./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor706238121

<...>
Warning: Permanently added '10.128.1.189' (ECDSA) to the list of known hosts.
execve("./syz-executor706238121", ["./syz-executor706238121"], 0x7ffd425c9230 /* 10 vars */) = 0
brk(NULL)                               = 0x555556094000
brk(0x555556094c40)                     = 0x555556094c40
arch_prctl(ARCH_SET_FS, 0x555556094300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor706238121", 4096) = 27
brk(0x5555560b5c40)                     = 0x5555560b5c40
brk(0x5555560b6000)                     = 0x5555560b6000
mprotect(0x7f55cf53b000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4998 attached
, child_tidptr=0x5555560945d0) = 4998
[pid  4998] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  4998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4998] setsid()                    = 1
[pid  4998] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  4998] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  4998] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  4998] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  4998] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  4998] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  4998] unshare(CLONE_NEWNS)        = 0
[pid  4998] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  4998] unshare(CLONE_NEWIPC)       = 0
[pid  4998] unshare(CLONE_NEWCGROUP)    = 0
[pid  4998] unshare(CLONE_NEWUTS)       = 0
[pid  4998] unshare(CLONE_SYSVSEM)      = 0
[pid  4998] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  4998] write(3, "16777216", 8)     = 8
[pid  4998] close(3)                    = 0
[pid  4998] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  4998] write(3, "536870912", 9)    = 9
[pid  4998] close(3)                    = 0
[pid  4998] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  4998] write(3, "1024", 4)         = 4
[pid  4998] close(3)                    = 0
[pid  4998] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  4998] write(3, "8192", 4)         = 4
[pid  4998] close(3)                    = 0
[pid  4998] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  4998] write(3, "1024", 4)         = 4
[pid  4998] close(3)                    = 0
[pid  4998] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  4998] write(3, "1024", 4)         = 4
[pid  4998] close(3)                    = 0
[pid  4998] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  4998] write(3, "1024 1048576 500 1024", 21) = 21
[pid  4998] close(3)                    = 0
[pid  4998] getpid()                    = 1
[pid  4998] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  4998] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  4998] unshare(CLONE_NEWNET)       = 0
[pid  4998] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  4998] write(3, "0 65535", 7)      = 7
[pid  4998] close(3)                    = 0
[pid  4998] mkdir("/dev/binderfs", 0777) = 0
[pid  4998] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  4998] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4998] memfd_create("syzkaller", 0) = 3
[pid  4998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c7080000
[pid  4998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid  4998] munmap(0x7f55c7080000, 1048576) = 0
[pid  4998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4998] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4998] close(3)                    = 0
[pid  4998] mkdir("./file0", 0777)      = 0
[pid  4998] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_NODIRATIME, "") = 0
[pid  4998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4998] chdir("./file0")            = 0
[pid  4998] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4998] close(4)                    = 0
[pid  4998] openat(AT_FDCWD, ".", O_RDONLY) = 4
[pid  4998] mkdirat(4, "./bus", 000)    = 0
[pid  4998] renameat2(4, "./file0", 4, "./bus", 0) = 0
[pid  4998] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid  4998] fcntl(5, F_SETFL, O_RDONLY|O_NOFOLLOW|O_DIRECTORY) = 0
[pid  4998] dup(5)                      = 6
[pid  4998] pwritev2(6, [{iov_base="\xda\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=131072}], 1, 16777216, 0) = 131072
[   41.124661][ T4998] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4998 'syz-executor706'
[   41.143149][ T4998] loop0: detected capacity change from 0 to 2048
[   41.157665][ T5000] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid  4998] sendfile(6, 5, NULL, 142606240) = 16908288
[pid  4998] exit_group(1)               = ?
[   42.173263][ T4998] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer
[   47.215899][    C1] ==================================================================
[   47.223991][    C1] BUG: KASAN: slab-use-after-free in __lock_acquire+0x3ffd/0x5df0
[   47.231805][    C1] Read of size 8 at addr ffff88801578e340 by task swapper/1/0
[   47.239288][    C1] 
[   47.241588][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.4.0-rc1-syzkaller-00071-g105131df9c3b #0
[   47.251198][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   47.261232][    C1] Call Trace:
[   47.264485][    C1]  <IRQ>
[   47.267304][    C1]  dump_stack_lvl+0xd9/0x150
[   47.271880][    C1]  print_address_description.constprop.0+0x2c/0x3c0
[   47.278448][    C1]  ? __lock_acquire+0x3ffd/0x5df0
[   47.283449][    C1]  kasan_report+0x11c/0x130
[   47.287944][    C1]  ? __lock_acquire+0x3ffd/0x5df0
[   47.292944][    C1]  __lock_acquire+0x3ffd/0x5df0
[   47.297774][    C1]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   47.303732][    C1]  ? lockdep_unlock+0x11b/0x290
[   47.308642][    C1]  ? __lock_acquire+0x280a/0x5df0
[   47.313644][    C1]  lock_acquire+0x1b1/0x520
[   47.318127][    C1]  ? try_to_wake_up+0xab/0x1c40
[   47.322950][    C1]  ? lock_sync+0x190/0x190
[   47.327341][    C1]  ? __lock_acquire+0x1916/0x5df0
[   47.332346][    C1]  ? _raw_spin_lock_irqsave+0x52/0x60
[   47.337695][    C1]  _raw_spin_lock_irqsave+0x3d/0x60
[   47.342872][    C1]  ? try_to_wake_up+0xab/0x1c40
[   47.347697][    C1]  try_to_wake_up+0xab/0x1c40
[   47.352348][    C1]  ? lock_sync+0x190/0x190
[   47.356739][    C1]  ? lock_downgrade+0x690/0x690
[   47.361564][    C1]  ? sched_ttwu_pending+0x550/0x550
[   47.366732][    C1]  ? nilfs_segctor_zeropad_segsum+0x180/0x180
[   47.372768][    C1]  call_timer_fn+0x1a0/0x580
[   47.377335][    C1]  ? msleep_interruptible+0x180/0x180
[   47.382680][    C1]  ? lock_downgrade+0x690/0x690
[   47.387527][    C1]  ? spin_bug+0x1c0/0x1c0
[   47.391846][    C1]  ? nilfs_segctor_zeropad_segsum+0x180/0x180
[   47.397886][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[   47.403061][    C1]  ? nilfs_segctor_zeropad_segsum+0x180/0x180
[   47.409101][    C1]  ? nilfs_segctor_zeropad_segsum+0x180/0x180
[   47.415136][    C1]  expire_timers+0x29b/0x4b0
[   47.419704][    C1]  run_timer_softirq+0x326/0x910
[   47.424629][    C1]  ? expire_timers+0x4b0/0x4b0
[   47.429367][    C1]  ? kvm_clock_read+0x14/0x30
[   47.434022][    C1]  ? kvm_sched_clock_read+0x9/0x20
[   47.439107][    C1]  ? sched_clock_cpu+0x6d/0x4d0
[   47.443935][    C1]  __do_softirq+0x1d4/0x905
[   47.448417][    C1]  __irq_exit_rcu+0x114/0x190
[   47.453070][    C1]  irq_exit_rcu+0x9/0x20
[   47.457299][    C1]  sysvec_apic_timer_interrupt+0x97/0xc0
[   47.462918][    C1]  </IRQ>
[   47.465834][    C1]  <TASK>
[   47.468754][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   47.474727][    C1] RIP: 0010:acpi_safe_halt+0x40/0x50
[   47.480007][    C1] Code: eb 03 83 e3 01 89 de 0f 1f 44 00 00 84 db 75 1b 0f 1f 44 00 00 eb 0c 0f 1f 44 00 00 0f 00 2d 37 ad a2 00 0f 1f 44 00 00 fb f4 <fa> 5b c3 cc 0f 1f 00 66 0f 1f 84 00 00 00 00 00 55 48 89 fd 53 0f
[   47.499600][    C1] RSP: 0018:ffffc90000177d18 EFLAGS: 00000246
[   47.505656][    C1] RAX: ffff888016279dc0 RBX: 0000000000000000 RCX: ffffffff8a0f5735
[   47.513639][    C1] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[   47.521617][    C1] RBP: ffff8880142cd064 R08: 0000000000000001 R09: ffff8880b9936ceb
[   47.529577][    C1] R10: ffffed1017326d9d R11: 0000000000000000 R12: 0000000000000001
[   47.537530][    C1] R13: ffff8880142cd000 R14: ffff8880142cd064 R15: 0000000000000000
[   47.545491][    C1]  ? ct_kernel_exit+0x1d5/0x240
[   47.550337][    C1]  acpi_idle_do_entry+0x53/0x70
[   47.555181][    C1]  acpi_idle_enter+0x173/0x290
[   47.559933][    C1]  ? cpuidle_enter+0x4e/0xa0
[   47.564515][    C1]  cpuidle_enter_state+0xd3/0x6f0
[   47.569536][    C1]  cpuidle_enter+0x4e/0xa0
[   47.573943][    C1]  do_idle+0x2fe/0x3c0
[   47.578005][    C1]  ? arch_cpu_idle_exit+0x30/0x30
[   47.583020][    C1]  ? _raw_spin_unlock_irq+0x1/0x50
[   47.588123][    C1]  ? lockdep_hardirqs_on+0x7d/0x100
[   47.593313][    C1]  cpu_startup_entry+0x18/0x20
[   47.598068][    C1]  start_secondary+0x221/0x2b0
[   47.602819][    C1]  ? set_cpu_sibling_map+0x1fb0/0x1fb0
[   47.608276][    C1]  secondary_startup_64_no_verify+0xf4/0xfb
[   47.614260][    C1]  </TASK>
[   47.617263][    C1] 
[   47.619566][    C1] Allocated by task 2:
[   47.623610][    C1]  kasan_save_stack+0x22/0x40
[   47.628278][    C1]  kasan_set_track+0x25/0x30
[   47.632858][    C1]  __kasan_slab_alloc+0x7f/0x90
[   47.637697][    C1]  kmem_cache_alloc_node+0x185/0x3e0
[   47.642969][    C1]  copy_process+0x3c0/0x7600
[   47.647550][    C1]  kernel_clone+0xeb/0x890
[   47.651951][    C1]  kernel_thread+0xc0/0x100
[   47.656442][    C1]  kthreadd+0x50c/0x790
[   47.660586][    C1]  ret_from_fork+0x1f/0x30
[   47.664989][    C1] 
[   47.667291][    C1] Freed by task 0:
[   47.671070][    C1]  kasan_save_stack+0x22/0x40
[   47.675733][    C1]  kasan_set_track+0x25/0x30
[   47.680312][    C1]  kasan_save_free_info+0x2e/0x40
[   47.685319][    C1]  ____kasan_slab_free+0x160/0x1c0
[   47.690423][    C1]  slab_free_freelist_hook+0x8b/0x1c0
[   47.695783][    C1]  kmem_cache_free+0xe9/0x480
[   47.700453][    C1]  delayed_put_task_struct+0x1f5/0x280
[   47.705897][    C1]  rcu_core+0x806/0x1ad0
[   47.710123][    C1]  __do_softirq+0x1d4/0x905
[   47.714613][    C1] 
[   47.716918][    C1] Last potentially related work creation:
[   47.722608][    C1]  kasan_save_stack+0x22/0x40
[   47.727273][    C1]  __kasan_record_aux_stack+0xbc/0xd0
[   47.732625][    C1]  __call_rcu_common.constprop.0+0x99/0x7e0
[   47.738506][    C1]  put_task_struct_rcu_user+0x87/0xc0
[   47.743862][    C1]  __schedule+0xca2/0x5880
[   47.748263][    C1]  schedule_idle+0x5b/0x80
[   47.752664][    C1]  do_idle+0x273/0x3c0
[   47.756727][    C1]  cpu_startup_entry+0x18/0x20
[   47.761578][    C1]  rest_init+0x16f/0x2b0
[   47.765813][    C1]  arch_call_rest_init+0x13/0x30
[   47.770738][    C1]  start_kernel+0x3b6/0x490
[   47.775225][    C1]  x86_64_start_reservations+0x18/0x30
[   47.780680][    C1]  x86_64_start_kernel+0xb3/0xc0
[   47.785607][    C1]  secondary_startup_64_no_verify+0xf4/0xfb
[   47.791517][    C1] 
[   47.793819][    C1] Second to last potentially related work creation:
[   47.800380][    C1]  kasan_save_stack+0x22/0x40
[   47.805045][    C1]  __kasan_record_aux_stack+0xbc/0xd0
[   47.810399][    C1]  __call_rcu_common.constprop.0+0x99/0x7e0
[   47.816278][    C1]  put_task_struct_rcu_user+0x87/0xc0
[   47.821633][    C1]  release_task+0xcc8/0x1870
[   47.826205][    C1]  wait_consider_task+0x306d/0x3ce0
[   47.831388][    C1]  do_wait+0x799/0xc30
[   47.835440][    C1]  kernel_wait4+0x150/0x260
[   47.839936][    C1]  __do_sys_wait4+0x13f/0x150
[   47.844613][    C1]  do_syscall_64+0x39/0xb0
[   47.849019][    C1]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   47.854903][    C1] 
[   47.857206][    C1] The buggy address belongs to the object at ffff88801578d940
[   47.857206][    C1]  which belongs to the cache task_struct of size 7360
[   47.871327][    C1] The buggy address is located 2560 bytes inside of
[   47.871327][    C1]  freed 7360-byte region [ffff88801578d940, ffff88801578f600)
[   47.885275][    C1] 
[   47.887580][    C1] The buggy address belongs to the physical page:
[   47.893969][    C1] page:ffffea000055e200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15788
[   47.904100][    C1] head:ffffea000055e200 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   47.913009][    C1] ksm flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   47.921317][    C1] page_type: 0xffffffff()
[   47.925631][    C1] raw: 00fff00000010200 ffff888140006500 ffffea0000904a00 dead000000000003
[   47.934199][    C1] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[   47.942762][    C1] page dumped because: kasan: bad access detected
[   47.949156][    C1] page_owner tracks the page as allocated
[   47.954851][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2, tgid 2 (kthreadd), ts 4845789470, free_ts 0
[   47.974369][    C1]  post_alloc_hook+0x2db/0x350
[   47.979134][    C1]  get_page_from_freelist+0xf41/0x2c00
[   47.984586][    C1]  __alloc_pages+0x1cb/0x4a0
[   47.989252][    C1]  alloc_pages+0x1aa/0x270
[   47.993652][    C1]  allocate_slab+0x25f/0x390
[   47.998244][    C1]  ___slab_alloc+0xa91/0x1400
[   48.002908][    C1]  __slab_alloc.constprop.0+0x56/0xa0
[   48.008265][    C1]  kmem_cache_alloc_node+0x138/0x3e0
[   48.013537][    C1]  copy_process+0x3c0/0x7600
[   48.018117][    C1]  kernel_clone+0xeb/0x890
[   48.022519][    C1]  kernel_thread+0xc0/0x100
[   48.027007][    C1]  kthreadd+0x50c/0x790
[   48.031154][    C1]  ret_from_fork+0x1f/0x30
[   48.035565][    C1] page_owner free stack trace missing
[   48.040908][    C1] 
[   48.043217][    C1] Memory state around the buggy address:
[   48.048821][    C1]  ffff88801578e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.056862][    C1]  ffff88801578e280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.064902][    C1] >ffff88801578e300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.072937][    C1]                                            ^
[   48.079068][    C1]  ffff88801578e380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.087194][    C1]  ffff88801578e400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.095236][    C1] ==================================================================
[   48.103281][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   48.110455][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.4.0-rc1-syzkaller-00071-g105131df9c3b #0
[   48.120067][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   48.130106][    C1] Call Trace:
[   48.133368][    C1]  <IRQ>
[   48.136194][    C1]  dump_stack_lvl+0xd9/0x150
[   48.140782][    C1]  panic+0x686/0x730
[   48.144666][    C1]  ? panic_smp_self_stop+0xa0/0xa0
[   48.149774][    C1]  ? lock_downgrade+0x690/0x690
[   48.154625][    C1]  check_panic_on_warn+0xb1/0xc0
[   48.159560][    C1]  end_report+0xe9/0x120
[   48.163793][    C1]  ? __lock_acquire+0x3ffd/0x5df0
[   48.168806][    C1]  kasan_report+0xf9/0x130
[   48.173212][    C1]  ? __lock_acquire+0x3ffd/0x5df0
[   48.178224][    C1]  __lock_acquire+0x3ffd/0x5df0
[   48.183065][    C1]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   48.189032][    C1]  ? lockdep_unlock+0x11b/0x290
[   48.193867][    C1]  ? __lock_acquire+0x280a/0x5df0
[   48.198882][    C1]  lock_acquire+0x1b1/0x520
[   48.203372][    C1]  ? try_to_wake_up+0xab/0x1c40
[   48.208206][    C1]  ? lock_sync+0x190/0x190
[   48.212611][    C1]  ? __lock_acquire+0x1916/0x5df0
[   48.217624][    C1]  ? _raw_spin_lock_irqsave+0x52/0x60
[   48.222988][    C1]  _raw_spin_lock_irqsave+0x3d/0x60
[   48.228177][    C1]  ? try_to_wake_up+0xab/0x1c40
[   48.233012][    C1]  try_to_wake_up+0xab/0x1c40
[   48.237675][    C1]  ? lock_sync+0x190/0x190
[   48.242076][    C1]  ? lock_downgrade+0x690/0x690
[   48.246914][    C1]  ? sched_ttwu_pending+0x550/0x550
[   48.252093][    C1]  ? nilfs_segctor_zeropad_segsum+0x180/0x180
[   48.258149][    C1]  call_timer_fn+0x1a0/0x580
[   48.262724][    C1]  ? msleep_interruptible+0x180/0x180
[   48.268076][    C1]  ? lock_downgrade+0x690/0x690
[   48.272915][    C1]  ? spin_bug+0x1c0/0x1c0
[   48.277233][    C1]  ? nilfs_segctor_zeropad_segsum+0x180/0x180
[   48.283285][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[   48.288473][    C1]  ? nilfs_segctor_zeropad_segsum+0x180/0x180
[   48.294527][    C1]  ? nilfs_segctor_zeropad_segsum+0x180/0x180
[   48.300598][    C1]  expire_timers+0x29b/0x4b0
[   48.305180][    C1]  run_timer_softirq+0x326/0x910
[   48.310107][    C1]  ? expire_timers+0x4b0/0x4b0
[   48.314856][    C1]  ? kvm_clock_read+0x14/0x30
[   48.319518][    C1]  ? kvm_sched_clock_read+0x9/0x20
[   48.324611][    C1]  ? sched_clock_cpu+0x6d/0x4d0
[   48.329452][    C1]  __do_softirq+0x1d4/0x905
[   48.333950][    C1]  __irq_exit_rcu+0x114/0x190
[   48.338614][    C1]  irq_exit_rcu+0x9/0x20
[   48.342841][    C1]  sysvec_apic_timer_interrupt+0x97/0xc0
[   48.348459][    C1]  </IRQ>
[   48.351372][    C1]  <TASK>
[   48.354283][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   48.360274][    C1] RIP: 0010:acpi_safe_halt+0x40/0x50
[   48.365545][    C1] Code: eb 03 83 e3 01 89 de 0f 1f 44 00 00 84 db 75 1b 0f 1f 44 00 00 eb 0c 0f 1f 44 00 00 0f 00 2d 37 ad a2 00 0f 1f 44 00 00 fb f4 <fa> 5b c3 cc 0f 1f 00 66 0f 1f 84 00 00 00 00 00 55 48 89 fd 53 0f
[   48.385221][    C1] RSP: 0018:ffffc90000177d18 EFLAGS: 00000246
[   48.391273][    C1] RAX: ffff888016279dc0 RBX: 0000000000000000 RCX: ffffffff8a0f5735
[   48.399228][    C1] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[   48.407182][    C1] RBP: ffff8880142cd064 R08: 0000000000000001 R09: ffff8880b9936ceb
[   48.415134][    C1] R10: ffffed1017326d9d R11: 0000000000000000 R12: 0000000000000001
[   48.423090][    C1] R13: ffff8880142cd000 R14: ffff8880142cd064 R15: 0000000000000000
[   48.431047][    C1]  ? ct_kernel_exit+0x1d5/0x240
[   48.435891][    C1]  acpi_idle_do_entry+0x53/0x70
[   48.440735][    C1]  acpi_idle_enter+0x173/0x290
[   48.445492][    C1]  ? cpuidle_enter+0x4e/0xa0
[   48.450075][    C1]  cpuidle_enter_state+0xd3/0x6f0
[   48.455090][    C1]  cpuidle_enter+0x4e/0xa0
[   48.459498][    C1]  do_idle+0x2fe/0x3c0
[   48.463560][    C1]  ? arch_cpu_idle_exit+0x30/0x30
[   48.468574][    C1]  ? _raw_spin_unlock_irq+0x1/0x50
[   48.473715][    C1]  ? lockdep_hardirqs_on+0x7d/0x100
[   48.478983][    C1]  cpu_startup_entry+0x18/0x20
[   48.483745][    C1]  start_secondary+0x221/0x2b0
[   48.488498][    C1]  ? set_cpu_sibling_map+0x1fb0/0x1fb0
[   48.493948][    C1]  secondary_startup_64_no_verify+0xf4/0xfb
[   48.499836][    C1]  </TASK>
[   48.503614][    C1] Kernel Offset: disabled
[   48.507948][    C1] Rebooting in 86400 seconds..