syzkaller login: [ 34.349749] scp (242) used greatest stack depth: 21656 bytes left
Warning: Permanently added '[localhost]:60994' (ED25519) to the list of known hosts.
[ 35.193484] audit: type=1400 audit(1729461617.203:8): avc: denied { execmem } for pid=257 comm="syz-executor229" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 36.616039] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 36.617735] KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
[ 36.618365] CPU: 0 UID: 0 PID: 640 Comm: syz-executor229 Not tainted 6.12.0-rc2-00667-g53bac8330865 #6
[ 36.619141] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 36.620015] RIP: 0010:sock_map_link_update_prog+0x17a/0x450
[ 36.620548] Code: 8b 6c 24 68 49 8d 5c 24 70 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 a3 02 00 00 8b 2b 49 8d 5d 18 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 a6 02 00 00 8b 1b 48 89 df 48 c7 c6 10
[ 36.622218] RSP: 0018:ffff888003837cc8 EFLAGS: 00010206
[ 36.622690] RAX: 0000000000000003 RBX: 0000000000000018 RCX: 0000000000000000
[ 36.623291] RDX: ffff888006b95400 RSI: 000000000000000d RDI: ffff888005f91a68
[ 36.623923] RBP: 0000000000000005 R08: ffffffff99e031af R09: 1ffffffff33c0635
[ 36.625691] R10: dffffc0000000000 R11: fffffbfff33c0636 R12: ffff888005f91a00
[ 36.626306] R13: 0000000000000000 R14: ffffc90000e55000 R15: dffffc0000000000
[ 36.626954] FS: 00007f4f04921640(0000) GS:ffff88806cc00000(0000) knlGS:0000000000000000
[ 36.627672] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 36.628196] CR2: 00007f4f049bf7a0 CR3: 0000000006446000 CR4: 0000000000750ef0
[ 36.634985] PKRU: 55555554
[ 36.635242] Call Trace:
[ 36.635487]
[ 36.635696] ? __die_body+0x65/0xb0
[ 36.636042] ? die_addr+0xb1/0xe0
[ 36.636359] ? exc_general_protection+0x333/0x4e0
[ 36.636799] ? asm_exc_general_protection+0x26/0x30
[ 36.637277] ? sock_map_link_update_prog+0x17a/0x450
[ 36.637890] ? sock_map_link_update_prog+0x12f/0x450
[ 36.638378] ? __pfx_sock_map_link_update_prog+0x10/0x10
[ 36.638866] link_update+0x726/0x8a0
[ 36.639205] __sys_bpf+0x5d5/0x7f0
[ 36.639559] ? __might_fault+0xb0/0x130
[ 36.639948] ? __pfx___sys_bpf+0x10/0x10
[ 36.640335] ? __rseq_handle_notify_resume+0x360/0x13b0
[ 36.640849] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 36.641366] __x64_sys_bpf+0x7c/0x90
[ 36.641744] do_syscall_64+0xe4/0x1c0
[ 36.642107] ? exc_page_fault+0xa3/0x2b0
[ 36.642505] ? clear_bhb_loop+0x55/0xb0
[ 36.642884] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 36.643357] RIP: 0033:0x7f4f0497d73d
[ 36.643737] Code: c3 e8 37 20 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 36.645563] RSP: 002b:00007f4f049211a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 36.646289] RAX: ffffffffffffffda RBX: 00007f4f04a18228 RCX: 00007f4f0497d73d
[ 36.646972] RDX: 0000000000000010 RSI: 00000000200004c0 RDI: 000000000000001d
[ 36.647658] RBP: 00007f4f04a18220 R08: 00007f4f04921640 R09: 00007f4f04921640
[ 36.648329] R10: 00007f4f04921640 R11: 0000000000000246 R12: 00007f4f04a1822c
[ 36.649029] R13: 00007f4f049e3074 R14: 656c6c616b7a7973 R15: 00007f4f04901000
[ 36.649718]
[ 36.649934] Modules linked in:
[ 36.650462] ---[ end trace 0000000000000000 ]---
[ 36.650931] RIP: 0010:sock_map_link_update_prog+0x17a/0x450
[ 36.651478] Code: 8b 6c 24 68 49 8d 5c 24 70 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 a3 02 00 00 8b 2b 49 8d 5d 18 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 a6 02 00 00 8b 1b 48 89 df 48 c7 c6 10
[ 36.653403] RSP: 0018:ffff888003837cc8 EFLAGS: 00010206
[ 36.654053] RAX: 0000000000000003 RBX: 0000000000000018 RCX: 0000000000000000
[ 36.654767] RDX: ffff888006b95400 RSI: 000000000000000d RDI: ffff888005f91a68
[ 36.655632] RBP: 0000000000000005 R08: ffffffff99e031af R09: 1ffffffff33c0635
[ 36.656424] R10: dffffc0000000000 R11: fffffbfff33c0636 R12: ffff888005f91a00
[ 36.657372] R13: 0000000000000000 R14: ffffc90000e55000 R15: dffffc0000000000
[ 36.658222] FS: 00007f4f04921640(0000) GS:ffff88806cc00000(0000) knlGS:0000000000000000
[ 36.659192] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 36.659775] CR2: 00007f4f049bf7a0 CR3: 0000000006446000 CR4: 0000000000750ef0
[ 36.660570] PKRU: 55555554
executing program
[ 36.775826] ==================================================================
[ 36.776560] BUG: KASAN: slab-use-after-free in __mutex_lock+0xc63/0xcd0
[ 36.777226] Read of size 4 at addr ffff888006b95434 by task syz-executor229/644
[ 36.778048]
[ 36.778258] CPU: 0 UID: 0 PID: 644 Comm: syz-executor229 Tainted: G D 6.12.0-rc2-00667-g53bac8330865 #6
[ 36.779504] Tainted: [D]=DIE
[ 36.779857] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 36.780805] Call Trace:
[ 36.781113]
[ 36.781383] dump_stack_lvl+0x14b/0x1c0
[ 36.781864] ? __pfx_dump_stack_lvl+0x10/0x10
[ 36.782372] ? __pfx_lock_release+0x10/0x10
[ 36.782842] ? __virt_addr_valid+0x1a5/0x5a0
[ 36.783323] ? __virt_addr_valid+0x49c/0x5a0
[ 36.783811] print_report+0x171/0x750
[ 36.784225] ? __virt_addr_valid+0x1a5/0x5a0
[ 36.784799] ? __virt_addr_valid+0x49c/0x5a0
[ 36.785309] ? __mutex_lock+0xc63/0xcd0
[ 36.785773] kasan_report+0xd2/0x110
[ 36.786213] ? __mutex_lock+0xc63/0xcd0
[ 36.786665] __mutex_lock+0xc63/0xcd0
[ 36.787104] ? __pfx_alloc_file_pseudo+0x10/0x10
[ 36.787663] ? bpf_link_prime+0x79/0x410
[ 36.788137] ? sock_map_link_create+0x2b6/0x5b0
[ 36.788687] ? __pfx___mutex_lock+0x10/0x10
[ 36.789180] ? anon_inode_getfile+0x106/0x1a0
[ 36.789714] ? bpf_link_prime+0x25f/0x410
[ 36.790190] sock_map_link_create+0x2b6/0x5b0
[ 36.790727] ? __pfx_sock_map_link_create+0x10/0x10
[ 36.791304] ? __fget_files+0x29/0x490
[ 36.791779] ? __fget_files+0x29/0x490
[ 36.792236] ? attach_type_to_prog_type+0x331/0x470
[ 36.792819] ? bpf_prog_attach_check_attach_type+0x2db/0x4b0
[ 36.793486] link_create+0x513/0x890
[ 36.793924] __sys_bpf+0x49c/0x7f0
[ 36.794337] ? __might_fault+0xb0/0x130
[ 36.794802] ? __pfx___sys_bpf+0x10/0x10
[ 36.795275] ? __rseq_handle_notify_resume+0x360/0x13b0
[ 36.795899] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 36.796544] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 36.797180] __x64_sys_bpf+0x7c/0x90
[ 36.797618] do_syscall_64+0xe4/0x1c0
[ 36.798071] ? exc_page_fault+0xa3/0x2b0
[ 36.798551] ? clear_bhb_loop+0x55/0xb0
[ 36.799014] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 36.799614] RIP: 0033:0x7f4f0497d73d
[ 36.800043] Code: c3 e8 37 20 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 36.802111] RSP: 002b:00007f4f049211a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 36.802988] RAX: ffffffffffffffda RBX: 00007f4f04a18228 RCX: 00007f4f0497d73d
[ 36.803807] RDX: 0000000000000010 RSI: 0000000020000200 RDI: 000000000000001c
[ 36.804623] RBP: 00007f4f04a18220 R08: 00007f4f04921640 R09: 00007f4f04921640
[ 36.805438] R10: 00007f4f04921640 R11: 0000000000000246 R12: 00007f4f04a1822c
[ 36.806260] R13: 00007f4f049e3074 R14: 656c6c616b7a7973 R15: 00007f4f04901000
[ 36.807094]
[ 36.807366]
[ 36.807573] Allocated by task 639:
[ 36.807978] kasan_save_track+0x2f/0x70
[ 36.808436] __kasan_slab_alloc+0x4b/0x60
[ 36.808924] kmem_cache_alloc_node_noprof+0x139/0x2e0
[ 36.809530] dup_task_struct+0xb2/0x7d0
[ 36.809991] copy_process+0x5fa/0x3c30
[ 36.810450] kernel_clone+0x20c/0x800
[ 36.810895] __x64_sys_clone3+0x2e2/0x360
[ 36.811371] do_syscall_64+0xe4/0x1c0
[ 36.811824] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 36.812423]
[ 36.812635] Freed by task 0:
[ 36.812992] kasan_save_track+0x2f/0x70
[ 36.813441] kasan_save_free_info+0x40/0x50
[ 36.813946] __kasan_slab_free+0x37/0x50
[ 36.814414] kmem_cache_free+0x179/0x3e0
[ 36.814881] delayed_put_task_struct+0x114/0x2c0
[ 36.815417] rcu_core+0xcb1/0x19d0
[ 36.815838] handle_softirqs+0x24e/0x840
[ 36.816307] __irq_exit_rcu+0xc2/0x160
[ 36.816763] irq_exit_rcu+0x9/0x20
[ 36.817179] sysvec_apic_timer_interrupt+0x6e/0x80
[ 36.817754] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 36.818354]
[ 36.818560] Last potentially related work creation:
[ 36.819115] kasan_save_stack+0x2f/0x50
[ 36.819582] kasan_record_aux_stack_noalloc+0x99/0xb0
[ 36.820178] call_rcu+0xd9/0xab0
[ 36.820583] __schedule+0x189e/0x25c0
[ 36.821018] schedule_idle+0x52/0x90
[ 36.821456] do_idle+0x533/0x590
[ 36.821856] cpu_startup_entry+0x44/0x60
[ 36.822326] rest_init+0x2e1/0x300
[ 36.822752] start_kernel+0x47b/0x510
[ 36.823192] x86_64_start_reservations+0x24/0x30
[ 36.823743] x86_64_start_kernel+0x79/0x80
[ 36.824225] common_startup_64+0x12c/0x137
[ 36.824711]
[ 36.824910] The buggy address belongs to the object at ffff888006b95400
[ 36.824910] which belongs to the cache task_struct of size 6856
[ 36.826304] The buggy address is located 52 bytes inside of
[ 36.826304] freed 6856-byte region [ffff888006b95400, ffff888006b96ec8)
[ 36.827678]
[ 36.827878] The buggy address belongs to the physical page:
[ 36.828518] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6b90
[ 36.829397] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 36.830265] memcg:ffff88800a08f201
[ 36.830683] flags: 0x100000000000040(head|node=0|zone=1)
[ 36.831300] page_type: f5(slab)
[ 36.831689] raw: 0100000000000040 ffff8880011a03c0 dead000000000122 0000000000000000
[ 36.832574] raw: 0000000000000000 0000000000040004 00000001f5000000 ffff88800a08f201
[ 36.833460] head: 0100000000000040 ffff8880011a03c0 dead000000000122 0000000000000000
[ 36.834324] head: 0000000000000000 0000000000040004 00000001f5000000 ffff88800a08f201
[ 36.835218] head: 0100000000000003 ffffea00001ae401 ffffffffffffffff 0000000000000000
[ 36.836108] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 36.837005] page dumped because: kasan: bad access detected
[ 36.837664]
[ 36.837863] Memory state around the buggy address:
[ 36.838413] ffff888006b95300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 36.839229] ffff888006b95380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 36.840058] >ffff888006b95400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 36.840888] ^
[ 36.841460] ffff888006b95480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 36.842280] ffff888006b95500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 36.843110] ==================================================================
VM DIAGNOSIS:
06:00:19 Registers:
info registers vcpu 0
RAX=0000000000000033 RBX=0000000000000033 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=ffffffff9be03dd9 RBP=00000000000003f8 RSP=ffff8880038373b8
R8 =ffff8880050b0237 R9 =1ffff11000a16046 R10=dffffc0000000000 R11=ffffffff959f2890
R12=ffffffff9bd9d805 R13=0000000000000005 R14=ffffffff9be03d20 R15=dffffc0000000000
RIP=ffffffff959f28f3 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f4f04921640 ffffffff 00c00000
GS =0000 ffff88806cc00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0412395000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0412393000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f4f049bf7a0 CR3=0000000006446000 CR4=00750ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM02=0000000000000000 0000000000000000 0000000000008eae 0000000000000000
YMM03=0000000000000000 0000000000000000 00007ffc8fe4ae64 000000000000027c
YMM04=0000000000000000 0000000000000000 00007f4f04a1f3c0 0000000000000000
YMM05=0000000000000000 0000000000000000 00007ffc8fe4aea0 00007ffc8fe4af40
YMM06=0000000000000000 0000000000000000 0000000000000000 00007ffc8fe4ae98
YMM07=0000000000000000 0000000000000000 d7cbf1ba56492400 0000000000000000
YMM08=0000000000000000 0000000000000000 2f666c65732f636f 72702f0030303031
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=eb428fa70b6e5c00 RBX=ffffffff942f1bf4 RCX=ffffffff97d02e2b RDX=0000000000000001
RSI=0000000000000004 RDI=ffffffff942f1bf4 RBP=ffff8880013b7f20 RSP=ffff8880013b7dc8
R8 =ffff88806cd3824b R9 =1ffff1100d9a7049 R10=dffffc0000000000 R11=ffffed100d9a704a
R12=1ffff11000271a80 R13=ffffffff99e031a8 R14=1ffff11000276fd2 R15=dffffc0000000000
RIP=ffffffff97d03aa3 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00100
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00100
FS =0000 0000000000000000 ffffffff 00c00100
GS =0000 ffff88806cd00000 ffffffff 00c00100
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe5362322000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe5362320000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000000020000ec0 CR3=000000001ca84000 CR4=00750ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM02=0000000000000000 0000000000000000 0000000000008ea3 0000000000000000
YMM03=0000000000000000 0000000000000000 00007ffc8fe4ae64 0000000000000279
YMM04=0000000000000000 0000000000000000 00007f4f04a1f3c0 0000000000000000
YMM05=0000000000000000 0000000000000000 00007ffc8fe4aea0 00007ffc8fe4af40
YMM06=0000000000000000 0000000000000000 0000000000000000 00007ffc8fe4ae98
YMM07=0000000000000000 0000000000000000 d7cbf1ba56492400 0000000000000000
YMM08=0000000000000000 0000000000000000 2f666c65732f636f 72702f0030303031
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000