================================================================== BUG: KASAN: vmalloc-out-of-bounds in bpf_prog_get_recursion_context include/linux/bpf.h:2055 [inline] BUG: KASAN: vmalloc-out-of-bounds in __bpf_trace_run kernel/trace/bpf_trace.c:2080 [inline] BUG: KASAN: vmalloc-out-of-bounds in bpf_trace_run2+0x28c/0x840 kernel/trace/bpf_trace.c:2129 Read of size 8 at addr ffffc900014d7040 by task dhcpcd/5163 CPU: 0 UID: 101 PID: 5163 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xba/0x230 mm/kasan/report.c:482 kasan_report+0x117/0x150 mm/kasan/report.c:595 bpf_prog_get_recursion_context include/linux/bpf.h:2055 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2080 [inline] bpf_trace_run2+0x28c/0x840 kernel/trace/bpf_trace.c:2129 __do_trace_kfree include/trace/events/kmem.h:97 [inline] trace_kfree include/trace/events/kmem.h:97 [inline] kfree+0x5b2/0x630 mm/slub.c:6447 seccomp_filter_free kernel/seccomp.c:528 [inline] __put_seccomp_filter kernel/seccomp.c:547 [inline] __seccomp_filter_release kernel/seccomp.c:556 [inline] seccomp_filter_release+0x22b/0x2d0 kernel/seccomp.c:585 do_exit+0x3b0/0x23c0 kernel/exit.c:920 do_group_exit+0x21b/0x2d0 kernel/exit.c:1118 get_signal+0x1284/0x1330 kernel/signal.c:3034 arch_do_signal_or_restart+0xbc/0x830 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline] exit_to_user_mode_loop+0x86/0x480 kernel/entry/common.c:98 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline] do_syscall_64+0x32d/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f91a9ed6407 Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff RSP: 002b:00007ffe5767c3f0 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 00007f91a9e4c780 RCX: 00007f91a9ed6407 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000013 RBP: 00007ffe5768c690 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffe5768c690 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 The buggy address belongs to a vmalloc virtual mapping Memory state around the buggy address: ffffc900014d6f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc900014d6f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >ffffc900014d7000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc900014d7080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc900014d7100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ==================================================================