BUG: unable to handle page fault for address: fffffbfffbc00000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 23ffe4067 P4D 23ffe4067 PUD 23ffe3067 PMD 0
Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 5525 Comm: dhcpcd-run-hook Not tainted 6.12.0-rc1-next-20241003-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:87 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:104 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:129 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:161 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]
RIP: 0010:kasan_check_range+0x82/0x290 mm/kasan/generic.c:189
Code: 01 00 00 00 00 fc ff df 4f 8d 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd <41> 80 3b 00 0f 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee e9 1e 01 00
RSP: 0018:ffffc900000073f8 EFLAGS: 00010286
RAX: 0000000000000001 RBX: 1ffffffffbc00000 RCX: ffffffff81cf410f
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffffde000000
RBP: ffffffffffffffff R08: ffffffffde000003 R09: 1ffffffffbc00000
R10: dffffc0000000000 R11: fffffbfffbc00000 R12: ffffffffde000000
R13: 0000000000000004 R14: dffffc0000000001 R15: fffffbfffbc00001
FS: 00007f1f5fc27380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffbfffbc00000 CR3: 0000000079c62000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
instrument_read include/linux/instrumented.h:26 [inline]
copy_from_kernel_nofault+0x6f/0x2f0 mm/maccess.c:35
bpf_probe_read_kernel_common include/linux/bpf.h:2960 [inline]
____bpf_probe_read_compat kernel/trace/bpf_trace.c:294 [inline]
bpf_probe_read_compat+0x10f/0x180 kernel/trace/bpf_trace.c:287
bpf_prog_19cf62d422e78662+0x43/0x45
bpf_dispatcher_nop_func include/linux/bpf.h:1257 [inline]
__bpf_prog_run include/linux/filter.h:701 [inline]
bpf_prog_run include/linux/filter.h:708 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2318 [inline]
bpf_trace_run3+0x33a/0x5a0 kernel/trace/bpf_trace.c:2360
trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
kmem_cache_free+0x367/0x410 mm/slub.c:4689
skb_kfree_head net/core/skbuff.c:1084 [inline]
skb_free_head net/core/skbuff.c:1098 [inline]
skb_release_data+0x677/0x8a0 net/core/skbuff.c:1125
skb_release_all net/core/skbuff.c:1190 [inline]
__kfree_skb net/core/skbuff.c:1204 [inline]
sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242
kfree_skb_reason include/linux/skbuff.h:1262 [inline]
kfree_skb include/linux/skbuff.h:1271 [inline]
ip6_mc_input+0xa1f/0xc30 net/ipv6/ip6_input.c:587
NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314
__netif_receive_skb_one_core net/core/dev.c:5666 [inline]
__netif_receive_skb+0x1ea/0x650 net/core/dev.c:5779
process_backlog+0x662/0x15b0 net/core/dev.c:6111
__napi_poll+0xcb/0x490 net/core/dev.c:6775
napi_poll net/core/dev.c:6844 [inline]
net_rx_action+0x89b/0x1240 net/core/dev.c:6966
handle_softirqs+0x2c5/0x980 kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
sysvec_call_function_single+0xa3/0xc0 arch/x86/kernel/smp.c:266
asm_sysvec_call_function_single+0x1a/0x20 arch/x86/include/asm/idtentry.h:709
RIP: 0010:arch_static_branch arch/x86/include/asm/jump_label.h:27 [inline]
RIP: 0010:slab_want_init_on_free mm/slab.h:667 [inline]
RIP: 0010:maybe_wipe_obj_freeptr mm/slub.c:4034 [inline]
RIP: 0010:slab_alloc_node mm/slub.c:4133 [inline]
RIP: 0010:__do_kmalloc_node mm/slub.c:4272 [inline]
RIP: 0010:__kmalloc_noprof+0x1da/0x4c0 mm/slub.c:4285
Code: 00 48 c1 e9 3a 48 0f a3 48 08 0f 82 63 ff ff ff e8 9b a5 08 00 41 89 c0 e9 56 ff ff ff 41 8b 46 28 0f 0d 0c 03 4c 89 6c 24 10 <0f> 1f 44 00 00 0f 1f 44 00 00 49 83 7e 48 00 4c 8b 2c 24 74 04 31
RSP: 0018:ffffc90004357900 EFLAGS: 00000282
RAX: ffff888073192c00 RBX: ffffea0000a29e40 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: ffffffff8c0acac0 RDI: 0000000000000001
RBP: 0000000000000000 R08: ffffffff942d2847 R09: 1ffffffff285a508
R10: dffffc0000000000 R11: fffffbfff285a509 R12: 0000000000000d40
R13: ffff888073192c00 R14: ffff88801ac41780 R15: 0000000000089ce0
kmalloc_noprof include/linux/slab.h:882 [inline]
kzalloc_noprof include/linux/slab.h:1014 [inline]
tomoyo_encode2 security/tomoyo/realpath.c:45 [inline]
tomoyo_encode+0x26f/0x540 security/tomoyo/realpath.c:80
tomoyo_realpath_from_path+0x59e/0x5e0 security/tomoyo/realpath.c:283
tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
tomoyo_path_perm+0x2b7/0x740 security/tomoyo/file.c:822
security_inode_getattr+0x130/0x330 security/security.c:2373
vfs_getattr+0x45/0x430 fs/stat.c:242
vfs_fstat fs/stat.c:267 [inline]
vfs_fstatat+0xe4/0x190 fs/stat.c:376
__do_sys_newfstatat fs/stat.c:543 [inline]
__se_sys_newfstatat fs/stat.c:537 [inline]
__x64_sys_newfstatat+0x11d/0x1a0 fs/stat.c:537
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1f5fd7b5f4
Code: 64 c7 00 09 00 00 00 83 c8 ff c3 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 00 00 00 00 41 89 ca b8 06 01 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 10 48 8b 15 03 a8 0d 00 f7 d8 41 83 c8
RSP: 002b:00007ffcc4f21148 EFLAGS: 00000206 ORIG_RAX: 0000000000000106
RAX: ffffffffffffffda RBX: 00007f1f5fe53460 RCX: 00007f1f5fd7b5f4
RDX: 00007ffcc4f21150 RSI: 00007f1f5fe18130 RDI: 0000000000000003
RBP: 000055fe6ed802a0 R08: 0000000000000000 R09: 00007f1f5fe56b70
R10: 0000000000001000 R11: 0000000000000206 R12: 00007ffcc4f212b0
R13: 00007ffcc4f212b0 R14: 000000000000000a R15: 0000000000000000
Modules linked in:
CR2: fffffbfffbc00000
---[ end trace 0000000000000000 ]---
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:87 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:104 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:129 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:161 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]
RIP: 0010:kasan_check_range+0x82/0x290 mm/kasan/generic.c:189
Code: 01 00 00 00 00 fc ff df 4f 8d 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd <41> 80 3b 00 0f 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee e9 1e 01 00
RSP: 0018:ffffc900000073f8 EFLAGS: 00010286
RAX: 0000000000000001 RBX: 1ffffffffbc00000 RCX: ffffffff81cf410f
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffffde000000
RBP: ffffffffffffffff R08: ffffffffde000003 R09: 1ffffffffbc00000
R10: dffffc0000000000 R11: fffffbfffbc00000 R12: ffffffffde000000
R13: 0000000000000004 R14: dffffc0000000001 R15: fffffbfffbc00001
FS: 00007f1f5fc27380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffbfffbc00000 CR3: 0000000079c62000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 7 bytes skipped:
0: df 4f 8d fisttps -0x73(%rdi)
3: 3c 31 cmp $0x31,%al
5: 4c 89 fd mov %r15,%rbp
8: 4c 29 dd sub %r11,%rbp
b: 48 83 fd 10 cmp $0x10,%rbp
f: 7f 29 jg 0x3a
11: 48 85 ed test %rbp,%rbp
14: 0f 84 3e 01 00 00 je 0x158
1a: 4c 89 cd mov %r9,%rbp
1d: 48 f7 d5 not %rbp
20: 48 01 dd add %rbx,%rbp
* 23: 41 80 3b 00 cmpb $0x0,(%r11) <-- trapping instruction
27: 0f 85 c9 01 00 00 jne 0x1f6
2d: 49 ff c3 inc %r11
30: 48 ff c5 inc %rbp
33: 75 ee jne 0x23
35: e9 .byte 0xe9
36: 1e (bad)
37: 01 00 add %eax,(%rax)