./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1831202839
<...>
Warning: Permanently added '10.128.10.60' (ECDSA) to the list of known hosts.
execve("./syz-executor1831202839", ["./syz-executor1831202839"], 0x7ffdf475a170 /* 10 vars */) = 0
brk(NULL) = 0x5555571a4000
brk(0x5555571a4c40) = 0x5555571a4c40
arch_prctl(ARCH_SET_FS, 0x5555571a4300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1831202839", 4096) = 28
brk(0x5555571c5c40) = 0x5555571c5c40
brk(0x5555571c6000) = 0x5555571c6000
mprotect(0x7f99f3e25000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x01\x04\x00\xee\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x01\x00\x00\x00\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x72\x69\x64\x67\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60
socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM) = 4
syzkaller login: [ 54.037528][ T5071] netlink: 12 bytes leftover after parsing attributes in process `syz-executor183'.
[ 54.088250][ C0] ==================================================================
[ 54.096373][ C0] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x5f79/0x6d80
[ 54.104311][ C0] Read of size 4 at addr ffffc90000007ad0 by task udevd/5074
[ 54.111694][ C0]
[ 54.114014][ C0] CPU: 0 PID: 5074 Comm: udevd Not tainted 6.1.0-syzkaller-04343-gd039535850ee #0
[ 54.123209][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.133269][ C0] Call Trace:
[ 54.136543][ C0]
[ 54.139381][ C0] dump_stack_lvl+0xd1/0x138
[ 54.143984][ C0] print_report+0x15e/0x45d
[ 54.148495][ C0] ? xfrm_state_find+0x5f79/0x6d80
[ 54.153613][ C0] kasan_report+0xbf/0x1f0
[ 54.158032][ C0] ? xfrm_state_find+0x5f79/0x6d80
[ 54.163151][ C0] xfrm_state_find+0x5f79/0x6d80
[ 54.168101][ C0] ? xfrm_state_add+0xe30/0xe30
[ 54.172990][ C0] ? find_held_lock+0x2d/0x110
[ 54.177775][ C0] ? xfrm_tmpl_resolve+0x653/0xd40
[ 54.182888][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 54.187745][ C0] xfrm_tmpl_resolve+0x2f3/0xd40
[ 54.192695][ C0] ? __xfrm_dst_lookup+0x130/0x130
[ 54.197810][ C0] ? xfrm_policy_find_inexact_candidates+0x13f/0x1d0
[ 54.204491][ C0] ? find_held_lock+0x2d/0x110
[ 54.209267][ C0] xfrm_resolve_and_create_bundle+0x123/0x2580
[ 54.215429][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 54.220286][ C0] ? xfrm_tmpl_resolve+0xd40/0xd40
[ 54.225401][ C0] ? xfrm_policy_match+0x2e0/0x2e0
[ 54.230517][ C0] ? xfrm_expand_policies+0x25b/0x680
[ 54.235892][ C0] xfrm_lookup_with_ifid+0x449/0x20f0
[ 54.241272][ C0] ? xfrm_expand_policies+0x680/0x680
[ 54.246647][ C0] ? ip_route_output_key_hash+0x1c9/0x300
[ 54.252373][ C0] ? ip_route_output_key_hash_rcu+0x2bc0/0x2bc0
[ 54.258616][ C0] xfrm_lookup_route+0x3a/0x1e0
[ 54.263472][ C0] ip_route_output_flow+0x118/0x150
[ 54.268671][ C0] igmpv3_newpack+0x29d/0x1110
[ 54.273445][ C0] ? ip_mc_join_group+0x30/0x30
[ 54.278300][ C0] ? lock_chain_count+0x20/0x20
[ 54.283149][ C0] add_grhead+0x266/0x300
[ 54.287490][ C0] add_grec+0xea5/0x1100
[ 54.291739][ C0] ? add_grhead+0x300/0x300
[ 54.296244][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 54.301187][ C0] igmp_ifc_timer_expire+0x636/0xf70
[ 54.306481][ C0] call_timer_fn+0x1da/0x7c0
[ 54.311073][ C0] ? add_grec+0x1100/0x1100
[ 54.315577][ C0] ? timer_fixup_activate+0x3e0/0x3e0
[ 54.320954][ C0] ? add_grec+0x1100/0x1100
[ 54.325460][ C0] ? _raw_spin_unlock_irq+0x23/0x50
[ 54.330662][ C0] ? add_grec+0x1100/0x1100
[ 54.335171][ C0] ? add_grec+0x1100/0x1100
[ 54.339689][ C0] expire_timers+0x2c6/0x5c0
[ 54.344295][ C0] run_timer_softirq+0x326/0x910
[ 54.349236][ C0] ? expire_timers+0x5c0/0x5c0
[ 54.354008][ C0] __do_softirq+0x1fb/0xadc
[ 54.358519][ C0] __irq_exit_rcu+0x123/0x180
[ 54.363197][ C0] irq_exit_rcu+0x9/0x20
[ 54.367439][ C0] sysvec_apic_timer_interrupt+0x97/0xc0
[ 54.373084][ C0]
[ 54.376007][ C0]
[ 54.378943][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 54.384922][ C0] RIP: 0010:folio_memcg_lock+0x189/0x630
[ 54.390558][ C0] Code: d0 d6 81 58 e8 38 1e 8d ff 4d 85 f6 0f 85 9e 02 00 00 9c 58 f6 c4 02 0f 85 53 03 00 00 4d 85 f6 74 01 fb 4c 8d b3 40 09 00 00 04 00 00 00 4c 89 f7 e8 0a 86 f8 ff 4c 89 f0 48 c1 e8 03 42 0f
[ 54.410160][ C0] RSP: 0000:ffffc90003cefab8 EFLAGS: 00000206
[ 54.416225][ C0] RAX: 0000000000000002 RBX: ffff888140140000 RCX: 1ffffffff22670ae
[ 54.424194][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 54.432157][ C0] RBP: ffffc90003cefb08 R08: 0000000000000001 R09: ffffffff91335ac7
[ 54.440122][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: dffffc0000000000
[ 54.448086][ C0] R13: ffffea0002e655f8 R14: ffff888140140940 R15: ffffea0002e655c8
[ 54.456067][ C0] page_add_file_rmap+0x3d/0x970
[ 54.461015][ C0] ? rcu_read_lock_sched_held+0x3e/0x70
[ 54.466570][ C0] do_set_pte+0x431/0x7b0
[ 54.470907][ C0] filemap_map_pages+0xcd3/0x1a80
[ 54.475938][ C0] ? filemap_get_read_batch+0x8c0/0x8c0
[ 54.481486][ C0] ? lock_chain_count+0x20/0x20
[ 54.486337][ C0] __handle_mm_fault+0x22d0/0x3c90
[ 54.491463][ C0] ? vm_iomap_memory+0x190/0x190
[ 54.496415][ C0] handle_mm_fault+0x1b6/0x850
[ 54.501190][ C0] do_user_addr_fault+0x475/0x1210
[ 54.506308][ C0] ? rcu_read_lock_sched_held+0x3e/0x70
[ 54.511866][ C0] exc_page_fault+0x98/0x170
[ 54.516466][ C0] asm_exc_page_fault+0x26/0x30
[ 54.521319][ C0] RIP: 0033:0x7f21962ae850
[ 54.525741][ C0] Code: Unable to access opcode bytes at 0x7f21962ae826.
[ 54.532748][ C0] RSP: 002b:00007ffe53c84dc8 EFLAGS: 00010206
[ 54.538808][ C0] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f219633432a
[ 54.546775][ C0] RDX: 000000000000000c RSI: 000055c20721172e RDI: 000055c20720f185
[ 54.554739][ C0] RBP: 000055c208618670 R08: 0000000000000007 R09: 000055c2085f4d10
[ 54.562703][ C0] R10: 00007f219633476a R11: 0000000000000246 R12: 000055c2072155c5
[ 54.570675][ C0] R13: 0000000000000004 R14: 00007ffe53c84e1c R15: 000055c2085f4910
[ 54.578650][ C0]
[ 54.581669][ C0]
[ 54.583987][ C0] The buggy address belongs to the virtual mapping at
[ 54.583987][ C0] [ffffc90000000000, ffffc90000009000) created by:
[ 54.583987][ C0] irq_init_percpu_irqstack+0x1d0/0x320
[ 54.602568][ C0]
[ 54.604881][ C0] The buggy address belongs to the physical page:
[ 54.611279][ C0] page:ffffea0002e60240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb9809
[ 54.621422][ C0] flags: 0xfff00000001000(reserved|node=0|zone=1|lastcpupid=0x7ff)
[ 54.629315][ C0] raw: 00fff00000001000 ffffea0002e60248 ffffea0002e60248 0000000000000000
[ 54.637894][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 54.646468][ C0] page dumped because: kasan: bad access detected
[ 54.652868][ C0] page_owner info is not present (never set?)
[ 54.658916][ C0]
[ 54.661234][ C0] Memory state around the buggy address:
[ 54.666851][ C0] ffffc90000007980: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 54.674906][ C0] ffffc90000007a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 54.682959][ C0] >ffffc90000007a80: f1 f1 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00
[ 54.691009][ C0] ^
[ 54.697684][ C0] ffffc90000007b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 54.705740][ C0] ffffc90000007b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
[ 54.713790][ C0] ==================================================================
[ 54.721886][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 54.729081][ C0] CPU: 0 PID: 5074 Comm: udevd Not tainted 6.1.0-syzkaller-04343-gd039535850ee #0
[ 54.738288][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.748353][ C0] Call Trace:
[ 54.751635][ C0]
[ 54.754496][ C0] dump_stack_lvl+0xd1/0x138
[ 54.759111][ C0] panic+0x2cc/0x626
[ 54.763029][ C0] ? panic_print_sys_info.part.0+0x110/0x110
[ 54.769036][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 54.775218][ C0] check_panic_on_warn.cold+0x19/0x35
[ 54.780615][ C0] end_report.part.0+0x36/0x73
[ 54.785403][ C0] ? xfrm_state_find+0x5f79/0x6d80
[ 54.790522][ C0] kasan_report.cold+0xa/0xf
[ 54.795121][ C0] ? xfrm_state_find+0x5f79/0x6d80
[ 54.800239][ C0] xfrm_state_find+0x5f79/0x6d80
[ 54.805191][ C0] ? xfrm_state_add+0xe30/0xe30
[ 54.810052][ C0] ? find_held_lock+0x2d/0x110
[ 54.814834][ C0] ? xfrm_tmpl_resolve+0x653/0xd40
[ 54.819956][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 54.824827][ C0] xfrm_tmpl_resolve+0x2f3/0xd40
[ 54.829779][ C0] ? __xfrm_dst_lookup+0x130/0x130
[ 54.834912][ C0] ? xfrm_policy_find_inexact_candidates+0x13f/0x1d0
[ 54.841591][ C0] ? find_held_lock+0x2d/0x110
[ 54.846374][ C0] xfrm_resolve_and_create_bundle+0x123/0x2580
[ 54.852532][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 54.857391][ C0] ? xfrm_tmpl_resolve+0xd40/0xd40
[ 54.862509][ C0] ? xfrm_policy_match+0x2e0/0x2e0
[ 54.867640][ C0] ? xfrm_expand_policies+0x25b/0x680
[ 54.873034][ C0] xfrm_lookup_with_ifid+0x449/0x20f0
[ 54.878423][ C0] ? xfrm_expand_policies+0x680/0x680
[ 54.883799][ C0] ? ip_route_output_key_hash+0x1c9/0x300
[ 54.889521][ C0] ? ip_route_output_key_hash_rcu+0x2bc0/0x2bc0
[ 54.895766][ C0] xfrm_lookup_route+0x3a/0x1e0
[ 54.900619][ C0] ip_route_output_flow+0x118/0x150
[ 54.905823][ C0] igmpv3_newpack+0x29d/0x1110
[ 54.910596][ C0] ? ip_mc_join_group+0x30/0x30
[ 54.915459][ C0] ? lock_chain_count+0x20/0x20
[ 54.920310][ C0] add_grhead+0x266/0x300
[ 54.924645][ C0] add_grec+0xea5/0x1100
[ 54.928891][ C0] ? add_grhead+0x300/0x300
[ 54.933393][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 54.938333][ C0] igmp_ifc_timer_expire+0x636/0xf70
[ 54.943633][ C0] call_timer_fn+0x1da/0x7c0
[ 54.948234][ C0] ? add_grec+0x1100/0x1100
[ 54.952739][ C0] ? timer_fixup_activate+0x3e0/0x3e0
[ 54.958114][ C0] ? add_grec+0x1100/0x1100
[ 54.962617][ C0] ? _raw_spin_unlock_irq+0x23/0x50
[ 54.967831][ C0] ? add_grec+0x1100/0x1100
[ 54.972334][ C0] ? add_grec+0x1100/0x1100
[ 54.976840][ C0] expire_timers+0x2c6/0x5c0
[ 54.981436][ C0] run_timer_softirq+0x326/0x910
[ 54.986380][ C0] ? expire_timers+0x5c0/0x5c0
[ 54.991151][ C0] __do_softirq+0x1fb/0xadc
[ 54.995660][ C0] __irq_exit_rcu+0x123/0x180
[ 55.000349][ C0] irq_exit_rcu+0x9/0x20
[ 55.004597][ C0] sysvec_apic_timer_interrupt+0x97/0xc0
[ 55.010240][ C0]
[ 55.013169][ C0]
[ 55.016094][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 55.022077][ C0] RIP: 0010:folio_memcg_lock+0x189/0x630
[ 55.027715][ C0] Code: d0 d6 81 58 e8 38 1e 8d ff 4d 85 f6 0f 85 9e 02 00 00 9c 58 f6 c4 02 0f 85 53 03 00 00 4d 85 f6 74 01 fb 4c 8d b3 40 09 00 00 04 00 00 00 4c 89 f7 e8 0a 86 f8 ff 4c 89 f0 48 c1 e8 03 42 0f
[ 55.047326][ C0] RSP: 0000:ffffc90003cefab8 EFLAGS: 00000206
[ 55.053392][ C0] RAX: 0000000000000002 RBX: ffff888140140000 RCX: 1ffffffff22670ae
[ 55.061362][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 55.069329][ C0] RBP: ffffc90003cefb08 R08: 0000000000000001 R09: ffffffff91335ac7
[ 55.077297][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: dffffc0000000000
[ 55.085263][ C0] R13: ffffea0002e655f8 R14: ffff888140140940 R15: ffffea0002e655c8
[ 55.093246][ C0] page_add_file_rmap+0x3d/0x970
[ 55.098193][ C0] ? rcu_read_lock_sched_held+0x3e/0x70
[ 55.103750][ C0] do_set_pte+0x431/0x7b0
[ 55.108085][ C0] filemap_map_pages+0xcd3/0x1a80
[ 55.113118][ C0] ? filemap_get_read_batch+0x8c0/0x8c0
[ 55.118668][ C0] ? lock_chain_count+0x20/0x20
[ 55.123521][ C0] __handle_mm_fault+0x22d0/0x3c90
[ 55.128639][ C0] ? vm_iomap_memory+0x190/0x190
[ 55.133597][ C0] handle_mm_fault+0x1b6/0x850
[ 55.138369][ C0] do_user_addr_fault+0x475/0x1210
[ 55.143485][ C0] ? rcu_read_lock_sched_held+0x3e/0x70
[ 55.149647][ C0] exc_page_fault+0x98/0x170
[ 55.154256][ C0] asm_exc_page_fault+0x26/0x30
[ 55.159104][ C0] RIP: 0033:0x7f21962ae850
[ 55.163529][ C0] Code: Unable to access opcode bytes at 0x7f21962ae826.
[ 55.170545][ C0] RSP: 002b:00007ffe53c84dc8 EFLAGS: 00010206
[ 55.176607][ C0] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f219633432a
[ 55.184570][ C0] RDX: 000000000000000c RSI: 000055c20721172e RDI: 000055c20720f185
[ 55.192536][ C0] RBP: 000055c208618670 R08: 0000000000000007 R09: 000055c2085f4d10
[ 55.200500][ C0] R10: 00007f219633476a R11: 0000000000000246 R12: 000055c2072155c5
[ 55.208465][ C0] R13: 0000000000000004 R14: 00007ffe53c84e1c R15: 000055c2085f4910
[ 55.216612][ C0]
[ 55.219779][ C0] Kernel Offset: disabled
[ 55.224097][ C0] Rebooting in 86400 seconds..