./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor232564863 <...> Warning: Permanently added '10.128.1.17' (ED25519) to the list of known hosts. execve("./syz-executor232564863", ["./syz-executor232564863"], 0x7ffe91a79b50 /* 10 vars */) = 0 brk(NULL) = 0x55556b579000 brk(0x55556b579d00) = 0x55556b579d00 arch_prctl(ARCH_SET_FS, 0x55556b579380) = 0 set_tid_address(0x55556b579650) = 5013 set_robust_list(0x55556b579660, 24) = 0 rseq(0x55556b579ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor232564863", 4096) = 27 getrandom("\x04\xd9\xe9\xed\x32\x69\x68\x39", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556b579d00 brk(0x55556b59ad00) = 0x55556b59ad00 brk(0x55556b59b000) = 0x55556b59b000 mprotect(0x7f95d2515000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556b579650) = 5014 ./strace-static-x86_64: Process 5014 attached [pid 5014] set_robust_list(0x55556b579660, 24) = 0 [pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5014] setpgid(0, 0) = 0 [pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5014] write(3, "1000", 4) = 4 [pid 5014] close(3) = 0 [pid 5014] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LRU_PERCPU_HASH, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5014] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 133) = 4 [pid 5014] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16) = 5 [pid 5014] setsockopt(-1, SOL_IP, IP_PKTINFO, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5014] exit_group(0) = ? [pid 5014] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5014, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5015 attached [pid 5015] set_robust_list(0x55556b579660, 24) = 0 [pid 5013] <... clone resumed>, child_tidptr=0x55556b579650) = 5015 [pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5015] setpgid(0, 0) = 0 [pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5015] write(3, "1000", 4) = 4 [pid 5015] close(3) = 0 [pid 5015] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LRU_PERCPU_HASH, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5015] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 133) = 4 [pid 5015] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16) = 5 [pid 5015] setsockopt(-1, SOL_IP, IP_PKTINFO, NULL, 0) = -1 EBADF (Bad file descriptor) [ 178.257244][ C1] ===================================================== [ 178.264619][ C1] BUG: KMSAN: uninit-value in htab_lru_percpu_map_lookup_elem+0x39a/0x580 [ 178.273604][ C1] htab_lru_percpu_map_lookup_elem+0x39a/0x580 [ 178.280096][ C1] bpf_map_lookup_elem+0x5c/0x80 [ 178.285270][ C1] ___bpf_prog_run+0x13fe/0xe0f0 [ 178.290503][ C1] __bpf_prog_run64+0xb5/0xe0 [ 178.295402][ C1] bpf_trace_run2+0x116/0x300 [ 178.300330][ C1] __bpf_trace_kfree+0x29/0x40 [ 178.305329][ C1] kfree+0x6a5/0xa30 [ 178.309498][ C1] kvfree+0x69/0x80 [ 178.313532][ C1] __bpf_prog_put_rcu+0x37/0xf0 [ 178.318636][ C1] rcu_core+0xa59/0x1e70 [ 178.323102][ C1] rcu_core_si+0x12/0x20 [ 178.327604][ C1] __do_softirq+0x1c0/0x7d7 [ 178.332317][ C1] irq_exit_rcu+0x6a/0x130 [ 178.336930][ C1] sysvec_apic_timer_interrupt+0x83/0x90 [ 178.342840][ C1] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 178.349094][ C1] flush_tlb_mm_range+0x294/0x320 [ 178.354310][ C1] ptep_clear_flush+0x166/0x1c0 [ 178.359395][ C1] do_wp_page+0x419d/0x66e0 [ 178.364173][ C1] handle_mm_fault+0x5b76/0xce00 [ 178.369361][ C1] exc_page_fault+0x419/0x730 [ 178.374250][ C1] asm_exc_page_fault+0x2b/0x30 [ 178.379349][ C1] [ 178.381798][ C1] Local variable stack created at: [ 178.387035][ C1] __bpf_prog_run64+0x45/0xe0 [ 178.392086][ C1] bpf_trace_run2+0x116/0x300 [ 178.396947][ C1] [ 178.399468][ C1] CPU: 1 PID: 5015 Comm: syz-executor232 Not tainted 6.9.0-rc2-syzkaller-00002-g026e680b0a08 #0 [ 178.410184][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 178.420450][ C1] ===================================================== [ 178.427545][ C1] Disabling lock debugging due to kernel taint [ 178.433807][ C1] Kernel panic - not syncing: kmsan.panic set ... [ 178.440350][ C1] CPU: 1 PID: 5015 Comm: syz-executor232 Tainted: G B 6.9.0-rc2-syzkaller-00002-g026e680b0a08 #0 [ 178.452413][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 178.462591][ C1] Call Trace: [ 178.466231][ C1] [ 178.469162][ C1] dump_stack_lvl+0x216/0x2d0 [ 178.474029][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 178.480018][ C1] dump_stack+0x1e/0x30 [ 178.484330][ C1] panic+0x4e2/0xcd0 [ 178.488478][ C1] ? kmsan_get_metadata+0xf1/0x1d0 [ 178.493747][ C1] kmsan_report+0x2d5/0x2e0 [ 178.498444][ C1] ? kmsan_get_metadata+0x146/0x1d0 [ 178.503827][ C1] ? __msan_warning+0x95/0x120 [ 178.508778][ C1] ? htab_lru_percpu_map_lookup_elem+0x39a/0x580 [ 178.515374][ C1] ? bpf_map_lookup_elem+0x5c/0x80 [ 178.520643][ C1] ? ___bpf_prog_run+0x13fe/0xe0f0 [ 178.525907][ C1] ? __bpf_prog_run64+0xb5/0xe0 [ 178.530907][ C1] ? bpf_trace_run2+0x116/0x300 [ 178.535900][ C1] ? __bpf_trace_kfree+0x29/0x40 [ 178.541024][ C1] ? kfree+0x6a5/0xa30 [ 178.545259][ C1] ? kvfree+0x69/0x80 [ 178.549407][ C1] ? __bpf_prog_put_rcu+0x37/0xf0 [ 178.554580][ C1] ? rcu_core+0xa59/0x1e70 [ 178.559172][ C1] ? rcu_core_si+0x12/0x20 [ 178.563753][ C1] ? __do_softirq+0x1c0/0x7d7 [ 178.568584][ C1] ? irq_exit_rcu+0x6a/0x130 [ 178.573344][ C1] ? sysvec_apic_timer_interrupt+0x83/0x90 [ 178.579317][ C1] ? asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 178.585645][ C1] ? flush_tlb_mm_range+0x294/0x320 [ 178.591000][ C1] ? ptep_clear_flush+0x166/0x1c0 [ 178.596176][ C1] ? do_wp_page+0x419d/0x66e0 [ 178.601029][ C1] ? handle_mm_fault+0x5b76/0xce00 [ 178.606307][ C1] ? exc_page_fault+0x419/0x730 [ 178.611401][ C1] ? asm_exc_page_fault+0x2b/0x30 [ 178.616604][ C1] ? kmsan_get_metadata+0x146/0x1d0 [ 178.621954][ C1] ? kmsan_get_metadata+0x146/0x1d0 [ 178.627304][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 178.633261][ C1] ? kmsan_get_metadata+0x146/0x1d0 [ 178.638603][ C1] ? kmsan_get_metadata+0x146/0x1d0 [ 178.643945][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 178.649914][ C1] ? kmsan_get_metadata+0x146/0x1d0 [ 178.655347][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 178.661327][ C1] __msan_warning+0x95/0x120 [ 178.666096][ C1] htab_lru_percpu_map_lookup_elem+0x39a/0x580 [ 178.672438][ C1] ? kmsan_get_metadata+0x146/0x1d0 [ 178.677803][ C1] ? __pfx_htab_lru_percpu_map_lookup_elem+0x10/0x10 [ 178.684754][ C1] bpf_map_lookup_elem+0x5c/0x80 [ 178.689863][ C1] ___bpf_prog_run+0x13fe/0xe0f0 [ 178.695005][ C1] ? kmsan_get_metadata+0x146/0x1d0 [ 178.700407][ C1] __bpf_prog_run64+0xb5/0xe0 [ 178.705355][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 178.711324][ C1] ? __pfx___bpf_prog_run64+0x10/0x10 [ 178.716979][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 178.723684][ C1] ? __pfx___bpf_prog_run64+0x10/0x10 [ 178.729320][ C1] bpf_trace_run2+0x116/0x300 [ 178.734173][ C1] ? kvfree+0x69/0x80 [ 178.738334][ C1] ? kmsan_get_metadata+0x146/0x1d0 [ 178.743679][ C1] ? kvfree+0x69/0x80 [ 178.747834][ C1] ? kvfree+0x69/0x80 [ 178.752005][ C1] __bpf_trace_kfree+0x29/0x40 [ 178.756957][ C1] kfree+0x6a5/0xa30 [ 178.761024][ C1] ? kmsan_get_metadata+0x146/0x1d0 [ 178.766374][ C1] ? kmsan_get_metadata+0x146/0x1d0 [ 178.771724][ C1] kvfree+0x69/0x80 [ 178.775726][ C1] __bpf_prog_put_rcu+0x37/0xf0 [ 178.780725][ C1] ? __pfx___bpf_prog_put_rcu+0x10/0x10 [ 178.786426][ C1] rcu_core+0xa59/0x1e70 [ 178.790893][ C1] ? __pfx_rcu_core_si+0x10/0x10 [ 178.796132][ C1] rcu_core_si+0x12/0x20 [ 178.800567][ C1] __do_softirq+0x1c0/0x7d7 [ 178.805273][ C1] irq_exit_rcu+0x6a/0x130 [ 178.809869][ C1] sysvec_apic_timer_interrupt+0x83/0x90 [ 178.815674][ C1] [ 178.818696][ C1] [ 178.821709][ C1] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 178.827875][ C1] RIP: 0010:flush_tlb_mm_range+0x294/0x320 [ 178.833852][ C1] Code: 52 b4 ed 00 44 39 f3 72 e2 65 48 8b 05 25 40 b5 7e 4c 39 e0 4c 8b 75 a8 75 0b fa 48 8b 7d b0 e8 d2 f4 ff ff fb be 04 00 00 00 <48> c7 c7 08 5d 0a 00 e8 90 a9 ed 00 65 ff 0d 41 3f b5 7e 74 63 49 [ 178.854089][ C1] RSP: 0000:ffff888121153aa8 EFLAGS: 00000292 [ 178.860337][ C1] RAX: ffffffffffffff00 RBX: 0000000000000008 RCX: 000000023fbc5e00 [ 178.868433][ C1] RDX: ffff88823fbc5e80 RSI: 0000000000000004 RDI: ffff88813fda5e80 [ 178.876709][ C1] RBP: ffff888121153b10 R08: ffffea000000000f R09: 0000000000000001 [ 178.884830][ C1] R10: ffff88811f0b6600 R11: ffffffffffffffff R12: ffff88811f8b6300 [ 178.892937][ C1] R13: 0000000000000000 R14: 00007f95d251b000 R15: 00007f95d251c000 [ 178.901680][ C1] ? flush_tlb_mm_range+0x28e/0x320 [ 178.907065][ C1] ptep_clear_flush+0x166/0x1c0 [ 178.912080][ C1] do_wp_page+0x419d/0x66e0 [ 178.916760][ C1] ? handle_mm_fault+0x48ba/0xce00 [ 178.922083][ C1] handle_mm_fault+0x5b76/0xce00 [ 178.927324][ C1] exc_page_fault+0x419/0x730 [ 178.932267][ C1] asm_exc_page_fault+0x2b/0x30 [ 178.937457][ C1] RIP: 0033:0x7f95d2478fb0 [ 178.942002][ C1] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 3d 00 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 30 2d 0a 00 0f 85 0f 02 00 00 4c 8d 25 23 2d 0a 00 4c [ 178.961877][ C1] RSP: 002b:00007ffe4d04e4f0 EFLAGS: 00010246 [ 178.968171][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001 [ 178.976638][ C1] RDX: 0000000000000001 RSI: 00007f95d2519118 RDI: 0000000000000000 [ 178.985974][ C1] RBP: 00007f95d2519118 R08: 0000000000000000 R09: 0000000000000006 [ 178.994098][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 179.002222][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 179.010431][ C1] [ 180.472139][ C1] Shutting down cpus with NMI [ 180.477259][ C1] Kernel Offset: disabled [ 180.481676][ C1] Rebooting in 86400 seconds..