Warning: Permanently added '10.128.0.101' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program [ 74.828530][ T5066] ================================================================== [ 74.832983][ T5067] BUG: unable to handle page fault for address: ffffc90003b58000 [ 74.836989][ T5066] BUG: KASAN: stack-out-of-bounds in hash+0x1bf/0x410 [ 74.845378][ T5067] #PF: supervisor read access in kernel mode [ 74.852330][ T5066] Read of size 4 at addr ffffc90003b47c20 by task syz-executor768/5066 [ 74.858660][ T5067] #PF: error_code(0x0000) - not-present page [ 74.867635][ T5066] [ 74.867653][ T5066] CPU: 1 PID: 5066 Comm: syz-executor768 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 [ 74.874324][ T5067] PGD 14c00067 [ 74.876752][ T5066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 74.889578][ T5067] P4D 14c00067 [ 74.898437][ T5066] Call Trace: [ 74.898456][ T5066] [ 74.909864][ T5067] PUD 15ad6067 [ 74.913444][ T5066] dump_stack_lvl+0x1e7/0x2e0 [ 74.917315][ T5067] PMD 1e6ca067 [ 74.920356][ T5066] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.923999][ T5067] PTE 0 [ 74.929433][ T5066] ? __pfx__printk+0x10/0x10 [ 74.933355][ T5067] [ 74.933369][ T5067] Oops: 0000 [#1] PREEMPT SMP KASAN PTI [ 74.938820][ T5066] ? _printk+0xd5/0x120 [ 74.941941][ T5067] CPU: 0 PID: 5067 Comm: syz-executor768 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 [ 74.946857][ T5066] print_report+0x169/0x550 [ 74.949765][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 74.955808][ T5066] ? __virt_addr_valid+0xbd/0x520 [ 74.960243][ T5067] RIP: 0010:hash+0xd3/0x410 [ 74.970771][ T5066] ? hash+0x1bf/0x410 [ 74.975831][ T5067] Code: ff df 0f b6 04 10 84 c0 0f 85 a7 00 00 00 45 03 6f f4 49 8d 7c 24 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 b3 00 00 00 <41> 03 5f f8 49 8d 7c 24 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 [ 74.986055][ T5066] kasan_report+0x143/0x180 [ 74.991439][ T5067] RSP: 0018:ffffc90003b57b38 EFLAGS: 00010286 [ 74.996042][ T5066] ? hash+0x1bf/0x410 [ 75.000133][ T5067] [ 75.000143][ T5067] RAX: 0000000000000000 RBX: 0000000044f3aac7 RCX: ffffffff81b5c34b [ 75.023328][ T5066] hash+0x1bf/0x410 [ 75.027913][ T5067] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffffc90003b58000 [ 75.035698][ T5066] bloom_map_peek_elem+0xb2/0x1b0 [ 75.039689][ T5067] RBP: 0000000043dc8498 R08: ffffffff81b5c230 R09: 1ffffffff2598ea0 [ 75.042159][ T5066] bpf_prog_00798911c748094f+0x42/0x46 [ 75.050668][ T5067] R10: dffffc0000000000 R11: ffffffffa000220c R12: ffffc90003b57ffc [ 75.054494][ T5066] bpf_trace_run2+0x204/0x420 [ 75.064635][ T5067] R13: 0000000040bbd00b R14: 000000003ffffe78 R15: ffffc90003b58008 [ 75.069850][ T5066] ? bpf_trace_run2+0x114/0x420 [ 75.078086][ T5067] FS: 00005555613bd380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 75.083871][ T5066] ? __pfx_bpf_trace_run2+0x10/0x10 [ 75.093036][ T5067] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.099397][ T5066] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 75.108604][ T5067] CR2: ffffc90003b58000 CR3: 000000001da9c000 CR4: 00000000003506f0 [ 75.114083][ T5066] ? __pfx___bpf_trace_ext4_drop_inode+0x10/0x10 [ 75.124600][ T5067] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.129909][ T5066] __traceiter_ext4_drop_inode+0x76/0xd0 [ 75.136727][ T5067] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.142217][ T5066] ext4_drop_inode+0x20a/0x270 [ 75.150567][ T5067] Call Trace: [ 75.150587][ T5067] [ 75.157820][ T5066] ? __pfx_ext4_drop_inode+0x10/0x10 [ 75.166680][ T5067] ? __die_body+0x88/0xe0 [ 75.172709][ T5066] iput+0x45e/0x900 [ 75.180964][ T5067] ? page_fault_oops+0x817/0xb30 [ 75.185921][ T5066] do_unlinkat+0x512/0x830 [ 75.189247][ T5067] ? __pfx_validate_chain+0x10/0x10 [ 75.192201][ T5066] ? __pfx_do_unlinkat+0x10/0x10 [ 75.197480][ T5067] ? __pfx_page_fault_oops+0x10/0x10 [ 75.201805][ T5066] ? strncpy_from_user+0x1a4/0x2f0 [ 75.205756][ T5067] ? __pfx_validate_chain+0x10/0x10 [ 75.210755][ T5066] __x64_sys_unlink+0x49/0x60 [ 75.215296][ T5067] ? __pfx_is_prefetch+0x10/0x10 [ 75.220795][ T5066] do_syscall_64+0xfb/0x240 [ 75.226032][ T5067] ? kernelmode_fixup_or_oops+0x20e/0x2b0 [ 75.231421][ T5066] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 75.236699][ T5067] ? __bad_area_nosemaphore+0x127/0x780 [ 75.242711][ T5066] RIP: 0033:0x7f30371a6fc7 [ 75.248147][ T5067] ? mark_lock+0x9a/0x350 [ 75.253313][ T5066] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 75.258452][ T5067] ? __pfx___bad_area_nosemaphore+0x10/0x10 [ 75.264203][ T5066] RSP: 002b:00007ffecf4fabe8 EFLAGS: 00000206 [ 75.271052][ T5067] ? spurious_kernel_fault+0x11b/0x520 [ 75.277061][ T5066] ORIG_RAX: 0000000000000057 [ 75.281878][ T5067] ? exc_page_fault+0x5bd/0x890 [ 75.286570][ T5066] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f30371a6fc7 [ 75.307773][ T5067] ? asm_exc_page_fault+0x26/0x30 [ 75.314363][ T5066] RDX: 00007ffecf4fac10 RSI: 00007ffecf4faca0 RDI: 00007ffecf4faca0 [ 75.321634][ T5067] ? 0xffffffffa000220c [ 75.327359][ T5066] RBP: 00007ffecf4faca0 R08: 0000000000000000 R09: 0000000000000000 [ 75.332142][ T5067] ? hash+0x80/0x410 [ 75.337180][ T5066] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffecf4fbd10 [ 75.345426][ T5067] ? hash+0x19b/0x410 [ 75.351110][ T5066] R13: 00005555613be6c0 R14: 00007ffecf4fbd10 R15: 0000000000000001 [ 75.359877][ T5067] ? hash+0xd3/0x410 [ 75.364570][ T5066] [ 75.373060][ T5067] ? hash+0x19b/0x410 [ 75.377035][ T5066] [ 75.377046][ T5066] The buggy address belongs to stack of task syz-executor768/5066 [ 75.385193][ T5067] bloom_map_peek_elem+0xb2/0x1b0 [ 75.389182][ T5066] and is located at offset 0 in frame: [ 75.398235][ T5067] bpf_prog_00798911c748094f+0x42/0x46 [ 75.402296][ T5066] bpf_trace_run2+0x0/0x420 [ 75.406116][ T5067] bpf_trace_run2+0x204/0x420 [ 75.410981][ T5066] [ 75.413405][ T5067] ? bpf_trace_run2+0x114/0x420 [ 75.422879][ T5066] This frame has 1 object: [ 75.428723][ T5067] ? __pfx_bpf_trace_run2+0x10/0x10 [ 75.434400][ T5066] [32, 48) 'args' [ 75.440311][ T5067] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 75.445086][ T5066] [ 75.445101][ T5066] The buggy address belongs to the virtual mapping at [ 75.445101][ T5066] [ffffc90003b40000, ffffc90003b49000) created by: [ 75.445101][ T5066] copy_process+0x5d1/0x3df0 [ 75.450289][ T5067] ? __pfx___bpf_trace_ext4_drop_inode+0x10/0x10 [ 75.453038][ T5066] [ 75.453050][ T5066] The buggy address belongs to the physical page: [ 75.457934][ T5067] __traceiter_ext4_drop_inode+0x76/0xd0 [ 75.462946][ T5066] page:ffffea0001954780 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6551e [ 75.469079][ T5067] ext4_drop_inode+0x20a/0x270 [ 75.473568][ T5066] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 75.479602][ T5067] ? __pfx_ext4_drop_inode+0x10/0x10 [ 75.482034][ T5066] page_type: 0xffffffff() [ 75.503372][ T5067] iput+0x45e/0x900 [ 75.510818][ T5066] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 75.513485][ T5067] do_unlinkat+0x512/0x830 [ 75.520360][ T5066] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 75.526007][ T5067] ? __pfx_do_unlinkat+0x10/0x10 [ 75.537194][ T5066] page dumped because: kasan: bad access detected [ 75.542588][ T5067] ? strncpy_from_user+0x1a4/0x2f0 [ 75.551178][ T5066] page_owner tracks the page as allocated [ 75.551190][ T5066] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5065, tgid 5065 (syz-executor768), ts 74763591817, free_ts 66086273808 [ 75.556795][ T5067] __x64_sys_unlink+0x49/0x60 [ 75.561805][ T5066] post_alloc_hook+0x1ea/0x210 [ 75.565648][ T5067] do_syscall_64+0xfb/0x240 [ 75.574752][ T5066] get_page_from_freelist+0x33ea/0x3580 [ 75.579461][ T5067] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 75.589082][ T5066] __alloc_pages+0x256/0x680 [ 75.594633][ T5067] RIP: 0033:0x7f30371a6fc7 [ 75.601836][ T5066] alloc_pages_mpol+0x3de/0x650 [ 75.608427][ T5067] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 75.614654][ T5066] __vmalloc_node_range+0x9a4/0x14a0 [ 75.635621][ T5067] RSP: 002b:00007ffecf4fabe8 EFLAGS: 00000206 [ 75.640739][ T5066] dup_task_struct+0x3e9/0x7d0 [ 75.645686][ T5067] ORIG_RAX: 0000000000000057 [ 75.650482][ T5066] copy_process+0x5d1/0x3df0 [ 75.656281][ T5067] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f30371a6fc7 [ 75.662377][ T5066] kernel_clone+0x21e/0x8d0 [ 75.667145][ T5067] RDX: 00007ffecf4fac10 RSI: 00007ffecf4faca0 RDI: 00007ffecf4faca0 [ 75.671938][ T5066] __x64_sys_clone+0x258/0x2a0 [ 75.671980][ T5066] do_syscall_64+0xfb/0x240 [ 75.676946][ T5067] RBP: 00007ffecf4faca0 R08: 0000000000000000 R09: 0000000000000000 [ 75.698283][ T5066] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 75.704361][ T5067] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffecf4fbd10 [ 75.710697][ T5066] page last free pid 4964 tgid 4964 stack trace: [ 75.715768][ T5067] R13: 00005555613be6c0 R14: 00007ffecf4fbd10 R15: 0000000000000001 [ 75.721139][ T5066] free_unref_page_prepare+0x968/0xa90 [ 75.725916][ T5067] [ 75.735032][ T5066] free_unref_page+0x37/0x3f0 [ 75.739706][ T5067] Modules linked in: [ 75.753496][ T5066] pipe_read+0x6f2/0x13e0 [ 75.758547][ T5067] CR2: ffffc90003b58000 [ 75.763354][ T5066] vfs_read+0x97b/0xb70 [ 75.771523][ T5067] ---[ end trace 0000000000000000 ]--- [ 75.777582][ T5066] ksys_read+0x1a0/0x2c0 [ 75.785912][ T5067] RIP: 0010:hash+0xd3/0x410 [ 75.793288][ T5066] do_syscall_64+0xfb/0x240 [ 75.801546][ T5067] Code: ff df 0f b6 04 10 84 c0 0f 85 a7 00 00 00 45 03 6f f4 49 8d 7c 24 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 b3 00 00 00 <41> 03 5f f8 49 8d 7c 24 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 [ 75.807083][ T5066] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 75.810566][ T5067] RSP: 0018:ffffc90003b57b38 EFLAGS: 00010286 [ 75.815966][ T5066] [ 75.815977][ T5066] Memory state around the buggy address: [ 75.821030][ T5067] [ 75.821038][ T5067] RAX: 0000000000000000 RBX: 0000000044f3aac7 RCX: ffffffff81b5c34b [ 75.825806][ T5066] ffffc90003b47b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.830242][ T5067] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffffc90003b58000 [ 75.835368][ T5066] ffffc90003b47b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.841704][ T5067] RBP: 0000000043dc8498 R08: ffffffff81b5c230 R09: 1ffffffff2598ea0 [ 75.846437][ T5066] >ffffc90003b47c00: 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3 00 00 00 00 [ 75.851427][ T5067] R10: dffffc0000000000 R11: ffffffffa000220c R12: ffffc90003b57ffc [ 75.855932][ T5066] ^ [ 75.876330][ T5067] R13: 0000000040bbd00b R14: 000000003ffffe78 R15: ffffc90003b58008 [ 75.882336][ T5066] ffffc90003b47c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.888694][ T5067] FS: 00005555613bd380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 75.891389][ T5066] ffffc90003b47d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.898148][ T5067] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.900568][ T5066] ================================================================== [ 75.901100][ T5066] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 75.908604][ T5067] CR2: ffffc90003b58000 CR3: 000000001da9c000 CR4: 00000000003506f0 [ 75.908631][ T5067] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.908641][ T5067] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 77.081158][ T5066] Shutting down cpus with NMI [ 77.221948][ T5066] Kernel Offset: disabled [ 77.226301][ T5066] Rebooting in 86400 seconds..