./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3912008987

<...>
Warning: Permanently added '10.128.1.74' (ED25519) to the list of known hosts.
execve("./syz-executor3912008987", ["./syz-executor3912008987"], 0x7ffcf2dfc770 /* 10 vars */) = 0
brk(NULL)                               = 0x555587323000
brk(0x555587323d00)                     = 0x555587323d00
arch_prctl(ARCH_SET_FS, 0x555587323380) = 0
set_tid_address(0x555587323650)         = 5866
set_robust_list(0x555587323660, 24)     = 0
rseq(0x555587323ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3912008987", 4096) = 28
getrandom("\x41\x16\x05\x9d\x20\xdb\xb0\xe3", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555587323d00
brk(0x555587344d00)                     = 0x555587344d00
brk(0x555587345000)                     = 0x555587345000
mprotect(0x7f120c9b4000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587323650) = 5867
./strace-static-x86_64: Process 5867 attached
[pid  5866] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5867] set_robust_list(0x555587323660, 24) = 0
./strace-static-x86_64: Process 5868 attached
[pid  5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5866] <... clone resumed>, child_tidptr=0x555587323650) = 5868
[pid  5866] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5868] set_robust_list(0x555587323660, 24) = 0
./strace-static-x86_64: Process 5870 attached
./strace-static-x86_64: Process 5869 attached
[pid  5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5866] <... clone resumed>, child_tidptr=0x555587323650) = 5869
[pid  5870] set_robust_list(0x555587323660, 24 <unfinished ...>
[pid  5869] set_robust_list(0x555587323660, 24 <unfinished ...>
[pid  5866] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5870] <... set_robust_list resumed>) = 0
[pid  5869] <... set_robust_list resumed>) = 0
[pid  5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5867] <... clone resumed>, child_tidptr=0x555587323650) = 5870
./strace-static-x86_64: Process 5872 attached
./strace-static-x86_64: Process 5871 attached
[pid  5870] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5868] <... clone resumed>, child_tidptr=0x555587323650) = 5871
[pid  5871] set_robust_list(0x555587323660, 24) = 0
[pid  5870] <... prctl resumed>)        = 0
./strace-static-x86_64: Process 5873 attached
[pid  5872] set_robust_list(0x555587323660, 24 <unfinished ...>
[pid  5870] setpgid(0, 0 <unfinished ...>
[pid  5866] <... clone resumed>, child_tidptr=0x555587323650) = 5872
[pid  5873] set_robust_list(0x555587323660, 24 <unfinished ...>
[pid  5872] <... set_robust_list resumed>) = 0
[pid  5871] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5870] <... setpgid resumed>)      = 0
[pid  5869] <... clone resumed>, child_tidptr=0x555587323650) = 5873
[pid  5866] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5873] <... set_robust_list resumed>) = 0
[pid  5871] <... prctl resumed>)        = 0
./strace-static-x86_64: Process 5874 attached
[pid  5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5866] <... clone resumed>, child_tidptr=0x555587323650) = 5874
[pid  5871] setpgid(0, 0./strace-static-x86_64: Process 5875 attached
)               = 0
[pid  5874] set_robust_list(0x555587323660, 24 <unfinished ...>
[pid  5873] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5872] <... clone resumed>, child_tidptr=0x555587323650) = 5875
[pid  5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5870] <... openat resumed>)       = 3
[pid  5874] <... set_robust_list resumed>) = 0
[pid  5873] <... prctl resumed>)        = 0
[pid  5875] set_robust_list(0x555587323660, 24 <unfinished ...>
[pid  5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5873] setpgid(0, 0 <unfinished ...>
[pid  5870] write(3, "1000", 4 <unfinished ...>
[pid  5875] <... set_robust_list resumed>) = 0
[pid  5873] <... setpgid resumed>)      = 0
[pid  5871] <... openat resumed>)       = 3
./strace-static-x86_64: Process 5876 attached
[pid  5875] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5870] <... write resumed>)        = 4
[pid  5876] set_robust_list(0x555587323660, 24 <unfinished ...>
[pid  5874] <... clone resumed>, child_tidptr=0x555587323650) = 5876
[pid  5870] close(3 <unfinished ...>
[pid  5876] <... set_robust_list resumed>) = 0
executing program
[pid  5875] <... prctl resumed>)        = 0
[pid  5873] <... openat resumed>)       = 3
[pid  5871] write(3, "1000", 4 <unfinished ...>
[pid  5870] <... close resumed>)        = 0
[pid  5876] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5871] <... write resumed>)        = 4
[pid  5870] write(1, "executing program\n", 18 <unfinished ...>
[pid  5871] close(3 <unfinished ...>
[pid  5870] <... write resumed>)        = 18
[pid  5875] setpgid(0, 0 <unfinished ...>
[pid  5876] <... prctl resumed>)        = 0
[pid  5875] <... setpgid resumed>)      = 0
[pid  5873] write(3, "1000", 4 <unfinished ...>
[pid  5871] <... close resumed>)        = 0
[pid  5870] perf_event_open( <unfinished ...>
[pid  5876] setpgid(0, 0 <unfinished ...>
[pid  5873] <... write resumed>)        = 4
[pid  5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program
 <unfinished ...>
[pid  5871] write(1, "executing program\n", 18 <unfinished ...>
[pid  5876] <... setpgid resumed>)      = 0
[pid  5875] <... openat resumed>)       = 3
[pid  5873] close(3 <unfinished ...>
[pid  5871] <... write resumed>)        = 18
[pid  5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5875] write(3, "1000", 4 <unfinished ...>
[pid  5873] <... close resumed>)        = 0
[pid  5871] perf_event_open( <unfinished ...>
[pid  5876] <... openat resumed>)       = 3
[pid  5873] write(1, "executing program\n", 18executing program
 <unfinished ...>
[pid  5876] write(3, "1000", 4 <unfinished ...>
[pid  5875] <... write resumed>)        = 4
[pid  5873] <... write resumed>)        = 18
[pid  5871] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=330, sample_period=4, sample_type=PERF_SAMPLE_TIME|PERF_SAMPLE_CALLCHAIN|PERF_SAMPLE_STREAM_ID, read_format=PERF_FORMAT_TOTAL_TIME_RUNNING|PERF_FORMAT_ID|PERF_FORMAT_GROUP, precise_ip=0 /* arbitrary skid */, ...}, 0, -1, -1, PERF_FLAG_FD_OUTPUT|PERF_FLAG_FD_CLOEXEC) = 3
[pid  5870] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=330, sample_period=4, sample_type=PERF_SAMPLE_TIME|PERF_SAMPLE_CALLCHAIN|PERF_SAMPLE_STREAM_ID, read_format=PERF_FORMAT_TOTAL_TIME_RUNNING|PERF_FORMAT_ID|PERF_FORMAT_GROUP, precise_ip=0 /* arbitrary skid */, ...}, 0, -1, -1, PERF_FLAG_FD_OUTPUT|PERF_FLAG_FD_CLOEXEC) = 3
[pid  5875] close(3 <unfinished ...>
[pid  5873] perf_event_open(executing program
 <unfinished ...>
[pid  5875] <... close resumed>)        = 0
[pid  5876] <... write resumed>)        = 4
[pid  5876] close(3 <unfinished ...>
[pid  5875] write(1, "executing program\n", 18 <unfinished ...>
[pid  5876] <... close resumed>)        = 0
[pid  5875] <... write resumed>)        = 18
[pid  5873] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=330, sample_period=4, sample_type=PERF_SAMPLE_TIME|PERF_SAMPLE_CALLCHAIN|PERF_SAMPLE_STREAM_ID, read_format=PERF_FORMAT_TOTAL_TIME_RUNNING|PERF_FORMAT_ID|PERF_FORMAT_GROUP, precise_ip=0 /* arbitrary skid */, ...}, 0, -1, -1, PERF_FLAG_FD_OUTPUT|PERF_FLAG_FD_CLOEXEC) = 3
[pid  5871] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_STACK_TRACE, key_size=4, value_size=128, max_entries=4, map_flags=BPF_F_RDONLY|BPF_F_STACK_BUILD_ID, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80 <unfinished ...>
executing program
[pid  5876] write(1, "executing program\n", 18 <unfinished ...>
[pid  5875] perf_event_open( <unfinished ...>
[pid  5873] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_STACK_TRACE, key_size=4, value_size=128, max_entries=4, map_flags=BPF_F_RDONLY|BPF_F_STACK_BUILD_ID, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80 <unfinished ...>
[pid  5870] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_STACK_TRACE, key_size=4, value_size=128, max_entries=4, map_flags=BPF_F_RDONLY|BPF_F_STACK_BUILD_ID, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80 <unfinished ...>
[pid  5876] <... write resumed>)        = 18
[pid  5875] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=330, sample_period=4, sample_type=PERF_SAMPLE_TIME|PERF_SAMPLE_CALLCHAIN|PERF_SAMPLE_STREAM_ID, read_format=PERF_FORMAT_TOTAL_TIME_RUNNING|PERF_FORMAT_ID|PERF_FORMAT_GROUP, precise_ip=0 /* arbitrary skid */, ...}, 0, -1, -1, PERF_FLAG_FD_OUTPUT|PERF_FLAG_FD_CLOEXEC) = 3
[pid  5871] <... bpf resumed>)          = 4
[pid  5876] perf_event_open( <unfinished ...>
[pid  5873] <... bpf resumed>)          = 4
[pid  5871] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200000000080, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x2d /* BPF_??? */, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 <unfinished ...>
[pid  5873] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200000000080, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x2d /* BPF_??? */, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 <unfinished ...>
[pid  5870] <... bpf resumed>)          = 4
[pid  5876] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=330, sample_period=4, sample_type=PERF_SAMPLE_TIME|PERF_SAMPLE_CALLCHAIN|PERF_SAMPLE_STREAM_ID, read_format=PERF_FORMAT_TOTAL_TIME_RUNNING|PERF_FORMAT_ID|PERF_FORMAT_GROUP, precise_ip=0 /* arbitrary skid */, ...}, 0, -1, -1, PERF_FLAG_FD_OUTPUT|PERF_FLAG_FD_CLOEXEC) = 3
[pid  5876] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_STACK_TRACE, key_size=4, value_size=128, max_entries=4, map_flags=BPF_F_RDONLY|BPF_F_STACK_BUILD_ID, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80 <unfinished ...>
[pid  5875] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_STACK_TRACE, key_size=4, value_size=128, max_entries=4, map_flags=BPF_F_RDONLY|BPF_F_STACK_BUILD_ID, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80 <unfinished ...>
[pid  5871] <... bpf resumed>)          = 5
[pid  5870] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200000000080, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x2d /* BPF_??? */, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 <unfinished ...>
[pid  5873] <... bpf resumed>)          = 5
[pid  5876] <... bpf resumed>)          = 4
[pid  5875] <... bpf resumed>)          = 4
[pid  5871] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=5}}, 24 <unfinished ...>
[pid  5873] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=5}}, 24 <unfinished ...>
[pid  5876] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200000000080, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x2d /* BPF_??? */, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 <unfinished ...>
[pid  5875] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200000000080, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x2d /* BPF_??? */, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 <unfinished ...>
[pid  5873] <... bpf resumed>)          = 6
[pid  5871] <... bpf resumed>)          = 6
[pid  5875] <... bpf resumed>)          = 5
[pid  5871] perf_event_open( <unfinished ...>
[pid  5876] <... bpf resumed>)          = 5
[pid  5875] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=5}}, 24 <unfinished ...>
[pid  5871] <... perf_event_open resumed>{type=PERF_TYPE_SOFTWARE, size=PERF_ATTR_SIZE_VER7, config=PERF_COUNT_SW_CPU_CLOCK, sample_period=19761, sample_type=0, read_format=PERF_FORMAT_TOTAL_TIME_ENABLED, precise_ip=0 /* arbitrary skid */, ...}, 0, -1, -1, PERF_FLAG_FD_NO_GROUP|PERF_FLAG_FD_OUTPUT) = 7
[pid  5875] <... bpf resumed>)          = 6
[pid  5873] perf_event_open( <unfinished ...>
[pid  5870] <... bpf resumed>)          = 5
[pid  5876] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=5}}, 24 <unfinished ...>
[pid  5875] perf_event_open( <unfinished ...>
[pid  5873] <... perf_event_open resumed>{type=PERF_TYPE_SOFTWARE, size=PERF_ATTR_SIZE_VER7, config=PERF_COUNT_SW_CPU_CLOCK, sample_period=19761, sample_type=0, read_format=PERF_FORMAT_TOTAL_TIME_ENABLED, precise_ip=0 /* arbitrary skid */, ...}, 0, -1, -1, PERF_FLAG_FD_NO_GROUP|PERF_FLAG_FD_OUTPUT) = 7
[pid  5870] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=5}}, 24 <unfinished ...>
[pid  5876] <... bpf resumed>)          = 6
[pid  5875] <... perf_event_open resumed>{type=PERF_TYPE_SOFTWARE, size=PERF_ATTR_SIZE_VER7, config=PERF_COUNT_SW_CPU_CLOCK, sample_period=19761, sample_type=0, read_format=PERF_FORMAT_TOTAL_TIME_ENABLED, precise_ip=0 /* arbitrary skid */, ...}, 0, -1, -1, PERF_FLAG_FD_NO_GROUP|PERF_FLAG_FD_OUTPUT) = 7
[pid  5871] exit_group(0 <unfinished ...>
[pid  5875] exit_group(0 <unfinished ...>
[pid  5871] <... exit_group resumed>)   = ?
[   95.380191][    C1] ==================================================================
[   95.388482][    C1] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x677/0xcf0
[   95.396690][    C1] Write of size 8 at addr ffff888027c60a58 by task syz-executor391/5873
[   95.399834][    C0] hrtimer: interrupt took 92686 ns
[   95.405047][    C1] 
[   95.405094][    C1] CPU: 1 UID: 0 PID: 5873 Comm: syz-executor391 Not tainted 6.17.0-rc1-syzkaller-g7572a47ebcdf #0 PREEMPT(full) 
[pid  5871] +++ exited with 0 +++
[pid  5875] <... exit_group resumed>)   = ?
[pid  5875] +++ exited with 0 +++
[   95.405125][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   95.405151][    C1] Call Trace:
[   95.405161][    C1]  <IRQ>
[   95.405173][    C1]  dump_stack_lvl+0x189/0x250
[   95.405215][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[   95.405251][    C1]  ? rcu_is_watching+0x15/0xb0
[   95.405274][    C1]  ? __kasan_check_byte+0x12/0x40
[   95.405310][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[   95.405338][    C1]  ? rcu_is_watching+0x15/0xb0
[   95.405363][    C1]  ? lock_release+0x4b/0x3e0
[   95.405402][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[   95.405433][    C1]  ? __virt_addr_valid+0x4a5/0x5c0
[   95.405462][    C1]  print_report+0xca/0x240
[   95.405484][    C1]  ? __bpf_get_stackid+0x677/0xcf0
[   95.405521][    C1]  kasan_report+0x118/0x150
[   95.405555][    C1]  ? __bpf_get_stackid+0x677/0xcf0
[   95.405596][    C1]  ? sysvec_apic_timer_interrupt+0xe/0xc0
[   95.405637][    C1]  __bpf_get_stackid+0x677/0xcf0
[   95.405682][    C1]  ? bpf_prog_b724608cae728045+0x27/0x2f
[   95.405710][    C1]  bpf_get_stackid_raw_tp+0x196/0x210
[   95.405745][    C1]  bpf_prog_b724608cae728045+0x27/0x2f
[   95.405764][    C1]  bpf_trace_run2+0x284/0x4b0
[   95.405797][    C1]  ? bpf_trace_run2+0x186/0x4b0
[   95.405828][    C1]  ? __pfx_bpf_trace_run2+0x10/0x10
[   95.405859][    C1]  ? slab_free_after_rcu_debug+0x60/0x2a0
[   95.405892][    C1]  ? rcu_core+0xc37/0x1770
[   95.405927][    C1]  ? slab_free_after_rcu_debug+0x60/0x2a0
[   95.405954][    C1]  __traceiter_kfree+0x2e/0x50
[   95.405978][    C1]  ? slab_free_after_rcu_debug+0x60/0x2a0
[   95.406004][    C1]  kfree+0x3a0/0x440
[   95.406037][    C1]  ? rcu_core+0xc37/0x1770
[   95.406073][    C1]  slab_free_after_rcu_debug+0x60/0x2a0
[   95.406100][    C1]  ? __pfx_slab_free_after_rcu_debug+0x10/0x10
[   95.406126][    C1]  ? rcu_core+0xc37/0x1770
[   95.406161][    C1]  rcu_core+0xca8/0x1770
[   95.406203][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[   95.406244][    C1]  ? __pfx_rcu_core+0x10/0x10
[   95.406287][    C1]  ? sched_balance_domains+0x121/0x9e0
[   95.406325][    C1]  ? sched_balance_domains+0x8be/0x9e0
[   95.406366][    C1]  ? sched_balance_domains+0x121/0x9e0
[   95.406405][    C1]  handle_softirqs+0x283/0x870
[   95.406432][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[   95.406458][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[   95.406485][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[   95.406516][    C1]  __irq_exit_rcu+0xca/0x1f0
[   95.406538][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[   95.406569][    C1]  irq_exit_rcu+0x9/0x30
[   95.406591][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   95.406625][    C1]  </IRQ>
[   95.406634][    C1]  <TASK>
[   95.406643][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   95.406673][    C1] RIP: 0010:lock_acquire+0xa1/0x360
[   95.406709][    C1] Code: 0f 84 f0 00 00 00 48 8b b4 24 90 00 00 00 4c 89 ef e8 43 93 85 00 83 3d 1c 54 06 0e 00 0f 84 fa 00 00 00 65 8b 05 cf 24 03 11 <85> c0 0f 85 eb 00 00 00 65 48 8b 04 25 08 40 a0 92 83 b8 ec 0a 00
[   95.406730][    C1] RSP: 0000:ffffc90003e1f8e0 EFLAGS: 00000202
[   95.406752][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: e83166939323c400
[   95.406769][    C1] RDX: 0000000000000000 RSI: ffffffff822e5d96 RDI: 1ffffffff1c273f4
[   95.406787][    C1] RBP: ffffffff822e5d7a R08: 0000000000000000 R09: 0000000000000000
[   95.406803][    C1] R10: dffffc0000000000 R11: ffffed100f9cc1bb R12: 0000000000000002
[   95.406821][    C1] R13: ffffffff8e139fa0 R14: 0000000000000000 R15: 0000000000000000
[   95.406839][    C1]  ? pfn_valid+0xba/0x490
[   95.406892][    C1]  ? pfn_valid+0xd6/0x490
[   95.406931][    C1]  ? pfn_valid+0x12/0x490
[   95.406963][    C1]  ? pfn_valid+0xba/0x490
[   95.406996][    C1]  pfn_valid+0xd6/0x490
[   95.407027][    C1]  ? pfn_valid+0xba/0x490
[   95.407061][    C1]  page_table_check_clear+0x21/0x700
[   95.407094][    C1]  ? __pte_offset_map_lock+0x1b1/0x210
[   95.407130][    C1]  ptep_clear_flush+0x165/0x170
[   95.407161][    C1]  do_wp_page+0x1bc2/0x5800
[   95.407335][    C1]  ? do_wp_page+0x161d/0x5800
[   95.407371][    C1]  ? __pfx_do_wp_page+0x10/0x10
[   95.407398][    C1]  ? do_raw_spin_lock+0x121/0x290
[   95.407429][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   95.407455][    C1]  ? pte_offset_map_rw_nolock+0x112/0x160
[   95.407481][    C1]  __handle_mm_fault+0x1033/0x5440
[   95.407522][    C1]  ? __pfx___handle_mm_fault+0x10/0x10
[   95.407566][    C1]  ? lock_vma_under_rcu+0x19f/0x3d0
[   95.407605][    C1]  handle_mm_fault+0x40a/0x8e0
[   95.407643][    C1]  do_user_addr_fault+0xa81/0x1390
[   95.407688][    C1]  ? rcu_is_watching+0x15/0xb0
[   95.407712][    C1]  ? trace_page_fault_user+0x84/0x1e0
[   95.407751][    C1]  exc_page_fault+0x76/0xf0
[   95.407785][    C1]  asm_exc_page_fault+0x26/0x30
[   95.407807][    C1] RIP: 0033:0x7f120c917200
[   95.407829][    C1] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d ed 0d 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 00 3b 0a 00 0f 85 0f 02 00 00 4c 8d 25 f3 3a 0a 00 4c
[   95.407849][    C1] RSP: 002b:00007ffee24db920 EFLAGS: 00010246
[   95.407870][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   95.407885][    C1] RDX: 0000000000000001 RSI: 00007f120c9b8118 RDI: 0000000000000000
[   95.407899][    C1] RBP: 00007f120c9b8118 R08: 0000000000000003 R09: 00000000000000a0
[   95.407915][    C1] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[   95.407932][    C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   95.407958][    C1]  </TASK>
[   95.407969][    C1] 
[   95.943227][    C1] Allocated by task 5873:
[   95.947560][    C1]  kasan_save_track+0x3e/0x80
[   95.952255][    C1]  __kasan_kmalloc+0x93/0xb0
[   95.956859][    C1]  __kmalloc_node_noprof+0x276/0x4e0
[   95.962175][    C1]  bpf_map_area_alloc+0x64/0x180
[   95.967132][    C1]  prealloc_elems_and_freelist+0x86/0x1d0
[   95.972861][    C1]  stack_map_alloc+0x33f/0x4c0
[   95.977641][    C1]  map_create+0xaa0/0x14d0
[   95.982090][    C1]  __sys_bpf+0x60f/0x870
[   95.986369][    C1]  __x64_sys_bpf+0x7c/0x90
[   95.990814][    C1]  do_syscall_64+0xfa/0x3b0
[   95.995330][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.001233][    C1] 
[   96.003563][    C1] The buggy address belongs to the object at ffff888027c60800
[   96.003563][    C1]  which belongs to the cache kmalloc-1k of size 1024
[   96.017627][    C1] The buggy address is located 24 bytes to the right of
[   96.017627][    C1]  allocated 576-byte region [ffff888027c60800, ffff888027c60a40)
[   96.032227][    C1] 
[   96.034560][    C1] The buggy address belongs to the physical page:
[   96.041052][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888027c63000 pfn:0x27c60
[   96.051225][    C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   96.059819][    C1] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   96.067397][    C1] page_type: f5(slab)
[   96.071399][    C1] raw: 00fff00000000040 ffff88801a441dc0 ffffea00009a0a00 dead000000000002
[   96.079990][    C1] raw: ffff888027c63000 0000000000100008 00000000f5000000 0000000000000000
[   96.088584][    C1] head: 00fff00000000040 ffff88801a441dc0 ffffea00009a0a00 dead000000000002
[   96.097291][    C1] head: ffff888027c63000 0000000000100008 00000000f5000000 0000000000000000
[   96.105981][    C1] head: 00fff00000000003 ffffea00009f1801 00000000ffffffff 00000000ffffffff
[   96.114681][    C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   96.123384][    C1] page dumped because: kasan: bad access detected
[   96.129823][    C1] page_owner tracks the page as allocated
[   96.135550][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 37, tgid 37 (kworker/u8:3), ts 15038735823, free_ts 0
[   96.153885][    C1]  post_alloc_hook+0x240/0x2a0
[   96.158795][    C1]  get_page_from_freelist+0x21e4/0x22c0
[   96.164378][    C1]  __alloc_frozen_pages_noprof+0x181/0x370
[   96.170244][    C1]  allocate_slab+0x65/0x370
[   96.174946][    C1]  ___slab_alloc+0xbeb/0x1410
[   96.179664][    C1]  __kmalloc_node_noprof+0x2fd/0x4e0
[   96.184970][    C1]  blk_alloc_flush_queue+0xe2/0x230
[   96.190184][    C1]  blk_mq_alloc_and_init_hctx+0x679/0xd60
[   96.195917][    C1]  __blk_mq_realloc_hw_ctxs+0x169/0x400
[   96.201479][    C1]  blk_mq_init_allocated_queue+0x400/0x1490
[   96.207392][    C1]  blk_mq_alloc_queue+0x191/0x280
[   96.212436][    C1]  scsi_alloc_sdev+0x767/0xb40
[   96.217227][    C1]  scsi_probe_and_add_lun+0x1c5/0x4580
[   96.222712][    C1]  __scsi_scan_target+0x1dd/0xd10
[   96.227765][    C1]  scsi_scan_host_selected+0x372/0x690
[   96.233249][    C1]  do_scan_async+0x124/0x760
[   96.237859][    C1] page_owner free stack trace missing
[   96.243233][    C1] 
[   96.245568][    C1] Memory state around the buggy address:
[   96.251211][    C1]  ffff888027c60900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   96.259282][    C1]  ffff888027c60980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   96.267352][    C1] >ffff888027c60a00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   96.275420][    C1]                                                     ^
[pid  5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
[pid  5868] restart_syscall(<... resuming interrupted clone ...>) = 0
[   96.282362][    C1]  ffff888027c60a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   96.290428][    C1]  ffff888027c60b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   96.298491][    C1] ==================================================================
[   96.306727][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   96.313950][    C1] CPU: 1 UID: 0 PID: 5873 Comm: syz-executor391 Not tainted 6.17.0-rc1-syzkaller-g7572a47ebcdf #0 PREEMPT(full) 
[   96.325875][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   96.335960][    C1] Call Trace:
[   96.339258][    C1]  <IRQ>
[   96.342128][    C1]  dump_stack_lvl+0x99/0x250
[   96.346740][    C1]  ? __asan_memcpy+0x40/0x70
[   96.351522][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[   96.356775][    C1]  ? __pfx__printk+0x10/0x10
[   96.361391][    C1]  vpanic+0x281/0x750
[   96.365399][    C1]  ? __pfx_vpanic+0x10/0x10
[   96.369951][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[   96.374819][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[   96.380038][    C1]  panic+0xb9/0xc0
[   96.383785][    C1]  ? __pfx_panic+0x10/0x10
[   96.388215][    C1]  ? __bpf_get_stackid+0x677/0xcf0
[   96.393358][    C1]  ? __bpf_get_stackid+0x677/0xcf0
[   96.398488][    C1]  check_panic_on_warn+0x89/0xb0
[   96.403445][    C1]  ? __bpf_get_stackid+0x677/0xcf0
[   96.408591][    C1]  end_report+0x78/0x160
[   96.412864][    C1]  kasan_report+0x129/0x150
[   96.417399][    C1]  ? __bpf_get_stackid+0x677/0xcf0
[   96.422550][    C1]  ? sysvec_apic_timer_interrupt+0xe/0xc0
[   96.428298][    C1]  __bpf_get_stackid+0x677/0xcf0
[   96.433293][    C1]  ? bpf_prog_b724608cae728045+0x27/0x2f
[   96.438933][    C1]  bpf_get_stackid_raw_tp+0x196/0x210
[   96.444504][    C1]  bpf_prog_b724608cae728045+0x27/0x2f
[   96.449989][    C1]  bpf_trace_run2+0x284/0x4b0
[   96.454860][    C1]  ? bpf_trace_run2+0x186/0x4b0
[   96.459737][    C1]  ? __pfx_bpf_trace_run2+0x10/0x10
[   96.464967][    C1]  ? slab_free_after_rcu_debug+0x60/0x2a0
[   96.470703][    C1]  ? rcu_core+0xc37/0x1770
[   96.475138][    C1]  ? slab_free_after_rcu_debug+0x60/0x2a0
[   96.480870][    C1]  __traceiter_kfree+0x2e/0x50
[   96.485669][    C1]  ? slab_free_after_rcu_debug+0x60/0x2a0
[   96.491490][    C1]  kfree+0x3a0/0x440
[   96.495489][    C1]  ? rcu_core+0xc37/0x1770
[   96.500031][    C1]  slab_free_after_rcu_debug+0x60/0x2a0
[   96.505592][    C1]  ? __pfx_slab_free_after_rcu_debug+0x10/0x10
[   96.511792][    C1]  ? rcu_core+0xc37/0x1770
[   96.516230][    C1]  rcu_core+0xca8/0x1770
[   96.520496][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[   96.525721][    C1]  ? __pfx_rcu_core+0x10/0x10
[   96.530460][    C1]  ? sched_balance_domains+0x121/0x9e0
[   96.535947][    C1]  ? sched_balance_domains+0x8be/0x9e0
[   96.541440][    C1]  ? sched_balance_domains+0x121/0x9e0
[   96.546930][    C1]  handle_softirqs+0x283/0x870
[   96.551722][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[   96.556518][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[   96.561820][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[   96.567041][    C1]  __irq_exit_rcu+0xca/0x1f0
[   96.571652][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[   96.576868][    C1]  irq_exit_rcu+0x9/0x30
[   96.581122][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   96.586781][    C1]  </IRQ>
[   96.589724][    C1]  <TASK>
[   96.592969][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   96.598992][    C1] RIP: 0010:lock_acquire+0xa1/0x360
[   96.604334][    C1] Code: 0f 84 f0 00 00 00 48 8b b4 24 90 00 00 00 4c 89 ef e8 43 93 85 00 83 3d 1c 54 06 0e 00 0f 84 fa 00 00 00 65 8b 05 cf 24 03 11 <85> c0 0f 85 eb 00 00 00 65 48 8b 04 25 08 40 a0 92 83 b8 ec 0a 00
[   96.624054][    C1] RSP: 0000:ffffc90003e1f8e0 EFLAGS: 00000202
[   96.630227][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: e83166939323c400
[   96.638214][    C1] RDX: 0000000000000000 RSI: ffffffff822e5d96 RDI: 1ffffffff1c273f4
[   96.646224][    C1] RBP: ffffffff822e5d7a R08: 0000000000000000 R09: 0000000000000000
[   96.654217][    C1] R10: dffffc0000000000 R11: ffffed100f9cc1bb R12: 0000000000000002
[   96.662231][    C1] R13: ffffffff8e139fa0 R14: 0000000000000000 R15: 0000000000000000
[   96.670218][    C1]  ? pfn_valid+0xba/0x490
[   96.674578][    C1]  ? pfn_valid+0xd6/0x490
[   96.678936][    C1]  ? pfn_valid+0x12/0x490
[   96.683287][    C1]  ? pfn_valid+0xba/0x490
[   96.687642][    C1]  pfn_valid+0xd6/0x490
[   96.691849][    C1]  ? pfn_valid+0xba/0x490
[   96.696197][    C1]  page_table_check_clear+0x21/0x700
[   96.701504][    C1]  ? __pte_offset_map_lock+0x1b1/0x210
[   96.707058][    C1]  ptep_clear_flush+0x165/0x170
[   96.711930][    C1]  do_wp_page+0x1bc2/0x5800
[   96.716547][    C1]  ? do_wp_page+0x161d/0x5800
[   96.721241][    C1]  ? __pfx_do_wp_page+0x10/0x10
[   96.726104][    C1]  ? do_raw_spin_lock+0x121/0x290
[   96.731196][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   96.736585][    C1]  ? pte_offset_map_rw_nolock+0x112/0x160
[   96.742325][    C1]  __handle_mm_fault+0x1033/0x5440
[   96.747467][    C1]  ? __pfx___handle_mm_fault+0x10/0x10
[   96.752953][    C1]  ? lock_vma_under_rcu+0x19f/0x3d0
[   96.758377][    C1]  handle_mm_fault+0x40a/0x8e0
[   96.763166][    C1]  do_user_addr_fault+0xa81/0x1390
[   96.768311][    C1]  ? rcu_is_watching+0x15/0xb0
[   96.773093][    C1]  ? trace_page_fault_user+0x84/0x1e0
[   96.778492][    C1]  exc_page_fault+0x76/0xf0
[   96.783013][    C1]  asm_exc_page_fault+0x26/0x30
[   96.787901][    C1] RIP: 0033:0x7f120c917200
[   96.792336][    C1] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d ed 0d 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 00 3b 0a 00 0f 85 0f 02 00 00 4c 8d 25 f3 3a 0a 00 4c
[   96.811984][    C1] RSP: 002b:00007ffee24db920 EFLAGS: 00010246
[   96.818068][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   96.826051][    C1] RDX: 0000000000000001 RSI: 00007f120c9b8118 RDI: 0000000000000000
[   96.834036][    C1] RBP: 00007f120c9b8118 R08: 0000000000000003 R09: 00000000000000a0
[   96.842126][    C1] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[   96.850120][    C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   96.858110][    C1]  </TASK>
[   96.861461][    C1] Kernel Offset: disabled
[   96.866020][    C1] Rebooting in 86400 seconds..