./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3334755419

<...>
Warning: Permanently added '10.128.0.209' (ED25519) to the list of known hosts.
execve("./syz-executor3334755419", ["./syz-executor3334755419"], 0x7fff3cb63180 /* 10 vars */) = 0
brk(NULL)                               = 0x555581100000
brk(0x555581100d00)                     = 0x555581100d00
arch_prctl(ARCH_SET_FS, 0x555581100380) = 0
set_tid_address(0x555581100650)         = 5090
set_robust_list(0x555581100660, 24)     = 0
rseq(0x555581100ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3334755419", 4096) = 28
getrandom("\x0c\x03\x3e\x14\xa0\xba\x86\x9b", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555581100d00
brk(0x555581121d00)                     = 0x555581121d00
brk(0x555581122000)                     = 0x555581122000
mprotect(0x7f3181335000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
[   75.372214][ T5090] ==================================================================
[   75.380349][ T5090] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x7b/0xe0
[   75.387833][ T5090] Write of size 48 at addr ffff88802b8cbc88 by task syz-executor333/5090
[   75.396239][ T5090] 
[   75.398559][ T5090] CPU: 0 PID: 5090 Comm: syz-executor333 Not tainted 6.9.0-rc2-next-20240402-syzkaller #0
[   75.408445][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   75.418507][ T5090] Call Trace:
[   75.421791][ T5090]  <TASK>
[   75.424836][ T5090]  dump_stack_lvl+0x241/0x360
[   75.429538][ T5090]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.434776][ T5090]  ? __pfx__printk+0x10/0x10
[   75.439396][ T5090]  ? _printk+0xd5/0x120
[   75.443585][ T5090]  ? __virt_addr_valid+0x183/0x520
[   75.448743][ T5090]  ? __virt_addr_valid+0x183/0x520
[   75.453872][ T5090]  print_report+0x169/0x550
[   75.458393][ T5090]  ? __virt_addr_valid+0x183/0x520
[   75.463508][ T5090]  ? __virt_addr_valid+0x183/0x520
[   75.468638][ T5090]  ? __virt_addr_valid+0x44e/0x520
[   75.473751][ T5090]  ? __phys_addr+0xba/0x170
[   75.478257][ T5090]  ? _copy_from_user+0x7b/0xe0
[   75.483031][ T5090]  kasan_report+0x143/0x180
[   75.487545][ T5090]  ? _copy_from_user+0x7b/0xe0
[   75.492306][ T5090]  kasan_check_range+0x282/0x290
[   75.497250][ T5090]  _copy_from_user+0x7b/0xe0
[   75.501836][ T5090]  do_handle_open+0x204/0x660
[   75.506520][ T5090]  ? __pfx_do_handle_open+0x10/0x10
[   75.511742][ T5090]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   75.518101][ T5090]  ? exc_page_fault+0x585/0x8e0
[   75.522967][ T5090]  do_syscall_64+0xfb/0x240
[   75.527482][ T5090]  entry_SYSCALL_64_after_hwframe+0x72/0x7a
[   75.533384][ T5090] RIP: 0033:0x7f31812c22a9
[   75.537796][ T5090] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   75.557399][ T5090] RSP: 002b:00007ffd39721398 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[   75.565821][ T5090] RAX: ffffffffffffffda RBX: 00007ffd39721578 RCX: 00007f31812c22a9
[   75.573817][ T5090] RDX: 0000000000200d81 RSI: 00000000200000c0 RDI: 00000000ffffffff
[   75.581817][ T5090] RBP: 00007f3181335610 R08: 0000000000000000 R09: 0000000000000000
[   75.589789][ T5090] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001
[   75.597778][ T5090] R13: 00007ffd39721568 R14: 0000000000000001 R15: 0000000000000001
[   75.605797][ T5090]  </TASK>
[   75.608816][ T5090] 
[   75.611150][ T5090] Allocated by task 5090:
[   75.615471][ T5090]  kasan_save_track+0x3f/0x80
[   75.620166][ T5090]  __kasan_kmalloc+0x98/0xb0
[   75.624777][ T5090]  __kmalloc_noprof+0x200/0x410
[   75.629629][ T5090]  do_handle_open+0x162/0x660
[   75.634319][ T5090]  do_syscall_64+0xfb/0x240
[   75.638848][ T5090]  entry_SYSCALL_64_after_hwframe+0x72/0x7a
[   75.644748][ T5090] 
[   75.647069][ T5090] The buggy address belongs to the object at ffff88802b8cbc80
[   75.647069][ T5090]  which belongs to the cache kmalloc-64 of size 64
[   75.660974][ T5090] The buggy address is located 8 bytes inside of
[   75.660974][ T5090]  allocated 48-byte region [ffff88802b8cbc80, ffff88802b8cbcb0)
[   75.674866][ T5090] 
[   75.677185][ T5090] The buggy address belongs to the physical page:
[   75.683584][ T5090] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b8cb
[   75.692358][ T5090] flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
[   75.699472][ T5090] page_type: 0xffffefff(slab)
[   75.704160][ T5090] raw: 00fff80000000000 ffff888015041640 ffffea00006ff4c0 dead000000000002
[   75.712745][ T5090] raw: 0000000000000000 0000000080200020 00000001ffffefff 0000000000000000
[   75.721404][ T5090] page dumped because: kasan: bad access detected
[   75.727843][ T5090] page_owner tracks the page as allocated
[   75.733554][ T5090] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid -378923836 (swapper/0), ts 1, free_ts 21069084721
[   75.751108][ T5090]  post_alloc_hook+0x1f3/0x230
[   75.755881][ T5090]  get_page_from_freelist+0x2e7e/0x2f40
[   75.761438][ T5090]  __alloc_pages_noprof+0x256/0x6c0
[   75.766635][ T5090]  alloc_slab_page+0x5f/0x120
[   75.771326][ T5090]  allocate_slab+0x5a/0x2e0
[   75.775830][ T5090]  ___slab_alloc+0xea8/0x1430
[   75.780610][ T5090]  __slab_alloc+0x58/0xa0
[   75.784959][ T5090]  kmalloc_trace_noprof+0x1d5/0x2b0
[   75.790164][ T5090]  add_sysfs_param+0x4c4/0x7f0
[   75.794931][ T5090]  kernel_add_sysfs_param+0xb4/0x130
[   75.800246][ T5090]  param_sysfs_builtin+0x16e/0x1f0
[   75.805379][ T5090]  param_sysfs_builtin_init+0x31/0x40
[   75.810761][ T5090]  do_one_initcall+0x248/0x880
[   75.815552][ T5090]  do_initcall_level+0x157/0x210
[   75.820501][ T5090]  do_initcalls+0x3f/0x80
[   75.824833][ T5090]  kernel_init_freeable+0x435/0x5d0
[   75.830044][ T5090] page last free pid 57 tgid 57 stack trace:
[   75.836061][ T5090]  free_unref_page+0xd3c/0xec0
[   75.840849][ T5090]  vfree+0x186/0x2e0
[   75.844929][ T5090]  delayed_vfree_work+0x56/0x80
[   75.849780][ T5090]  process_scheduled_works+0xa2c/0x1830
[   75.855352][ T5090]  worker_thread+0x86d/0xd70
[   75.859952][ T5090]  kthread+0x2f0/0x390
[   75.864020][ T5090]  ret_from_fork+0x4b/0x80
[   75.868439][ T5090]  ret_from_fork_asm+0x1a/0x30
[   75.873203][ T5090] 
[   75.875521][ T5090] Memory state around the buggy address:
[   75.881231][ T5090]  ffff88802b8cbb80: 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc
[   75.889295][ T5090]  ffff88802b8cbc00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   75.897347][ T5090] >ffff88802b8cbc80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   75.905397][ T5090]                                      ^
[   75.911060][ T5090]  ffff88802b8cbd00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   75.919156][ T5090]  ffff88802b8cbd80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   75.928126][ T5090] ==================================================================
[   75.936726][ T5090] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   75.943964][ T5090] CPU: 0 PID: 5090 Comm: syz-executor333 Not tainted 6.9.0-rc2-next-20240402-syzkaller #0
[   75.953899][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   75.963968][ T5090] Call Trace:
[   75.967253][ T5090]  <TASK>
[   75.970189][ T5090]  dump_stack_lvl+0x241/0x360
[   75.974887][ T5090]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.980102][ T5090]  ? __pfx__printk+0x10/0x10
[   75.984703][ T5090]  ? preempt_schedule+0xe1/0xf0
[   75.989665][ T5090]  ? vscnprintf+0x5d/0x90
[   75.994015][ T5090]  panic+0x349/0x860
[   75.997956][ T5090]  ? check_panic_on_warn+0x21/0xb0
[   76.003080][ T5090]  ? __pfx_panic+0x10/0x10
[   76.007512][ T5090]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   76.013525][ T5090]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   76.019870][ T5090]  ? print_report+0x502/0x550
[   76.024569][ T5090]  check_panic_on_warn+0x86/0xb0
[   76.029521][ T5090]  ? _copy_from_user+0x7b/0xe0
[   76.034321][ T5090]  end_report+0x77/0x160
[   76.038599][ T5090]  kasan_report+0x154/0x180
[   76.043127][ T5090]  ? _copy_from_user+0x7b/0xe0
[   76.047906][ T5090]  kasan_check_range+0x282/0x290
[   76.052853][ T5090]  _copy_from_user+0x7b/0xe0
[   76.057457][ T5090]  do_handle_open+0x204/0x660
[   76.062149][ T5090]  ? __pfx_do_handle_open+0x10/0x10
[   76.067358][ T5090]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   76.073712][ T5090]  ? exc_page_fault+0x585/0x8e0
[   76.078582][ T5090]  do_syscall_64+0xfb/0x240
[   76.083123][ T5090]  entry_SYSCALL_64_after_hwframe+0x72/0x7a
[   76.089033][ T5090] RIP: 0033:0x7f31812c22a9
[   76.093457][ T5090] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   76.113422][ T5090] RSP: 002b:00007ffd39721398 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[   76.121848][ T5090] RAX: ffffffffffffffda RBX: 00007ffd39721578 RCX: 00007f31812c22a9
[   76.129847][ T5090] RDX: 0000000000200d81 RSI: 00000000200000c0 RDI: 00000000ffffffff
[   76.137829][ T5090] RBP: 00007f3181335610 R08: 0000000000000000 R09: 0000000000000000
[   76.145832][ T5090] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001
[   76.153840][ T5090] R13: 00007ffd39721568 R14: 0000000000000001 R15: 0000000000000001
[   76.161831][ T5090]  </TASK>
[   76.165062][ T5090] Kernel Offset: disabled
[   76.169418][ T5090] Rebooting in 86400 seconds..