./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4139541695

<...>
Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts.
execve("./syz-executor4139541695", ["./syz-executor4139541695"], 0x7ffd04650320 /* 10 vars */) = 0
brk(NULL)                               = 0x555556982000
brk(0x555556982c40)                     = 0x555556982c40
arch_prctl(ARCH_SET_FS, 0x555556982300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor4139541695", 4096) = 28
brk(0x5555569a3c40)                     = 0x5555569a3c40
brk(0x5555569a4000)                     = 0x5555569a4000
mprotect(0x7f30dea17000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SKB, insn_cnt=3, insns=0x200005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 3
[   57.065740][ T5295] ==================================================================
[   57.073831][ T5295] BUG: KASAN: slab-out-of-bounds in __build_skb_around+0x235/0x340
[   57.081727][ T5295] Write of size 32 at addr ffff88802aa172c0 by task syz-executor413/5295
[   57.090120][ T5295] 
[   57.092430][ T5295] CPU: 0 PID: 5295 Comm: syz-executor413 Not tainted 6.1.0-rc6-next-20221124-syzkaller #0
[   57.102305][ T5295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.112349][ T5295] Call Trace:
[   57.115617][ T5295]  <TASK>
[   57.118537][ T5295]  dump_stack_lvl+0xd1/0x138
[   57.123117][ T5295]  print_report+0x15e/0x45d
[   57.127606][ T5295]  ? __phys_addr+0xc8/0x140
[   57.132100][ T5295]  ? __build_skb_around+0x235/0x340
[   57.137290][ T5295]  kasan_report+0xbf/0x1f0
[   57.141700][ T5295]  ? __build_skb_around+0x235/0x340
[   57.146893][ T5295]  kasan_check_range+0x141/0x190
[   57.151830][ T5295]  memset+0x24/0x50
[   57.155631][ T5295]  __build_skb_around+0x235/0x340
[   57.160654][ T5295]  __build_skb+0x4f/0x60
[   57.164919][ T5295]  build_skb+0x22/0x280
[   57.169099][ T5295]  bpf_prog_test_run_skb+0x343/0x1e10
[   57.174483][ T5295]  ? bpf_prog_test_run_raw_tp+0x620/0x620
[   57.180217][ T5295]  ? __fget_light+0x20a/0x270
[   57.184921][ T5295]  ? bpf_prog_test_run_raw_tp+0x620/0x620
[   57.190651][ T5295]  __sys_bpf+0x1599/0x4ff0
[   57.195070][ T5295]  ? lock_release+0x810/0x810
[   57.199758][ T5295]  ? bpf_perf_link_attach+0x520/0x520
[   57.205129][ T5295]  ? do_raw_spin_lock+0x124/0x2b0
[   57.210157][ T5295]  ? rwlock_bug.part.0+0x90/0x90
[   57.215091][ T5295]  ? _raw_spin_lock_irq+0x45/0x50
[   57.220127][ T5295]  ? find_held_lock+0x2d/0x110
[   57.224902][ T5295]  ? _raw_spin_unlock_irq+0x23/0x50
[   57.230107][ T5295]  ? lockdep_hardirqs_on+0x7d/0x100
[   57.235311][ T5295]  __x64_sys_bpf+0x79/0xc0
[   57.239727][ T5295]  do_syscall_64+0x39/0xb0
[   57.244146][ T5295]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.250045][ T5295] RIP: 0033:0x7f30de9aad19
[   57.254458][ T5295] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.274059][ T5295] RSP: 002b:00007ffeaee34318 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   57.282470][ T5295] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f30de9aad19
[   57.290437][ T5295] RDX: 0000000000000028 RSI: 0000000020000180 RDI: 000000000000000a
[   57.298401][ T5295] RBP: 00007f30de96eec0 R08: 0000000000000000 R09: 0000000000000000
[   57.306367][ T5295] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f30de96ef50
[   57.314361][ T5295] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   57.322335][ T5295]  </TASK>
[   57.325346][ T5295] 
[   57.327661][ T5295] Allocated by task 5295:
[   57.331992][ T5295]  kasan_save_stack+0x22/0x40
[   57.336684][ T5295]  kasan_set_track+0x25/0x30
[   57.341288][ T5295]  __kasan_kmalloc+0xa5/0xb0
[   57.345909][ T5295]  __kmalloc+0x5a/0xd0
[   57.349985][ T5295]  bpf_test_init.isra.0+0xa5/0x150
[   57.355101][ T5295]  bpf_prog_test_run_skb+0x22e/0x1e10
[   57.360477][ T5295]  __sys_bpf+0x1599/0x4ff0
[   57.364893][ T5295]  __x64_sys_bpf+0x79/0xc0
[   57.369307][ T5295]  do_syscall_64+0x39/0xb0
[   57.373728][ T5295]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.379628][ T5295] 
[   57.381945][ T5295] The buggy address belongs to the object at ffff88802aa17000
[   57.381945][ T5295]  which belongs to the cache kmalloc-1k of size 1024
[   57.395993][ T5295] The buggy address is located 704 bytes inside of
[   57.395993][ T5295]  1024-byte region [ffff88802aa17000, ffff88802aa17400)
[   57.409353][ T5295] 
[   57.411671][ T5295] The buggy address belongs to the physical page:
[   57.418071][ T5295] page:ffffea0000aa8400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2aa10
[   57.428213][ T5295] head:ffffea0000aa8400 order:3 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
[   57.438270][ T5295] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   57.446251][ T5295] raw: 00fff00000010200 ffff888012441dc0 dead000000000122 0000000000000000
[   57.454835][ T5295] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   57.463411][ T5295] page dumped because: kasan: bad access detected
[   57.469813][ T5295] page_owner tracks the page as allocated
[   57.475518][ T5295] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5295, tgid 5295 (strace-static-x), ts 57049914920, free_ts 56991966201
[   57.496359][ T5295]  get_page_from_freelist+0x119c/0x2cd0
[   57.501911][ T5295]  __alloc_pages+0x1cb/0x5b0
[   57.506503][ T5295]  alloc_pages+0x1aa/0x270
[   57.510931][ T5295]  allocate_slab+0x25e/0x350
[   57.515523][ T5295]  ___slab_alloc+0xa91/0x1400
[   57.520209][ T5295]  __slab_alloc.constprop.0+0x56/0xa0
[   57.525586][ T5295]  __kmem_cache_alloc_node+0x1a9/0x430
[   57.531051][ T5295]  __kmalloc+0x4a/0xd0
[   57.535125][ T5295]  tomoyo_init_log+0x1282/0x1ec0
[   57.540064][ T5295]  tomoyo_supervisor+0x354/0xf10
[   57.545005][ T5295]  tomoyo_env_perm+0x183/0x200
[   57.549771][ T5295]  tomoyo_find_next_domain+0x13d2/0x1f80
[   57.555408][ T5295]  tomoyo_bprm_check_security+0x133/0x1c0
[   57.561126][ T5295]  security_bprm_check+0x49/0xb0
[   57.566078][ T5295]  bprm_execve+0x732/0x19f0
[   57.570589][ T5295]  do_execveat_common+0x724/0x890
[   57.575622][ T5295] page last free stack trace:
[   57.580283][ T5295]  free_pcp_prepare+0x65c/0xc00
[   57.585131][ T5295]  free_unref_page+0x1d/0x490
[   57.589805][ T5295]  __unfreeze_partials+0x17c/0x1a0
[   57.594942][ T5295]  qlist_free_all+0x6a/0x170
[   57.599544][ T5295]  kasan_quarantine_reduce+0x192/0x220
[   57.605015][ T5295]  __kasan_slab_alloc+0x66/0x90
[   57.609896][ T5295]  kmem_cache_alloc+0x1e3/0x430
[   57.614756][ T5295]  vm_area_alloc+0x20/0x100
[   57.619267][ T5295]  mmap_region+0x44c/0x1dd0
[   57.623766][ T5295]  do_mmap+0x831/0xf60
[   57.627833][ T5295]  vm_mmap_pgoff+0x1af/0x280
[   57.632431][ T5295]  ksys_mmap_pgoff+0x7d/0x5a0
[   57.637118][ T5295]  do_syscall_64+0x39/0xb0
[   57.641532][ T5295]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.647443][ T5295] 
[   57.649768][ T5295] Memory state around the buggy address:
[   57.655393][ T5295]  ffff88802aa17180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.663455][ T5295]  ffff88802aa17200: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   57.671531][ T5295] >ffff88802aa17280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.679595][ T5295]                                            ^
[   57.685740][ T5295]  ffff88802aa17300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.693801][ T5295]  ffff88802aa17380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.701857][ T5295] ==================================================================
[   57.710111][ T5295] Kernel panic - not syncing: panic_on_warn set ...
[   57.716710][ T5295] CPU: 1 PID: 5295 Comm: syz-executor413 Not tainted 6.1.0-rc6-next-20221124-syzkaller #0
[   57.726697][ T5295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.736751][ T5295] Call Trace:
[   57.740023][ T5295]  <TASK>
[   57.742950][ T5295]  dump_stack_lvl+0xd1/0x138
[   57.747541][ T5295]  panic+0x2cc/0x626
[   57.751438][ T5295]  ? panic_print_sys_info.part.0+0x110/0x110
[   57.757419][ T5295]  ? preempt_schedule_common+0x59/0xc0
[   57.762884][ T5295]  ? preempt_schedule_thunk+0x1a/0x20
[   57.768278][ T5295]  end_report.part.0+0x3f/0x7c
[   57.773048][ T5295]  ? __build_skb_around+0x235/0x340
[   57.778342][ T5295]  kasan_report.cold+0xa/0xf
[   57.782934][ T5295]  ? __build_skb_around+0x235/0x340
[   57.788141][ T5295]  kasan_check_range+0x141/0x190
[   57.793081][ T5295]  memset+0x24/0x50
[   57.796888][ T5295]  __build_skb_around+0x235/0x340
[   57.801918][ T5295]  __build_skb+0x4f/0x60
[   57.806167][ T5295]  build_skb+0x22/0x280
[   57.810338][ T5295]  bpf_prog_test_run_skb+0x343/0x1e10
[   57.815730][ T5295]  ? bpf_prog_test_run_raw_tp+0x620/0x620
[   57.821454][ T5295]  ? __fget_light+0x20a/0x270
[   57.826137][ T5295]  ? bpf_prog_test_run_raw_tp+0x620/0x620
[   57.831861][ T5295]  __sys_bpf+0x1599/0x4ff0
[   57.836276][ T5295]  ? lock_release+0x810/0x810
[   57.840964][ T5295]  ? bpf_perf_link_attach+0x520/0x520
[   57.846344][ T5295]  ? do_raw_spin_lock+0x124/0x2b0
[   57.851368][ T5295]  ? rwlock_bug.part.0+0x90/0x90
[   57.856307][ T5295]  ? _raw_spin_lock_irq+0x45/0x50
[   57.861352][ T5295]  ? find_held_lock+0x2d/0x110
[   57.866136][ T5295]  ? _raw_spin_unlock_irq+0x23/0x50
[   57.871345][ T5295]  ? lockdep_hardirqs_on+0x7d/0x100
[   57.876555][ T5295]  __x64_sys_bpf+0x79/0xc0
[   57.880970][ T5295]  do_syscall_64+0x39/0xb0
[   57.885386][ T5295]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.891286][ T5295] RIP: 0033:0x7f30de9aad19
[   57.895699][ T5295] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.915303][ T5295] RSP: 002b:00007ffeaee34318 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   57.923716][ T5295] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f30de9aad19
[   57.931683][ T5295] RDX: 0000000000000028 RSI: 0000000020000180 RDI: 000000000000000a
[   57.939654][ T5295] RBP: 00007f30de96eec0 R08: 0000000000000000 R09: 0000000000000000
[   57.947620][ T5295] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f30de96ef50
[   57.955588][ T5295] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   57.963560][ T5295]  </TASK>
[   57.966731][ T5295] Kernel Offset: disabled
[   57.971058][ T5295] Rebooting in 86400 seconds..