./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2537375143
<...>
Warning: Permanently added '10.128.0.255' (ECDSA) to the list of known hosts.
execve("./syz-executor2537375143", ["./syz-executor2537375143"], 0x7ffe63e51080 /* 10 vars */) = 0
brk(NULL) = 0x555555f56000
brk(0x555555f56c40) = 0x555555f56c40
arch_prctl(ARCH_SET_FS, 0x555555f56300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2537375143", 4096) = 28
brk(0x555555f77c40) = 0x555555f77c40
brk(0x555555f78000) = 0x555555f78000
mprotect(0x7fa205f86000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/profiling", O_RDWR) = 3
[ 50.619054][ T3634] kernel profiling enabled (shift: 0)
[ 50.988703][ C0] ==================================================================
[ 50.997146][ C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0
[ 51.004443][ C0] Read of size 8 at addr ffffc90003d2f580 by task syz-executor253/3634
[ 51.012784][ C0]
[ 51.015128][ C0] CPU: 0 PID: 3634 Comm: syz-executor253 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0
[ 51.025701][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 51.036041][ C0] Call Trace:
[ 51.039316][ C0] <IRQ>
[ 51.042209][ C0] dump_stack_lvl+0x1b1/0x28e
[ 51.046917][ C0] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 51.052371][ C0] ? __wake_up_klogd+0xcd/0x100
[ 51.057545][ C0] ? panic+0x710/0x710
[ 51.061717][ C0] ? _printk+0xc0/0x100
[ 51.066168][ C0] print_address_description+0x74/0x340
[ 51.071812][ C0] print_report+0x107/0x1f0
[ 51.076394][ C0] ? __lock_acquire+0x1f60/0x1f60
[ 51.081406][ C0] ? __virt_addr_valid+0xb8/0x2d0
[ 51.086522][ C0] ? profile_pc+0xa4/0xe0
[ 51.091127][ C0] kasan_report+0xcd/0x100
[ 51.095547][ C0] ? profile_pc+0xa4/0xe0
[ 51.099860][ C0] ? _raw_spin_unlock_irqrestore+0xbc/0x120
[ 51.105764][ C0] profile_pc+0xa4/0xe0
[ 51.109909][ C0] profile_tick+0xe5/0x160
[ 51.114326][ C0] tick_sched_timer+0x381/0x540
[ 51.119263][ C0] __hrtimer_run_queues+0x4cb/0xa60
[ 51.124452][ C0] ? tick_setup_sched_timer+0x2e0/0x2e0
[ 51.130007][ C0] ? hrtimer_interrupt+0xfd0/0xfd0
[ 51.135218][ C0] ? ktime_get_update_offsets_now+0x449/0x460
[ 51.141489][ C0] hrtimer_interrupt+0x3a6/0xfd0
[ 51.146474][ C0] __sysvec_apic_timer_interrupt+0xf9/0x280
[ 51.152753][ C0] sysvec_apic_timer_interrupt+0x8c/0xb0
[ 51.159706][ C0] </IRQ>
[ 51.162630][ C0] <TASK>
[ 51.165908][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 51.172075][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xbc/0x120
[ 51.178977][ C0] Code: f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 0a 09 43 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 3f 8b c2 f6 65 8b 05 a0 c7 66 75 85 c0 74 3f 48 c7 04 24 0e 36
[ 51.199085][ C0] RSP: 0018:ffffc90003d2f580 EFLAGS: 00000206
[ 51.205543][ C0] RAX: 1ffff920007a5eb4 RBX: ffff8880b9840540 RCX: ffffffff816ab07a
[ 51.213520][ C0] RDX: dffffc0000000000 RSI: ffffffff8aedb2a0 RDI: 0000000000000001
[ 51.221560][ C0] RBP: ffffc90003d2f610 R08: dffffc0000000000 R09: fffffbfff20b2e41
[ 51.229615][ C0] R10: fffffbfff20b2e41 R11: 1ffffffff20b2e40 R12: dffffc0000000000
[ 51.238657][ C0] R13: 1ffff920007a5eb0 R14: ffffc90003d2f5a0 R15: 0000000000000282
[ 51.246837][ C0] ? mark_lock+0x9a/0x350
[ 51.251185][ C0] ? _raw_spin_unlock+0x40/0x40
[ 51.256033][ C0] ? stack_trace_save+0x1e0/0x1e0
[ 51.261075][ C0] rmqueue_pcplist+0x1d5/0x4c0
[ 51.265853][ C0] ? reserve_highatomic_pageblock+0x300/0x300
[ 51.272126][ C0] ? mark_lock+0x9a/0x350
[ 51.276534][ C0] rmqueue+0x1b81/0x1ed0
[ 51.280906][ C0] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 51.287018][ C0] ? check_new_pages+0x360/0x360
[ 51.292561][ C0] ? zone_watermark_fast+0xc3/0x230
[ 51.298385][ C0] get_page_from_freelist+0x4b6/0x7c0
[ 51.304115][ C0] __alloc_pages+0x259/0x560
[ 51.309421][ C0] ? zone_statistics+0x160/0x160
[ 51.314381][ C0] ? alloc_pages_bulk_array_mempolicy+0x7aa/0x9c0
[ 51.320843][ C0] __vmalloc_node_range+0x8f4/0x1290
[ 51.326339][ C0] ? profile_init+0x113/0x190
[ 51.331442][ C0] ? sysfs_kf_read+0x390/0x390
[ 51.337241][ C0] vzalloc+0x75/0x80
[ 51.341955][ C0] ? profile_init+0x113/0x190
[ 51.346859][ C0] profile_init+0x113/0x190
[ 51.352109][ C0] profiling_store+0x59/0xc0
[ 51.357472][ C0] kernfs_fop_write_iter+0x3ac/0x500
[ 51.363803][ C0] vfs_write+0x7dc/0xc50
[ 51.368306][ C0] ? file_end_write+0x230/0x230
[ 51.373359][ C0] ? ptrace_stop+0x74d/0x970
[ 51.378329][ C0] ? _raw_spin_unlock_irq+0x2a/0x40
[ 51.384066][ C0] ? __fdget_pos+0x252/0x2e0
[ 51.389360][ C0] ksys_write+0x177/0x2a0
[ 51.393970][ C0] ? __ia32_sys_read+0x80/0x80
[ 51.399057][ C0] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 51.405517][ C0] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 51.411757][ C0] do_syscall_64+0x3d/0xb0
[ 51.416252][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.422351][ C0] RIP: 0033:0x7fa205f19da9
[ 51.426924][ C0] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 51.448510][ C0] RSP: 002b:00007ffcb64cda78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 51.457497][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa205f19da9
[ 51.465662][ C0] RDX: 0000000000000012 RSI: 00000000200001c0 RDI: 0000000000000003
[ 51.473988][ C0] RBP: 00007fa205eddcc0 R08: 0000000000000012 R09: 0000000000000000
[ 51.482312][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa205eddd50
[ 51.490562][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 51.498713][ C0] </TASK>
[ 51.502338][ C0]
[ 51.504891][ C0] The buggy address belongs to stack of task syz-executor253/3634
[ 51.512703][ C0] and is located at offset 0 in frame:
[ 51.518361][ C0] _raw_spin_unlock_irqrestore+0x0/0x120
[ 51.524100][ C0]
[ 51.526418][ C0] This frame has 1 object:
[ 51.530827][ C0] [32, 40) 'flags.i.i.i.i'
[ 51.530834][ C0]
[ 51.537899][ C0] The buggy address belongs to the virtual mapping at
[ 51.537899][ C0] [ffffc90003d28000, ffffc90003d31000) created by:
[ 51.537899][ C0] dup_task_struct+0x8b/0x490
[ 51.556851][ C0]
[ 51.559167][ C0] The buggy address belongs to the physical page:
[ 51.566033][ C0] page:ffffea00008a0e40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22839
[ 51.577398][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 51.584947][ C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 51.594153][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 51.602736][ C0] page dumped because: kasan: bad access detected
[ 51.609592][ C0] page_owner tracks the page as allocated
[ 51.615674][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 3631, tgid 3631 (strace-static-x), ts 50594282378, free_ts 50590423552
[ 51.636345][ C0] get_page_from_freelist+0x742/0x7c0
[ 51.642875][ C0] __alloc_pages+0x259/0x560
[ 51.647567][ C0] __vmalloc_node_range+0x8f4/0x1290
[ 51.653464][ C0] alloc_thread_stack_node+0x307/0x500
[ 51.659896][ C0] dup_task_struct+0x8b/0x490
[ 51.665086][ C0] copy_process+0x637/0x4000
[ 51.669903][ C0] kernel_clone+0x21b/0x620
[ 51.674491][ C0] __x64_sys_clone+0x228/0x290
[ 51.679543][ C0] do_syscall_64+0x3d/0xb0
[ 51.683962][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.689849][ C0] page last free stack trace:
[ 51.694593][ C0] free_pcp_prepare+0x80c/0x8f0
[ 51.699526][ C0] free_unref_page_list+0xb4/0x7b0
[ 51.704719][ C0] release_pages+0x232a/0x25c0
[ 51.709479][ C0] tlb_flush_mmu+0x850/0xa70
[ 51.714081][ C0] tlb_finish_mmu+0xcb/0x200
[ 51.718680][ C0] exit_mmap+0x275/0x630
[ 51.722928][ C0] __mmput+0x114/0x3b0
[ 51.727007][ C0] exec_mmap+0x506/0x590
[ 51.731443][ C0] begin_new_exec+0x7a1/0xfc0
[ 51.736307][ C0] load_elf_binary+0x912/0x2850
[ 51.741164][ C0] bprm_execve+0x8dc/0x1590
[ 51.745669][ C0] do_execveat_common+0x598/0x750
[ 51.750782][ C0] __x64_sys_execve+0x8e/0xa0
[ 51.755459][ C0] do_syscall_64+0x3d/0xb0
[ 51.760164][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.766057][ C0]
[ 51.768401][ C0] Memory state around the buggy address:
[ 51.774212][ C0] ffffc90003d2f480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 51.782345][ C0] ffffc90003d2f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 51.790507][ C0] >ffffc90003d2f580: f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00 00 00 00 00
[ 51.799277][ C0] ^
[ 51.803348][ C0] ffffc90003d2f600: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[ 51.811552][ C0] ffffc90003d2f680: 00 f2 f2 f2 00 f3 f3 f3 00 00 00 00 00 00 00 00
[ 51.819784][ C0] ==================================================================
[ 51.828289][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 51.834937][ C0] CPU: 0 PID: 3634 Comm: syz-executor253 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0
[ 51.845345][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 51.855518][ C0] Call Trace:
[ 51.858896][ C0] <IRQ>
[ 51.861741][ C0] dump_stack_lvl+0x1b1/0x28e
[ 51.866512][ C0] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 51.871960][ C0] ? panic+0x710/0x710
[ 51.876038][ C0] ? vscnprintf+0x59/0x80
[ 51.880344][ C0] panic+0x2d6/0x710
[ 51.884304][ C0] ? memcpy_page_flushcache+0xfc/0xfc
[ 51.889659][ C0] ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 51.895835][ C0] ? print_report+0x1b4/0x1f0
[ 51.900618][ C0] ? profile_pc+0xa4/0xe0
[ 51.905057][ C0] end_report+0x91/0xa0
[ 51.909202][ C0] kasan_report+0xda/0x100
[ 51.913623][ C0] ? profile_pc+0xa4/0xe0
[ 51.917945][ C0] ? _raw_spin_unlock_irqrestore+0xbc/0x120
[ 51.923933][ C0] profile_pc+0xa4/0xe0
[ 51.928140][ C0] profile_tick+0xe5/0x160
[ 51.933205][ C0] tick_sched_timer+0x381/0x540
[ 51.938410][ C0] __hrtimer_run_queues+0x4cb/0xa60
[ 51.943801][ C0] ? tick_setup_sched_timer+0x2e0/0x2e0
[ 51.949474][ C0] ? hrtimer_interrupt+0xfd0/0xfd0
[ 51.954747][ C0] ? ktime_get_update_offsets_now+0x449/0x460
[ 51.961031][ C0] hrtimer_interrupt+0x3a6/0xfd0
[ 51.966164][ C0] __sysvec_apic_timer_interrupt+0xf9/0x280
[ 51.972332][ C0] sysvec_apic_timer_interrupt+0x8c/0xb0
[ 51.978066][ C0] </IRQ>
[ 51.981096][ C0] <TASK>
[ 51.984149][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 51.990231][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xbc/0x120
[ 51.996781][ C0] Code: f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 0a 09 43 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 3f 8b c2 f6 65 8b 05 a0 c7 66 75 85 c0 74 3f 48 c7 04 24 0e 36
[ 52.016506][ C0] RSP: 0018:ffffc90003d2f580 EFLAGS: 00000206
[ 52.022576][ C0] RAX: 1ffff920007a5eb4 RBX: ffff8880b9840540 RCX: ffffffff816ab07a
[ 52.030577][ C0] RDX: dffffc0000000000 RSI: ffffffff8aedb2a0 RDI: 0000000000000001
[ 52.038649][ C0] RBP: ffffc90003d2f610 R08: dffffc0000000000 R09: fffffbfff20b2e41
[ 52.046765][ C0] R10: fffffbfff20b2e41 R11: 1ffffffff20b2e40 R12: dffffc0000000000
[ 52.055021][ C0] R13: 1ffff920007a5eb0 R14: ffffc90003d2f5a0 R15: 0000000000000282
[ 52.063143][ C0] ? mark_lock+0x9a/0x350
[ 52.067496][ C0] ? _raw_spin_unlock+0x40/0x40
[ 52.072377][ C0] ? stack_trace_save+0x1e0/0x1e0
[ 52.077590][ C0] rmqueue_pcplist+0x1d5/0x4c0
[ 52.082875][ C0] ? reserve_highatomic_pageblock+0x300/0x300
[ 52.088923][ C0] ? mark_lock+0x9a/0x350
[ 52.093329][ C0] rmqueue+0x1b81/0x1ed0
[ 52.097561][ C0] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 52.103550][ C0] ? check_new_pages+0x360/0x360
[ 52.108497][ C0] ? zone_watermark_fast+0xc3/0x230
[ 52.113820][ C0] get_page_from_freelist+0x4b6/0x7c0
[ 52.119313][ C0] __alloc_pages+0x259/0x560
[ 52.123939][ C0] ? zone_statistics+0x160/0x160
[ 52.128942][ C0] ? alloc_pages_bulk_array_mempolicy+0x7aa/0x9c0
[ 52.135608][ C0] __vmalloc_node_range+0x8f4/0x1290
[ 52.140920][ C0] ? profile_init+0x113/0x190
[ 52.146220][ C0] ? sysfs_kf_read+0x390/0x390
[ 52.151027][ C0] vzalloc+0x75/0x80
[ 52.154949][ C0] ? profile_init+0x113/0x190
[ 52.159628][ C0] profile_init+0x113/0x190
[ 52.164122][ C0] profiling_store+0x59/0xc0
[ 52.168725][ C0] kernfs_fop_write_iter+0x3ac/0x500
[ 52.174031][ C0] vfs_write+0x7dc/0xc50
[ 52.178370][ C0] ? file_end_write+0x230/0x230
[ 52.183331][ C0] ? ptrace_stop+0x74d/0x970
[ 52.188112][ C0] ? _raw_spin_unlock_irq+0x2a/0x40
[ 52.193332][ C0] ? __fdget_pos+0x252/0x2e0
[ 52.198004][ C0] ksys_write+0x177/0x2a0
[ 52.202492][ C0] ? __ia32_sys_read+0x80/0x80
[ 52.207237][ C0] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 52.213200][ C0] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 52.219223][ C0] do_syscall_64+0x3d/0xb0
[ 52.223907][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.229813][ C0] RIP: 0033:0x7fa205f19da9
[ 52.234214][ C0] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.253822][ C0] RSP: 002b:00007ffcb64cda78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 52.262419][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa205f19da9
[ 52.270413][ C0] RDX: 0000000000000012 RSI: 00000000200001c0 RDI: 0000000000000003
[ 52.278393][ C0] RBP: 00007fa205eddcc0 R08: 0000000000000012 R09: 0000000000000000
[ 52.286526][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa205eddd50
[ 52.294576][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 52.302735][ C0] </TASK>
[ 52.306027][ C0] Kernel Offset: disabled
[ 52.310344][ C0] Rebooting in 86400 seconds..