syzbot

==================================================================
BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 arch/x86/kernel/time.c:42
Read of size 8 at addr ffff8881dbb57660 by task syz-executor690/356

CPU: 0 PID: 356 Comm: syz-executor690 Not tainted 5.4.268-syzkaller-00012-g51cf29fc2bfc #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d8/0x241 lib/dump_stack.c:118
 print_address_description+0x8c/0x600 mm/kasan/report.c:384
 __kasan_report+0xf3/0x120 mm/kasan/report.c:516
 kasan_report+0x30/0x60 mm/kasan/common.c:653
 profile_pc+0xa4/0xe0 arch/x86/kernel/time.c:42
 profile_tick+0xb9/0x100 kernel/profile.c:416
 tick_sched_handle kernel/time/tick-sched.c:206 [inline]
 tick_sched_timer+0x237/0x3c0 kernel/time/tick-sched.c:1342
 __run_hrtimer kernel/time/hrtimer.c:1581 [inline]
 __hrtimer_run_queues+0x3e9/0xb90 kernel/time/hrtimer.c:1643
 hrtimer_interrupt+0x38a/0x890 kernel/time/hrtimer.c:1705
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1122 [inline]
 smp_apic_timer_interrupt+0x110/0x460 arch/x86/kernel/apic/apic.c:1147
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:834
 </IRQ>

The buggy address belongs to the page:
page:ffffea00076ed5c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0x8000000000000000()
raw: 8000000000000000 ffffea00076ed5c8 ffffea00076ed5c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:2165 [inline]
 prep_new_page+0x18f/0x370 mm/page_alloc.c:2171
 get_page_from_freelist+0x2d13/0x2d90 mm/page_alloc.c:3794
 __alloc_pages_nodemask+0x393/0x840 mm/page_alloc.c:4891
 __alloc_pages include/linux/gfp.h:503 [inline]
 __alloc_pages_node include/linux/gfp.h:516 [inline]
 alloc_pages_node include/linux/gfp.h:530 [inline]
 alloc_thread_stack_node kernel/fork.c:259 [inline]
 dup_task_struct+0x85/0x600 kernel/fork.c:886
 copy_process+0x56d/0x3230 kernel/fork.c:1889
 _do_fork+0x197/0x900 kernel/fork.c:2399
 __do_sys_clone kernel/fork.c:2557 [inline]
 __se_sys_clone kernel/fork.c:2538 [inline]
 __x64_sys_clone+0x26b/0x2c0 kernel/fork.c:2538
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1176 [inline]
 __free_pages_ok+0x847/0x950 mm/page_alloc.c:1438
 free_the_page mm/page_alloc.c:4953 [inline]
 __free_pages+0x91/0x140 mm/page_alloc.c:4959
 free_thread_stack kernel/fork.c:299 [inline]
 release_task_stack kernel/fork.c:439 [inline]
 put_task_stack+0x212/0x260 kernel/fork.c:450
 finish_task_switch+0x24a/0x590 kernel/sched/core.c:3479
 context_switch kernel/sched/core.c:3611 [inline]
 __schedule+0xb0d/0x1320 kernel/sched/core.c:4307
 schedule_idle+0x50/0x80 kernel/sched/core.c:4403
 do_idle+0x609/0x660 kernel/sched/idle.c:288
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:356
 start_secondary+0x3a5/0x460 arch/x86/kernel/smpboot.c:277
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241

addr ffff8881dbb57660 is located in stack of task syz-executor690/356 at offset 0 in frame:
 _raw_spin_lock+0x0/0x1b0

this frame has 1 object:
 [32, 36) 'val.i.i.i'

Memory state around the buggy address:
 ffff8881dbb57500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881dbb57580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8881dbb57600: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
                                                       ^
 ffff8881dbb57680: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881dbb57700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================