./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1937588626 <...> Warning: Permanently added '10.128.0.162' (ED25519) to the list of known hosts. execve("./syz-executor1937588626", ["./syz-executor1937588626"], 0x7fffd595be30 /* 10 vars */) = 0 brk(NULL) = 0x55558c6b6000 brk(0x55558c6b6d00) = 0x55558c6b6d00 arch_prctl(ARCH_SET_FS, 0x55558c6b6380) = 0 set_tid_address(0x55558c6b6650) = 5832 set_robust_list(0x55558c6b6660, 24) = 0 rseq(0x55558c6b6ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1937588626", 4096) = 28 getrandom("\x3f\x07\x93\xdd\xdf\xe6\x2f\x77", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558c6b6d00 brk(0x55558c6d7d00) = 0x55558c6d7d00 brk(0x55558c6d8000) = 0x55558c6d8000 mprotect(0x7f821f446000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5833 attached [pid 5833] set_robust_list(0x55558c6b6660, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55558c6b6650) = 5833 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] setpgid(0, 0) = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1000", 4) = 4 [pid 5833] close(3) = 0 [pid 5833] write(1, "executing program\n", 18executing program ) = 18 [ 59.672310][ T5833] ================================================================== [ 59.680390][ T5833] BUG: KASAN: slab-out-of-bounds in atomic_ptr_type_ok+0x3d7/0x550 [ 59.688289][ T5833] Read of size 4 at addr ffff8881446af690 by task syz-executor193/5833 [ 59.696509][ T5833] [ 59.698825][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: syz-executor193 Not tainted 6.14.0-rc3-syzkaller-gf28214603dc6 #0 [ 59.698836][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 59.698848][ T5833] Call Trace: [ 59.698855][ T5833] [ 59.698860][ T5833] dump_stack_lvl+0x241/0x360 [ 59.698874][ T5833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.698884][ T5833] ? __pfx__printk+0x10/0x10 [ 59.698893][ T5833] ? _printk+0xd5/0x120 [ 59.698901][ T5833] ? __virt_addr_valid+0x183/0x530 [ 59.698910][ T5833] ? __virt_addr_valid+0x183/0x530 [ 59.698918][ T5833] print_report+0x16e/0x5b0 [ 59.698931][ T5833] ? __virt_addr_valid+0x183/0x530 [ 59.698939][ T5833] ? __virt_addr_valid+0x183/0x530 [ 59.698947][ T5833] ? __virt_addr_valid+0x45f/0x530 [ 59.698956][ T5833] ? __phys_addr+0xba/0x170 [ 59.698970][ T5833] ? atomic_ptr_type_ok+0x3d7/0x550 [ 59.698980][ T5833] kasan_report+0x143/0x180 [ 59.698993][ T5833] ? atomic_ptr_type_ok+0x3d7/0x550 [ 59.699003][ T5833] atomic_ptr_type_ok+0x3d7/0x550 [ 59.699013][ T5833] do_check+0x89dd/0xedd0 [ 59.699029][ T5833] ? __kasan_kmalloc+0x98/0xb0 [ 59.699040][ T5833] ? bpf_prog_load+0x1664/0x20e0 [ 59.699053][ T5833] ? __sys_bpf+0x4ea/0x820 [ 59.699072][ T5833] ? __pfx_do_check+0x10/0x10 [ 59.699084][ T5833] ? __pfx_verbose+0x10/0x10 [ 59.699094][ T5833] ? __pfx_disasm_kfunc_name+0x10/0x10 [ 59.699112][ T5833] ? __asan_memset+0x23/0x50 [ 59.699122][ T5833] do_check_common+0x1678/0x2080 [ 59.699138][ T5833] bpf_check+0x165c8/0x1cca0 [ 59.699150][ T5833] ? post_alloc_hook+0x207/0x240 [ 59.699159][ T5833] ? __pfx_validate_chain+0x10/0x10 [ 59.699170][ T5833] ? get_page_from_freelist+0x3a8c/0x3c20 [ 59.699186][ T5833] ? validate_chain+0x11e/0x5920 [ 59.699196][ T5833] ? validate_chain+0x11e/0x5920 [ 59.699205][ T5833] ? mark_lock+0x9a/0x360 [ 59.699215][ T5833] ? validate_chain+0x11e/0x5920 [ 59.699225][ T5833] ? validate_chain+0x11e/0x5920 [ 59.699234][ T5833] ? __pfx_validate_chain+0x10/0x10 [ 59.699245][ T5833] ? validate_chain+0x11e/0x5920 [ 59.699254][ T5833] ? validate_chain+0x11e/0x5920 [ 59.699265][ T5833] ? validate_chain+0x11e/0x5920 [ 59.699276][ T5833] ? __pfx_validate_chain+0x10/0x10 [ 59.699287][ T5833] ? __pfx_validate_chain+0x10/0x10 [ 59.699298][ T5833] ? mark_lock+0x9a/0x360 [ 59.699307][ T5833] ? __pfx_bpf_check+0x10/0x10 [ 59.699316][ T5833] ? mark_lock+0x9a/0x360 [ 59.699325][ T5833] ? mark_lock+0x9a/0x360 [ 59.699334][ T5833] ? __lock_acquire+0x1397/0x2100 [ 59.699352][ T5833] ? __pfx_lock_acquire+0x10/0x10 [ 59.699366][ T5833] ? ktime_get_with_offset+0x8d/0x2a0 [ 59.699378][ T5833] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 59.699392][ T5833] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.699406][ T5833] ? ktime_get_with_offset+0x8d/0x2a0 [ 59.699417][ T5833] ? seqcount_lockdep_reader_access+0x157/0x220 [ 59.699428][ T5833] ? lockdep_hardirqs_on+0x99/0x150 [ 59.699444][ T5833] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 59.699456][ T5833] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 59.699469][ T5833] ? __check_object_size+0x8e/0x730 [ 59.699483][ T5833] ? __asan_memset+0x23/0x50 [ 59.699492][ T5833] ? bpf_obj_name_cpy+0x18a/0x1d0 [ 59.699502][ T5833] bpf_prog_load+0x1664/0x20e0 [ 59.699518][ T5833] ? __pfx_bpf_prog_load+0x10/0x10 [ 59.699531][ T5833] ? __pfx___might_resched+0x10/0x10 [ 59.699546][ T5833] ? __might_fault+0xaa/0x120 [ 59.699557][ T5833] __sys_bpf+0x4ea/0x820 [ 59.699569][ T5833] ? __pfx___sys_bpf+0x10/0x10 [ 59.699585][ T5833] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.699598][ T5833] ? exc_page_fault+0x590/0x8b0 [ 59.699611][ T5833] __x64_sys_bpf+0x7c/0x90 [ 59.699622][ T5833] do_syscall_64+0xf3/0x230 [ 59.699636][ T5833] ? clear_bhb_loop+0x35/0x90 [ 59.699650][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.699663][ T5833] RIP: 0033:0x7f821f3d3ab9 [ 59.699677][ T5833] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.699684][ T5833] RSP: 002b:00007ffe8db6fee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 59.699696][ T5833] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f821f3d3ab9 [ 59.699702][ T5833] RDX: 0000000000000094 RSI: 00004000000009c0 RDI: 0000000000000005 [ 59.699708][ T5833] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000006 [ 59.699713][ T5833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.699719][ T5833] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 59.699727][ T5833] [ 59.699731][ T5833] [ 60.141799][ T5833] Allocated by task 5833: [ 60.146106][ T5833] kasan_save_track+0x3f/0x80 [ 60.150764][ T5833] __kasan_kmalloc+0x98/0xb0 [ 60.155422][ T5833] __kmalloc_cache_noprof+0x243/0x390 [ 60.160777][ T5833] do_check_common+0x1ec/0x2080 [ 60.165634][ T5833] bpf_check+0x165c8/0x1cca0 [ 60.170201][ T5833] bpf_prog_load+0x1664/0x20e0 [ 60.174947][ T5833] __sys_bpf+0x4ea/0x820 [ 60.179172][ T5833] __x64_sys_bpf+0x7c/0x90 [ 60.183568][ T5833] do_syscall_64+0xf3/0x230 [ 60.188069][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.193943][ T5833] [ 60.196252][ T5833] The buggy address belongs to the object at ffff8881446af000 [ 60.196252][ T5833] which belongs to the cache kmalloc-2k of size 2048 [ 60.210285][ T5833] The buggy address is located 312 bytes to the right of [ 60.210285][ T5833] allocated 1368-byte region [ffff8881446af000, ffff8881446af558) [ 60.225013][ T5833] [ 60.227320][ T5833] The buggy address belongs to the physical page: [ 60.233724][ T5833] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1446a8 [ 60.242555][ T5833] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 60.251032][ T5833] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 60.258664][ T5833] page_type: f5(slab) [ 60.262622][ T5833] raw: 057ff00000000040 ffff88801b042000 dead000000000100 dead000000000122 [ 60.271181][ T5833] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 60.279743][ T5833] head: 057ff00000000040 ffff88801b042000 dead000000000100 dead000000000122 [ 60.288394][ T5833] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 60.297042][ T5833] head: 057ff00000000003 ffffea000511aa01 ffffffffffffffff 0000000000000000 [ 60.305692][ T5833] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 60.314334][ T5833] page dumped because: kasan: bad access detected [ 60.320728][ T5833] page_owner tracks the page as allocated [ 60.326429][ T5833] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 3079247164, free_ts 0 [ 60.346036][ T5833] post_alloc_hook+0x1f4/0x240 [ 60.350786][ T5833] get_page_from_freelist+0x3a8c/0x3c20 [ 60.356313][ T5833] __alloc_frozen_pages_noprof+0x264/0x580 [ 60.362101][ T5833] alloc_pages_mpol+0x311/0x660 [ 60.366947][ T5833] allocate_slab+0x8f/0x3a0 [ 60.371432][ T5833] ___slab_alloc+0xc27/0x14a0 [ 60.376098][ T5833] __slab_alloc+0x58/0xa0 [ 60.380407][ T5833] __kmalloc_cache_noprof+0x27b/0x390 [ 60.385760][ T5833] wakeup_source_sysfs_add+0x55/0x270 [ 60.391140][ T5833] wakeup_source_register+0x171/0x250 [ 60.396496][ T5833] acpi_add_pm_notifier+0x168/0x260 [ 60.401676][ T5833] pci_acpi_setup+0x43e/0x9e0 [ 60.406336][ T5833] acpi_device_notify+0x1ee/0x390 [ 60.411342][ T5833] device_add+0x50b/0xbf0 [ 60.415645][ T5833] pci_device_add+0xe85/0x16e0 [ 60.420386][ T5833] pci_scan_single_device+0x460/0x5a0 [ 60.425735][ T5833] page_owner free stack trace missing [ 60.431080][ T5833] [ 60.433390][ T5833] Memory state around the buggy address: [ 60.439009][ T5833] ffff8881446af580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.447047][ T5833] ffff8881446af600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.455085][ T5833] >ffff8881446af680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.463123][ T5833] ^ [ 60.467691][ T5833] ffff8881446af700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.475729][ T5833] ffff8881446af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.483766][ T5833] ================================================================== [ 60.492636][ T5833] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 60.499848][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: syz-executor193 Not tainted 6.14.0-rc3-syzkaller-gf28214603dc6 #0 [ 60.510435][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 60.520488][ T5833] Call Trace: [ 60.523760][ T5833] [ 60.526676][ T5833] dump_stack_lvl+0x241/0x360 [ 60.531347][ T5833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 60.536529][ T5833] ? __pfx__printk+0x10/0x10 [ 60.541106][ T5833] ? preempt_schedule+0xe1/0xf0 [ 60.545953][ T5833] ? vscnprintf+0x5d/0x90 [ 60.550268][ T5833] panic+0x349/0x880 [ 60.554149][ T5833] ? check_panic_on_warn+0x21/0xb0 [ 60.559250][ T5833] ? __pfx_panic+0x10/0x10 [ 60.563653][ T5833] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 60.569620][ T5833] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 60.575934][ T5833] ? print_report+0x519/0x5b0 [ 60.580599][ T5833] check_panic_on_warn+0x86/0xb0 [ 60.585533][ T5833] ? atomic_ptr_type_ok+0x3d7/0x550 [ 60.590716][ T5833] end_report+0x77/0x160 [ 60.594947][ T5833] kasan_report+0x154/0x180 [ 60.599435][ T5833] ? atomic_ptr_type_ok+0x3d7/0x550 [ 60.604617][ T5833] atomic_ptr_type_ok+0x3d7/0x550 [ 60.609622][ T5833] do_check+0x89dd/0xedd0 [ 60.614034][ T5833] ? __kasan_kmalloc+0x98/0xb0 [ 60.618784][ T5833] ? bpf_prog_load+0x1664/0x20e0 [ 60.623717][ T5833] ? __sys_bpf+0x4ea/0x820 [ 60.628131][ T5833] ? __pfx_do_check+0x10/0x10 [ 60.632796][ T5833] ? __pfx_verbose+0x10/0x10 [ 60.637373][ T5833] ? __pfx_disasm_kfunc_name+0x10/0x10 [ 60.642823][ T5833] ? __asan_memset+0x23/0x50 [ 60.647417][ T5833] do_check_common+0x1678/0x2080 [ 60.652450][ T5833] bpf_check+0x165c8/0x1cca0 [ 60.657081][ T5833] ? post_alloc_hook+0x207/0x240 [ 60.662026][ T5833] ? __pfx_validate_chain+0x10/0x10 [ 60.667221][ T5833] ? get_page_from_freelist+0x3a8c/0x3c20 [ 60.673024][ T5833] ? validate_chain+0x11e/0x5920 [ 60.677951][ T5833] ? validate_chain+0x11e/0x5920 [ 60.682874][ T5833] ? mark_lock+0x9a/0x360 [ 60.687206][ T5833] ? validate_chain+0x11e/0x5920 [ 60.692140][ T5833] ? validate_chain+0x11e/0x5920 [ 60.697077][ T5833] ? __pfx_validate_chain+0x10/0x10 [ 60.702270][ T5833] ? validate_chain+0x11e/0x5920 [ 60.707225][ T5833] ? validate_chain+0x11e/0x5920 [ 60.712152][ T5833] ? validate_chain+0x11e/0x5920 [ 60.717092][ T5833] ? __pfx_validate_chain+0x10/0x10 [ 60.722286][ T5833] ? __pfx_validate_chain+0x10/0x10 [ 60.727484][ T5833] ? mark_lock+0x9a/0x360 [ 60.731802][ T5833] ? __pfx_bpf_check+0x10/0x10 [ 60.736566][ T5833] ? mark_lock+0x9a/0x360 [ 60.740891][ T5833] ? mark_lock+0x9a/0x360 [ 60.745210][ T5833] ? __lock_acquire+0x1397/0x2100 [ 60.750247][ T5833] ? __pfx_lock_acquire+0x10/0x10 [ 60.755264][ T5833] ? ktime_get_with_offset+0x8d/0x2a0 [ 60.760632][ T5833] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 60.766609][ T5833] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 60.772934][ T5833] ? ktime_get_with_offset+0x8d/0x2a0 [ 60.778451][ T5833] ? seqcount_lockdep_reader_access+0x157/0x220 [ 60.784696][ T5833] ? lockdep_hardirqs_on+0x99/0x150 [ 60.789890][ T5833] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 60.796126][ T5833] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 60.802707][ T5833] ? __check_object_size+0x8e/0x730 [ 60.807897][ T5833] ? __asan_memset+0x23/0x50 [ 60.812473][ T5833] ? bpf_obj_name_cpy+0x18a/0x1d0 [ 60.817485][ T5833] bpf_prog_load+0x1664/0x20e0 [ 60.822247][ T5833] ? __pfx_bpf_prog_load+0x10/0x10 [ 60.827351][ T5833] ? __pfx___might_resched+0x10/0x10 [ 60.832629][ T5833] ? __might_fault+0xaa/0x120 [ 60.837307][ T5833] __sys_bpf+0x4ea/0x820 [ 60.841556][ T5833] ? __pfx___sys_bpf+0x10/0x10 [ 60.846324][ T5833] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 60.852663][ T5833] ? exc_page_fault+0x590/0x8b0 [ 60.857510][ T5833] __x64_sys_bpf+0x7c/0x90 [ 60.861918][ T5833] do_syscall_64+0xf3/0x230 [ 60.866498][ T5833] ? clear_bhb_loop+0x35/0x90 [ 60.871173][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.877061][ T5833] RIP: 0033:0x7f821f3d3ab9 [ 60.881466][ T5833] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.901071][ T5833] RSP: 002b:00007ffe8db6fee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 60.909486][ T5833] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f821f3d3ab9 [ 60.917448][ T5833] RDX: 0000000000000094 RSI: 00004000000009c0 RDI: 0000000000000005 [ 60.925407][ T5833] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000006 [ 60.933366][ T5833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.941337][ T5833] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 60.949297][ T5833] [ 60.952526][ T5833] Kernel Offset: disabled [ 60.956850][ T5833] Rebooting in 86400 seconds..