./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2577493329
<...>
Warning: Permanently added '10.128.1.45' (ED25519) to the list of known hosts.
execve("./syz-executor2577493329", ["./syz-executor2577493329"], 0x7ffc679985f0 /* 10 vars */) = 0
brk(NULL) = 0x555556f29000
brk(0x555556f29d00) = 0x555556f29d00
arch_prctl(ARCH_SET_FS, 0x555556f29380) = 0
set_tid_address(0x555556f29650) = 5027
set_robust_list(0x555556f29660, 24) = 0
rseq(0x555556f29ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2577493329", 4096) = 28
getrandom("\x6e\x10\x88\xfb\x1c\xb9\x8d\x31", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555556f29d00
brk(0x555556f4ad00) = 0x555556f4ad00
brk(0x555556f4b000) = 0x555556f4b000
mprotect(0x7effea318000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/profiling", O_RDWR|O_EXCL|O_TRUNC|O_NONBLOCK|O_SYNC|O_NOATIME) = 3
[ 63.361590][ T5027] kernel profiling enabled (shift: 0)
[ 63.926421][ C0] ==================================================================
[ 63.934529][ C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xd3/0x150
[ 63.941734][ C0] Read of size 8 at addr ffffc90003a8f400 by task syz-executor257/5027
[ 63.950070][ C0]
[ 63.952555][ C0] CPU: 0 PID: 5027 Comm: syz-executor257 Not tainted 6.5.0-syzkaller-08894-gb97d64c72259 #0
[ 63.962626][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 63.972680][ C0] Call Trace:
[ 63.975959][ C0] <IRQ>
[ 63.978805][ C0] dump_stack_lvl+0x1e7/0x2d0
[ 63.983511][ C0] ? nf_tcp_handle_invalid+0x650/0x650
[ 63.988988][ C0] ? panic+0x770/0x770
[ 63.993087][ C0] ? _printk+0xd5/0x120
[ 63.997268][ C0] ? read_lock_is_recursive+0x20/0x20
[ 64.002740][ C0] print_report+0x163/0x540
[ 64.007249][ C0] ? __smp_call_single_queue+0x11a/0x370
[ 64.012901][ C0] ? __virt_addr_valid+0xbd/0x2e0
[ 64.017934][ C0] ? profile_pc+0xd3/0x150
[ 64.022350][ C0] kasan_report+0x175/0x1b0
[ 64.026939][ C0] ? profile_pc+0xd3/0x150
[ 64.031357][ C0] ? _raw_spin_unlock_irqrestore+0xd8/0x140
[ 64.037260][ C0] profile_pc+0xd3/0x150
[ 64.041501][ C0] profile_tick+0xd8/0x130
[ 64.045923][ C0] tick_sched_timer+0x383/0x550
[ 64.050784][ C0] ? tick_setup_sched_timer+0x2f0/0x2f0
[ 64.056357][ C0] __hrtimer_run_queues+0x562/0xd10
[ 64.061661][ C0] ? hrtimer_interrupt+0x980/0x980
[ 64.066773][ C0] ? ktime_get_update_offsets_now+0x40b/0x420
[ 64.072839][ C0] hrtimer_interrupt+0x396/0x980
[ 64.077890][ C0] __sysvec_apic_timer_interrupt+0x104/0x390
[ 64.083881][ C0] sysvec_apic_timer_interrupt+0x90/0xb0
[ 64.089531][ C0] </IRQ>
[ 64.092456][ C0] <TASK>
[ 64.095403][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 64.101390][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140
[ 64.107895][ C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 8e cf 17 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> d3 d8 90 f6 65 8b 05 34 88 34 75 85 c0 74 3f 48 c7 04 24 0e 36
[ 64.127583][ C0] RSP: 0018:ffffc90003a8f400 EFLAGS: 00000206
[ 64.133646][ C0] RAX: c4214fc231766900 RBX: 1ffff92000751e84 RCX: ffffffff8194091c
[ 64.141618][ C0] RDX: dffffc0000000000 RSI: ffffffff8b596140 RDI: 0000000000000001
[ 64.149604][ C0] RBP: ffffc90003a8f490 R08: ffffffff8e99ae2f R09: 1ffffffff1d335c5
[ 64.157587][ C0] R10: dffffc0000000000 R11: fffffbfff1d335c6 R12: dffffc0000000000
[ 64.165560][ C0] R13: 1ffff92000751e80 R14: ffffc90003a8f420 R15: 0000000000000246
[ 64.173540][ C0] ? trace_irq_enable+0x2c/0xf0
[ 64.178417][ C0] ? _raw_spin_unlock+0x40/0x40
[ 64.183312][ C0] ? __mod_zone_page_state+0xda/0x140
[ 64.188798][ C0] __rmqueue_pcplist+0x1e51/0x2170
[ 64.193951][ C0] ? zone_watermark_fast+0x240/0x240
[ 64.199251][ C0] get_page_from_freelist+0x780/0x3370
[ 64.204743][ C0] ? rcu_is_watching+0x15/0xb0
[ 64.209515][ C0] ? lock_release+0xbf/0x9d0
[ 64.214130][ C0] ? release_firmware_map_entry+0x190/0x190
[ 64.220038][ C0] ? __might_sleep+0xc0/0xc0
[ 64.224660][ C0] ? __alloc_pages+0x670/0x670
[ 64.229444][ C0] ? prepare_alloc_pages+0x1d9/0x5b0
[ 64.234738][ C0] __alloc_pages+0x255/0x670
[ 64.239337][ C0] ? zone_statistics+0x170/0x170
[ 64.244304][ C0] ? alloc_pages+0x510/0x780
[ 64.248897][ C0] __vmalloc_node_range+0x9a3/0x1490
[ 64.254198][ C0] ? free_vm_area+0x50/0x50
[ 64.258717][ C0] ? profile_init+0xee/0x130
[ 64.263328][ C0] ? sysfs_kf_read+0x310/0x310
[ 64.268220][ C0] vzalloc+0x79/0x90
[ 64.272215][ C0] ? profile_init+0xee/0x130
[ 64.276908][ C0] profile_init+0xee/0x130
[ 64.281342][ C0] profiling_store+0x5e/0xc0
[ 64.285961][ C0] kernfs_fop_write_iter+0x3a6/0x4f0
[ 64.291254][ C0] vfs_write+0x782/0xaf0
[ 64.295502][ C0] ? file_end_write+0x250/0x250
[ 64.300355][ C0] ? __asan_memset+0x23/0x40
[ 64.304955][ C0] ? __fdget_pos+0x2c7/0x340
[ 64.309550][ C0] ksys_write+0x1a0/0x2c0
[ 64.313884][ C0] ? __ia32_sys_read+0x90/0x90
[ 64.318920][ C0] ? rcu_is_watching+0x15/0xb0
[ 64.323696][ C0] ? syscall_enter_from_user_mode+0x8c/0x230
[ 64.329761][ C0] do_syscall_64+0x41/0xc0
[ 64.334195][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.340102][ C0] RIP: 0033:0x7effea2a5529
[ 64.344514][ C0] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 64.364670][ C0] RSP: 002b:00007ffe6916f368 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 64.373279][ C0] RAX: ffffffffffffffda RBX: 00007ffe6916f538 RCX: 00007effea2a5529
[ 64.381391][ C0] RDX: 0000000000000012 RSI: 0000000020000040 RDI: 0000000000000003
[ 64.389365][ C0] RBP: 00007effea318610 R08: 00007ffe6916f107 R09: 00007ffe6916f538
[ 64.397426][ C0] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001
[ 64.405393][ C0] R13: 00007ffe6916f528 R14: 0000000000000001 R15: 0000000000000001
[ 64.413387][ C0] </TASK>
[ 64.416434][ C0]
[ 64.418776][ C0] The buggy address belongs to stack of task syz-executor257/5027
[ 64.426595][ C0] and is located at offset 0 in frame:
[ 64.432191][ C0] _raw_spin_unlock_irqrestore+0x0/0x140
[ 64.437832][ C0]
[ 64.440167][ C0] This frame has 1 object:
[ 64.444588][ C0] [32, 40) 'flags.i.i.i.i'
[ 64.444600][ C0]
[ 64.451586][ C0] The buggy address belongs to the virtual mapping at
[ 64.451586][ C0] [ffffc90003a88000, ffffc90003a91000) created by:
[ 64.451586][ C0] copy_process+0x5c8/0x4290
[ 64.469211][ C0]
[ 64.471534][ C0] The buggy address belongs to the physical page:
[ 64.477940][ C0] page:ffffea0001f07800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c1e0
[ 64.488102][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 64.495220][ C0] page_type: 0xffffffff()
[ 64.499629][ C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 64.508294][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 64.516864][ C0] page dumped because: kasan: bad access detected
[ 64.523268][ C0] page_owner tracks the page as allocated
[ 64.528974][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5002, tgid 5002 (dhcpcd-run-hook), ts 55781161371, free_ts 55619161505
[ 64.548421][ C0] post_alloc_hook+0x1e6/0x210
[ 64.553189][ C0] get_page_from_freelist+0x31ec/0x3370
[ 64.558826][ C0] __alloc_pages+0x255/0x670
[ 64.563424][ C0] __vmalloc_node_range+0x9a3/0x1490
[ 64.568710][ C0] dup_task_struct+0x3e5/0x7d0
[ 64.573476][ C0] copy_process+0x5c8/0x4290
[ 64.578089][ C0] kernel_clone+0x22d/0x7b0
[ 64.582589][ C0] __x64_sys_clone+0x258/0x2a0
[ 64.587348][ C0] do_syscall_64+0x41/0xc0
[ 64.591774][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.597669][ C0] page last free stack trace:
[ 64.602336][ C0] free_unref_page_prepare+0x8c3/0x9f0
[ 64.607800][ C0] free_unref_page+0x37/0x3f0
[ 64.612561][ C0] pipe_read+0x6e6/0x1300
[ 64.616887][ C0] vfs_read+0x795/0xb00
[ 64.621107][ C0] ksys_read+0x1a0/0x2c0
[ 64.625389][ C0] do_syscall_64+0x41/0xc0
[ 64.629819][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.635721][ C0]
[ 64.638039][ C0] Memory state around the buggy address:
[ 64.643659][ C0] ffffc90003a8f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 64.651731][ C0] ffffc90003a8f380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 64.660085][ C0] >ffffc90003a8f400: f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00 00 00 00 00
[ 64.668162][ C0] ^
[ 64.672404][ C0] ffffc90003a8f480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 64.680471][ C0] ffffc90003a8f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 64.688527][ C0] ==================================================================
[ 64.696583][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 64.703793][ C0] CPU: 0 PID: 5027 Comm: syz-executor257 Not tainted 6.5.0-syzkaller-08894-gb97d64c72259 #0
[ 64.713852][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 64.723929][ C0] Call Trace:
[ 64.727315][ C0] <IRQ>
[ 64.730157][ C0] dump_stack_lvl+0x1e7/0x2d0
[ 64.734850][ C0] ? nf_tcp_handle_invalid+0x650/0x650
[ 64.740318][ C0] ? panic+0x770/0x770
[ 64.744482][ C0] ? rcu_is_watching+0x15/0xb0
[ 64.749265][ C0] ? lock_release+0xbf/0x9d0
[ 64.753890][ C0] ? vscnprintf+0x5d/0x80
[ 64.758221][ C0] panic+0x30f/0x770
[ 64.762117][ C0] ? vprintk_emit+0x10d/0x1f0
[ 64.766800][ C0] ? check_panic_on_warn+0x21/0xa0
[ 64.771935][ C0] ? __memcpy_flushcache+0x2b0/0x2b0
[ 64.777233][ C0] ? do_raw_spin_unlock+0x13b/0x8b0
[ 64.782461][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 64.788457][ C0] ? _raw_spin_unlock+0x40/0x40
[ 64.793333][ C0] check_panic_on_warn+0x82/0xa0
[ 64.798302][ C0] ? profile_pc+0xd3/0x150
[ 64.802815][ C0] end_report+0x6e/0x130
[ 64.807058][ C0] kasan_report+0x186/0x1b0
[ 64.811647][ C0] ? profile_pc+0xd3/0x150
[ 64.816066][ C0] ? _raw_spin_unlock_irqrestore+0xd8/0x140
[ 64.821959][ C0] profile_pc+0xd3/0x150
[ 64.826199][ C0] profile_tick+0xd8/0x130
[ 64.830707][ C0] tick_sched_timer+0x383/0x550
[ 64.835645][ C0] ? tick_setup_sched_timer+0x2f0/0x2f0
[ 64.841190][ C0] __hrtimer_run_queues+0x562/0xd10
[ 64.846406][ C0] ? hrtimer_interrupt+0x980/0x980
[ 64.851537][ C0] ? ktime_get_update_offsets_now+0x40b/0x420
[ 64.857602][ C0] hrtimer_interrupt+0x396/0x980
[ 64.862551][ C0] __sysvec_apic_timer_interrupt+0x104/0x390
[ 64.868541][ C0] sysvec_apic_timer_interrupt+0x90/0xb0
[ 64.874260][ C0] </IRQ>
[ 64.877190][ C0] <TASK>
[ 64.882050][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 64.888165][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140
[ 64.894761][ C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 8e cf 17 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> d3 d8 90 f6 65 8b 05 34 88 34 75 85 c0 74 3f 48 c7 04 24 0e 36
[ 64.914560][ C0] RSP: 0018:ffffc90003a8f400 EFLAGS: 00000206
[ 64.920629][ C0] RAX: c4214fc231766900 RBX: 1ffff92000751e84 RCX: ffffffff8194091c
[ 64.928601][ C0] RDX: dffffc0000000000 RSI: ffffffff8b596140 RDI: 0000000000000001
[ 64.936574][ C0] RBP: ffffc90003a8f490 R08: ffffffff8e99ae2f R09: 1ffffffff1d335c5
[ 64.944556][ C0] R10: dffffc0000000000 R11: fffffbfff1d335c6 R12: dffffc0000000000
[ 64.952538][ C0] R13: 1ffff92000751e80 R14: ffffc90003a8f420 R15: 0000000000000246
[ 64.960522][ C0] ? trace_irq_enable+0x2c/0xf0
[ 64.965406][ C0] ? _raw_spin_unlock+0x40/0x40
[ 64.970261][ C0] ? __mod_zone_page_state+0xda/0x140
[ 64.975637][ C0] __rmqueue_pcplist+0x1e51/0x2170
[ 64.980853][ C0] ? zone_watermark_fast+0x240/0x240
[ 64.986154][ C0] get_page_from_freelist+0x780/0x3370
[ 64.991619][ C0] ? rcu_is_watching+0x15/0xb0
[ 64.996409][ C0] ? lock_release+0xbf/0x9d0
[ 65.001003][ C0] ? release_firmware_map_entry+0x190/0x190
[ 65.006902][ C0] ? __might_sleep+0xc0/0xc0
[ 65.011503][ C0] ? __alloc_pages+0x670/0x670
[ 65.016268][ C0] ? prepare_alloc_pages+0x1d9/0x5b0
[ 65.021555][ C0] __alloc_pages+0x255/0x670
[ 65.026149][ C0] ? zone_statistics+0x170/0x170
[ 65.031095][ C0] ? alloc_pages+0x510/0x780
[ 65.035704][ C0] __vmalloc_node_range+0x9a3/0x1490
[ 65.041005][ C0] ? free_vm_area+0x50/0x50
[ 65.045510][ C0] ? profile_init+0xee/0x130
[ 65.050098][ C0] ? sysfs_kf_read+0x310/0x310
[ 65.054882][ C0] vzalloc+0x79/0x90
[ 65.058774][ C0] ? profile_init+0xee/0x130
[ 65.063364][ C0] profile_init+0xee/0x130
[ 65.067791][ C0] profiling_store+0x5e/0xc0
[ 65.072385][ C0] kernfs_fop_write_iter+0x3a6/0x4f0
[ 65.077670][ C0] vfs_write+0x782/0xaf0
[ 65.081914][ C0] ? file_end_write+0x250/0x250
[ 65.086783][ C0] ? __asan_memset+0x23/0x40
[ 65.091379][ C0] ? __fdget_pos+0x2c7/0x340
[ 65.095973][ C0] ksys_write+0x1a0/0x2c0
[ 65.100313][ C0] ? __ia32_sys_read+0x90/0x90
[ 65.105089][ C0] ? rcu_is_watching+0x15/0xb0
[ 65.109863][ C0] ? syscall_enter_from_user_mode+0x8c/0x230
[ 65.116287][ C0] do_syscall_64+0x41/0xc0
[ 65.120715][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.126624][ C0] RIP: 0033:0x7effea2a5529
[ 65.131035][ C0] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 65.150637][ C0] RSP: 002b:00007ffe6916f368 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 65.159048][ C0] RAX: ffffffffffffffda RBX: 00007ffe6916f538 RCX: 00007effea2a5529
[ 65.167549][ C0] RDX: 0000000000000012 RSI: 0000000020000040 RDI: 0000000000000003
[ 65.175536][ C0] RBP: 00007effea318610 R08: 00007ffe6916f107 R09: 00007ffe6916f538
[ 65.183513][ C0] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001
[ 65.191490][ C0] R13: 00007ffe6916f528 R14: 0000000000000001 R15: 0000000000000001
[ 65.199471][ C0] </TASK>
[ 65.202773][ C0] Kernel Offset: disabled
[ 65.207102][ C0] Rebooting in 86400 seconds..