./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3484821561
<...>
Warning: Permanently added '10.128.1.162' (ED25519) to the list of known hosts.
execve("./syz-executor3484821561", ["./syz-executor3484821561"], 0x7ffe239827c0 /* 10 vars */) = 0
brk(NULL) = 0x555574d00000
brk(0x555574d00d00) = 0x555574d00d00
arch_prctl(ARCH_SET_FS, 0x555574d00380) = 0
set_tid_address(0x555574d00650) = 5093
set_robust_list(0x555574d00660, 24) = 0
rseq(0x555574d00ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3484821561", 4096) = 28
getrandom("\x3f\xf3\xa2\x74\x74\x49\xab\x5f", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555574d00d00
brk(0x555574d21d00) = 0x555574d21d00
brk(0x555574d22000) = 0x555574d22000
mprotect(0x7f30ab2ae000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555574d00650) = 5094
./strace-static-x86_64: Process 5094 attached
[pid 5094] set_robust_list(0x555574d00660, 24) = 0
[pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5094] setpgid(0, 0) = 0
[pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5094] write(3, "1000", 4) = 4
[pid 5094] close(3) = 0
[pid 5094] write(1, "executing program\n", 18executing program
) = 18
[ 59.334860][ T5094] ==================================================================
[ 59.342984][ T5094] BUG: KASAN: slab-out-of-bounds in btf_datasec_check_meta+0x2c9/0x9a0
[ 59.351257][ T5094] Read of size 1 at addr ffff88801d2af3c2 by task syz-executor348/5094
[ 59.359500][ T5094]
[ 59.361820][ T5094] CPU: 0 PID: 5094 Comm: syz-executor348 Not tainted 6.10.0-syzkaller-04478-g51f1bb929647 #0
[ 59.371961][ T5094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 59.382036][ T5094] Call Trace:
[ 59.385322][ T5094]
[ 59.388244][ T5094] dump_stack_lvl+0x241/0x360
[ 59.392932][ T5094] ? __pfx_dump_stack_lvl+0x10/0x10
[ 59.398120][ T5094] ? __pfx__printk+0x10/0x10
[ 59.402697][ T5094] ? _printk+0xd5/0x120
[ 59.406841][ T5094] ? __virt_addr_valid+0x183/0x530
[ 59.411950][ T5094] ? __virt_addr_valid+0x183/0x530
[ 59.417056][ T5094] print_report+0x169/0x550
[ 59.421551][ T5094] ? __virt_addr_valid+0x183/0x530
[ 59.426739][ T5094] ? __virt_addr_valid+0x183/0x530
[ 59.431849][ T5094] ? __virt_addr_valid+0x45f/0x530
[ 59.436958][ T5094] ? __phys_addr+0xba/0x170
[ 59.441454][ T5094] ? btf_datasec_check_meta+0x2c9/0x9a0
[ 59.446988][ T5094] kasan_report+0x143/0x180
[ 59.451486][ T5094] ? btf_datasec_check_meta+0x2c9/0x9a0
[ 59.457022][ T5094] btf_datasec_check_meta+0x2c9/0x9a0
[ 59.462385][ T5094] btf_parse_type_sec+0x4d5/0x2620
[ 59.467487][ T5094] ? bpf_verifier_vlog+0x1c9/0x860
[ 59.472590][ T5094] ? btf_check_sec_info+0x379/0x4f0
[ 59.477780][ T5094] ? __pfx_btf_parse_type_sec+0x10/0x10
[ 59.483315][ T5094] ? btf_parse_str_sec+0x21f/0x2b0
[ 59.488413][ T5094] btf_new_fd+0x43f/0xd30
[ 59.492735][ T5094] ? __pfx_btf_new_fd+0x10/0x10
[ 59.497574][ T5094] ? bpf_btf_load+0xcf/0x1a0
[ 59.502168][ T5094] __sys_bpf+0x6ef/0x810
[ 59.506399][ T5094] ? __pfx___sys_bpf+0x10/0x10
[ 59.511157][ T5094] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 59.517473][ T5094] ? exc_page_fault+0x590/0x8c0
[ 59.522321][ T5094] __x64_sys_bpf+0x7c/0x90
[ 59.526731][ T5094] do_syscall_64+0xf3/0x230
[ 59.531398][ T5094] ? clear_bhb_loop+0x35/0x90
[ 59.536066][ T5094] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.541957][ T5094] RIP: 0033:0x7f30ab23baf9
[ 59.546365][ T5094] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 59.566068][ T5094] RSP: 002b:00007ffc4e6b7398 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 59.574488][ T5094] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f30ab23baf9
[ 59.582469][ T5094] RDX: 0000000000000020 RSI: 00000000200004c0 RDI: 0000000000000012
[ 59.590447][ T5094] RBP: 00007f30ab2ae5f0 R08: 0000000000000000 R09: 0000000000000006
[ 59.598411][ T5094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 59.606368][ T5094] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 59.614338][ T5094]
[ 59.617342][ T5094]
[ 59.619651][ T5094] Allocated by task 5094:
[ 59.623971][ T5094] kasan_save_track+0x3f/0x80
[ 59.628643][ T5094] __kasan_kmalloc+0x98/0xb0
[ 59.633221][ T5094] __kmalloc_node_noprof+0x22a/0x440
[ 59.638493][ T5094] kvmalloc_node_noprof+0x72/0x190
[ 59.643593][ T5094] btf_new_fd+0x265/0xd30
[ 59.647912][ T5094] __sys_bpf+0x6ef/0x810
[ 59.652142][ T5094] __x64_sys_bpf+0x7c/0x90
[ 59.656548][ T5094] do_syscall_64+0xf3/0x230
[ 59.661055][ T5094] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.666934][ T5094]
[ 59.669240][ T5094] The buggy address belongs to the object at ffff88801d2af380
[ 59.669240][ T5094] which belongs to the cache kmalloc-96 of size 96
[ 59.683192][ T5094] The buggy address is located 0 bytes to the right of
[ 59.683192][ T5094] allocated 66-byte region [ffff88801d2af380, ffff88801d2af3c2)
[ 59.697673][ T5094]
[ 59.699982][ T5094] The buggy address belongs to the physical page:
[ 59.706387][ T5094] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d2af
[ 59.715135][ T5094] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 59.722289][ T5094] page_type: 0xffffefff(slab)
[ 59.726956][ T5094] raw: 00fff00000000000 ffff888015041280 ffffea00005ef300 dead000000000004
[ 59.735526][ T5094] raw: 0000000000000000 0000000080200020 00000001ffffefff 0000000000000000
[ 59.744094][ T5094] page dumped because: kasan: bad access detected
[ 59.750509][ T5094] page_owner tracks the page as allocated
[ 59.756207][ T5094] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 3569445600, free_ts 0
[ 59.773729][ T5094] post_alloc_hook+0x1f3/0x230
[ 59.778482][ T5094] get_page_from_freelist+0x2e4c/0x2f10
[ 59.784016][ T5094] __alloc_pages_noprof+0x256/0x6c0
[ 59.789205][ T5094] alloc_slab_page+0x5f/0x120
[ 59.793889][ T5094] allocate_slab+0x5a/0x2f0
[ 59.798413][ T5094] ___slab_alloc+0xcd1/0x14b0
[ 59.803095][ T5094] __slab_alloc+0x58/0xa0
[ 59.807445][ T5094] kmalloc_trace_noprof+0x1d5/0x2c0
[ 59.812645][ T5094] acpi_evaluate_object+0x15c/0xaf0
[ 59.817850][ T5094] acpi_evaluate_integer+0x11b/0x300
[ 59.823124][ T5094] acpi_get_node+0x106/0x280
[ 59.827704][ T5094] pci_acpi_scan_root+0xa7/0x620
[ 59.832717][ T5094] acpi_pci_root_add+0x1faf/0x30f0
[ 59.837818][ T5094] acpi_bus_attach+0x84e/0xce0
[ 59.842571][ T5094] device_for_each_child+0xf5/0x170
[ 59.847765][ T5094] acpi_dev_for_each_child+0xd0/0x110
[ 59.853128][ T5094] page_owner free stack trace missing
[ 59.858483][ T5094]
[ 59.860799][ T5094] Memory state around the buggy address:
[ 59.866416][ T5094] ffff88801d2af280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 59.874484][ T5094] ffff88801d2af300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 59.882536][ T5094] >ffff88801d2af380: 00 00 00 00 00 00 00 00 02 fc fc fc fc fc fc fc
[ 59.890585][ T5094] ^
[ 59.896810][ T5094] ffff88801d2af400: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 59.904855][ T5094] ffff88801d2af480: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 59.912902][ T5094] ==================================================================
[ 59.921252][ T5094] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 59.928460][ T5094] CPU: 1 PID: 5094 Comm: syz-executor348 Not tainted 6.10.0-syzkaller-04478-g51f1bb929647 #0
[ 59.938631][ T5094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 59.948688][ T5094] Call Trace:
[ 59.951958][ T5094]
[ 59.954878][ T5094] dump_stack_lvl+0x241/0x360
[ 59.959551][ T5094] ? __pfx_dump_stack_lvl+0x10/0x10
[ 59.964742][ T5094] ? __pfx__printk+0x10/0x10
[ 59.969319][ T5094] ? preempt_schedule+0xe1/0xf0
[ 59.974164][ T5094] ? vscnprintf+0x5d/0x90
[ 59.978510][ T5094] panic+0x349/0x860
[ 59.982396][ T5094] ? check_panic_on_warn+0x21/0xb0
[ 59.987613][ T5094] ? __pfx_panic+0x10/0x10
[ 59.992049][ T5094] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 59.998040][ T5094] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 60.004364][ T5094] ? print_report+0x502/0x550
[ 60.009036][ T5094] check_panic_on_warn+0x86/0xb0
[ 60.013970][ T5094] ? btf_datasec_check_meta+0x2c9/0x9a0
[ 60.019505][ T5094] end_report+0x77/0x160
[ 60.023743][ T5094] kasan_report+0x154/0x180
[ 60.028239][ T5094] ? btf_datasec_check_meta+0x2c9/0x9a0
[ 60.033795][ T5094] btf_datasec_check_meta+0x2c9/0x9a0
[ 60.039197][ T5094] btf_parse_type_sec+0x4d5/0x2620
[ 60.044321][ T5094] ? bpf_verifier_vlog+0x1c9/0x860
[ 60.049431][ T5094] ? btf_check_sec_info+0x379/0x4f0
[ 60.054708][ T5094] ? __pfx_btf_parse_type_sec+0x10/0x10
[ 60.060247][ T5094] ? btf_parse_str_sec+0x21f/0x2b0
[ 60.065349][ T5094] btf_new_fd+0x43f/0xd30
[ 60.069677][ T5094] ? __pfx_btf_new_fd+0x10/0x10
[ 60.074520][ T5094] ? bpf_btf_load+0xcf/0x1a0
[ 60.079102][ T5094] __sys_bpf+0x6ef/0x810
[ 60.083337][ T5094] ? __pfx___sys_bpf+0x10/0x10
[ 60.088100][ T5094] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 60.094423][ T5094] ? exc_page_fault+0x590/0x8c0
[ 60.099274][ T5094] __x64_sys_bpf+0x7c/0x90
[ 60.103687][ T5094] do_syscall_64+0xf3/0x230
[ 60.108201][ T5094] ? clear_bhb_loop+0x35/0x90
[ 60.112894][ T5094] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.118789][ T5094] RIP: 0033:0x7f30ab23baf9
[ 60.123197][ T5094] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 60.142794][ T5094] RSP: 002b:00007ffc4e6b7398 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 60.151202][ T5094] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f30ab23baf9
[ 60.159248][ T5094] RDX: 0000000000000020 RSI: 00000000200004c0 RDI: 0000000000000012
[ 60.167208][ T5094] RBP: 00007f30ab2ae5f0 R08: 0000000000000000 R09: 0000000000000006
[ 60.175205][ T5094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 60.183174][ T5094] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 60.191146][ T5094]
[ 60.194437][ T5094] Kernel Offset: disabled
[ 60.198751][ T5094] Rebooting in 86400 seconds..