Warning: Permanently added '10.128.1.174' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   58.850468][ T3543] ==================================================================
[   58.855124][ T3545] BUG: unable to handle page fault for address: ffffc90003a20000
[   58.858696][ T3543] BUG: KASAN: stack-out-of-bounds in hash+0x1d4/0xab0
[   58.867031][ T3545] #PF: supervisor read access in kernel mode
[   58.873875][ T3543] Read of size 4 at addr ffffc900039efc40 by task syz-executor215/3543
[   58.880109][ T3545] #PF: error_code(0x0000) - not-present page
[   58.888414][ T3543] 
[   58.888422][ T3543] CPU: 1 PID: 3543 Comm: syz-executor215 Not tainted 6.1.83-syzkaller #0
[   58.894598][ T3545] PGD 12400067 
[   58.896935][ T3543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   58.905675][ T3545] P4D 12400067 
[   58.909212][ T3543] Call Trace:
[   58.919601][ T3545] PUD 1261d067 
[   58.923178][ T3543]  <TASK>
[   58.926527][ T3545] PMD 1ea41067 
[   58.930284][ T3543]  dump_stack_lvl+0x1e3/0x2cb
[   58.933286][ T3545] PTE 0
[   58.936904][ T3543]  ? nf_tcp_handle_invalid+0x642/0x642
[   58.941638][ T3545] 
[   58.941645][ T3545] Oops: 0000 [#1] PREEMPT SMP KASAN
[   58.944556][ T3543]  ? panic+0x75d/0x75d
[   58.950341][ T3545] CPU: 0 PID: 3545 Comm: syz-executor215 Not tainted 6.1.83-syzkaller #0
[   58.952738][ T3543]  ? _printk+0xd1/0x111
[   58.957994][ T3545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   58.962263][ T3543]  ? _raw_spin_lock_irqsave+0xac/0x120
[   58.970965][ T3545] RIP: 0010:hash+0x103/0xab0
[   58.975117][ T3543]  print_report+0x15f/0x4f0
[   58.985881][ T3545] Code: e8 03 0f b6 04 10 84 c0 0f 85 b4 00 00 00 41 03 6c 24 f8 49 8d 7f 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 bc 00 00 00 <45> 03 6c 24 fc 44 29 eb 44 89 e8 c1 c0 04 31 d8 41 01 ed 89 c1 c1
[   58.992396][ T3543]  ? __virt_addr_valid+0xb9/0x520
[   58.997218][ T3545] RSP: 0018:ffffc90003a1fb58 EFLAGS: 00010292
[   59.001846][ T3543]  ? hash+0x1d4/0xab0
[   59.022515][ T3545] 
[   59.022528][ T3545] RAX: 0000000000000000 RBX: 000000001f11dd37 RCX: ffffffff81a59ca4
[   59.027985][ T3543]  kasan_report+0x136/0x160
[   59.034553][ T3545] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffc90003a20000
[   59.038553][ T3543]  ? hash+0x1d4/0xab0
[   59.041121][ T3545] RBP: 00000000a85c037c R08: ffffffff81a59b64 R09: fffffbfff2092e45
[   59.049705][ T3543]  hash+0x1d4/0xab0
[   59.054469][ T3545] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90003a20004
[   59.062519][ T3543]  bloom_map_peek_elem+0xb1/0x1b0
[   59.066484][ T3545] R13: 00000000066f947f R14: 000000003ffffe81 R15: ffffc90003a1fff8
[   59.074991][ T3543]  ? bpf_trace_run2+0x1fd/0x410
[   59.078879][ T3545] FS:  00005555570c1380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   59.087365][ T3543]  ? bpf_trace_run2+0x110/0x410
[   59.092391][ T3545] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   59.101036][ T3543]  ? bpf_trace_run1+0x3d0/0x3d0
[   59.106057][ T3545] CR2: ffffc90003a20000 CR3: 0000000076e70000 CR4: 00000000003506f0
[   59.115312][ T3543]  ? __rwlock_init+0x140/0x140
[   59.120755][ T3545] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   59.127618][ T3543]  ? __bpf_trace_ext4_evict_inode+0x20/0x20
[   59.132578][ T3545] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   59.141340][ T3543]  ? __traceiter_ext4_drop_inode+0x6b/0xb0
[   59.147044][ T3545] Call Trace:
[   59.147053][ T3545]  <TASK>
[   59.155635][ T3543]  ? ext4_drop_inode+0x256/0x2e0
[   59.162166][ T3545]  ? __die_body+0x5e/0xa0
[   59.171431][ T3543]  ? ext4_free_in_core_inode+0xa0/0xa0
[   59.178414][ T3545]  ? page_fault_oops+0x7fe/0xaa0
[   59.181767][ T3543]  ? iput+0x4ca/0x980
[   59.184831][ T3545]  ? kernelmode_fixup_or_oops+0x2a0/0x2a0
[   59.189832][ T3543]  ? do_unlinkat+0x509/0x820
[   59.194167][ T3545]  ? validate_chain+0x112/0x5950
[   59.200139][ T3543]  ? fsnotify_link_count+0xf0/0xf0
[   59.205323][ T3545]  ? page_fault_oops+0xaa0/0xaa0
[   59.209310][ T3543]  ? __x64_sys_unlink+0x45/0x50
[   59.215089][ T3545]  ? mark_lock+0x9a/0x340
[   59.219662][ T3543]  ? do_syscall_64+0x3d/0xb0
[   59.224870][ T3545]  ? kernelmode_fixup_or_oops+0x225/0x2a0
[   59.230270][ T3543]  ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.235289][ T3545]  ? __bad_area_nosemaphore+0x126/0x730
[   59.240386][ T3543]  </TASK>
[   59.244707][ T3545]  ? mark_lock+0x9a/0x340
[   59.249275][ T3543] 
[   59.249280][ T3543] The buggy address belongs to stack of task syz-executor215/3543
[   59.255058][ T3545]  ? bad_area_nosemaphore+0x30/0x30
[   59.261627][ T3543]  and is located at offset 0 in frame:
[   59.267349][ T3545]  ? exc_page_fault+0x3bf/0x660
[   59.270524][ T3543]  bpf_trace_run2+0x0/0x410
[   59.275269][ T3545]  ? asm_exc_page_fault+0x22/0x30
[   59.277700][ T3543] 
[   59.277704][ T3543] This frame has 1 object:
[   59.286189][ T3545]  ? hash+0x94/0xab0
[   59.291363][ T3543]  [32, 48) 'args'
[   59.296977][ T3545]  ? hash+0x1d4/0xab0
[   59.302150][ T3543] 
[   59.302163][ T3543] The buggy address belongs to the virtual mapping at
[   59.302163][ T3543]  [ffffc900039e8000, ffffc900039f1000) created by:
[   59.302163][ T3543]  copy_process+0x637/0x4060
[   59.306629][ T3545]  ? hash+0x103/0xab0
[   59.311903][ T3543] 
[   59.311910][ T3543] The buggy address belongs to the physical page:
[   59.314297][ T3545]  ? hash+0x1d4/0xab0
[   59.318953][ T3543] page:ffffea0000a45cc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29173
[   59.322826][ T3545]  bloom_map_peek_elem+0xb1/0x1b0
[   59.326571][ T3543] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   59.330662][ T3545]  bpf_prog_00798911c748094f+0x3a/0x3e
[   59.333142][ T3543] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   59.351959][ T3545]  bpf_trace_run2+0x1fd/0x410
[   59.355939][ T3543] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   59.358362][ T3545]  ? bpf_trace_run2+0x110/0x410
[   59.364750][ T3543] page dumped because: kasan: bad access detected
[   59.368887][ T3545]  ? bpf_trace_run1+0x3d0/0x3d0
[   59.379600][ T3543] page_owner tracks the page as allocated
[   59.385158][ T3545]  ? __rwlock_init+0x140/0x140
[   59.392627][ T3543] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 3536, tgid 3536 (sshd), ts 52905924309, free_ts 52901846691
[   59.398425][ T3545]  ? __bpf_trace_ext4_evict_inode+0x20/0x20
[   59.407345][ T3543]  post_alloc_hook+0x18d/0x1b0
[   59.412055][ T3545]  __traceiter_ext4_drop_inode+0x6b/0xb0
[   59.420801][ T3543]  get_page_from_freelist+0x31a1/0x3320
[   59.425935][ T3545]  ext4_drop_inode+0x256/0x2e0
[   59.432694][ T3543]  __alloc_pages+0x28d/0x770
[   59.437815][ T3545]  ? ext4_free_in_core_inode+0xa0/0xa0
[   59.443881][ T3543]  __vmalloc_node_range+0x96c/0x1460
[   59.449187][ T3545]  iput+0x4ca/0x980
[   59.469483][ T3543]  dup_task_struct+0x3e5/0x6d0
[   59.476043][ T3545]  do_unlinkat+0x509/0x820
[   59.481501][ T3543]  copy_process+0x637/0x4060
[   59.487913][ T3545]  ? fsnotify_link_count+0xf0/0xf0
[   59.494558][ T3543]  kernel_clone+0x222/0x920
[   59.499914][ T3545]  __x64_sys_unlink+0x45/0x50
[   59.505863][ T3543]  __x64_sys_clone+0x231/0x280
[   59.511387][ T3545]  do_syscall_64+0x3d/0xb0
[   59.517001][ T3543]  do_syscall_64+0x3d/0xb0
[   59.521074][ T3545]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.526007][ T3543]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.530414][ T3545] RIP: 0033:0x7f7e51025fc7
[   59.535067][ T3543] page last free stack trace:
[   59.540716][ T3545] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   59.545567][ T3543]  free_unref_page_prepare+0xf63/0x1120
[   59.550447][ T3545] RSP: 002b:00007ffea6f4abd8 EFLAGS: 00000206
[   59.555553][ T3543]  free_unref_page_list+0x663/0x900
[   59.559957][ T3545]  ORIG_RAX: 0000000000000057
[   59.564528][ T3543]  release_pages+0x2836/0x2b40
[   59.571015][ T3545] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7e51025fc7
[   59.577248][ T3543]  tlb_flush_mmu+0xfc/0x210
[   59.584178][ T3545] RDX: 00007ffea6f4ac00 RSI: 00007ffea6f4ac90 RDI: 00007ffea6f4ac90
[   59.588930][ T3543]  tlb_finish_mmu+0xce/0x1f0
[   59.609216][ T3545] RBP: 00007ffea6f4ac90 R08: 0000000000000000 R09: 0000000000000000
[   59.615009][ T3543]  exit_mmap+0x3c3/0x9f0
[   59.621236][ T3545] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffea6f4bd00
[   59.626514][ T3543]  __mmput+0x115/0x3c0
[   59.631438][ T3545] R13: 00005555570c26c0 R14: 00007ffea6f4bd00 R15: 0000000000000002
[   59.636284][ T3543]  exit_mm+0x226/0x300
[   59.644822][ T3545]  </TASK>
[   59.649336][ T3543]  do_exit+0x9f6/0x26a0
[   59.657662][ T3545] Modules linked in:
[   59.663415][ T3543]  do_group_exit+0x202/0x2b0
[   59.672027][ T3545] CR2: ffffc90003a20000
[   59.676717][ T3543]  __x64_sys_exit_group+0x3b/0x40
[   59.686628][ T3545] ---[ end trace 0000000000000000 ]---
[   59.690983][ T3543]  do_syscall_64+0x3d/0xb0
[   59.699256][ T3545] RIP: 0010:hash+0x103/0xab0
[   59.703575][ T3543]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.706577][ T3545] Code: e8 03 0f b6 04 10 84 c0 0f 85 b4 00 00 00 41 03 6c 24 f8 49 8d 7f 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 bc 00 00 00 <45> 03 6c 24 fc 44 29 eb 44 89 e8 c1 c0 04 31 d8 41 01 ed 89 c1 c1
[   59.711095][ T3543] 
[   59.715058][ T3545] RSP: 0018:ffffc90003a1fb58 EFLAGS: 00010292
[   59.719901][ T3543] Memory state around the buggy address:
[   59.719912][ T3543]  ffffc900039efb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.724141][ T3545] 
[   59.724147][ T3545] RAX: 0000000000000000 RBX: 000000001f11dd37 RCX: ffffffff81a59ca4
[   59.729317][ T3543]  ffffc900039efb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.734938][ T3545] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffc90003a20000
[   59.739332][ T3543] >ffffc900039efc00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3
[   59.744258][ T3545] RBP: 00000000a85c037c R08: ffffffff81a59b64 R09: fffffbfff2092e45
[   59.750381][ T3543]                                            ^
[   59.750391][ T3543]  ffffc900039efc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.770552][ T3545] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90003a20004
[   59.772869][ T3543]  ffffc900039efd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.779382][ T3545] R13: 00000000066f947f R14: 000000003ffffe81 R15: ffffc90003a1fff8
[   59.785447][ T3543] ==================================================================
[   59.785758][ T3543] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   59.794207][ T3545] FS:  00005555570c1380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   59.794234][ T3545] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   59.794245][ T3545] CR2: ffffc90003a20000 CR3: 0000000076e70000 CR4: 00000000003506f0
[   59.794259][ T3545] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   59.794269][ T3545] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   60.932184][ T3543] Shutting down cpus with NMI
[   61.083980][ T3543] Kernel Offset: disabled
[   61.088847][ T3543] Rebooting in 86400 seconds..