syzbot

------------[ cut here ]------------
trace type BPF program uses run-time allocation
WARNING: CPU: 0 PID: 5906 at kernel/bpf/verifier.c:11729 check_map_prog_compatibility+0x6cf/0x870 kernel/bpf/verifier.c:11729
Modules linked in:
CPU: 0 PID: 5906 Comm: syz.5.376 Not tainted 5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:check_map_prog_compatibility+0x6cf/0x870 kernel/bpf/verifier.c:11729
Code: ff e8 45 df ef ff 48 c7 c6 60 23 11 8a e9 0d fd ff ff e8 34 df ef ff c6 05 1d 2c cd 0b 01 48 c7 c7 c0 1f 11 8a e8 f1 c4 0e 08 <0f> 0b e9 9f fb ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c a5 f9
RSP: 0018:ffffc9000338f450 EFLAGS: 00010246
RAX: e1c9578b1fd34100 RBX: 0000000000000001 RCX: 0000000000080000
RDX: ffffc900159f9000 RSI: 00000000000030ba RDI: 00000000000030bb
RBP: ffff888078de4000 R08: dffffc0000000000 R09: ffffed10172067a8
R10: ffffed10172067a8 R11: 1ffff110172067a7 R12: ffffc90001236038
R13: 0000000000000011 R14: dffffc0000000000 R15: 1ffff92000246c07
FS:  00007fed601a16c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555905ce5c8 CR3: 000000006591f000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 resolve_pseudo_ldimm64+0x685/0x11d0 kernel/bpf/verifier.c:11898
 bpf_check+0x30a4/0xf090 kernel/bpf/verifier.c:14104
 bpf_prog_load+0x1043/0x1550 kernel/bpf/syscall.c:2348
 __sys_bpf+0x4c2/0x670 kernel/bpf/syscall.c:4651
 __do_sys_bpf kernel/bpf/syscall.c:4755 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:4753 [inline]
 __x64_sys_bpf+0x78/0x90 kernel/bpf/syscall.c:4753
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fed601a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fed62560fa0 RCX: 00007fed62339929
RDX: 0000000000000090 RSI: 00002000000000c0 RDI: 0000000000000005
RBP: 00007fed623bbb39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fed62560fa0 R15: 00007ffc2b09b648
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	ff c3                	inc    %ebx
   2:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
   9:	00 00 00
   c:	0f 1f 40 00          	nopl   0x0(%rax)
  10:	48 89 f8             	mov    %rdi,%rax
  13:	48 89 f7             	mov    %rsi,%rdi
  16:	48 89 d6             	mov    %rdx,%rsi
  19:	48 89 ca             	mov    %rcx,%rdx
  1c:	4d 89 c2             	mov    %r8,%r10
  1f:	4d 89 c8             	mov    %r9,%r8
  22:	4c 8b 4c 24 08       	mov    0x8(%rsp),%r9
  27:	0f 05                	syscall
* 29:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax <-- trapping instruction
  2f:	73 01                	jae    0x32
  31:	c3                   	ret
  32:	48 c7 c1 a8 ff ff ff 	mov    $0xffffffffffffffa8,%rcx
  39:	f7 d8                	neg    %eax
  3b:	64 89 01             	mov    %eax,%fs:(%rcx)
  3e:	48                   	rex.W