./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor382206070 <...> Warning: Permanently added '10.128.1.42' (ED25519) to the list of known hosts. execve("./syz-executor382206070", ["./syz-executor382206070"], 0x7ffd74c07a10 /* 10 vars */) = 0 brk(NULL) = 0x55558bcf5000 brk(0x55558bcf5e00) = 0x55558bcf5e00 arch_prctl(ARCH_SET_FS, 0x55558bcf5480) = 0 set_tid_address(0x55558bcf5750) = 5850 set_robust_list(0x55558bcf5760, 24) = 0 rseq(0x55558bcf5da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor382206070", 4096) = 27 getrandom("\x65\x16\x93\xc8\x21\xd5\x16\x52", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558bcf5e00 brk(0x55558bd16e00) = 0x55558bd16e00 brk(0x55558bd17000) = 0x55558bd17000 mprotect(0x7f82b1a81000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f82b19d6920, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f82b19e1320}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f82b19d6920, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f82b19e1320}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached , child_tidptr=0x55558bcf5750) = 5851 [pid 5851] set_robust_list(0x55558bcf5760, 24) = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0) = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1000", 4) = 4 [pid 5851] close(3) = 0 executing program [pid 5851] write(1, "executing program\n", 18) = 18 [pid 5851] fsconfig(-1, FSCONFIG_CMD_CREATE, NULL, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5851] bpf(BPF_MAP_CREATE, NULL, 72) = -1 EFAULT (Bad address) [pid 5851] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5851] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = 4 [pid 5851] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=147}, NULL) = 0 [pid 5851] sched_setscheduler(0, SCHED_RR, [6]) = 0 [pid 5851] prctl(PR_SCHED_CORE, PR_SCHED_CORE_CREATE, 0, 0 /* PIDTYPE_PID */, NULL) = 0 [pid 5851] getpid() = 5851 [pid 5851] sched_setscheduler(5851, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5851] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5851] connect(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5851] sendmmsg(-1, NULL, 0, 0) = -1 EBADF (Bad file descriptor) [pid 5851] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=262144, map_flags=0, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [ 202.033054][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [pid 5851] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SKB, insn_cnt=28, insns=0x20000d80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 5850] kill(-5851, SIGKILL) = 0 [pid 5851] <... bpf resumed>) = ? [pid 5850] kill(5851, SIGKILL [pid 5851] +++ killed by SIGKILL +++ <... kill resumed>) = 0 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5851, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=521 /* 5.21 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5852 attached , child_tidptr=0x55558bcf5750) = 5852 [pid 5852] set_robust_list(0x55558bcf5760, 24) = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5852] setpgid(0, 0) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1000", 4) = 4 [pid 5852] close(3) = 0 executing program [pid 5852] write(1, "executing program\n", 18) = 18 [pid 5852] fsconfig(-1, FSCONFIG_CMD_CREATE, NULL, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5852] bpf(BPF_MAP_CREATE, NULL, 72) = -1 EFAULT (Bad address) [pid 5852] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5852] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = 4 [pid 5852] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=147}, NULL) = 0 [pid 5852] sched_setscheduler(0, SCHED_RR, [6]) = 0 [pid 5852] prctl(PR_SCHED_CORE, PR_SCHED_CORE_CREATE, 0, 0 /* PIDTYPE_PID */, NULL) = 0 [pid 5852] getpid() = 5852 [pid 5852] sched_setscheduler(5852, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5852] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5852] connect(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5852] sendmmsg(-1, NULL, 0, 0) = -1 EBADF (Bad file descriptor) [pid 5852] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=262144, map_flags=0, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [ 210.343022][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 212.033049][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [pid 5852] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SKB, insn_cnt=28, insns=0x20000d80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 5850] kill(-5852, SIGKILL) = 0 [pid 5850] kill(5852, SIGKILL) = 0 [pid 5852] <... bpf resumed>) = ? [pid 5852] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5852, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=1094 /* 10.94 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5853 attached , child_tidptr=0x55558bcf5750) = 5853 [pid 5853] set_robust_list(0x55558bcf5760, 24) = 0 [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5853] setpgid(0, 0) = 0 [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5853] write(3, "1000", 4) = 4 [pid 5853] close(3) = 0 [pid 5853] write(1, "executing program\n", 18executing program ) = 18 [pid 5853] fsconfig(-1, FSCONFIG_CMD_CREATE, NULL, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5853] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5853] bpf(BPF_MAP_CREATE, NULL, 72) = -1 EFAULT (Bad address) [pid 5853] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5853] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = 4 [pid 5853] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=147}, NULL) = 0 [pid 5853] sched_setscheduler(0, SCHED_RR, [6]) = 0 [pid 5853] prctl(PR_SCHED_CORE, PR_SCHED_CORE_CREATE, 0, 0 /* PIDTYPE_PID */, NULL) = 0 [pid 5853] getpid() = 5853 [pid 5853] sched_setscheduler(5853, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5853] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5853] connect(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5853] sendmmsg(-1, NULL, 0, 0) = -1 EBADF (Bad file descriptor) [pid 5853] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=262144, map_flags=0, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 5853] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SKB, insn_cnt=28, insns=0x20000d80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 5850] kill(-5853, SIGKILL) = 0 [pid 5850] kill(5853, SIGKILL) = 0 [pid 5853] <... bpf resumed>) = ? [pid 5853] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5853, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=568 /* 5.68 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5856 attached , child_tidptr=0x55558bcf5750) = 5856 [pid 5856] set_robust_list(0x55558bcf5760, 24) = 0 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5856] setpgid(0, 0) = 0 [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5856] write(3, "1000", 4) = 4 [pid 5856] close(3) = 0 [pid 5856] write(1, "executing program\n", 18executing program ) = 18 [pid 5856] fsconfig(-1, FSCONFIG_CMD_CREATE, NULL, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5856] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5856] bpf(BPF_MAP_CREATE, NULL, 72) = -1 EFAULT (Bad address) [pid 5856] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5856] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = 4 [pid 5856] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=147}, NULL) = 0 [pid 5856] sched_setscheduler(0, SCHED_RR, [6]) = 0 [pid 5856] prctl(PR_SCHED_CORE, PR_SCHED_CORE_CREATE, 0, 0 /* PIDTYPE_PID */, NULL) = 0 [pid 5856] getpid() = 5856 [pid 5856] sched_setscheduler(5856, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5856] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5856] connect(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5856] sendmmsg(-1, NULL, 0, 0) = -1 EBADF (Bad file descriptor) [pid 5856] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=262144, map_flags=0, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [ 245.336235][ T5856] ================================================================== [ 245.344419][ T5856] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x340/0x3a0 [ 245.352343][ T5856] Write of size 2097120 at addr ffffc9000c600020 by task syz-executor382/5856 [ 245.361191][ T5856] [ 245.363528][ T5856] CPU: 1 UID: 0 PID: 5856 Comm: syz-executor382 Not tainted 6.12.0-next-20241120-syzkaller #0 [ 245.373760][ T5856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 245.383810][ T5856] Call Trace: [ 245.387077][ T5856] [ 245.389993][ T5856] dump_stack_lvl+0x241/0x360 [ 245.394686][ T5856] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.399866][ T5856] ? __pfx__printk+0x10/0x10 [ 245.404540][ T5856] ? _printk+0xd5/0x120 [ 245.408705][ T5856] print_report+0x169/0x550 [ 245.413293][ T5856] ? __virt_addr_valid+0xbd/0x530 [ 245.418414][ T5856] ? vrealloc_noprof+0x340/0x3a0 [ 245.423367][ T5856] kasan_report+0x143/0x180 [ 245.427885][ T5856] ? vrealloc_noprof+0x340/0x3a0 [ 245.432815][ T5856] kasan_check_range+0x282/0x290 [ 245.437742][ T5856] __asan_memset+0x23/0x50 [ 245.442161][ T5856] vrealloc_noprof+0x340/0x3a0 [ 245.446920][ T5856] push_insn_history+0x16c/0x6a0 [ 245.451849][ T5856] check_mem_access+0xf30/0x2240 [ 245.456799][ T5856] ? __reg_deduce_bounds+0xc57/0x10d0 [ 245.462201][ T5856] ? __pfx_check_mem_access+0x10/0x10 [ 245.467684][ T5856] ? is_reg64+0x306/0x3a0 [ 245.472008][ T5856] ? __check_reg_arg+0x180/0x4d0 [ 245.476939][ T5856] do_check+0x7d97/0xfcd0 [ 245.481335][ T5856] ? __pfx_do_check+0x10/0x10 [ 245.486004][ T5856] ? mark_reg_not_init+0xd4/0x4b0 [ 245.491020][ T5856] ? __asan_memcpy+0x40/0x70 [ 245.495678][ T5856] ? mark_reg_not_init+0xd4/0x4b0 [ 245.500688][ T5856] do_check_common+0x1564/0x2010 [ 245.505614][ T5856] bpf_check+0x19380/0x1f1b0 [ 245.510185][ T5856] ? bpf_prog_alloc+0x3a/0x1b0 [ 245.515025][ T5856] ? __pfx_validate_chain+0x10/0x10 [ 245.520203][ T5856] ? page_ext_get+0x20/0x2a0 [ 245.524778][ T5856] ? page_ext_get+0x1d6/0x2a0 [ 245.529436][ T5856] ? post_alloc_hook+0x206/0x230 [ 245.534358][ T5856] ? get_page_from_freelist+0x3725/0x3870 [ 245.540061][ T5856] ? __pfx_validate_chain+0x10/0x10 [ 245.545242][ T5856] ? validate_chain+0x11e/0x5920 [ 245.550176][ T5856] ? validate_chain+0x11e/0x5920 [ 245.555092][ T5856] ? mark_lock+0x9a/0x360 [ 245.559403][ T5856] ? validate_chain+0x11e/0x5920 [ 245.564326][ T5856] ? validate_chain+0x11e/0x5920 [ 245.569249][ T5856] ? __pfx_validate_chain+0x10/0x10 [ 245.574449][ T5856] ? validate_chain+0x11e/0x5920 [ 245.579372][ T5856] ? validate_chain+0x11e/0x5920 [ 245.584299][ T5856] ? validate_chain+0x11e/0x5920 [ 245.589240][ T5856] ? __pfx_validate_chain+0x10/0x10 [ 245.594539][ T5856] ? __pfx_validate_chain+0x10/0x10 [ 245.599729][ T5856] ? __pfx_bpf_check+0x10/0x10 [ 245.604482][ T5856] ? __pfx_validate_chain+0x10/0x10 [ 245.609666][ T5856] ? mark_lock+0x9a/0x360 [ 245.613974][ T5856] ? mark_lock+0x9a/0x360 [ 245.618311][ T5856] ? __lock_acquire+0x1397/0x2100 [ 245.623323][ T5856] ? mark_lock+0x9a/0x360 [ 245.627643][ T5856] ? __lock_acquire+0x1397/0x2100 [ 245.632668][ T5856] ? __pfx_lock_acquire+0x10/0x10 [ 245.637684][ T5856] ? ktime_get_with_offset+0x8c/0x290 [ 245.643049][ T5856] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 245.649034][ T5856] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 245.655348][ T5856] ? ktime_get_with_offset+0x8c/0x290 [ 245.660712][ T5856] ? seqcount_lockdep_reader_access+0x157/0x220 [ 245.666938][ T5856] ? lockdep_hardirqs_on+0x99/0x150 [ 245.672136][ T5856] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 245.678384][ T5856] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 245.684964][ T5856] ? _raw_spin_unlock+0x28/0x50 [ 245.689802][ T5856] ? __asan_memset+0x23/0x50 [ 245.694396][ T5856] ? bpf_obj_name_cpy+0x18a/0x1d0 [ 245.699405][ T5856] bpf_prog_load+0x1667/0x20f0 [ 245.704153][ T5856] ? __pfx_bpf_prog_load+0x10/0x10 [ 245.709248][ T5856] ? __pfx___might_resched+0x10/0x10 [ 245.714522][ T5856] ? __might_fault+0xc6/0x120 [ 245.719253][ T5856] __sys_bpf+0x4ee/0x810 [ 245.723677][ T5856] ? __pfx___sys_bpf+0x10/0x10 [ 245.728443][ T5856] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 245.734758][ T5856] ? do_syscall_64+0x100/0x230 [ 245.739521][ T5856] __x64_sys_bpf+0x7c/0x90 [ 245.743923][ T5856] do_syscall_64+0xf3/0x230 [ 245.748404][ T5856] ? clear_bhb_loop+0x35/0x90 [ 245.753063][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.759051][ T5856] RIP: 0033:0x7f82b1a0e2f9 [ 245.763452][ T5856] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 245.783054][ T5856] RSP: 002b:00007fffa78fc1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 245.791544][ T5856] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f82b1a0e2f9 [ 245.799535][ T5856] RDX: 0000000000000090 RSI: 0000000020000840 RDI: 0000000000000005 [ 245.807491][ T5856] RBP: 000000000003551f R08: 0000000000000000 R09: 00007fffa78fc21c [ 245.815447][ T5856] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffa78fc21c [ 245.824092][ T5856] R13: 431bde82d7b634db R14: 00007fffa78fc230 R15: 0000000000000001 [ 245.832061][ T5856] [ 245.835062][ T5856] [ 245.837389][ T5856] The buggy address belongs to the virtual mapping at [ 245.837389][ T5856] [ffffc9000c200000, ffffc9000c801000) created by: [ 245.837389][ T5856] kvrealloc_noprof+0xc7/0x120 [ 245.855180][ T5856] [ 245.857488][ T5856] The buggy address belongs to the physical page: [ 245.863926][ T5856] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6da00 [ 245.872774][ T5856] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 245.879877][ T5856] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 245.888441][ T5856] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 245.896996][ T5856] page dumped because: kasan: bad access detected [ 245.903392][ T5856] page_owner tracks the page as allocated [ 245.909080][ T5856] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 5856, tgid 5856 (syz-executor382), ts 245334294068, free_ts 15243076114 [ 245.926769][ T5856] post_alloc_hook+0x1f3/0x230 [ 245.931520][ T5856] get_page_from_freelist+0x3725/0x3870 [ 245.937137][ T5856] __alloc_pages_noprof+0x292/0x710 [ 245.942333][ T5856] alloc_pages_mpol_noprof+0x3e8/0x680 [ 245.947791][ T5856] __vmalloc_node_range_noprof+0x9c9/0x1380 [ 245.953668][ T5856] __kvmalloc_node_noprof+0x142/0x190 [ 245.959035][ T5856] kvrealloc_noprof+0xc7/0x120 [ 245.963778][ T5856] push_insn_history+0x16c/0x6a0 [ 245.968694][ T5856] check_mem_access+0xf30/0x2240 [ 245.973616][ T5856] do_check+0x7d97/0xfcd0 [ 245.977922][ T5856] do_check_common+0x1564/0x2010 [ 245.982850][ T5856] bpf_check+0x19380/0x1f1b0 [ 245.987505][ T5856] bpf_prog_load+0x1667/0x20f0 [ 245.992260][ T5856] __sys_bpf+0x4ee/0x810 [ 245.996496][ T5856] __x64_sys_bpf+0x7c/0x90 [ 246.000890][ T5856] do_syscall_64+0xf3/0x230 [ 246.005383][ T5856] page last free pid 1 tgid 1 stack trace: [ 246.011161][ T5856] free_unref_page+0xdf9/0x1140 [ 246.016024][ T5856] free_contig_range+0x152/0x550 [ 246.020958][ T5856] destroy_args+0x92/0x910 [ 246.025382][ T5856] debug_vm_pgtable+0x4be/0x550 [ 246.030217][ T5856] do_one_initcall+0x248/0x880 [ 246.034967][ T5856] do_initcall_level+0x157/0x210 [ 246.039908][ T5856] do_initcalls+0x3f/0x80 [ 246.044239][ T5856] kernel_init_freeable+0x435/0x5d0 [ 246.049424][ T5856] kernel_init+0x1d/0x2b0 [ 246.053751][ T5856] ret_from_fork+0x4b/0x80 [ 246.058167][ T5856] ret_from_fork_asm+0x1a/0x30 [ 246.062935][ T5856] [ 246.065243][ T5856] Memory state around the buggy address: [ 246.070876][ T5856] ffffc9000c5fff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 246.078945][ T5856] ffffc9000c5fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 246.087077][ T5856] >ffffc9000c600000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 246.095211][ T5856] ^ [ 246.100386][ T5856] ffffc9000c600080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 246.108430][ T5856] ffffc9000c600100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 246.116470][ T5856] ================================================================== [ 246.125464][ T5856] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 246.132661][ T5856] CPU: 1 UID: 0 PID: 5856 Comm: syz-executor382 Not tainted 6.12.0-next-20241120-syzkaller #0 [ 246.142889][ T5856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 246.152940][ T5856] Call Trace: [ 246.156206][ T5856] [ 246.159116][ T5856] dump_stack_lvl+0x241/0x360 [ 246.163782][ T5856] ? __pfx_dump_stack_lvl+0x10/0x10 [ 246.168962][ T5856] ? __pfx__printk+0x10/0x10 [ 246.173535][ T5856] ? preempt_schedule+0xe1/0xf0 [ 246.178371][ T5856] ? vscnprintf+0x5d/0x90 [ 246.182683][ T5856] panic+0x349/0x880 [ 246.186583][ T5856] ? check_panic_on_warn+0x21/0xb0 [ 246.191862][ T5856] ? __pfx_panic+0x10/0x10 [ 246.196273][ T5856] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 246.202251][ T5856] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 246.208567][ T5856] ? print_report+0x502/0x550 [ 246.213241][ T5856] check_panic_on_warn+0x86/0xb0 [ 246.218167][ T5856] ? vrealloc_noprof+0x340/0x3a0 [ 246.223085][ T5856] end_report+0x77/0x160 [ 246.227315][ T5856] kasan_report+0x154/0x180 [ 246.231823][ T5856] ? vrealloc_noprof+0x340/0x3a0 [ 246.236833][ T5856] kasan_check_range+0x282/0x290 [ 246.241759][ T5856] __asan_memset+0x23/0x50 [ 246.246161][ T5856] vrealloc_noprof+0x340/0x3a0 [ 246.250912][ T5856] push_insn_history+0x16c/0x6a0 [ 246.255841][ T5856] check_mem_access+0xf30/0x2240 [ 246.260765][ T5856] ? __reg_deduce_bounds+0xc57/0x10d0 [ 246.266193][ T5856] ? __pfx_check_mem_access+0x10/0x10 [ 246.271569][ T5856] ? is_reg64+0x306/0x3a0 [ 246.275891][ T5856] ? __check_reg_arg+0x180/0x4d0 [ 246.280812][ T5856] do_check+0x7d97/0xfcd0 [ 246.285144][ T5856] ? __pfx_do_check+0x10/0x10 [ 246.289819][ T5856] ? mark_reg_not_init+0xd4/0x4b0 [ 246.294824][ T5856] ? __asan_memcpy+0x40/0x70 [ 246.299394][ T5856] ? mark_reg_not_init+0xd4/0x4b0 [ 246.304418][ T5856] do_check_common+0x1564/0x2010 [ 246.309340][ T5856] bpf_check+0x19380/0x1f1b0 [ 246.313927][ T5856] ? bpf_prog_alloc+0x3a/0x1b0 [ 246.318692][ T5856] ? __pfx_validate_chain+0x10/0x10 [ 246.323881][ T5856] ? page_ext_get+0x20/0x2a0 [ 246.328458][ T5856] ? page_ext_get+0x1d6/0x2a0 [ 246.333120][ T5856] ? post_alloc_hook+0x206/0x230 [ 246.338045][ T5856] ? get_page_from_freelist+0x3725/0x3870 [ 246.343758][ T5856] ? __pfx_validate_chain+0x10/0x10 [ 246.348948][ T5856] ? validate_chain+0x11e/0x5920 [ 246.353879][ T5856] ? validate_chain+0x11e/0x5920 [ 246.358811][ T5856] ? mark_lock+0x9a/0x360 [ 246.363128][ T5856] ? validate_chain+0x11e/0x5920 [ 246.368048][ T5856] ? validate_chain+0x11e/0x5920 [ 246.372970][ T5856] ? __pfx_validate_chain+0x10/0x10 [ 246.378152][ T5856] ? validate_chain+0x11e/0x5920 [ 246.383069][ T5856] ? validate_chain+0x11e/0x5920 [ 246.387986][ T5856] ? validate_chain+0x11e/0x5920 [ 246.392909][ T5856] ? __pfx_validate_chain+0x10/0x10 [ 246.398093][ T5856] ? __pfx_validate_chain+0x10/0x10 [ 246.403277][ T5856] ? __pfx_bpf_check+0x10/0x10 [ 246.408036][ T5856] ? __pfx_validate_chain+0x10/0x10 [ 246.413226][ T5856] ? mark_lock+0x9a/0x360 [ 246.417552][ T5856] ? mark_lock+0x9a/0x360 [ 246.421889][ T5856] ? __lock_acquire+0x1397/0x2100 [ 246.426896][ T5856] ? mark_lock+0x9a/0x360 [ 246.431209][ T5856] ? __lock_acquire+0x1397/0x2100 [ 246.436227][ T5856] ? __pfx_lock_acquire+0x10/0x10 [ 246.441255][ T5856] ? ktime_get_with_offset+0x8c/0x290 [ 246.446617][ T5856] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 246.452576][ T5856] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 246.458882][ T5856] ? ktime_get_with_offset+0x8c/0x290 [ 246.464237][ T5856] ? seqcount_lockdep_reader_access+0x157/0x220 [ 246.470465][ T5856] ? lockdep_hardirqs_on+0x99/0x150 [ 246.475645][ T5856] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 246.481864][ T5856] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 246.488433][ T5856] ? _raw_spin_unlock+0x28/0x50 [ 246.493268][ T5856] ? __asan_memset+0x23/0x50 [ 246.497836][ T5856] ? bpf_obj_name_cpy+0x18a/0x1d0 [ 246.502839][ T5856] bpf_prog_load+0x1667/0x20f0 [ 246.507610][ T5856] ? __pfx_bpf_prog_load+0x10/0x10 [ 246.512700][ T5856] ? __pfx___might_resched+0x10/0x10 [ 246.517985][ T5856] ? __might_fault+0xc6/0x120 [ 246.522664][ T5856] __sys_bpf+0x4ee/0x810 [ 246.526913][ T5856] ? __pfx___sys_bpf+0x10/0x10 [ 246.531673][ T5856] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 246.537996][ T5856] ? do_syscall_64+0x100/0x230 [ 246.542756][ T5856] __x64_sys_bpf+0x7c/0x90 [ 246.547275][ T5856] do_syscall_64+0xf3/0x230 [ 246.551768][ T5856] ? clear_bhb_loop+0x35/0x90 [ 246.556433][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.562318][ T5856] RIP: 0033:0x7f82b1a0e2f9 [ 246.566719][ T5856] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 246.586315][ T5856] RSP: 002b:00007fffa78fc1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 246.594717][ T5856] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f82b1a0e2f9 [ 246.602688][ T5856] RDX: 0000000000000090 RSI: 0000000020000840 RDI: 0000000000000005 [ 246.610660][ T5856] RBP: 000000000003551f R08: 0000000000000000 R09: 00007fffa78fc21c [ 246.618716][ T5856] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffa78fc21c [ 246.626760][ T5856] R13: 431bde82d7b634db R14: 00007fffa78fc230 R15: 0000000000000001 [ 246.634719][ T5856] [ 246.637997][ T5856] Kernel Offset: disabled [ 246.642322][ T5856] Rebooting in 86400 seconds..