./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor232564863
<...>
Warning: Permanently added '10.128.1.17' (ED25519) to the list of known hosts.
execve("./syz-executor232564863", ["./syz-executor232564863"], 0x7ffe91a79b50 /* 10 vars */) = 0
brk(NULL) = 0x55556b579000
brk(0x55556b579d00) = 0x55556b579d00
arch_prctl(ARCH_SET_FS, 0x55556b579380) = 0
set_tid_address(0x55556b579650) = 5013
set_robust_list(0x55556b579660, 24) = 0
rseq(0x55556b579ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor232564863", 4096) = 27
getrandom("\x04\xd9\xe9\xed\x32\x69\x68\x39", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55556b579d00
brk(0x55556b59ad00) = 0x55556b59ad00
brk(0x55556b59b000) = 0x55556b59b000
mprotect(0x7f95d2515000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556b579650) = 5014
./strace-static-x86_64: Process 5014 attached
[pid 5014] set_robust_list(0x55556b579660, 24) = 0
[pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5014] setpgid(0, 0) = 0
[pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5014] write(3, "1000", 4) = 4
[pid 5014] close(3) = 0
[pid 5014] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LRU_PERCPU_HASH, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid 5014] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 133) = 4
[pid 5014] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16) = 5
[pid 5014] setsockopt(-1, SOL_IP, IP_PKTINFO, NULL, 0) = -1 EBADF (Bad file descriptor)
[pid 5014] exit_group(0) = ?
[pid 5014] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5014, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5015 attached
<unfinished ...>
[pid 5015] set_robust_list(0x55556b579660, 24) = 0
[pid 5013] <... clone resumed>, child_tidptr=0x55556b579650) = 5015
[pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5015] setpgid(0, 0) = 0
[pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5015] write(3, "1000", 4) = 4
[pid 5015] close(3) = 0
[pid 5015] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LRU_PERCPU_HASH, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid 5015] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 133) = 4
[pid 5015] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16) = 5
[pid 5015] setsockopt(-1, SOL_IP, IP_PKTINFO, NULL, 0) = -1 EBADF (Bad file descriptor)
[ 178.257244][ C1] =====================================================
[ 178.264619][ C1] BUG: KMSAN: uninit-value in htab_lru_percpu_map_lookup_elem+0x39a/0x580
[ 178.273604][ C1] htab_lru_percpu_map_lookup_elem+0x39a/0x580
[ 178.280096][ C1] bpf_map_lookup_elem+0x5c/0x80
[ 178.285270][ C1] ___bpf_prog_run+0x13fe/0xe0f0
[ 178.290503][ C1] __bpf_prog_run64+0xb5/0xe0
[ 178.295402][ C1] bpf_trace_run2+0x116/0x300
[ 178.300330][ C1] __bpf_trace_kfree+0x29/0x40
[ 178.305329][ C1] kfree+0x6a5/0xa30
[ 178.309498][ C1] kvfree+0x69/0x80
[ 178.313532][ C1] __bpf_prog_put_rcu+0x37/0xf0
[ 178.318636][ C1] rcu_core+0xa59/0x1e70
[ 178.323102][ C1] rcu_core_si+0x12/0x20
[ 178.327604][ C1] __do_softirq+0x1c0/0x7d7
[ 178.332317][ C1] irq_exit_rcu+0x6a/0x130
[ 178.336930][ C1] sysvec_apic_timer_interrupt+0x83/0x90
[ 178.342840][ C1] asm_sysvec_apic_timer_interrupt+0x1f/0x30
[ 178.349094][ C1] flush_tlb_mm_range+0x294/0x320
[ 178.354310][ C1] ptep_clear_flush+0x166/0x1c0
[ 178.359395][ C1] do_wp_page+0x419d/0x66e0
[ 178.364173][ C1] handle_mm_fault+0x5b76/0xce00
[ 178.369361][ C1] exc_page_fault+0x419/0x730
[ 178.374250][ C1] asm_exc_page_fault+0x2b/0x30
[ 178.379349][ C1]
[ 178.381798][ C1] Local variable stack created at:
[ 178.387035][ C1] __bpf_prog_run64+0x45/0xe0
[ 178.392086][ C1] bpf_trace_run2+0x116/0x300
[ 178.396947][ C1]
[ 178.399468][ C1] CPU: 1 PID: 5015 Comm: syz-executor232 Not tainted 6.9.0-rc2-syzkaller-00002-g026e680b0a08 #0
[ 178.410184][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 178.420450][ C1] =====================================================
[ 178.427545][ C1] Disabling lock debugging due to kernel taint
[ 178.433807][ C1] Kernel panic - not syncing: kmsan.panic set ...
[ 178.440350][ C1] CPU: 1 PID: 5015 Comm: syz-executor232 Tainted: G B 6.9.0-rc2-syzkaller-00002-g026e680b0a08 #0
[ 178.452413][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 178.462591][ C1] Call Trace:
[ 178.466231][ C1] <IRQ>
[ 178.469162][ C1] dump_stack_lvl+0x216/0x2d0
[ 178.474029][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 178.480018][ C1] dump_stack+0x1e/0x30
[ 178.484330][ C1] panic+0x4e2/0xcd0
[ 178.488478][ C1] ? kmsan_get_metadata+0xf1/0x1d0
[ 178.493747][ C1] kmsan_report+0x2d5/0x2e0
[ 178.498444][ C1] ? kmsan_get_metadata+0x146/0x1d0
[ 178.503827][ C1] ? __msan_warning+0x95/0x120
[ 178.508778][ C1] ? htab_lru_percpu_map_lookup_elem+0x39a/0x580
[ 178.515374][ C1] ? bpf_map_lookup_elem+0x5c/0x80
[ 178.520643][ C1] ? ___bpf_prog_run+0x13fe/0xe0f0
[ 178.525907][ C1] ? __bpf_prog_run64+0xb5/0xe0
[ 178.530907][ C1] ? bpf_trace_run2+0x116/0x300
[ 178.535900][ C1] ? __bpf_trace_kfree+0x29/0x40
[ 178.541024][ C1] ? kfree+0x6a5/0xa30
[ 178.545259][ C1] ? kvfree+0x69/0x80
[ 178.549407][ C1] ? __bpf_prog_put_rcu+0x37/0xf0
[ 178.554580][ C1] ? rcu_core+0xa59/0x1e70
[ 178.559172][ C1] ? rcu_core_si+0x12/0x20
[ 178.563753][ C1] ? __do_softirq+0x1c0/0x7d7
[ 178.568584][ C1] ? irq_exit_rcu+0x6a/0x130
[ 178.573344][ C1] ? sysvec_apic_timer_interrupt+0x83/0x90
[ 178.579317][ C1] ? asm_sysvec_apic_timer_interrupt+0x1f/0x30
[ 178.585645][ C1] ? flush_tlb_mm_range+0x294/0x320
[ 178.591000][ C1] ? ptep_clear_flush+0x166/0x1c0
[ 178.596176][ C1] ? do_wp_page+0x419d/0x66e0
[ 178.601029][ C1] ? handle_mm_fault+0x5b76/0xce00
[ 178.606307][ C1] ? exc_page_fault+0x419/0x730
[ 178.611401][ C1] ? asm_exc_page_fault+0x2b/0x30
[ 178.616604][ C1] ? kmsan_get_metadata+0x146/0x1d0
[ 178.621954][ C1] ? kmsan_get_metadata+0x146/0x1d0
[ 178.627304][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 178.633261][ C1] ? kmsan_get_metadata+0x146/0x1d0
[ 178.638603][ C1] ? kmsan_get_metadata+0x146/0x1d0
[ 178.643945][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 178.649914][ C1] ? kmsan_get_metadata+0x146/0x1d0
[ 178.655347][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 178.661327][ C1] __msan_warning+0x95/0x120
[ 178.666096][ C1] htab_lru_percpu_map_lookup_elem+0x39a/0x580
[ 178.672438][ C1] ? kmsan_get_metadata+0x146/0x1d0
[ 178.677803][ C1] ? __pfx_htab_lru_percpu_map_lookup_elem+0x10/0x10
[ 178.684754][ C1] bpf_map_lookup_elem+0x5c/0x80
[ 178.689863][ C1] ___bpf_prog_run+0x13fe/0xe0f0
[ 178.695005][ C1] ? kmsan_get_metadata+0x146/0x1d0
[ 178.700407][ C1] __bpf_prog_run64+0xb5/0xe0
[ 178.705355][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 178.711324][ C1] ? __pfx___bpf_prog_run64+0x10/0x10
[ 178.716979][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 178.723684][ C1] ? __pfx___bpf_prog_run64+0x10/0x10
[ 178.729320][ C1] bpf_trace_run2+0x116/0x300
[ 178.734173][ C1] ? kvfree+0x69/0x80
[ 178.738334][ C1] ? kmsan_get_metadata+0x146/0x1d0
[ 178.743679][ C1] ? kvfree+0x69/0x80
[ 178.747834][ C1] ? kvfree+0x69/0x80
[ 178.752005][ C1] __bpf_trace_kfree+0x29/0x40
[ 178.756957][ C1] kfree+0x6a5/0xa30
[ 178.761024][ C1] ? kmsan_get_metadata+0x146/0x1d0
[ 178.766374][ C1] ? kmsan_get_metadata+0x146/0x1d0
[ 178.771724][ C1] kvfree+0x69/0x80
[ 178.775726][ C1] __bpf_prog_put_rcu+0x37/0xf0
[ 178.780725][ C1] ? __pfx___bpf_prog_put_rcu+0x10/0x10
[ 178.786426][ C1] rcu_core+0xa59/0x1e70
[ 178.790893][ C1] ? __pfx_rcu_core_si+0x10/0x10
[ 178.796132][ C1] rcu_core_si+0x12/0x20
[ 178.800567][ C1] __do_softirq+0x1c0/0x7d7
[ 178.805273][ C1] irq_exit_rcu+0x6a/0x130
[ 178.809869][ C1] sysvec_apic_timer_interrupt+0x83/0x90
[ 178.815674][ C1] </IRQ>
[ 178.818696][ C1] <TASK>
[ 178.821709][ C1] asm_sysvec_apic_timer_interrupt+0x1f/0x30
[ 178.827875][ C1] RIP: 0010:flush_tlb_mm_range+0x294/0x320
[ 178.833852][ C1] Code: 52 b4 ed 00 44 39 f3 72 e2 65 48 8b 05 25 40 b5 7e 4c 39 e0 4c 8b 75 a8 75 0b fa 48 8b 7d b0 e8 d2 f4 ff ff fb be 04 00 00 00 <48> c7 c7 08 5d 0a 00 e8 90 a9 ed 00 65 ff 0d 41 3f b5 7e 74 63 49
[ 178.854089][ C1] RSP: 0000:ffff888121153aa8 EFLAGS: 00000292
[ 178.860337][ C1] RAX: ffffffffffffff00 RBX: 0000000000000008 RCX: 000000023fbc5e00
[ 178.868433][ C1] RDX: ffff88823fbc5e80 RSI: 0000000000000004 RDI: ffff88813fda5e80
[ 178.876709][ C1] RBP: ffff888121153b10 R08: ffffea000000000f R09: 0000000000000001
[ 178.884830][ C1] R10: ffff88811f0b6600 R11: ffffffffffffffff R12: ffff88811f8b6300
[ 178.892937][ C1] R13: 0000000000000000 R14: 00007f95d251b000 R15: 00007f95d251c000
[ 178.901680][ C1] ? flush_tlb_mm_range+0x28e/0x320
[ 178.907065][ C1] ptep_clear_flush+0x166/0x1c0
[ 178.912080][ C1] do_wp_page+0x419d/0x66e0
[ 178.916760][ C1] ? handle_mm_fault+0x48ba/0xce00
[ 178.922083][ C1] handle_mm_fault+0x5b76/0xce00
[ 178.927324][ C1] exc_page_fault+0x419/0x730
[ 178.932267][ C1] asm_exc_page_fault+0x2b/0x30
[ 178.937457][ C1] RIP: 0033:0x7f95d2478fb0
[ 178.942002][ C1] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 3d 00 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 30 2d 0a 00 0f 85 0f 02 00 00 4c 8d 25 23 2d 0a 00 4c
[ 178.961877][ C1] RSP: 002b:00007ffe4d04e4f0 EFLAGS: 00010246
[ 178.968171][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 178.976638][ C1] RDX: 0000000000000001 RSI: 00007f95d2519118 RDI: 0000000000000000
[ 178.985974][ C1] RBP: 00007f95d2519118 R08: 0000000000000000 R09: 0000000000000006
[ 178.994098][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 179.002222][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
[ 179.010431][ C1] </TASK>
[ 180.472139][ C1] Shutting down cpus with NMI
[ 180.477259][ C1] Kernel Offset: disabled
[ 180.481676][ C1] Rebooting in 86400 seconds..