================================================================== BUG: KASAN: vmalloc-out-of-bounds in bpf_prog_get_recursion_context include/linux/bpf.h:2055 [inline] BUG: KASAN: vmalloc-out-of-bounds in __bpf_trace_run kernel/trace/bpf_trace.c:2080 [inline] BUG: KASAN: vmalloc-out-of-bounds in bpf_trace_run2+0x28c/0x840 kernel/trace/bpf_trace.c:2129 Read of size 8 at addr ffffc900014a6040 by task dhcpcd/5197 CPU: 0 UID: 101 PID: 5197 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xba/0x230 mm/kasan/report.c:482 kasan_report+0x117/0x150 mm/kasan/report.c:595 bpf_prog_get_recursion_context include/linux/bpf.h:2055 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2080 [inline] bpf_trace_run2+0x28c/0x840 kernel/trace/bpf_trace.c:2129 __do_trace_kfree include/trace/events/kmem.h:97 [inline] trace_kfree include/trace/events/kmem.h:97 [inline] kfree+0x5b2/0x630 mm/slub.c:6469 seccomp_filter_free kernel/seccomp.c:528 [inline] __put_seccomp_filter kernel/seccomp.c:547 [inline] __seccomp_filter_release kernel/seccomp.c:556 [inline] seccomp_filter_release+0x22b/0x2d0 kernel/seccomp.c:585 do_exit+0x3b0/0x23c0 kernel/exit.c:920 do_group_exit+0x21b/0x2d0 kernel/exit.c:1118 get_signal+0x1284/0x1330 kernel/signal.c:3034 arch_do_signal_or_restart+0xbc/0x830 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline] exit_to_user_mode_loop+0x86/0x480 kernel/entry/common.c:98 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline] do_syscall_64+0x32d/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f12cb9a1407 Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff RSP: 002b:00007ffd686640d0 EFLAGS: 00000202 ORIG_RAX: 000000000000010f RAX: 0000000000000001 RBX: 00007f12cb917780 RCX: 00007f12cb9a1407 RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000055c73f87a380 RBP: 00007ffd68664410 R08: 0000000000000008 R09: 0000000000000000 R10: 00007ffd68664410 R11: 0000000000000202 R12: 000055c72af2c5e0 R13: 000055c73f86dd40 R14: 0000000000000000 R15: 00007ffd686641c0 The buggy address belongs to a vmalloc virtual mapping Memory state around the buggy address: ffffc900014a5f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc900014a5f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >ffffc900014a6000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc900014a6080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc900014a6100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ==================================================================