T3591]
[ 43.998564][ T3591] dump_stack_lvl+0xcd/0x134
[ 44.003158][ T3591] panic+0x2b0/0x6dd
[ 44.007052][ T3591] ? __warn_printk+0xf3/0xf3
[ 44.011641][ T3591] ? preempt_schedule_common+0x59/0xc0
[ 44.017098][ T3591] ? bpf_prog_test_run_xdp+0x10ac/0x1150
[ 44.022728][ T3591] ? preempt_schedule_thunk+0x16/0x18
[ 44.028100][ T3591] ? trace_hardirqs_on+0x38/0x1c0
[ 44.033117][ T3591] ? trace_hardirqs_on+0x51/0x1c0
[ 44.038135][ T3591] ? bpf_prog_test_run_xdp+0x10ac/0x1150
[ 44.043805][ T3591] ? bpf_prog_test_run_xdp+0x10ac/0x1150
[ 44.049437][ T3591] end_report.cold+0x63/0x6f
[ 44.054029][ T3591] kasan_report.cold+0x71/0xdf
[ 44.058796][ T3591] ? __sanitizer_cov_trace_cmp2+0x11/0x80
[ 44.064513][ T3591] ? bpf_prog_test_run_xdp+0x10ac/0x1150
[ 44.070143][ T3591] bpf_prog_test_run_xdp+0x10ac/0x1150
[ 44.075616][ T3591] ? bpf_prog_test_run_skb+0x1de0/0x1de0
[ 44.081263][ T3591] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 44.087507][ T3591] ? __fget_light+0x215/0x280
[ 44.092191][ T3591] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 44.098453][ T3591] ? bpf_prog_test_run_skb+0x1de0/0x1de0
[ 44.104102][ T3591] __sys_bpf+0x1858/0x59a0
[ 44.108520][ T3591] ? bpf_link_get_from_fd+0x110/0x110
[ 44.113890][ T3591] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 44.119873][ T3591] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 44.125858][ T3591] ? find_held_lock+0x2d/0x110
[ 44.130630][ T3591] ? trace_hardirqs_on+0x38/0x1c0
[ 44.135655][ T3591] __x64_sys_bpf+0x75/0xb0
[ 44.140074][ T3591] ? syscall_enter_from_user_mode+0x21/0x70
[ 44.145972][ T3591] do_syscall_64+0x35/0xb0
[ 44.150388][ T3591] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 44.156284][ T3591] RIP: 0033:0x7fab0da64229
[ 44.160698][ T3591] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 44.180995][ T3591] RSP: 002b:00007ffcd63b93b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 44.189406][ T3591] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fab0da64229
[ 44.197369][ T3591] RDX: 0000000000000048 RSI: 0000000020000000 RDI: 000000000000000a
[ 44.205338][ T3591] RBP: 00007fab0da28210 R08: 0000000000000000 R09: 0000000000000000
[ 44.213304][ T3591] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fab0da282a0
[ 44.221268][ T3591] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 44.229239][ T3591]
[ 44.232417][ T3591] Kernel Offset: disabled
[ 44.236733][ T3591] Rebooting in 86400 seconds..