./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2721567668 <...> Warning: Permanently added '10.128.0.160' (ED25519) to the list of known hosts. execve("./syz-executor2721567668", ["./syz-executor2721567668"], 0x7ffc9a3dffd0 /* 10 vars */) = 0 brk(NULL) = 0x5555557dc000 brk(0x5555557dcd00) = 0x5555557dcd00 arch_prctl(ARCH_SET_FS, 0x5555557dc380) = 0 set_tid_address(0x5555557dc650) = 293 set_robust_list(0x5555557dc660, 24) = 0 rseq(0x5555557dcca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2721567668", 4096) = 28 getrandom("\x5a\x61\x0d\x35\x97\x85\x2d\x0d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555557dcd00 brk(0x5555557fdd00) = 0x5555557fdd00 brk(0x5555557fe000) = 0x5555557fe000 mprotect(0x7fa15d7c8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557dc650) = 294 ./strace-static-x86_64: Process 294 attached [pid 294] set_robust_list(0x5555557dc660, 24) = 0 [pid 294] mkdir("./syzkaller.QFdWWv", 0700 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] <... mkdir resumed>) = 0 [pid 294] chmod("./syzkaller.QFdWWv", 0777) = 0 [pid 294] chdir("./syzkaller.QFdWWv") = 0 [pid 294] mkdir("./0", 0777) = 0 ./strace-static-x86_64: Process 295 attached [pid 293] <... clone resumed>, child_tidptr=0x5555557dc650) = 295 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] <... clone resumed>, child_tidptr=0x5555557dc650) = 296 ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x5555557dc660, 24) = 0 [pid 296] chdir("./0") = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] setpgid(0, 0) = 0 [pid 293] <... clone resumed>, child_tidptr=0x5555557dc650) = 297 [pid 295] set_robust_list(0x5555557dc660, 24 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 297 attached [pid 295] mkdir("./syzkaller.FDdrm5", 0700 [pid 293] <... clone resumed>, child_tidptr=0x5555557dc650) = 298 [pid 297] set_robust_list(0x5555557dc660, 24 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... set_robust_list resumed>) = 0 [pid 293] <... clone resumed>, child_tidptr=0x5555557dc650) = 299 [pid 297] mkdir("./syzkaller.RJtcwL", 0700 [pid 296] <... openat resumed>) = 3 ./strace-static-x86_64: Process 299 attached ./strace-static-x86_64: Process 298 attached [pid 296] write(3, "1000", 4 [pid 295] <... mkdir resumed>) = 0 [pid 299] set_robust_list(0x5555557dc660, 24) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 297] chmod("./syzkaller.RJtcwL", 0777 [pid 296] <... write resumed>) = 4 [pid 295] chmod("./syzkaller.FDdrm5", 0777 [pid 298] set_robust_list(0x5555557dc660, 24 [pid 297] <... chmod resumed>) = 0 [pid 296] close(3 [pid 297] chdir("./syzkaller.RJtcwL" [pid 295] <... chmod resumed>) = 0 [pid 297] <... chdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 295] chdir("./syzkaller.FDdrm5" [pid 297] mkdir("./0", 0777 [pid 296] symlink("/dev/binderfs", "./binderfs" [pid 295] <... chdir resumed>) = 0 [pid 298] <... set_robust_list resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 298] mkdir("./syzkaller.UMB5Hd", 0700 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... symlink resumed>) = 0 [pid 295] mkdir("./0", 0777 [pid 296] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294966784, max_entries=4, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 295] <... mkdir resumed>) = 0 [ 19.816979][ T28] audit: type=1400 audit(1712070941.038:66): avc: denied { execmem } for pid=293 comm="syz-executor272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 ./strace-static-x86_64: Process 300 attached [pid 299] mkdir("./syzkaller.GLEy5V", 0700 [pid 298] <... mkdir resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x5555557dc650) = 300 [pid 296] <... bpf resumed>) = 3 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... mkdir resumed>) = 0 [pid 298] chmod("./syzkaller.UMB5Hd", 0777 [pid 296] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 [pid 299] chmod("./syzkaller.GLEy5V", 0777 [pid 298] <... chmod resumed>) = 0 [pid 296] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 295] <... clone resumed>, child_tidptr=0x5555557dc650) = 301 [pid 299] <... chmod resumed>) = 0 [pid 298] chdir("./syzkaller.UMB5Hd" [pid 296] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 299] chdir("./syzkaller.GLEy5V" [pid 298] <... chdir resumed>) = 0 [pid 296] <... bpf resumed>) = 4 [pid 299] <... chdir resumed>) = 0 [pid 298] mkdir("./0", 0777 [pid 296] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_drop_inode", prog_fd=4}}, 16 [pid 299] mkdir("./0", 0777 [pid 298] <... mkdir resumed>) = 0 [pid 296] <... bpf resumed>) = 5 [pid 300] set_robust_list(0x5555557dc660, 24) = 0 [pid 300] chdir("./0") = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294966784, max_entries=4, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 EFAULT (Bad address) [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_drop_inode", prog_fd=4}}, 16./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x5555557dc660, 24 [pid 299] <... mkdir resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] exit_group(0 [pid 301] <... set_robust_list resumed>) = 0 [pid 301] chdir("./0") = 0 [pid 296] <... exit_group resumed>) = ? [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4 [pid 298] <... clone resumed>, child_tidptr=0x5555557dc650) = 302 [pid 301] <... write resumed>) = 4 [pid 301] close(3) = 0 [pid 301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294966784, max_entries=4, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 EFAULT (Bad address) [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x5555557dc660, 24) = 0 [pid 302] chdir("./0") = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294966784, max_entries=4, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 EFAULT (Bad address) ./strace-static-x86_64: Process 303 attached [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 303] set_robust_list(0x5555557dc660, 24) = 0 [pid 303] chdir("./0") = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294966784, max_entries=4, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 EFAULT (Bad address) [ 19.838822][ T28] audit: type=1400 audit(1712070941.068:67): avc: denied { bpf } for pid=296 comm="syz-executor272" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 19.859870][ T28] audit: type=1400 audit(1712070941.068:68): avc: denied { map_create } for pid=296 comm="syz-executor272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 299] <... clone resumed>, child_tidptr=0x5555557dc650) = 303 [pid 303] <... bpf resumed>) = 4 [pid 302] <... bpf resumed>) = 4 [pid 301] <... bpf resumed>) = 4 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_drop_inode", prog_fd=4}}, 16 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_drop_inode", prog_fd=4}}, 16 [ 19.881842][ T28] audit: type=1400 audit(1712070941.068:69): avc: denied { map_read map_write } for pid=296 comm="syz-executor272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 19.902083][ T28] audit: type=1400 audit(1712070941.068:70): avc: denied { prog_load } for pid=296 comm="syz-executor272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_drop_inode", prog_fd=4}}, 16 [pid 300] <... bpf resumed>) = 5 [pid 300] exit_group(0) = ? [pid 303] <... bpf resumed>) = 5 [pid 302] <... bpf resumed>) = 5 [pid 301] <... bpf resumed>) = 5 [pid 296] +++ exited with 0 +++ [pid 303] exit_group(0 [pid 302] exit_group(0 [pid 301] exit_group(0 [pid 303] <... exit_group resumed>) = ? [pid 302] <... exit_group resumed>) = ? [pid 301] <... exit_group resumed>) = ? [pid 303] +++ exited with 0 +++ [pid 300] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 294] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... openat resumed>) = 3 [pid 294] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(3, "", [pid 294] <... openat resumed>) = 3 [pid 299] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] newfstatat(3, "", [pid 299] <... openat resumed>) = 3 [pid 297] getdents64(3, [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] newfstatat(3, "", [pid 297] <... getdents64 resumed>0x5555557dd6f0 /* 3 entries */, 32768) = 80 [pid 294] getdents64(3, [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 294] <... getdents64 resumed>0x5555557dd6f0 /* 3 entries */, 32768) = 80 [pid 299] getdents64(3, [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... getdents64 resumed>0x5555557dd6f0 /* 3 entries */, 32768) = 80 [pid 297] newfstatat(AT_FDCWD, "./0/binderfs", [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] newfstatat(AT_FDCWD, "./0/binderfs", [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 19.921351][ T28] audit: type=1400 audit(1712070941.068:71): avc: denied { perfmon } for pid=296 comm="syz-executor272" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 19.942360][ T28] audit: type=1400 audit(1712070941.068:72): avc: denied { prog_run } for pid=296 comm="syz-executor272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 297] unlink("./0/binderfs" [pid 294] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 19.985104][ T297] ================================================================== [ 19.992987][ T297] BUG: KASAN: stack-out-of-bounds in hash+0x227/0xc20 [ 19.999600][ T297] Read of size 4 at addr ffffc90000ec7bc0 by task syz-executor272/297 [ 20.007565][ T297] [ 20.009736][ T297] CPU: 0 PID: 297 Comm: syz-executor272 Not tainted 6.1.68-syzkaller-00105-gf085398f0e8f #0 [ 20.019630][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 20.029524][ T297] Call Trace: [ 20.032646][ T297] [ 20.035440][ T297] dump_stack_lvl+0x151/0x1b7 [ 20.038232][ T294] BUG: unable to handle page fault for address: ffffc90000e98000 [ 20.039940][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 20.047489][ T294] #PF: supervisor read access in kernel mode [ 20.053130][ T297] ? _printk+0xd1/0x111 [ 20.058976][ T294] #PF: error_code(0x0000) - not-present page [ 20.062940][ T297] ? __virt_addr_valid+0xc3/0x2f0 [ 20.068755][ T294] PGD 100000067 P4D 100000067 [ 20.073617][ T297] print_report+0x158/0x4e0 [ 20.073627][ T294] PUD 100154067 [ 20.073640][ T297] ? __virt_addr_valid+0xc3/0x2f0 [ 20.078219][ T294] PMD 121356067 PTE 0 [ 20.082554][ T297] ? kasan_addr_to_slab+0xd/0x80 [ 20.085937][ T294] [ 20.085942][ T294] Oops: 0000 [#1] PREEMPT SMP KASAN [ 20.090799][ T297] ? hash+0x227/0xc20 [ 20.094618][ T294] CPU: 1 PID: 294 Comm: syz-executor272 Not tainted 6.1.68-syzkaller-00105-gf085398f0e8f #0 [ 20.099394][ T297] kasan_report+0x13c/0x170 [ 20.101561][ T294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 20.106607][ T297] ? hash+0x227/0xc20 [ 20.110413][ T294] RIP: 0010:hash+0xfe/0xc20 [ 20.120310][ T297] __asan_report_load4_noabort+0x14/0x20 [ 20.124648][ T294] Code: fc ff df 0f b6 04 10 84 c0 0f 85 c1 00 00 00 45 03 6e f4 48 8d 7e 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 db 00 00 00 <41> 03 5e f8 48 8d 7e 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f [ 20.134542][ T297] hash+0x227/0xc20 [ 20.138360][ T294] RSP: 0018:ffffc90000e97ac8 EFLAGS: 00010282 [ 20.142703][ T297] bloom_map_peek_elem+0xac/0x1a0 [ 20.148169][ T294] [ 20.148173][ T294] RAX: 0000000000000000 RBX: 00000000743f56fa RCX: ffffffff8191d465 [ 20.167613][ T297] bpf_prog_00798911c748094f+0x3a/0x3e [ 20.171259][ T294] RDX: dffffc0000000000 RSI: ffffc90000e97ffc RDI: ffffc90000e98000 [ 20.177159][ T297] bpf_trace_run2+0x133/0x290 [ 20.182053][ T294] RBP: ffffc90000e97b08 R08: 000000003ffffe60 R09: fffffbfff0e9dfd6 [ 20.184193][ T297] ? bpf_trace_run1+0x240/0x240 [ 20.192009][ T294] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000894b4975 [ 20.197306][ T297] ? __kasan_check_write+0x14/0x20 [ 20.205114][ T294] R13: 00000000e22e2521 R14: ffffc90000e98008 R15: ffffc90000e97ffc [ 20.209624][ T297] __bpf_trace_ext4_drop_inode+0x23/0x30 [ 20.217433][ T294] FS: 00005555557dc380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 20.222125][ T297] ? __bpf_trace_ext4_evict_inode+0x30/0x30 [ 20.229930][ T294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.234885][ T297] __traceiter_ext4_drop_inode+0x75/0xc0 [ 20.242691][ T294] CR2: ffffc90000e98000 CR3: 0000000121d35000 CR4: 00000000003506a0 [ 20.248160][ T297] ext4_drop_inode+0x145/0x1a0 [ 20.256931][ T294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.262661][ T297] ? ext4_free_in_core_inode+0xb0/0xb0 [ 20.269078][ T294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.274544][ T297] iput+0x393/0x870 [ 20.282355][ T294] Call Trace: [ 20.282363][ T294] [ 20.286962][ T297] do_unlinkat+0x4db/0x910 [ 20.294767][ T294] ? __die_body+0x62/0xb0 [ 20.300066][ T297] ? fsnotify_link_count+0x100/0x100 [ 20.307872][ T294] ? __die+0x7e/0x90 [ 20.311518][ T297] ? getname_flags+0x1fd/0x520 [ 20.314646][ T294] ? page_fault_oops+0x7f9/0xa90 [ 20.317421][ T297] __x64_sys_unlink+0x49/0x50 [ 20.321673][ T294] ? kasan_set_track+0x60/0x70 [ 20.325839][ T297] do_syscall_64+0x3d/0xb0 [ 20.330956][ T294] ? kasan_set_track+0x4b/0x70 [ 20.334691][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 20.339291][ T294] ? kernelmode_fixup_or_oops+0x270/0x270 [ 20.344067][ T297] RIP: 0033:0x7fa15d754f87 [ 20.348577][ T294] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 20.353176][ T297] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 20.357428][ T294] ? is_prefetch+0x47a/0x6d0 [ 20.362029][ T297] RSP: 002b:00007ffef05f3a78 EFLAGS: 00000206 [ 20.367762][ T294] ? kernelmode_fixup_or_oops+0x21b/0x270 [ 20.373316][ T297] ORIG_RAX: 0000000000000057 [ 20.377566][ T294] ? __bad_area_nosemaphore+0xcf/0x620 [ 20.383474][ T297] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa15d754f87 [ 20.402918][ T294] ? bad_area_nosemaphore+0x2d/0x40 [ 20.407335][ T297] RDX: 00007ffef05f3aa0 RSI: 00007ffef05f3b30 RDI: 00007ffef05f3b30 [ 20.413238][ T294] ? do_kern_addr_fault+0x69/0x80 [ 20.418791][ T297] RBP: 00007ffef05f3b30 R08: 0000000000000000 R09: 0000000000000000 [ 20.423306][ T294] ? exc_page_fault+0x513/0x700 [ 20.428601][ T297] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffef05f4ba0 [ 20.436414][ T294] ? asm_exc_page_fault+0x27/0x30 [ 20.441447][ T297] R13: 00005555557dd6c0 R14: 00007ffef05f4ba0 R15: 0000000000000001 [ 20.449260][ T294] ? hash+0x1f5/0xc20 [ 20.454121][ T297] [ 20.461931][ T294] ? hash+0xfe/0xc20 [ 20.466617][ T297] [ 20.466622][ T297] The buggy address belongs to stack of task syz-executor272/297 [ 20.474431][ T294] ? hash+0x1f5/0xc20 [ 20.479286][ T297] and is located at offset 0 in frame: [ 20.487102][ T294] bloom_map_peek_elem+0xac/0x1a0 [ 20.490919][ T297] bpf_trace_run2+0x0/0x290 [ 20.493787][ T294] bpf_prog_00798911c748094f+0x3a/0x3e [ 20.497517][ T297] [ 20.497520][ T297] This frame has 1 object: [ 20.499686][ T294] bpf_trace_run2+0x133/0x290 [ 20.507235][ T297] [32, 48) 'args' [ 20.511055][ T294] ? bpf_trace_run1+0x240/0x240 [ 20.516435][ T297] [ 20.516443][ T297] The buggy address belongs to the virtual mapping at [ 20.516443][ T297] [ffffc90000ec0000, ffffc90000ec9000) created by: [ 20.516443][ T297] copy_process+0x5c3/0x3530 [ 20.521298][ T294] ? __kasan_check_write+0x14/0x20 [ 20.525638][ T297] [ 20.525643][ T297] The buggy address belongs to the physical page: [ 20.530935][ T294] __bpf_trace_ext4_drop_inode+0x23/0x30 [ 20.533106][ T297] page:ffffea0004875300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121d4c [ 20.537355][ T294] ? __bpf_trace_ext4_evict_inode+0x30/0x30 [ 20.541864][ T297] flags: 0x4000000000000000(zone=1) [ 20.545425][ T294] __traceiter_ext4_drop_inode+0x75/0xc0 [ 20.550119][ T297] raw: 4000000000000000 0000000000000000 dead000000000122 0000000000000000 [ 20.552282][ T294] ext4_drop_inode+0x145/0x1a0 [ 20.569732][ T297] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.574678][ T294] ? ext4_free_in_core_inode+0xb0/0xb0 [ 20.576844][ T297] page dumped because: kasan: bad access detected [ 20.576853][ T297] page_owner tracks the page as allocated [ 20.583094][ T294] iput+0x393/0x870 [ 20.588560][ T297] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 293, tgid 293 (syz-executor272), ts 19832807389, free_ts 0 [ 20.598634][ T294] do_unlinkat+0x4db/0x910 [ 20.604366][ T297] post_alloc_hook+0x213/0x220 [ 20.609395][ T294] ? fsnotify_link_count+0x100/0x100 [ 20.614857][ T297] prep_new_page+0x1b/0x110 [ 20.623283][ T294] ? getname_flags+0x1fd/0x520 [ 20.627877][ T297] get_page_from_freelist+0x27ea/0x2870 [ 20.636300][ T294] __x64_sys_unlink+0x49/0x50 [ 20.641591][ T297] __alloc_pages+0x3a1/0x780 [ 20.647841][ T294] do_syscall_64+0x3d/0xb0 [ 20.653395][ T297] __vmalloc_node_range+0x89b/0x1540 [ 20.657042][ T294] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 20.675266][ T297] dup_task_struct+0x3d6/0x7d0 [ 20.679526][ T294] RIP: 0033:0x7fa15d754f87 [ 20.684124][ T297] copy_process+0x5c3/0x3530 [ 20.689243][ T294] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 20.693580][ T297] kernel_clone+0x229/0x890 [ 20.698189][ T294] RSP: 002b:00007ffef05f3a78 EFLAGS: 00000206 [ 20.703563][ T297] __x64_sys_clone+0x231/0x280 [ 20.708076][ T294] ORIG_RAX: 0000000000000057 [ 20.708084][ T294] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa15d754f87 [ 20.712501][ T297] do_syscall_64+0x3d/0xb0 [ 20.716754][ T294] RDX: 00007ffef05f3aa0 RSI: 00007ffef05f3b30 RDI: 00007ffef05f3b30 [ 20.721876][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 20.727605][ T294] RBP: 00007ffef05f3b30 R08: 0000000000000000 R09: 0000000000000000 [ 20.732203][ T297] page_owner free stack trace missing [ 20.732210][ T297] [ 20.736457][ T294] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffef05f4ba0 [ 20.740884][ T297] Memory state around the buggy address: [ 20.740893][ T297] ffffc90000ec7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.760325][ T294] R13: 00005555557dd6c0 R14: 00007ffef05f4ba0 R15: 0000000000000001 [ 20.764673][ T297] ffffc90000ec7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.770572][ T294] [ 20.775168][ T297] >ffffc90000ec7b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3 [ 20.779682][ T294] Modules linked in: [ 20.787492][ T297] ^ [ 20.787502][ T297] ffffc90000ec7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.791748][ T294] CR2: ffffc90000e98000 [ 20.799562][ T297] ffffc90000ec7c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.805285][ T294] ---[ end trace 0000000000000000 ]--- [ 20.813098][ T297] ================================================================== [ 20.813263][ T297] BUG: unable to handle page fault for address: ffffc90000ec8000 [ 20.818303][ T294] RIP: 0010:hash+0xfe/0xc20 [ 20.820473][ T297] #PF: supervisor read access in kernel mode [ 20.828283][ T294] Code: fc ff df 0f b6 04 10 84 c0 0f 85 c1 00 00 00 45 03 6e f4 48 8d 7e 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 db 00 00 00 <41> 03 5e f8 48 8d 7e 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f [ 20.833752][ T297] #PF: error_code(0x0000) - not-present page [ 20.841662][ T294] RSP: 0018:ffffc90000e97ac8 EFLAGS: 00010282 [ 20.849467][ T297] PGD 100000067 P4D 100000067 [ 20.857808][ T294] [ 20.857813][ T294] RAX: 0000000000000000 RBX: 00000000743f56fa RCX: ffffffff8191d465 [ 20.860660][ T297] PUD 100154067 [ 20.868558][ T294] RDX: dffffc0000000000 RSI: ffffc90000e97ffc RDI: ffffc90000e98000 [ 20.872288][ T297] PMD 121356067 PTE 0 [ 20.878278][ T294] RBP: ffffc90000e97b08 R08: 000000003ffffe60 R09: fffffbfff0e9dfd6 [ 20.886175][ T297] [ 20.886179][ T297] Oops: 0000 [#2] PREEMPT SMP KASAN [ 20.890170][ T294] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000894b4975 [ 20.898071][ T297] CPU: 0 PID: 297 Comm: syz-executor272 Tainted: G B D 6.1.68-syzkaller-00105-gf085398f0e8f #0 [ 20.903361][ T294] R13: 00000000e22e2521 R14: ffffc90000e98008 R15: ffffc90000e97ffc [ 20.911260][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 20.918810][ T294] FS: 00005555557dc380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 20.923152][ T297] RIP: 0010:hash+0xfe/0xc20 [ 20.928967][ T294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.948416][ T297] Code: fc ff df 0f b6 04 10 84 c0 0f 85 c1 00 00 00 45 03 6e f4 48 8d 7e 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 db 00 00 00 <41> 03 5e f8 48 8d 7e 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f [ 20.954223][ T294] CR2: ffffc90000e98000 CR3: 0000000121d35000 CR4: 00000000003506a0 [ 20.960125][ T297] RSP: 0018:ffffc90000ec7ac8 EFLAGS: 00010282 [ 20.964733][ T294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.966894][ T297] [ 20.966898][ T297] RAX: 0000000000000000 RBX: 00000000d5a121fa RCX: ffffffff8191d465 [ 20.974705][ T294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.978090][ T297] RDX: dffffc0000000000 RSI: ffffc90000ec7ffc RDI: ffffc90000ec8000 [ 20.985904][ T294] Kernel panic - not syncing: Fatal exception [ 20.989726][ T297] RBP: ffffc90000ec7b08 R08: 000000003ffffe60 R09: fffffbfff0ee5cfd [ 20.989738][ T297] R10: 0000000000000000 R11: dffffc0000000001 R12: 000000005e4756df [ 20.989749][ T297] R13: 0000000011205f4e R14: ffffc90000ec8008 R15: ffffc90000ec7ffc [ 20.989760][ T297] FS: 00005555557dc380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 20.989774][ T297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.989786][ T297] CR2: ffffc90000ec8000 CR3: 0000000121d4e000 CR4: 00000000003506b0 [ 20.989800][ T297] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.989809][ T297] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.989819][ T297] Call Trace: [ 20.989824][ T297] [ 20.989832][ T297] ? __die_body+0x62/0xb0 [ 20.989850][ T297] ? __die+0x7e/0x90 [ 20.989865][ T297] ? page_fault_oops+0x7f9/0xa90 [ 20.989883][ T297] ? down_trylock+0x59/0xa0 [ 20.989901][ T297] ? kernelmode_fixup_or_oops+0x270/0x270 [ 20.989920][ T297] ? __kasan_check_write+0x14/0x20 [ 20.989942][ T297] ? is_prefetch+0x47a/0x6d0 [ 20.989960][ T297] ? __wake_up_klogd+0xde/0x110 [ 20.989978][ T297] ? printk_sprint+0x430/0x430 [ 20.989995][ T297] ? kernelmode_fixup_or_oops+0x21b/0x270 [ 20.990015][ T297] ? __bad_area_nosemaphore+0xcf/0x620 [ 20.990034][ T297] ? irqentry_exit+0x30/0x40 [ 20.990050][ T297] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 20.990072][ T297] ? bad_area_nosemaphore+0x2d/0x40 [ 20.990090][ T297] ? do_kern_addr_fault+0x69/0x80 [ 20.990109][ T297] ? exc_page_fault+0x513/0x700 [ 20.990124][ T297] ? __kasan_check_write+0x14/0x20 [ 20.990144][ T297] ? asm_exc_page_fault+0x27/0x30 [ 20.990165][ T297] ? hash+0x1f5/0xc20 [ 20.990185][ T297] ? hash+0xfe/0xc20 [ 20.990203][ T297] ? hash+0x1f5/0xc20 [ 20.990222][ T297] bloom_map_peek_elem+0xac/0x1a0 [ 20.990244][ T297] bpf_prog_00798911c748094f+0x3a/0x3e [ 20.990260][ T297] bpf_trace_run2+0x133/0x290 [ 20.990275][ T297] ? bpf_trace_run1+0x240/0x240 [ 20.990290][ T297] ? __kasan_check_write+0x14/0x20 [ 20.990311][ T297] __bpf_trace_ext4_drop_inode+0x23/0x30 [ 20.990330][ T297] ? __bpf_trace_ext4_evict_inode+0x30/0x30 [ 20.990349][ T297] __traceiter_ext4_drop_inode+0x75/0xc0 [ 20.990368][ T297] ext4_drop_inode+0x145/0x1a0 [ 20.990385][ T297] ? ext4_free_in_core_inode+0xb0/0xb0 [ 20.990404][ T297] iput+0x393/0x870 [ 20.990420][ T297] do_unlinkat+0x4db/0x910 [ 20.990438][ T297] ? fsnotify_link_count+0x100/0x100 [ 20.990455][ T297] ? getname_flags+0x1fd/0x520 [ 20.990476][ T297] __x64_sys_unlink+0x49/0x50 [ 20.990490][ T297] do_syscall_64+0x3d/0xb0 [ 20.990510][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 20.990541][ T297] RIP: 0033:0x7fa15d754f87 [ 20.990554][ T297] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 20.990566][ T297] RSP: 002b:00007ffef05f3a78 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 20.990582][ T297] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa15d754f87 [ 20.990592][ T297] RDX: 00007ffef05f3aa0 RSI: 00007ffef05f3b30 RDI: 00007ffef05f3b30 [ 20.990603][ T297] RBP: 00007ffef05f3b30 R08: 0000000000000000 R09: 0000000000000000 [ 20.990613][ T297] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffef05f4ba0 [ 20.990623][ T297] R13: 00005555557dd6c0 R14: 00007ffef05f4ba0 R15: 0000000000000001 [ 20.990637][ T297] [ 20.990642][ T297] Modules linked in: [ 20.990650][ T297] CR2: ffffc90000ec8000 [ 20.998444][ T297] ---[ end trace 0000000000000000 ]--- [ 20.998450][ T297] RIP: 0010:hash+0xfe/0xc20 [ 20.998470][ T297] Code: fc ff df 0f b6 04 10 84 c0 0f 85 c1 00 00 00 45 03 6e f4 48 8d 7e 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 db 00 00 00 <41> 03 5e f8 48 8d 7e 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f [ 20.998482][ T297] RSP: 0018:ffffc90000e97ac8 EFLAGS: 00010282 [ 20.998495][ T297] RAX: 0000000000000000 RBX: 00000000743f56fa RCX: ffffffff8191d465 [ 20.998505][ T297] RDX: dffffc0000000000 RSI: ffffc90000e97ffc RDI: ffffc90000e98000 [ 20.998516][ T297] RBP: ffffc90000e97b08 R08: 000000003ffffe60 R09: fffffbfff0e9dfd6 [ 20.998528][ T297] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000894b4975 [ 20.998538][ T297] R13: 00000000e22e2521 R14: ffffc90000e98008 R15: ffffc90000e97ffc [ 20.998549][ T297] FS: 00005555557dc380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 20.998563][ T297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.998575][ T297] CR2: ffffc90000ec8000 CR3: 0000000121d4e000 CR4: 00000000003506b0 [ 20.998588][ T297] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.998597][ T297] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.091662][ T294] Shutting down cpus with NMI [ 22.675631][ T294] Kernel Offset: disabled [ 22.679753][ T294] Rebooting in 86400 seconds..