./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4152719579
<...>
Warning: Permanently added '10.128.0.24' (ED25519) to the list of known hosts.
execve("./syz-executor4152719579", ["./syz-executor4152719579"], 0x7fff8475f3c0 /* 10 vars */) = 0
brk(NULL) = 0x555594583000
brk(0x555594583d00) = 0x555594583d00
arch_prctl(ARCH_SET_FS, 0x555594583380) = 0
set_tid_address(0x555594583650) = 5101
set_robust_list(0x555594583660, 24) = 0
rseq(0x555594583ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor4152719579", 4096) = 28
getrandom("\xd1\x1b\xb6\x02\x6f\x2e\x47\xf3", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555594583d00
brk(0x5555945a4d00) = 0x5555945a4d00
brk(0x5555945a5000) = 0x5555945a5000
mprotect(0x7fcdf6d61000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594583650) = 5102
./strace-static-x86_64: Process 5102 attached
[pid 5102] set_robust_list(0x555594583660, 24) = 0
[pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5102] setpgid(0, 0) = 0
[pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5102] write(3, "1000", 4) = 4
[pid 5102] close(3) = 0
[pid 5102] write(1, "executing program\n", 18executing program
) = 18
[ 77.604178][ T5102] ==================================================================
[ 77.612501][ T5102] BUG: KASAN: slab-out-of-bounds in btf_datasec_check_meta+0x2c9/0x9a0
[ 77.620768][ T5102] Read of size 1 at addr ffff888029adcfba by task syz-executor415/5102
[ 77.629050][ T5102]
[ 77.631384][ T5102] CPU: 1 PID: 5102 Comm: syz-executor415 Not tainted 6.10.0-syzkaller-04488-g0986ac1408ab #0
[ 77.641620][ T5102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 77.651695][ T5102] Call Trace:
[ 77.654997][ T5102]
[ 77.657933][ T5102] dump_stack_lvl+0x241/0x360
[ 77.662626][ T5102] ? __pfx_dump_stack_lvl+0x10/0x10
[ 77.667831][ T5102] ? __pfx__printk+0x10/0x10
[ 77.672434][ T5102] ? _printk+0xd5/0x120
[ 77.676599][ T5102] ? __virt_addr_valid+0x183/0x530
[ 77.681723][ T5102] ? __virt_addr_valid+0x183/0x530
[ 77.686858][ T5102] print_report+0x169/0x550
[ 77.691373][ T5102] ? __virt_addr_valid+0x183/0x530
[ 77.696496][ T5102] ? __virt_addr_valid+0x183/0x530
[ 77.701629][ T5102] ? __virt_addr_valid+0x45f/0x530
[ 77.707014][ T5102] ? __phys_addr+0xba/0x170
[ 77.711534][ T5102] ? btf_datasec_check_meta+0x2c9/0x9a0
[ 77.717085][ T5102] kasan_report+0x143/0x180
[ 77.721606][ T5102] ? btf_datasec_check_meta+0x2c9/0x9a0
[ 77.727162][ T5102] btf_datasec_check_meta+0x2c9/0x9a0
[ 77.732555][ T5102] btf_parse_type_sec+0x4d5/0x2620
[ 77.737677][ T5102] ? bpf_verifier_vlog+0x1c9/0x860
[ 77.742803][ T5102] ? btf_check_sec_info+0x379/0x4f0
[ 77.748008][ T5102] ? __pfx_btf_parse_type_sec+0x10/0x10
[ 77.753593][ T5102] ? btf_parse_str_sec+0x21f/0x2b0
[ 77.758710][ T5102] btf_new_fd+0x43f/0xd30
[ 77.763071][ T5102] ? __pfx_btf_new_fd+0x10/0x10
[ 77.767931][ T5102] ? bpf_btf_load+0xcf/0x1a0
[ 77.772524][ T5102] __sys_bpf+0x6ef/0x810
[ 77.776784][ T5102] ? __pfx___sys_bpf+0x10/0x10
[ 77.781573][ T5102] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 77.787909][ T5102] ? exc_page_fault+0x590/0x8c0
[ 77.792822][ T5102] __x64_sys_bpf+0x7c/0x90
[ 77.797274][ T5102] do_syscall_64+0xf3/0x230
[ 77.801822][ T5102] ? clear_bhb_loop+0x35/0x90
[ 77.806523][ T5102] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.812442][ T5102] RIP: 0033:0x7fcdf6ceeaf9
[ 77.816879][ T5102] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 77.836626][ T5102] RSP: 002b:00007ffd0a99bdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 77.845081][ T5102] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdf6ceeaf9
[ 77.853081][ T5102] RDX: 0000000000000020 RSI: 0000000020000000 RDI: 0000000000000012
[ 77.861188][ T5102] RBP: 00007fcdf6d615f0 R08: 0000000000000000 R09: 0000000000000006
[ 77.869249][ T5102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 77.877220][ T5102] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 77.885291][ T5102]
[ 77.888308][ T5102]
[ 77.890652][ T5102] Allocated by task 5102:
[ 77.894976][ T5102] kasan_save_track+0x3f/0x80
[ 77.899669][ T5102] __kasan_kmalloc+0x98/0xb0
[ 77.904282][ T5102] __kmalloc_node_noprof+0x22a/0x440
[ 77.909656][ T5102] kvmalloc_node_noprof+0x72/0x190
[ 77.914770][ T5102] btf_new_fd+0x265/0xd30
[ 77.919103][ T5102] __sys_bpf+0x6ef/0x810
[ 77.923345][ T5102] __x64_sys_bpf+0x7c/0x90
[ 77.928033][ T5102] do_syscall_64+0xf3/0x230
[ 77.932537][ T5102] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.938435][ T5102]
[ 77.940758][ T5102] The buggy address belongs to the object at ffff888029adcf80
[ 77.940758][ T5102] which belongs to the cache kmalloc-64 of size 64
[ 77.954636][ T5102] The buggy address is located 0 bytes to the right of
[ 77.954636][ T5102] allocated 58-byte region [ffff888029adcf80, ffff888029adcfba)
[ 77.969040][ T5102]
[ 77.971363][ T5102] The buggy address belongs to the physical page:
[ 77.977785][ T5102] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29adc
[ 77.986644][ T5102] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 77.993762][ T5102] page_type: 0xffffefff(slab)
[ 77.998440][ T5102] raw: 00fff00000000000 ffff8880150418c0 ffffea0000b4d680 dead000000000002
[ 78.007027][ T5102] raw: 0000000000000000 0000000080200020 00000001ffffefff 0000000000000000
[ 78.015606][ T5102] page dumped because: kasan: bad access detected
[ 78.022136][ T5102] page_owner tracks the page as allocated
[ 78.027867][ T5102] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4534, tgid 4534 (acpid), ts 28312608338, free_ts 28307714639
[ 78.046369][ T5102] post_alloc_hook+0x1f3/0x230
[ 78.051146][ T5102] get_page_from_freelist+0x2e4c/0x2f10
[ 78.056699][ T5102] __alloc_pages_noprof+0x256/0x6c0
[ 78.061912][ T5102] alloc_slab_page+0x5f/0x120
[ 78.066607][ T5102] allocate_slab+0x5a/0x2f0
[ 78.071118][ T5102] ___slab_alloc+0xcd1/0x14b0
[ 78.075802][ T5102] __slab_alloc+0x58/0xa0
[ 78.080134][ T5102] __kmalloc_noprof+0x257/0x400
[ 78.085016][ T5102] tomoyo_commit_ok+0x29/0x1d0
[ 78.089806][ T5102] tomoyo_update_domain+0x557/0x8b0
[ 78.095004][ T5102] tomoyo_write_file+0x397/0xe50
[ 78.099943][ T5102] tomoyo_write_domain2+0x1e0/0x250
[ 78.105153][ T5102] tomoyo_supervisor+0xf09/0x11f0
[ 78.110190][ T5102] tomoyo_path_permission+0x243/0x360
[ 78.115575][ T5102] tomoyo_check_open_permission+0x2fb/0x500
[ 78.121479][ T5102] security_file_open+0x6a/0x750
[ 78.126422][ T5102] page last free pid 4534 tgid 4534 stack trace:
[ 78.132744][ T5102] free_unref_folios+0xf23/0x19e0
[ 78.137859][ T5102] folios_put_refs+0x93a/0xa60
[ 78.142630][ T5102] free_pages_and_swap_cache+0x5c8/0x690
[ 78.148301][ T5102] tlb_flush_mmu+0x3a3/0x680
[ 78.152900][ T5102] tlb_finish_mmu+0xd4/0x200
[ 78.157501][ T5102] exit_mmap+0x44f/0xc80
[ 78.161752][ T5102] __mmput+0x115/0x390
[ 78.165825][ T5102] exec_mmap+0x680/0x710
[ 78.170094][ T5102] begin_new_exec+0x125f/0x1f50
[ 78.174954][ T5102] load_elf_binary+0x969/0x2680
[ 78.179814][ T5102] bprm_execve+0xaf8/0x1770
[ 78.184333][ T5102] do_execveat_common+0x55f/0x6f0
[ 78.189370][ T5102] __x64_sys_execve+0x92/0xb0
[ 78.194055][ T5102] do_syscall_64+0xf3/0x230
[ 78.198565][ T5102] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.204465][ T5102]
[ 78.206793][ T5102] Memory state around the buggy address:
[ 78.212421][ T5102] ffff888029adce80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 78.220492][ T5102] ffff888029adcf00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 78.228571][ T5102] >ffff888029adcf80: 00 00 00 00 00 00 00 02 fc fc fc fc fc fc fc fc
[ 78.236651][ T5102] ^
[ 78.242539][ T5102] ffff888029add000: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc 00 00
[ 78.250601][ T5102] ffff888029add080: 00 00 00 00 00 00 00 00 fc fc fc fc 00 00 00 00
[ 78.258750][ T5102] ==================================================================
[ 78.267541][ T5102] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 78.274779][ T5102] CPU: 0 PID: 5102 Comm: syz-executor415 Not tainted 6.10.0-syzkaller-04488-g0986ac1408ab #0
[ 78.284971][ T5102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 78.295051][ T5102] Call Trace:
[ 78.298340][ T5102]
[ 78.301274][ T5102] dump_stack_lvl+0x241/0x360
[ 78.305968][ T5102] ? __pfx_dump_stack_lvl+0x10/0x10
[ 78.311316][ T5102] ? __pfx__printk+0x10/0x10
[ 78.315911][ T5102] ? preempt_schedule+0xe1/0xf0
[ 78.320772][ T5102] ? vscnprintf+0x5d/0x90
[ 78.325112][ T5102] panic+0x349/0x860
[ 78.329011][ T5102] ? check_panic_on_warn+0x21/0xb0
[ 78.334139][ T5102] ? __pfx_panic+0x10/0x10
[ 78.338564][ T5102] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 78.344643][ T5102] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 78.350979][ T5102] ? print_report+0x502/0x550
[ 78.355848][ T5102] check_panic_on_warn+0x86/0xb0
[ 78.360885][ T5102] ? btf_datasec_check_meta+0x2c9/0x9a0
[ 78.366444][ T5102] end_report+0x77/0x160
[ 78.370705][ T5102] kasan_report+0x154/0x180
[ 78.375221][ T5102] ? btf_datasec_check_meta+0x2c9/0x9a0
[ 78.380787][ T5102] btf_datasec_check_meta+0x2c9/0x9a0
[ 78.386172][ T5102] btf_parse_type_sec+0x4d5/0x2620
[ 78.391292][ T5102] ? bpf_verifier_vlog+0x1c9/0x860
[ 78.396416][ T5102] ? btf_check_sec_info+0x379/0x4f0
[ 78.401625][ T5102] ? __pfx_btf_parse_type_sec+0x10/0x10
[ 78.407178][ T5102] ? btf_parse_str_sec+0x21f/0x2b0
[ 78.412296][ T5102] btf_new_fd+0x43f/0xd30
[ 78.416641][ T5102] ? __pfx_btf_new_fd+0x10/0x10
[ 78.421502][ T5102] ? bpf_btf_load+0xcf/0x1a0
[ 78.426101][ T5102] __sys_bpf+0x6ef/0x810
[ 78.430350][ T5102] ? __pfx___sys_bpf+0x10/0x10
[ 78.435298][ T5102] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 78.441633][ T5102] ? exc_page_fault+0x590/0x8c0
[ 78.446499][ T5102] __x64_sys_bpf+0x7c/0x90
[ 78.450928][ T5102] do_syscall_64+0xf3/0x230
[ 78.455444][ T5102] ? clear_bhb_loop+0x35/0x90
[ 78.460136][ T5102] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.466037][ T5102] RIP: 0033:0x7fcdf6ceeaf9
[ 78.470630][ T5102] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 78.490241][ T5102] RSP: 002b:00007ffd0a99bdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 78.498667][ T5102] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdf6ceeaf9
[ 78.506644][ T5102] RDX: 0000000000000020 RSI: 0000000020000000 RDI: 0000000000000012
[ 78.514619][ T5102] RBP: 00007fcdf6d615f0 R08: 0000000000000000 R09: 0000000000000006
[ 78.522592][ T5102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 78.530739][ T5102] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 78.538720][ T5102]
[ 78.541972][ T5102] Kernel Offset: disabled
[ 78.546303][ T5102] Rebooting in 86400 seconds..