./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3050513130
<...>
Warning: Permanently added '10.128.1.95' (ED25519) to the list of known hosts.
execve("./syz-executor3050513130", ["./syz-executor3050513130"], 0x7ffc57d3c6b0 /* 10 vars */) = 0
brk(NULL) = 0x55555680a000
brk(0x55555680ad00) = 0x55555680ad00
arch_prctl(ARCH_SET_FS, 0x55555680a380) = 0
set_tid_address(0x55555680a650) = 294
set_robust_list(0x55555680a660, 24) = 0
rseq(0x55555680aca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3050513130", 4096) = 28
getrandom("\xe4\xde\x23\x4c\x3d\xd6\x92\x88", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555680ad00
brk(0x55555682bd00) = 0x55555682bd00
brk(0x55555682c000) = 0x55555682c000
mprotect(0x7f46f465b000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555680a650) = 295
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 295 attached
<unfinished ...>
[pid 295] set_robust_list(0x55555680a660, 24) = 0
./strace-static-x86_64: Process 296 attached
[pid 296] set_robust_list(0x55555680a660, 24) = 0
[pid 296] mkdir("./syzkaller.KEwZoF", 0700 <unfinished ...>
[pid 295] mkdir("./syzkaller.TysuwZ", 0700 <unfinished ...>
[pid 296] <... mkdir resumed>) = 0
[pid 296] chmod("./syzkaller.KEwZoF", 0777) = 0
[pid 296] chdir("./syzkaller.KEwZoF") = 0
[pid 295] <... mkdir resumed>) = 0
[pid 296] mkdir("./0", 0777 <unfinished ...>
[pid 295] chmod("./syzkaller.TysuwZ", 0777 <unfinished ...>
[pid 294] <... clone resumed>, child_tidptr=0x55555680a650) = 296
[pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 296] <... mkdir resumed>) = 0
[pid 295] <... chmod resumed>) = 0
[pid 295] chdir("./syzkaller.TysuwZ") = 0
[pid 295] mkdir("./0", 0777) = 0
[pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 294] <... clone resumed>, child_tidptr=0x55555680a650) = 298
[pid 295] <... clone resumed>, child_tidptr=0x55555680a650) = 297
./strace-static-x86_64: Process 298 attached
[pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 296] <... clone resumed>, child_tidptr=0x55555680a650) = 299
./strace-static-x86_64: Process 299 attached
[pid 299] set_robust_list(0x55555680a660, 24 <unfinished ...>
[pid 294] <... clone resumed>, child_tidptr=0x55555680a650) = 300
./strace-static-x86_64: Process 297 attached
[pid 299] <... set_robust_list resumed>) = 0
[pid 299] chdir("./0") = 0
./strace-static-x86_64: Process 300 attached
[pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 298] set_robust_list(0x55555680a660, 24 <unfinished ...>
[pid 297] set_robust_list(0x55555680a660, 24 <unfinished ...>
[pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 299] setpgid(0, 0) = 0
[pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid 294] <... clone resumed>, child_tidptr=0x55555680a650) = 301
[pid 298] <... set_robust_list resumed>) = 0
[pid 297] <... set_robust_list resumed>) = 0
[pid 297] chdir("./0" <unfinished ...>
[pid 298] getrandom( <unfinished ...>
[pid 297] <... chdir resumed>) = 0
./strace-static-x86_64: Process 301 attached
[pid 300] set_robust_list(0x55555680a660, 24 <unfinished ...>
[pid 298] <... getrandom resumed>"\x19\x65\xaf\x78\x37\xc8\x2f\x81", 8, GRND_NONBLOCK) = 8
[pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid 299] <... openat resumed>) = 3
[pid 299] write(3, "1000", 4) = 4
[pid 301] set_robust_list(0x55555680a660, 24 <unfinished ...>
[pid 300] <... set_robust_list resumed>) = 0
[pid 298] mkdir("./syzkaller.dTYx6S", 0700 <unfinished ...>
[pid 297] <... prctl resumed>) = 0
[pid 297] setpgid(0, 0 <unfinished ...>
[pid 299] close(3) = 0
[pid 299] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid 297] <... setpgid resumed>) = 0
[pid 298] <... mkdir resumed>) = 0
[pid 299] <... symlink resumed>) = 0
[pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294966784, max_entries=4, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid 301] <... set_robust_list resumed>) = 0
[pid 300] mkdir("./syzkaller.XTb1PF", 0700 <unfinished ...>
[pid 298] chmod("./syzkaller.dTYx6S", 0777 <unfinished ...>
[pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 298] <... chmod resumed>) = 0
[pid 298] chdir("./syzkaller.dTYx6S" <unfinished ...>
[pid 297] write(3, "1000", 4 <unfinished ...>
[pid 301] mkdir("./syzkaller.V3v3eI", 0700 <unfinished ...>
[pid 300] <... mkdir resumed>) = 0
[pid 299] <... bpf resumed>) = 3
[pid 298] <... chdir resumed>) = 0
[pid 297] <... write resumed>) = 4
[pid 298] mkdir("./0", 0777 <unfinished ...>
[pid 297] close(3 <unfinished ...>
[pid 298] <... mkdir resumed>) = 0
[pid 297] <... close resumed>) = 0
[pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 297] symlink("/dev/binderfs", "./binderfs") = 0
[pid 297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294966784, max_entries=4, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 <unfinished ...>
[pid 298] <... clone resumed>, child_tidptr=0x55555680a650) = 302
[pid 297] <... bpf resumed>) = -1 EFAULT (Bad address)
[pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[ 23.165357][ T28] audit: type=1400 audit(1712069369.009:66): avc: denied { execmem } for pid=294 comm="syz-executor305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[pid 297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_drop_inode", prog_fd=4}}, 16 <unfinished ...>
[pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 <unfinished ...>
[pid 297] <... bpf resumed>) = 5
[pid 300] chmod("./syzkaller.XTb1PF", 0777) = 0
[pid 300] chdir("./syzkaller.XTb1PF") = 0
[pid 300] mkdir("./0", 0777) = 0
[pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555680a650) = 303
[pid 301] <... mkdir resumed>) = 0
[pid 301] chmod("./syzkaller.V3v3eI", 0777) = 0
[pid 301] chdir("./syzkaller.V3v3eI") = 0
[pid 301] mkdir("./0", 0777./strace-static-x86_64: Process 302 attached
<unfinished ...>
[pid 302] set_robust_list(0x55555680a660, 24 <unfinished ...>
[pid 301] <... mkdir resumed>) = 0
[pid 302] <... set_robust_list resumed>) = 0
[pid 302] chdir("./0") = 0
[pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 302] setpgid(0, 0) = 0
[pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 302] <... openat resumed>) = 3
[pid 302] write(3, "1000", 4) = 4
[pid 302] close(3) = 0
[pid 302] symlink("/dev/binderfs", "./binderfs") = 0
[pid 302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294966784, max_entries=4, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid 301] <... clone resumed>, child_tidptr=0x55555680a650) = 304
[pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 EFAULT (Bad address)
[pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_drop_inode", prog_fd=4}}, 16./strace-static-x86_64: Process 303 attached
<unfinished ...>
[pid 299] <... bpf resumed>) = -1 EFAULT (Bad address)
[pid 297] exit_group(0 <unfinished ...>
[pid 303] set_robust_list(0x55555680a660, 24 <unfinished ...>
[pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid 297] <... exit_group resumed>) = ?
[pid 303] <... set_robust_list resumed>) = 0
[pid 303] chdir("./0") = 0
[pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 303] setpgid(0, 0) = 0
[pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 304 attached
) = 3
[pid 304] set_robust_list(0x55555680a660, 24) = 0
[pid 303] write(3, "1000", 4) = 4
[pid 303] close(3) = 0
[pid 304] chdir("./0" <unfinished ...>
[pid 303] symlink("/dev/binderfs", "./binderfs") = 0
[pid 304] <... chdir resumed>) = 0
[pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 304] setpgid(0, 0) = 0
[pid 303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294966784, max_entries=4, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 303] <... bpf resumed>) = 3
[pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 <unfinished ...>
[pid 304] write(3, "1000", 4) = 4
[pid 303] <... bpf resumed>) = -1 EFAULT (Bad address)
[pid 304] close(3 <unfinished ...>
[pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid 304] <... close resumed>) = 0
[pid 304] symlink("/dev/binderfs", "./binderfs") = 0
[pid 304] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294966784, max_entries=4, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 EFAULT (Bad address)
[pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid 303] <... bpf resumed>) = 4
[pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_drop_inode", prog_fd=4}}, 16 <unfinished ...>
[pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_drop_inode", prog_fd=4}}, 16 <unfinished ...>
[pid 299] <... bpf resumed>) = 4
[pid 304] <... bpf resumed>) = 5
[pid 303] <... bpf resumed>) = 5
[pid 304] exit_group(0 <unfinished ...>
[pid 303] exit_group(0 <unfinished ...>
[pid 304] <... exit_group resumed>) = ?
[pid 303] <... exit_group resumed>) = ?
[ 23.197939][ T28] audit: type=1400 audit(1712069369.039:67): avc: denied { bpf } for pid=299 comm="syz-executor305" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 23.218761][ T28] audit: type=1400 audit(1712069369.049:68): avc: denied { map_create } for pid=299 comm="syz-executor305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 23.238735][ T28] audit: type=1400 audit(1712069369.049:69): avc: denied { map_read map_write } for pid=299 comm="syz-executor305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[pid 304] +++ exited with 0 +++
[pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_drop_inode", prog_fd=4}}, 16 <unfinished ...>
[pid 297] +++ exited with 0 +++
[pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid 301] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid 301] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid 301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid 301] getdents64(3, 0x55555680b6f0 /* 3 entries */, 32768) = 80
[pid 301] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid 301] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 23.260354][ T28] audit: type=1400 audit(1712069369.049:70): avc: denied { prog_load } for pid=297 comm="syz-executor305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 23.262970][ T301] ==================================================================
[ 23.280006][ T28] audit: type=1400 audit(1712069369.049:71): avc: denied { perfmon } for pid=297 comm="syz-executor305" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 23.287253][ T301] BUG: KASAN: stack-out-of-bounds in hash+0x227/0xc20
[pid 301] unlink("./0/binderfs" <unfinished ...>
[pid 302] <... bpf resumed>) = 5
[pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid 295] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid 295] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid 295] getdents64(3, 0x55555680b6f0 /* 3 entries */, 32768) = 80
[ 23.308512][ T28] audit: type=1400 audit(1712069369.049:72): avc: denied { prog_run } for pid=297 comm="syz-executor305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 23.314859][ T301] Read of size 4 at addr ffffc90000ee7bc0 by task syz-executor305/301
[ 23.337972][ T295] BUG: unable to handle page fault for address: ffffc90000ea8000
[ 23.341758][ T301]
[ 23.341765][ T301] CPU: 1 PID: 301 Comm: syz-executor305 Not tainted 6.1.68-syzkaller-00105-gf085398f0e8f #0
[ 23.349311][ T295] #PF: supervisor read access in kernel mode
[ 23.351483][ T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 23.361377][ T295] #PF: error_code(0x0000) - not-present page
[ 23.367188][ T301] Call Trace:
[ 23.377093][ T295] PGD 100000067
[ 23.382903][ T301] <TASK>
[ 23.386024][ T295] P4D 100000067
[ 23.389413][ T301] dump_stack_lvl+0x151/0x1b7
[ 23.392187][ T295] PUD 100154067
[ 23.395657][ T301] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 23.400168][ T295] PMD 11df02067
[ 23.403553][ T301] ? _printk+0xd1/0x111
[ 23.408852][ T295] PTE 0
[ 23.412235][ T301] ? __virt_addr_valid+0xc3/0x2f0
[ 23.416227][ T295] Oops: 0000 [#1] PREEMPT SMP KASAN
[ 23.418832][ T301] print_report+0x158/0x4e0
[ 23.423690][ T295] CPU: 0 PID: 295 Comm: syz-executor305 Not tainted 6.1.68-syzkaller-00105-gf085398f0e8f #0
[ 23.428723][ T301] ? __virt_addr_valid+0xc3/0x2f0
[ 23.433063][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 23.442962][ T301] ? kasan_addr_to_slab+0xd/0x80
[ 23.447822][ T295] RIP: 0010:hash+0xfe/0xc20
[ 23.457721][ T301] ? hash+0x227/0xc20
[ 23.462490][ T295] Code: fc ff df 0f b6 04 10 84 c0 0f 85 c1 00 00 00 45 03 6e f4 48 8d 7e 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 db 00 00 00 <41> 03 5e f8 48 8d 7e 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f
[ 23.466829][ T301] kasan_report+0x13c/0x170
[ 23.470643][ T295] RSP: 0018:ffffc90000ea7ac8 EFLAGS: 00010282
[ 23.490089][ T301] ? hash+0x227/0xc20
[ 23.494426][ T295]
[ 23.494433][ T295] RAX: 0000000000000000 RBX: 000000007f86ddb9 RCX: ffffffff8191d465
[ 23.500330][ T301] __asan_report_load4_noabort+0x14/0x20
[ 23.504148][ T295] RDX: dffffc0000000000 RSI: ffffc90000ea7ffc RDI: ffffc90000ea8000
[ 23.506318][ T301] hash+0x227/0xc20
[ 23.514127][ T295] RBP: ffffc90000ea7b08 R08: 000000003ffffe60 R09: fffffbfff0e9dfd6
[ 23.519624][ T301] bloom_map_peek_elem+0xac/0x1a0
[ 23.527407][ T295] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000a6797140
[ 23.531055][ T301] bpf_prog_00798911c748094f+0x3a/0x3e
[ 23.538866][ T295] R13: 00000000459fe696 R14: ffffc90000ea8008 R15: ffffc90000ea7ffc
[ 23.543727][ T301] bpf_trace_run2+0x133/0x290
[ 23.551709][ T295] FS: 000055555680a380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 23.557003][ T301] ? bpf_trace_run1+0x240/0x240
[ 23.564821][ T295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 23.569335][ T301] ? __kasan_check_write+0x14/0x20
[ 23.578123][ T295] CR2: ffffc90000ea8000 CR3: 0000000121867000 CR4: 00000000003506b0
[ 23.582785][ T301] __bpf_trace_ext4_drop_inode+0x23/0x30
[ 23.589205][ T295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 23.594151][ T301] ? __bpf_trace_ext4_evict_inode+0x30/0x30
[ 23.601960][ T295] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 23.607517][ T301] __traceiter_ext4_drop_inode+0x75/0xc0
[ 23.615336][ T295] Call Trace:
[ 23.615349][ T295] <TASK>
[ 23.621062][ T301] ext4_drop_inode+0x145/0x1a0
[ 23.628877][ T295] ? __die_body+0x62/0xb0
[ 23.634335][ T301] ? ext4_free_in_core_inode+0xb0/0xb0
[ 23.637462][ T295] ? __die+0x7e/0x90
[ 23.640244][ T301] iput+0x393/0x870
[ 23.644850][ T295] ? page_fault_oops+0x7f9/0xa90
[ 23.649006][ T301] do_unlinkat+0x4db/0x910
[ 23.654299][ T295] ? kasan_set_track+0x60/0x70
[ 23.658033][ T301] ? fsnotify_link_count+0x100/0x100
[ 23.661679][ T295] ? kasan_set_track+0x4b/0x70
[ 23.666454][ T301] ? getname_flags+0x1fd/0x520
[ 23.670703][ T295] ? kernelmode_fixup_or_oops+0x270/0x270
[ 23.675305][ T301] __x64_sys_unlink+0x49/0x50
[ 23.680509][ T295] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 23.685108][ T301] do_syscall_64+0x3d/0xb0
[ 23.689707][ T295] ? is_prefetch+0x47a/0x6d0
[ 23.695265][ T301] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 23.699785][ T295] ? kernelmode_fixup_or_oops+0x21b/0x270
[ 23.705679][ T301] RIP: 0033:0x7f46f45e7f87
[ 23.709935][ T295] ? __bad_area_nosemaphore+0xcf/0x620
[ 23.714379][ T301] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 23.720090][ T295] ? bad_area_nosemaphore+0x2d/0x40
[ 23.725642][ T301] RSP: 002b:00007ffd62b61488 EFLAGS: 00000206
[ 23.729891][ T295] ? do_kern_addr_fault+0x69/0x80
[ 23.735186][ T301] ORIG_RAX: 0000000000000057
[ 23.754642][ T295] ? exc_page_fault+0x513/0x700
[ 23.759666][ T301] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f46f45e7f87
[ 23.765568][ T295] ? asm_exc_page_fault+0x27/0x30
[ 23.770428][ T301] RDX: 00007ffd62b614b0 RSI: 00007ffd62b61540 RDI: 00007ffd62b61540
[ 23.774944][ T295] ? hash+0x1f5/0xc20
[ 23.779636][ T301] RBP: 00007ffd62b61540 R08: 0000000000000000 R09: 0000000000000000
[ 23.787437][ T295] ? hash+0xfe/0xc20
[ 23.792294][ T301] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffd62b625b0
[ 23.800107][ T295] ? hash+0x1f5/0xc20
[ 23.803933][ T301] R13: 000055555680b6c0 R14: 00007ffd62b625b0 R15: 0000000000000001
[ 23.811740][ T295] bloom_map_peek_elem+0xac/0x1a0
[ 23.815476][ T301] </TASK>
[ 23.823285][ T295] bpf_prog_00798911c748094f+0x3a/0x3e
[ 23.827099][ T301]
[ 23.827104][ T301] The buggy address belongs to stack of task syz-executor305/301
[ 23.834910][ T295] bpf_trace_run2+0x133/0x290
[ 23.839771][ T301] and is located at offset 0 in frame:
[ 23.839780][ T301] bpf_trace_run2+0x0/0x290
[ 23.842644][ T295] ? bpf_trace_run1+0x240/0x240
[ 23.847946][ T301]
[ 23.850102][ T295] ? __kasan_check_write+0x14/0x20
[ 23.857651][ T301] This frame has 1 object:
[ 23.862163][ T295] __bpf_trace_ext4_drop_inode+0x23/0x30
[ 23.867577][ T301] [32, 48) 'args'
[ 23.871884][ T295] ? __bpf_trace_ext4_evict_inode+0x30/0x30
[ 23.876585][ T301]
[ 23.876594][ T301] The buggy address belongs to the virtual mapping at
[ 23.876594][ T301] [ffffc90000ee0000, ffffc90000ee9000) created by:
[ 23.876594][ T301] copy_process+0x5c3/0x3530
[ 23.878739][ T295] __traceiter_ext4_drop_inode+0x75/0xc0
[ 23.883685][ T301]
[ 23.883692][ T301] The buggy address belongs to the physical page:
[ 23.887942][ T295] ext4_drop_inode+0x145/0x1a0
[ 23.893410][ T301] page:ffffea0004866e40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1219b9
[ 23.896967][ T295] ? ext4_free_in_core_inode+0xb0/0xb0
[ 23.902694][ T301] flags: 0x4000000000000000(zone=1)
[ 23.904866][ T295] iput+0x393/0x870
[ 23.922405][ T301] raw: 4000000000000000 0000000000000000 dead000000000122 0000000000000000
[ 23.927872][ T295] do_unlinkat+0x4db/0x910
[ 23.930046][ T301] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 23.936290][ T295] ? fsnotify_link_count+0x100/0x100
[ 23.940880][ T301] page dumped because: kasan: bad access detected
[ 23.940891][ T301] page_owner tracks the page as allocated
[ 23.950955][ T295] ? getname_flags+0x1fd/0x520
[ 23.956246][ T301] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 294, tgid 294 (syz-executor305), ts 23192241114, free_ts 0
[ 23.961281][ T295] __x64_sys_unlink+0x49/0x50
[ 23.964923][ T301] post_alloc_hook+0x213/0x220
[ 23.973693][ T295] do_syscall_64+0x3d/0xb0
[ 23.977941][ T301] prep_new_page+0x1b/0x110
[ 23.986363][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 23.991482][ T301] get_page_from_freelist+0x27ea/0x2870
[ 23.997760][ T295] RIP: 0033:0x7f46f45e7f87
[ 24.003285][ T301] __alloc_pages+0x3a1/0x780
[ 24.007889][ T295] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 24.026201][ T301] __vmalloc_node_range+0x89b/0x1540
[ 24.030714][ T295] RSP: 002b:00007ffd62b61488 EFLAGS: 00000206
[ 24.035314][ T301] dup_task_struct+0x3d6/0x7d0
[ 24.039568][ T295] ORIG_RAX: 0000000000000057
[ 24.043915][ T301] copy_process+0x5c3/0x3530
[ 24.049631][ T295] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f46f45e7f87
[ 24.055024][ T301] kernel_clone+0x229/0x890
[ 24.059291][ T295] RDX: 00007ffd62b614b0 RSI: 00007ffd62b61540 RDI: 00007ffd62b61540
[ 24.063695][ T301] __x64_sys_clone+0x231/0x280
[ 24.083141][ T295] RBP: 00007ffd62b61540 R08: 0000000000000000 R09: 0000000000000000
[ 24.088276][ T301] do_syscall_64+0x3d/0xb0
[ 24.094170][ T295] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffd62b625b0
[ 24.098761][ T301] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 24.103280][ T295] R13: 000055555680b6c0 R14: 00007ffd62b625b0 R15: 0000000000000001
[ 24.107699][ T301] page_owner free stack trace missing
[ 24.115524][ T295] </TASK>
[ 24.119849][ T301]
[ 24.119855][ T301] Memory state around the buggy address:
[ 24.127663][ T295] Modules linked in:
[ 24.132264][ T301] ffffc90000ee7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 24.140092][ T295] CR2: ffffc90000ea8000
[ 24.144333][ T301] ffffc90000ee7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 24.152141][ T295] ---[ end trace 0000000000000000 ]---
[ 24.157868][ T301] >ffffc90000ee7b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3
[ 24.165675][ T295] RIP: 0010:hash+0xfe/0xc20
[ 24.170883][ T301] ^
[ 24.173748][ T295] Code: fc ff df 0f b6 04 10 84 c0 0f 85 c1 00 00 00 45 03 6e f4 48 8d 7e 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 db 00 00 00 <41> 03 5e f8 48 8d 7e 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f
[ 24.175922][ T301] ffffc90000ee7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 24.181474][ T295] RSP: 0018:ffffc90000ea7ac8 EFLAGS: 00010282
[ 24.185215][ T301] ffffc90000ee7c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 24.193105][ T295]
[ 24.193113][ T295] RAX: 0000000000000000 RBX: 000000007f86ddb9 RCX: ffffffff8191d465
[ 24.197121][ T301] ==================================================================
[ 24.197351][ T301] BUG: unable to handle page fault for address: ffffc90000ee8000
[ 24.204993][ T295] RDX: dffffc0000000000 RSI: ffffc90000ea7ffc RDI: ffffc90000ea8000
[ 24.210284][ T301] #PF: supervisor read access in kernel mode
[ 24.218185][ T295] RBP: ffffc90000ea7b08 R08: 000000003ffffe60 R09: fffffbfff0e9dfd6
[ 24.222522][ T301] #PF: error_code(0x0000) - not-present page
[ 24.228597][ T295] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000a6797140
[ 24.248133][ T301] PGD 100000067
[ 24.256029][ T295] R13: 00000000459fe696 R14: ffffc90000ea8008 R15: ffffc90000ea7ffc
[ 24.261925][ T301] P4D 100000067
[ 24.269825][ T295] FS: 000055555680a380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 24.271997][ T301] PUD 100154067
[ 24.279812][ T295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 24.287703][ T301] PMD 11df02067
[ 24.295276][ T295] CR2: ffffc90000ea8000 CR3: 0000000121867000 CR4: 00000000003506b0
[ 24.303069][ T301] PTE 0
[ 24.308883][ T295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 24.316690][ T301]
[ 24.316698][ T301] Oops: 0000 [#2] PREEMPT SMP KASAN
[ 24.322510][ T295] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 24.330412][ T301] CPU: 1 PID: 301 Comm: syz-executor305 Tainted: G B D 6.1.68-syzkaller-00105-gf085398f0e8f #0
[ 24.333792][ T295] Kernel panic - not syncing: Fatal exception
[ 24.341600][ T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 24.341612][ T301] RIP: 0010:hash+0xfe/0xc20
[ 24.341643][ T301] Code: fc ff df 0f b6 04 10 84 c0 0f 85 c1 00 00 00 45 03 6e f4 48 8d 7e 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 db 00 00 00 <41> 03 5e f8 48 8d 7e 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f
[ 24.341657][ T301] RSP: 0018:ffffc90000ee7ac8 EFLAGS: 00010282
[ 24.341673][ T301] RAX: 0000000000000000 RBX: 00000000a08811c8 RCX: ffffffff8191d465
[ 24.341685][ T301] RDX: dffffc0000000000 RSI: ffffc90000ee7ffc RDI: ffffc90000ee8000
[ 24.341698][ T301] RBP: ffffc90000ee7b08 R08: 000000003ffffe60 R09: fffffbfff0ee5cfd
[ 24.341710][ T301] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000025eb6cef
[ 24.341722][ T301] R13: 000000006b0a4089 R14: ffffc90000ee8008 R15: ffffc90000ee7ffc
[ 24.341734][ T301] FS: 000055555680a380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 24.341750][ T301] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 24.341762][ T301] CR2: ffffc90000ee8000 CR3: 00000001219ba000 CR4: 00000000003506a0
[ 24.341777][ T301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 24.341787][ T301] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 24.341798][ T301] Call Trace:
[ 24.341803][ T301] <TASK>
[ 24.341819][ T301] ? __die_body+0x62/0xb0
[ 24.341838][ T301] ? __die+0x7e/0x90
[ 24.341854][ T301] ? page_fault_oops+0x7f9/0xa90
[ 24.341877][ T301] ? down_trylock+0x59/0xa0
[ 24.341898][ T301] ? kernelmode_fixup_or_oops+0x270/0x270
[ 24.341922][ T301] ? __kasan_check_write+0x14/0x20
[ 24.341949][ T301] ? is_prefetch+0x47a/0x6d0
[ 24.341972][ T301] ? __wake_up_klogd+0xde/0x110
[ 24.342011][ T301] ? printk_sprint+0x430/0x430
[ 24.342031][ T301] ? kernelmode_fixup_or_oops+0x21b/0x270
[ 24.342056][ T301] ? __bad_area_nosemaphore+0xcf/0x620
[ 24.342079][ T301] ? irqentry_exit+0x30/0x40
[ 24.342097][ T301] ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 24.342122][ T301] ? bad_area_nosemaphore+0x2d/0x40
[ 24.342145][ T301] ? do_kern_addr_fault+0x69/0x80
[ 24.342168][ T301] ? exc_page_fault+0x513/0x700
[ 24.342185][ T301] ? __kasan_check_write+0x14/0x20
[ 24.342212][ T301] ? asm_exc_page_fault+0x27/0x30
[ 24.342238][ T301] ? hash+0x1f5/0xc20
[ 24.342263][ T301] ? hash+0xfe/0xc20
[ 24.342286][ T301] ? hash+0x1f5/0xc20
[ 24.342311][ T301] bloom_map_peek_elem+0xac/0x1a0
[ 24.342340][ T301] bpf_prog_00798911c748094f+0x3a/0x3e
[ 24.342357][ T301] bpf_trace_run2+0x133/0x290
[ 24.342374][ T301] ? bpf_trace_run1+0x240/0x240
[ 24.342391][ T301] ? __kasan_check_write+0x14/0x20
[ 24.342418][ T301] __bpf_trace_ext4_drop_inode+0x23/0x30
[ 24.342441][ T301] ? __bpf_trace_ext4_evict_inode+0x30/0x30
[ 24.342464][ T301] __traceiter_ext4_drop_inode+0x75/0xc0
[ 24.342486][ T301] ext4_drop_inode+0x145/0x1a0
[ 24.342508][ T301] ? ext4_free_in_core_inode+0xb0/0xb0
[ 24.342531][ T301] iput+0x393/0x870
[ 24.342550][ T301] do_unlinkat+0x4db/0x910
[ 24.342571][ T301] ? fsnotify_link_count+0x100/0x100
[ 24.342591][ T301] ? getname_flags+0x1fd/0x520
[ 24.342622][ T301] __x64_sys_unlink+0x49/0x50
[ 24.342657][ T301] do_syscall_64+0x3d/0xb0
[ 24.342684][ T301] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 24.342709][ T301] RIP: 0033:0x7f46f45e7f87
[ 24.342723][ T301] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 24.342737][ T301] RSP: 002b:00007ffd62b61488 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
[ 24.342754][ T301] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f46f45e7f87
[ 24.342766][ T301] RDX: 00007ffd62b614b0 RSI: 00007ffd62b61540 RDI: 00007ffd62b61540
[ 24.342779][ T301] RBP: 00007ffd62b61540 R08: 0000000000000000 R09: 0000000000000000
[ 24.342790][ T301] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffd62b625b0
[ 24.342801][ T301] R13: 000055555680b6c0 R14: 00007ffd62b625b0 R15: 0000000000000001
[ 24.342818][ T301] </TASK>
[ 24.342823][ T301] Modules linked in:
[ 24.342833][ T301] CR2: ffffc90000ee8000
[ 24.346186][ T301] ---[ end trace 0000000000000000 ]---
[ 24.346198][ T301] RIP: 0010:hash+0xfe/0xc20
[ 24.346223][ T301] Code: fc ff df 0f b6 04 10 84 c0 0f 85 c1 00 00 00 45 03 6e f4 48 8d 7e 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 db 00 00 00 <41> 03 5e f8 48 8d 7e 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f
[ 24.346236][ T301] RSP: 0018:ffffc90000ea7ac8 EFLAGS: 00010282
[ 24.346250][ T301] RAX: 0000000000000000 RBX: 000000007f86ddb9 RCX: ffffffff8191d465
[ 24.346262][ T301] RDX: dffffc0000000000 RSI: ffffc90000ea7ffc RDI: ffffc90000ea8000
[ 24.346275][ T301] RBP: ffffc90000ea7b08 R08: 000000003ffffe60 R09: fffffbfff0e9dfd6
[ 24.346287][ T301] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000a6797140
[ 24.346298][ T301] R13: 00000000459fe696 R14: ffffc90000ea8008 R15: ffffc90000ea7ffc
[ 24.346311][ T301] FS: 000055555680a380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 24.346326][ T301] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 24.346342][ T301] CR2: ffffc90000ee8000 CR3: 00000001219ba000 CR4: 00000000003506a0
[ 24.346357][ T301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 24.346367][ T301] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 25.527740][ T295] Shutting down cpus with NMI
[ 26.104236][ T295] Kernel Offset: disabled
[ 26.108371][ T295] Rebooting in 86400 seconds..