./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3746604288

<...>
[    8.640359][   T28] audit: type=1400 audit(1712128097.883:28): avc:  denied  { write open } for  pid=122 comm="dbus-daemon" path="/run/messagebus.pid" dev="tmpfs" ino=291 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[    8.649912][   T28] audit: type=1400 audit(1712128097.883:29): avc:  denied  { getattr } for  pid=122 comm="dbus-daemon" path="/run/messagebus.pid" dev="tmpfs" ino=291 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[    9.020861][   T28] audit: type=1400 audit(1712128098.283:30): avc:  denied  { search } for  pid=136 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   11.434764][  T113] udevd (113) used greatest stack depth: 21776 bytes left
[   18.471152][   T28] kauditd_printk_skb: 30 callbacks suppressed
[   18.471177][   T28] audit: type=1400 audit(1712128107.733:61): avc:  denied  { transition } for  pid=226 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   18.486525][   T28] audit: type=1400 audit(1712128107.743:62): avc:  denied  { noatsecure } for  pid=226 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   18.498215][   T28] audit: type=1400 audit(1712128107.743:63): avc:  denied  { write } for  pid=226 comm="sh" path="pipe:[11059]" dev="pipefs" ino=11059 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   18.521692][   T28] audit: type=1400 audit(1712128107.743:64): avc:  denied  { rlimitinh } for  pid=226 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   18.540916][   T28] audit: type=1400 audit(1712128107.743:65): avc:  denied  { siginh } for  pid=226 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.1.152' (ED25519) to the list of known hosts.
execve("./syz-executor3746604288", ["./syz-executor3746604288"], 0x7ffca706f530 /* 10 vars */) = 0
brk(NULL)                               = 0x555555dd0000
brk(0x555555dd0d00)                     = 0x555555dd0d00
arch_prctl(ARCH_SET_FS, 0x555555dd0380) = 0
set_tid_address(0x555555dd0650)         = 299
set_robust_list(0x555555dd0660, 24)     = 0
rseq(0x555555dd0ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3746604288", 4096) = 28
getrandom("\xe0\x47\xf2\x4c\x5a\x69\x81\x76", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555555dd0d00
brk(0x555555df1d00)                     = 0x555555df1d00
brk(0x555555df2000)                     = 0x555555df2000
mprotect(0x7f69af1a8000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 299
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2)                       = 2
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7)                  = 7
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "299", 3)                      = 3
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555dd0650) = 300
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 300 attached
./strace-static-x86_64: Process 301 attached
 <unfinished ...>
[pid   301] set_robust_list(0x555555dd0660, 24) = 0
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   300] set_robust_list(0x555555dd0660, 24 <unfinished ...>
[pid   299] <... clone resumed>, child_tidptr=0x555555dd0650) = 301
[pid   300] <... set_robust_list resumed>) = 0
[pid   299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 302 attached
 <unfinished ...>
[pid   302] set_robust_list(0x555555dd0660, 24) = 0
[pid   302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   302] setpgid(0, 0)               = 0
[pid   302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   302] write(3, "1000", 4)         = 4
[pid   302] close(3)                    = 0
[pid   302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294967291, max_entries=255, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   301] <... clone resumed>, child_tidptr=0x555555dd0650) = 302
[   31.633793][   T28] audit: type=1400 audit(1712128120.893:66): avc:  denied  { execmem } for  pid=299 comm="syz-executor374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
./strace-static-x86_64: Process 303 attached
./strace-static-x86_64: Process 304 attached
[pid   302] <... bpf resumed>)          = 3
[pid   299] <... clone resumed>, child_tidptr=0x555555dd0650) = 303
[pid   302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 <unfinished ...>
[pid   299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   302] <... bpf resumed>)          = -1 EFAULT (Bad address)
[pid   302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   299] <... clone resumed>, child_tidptr=0x555555dd0650) = 305
[pid   302] <... bpf resumed>)          = 4
[pid   299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="jbd2_handle_stats", prog_fd=4}}, 16./strace-static-x86_64: Process 306 attached
./strace-static-x86_64: Process 305 attached
 <unfinished ...>
[pid   304] set_robust_list(0x555555dd0660, 24 <unfinished ...>
[pid   302] <... bpf resumed>)          = 5
[pid   299] <... clone resumed>, child_tidptr=0x555555dd0650) = 306
[pid   303] set_robust_list(0x555555dd0660, 24) = 0
[pid   303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555dd0650) = 307
[pid   302] exit_group(0)               = ?
[pid   300] <... clone resumed>, child_tidptr=0x555555dd0650) = 304
[pid   306] set_robust_list(0x555555dd0660, 24 <unfinished ...>
[pid   305] set_robust_list(0x555555dd0660, 24 <unfinished ...>
[pid   304] <... set_robust_list resumed>) = 0
[pid   302] +++ exited with 0 +++
[pid   306] <... set_robust_list resumed>) = 0
[pid   304] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
./strace-static-x86_64: Process 307 attached
[pid   306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   305] <... set_robust_list resumed>) = 0
[pid   304] <... prctl resumed>)        = 0
[pid   301] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555dd0650) = 308
./strace-static-x86_64: Process 308 attached
[   31.665441][   T28] audit: type=1400 audit(1712128120.923:67): avc:  denied  { bpf } for  pid=302 comm="syz-executor374" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   31.686383][   T28] audit: type=1400 audit(1712128120.923:68): avc:  denied  { map_create } for  pid=302 comm="syz-executor374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   31.706970][   T28] audit: type=1400 audit(1712128120.923:69): avc:  denied  { map_read map_write } for  pid=302 comm="syz-executor374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[pid   308] set_robust_list(0x555555dd0660, 24) = 0
[pid   308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   308] setpgid(0, 0)               = 0
[pid   308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   308] write(3, "1000", 4)         = 4
[pid   308] close(3)                    = 0
[pid   308] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294967291, max_entries=255, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 EFAULT (Bad address)
[pid   308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   307] set_robust_list(0x555555dd0660, 24 <unfinished ...>
[pid   308] <... bpf resumed>)          = 4
[pid   305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   304] setpgid(0, 0 <unfinished ...>
[pid   307] <... set_robust_list resumed>) = 0
[pid   308] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="jbd2_handle_stats", prog_fd=4}}, 16 <unfinished ...>
[pid   307] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   306] <... clone resumed>, child_tidptr=0x555555dd0650) = 309
[pid   304] <... setpgid resumed>)      = 0
./strace-static-x86_64: Process 310 attached
[pid   307] <... prctl resumed>)        = 0
[pid   305] <... clone resumed>, child_tidptr=0x555555dd0650) = 310
[pid   310] set_robust_list(0x555555dd0660, 24 <unfinished ...>
[pid   307] setpgid(0, 0 <unfinished ...>
[pid   304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 309 attached
 <unfinished ...>
[pid   309] set_robust_list(0x555555dd0660, 24) = 0
[pid   309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   309] setpgid(0, 0)               = 0
[pid   309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   309] write(3, "1000", 4)         = 4
[pid   309] close(3)                    = 0
[pid   309] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294967291, max_entries=255, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 EFAULT (Bad address)
[pid   309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="jbd2_handle_stats", prog_fd=4}}, 16 <unfinished ...>
[pid   310] <... set_robust_list resumed>) = 0
[pid   310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   310] setpgid(0, 0)               = 0
[pid   310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   310] write(3, "1000", 4)         = 4
[pid   310] close(3)                    = 0
[pid   309] <... bpf resumed>)          = 5
[pid   308] <... bpf resumed>)          = 5
[pid   307] <... setpgid resumed>)      = 0
[pid   310] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294967291, max_entries=255, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   309] exit_group(0 <unfinished ...>
[pid   308] exit_group(0 <unfinished ...>
[pid   304] <... openat resumed>)       = 3
[pid   310] <... bpf resumed>)          = 3
[   31.728845][   T28] audit: type=1400 audit(1712128120.953:70): avc:  denied  { prog_load } for  pid=302 comm="syz-executor374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   31.754484][   T28] audit: type=1400 audit(1712128120.953:71): avc:  denied  { perfmon } for  pid=302 comm="syz-executor374" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[pid   309] <... exit_group resumed>)   = ?
[pid   308] <... exit_group resumed>)   = ?
[pid   310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 <unfinished ...>
[pid   309] +++ exited with 0 +++
[pid   307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   304] write(3, "1000", 4 <unfinished ...>
[pid   310] <... bpf resumed>)          = -1 EFAULT (Bad address)
[pid   308] +++ exited with 0 +++
[pid   307] <... openat resumed>)       = 3
[pid   306] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
[pid   310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   307] write(3, "1000", 4 <unfinished ...>
[pid   304] <... write resumed>)        = 4
[pid   310] <... bpf resumed>)          = 4
[pid   307] <... write resumed>)        = 4
[pid   304] close(3 <unfinished ...>
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   310] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="jbd2_handle_stats", prog_fd=4}}, 16 <unfinished ...>
[pid   307] close(3 <unfinished ...>
[pid   306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   304] <... close resumed>)        = 0
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   307] <... close resumed>)        = 0
[pid   304] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294967291, max_entries=255, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   307] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294967291, max_entries=255, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   306] <... clone resumed>, child_tidptr=0x555555dd0650) = 311
[pid   304] <... bpf resumed>)          = 3
[pid   301] <... clone resumed>, child_tidptr=0x555555dd0650) = 312
[pid   307] <... bpf resumed>)          = 3
[pid   304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144./strace-static-x86_64: Process 311 attached
 <unfinished ...>
[pid   307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 <unfinished ...>
[pid   304] <... bpf resumed>)          = -1 EFAULT (Bad address)
./strace-static-x86_64: Process 312 attached
[pid   307] <... bpf resumed>)          = -1 EFAULT (Bad address)
[pid   304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   312] set_robust_list(0x555555dd0660, 24 <unfinished ...>
[pid   307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   312] <... set_robust_list resumed>) = 0
[pid   304] <... bpf resumed>)          = 4
[pid   312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   312] setpgid(0, 0 <unfinished ...>
[pid   307] <... bpf resumed>)          = 4
[pid   304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="jbd2_handle_stats", prog_fd=4}}, 16 <unfinished ...>
[pid   312] <... setpgid resumed>)      = 0
[pid   307] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="jbd2_handle_stats", prog_fd=4}}, 16 <unfinished ...>
[pid   312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   311] set_robust_list(0x555555dd0660, 24 <unfinished ...>
[pid   312] <... openat resumed>)       = 3
[pid   311] <... set_robust_list resumed>) = 0
[pid   312] write(3, "1000", 4)         = 4
[pid   312] close(3)                    = 0
[pid   311] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   312] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294967291, max_entries=255, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   311] <... prctl resumed>)        = 0
[pid   312] <... bpf resumed>)          = 3
[pid   312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 <unfinished ...>
[pid   311] setpgid(0, 0 <unfinished ...>
[pid   312] <... bpf resumed>)          = -1 EFAULT (Bad address)
[pid   312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   311] <... setpgid resumed>)      = 0
[pid   312] <... bpf resumed>)          = 4
[pid   312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="jbd2_handle_stats", prog_fd=4}}, 16 <unfinished ...>
[pid   311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   311] write(3, "1000", 4)         = 4
[pid   311] close(3)                    = 0
[pid   311] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294967291, max_entries=255, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 EFAULT (Bad address)
[pid   310] <... bpf resumed>)          = 5
[pid   312] <... bpf resumed>)          = 5
[pid   311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   310] exit_group(0 <unfinished ...>
[pid   307] <... bpf resumed>)          = 5
[pid   304] <... bpf resumed>)          = 5
[pid   312] exit_group(0 <unfinished ...>
[pid   310] <... exit_group resumed>)   = ?
[pid   307] exit_group(0)               = ?
[pid   304] exit_group(0 <unfinished ...>
[pid   312] <... exit_group resumed>)   = ?
[pid   310] +++ exited with 0 +++
[pid   307] +++ exited with 0 +++
[pid   304] <... exit_group resumed>)   = ?
[pid   305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   305] <... clone resumed>, child_tidptr=0x555555dd0650) = 313
./strace-static-x86_64: Process 313 attached
[pid   313] set_robust_list(0x555555dd0660, 24) = 0
[pid   303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   313] setpgid(0, 0 <unfinished ...>
[pid   311] <... bpf resumed>)          = 4
[pid   303] <... clone resumed>, child_tidptr=0x555555dd0650) = 314
[pid   313] <... setpgid resumed>)      = 0
[pid   311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="jbd2_handle_stats", prog_fd=4}}, 16./strace-static-x86_64: Process 314 attached
 <unfinished ...>
[   31.777912][   T28] audit: type=1400 audit(1712128120.953:72): avc:  denied  { prog_run } for  pid=302 comm="syz-executor374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[pid   314] set_robust_list(0x555555dd0660, 24 <unfinished ...>
[pid   313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   313] write(3, "1000", 4)         = 4
[pid   313] close(3)                    = 0
[pid   313] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294967291, max_entries=255, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 EFAULT (Bad address)
[pid   313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="jbd2_handle_stats", prog_fd=4}}, 16 <unfinished ...>
[pid   314] <... set_robust_list resumed>) = 0
[pid   314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   314] setpgid(0, 0)               = 0
[pid   314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   314] write(3, "1000", 4)         = 4
[pid   314] close(3)                    = 0
[pid   314] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294967291, max_entries=255, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 EFAULT (Bad address)
[pid   314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[   31.833430][   T10] ==================================================================
[   31.841371][   T10] BUG: KASAN: stack-out-of-bounds in hash+0x465/0xc20
[   31.847962][   T10] Read of size 4 at addr ffffc900000a6c60 by task kworker/u4:1/10
[   31.855601][   T10] 
[   31.857780][   T10] CPU: 1 PID: 10 Comm: kworker/u4:1 Not tainted 6.1.75-syzkaller-00108-g3ca4271578e1 #0
[   31.867324][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   31.877225][   T10] Workqueue: writeback wb_workfn (flush-8:0)
[   31.883023][   T10] Call Trace:
[   31.886162][   T10]  <TASK>
[   31.888928][   T10]  dump_stack_lvl+0x151/0x1b7
[   31.893450][   T10]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   31.898745][   T10]  ? _printk+0xd1/0x111
[   31.902742][   T10]  ? __virt_addr_valid+0xc3/0x2f0
[   31.907604][   T10]  print_report+0x158/0x4e0
[   31.911944][   T10]  ? __virt_addr_valid+0xc3/0x2f0
[   31.916794][   T10]  ? kasan_addr_to_slab+0xd/0x80
[   31.921563][   T10]  ? hash+0x465/0xc20
[   31.925399][   T10]  kasan_report+0x13c/0x170
[   31.929730][   T10]  ? hash+0x465/0xc20
[   31.933552][   T10]  ? ext4_has_metadata_csum+0x1f0/0x1f0
[   31.938926][   T10]  __asan_report_load_n_noabort+0xf/0x20
[   31.944402][   T10]  hash+0x465/0xc20
[   31.948041][   T10]  bloom_map_peek_elem+0xac/0x1a0
[   31.952914][   T10]  bpf_prog_00798911c748094f+0x3a/0x3e
[   31.958201][   T10]  bpf_trace_run8+0x1f8/0x330
[   31.962710][   T10]  ? bpf_trace_run7+0x370/0x370
[   31.967400][   T10]  ? __kasan_check_write+0x14/0x20
[   31.972357][   T10]  __bpf_trace_jbd2_handle_stats+0x4a/0x60
[   31.977986][   T10]  ? __bpf_trace_jbd2_handle_extend+0x60/0x60
[   31.983901][   T10]  __traceiter_jbd2_handle_stats+0x96/0xf0
[   31.989546][   T10]  jbd2_journal_stop+0xc11/0xc70
[   31.994326][   T10]  ? jbd2_journal_start_reserved+0x410/0x410
[   32.000137][   T10]  __ext4_journal_stop+0x111/0x1c0
[   32.005090][   T10]  ext4_writepages+0x130b/0x3fd0
[   32.010228][   T10]  ? ext4_read_folio+0x240/0x240
[   32.014957][   T10]  ? __stack_depot_save+0x36/0x480
[   32.019932][   T10]  ? ____kasan_slab_free+0x131/0x180
[   32.025037][   T10]  ? __kasan_slab_free+0x11/0x20
[   32.029825][   T10]  ? kmem_cache_free+0x291/0x510
[   32.034575][   T10]  ? ext4_es_free_extent+0x1f6/0x4c0
[   32.039708][   T10]  ? ext4_es_insert_extent+0x4da/0x2ff0
[   32.045080][   T10]  ? ext4_map_blocks+0xe1d/0x1ca0
[   32.049946][   T10]  ? ext4_convert_unwritten_extents+0x2e0/0x6c0
[   32.056026][   T10]  ? __kasan_check_write+0x14/0x20
[   32.060986][   T10]  ? ext4_read_folio+0x240/0x240
[   32.065753][   T10]  do_writepages+0x385/0x620
[   32.070186][   T10]  ? __writepage+0x130/0x130
[   32.074598][   T10]  ? __crc32c_le_base+0x6e5/0xd60
[   32.079463][   T10]  ? folio_mark_accessed+0x211/0x650
[   32.084602][   T10]  __writeback_single_inode+0xdc/0xb80
[   32.089887][   T10]  writeback_sb_inodes+0xb32/0x1910
[   32.094926][   T10]  ? queue_io+0x520/0x520
[   32.099070][   T10]  ? _raw_spin_trylock_bh+0x190/0x190
[   32.104310][   T10]  __writeback_inodes_wb+0x118/0x3f0
[   32.109423][   T10]  wb_writeback+0x3cd/0x9f0
[   32.113767][   T10]  ? inode_cgwb_move_to_attached+0x3c0/0x3c0
[   32.119562][   T10]  ? set_worker_desc+0x158/0x1c0
[   32.124341][   T10]  ? cpudl_cleanup+0x40/0x40
[   32.128765][   T10]  ? __kasan_check_write+0x14/0x20
[   32.133718][   T10]  wb_workfn+0xaf9/0x1030
[   32.137889][   T10]  ? inode_wait_for_writeback+0x280/0x280
[   32.143436][   T10]  ? kthread_data+0x53/0xc0
[   32.147777][   T10]  ? finish_task_switch+0x167/0x7b0
[   32.152815][   T10]  ? __kasan_check_read+0x11/0x20
[   32.157659][   T10]  ? read_word_at_a_time+0x12/0x20
[   32.162702][   T10]  ? strscpy+0x9c/0x260
[   32.166690][   T10]  process_one_work+0x73d/0xcb0
[   32.171401][   T10]  worker_thread+0xa60/0x1260
[   32.175921][   T10]  kthread+0x26d/0x300
[   32.179798][   T10]  ? worker_clr_flags+0x1a0/0x1a0
[   32.184664][   T10]  ? kthread_blkcg+0xd0/0xd0
[   32.189096][   T10]  ret_from_fork+0x1f/0x30
[   32.193355][   T10]  </TASK>
[   32.196207][   T10] 
[   32.198378][   T10] The buggy address belongs to stack of task kworker/u4:1/10
[   32.205573][   T10]  and is located at offset 0 in frame:
[   32.211307][   T10]  bpf_trace_run8+0x0/0x330
[   32.215654][   T10] 
[   32.217821][   T10] This frame has 1 object:
[   32.222072][   T10]  [32, 96) 'args'
[   32.222106][   T10] 
[   32.227806][   T10] The buggy address belongs to the virtual mapping at
[   32.227806][   T10]  [ffffc900000a0000, ffffc900000a9000) created by:
[   32.227806][   T10]  copy_process+0x5c3/0x3530
[   32.245249][   T10] 
[   32.247419][   T10] The buggy address belongs to the physical page:
[   32.253757][   T10] page:ffffea0004026180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100986
[   32.263815][   T10] flags: 0x4000000000000000(zone=1)
[   32.268884][   T10] raw: 4000000000000000 0000000000000000 dead000000000122 0000000000000000
[   32.277300][   T10] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   32.285688][   T10] page dumped because: kasan: bad access detected
[   32.291940][   T10] page_owner tracks the page as allocated
[   32.297502][   T10] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x0(), pid 1, tgid 1 (swapper/0), ts 1272388129, free_ts 0
[   32.310699][   T10]  register_early_stack+0x86/0xe0
[   32.315632][   T10]  init_page_owner+0x3d/0x650
[   32.320150][   T10]  page_ext_init+0x3a6/0x3cb
[   32.324576][   T10]  kernel_init_freeable+0x2ec/0x451
[   32.329617][   T10] page_owner free stack trace missing
[   32.334823][   T10] 
[   32.336994][   T10] Memory state around the buggy address:
[   32.342472][   T10]  ffffc900000a6b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.350362][   T10]  ffffc900000a6b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.358269][   T10] >ffffc900000a6c00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[   32.366169][   T10]                                                        ^
[   32.373201][   T10]  ffffc900000a6c80: 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00
[   32.381089][   T10]  ffffc900000a6d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.388990][   T10] ==================================================================
[   32.396996][   T10] Disabling lock debugging due to kernel taint
[   32.403041][   T10] BUG: unable to handle page fault for address: ffffc900000a8000
[   32.410540][   T10] #PF: supervisor read access in kernel mode
[   32.416353][   T10] #PF: error_code(0x0000) - not-present page
[   32.422171][   T10] PGD 100000067 P4D 100000067 PUD 100154067 PMD 100155067 PTE 0
[   32.429749][   T10] Oops: 0000 [#1] PREEMPT SMP KASAN
[   32.434786][   T10] CPU: 1 PID: 10 Comm: kworker/u4:1 Tainted: G    B              6.1.75-syzkaller-00108-g3ca4271578e1 #0
[   32.445802][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   32.455704][   T10] Workqueue: writeback wb_workfn (flush-8:0)
[   32.461516][   T10] RIP: 0010:hash+0x2d8/0xc20
[   32.465944][   T10] Code: 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 2b 01 00 00 4a 8d 7c 36 07 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 43 01 00 00 <42> 03 5c 36 04 4a 8d 7c 36 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84
[   32.485392][   T10] RSP: 0018:ffffc900000a6b68 EFLAGS: 00010282
[   32.491290][   T10] RAX: 0000000000000000 RBX: 00000000557a5ae8 RCX: ffffffff8191c465
[   32.499097][   T10] RDX: dffffc0000000000 RSI: ffffc900000a6c28 RDI: ffffc900000a8003
[   32.506915][   T10] RBP: ffffc900000a6ba8 R08: 00000000ffffec1b R09: fffffbfff0ee5efd
[   32.514721][   T10] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000ce98b9c5
[   32.522538][   T10] R13: 00000000ffffec1b R14: 00000000000013d4 R15: 00000000646888b4
[   32.530349][   T10] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   32.539292][   T10] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   32.545715][   T10] CR2: ffffc900000a8000 CR3: 0000000121434000 CR4: 00000000003506a0
[   32.553525][   T10] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   32.561338][   T10] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   32.569143][   T10] Call Trace:
[   32.572275][   T10]  <TASK>
[   32.575052][   T10]  ? __die_body+0x62/0xb0
[   32.579216][   T10]  ? __die+0x7e/0x90
[   32.582953][   T10]  ? page_fault_oops+0x7f9/0xa90
[   32.587723][   T10]  ? vprintk_emit+0x450/0x450
[   32.592242][   T10]  ? kernelmode_fixup_or_oops+0x270/0x270
[   32.597792][   T10]  ? __kasan_check_write+0x14/0x20
[   32.602854][   T10]  ? is_prefetch+0x47a/0x6d0
[   32.607265][   T10]  ? __wake_up_klogd+0xde/0x110
[   32.611956][   T10]  ? vprintk_emit+0x1c7/0x450
[   32.616475][   T10]  ? printk_sprint+0x430/0x430
[   32.621076][   T10]  ? printk_sprint+0x430/0x430
[   32.625679][   T10]  ? kernelmode_fixup_or_oops+0x21b/0x270
[   32.631232][   T10]  ? __bad_area_nosemaphore+0xcf/0x620
[   32.636518][   T10]  ? _printk+0xd1/0x111
[   32.640513][   T10]  ? irqentry_exit+0x30/0x40
[   32.644960][   T10]  ? bad_area_nosemaphore+0x2d/0x40
[   32.649980][   T10]  ? do_kern_addr_fault+0x69/0x80
[   32.654841][   T10]  ? exc_page_fault+0x513/0x700
[   32.659524][   T10]  ? __kasan_check_write+0x14/0x20
[   32.664477][   T10]  ? asm_exc_page_fault+0x27/0x30
[   32.669474][   T10]  ? hash+0x435/0xc20
[   32.673285][   T10]  ? hash+0x2d8/0xc20
[   32.677100][   T10]  ? hash+0x435/0xc20
[   32.680924][   T10]  bloom_map_peek_elem+0xac/0x1a0
[   32.685793][   T10]  bpf_prog_00798911c748094f+0x3a/0x3e
[   32.691078][   T10]  bpf_trace_run8+0x1f8/0x330
[   32.695592][   T10]  ? bpf_trace_run7+0x370/0x370
[   32.700280][   T10]  ? __kasan_check_write+0x14/0x20
[   32.705234][   T10]  __bpf_trace_jbd2_handle_stats+0x4a/0x60
[   32.710871][   T10]  ? __bpf_trace_jbd2_handle_extend+0x60/0x60
[   32.716765][   T10]  __traceiter_jbd2_handle_stats+0x96/0xf0
[   32.722418][   T10]  jbd2_journal_stop+0xc11/0xc70
[   32.727198][   T10]  ? jbd2_journal_start_reserved+0x410/0x410
[   32.733009][   T10]  __ext4_journal_stop+0x111/0x1c0
[   32.737954][   T10]  ext4_writepages+0x130b/0x3fd0
[   32.742776][   T10]  ? ext4_read_folio+0x240/0x240
[   32.747609][   T10]  ? __stack_depot_save+0x36/0x480
[   32.752567][   T10]  ? ____kasan_slab_free+0x131/0x180
[   32.757673][   T10]  ? __kasan_slab_free+0x11/0x20
[   32.762445][   T10]  ? kmem_cache_free+0x291/0x510
[   32.767223][   T10]  ? ext4_es_free_extent+0x1f6/0x4c0
[   32.772345][   T10]  ? ext4_es_insert_extent+0x4da/0x2ff0
[   32.777723][   T10]  ? ext4_map_blocks+0xe1d/0x1ca0
[   32.782587][   T10]  ? ext4_convert_unwritten_extents+0x2e0/0x6c0
[   32.788674][   T10]  ? __kasan_check_write+0x14/0x20
[   32.793620][   T10]  ? ext4_read_folio+0x240/0x240
[   32.798387][   T10]  do_writepages+0x385/0x620
[   32.802821][   T10]  ? __writepage+0x130/0x130
[   32.807240][   T10]  ? __crc32c_le_base+0x6e5/0xd60
[   32.812101][   T10]  ? folio_mark_accessed+0x211/0x650
[   32.817248][   T10]  __writeback_single_inode+0xdc/0xb80
[   32.822522][   T10]  writeback_sb_inodes+0xb32/0x1910
[   32.827577][   T10]  ? queue_io+0x520/0x520
[   32.831716][   T10]  ? _raw_spin_trylock_bh+0x190/0x190
[   32.836953][   T10]  __writeback_inodes_wb+0x118/0x3f0
[   32.842061][   T10]  wb_writeback+0x3cd/0x9f0
[   32.846403][   T10]  ? inode_cgwb_move_to_attached+0x3c0/0x3c0
[   32.852203][   T10]  ? set_worker_desc+0x158/0x1c0
[   32.856977][   T10]  ? cpudl_cleanup+0x40/0x40
[   32.861407][   T10]  ? __kasan_check_write+0x14/0x20
[   32.866364][   T10]  wb_workfn+0xaf9/0x1030
[   32.870539][   T10]  ? inode_wait_for_writeback+0x280/0x280
[   32.876075][   T10]  ? kthread_data+0x53/0xc0
[   32.880418][   T10]  ? finish_task_switch+0x167/0x7b0
[   32.885460][   T10]  ? __kasan_check_read+0x11/0x20
[   32.890307][   T10]  ? read_word_at_a_time+0x12/0x20
[   32.895256][   T10]  ? strscpy+0x9c/0x260
[   32.899251][   T10]  process_one_work+0x73d/0xcb0
[   32.903947][   T10]  worker_thread+0xa60/0x1260
[   32.908475][   T10]  kthread+0x26d/0x300
[   32.912356][   T10]  ? worker_clr_flags+0x1a0/0x1a0
[   32.917216][   T10]  ? kthread_blkcg+0xd0/0xd0
[   32.921644][   T10]  ret_from_fork+0x1f/0x30
[   32.925908][   T10]  </TASK>
[   32.928761][   T10] Modules linked in:
[   32.932495][   T10] CR2: ffffc900000a8000
[   32.936487][   T10] ---[ end trace 0000000000000000 ]---
[   32.941775][   T10] RIP: 0010:hash+0x2d8/0xc20
[   32.946208][   T10] Code: 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 2b 01 00 00 4a 8d 7c 36 07 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 43 01 00 00 <42> 03 5c 36 04 4a 8d 7c 36 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84
[   32.965649][   T10] RSP: 0018:ffffc900000a6b68 EFLAGS: 00010282
[   32.971548][   T10] RAX: 0000000000000000 RBX: 00000000557a5ae8 RCX: ffffffff8191c465
[   32.979365][   T10] RDX: dffffc0000000000 RSI: ffffc900000a6c28 RDI: ffffc900000a8003
[   32.987173][   T10] RBP: ffffc900000a6ba8 R08: 00000000ffffec1b R09: fffffbfff0ee5efd
[   32.994986][   T10] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000ce98b9c5
[   33.002798][   T10] R13: 00000000ffffec1b R14: 00000000000013d4 R15: 00000000646888b4
[   33.010609][   T10] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   33.019374][   T10] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   33.025798][   T10] CR2: ffffc900000a8000 CR3: 0000000121434000 CR4: 00000000003506a0
[   33.033619][   T10] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   33.041424][   T10] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   33.049241][   T10] Kernel panic - not syncing: Fatal exception
[   33.055277][   T10] Kernel Offset: disabled
[   33.059434][   T10] Rebooting in 86400 seconds..