./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1490421180
<...>
Warning: Permanently added '10.128.1.8' (ED25519) to the list of known hosts.
execve("./syz-executor1490421180", ["./syz-executor1490421180"], 0x7ffc01ff8ed0 /* 10 vars */) = 0
brk(NULL) = 0x555556283000
brk(0x555556283d00) = 0x555556283d00
arch_prctl(ARCH_SET_FS, 0x555556283380) = 0
set_tid_address(0x555556283650) = 302
set_robust_list(0x555556283660, 24) = 0
rseq(0x555556283ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1490421180", 4096) = 28
getrandom("\xc8\xbf\x7a\xfd\x29\x6c\xc2\xf6", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555556283d00
brk(0x5555562a4d00) = 0x5555562a4d00
brk(0x5555562a5000) = 0x5555562a5000
mprotect(0x7fee0767e000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0executing program
) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
write(1, "executing program\n", 18) = 18
bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294967295, max_entries=7, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 EFAULT (Bad address)
bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_FLOW_DISSECTOR, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[ 35.729927][ T28] audit: type=1400 audit(1720818741.745:66): avc: denied { execmem } for pid=302 comm="syz-executor149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 35.737056][ T302] ==================================================================
[ 35.750715][ T28] audit: type=1400 audit(1720818741.745:67): avc: denied { bpf } for pid=302 comm="syz-executor149" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 35.757080][ T302] BUG: KASAN: stack-out-of-bounds in hash+0x465/0xc20
[ 35.757204][ T302] Read of size 4 at addr ffffc90000da7b40 by task syz-executor149/302
[ 35.757264][ T302]
[ 35.757283][ T302] CPU: 1 PID: 302 Comm: syz-executor149 Not tainted 6.1.84-syzkaller-00005-g96d66062d076 #0
[ 35.757345][ T302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 35.757384][ T302] Call Trace:
[ 35.757399][ T302]
[ 35.757418][ T302] dump_stack_lvl+0x151/0x1b7
[ 35.780108][ T28] audit: type=1400 audit(1720818741.745:68): avc: denied { map_create } for pid=302 comm="syz-executor149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 35.784857][ T302] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 35.793380][ T28] audit: type=1400 audit(1720818741.745:69): avc: denied { map_read map_write } for pid=302 comm="syz-executor149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 35.795008][ T302] ? _printk+0xd1/0x111
[ 35.805373][ T28] audit: type=1400 audit(1720818741.745:70): avc: denied { prog_load } for pid=302 comm="syz-executor149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 35.814807][ T302] ? __virt_addr_valid+0xc3/0x2f0
[ 35.818469][ T28] audit: type=1400 audit(1720818741.745:71): avc: denied { perfmon } for pid=302 comm="syz-executor149" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 35.820699][ T302] print_report+0x158/0x4e0
[ 35.825249][ T28] audit: type=1400 audit(1720818741.745:72): avc: denied { prog_run } for pid=302 comm="syz-executor149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 35.844405][ T302] ? __virt_addr_valid+0xc3/0x2f0
[ 35.844504][ T302] ? kasan_addr_to_slab+0xd/0x80
[ 35.959945][ T302] ? hash+0x465/0xc20
[ 35.964186][ T302] kasan_report+0x13c/0x170
[ 35.969521][ T302] ? hash+0x465/0xc20
[ 35.974068][ T302] __asan_report_load_n_noabort+0xf/0x20
[ 35.979704][ T302] hash+0x465/0xc20
[ 35.983396][ T302] bloom_map_peek_elem+0xac/0x1a0
[ 35.988736][ T302] bpf_prog_00798911c748094f+0x3a/0x3e
[ 35.994179][ T302] bpf_flow_dissect+0x128/0x3d0
[ 35.999052][ T302] bpf_prog_test_run_flow_dissector+0x465/0x7e0
[ 36.005131][ T302] ? xdp_convert_buff_to_md+0x1f0/0x1f0
[ 36.010791][ T302] ? selinux_capable+0x2f1/0x430
[ 36.015995][ T302] ? __schedule+0xcaf/0x1550
[ 36.020795][ T302] ? __kasan_check_read+0x11/0x20
[ 36.025729][ T302] ? xdp_convert_buff_to_md+0x1f0/0x1f0
[ 36.031299][ T302] bpf_prog_test_run+0x3b0/0x630
[ 36.036441][ T302] ? bpf_prog_query+0x260/0x260
[ 36.041553][ T302] ? selinux_bpf+0xd2/0x100
[ 36.045904][ T302] ? security_bpf+0x82/0xb0
[ 36.050707][ T302] __sys_bpf+0x59f/0x7f0
[ 36.055048][ T302] ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 36.060321][ T302] ? __kasan_check_write+0x14/0x20
[ 36.065515][ T302] ? fpregs_restore_userregs+0x130/0x290
[ 36.070980][ T302] __x64_sys_bpf+0x7c/0x90
[ 36.075509][ T302] do_syscall_64+0x3d/0xb0
[ 36.079830][ T302] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 36.085644][ T302] RIP: 0033:0x7fee0760b729
[ 36.089888][ T302] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 36.109705][ T302] RSP: 002b:00007ffd5044a3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 36.117959][ T302] RAX: ffffffffffffffda RBX: 00007ffd5044a5b8 RCX: 00007fee0760b729
[ 36.125986][ T302] RDX: 0000000000000050 RSI: 0000000020000180 RDI: 000000000000000a
[ 36.133791][ T302] RBP: 00007fee0767e610 R08: 00007ffd5044a5b8 R09: 00007ffd5044a5b8
[ 36.142075][ T302] R10: 00007ffd5044a5b8 R11: 0000000000000246 R12: 0000000000000001
[ 36.149978][ T302] R13: 00007ffd5044a5a8 R14: 0000000000000001 R15: 0000000000000001
[ 36.157976][ T302]
[ 36.160821][ T302]
[ 36.162980][ T302] The buggy address belongs to stack of task syz-executor149/302
[ 36.170561][ T302] and is located at offset 0 in frame:
[ 36.176524][ T302] bpf_prog_test_run_flow_dissector+0x0/0x7e0
[ 36.183494][ T302]
[ 36.185761][ T302] This frame has 5 objects:
[ 36.190542][ T302] [32, 56) 't'
[ 36.190606][ T302] [96, 128) 'ctx'
[ 36.193928][ T302] [160, 216) 'flow_keys'
[ 36.197502][ T302] [256, 260) 'duration'
[ 36.202892][ T302] [272, 276) 'ret'
[ 36.207224][ T302]
[ 36.213112][ T302] The buggy address belongs to the virtual mapping at
[ 36.213112][ T302] [ffffc90000da0000, ffffc90000da9000) created by:
[ 36.213112][ T302] copy_process+0x5c3/0x3530
[ 36.230662][ T302]
[ 36.232832][ T302] The buggy address belongs to the physical page:
[ 36.239100][ T302] page:ffffea00048a8080 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122a02
[ 36.249414][ T302] flags: 0x4000000000000000(zone=1)
[ 36.254480][ T302] raw: 4000000000000000 0000000000000000 dead000000000122 0000000000000000
[ 36.263250][ T302] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 36.271895][ T302] page dumped because: kasan: bad access detected
[ 36.278248][ T302] page_owner tracks the page as allocated
[ 36.283784][ T302] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 299, tgid 299 (strace-static-x), ts 35719178446, free_ts 30149992526
[ 36.303800][ T302] post_alloc_hook+0x213/0x220
[ 36.308505][ T302] prep_new_page+0x1b/0x110
[ 36.313284][ T302] get_page_from_freelist+0x27ea/0x2870
[ 36.318913][ T302] __alloc_pages+0x3a1/0x780
[ 36.323340][ T302] __vmalloc_node_range+0x89b/0x1540
[ 36.328727][ T302] dup_task_struct+0x3d6/0x7d0
[ 36.333485][ T302] copy_process+0x5c3/0x3530
[ 36.337922][ T302] kernel_clone+0x229/0x890
[ 36.342336][ T302] __x64_sys_clone+0x231/0x280
[ 36.346936][ T302] do_syscall_64+0x3d/0xb0
[ 36.351273][ T302] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 36.357199][ T302] page last free stack trace:
[ 36.361699][ T302] free_unref_page_prepare+0x83d/0x850
[ 36.367105][ T302] free_unref_page+0xb2/0x5c0
[ 36.371766][ T302] __folio_put+0xaa/0xe0
[ 36.375842][ T302] anon_pipe_buf_release+0x187/0x200
[ 36.381271][ T302] pipe_read+0x5a6/0x1040
[ 36.385436][ T302] vfs_read+0x771/0xad0
[ 36.389433][ T302] ksys_read+0x199/0x2c0
[ 36.393769][ T302] __x64_sys_read+0x7b/0x90
[ 36.398113][ T302] do_syscall_64+0x3d/0xb0
[ 36.402365][ T302] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 36.408118][ T302]
[ 36.410258][ T302] Memory state around the buggy address:
[ 36.415748][ T302] ffffc90000da7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 36.423730][ T302] ffffc90000da7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 36.431879][ T302] >ffffc90000da7b00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f2
[ 36.439759][ T302] ^
[ 36.445860][ T302] ffffc90000da7b80: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00
[ 36.453947][ T302] ffffc90000da7c00: 00 00 00 f2 f2 f2 f2 f2 04 f2 04 f3 00 00 00 00
[ 36.462111][ T302] ==================================================================
[ 36.470152][ T302] Disabling lock debugging due to kernel taint
[ 36.476209][ T302] BUG: unable to handle page fault for address: ffffc90000da8000
[ 36.483902][ T302] #PF: supervisor read access in kernel mode
[ 36.490473][ T302] #PF: error_code(0x0000) - not-present page
[ 36.497204][ T302] PGD 100000067 P4D 100000067 PUD 100154067 PMD 11bdaf067 PTE 0
[ 36.505812][ T302] Oops: 0000 [#1] PREEMPT SMP KASAN
[ 36.510844][ T302] CPU: 1 PID: 302 Comm: syz-executor149 Tainted: G B 6.1.84-syzkaller-00005-g96d66062d076 #0
[ 36.522204][ T302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 36.532256][ T302] RIP: 0010:hash+0x2a4/0xc20
[ 36.536720][ T302] Code: 00 00 00 fc ff df 0f b6 04 10 84 c0 0f 85 ff 00 00 00 4a 8d 7c 36 03 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 17 01 00 00 <46> 03 3c 36 4a 8d 7c 36 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0
[ 36.556150][ T302] RSP: 0018:ffffc90000da79a0 EFLAGS: 00010282
[ 36.562152][ T302] RAX: 0000000000000000 RBX: 000000009b78d7a8 RCX: ffffffff8191f0e5
[ 36.569961][ T302] RDX: dffffc0000000000 RSI: ffffc90000da7a60 RDI: ffffc90000da8003
[ 36.577778][ T302] RBP: ffffc90000da79e0 R08: 00000000fffffa53 R09: fffffbfff0f264fd
[ 36.585685][ T302] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000e7fdcb3c
[ 36.593577][ T302] R13: 00000000fffffa53 R14: 00000000000005a0 R15: 00000000b6042f86
[ 36.601468][ T302] FS: 0000555556283380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 36.610235][ T302] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 36.616661][ T302] CR2: ffffc90000da8000 CR3: 00000001229a6000 CR4: 00000000003506a0
[ 36.624472][ T302] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 36.632288][ T302] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 36.640101][ T302] Call Trace:
[ 36.643222][ T302]
[ 36.645994][ T302] ? __die_body+0x62/0xb0
[ 36.650163][ T302] ? __die+0x7e/0x90
[ 36.653898][ T302] ? page_fault_oops+0x7f9/0xa90
[ 36.658669][ T302] ? resume_console+0x50/0x50
[ 36.663205][ T302] ? kernelmode_fixup_or_oops+0x270/0x270
[ 36.669097][ T302] ? is_prefetch+0x47a/0x6d0
[ 36.674684][ T302] ? vprintk_emit+0x1c7/0x450
[ 36.680053][ T302] ? printk_sprint+0x430/0x430
[ 36.684766][ T302] ? kernelmode_fixup_or_oops+0x21b/0x270
[ 36.690416][ T302] ? __bad_area_nosemaphore+0xcf/0x620
[ 36.695835][ T302] ? add_taint+0x44/0xe0
[ 36.700002][ T302] ? bad_area_nosemaphore+0x2d/0x40
[ 36.705416][ T302] ? do_kern_addr_fault+0x69/0x80
[ 36.710462][ T302] ? exc_page_fault+0x513/0x700
[ 36.715357][ T302] ? __kasan_check_write+0x14/0x20
[ 36.720291][ T302] ? asm_exc_page_fault+0x27/0x30
[ 36.725152][ T302] ? hash+0x3d5/0xc20
[ 36.728952][ T302] ? hash+0x2a4/0xc20
[ 36.733058][ T302] bloom_map_peek_elem+0xac/0x1a0
[ 36.738287][ T302] bpf_prog_00798911c748094f+0x3a/0x3e
[ 36.743560][ T302] bpf_flow_dissect+0x128/0x3d0
[ 36.748252][ T302] bpf_prog_test_run_flow_dissector+0x465/0x7e0
[ 36.754397][ T302] ? xdp_convert_buff_to_md+0x1f0/0x1f0
[ 36.759864][ T302] ? selinux_capable+0x2f1/0x430
[ 36.764870][ T302] ? __schedule+0xcaf/0x1550
[ 36.769384][ T302] ? __kasan_check_read+0x11/0x20
[ 36.774423][ T302] ? xdp_convert_buff_to_md+0x1f0/0x1f0
[ 36.779918][ T302] bpf_prog_test_run+0x3b0/0x630
[ 36.785240][ T302] ? bpf_prog_query+0x260/0x260
[ 36.790287][ T302] ? selinux_bpf+0xd2/0x100
[ 36.794689][ T302] ? security_bpf+0x82/0xb0
[ 36.799036][ T302] __sys_bpf+0x59f/0x7f0
[ 36.803118][ T302] ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 36.808345][ T302] ? __kasan_check_write+0x14/0x20
[ 36.813497][ T302] ? fpregs_restore_userregs+0x130/0x290
[ 36.818967][ T302] __x64_sys_bpf+0x7c/0x90
[ 36.823232][ T302] do_syscall_64+0x3d/0xb0
[ 36.827469][ T302] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 36.833294][ T302] RIP: 0033:0x7fee0760b729
[ 36.837703][ T302] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 36.857171][ T302] RSP: 002b:00007ffd5044a3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 36.865397][ T302] RAX: ffffffffffffffda RBX: 00007ffd5044a5b8 RCX: 00007fee0760b729
[ 36.873425][ T302] RDX: 0000000000000050 RSI: 0000000020000180 RDI: 000000000000000a
[ 36.881535][ T302] RBP: 00007fee0767e610 R08: 00007ffd5044a5b8 R09: 00007ffd5044a5b8
[ 36.889348][ T302] R10: 00007ffd5044a5b8 R11: 0000000000000246 R12: 0000000000000001
[ 36.897167][ T302] R13: 00007ffd5044a5a8 R14: 0000000000000001 R15: 0000000000000001
[ 36.904984][ T302]
[ 36.907999][ T302] Modules linked in:
[ 36.911721][ T302] CR2: ffffc90000da8000
[ 36.915713][ T302] ---[ end trace 0000000000000000 ]---
[ 36.920993][ T302] RIP: 0010:hash+0x2a4/0xc20
[ 36.925419][ T302] Code: 00 00 00 fc ff df 0f b6 04 10 84 c0 0f 85 ff 00 00 00 4a 8d 7c 36 03 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 17 01 00 00 <46> 03 3c 36 4a 8d 7c 36 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0
[ 36.945039][ T302] RSP: 0018:ffffc90000da79a0 EFLAGS: 00010282
[ 36.950944][ T302] RAX: 0000000000000000 RBX: 000000009b78d7a8 RCX: ffffffff8191f0e5
[ 36.958755][ T302] RDX: dffffc0000000000 RSI: ffffc90000da7a60 RDI: ffffc90000da8003
[ 36.966657][ T302] RBP: ffffc90000da79e0 R08: 00000000fffffa53 R09: fffffbfff0f264fd
[ 36.975431][ T302] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000e7fdcb3c
[ 36.983248][ T302] R13: 00000000fffffa53 R14: 00000000000005a0 R15: 00000000b6042f86
[ 36.991308][ T302] FS: 0000555556283380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 37.000177][ T302] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 37.006600][ T302] CR2: ffffc90000da8000 CR3: 00000001229a6000 CR4: 00000000003506a0
[ 37.014407][ T302] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 37.022301][ T302] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 37.030117][ T302] Kernel panic - not syncing: Fatal exception
[ 37.036300][ T302] Kernel Offset: disabled
[ 37.040834][ T302] Rebooting in 86400 seconds..