./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1864130406

<...>
Warning: Permanently added '10.128.1.159' (ECDSA) to the list of known hosts.
execve("./syz-executor1864130406", ["./syz-executor1864130406"], 0x7fff094a1670 /* 10 vars */) = 0
brk(NULL)                               = 0x555555e35000
brk(0x555555e35c40)                     = 0x555555e35c40
arch_prctl(ARCH_SET_FS, 0x555555e35300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1864130406", 4096) = 28
brk(0x555555e56c40)                     = 0x555555e56c40
brk(0x555555e57000)                     = 0x555555e57000
mprotect(0x7ff1fb1fe000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
syzkaller login: [   55.482477][ T5067] ==================================================================
[   55.490550][ T5067] BUG: KASAN: slab-out-of-bounds in copy_verifier_state+0x130/0xbe0
[   55.498517][ T5067] Write of size 80 at addr ffff888022c71000 by task syz-executor186/5067
[   55.506904][ T5067] 
[   55.509207][ T5067] CPU: 0 PID: 5067 Comm: syz-executor186 Not tainted 6.1.0-syzkaller-10971-g041fae9c105a #0
[   55.519247][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   55.529301][ T5067] Call Trace:
[   55.532559][ T5067]  <TASK>
[   55.535477][ T5067]  dump_stack_lvl+0x1e3/0x2d0
[   55.540155][ T5067]  ? nf_tcp_handle_invalid+0x630/0x630
[   55.545600][ T5067]  ? __wake_up_klogd+0xcd/0x100
[   55.550433][ T5067]  ? panic+0x770/0x770
[   55.554484][ T5067]  ? _printk+0xcf/0x110
[   55.558620][ T5067]  ? _raw_spin_lock_irqsave+0xac/0x120
[   55.564064][ T5067]  print_address_description+0x74/0x340
[   55.569593][ T5067]  print_report+0x107/0x220
[   55.574078][ T5067]  ? __virt_addr_valid+0x21b/0x2d0
[   55.579172][ T5067]  ? __phys_addr+0xb5/0x160
[   55.583658][ T5067]  ? copy_verifier_state+0x130/0xbe0
[   55.588926][ T5067]  kasan_report+0x139/0x170
[   55.593426][ T5067]  ? copy_verifier_state+0x130/0xbe0
[   55.598704][ T5067]  kasan_check_range+0x2a7/0x2e0
[   55.603635][ T5067]  ? copy_verifier_state+0x130/0xbe0
[   55.608933][ T5067]  memcpy+0x3c/0x60
[   55.612731][ T5067]  copy_verifier_state+0x130/0xbe0
[   55.617833][ T5067]  ? __kasan_krealloc+0xbf/0xf0
[   55.622672][ T5067]  ? do_check+0x9433/0x107b0
[   55.627253][ T5067]  do_check+0x8e51/0x107b0
[   55.631679][ T5067]  ? init_func_state+0x3a0/0x3a0
[   55.636607][ T5067]  ? mark_reg_not_init+0x91/0x650
[   55.641622][ T5067]  ? memcpy+0x3c/0x60
[   55.645593][ T5067]  do_check_common+0x909/0x1800
[   55.650444][ T5067]  bpf_check+0x107e2/0x16170
[   55.655031][ T5067]  ? validate_chain+0x126/0x6470
[   55.659963][ T5067]  ? validate_chain+0x126/0x6470
[   55.664895][ T5067]  ? validate_chain+0x126/0x6470
[   55.669822][ T5067]  ? reacquire_held_locks+0x680/0x680
[   55.675184][ T5067]  ? validate_chain+0x126/0x6470
[   55.680110][ T5067]  ? reacquire_held_locks+0x680/0x680
[   55.685473][ T5067]  ? validate_chain+0x126/0x6470
[   55.690401][ T5067]  ? validate_chain+0x126/0x6470
[   55.695338][ T5067]  ? bpf_get_btf_vmlinux+0x10/0x10
[   55.700455][ T5067]  ? validate_chain+0x126/0x6470
[   55.705401][ T5067]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   55.711554][ T5067]  ? reacquire_held_locks+0x680/0x680
[   55.716931][ T5067]  ? reacquire_held_locks+0x680/0x680
[   55.722302][ T5067]  ? mark_lock+0x9a/0x350
[   55.726625][ T5067]  ? mark_lock+0x9a/0x350
[   55.730945][ T5067]  ? reacquire_held_locks+0x680/0x680
[   55.736313][ T5067]  ? __lock_acquire+0x1292/0x1f60
[   55.741328][ T5067]  ? pcpu_alloc+0xe4e/0x14e0
[   55.745909][ T5067]  ? rcu_read_lock_sched_held+0x89/0x130
[   55.751537][ T5067]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   55.757508][ T5067]  ? mark_lock+0x9a/0x350
[   55.761830][ T5067]  ? ktime_get_with_offset+0x125/0x360
[   55.767278][ T5067]  ? rcu_read_lock_sched_held+0x89/0x130
[   55.772989][ T5067]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   55.778970][ T5067]  ? read_lock_is_recursive+0x10/0x10
[   55.784329][ T5067]  ? ktime_get_with_offset+0x125/0x360
[   55.789777][ T5067]  ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[   55.795749][ T5067]  ? print_irqtrace_events+0x220/0x220
[   55.801199][ T5067]  ? ktime_get_with_offset+0x125/0x360
[   55.806644][ T5067]  ? seqcount_lockdep_reader_access+0x153/0x220
[   55.812871][ T5067]  ? lockdep_hardirqs_on+0x95/0x140
[   55.818073][ T5067]  ? seqcount_lockdep_reader_access+0x1d3/0x220
[   55.824316][ T5067]  ? ktime_get_real_ts64+0x4b0/0x4b0
[   55.829607][ T5067]  ? _raw_spin_unlock+0x24/0x40
[   55.834456][ T5067]  ? find_vmap_area+0x104/0x120
[   55.839303][ T5067]  ? check_heap_object+0x7f/0x810
[   55.844320][ T5067]  ? memset+0x1f/0x40
[   55.848298][ T5067]  ? bpf_obj_name_cpy+0x191/0x1d0
[   55.853320][ T5067]  bpf_prog_load+0x1306/0x1be0
[   55.858080][ T5067]  ? map_freeze+0x340/0x340
[   55.862574][ T5067]  ? __might_sleep+0xc0/0xc0
[   55.867164][ T5067]  ? __might_fault+0xb2/0x110
[   55.871838][ T5067]  ? bpf_lsm_bpf+0x5/0x10
[   55.876160][ T5067]  ? security_bpf+0x9d/0xb0
[   55.880660][ T5067]  __sys_bpf+0x396/0x6d0
[   55.884899][ T5067]  ? _raw_spin_unlock_irq+0x1f/0x40
[   55.890110][ T5067]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[   55.895495][ T5067]  ? print_irqtrace_events+0x220/0x220
[   55.900954][ T5067]  ? print_irqtrace_events+0x220/0x220
[   55.906414][ T5067]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   55.912396][ T5067]  __x64_sys_bpf+0x78/0x90
[   55.916813][ T5067]  do_syscall_64+0x2b/0x70
[   55.921218][ T5067]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.927103][ T5067] RIP: 0033:0x7ff1fb190c29
[   55.931506][ T5067] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   55.951097][ T5067] RSP: 002b:00007ffeaae55678 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   55.959499][ T5067] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff1fb190c29
[   55.967460][ T5067] RDX: 0000000000000048 RSI: 0000000020000200 RDI: 0000000000000005
[   55.975419][ T5067] RBP: 00007ff1fb154dd0 R08: 0000000000000000 R09: 0000000000000000
[   55.983378][ T5067] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ff1fb154e60
[   55.991337][ T5067] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   55.999301][ T5067]  </TASK>
[   56.002307][ T5067] 
[   56.004616][ T5067] Allocated by task 5067:
[   56.008924][ T5067]  kasan_set_track+0x4c/0x70
[   56.013510][ T5067]  __kasan_krealloc+0xbf/0xf0
[   56.018180][ T5067]  krealloc+0xb2/0x110
[   56.022237][ T5067]  do_check+0x9433/0x107b0
[   56.026641][ T5067]  do_check_common+0x909/0x1800
[   56.031477][ T5067]  bpf_check+0x107e2/0x16170
[   56.036053][ T5067]  bpf_prog_load+0x1306/0x1be0
[   56.040800][ T5067]  __sys_bpf+0x396/0x6d0
[   56.045036][ T5067]  __x64_sys_bpf+0x78/0x90
[   56.049444][ T5067]  do_syscall_64+0x2b/0x70
[   56.053846][ T5067]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.059729][ T5067] 
[   56.062036][ T5067] The buggy address belongs to the object at ffff888022c71000
[   56.062036][ T5067]  which belongs to the cache kmalloc-96 of size 96
[   56.075902][ T5067] The buggy address is located 0 bytes inside of
[   56.075902][ T5067]  96-byte region [ffff888022c71000, ffff888022c71060)
[   56.088905][ T5067] 
[   56.091218][ T5067] The buggy address belongs to the physical page:
[   56.097610][ T5067] page:ffffea00008b1c40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22c71
[   56.107743][ T5067] ksm flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   56.115625][ T5067] raw: 00fff00000000200 ffff888012841780 ffffea0000a6d880 0000000000000003
[   56.124375][ T5067] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[   56.132939][ T5067] page dumped because: kasan: bad access detected
[   56.139330][ T5067] page_owner tracks the page as allocated
[   56.145029][ T5067] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 4437, tgid 4437 (udevd), ts 26581643327, free_ts 26581082061
[   56.162553][ T5067]  get_page_from_freelist+0x72b/0x7a0
[   56.167918][ T5067]  __alloc_pages+0x259/0x560
[   56.172497][ T5067]  alloc_slab_page+0xbd/0x190
[   56.177161][ T5067]  allocate_slab+0x5e/0x3c0
[   56.181650][ T5067]  ___slab_alloc+0x7f4/0xeb0
[   56.186231][ T5067]  __kmem_cache_alloc_node+0x25b/0x340
[   56.191674][ T5067]  __kmalloc+0x9e/0x190
[   56.195815][ T5067]  tomoyo_encode+0x26f/0x540
[   56.200400][ T5067]  tomoyo_realpath_from_path+0x5ae/0x5f0
[   56.206025][ T5067]  tomoyo_path_perm+0x280/0x680
[   56.210860][ T5067]  security_inode_getattr+0xc0/0x140
[   56.216130][ T5067]  vfs_statx+0x198/0x4b0
[   56.220362][ T5067]  __se_sys_newfstatat+0x104/0x7b0
[   56.225457][ T5067]  do_syscall_64+0x2b/0x70
[   56.229944][ T5067]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.235825][ T5067] page last free stack trace:
[   56.240477][ T5067]  free_pcp_prepare+0x751/0x780
[   56.245317][ T5067]  free_unref_page+0x19/0x4c0
[   56.249977][ T5067]  free_pipe_info+0x302/0x380
[   56.254639][ T5067]  pipe_release+0x232/0x310
[   56.259130][ T5067]  __fput+0x3ba/0x880
[   56.263113][ T5067]  task_work_run+0x243/0x300
[   56.267693][ T5067]  exit_to_user_mode_loop+0x134/0x160
[   56.273053][ T5067]  exit_to_user_mode_prepare+0xad/0x110
[   56.278589][ T5067]  syscall_exit_to_user_mode+0x2e/0x60
[   56.284038][ T5067]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.289922][ T5067] 
[   56.292228][ T5067] Memory state around the buggy address:
[   56.297843][ T5067]  ffff888022c70f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   56.305886][ T5067]  ffff888022c70f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   56.313933][ T5067] >ffff888022c71000: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   56.321972][ T5067]                          ^
[   56.326539][ T5067]  ffff888022c71080: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   56.334587][ T5067]  ffff888022c71100: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   56.342628][ T5067] ==================================================================
[   56.350917][ T5067] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   56.358112][ T5067] CPU: 1 PID: 5067 Comm: syz-executor186 Not tainted 6.1.0-syzkaller-10971-g041fae9c105a #0
[   56.368175][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   56.378215][ T5067] Call Trace:
[   56.381481][ T5067]  <TASK>
[   56.384405][ T5067]  dump_stack_lvl+0x1e3/0x2d0
[   56.389098][ T5067]  ? nf_tcp_handle_invalid+0x630/0x630
[   56.394557][ T5067]  ? panic+0x770/0x770
[   56.398622][ T5067]  ? vscnprintf+0x59/0x80
[   56.402947][ T5067]  panic+0x316/0x770
[   56.406832][ T5067]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[   56.412975][ T5067]  ? check_panic_on_warn+0x1d/0xa0
[   56.418076][ T5067]  ? memcpy_page_flushcache+0x100/0x100
[   56.423616][ T5067]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   56.429592][ T5067]  ? _raw_spin_unlock+0x40/0x40
[   56.434433][ T5067]  check_panic_on_warn+0x80/0xa0
[   56.439362][ T5067]  ? copy_verifier_state+0x130/0xbe0
[   56.444641][ T5067]  end_report+0x47/0x90
[   56.448786][ T5067]  kasan_report+0x146/0x170
[   56.453280][ T5067]  ? copy_verifier_state+0x130/0xbe0
[   56.458556][ T5067]  kasan_check_range+0x2a7/0x2e0
[   56.463485][ T5067]  ? copy_verifier_state+0x130/0xbe0
[   56.468761][ T5067]  memcpy+0x3c/0x60
[   56.472554][ T5067]  copy_verifier_state+0x130/0xbe0
[   56.477653][ T5067]  ? __kasan_krealloc+0xbf/0xf0
[   56.482496][ T5067]  ? do_check+0x9433/0x107b0
[   56.487078][ T5067]  do_check+0x8e51/0x107b0
[   56.491504][ T5067]  ? init_func_state+0x3a0/0x3a0
[   56.496430][ T5067]  ? mark_reg_not_init+0x91/0x650
[   56.501441][ T5067]  ? memcpy+0x3c/0x60
[   56.505415][ T5067]  do_check_common+0x909/0x1800
[   56.510261][ T5067]  bpf_check+0x107e2/0x16170
[   56.514849][ T5067]  ? validate_chain+0x126/0x6470
[   56.519782][ T5067]  ? validate_chain+0x126/0x6470
[   56.524713][ T5067]  ? validate_chain+0x126/0x6470
[   56.529641][ T5067]  ? reacquire_held_locks+0x680/0x680
[   56.535007][ T5067]  ? validate_chain+0x126/0x6470
[   56.539933][ T5067]  ? reacquire_held_locks+0x680/0x680
[   56.545299][ T5067]  ? validate_chain+0x126/0x6470
[   56.550224][ T5067]  ? validate_chain+0x126/0x6470
[   56.555167][ T5067]  ? bpf_get_btf_vmlinux+0x10/0x10
[   56.560278][ T5067]  ? validate_chain+0x126/0x6470
[   56.565223][ T5067]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   56.571208][ T5067]  ? reacquire_held_locks+0x680/0x680
[   56.576584][ T5067]  ? reacquire_held_locks+0x680/0x680
[   56.581956][ T5067]  ? mark_lock+0x9a/0x350
[   56.586291][ T5067]  ? mark_lock+0x9a/0x350
[   56.590625][ T5067]  ? reacquire_held_locks+0x680/0x680
[   56.595989][ T5067]  ? __lock_acquire+0x1292/0x1f60
[   56.601009][ T5067]  ? pcpu_alloc+0xe4e/0x14e0
[   56.605606][ T5067]  ? rcu_read_lock_sched_held+0x89/0x130
[   56.611237][ T5067]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   56.617213][ T5067]  ? mark_lock+0x9a/0x350
[   56.621536][ T5067]  ? ktime_get_with_offset+0x125/0x360
[   56.626999][ T5067]  ? rcu_read_lock_sched_held+0x89/0x130
[   56.632634][ T5067]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   56.638614][ T5067]  ? read_lock_is_recursive+0x10/0x10
[   56.643979][ T5067]  ? ktime_get_with_offset+0x125/0x360
[   56.649431][ T5067]  ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[   56.655406][ T5067]  ? print_irqtrace_events+0x220/0x220
[   56.660882][ T5067]  ? ktime_get_with_offset+0x125/0x360
[   56.666341][ T5067]  ? seqcount_lockdep_reader_access+0x153/0x220
[   56.672577][ T5067]  ? lockdep_hardirqs_on+0x95/0x140
[   56.677774][ T5067]  ? seqcount_lockdep_reader_access+0x1d3/0x220
[   56.684013][ T5067]  ? ktime_get_real_ts64+0x4b0/0x4b0
[   56.689301][ T5067]  ? _raw_spin_unlock+0x24/0x40
[   56.694155][ T5067]  ? find_vmap_area+0x104/0x120
[   56.699009][ T5067]  ? check_heap_object+0x7f/0x810
[   56.704118][ T5067]  ? memset+0x1f/0x40
[   56.708098][ T5067]  ? bpf_obj_name_cpy+0x191/0x1d0
[   56.713133][ T5067]  bpf_prog_load+0x1306/0x1be0
[   56.717913][ T5067]  ? map_freeze+0x340/0x340
[   56.722419][ T5067]  ? __might_sleep+0xc0/0xc0
[   56.727020][ T5067]  ? __might_fault+0xb2/0x110
[   56.731788][ T5067]  ? bpf_lsm_bpf+0x5/0x10
[   56.736108][ T5067]  ? security_bpf+0x9d/0xb0
[   56.740611][ T5067]  __sys_bpf+0x396/0x6d0
[   56.744857][ T5067]  ? _raw_spin_unlock_irq+0x1f/0x40
[   56.750051][ T5067]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[   56.755437][ T5067]  ? print_irqtrace_events+0x220/0x220
[   56.760894][ T5067]  ? print_irqtrace_events+0x220/0x220
[   56.766357][ T5067]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   56.772366][ T5067]  __x64_sys_bpf+0x78/0x90
[   56.776781][ T5067]  do_syscall_64+0x2b/0x70
[   56.781191][ T5067]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.787087][ T5067] RIP: 0033:0x7ff1fb190c29
[   56.791501][ T5067] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.811098][ T5067] RSP: 002b:00007ffeaae55678 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   56.819506][ T5067] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff1fb190c29
[   56.827472][ T5067] RDX: 0000000000000048 RSI: 0000000020000200 RDI: 0000000000000005
[   56.835432][ T5067] RBP: 00007ff1fb154dd0 R08: 0000000000000000 R09: 0000000000000000
[   56.843398][ T5067] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ff1fb154e60
[   56.851371][ T5067] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   56.859360][ T5067]  </TASK>
[   56.862533][ T5067] Kernel Offset: disabled
[   56.866861][ T5067] Rebooting in 86400 seconds..