kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in ./include/linux/context_tracking.h:126:25
index 3480007168 is out of range for type 'unsigned long[8]'
CPU: 1 UID: 0 PID: 5432 Comm: syz.2.29 Tainted: G W 6.11.0-rc4-next-20240820-syzkaller #0
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
ubsan_epilogue lib/ubsan.c:231 [inline]
__ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429
rcu_is_watching_curr_cpu include/linux/context_tracking.h:126 [inline]
rcu_is_watching+0xa5/0xb0 kernel/rcu/tree.c:737
---[ end trace ]---
Oops: general protection fault, probably for non-canonical address 0xdffffc00c131ff4a: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: probably user-memory-access in range [0x00000006098ffa50-0x00000006098ffa57]
CPU: 1 UID: 0 PID: 5432 Comm: syz.2.29 Tainted: G W 6.11.0-rc4-next-20240820-syzkaller #0
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:rcu_is_watching_curr_cpu include/linux/context_tracking.h:126 [inline]
RIP: 0010:rcu_is_watching+0x35/0xb0 kernel/rcu/tree.c:737
Code: 05 78 be 89 7e e8 bb 63 41 0a 89 c3 83 f8 08 73 7a 49 bf 00 00 00 00 00 fc ff df 4c 8d 34 dd 50 6a 2a 8e 4c 89 f0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 f7 e8 5c 2c 82 00 48 c7 c3 78 7c 03 00
RSP: 0018:ffffc90004364320 EFLAGS: 00010002
RAX: 00000000c131ff4a RBX: 00000000cf6cb200 RCX: 0000000000040000
RDX: ffffc90008eb9000 RSI: 000000000003ffff RDI: 0000000000040000
RBP: ffffffff9312a1a0 R08: ffffffff81559ab9 R09: fffffbfff262856c
R10: dffffc0000000000 R11: fffffbfff262856c R12: 867bc51dcf6cb200
R13: 0000000000000000 R14: 00000006098ffa50 R15: dffffc0000000000
FS: 00007f144f9f56c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8880298e9e00 CR3: 0000000065e66000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:rcu_is_watching_curr_cpu include/linux/context_tracking.h:126 [inline]
RIP: 0010:rcu_is_watching+0x35/0xb0 kernel/rcu/tree.c:737
Code: 05 78 be 89 7e e8 bb 63 41 0a 89 c3 83 f8 08 73 7a 49 bf 00 00 00 00 00 fc ff df 4c 8d 34 dd 50 6a 2a 8e 4c 89 f0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 f7 e8 5c 2c 82 00 48 c7 c3 78 7c 03 00
RSP: 0018:ffffc90004364320 EFLAGS: 00010002
RAX: 00000000c131ff4a RBX: 00000000cf6cb200 RCX: 0000000000040000
RDX: ffffc90008eb9000 RSI: 000000000003ffff RDI: 0000000000040000
RBP: ffffffff9312a1a0 R08: ffffffff81559ab9 R09: fffffbfff262856c
R10: dffffc0000000000 R11: fffffbfff262856c R12: 867bc51dcf6cb200
R13: 0000000000000000 R14: 00000006098ffa50 R15: dffffc0000000000
FS: 00007f144f9f56c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8880298e9e00 CR3: 0000000065e66000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 05 78 be 89 7e add $0x7e89be78,%eax
5: e8 bb 63 41 0a call 0xa4163c5
a: 89 c3 mov %eax,%ebx
c: 83 f8 08 cmp $0x8,%eax
f: 73 7a jae 0x8b
11: 49 bf 00 00 00 00 00 movabs $0xdffffc0000000000,%r15
18: fc ff df
1b: 4c 8d 34 dd 50 6a 2a lea -0x71d595b0(,%rbx,8),%r14
22: 8e
23: 4c 89 f0 mov %r14,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1) <-- trapping instruction
2f: 74 08 je 0x39
31: 4c 89 f7 mov %r14,%rdi
34: e8 5c 2c 82 00 call 0x822c95
39: 48 c7 c3 78 7c 03 00 mov $0x37c78,%rbx