./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3597766499

<...>
[   29.286113][ T3188] 8021q: adding VLAN 0 to HW filter on device bond0
[   29.306736][ T3188] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
syzkaller login: [   39.520445][   T27] kauditd_printk_skb: 37 callbacks suppressed
[   39.520461][   T27] audit: type=1400 audit(1658136919.160:73): avc:  denied  { transition } for  pid=3414 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   39.557703][   T27] audit: type=1400 audit(1658136919.170:74): avc:  denied  { write } for  pid=3414 comm="sh" path="pipe:[27546]" dev="pipefs" ino=27546 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts.
execve("./syz-executor3597766499", ["./syz-executor3597766499"], 0x7ffc4e7e0150 /* 10 vars */) = 0
brk(NULL)                               = 0x5555565b6000
brk(0x5555565b6c40)                     = 0x5555565b6c40
arch_prctl(ARCH_SET_FS, 0x5555565b6300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3597766499", 4096) = 28
brk(0x5555565d7c40)                     = 0x5555565d7c40
brk(0x5555565d8000)                     = 0x5555565d8000
mprotect(0x7f8e3904f000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 3
ioctl(3, TIOCLINUX, 0x20000080)         = 0
openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 4
[   48.482860][   T27] audit: type=1400 audit(1658136928.130:75): avc:  denied  { execmem } for  pid=3616 comm="syz-executor359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   48.506901][ T3616] ==================================================================
[   48.506919][ T3616] BUG: KASAN: stack-out-of-bounds in sys_imageblit+0x1ed0/0x2240
[   48.506950][ T3616] Write of size 4 at addr ffffc90004127d40 by task syz-executor359/3616
[   48.506962][ T3616] 
[   48.506966][ T3616] CPU: 1 PID: 3616 Comm: syz-executor359 Not tainted 5.19.0-rc6-syzkaller-00447-g55ea9bd66688 #0
[   48.506982][ T3616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   48.506989][ T3616] Call Trace:
[   48.506994][ T3616]  <TASK>
[   48.506998][ T3616]  dump_stack_lvl+0xcd/0x134
[   48.507017][ T3616]  print_address_description.constprop.0.cold+0xf/0x467
[   48.507035][ T3616]  ? sys_imageblit+0x1ed0/0x2240
[   48.507049][ T3616]  kasan_report.cold+0xf4/0x1c6
[   48.507062][ T3616]  ? sys_imageblit+0x1ed0/0x2240
[   48.507077][ T3616]  sys_imageblit+0x1ed0/0x2240
[   48.507093][ T3616]  ? sys_copyarea+0x1fa0/0x1fa0
[   48.507108][ T3616]  drm_fbdev_fb_imageblit+0x15c/0x350
[   48.507126][ T3616]  bit_putcs+0x6e1/0xd20
[   48.507141][ T3616]  ? bit_clear+0x4f0/0x4f0
[   48.507154][ T3616]  ? kasan_save_stack+0x2e/0x40
[   48.507169][ T3616]  ? kasan_save_stack+0x1e/0x40
[   48.507182][ T3616]  ? __kasan_kmalloc+0xa6/0xd0
[   48.507196][ T3616]  ? fb_get_color_depth+0x11a/0x240
[   48.507213][ T3616]  ? __sanitizer_cov_trace_switch+0x50/0x90
[   48.507228][ T3616]  ? bit_clear+0x4f0/0x4f0
[   48.507241][ T3616]  fbcon_putcs+0x314/0x3e0
[   48.507254][ T3616]  do_update_region+0x399/0x630
[   48.507272][ T3616]  ? con_get_trans_old+0x2a0/0x2a0
[   48.507287][ T3616]  ? __kmalloc+0x64/0x4d0
[   48.507299][ T3616]  ? fbcon_invert_region+0x8f/0x1c0
[   48.507313][ T3616]  invert_screen+0x1d4/0x600
[   48.507326][ T3616]  ? vc_uniscr_copy_line+0x4c0/0x4c0
[   48.507339][ T3616]  ? rcu_read_lock_sched_held+0x3a/0x70
[   48.507355][ T3616]  ? trace_kmalloc+0x32/0xf0
[   48.507368][ T3616]  ? __kmalloc+0x221/0x4d0
[   48.507380][ T3616]  ? vc_do_resize+0x36c/0x1170
[   48.507392][ T3616]  clear_selection+0x55/0x70
[   48.507406][ T3616]  vc_do_resize+0xe61/0x1170
[   48.507419][ T3616]  ? lock_downgrade+0x6e0/0x6e0
[   48.507436][ T3616]  ? store_bind+0x720/0x720
[   48.507449][ T3616]  fbcon_do_set_font+0x43a/0x6f0
[   48.507462][ T3616]  fbcon_set_font+0x89c/0xab0
[   48.507476][ T3616]  ? fbcon_set_def_font+0x320/0x320
[   48.507489][ T3616]  con_font_op+0x75b/0xcc0
[   48.507502][ T3616]  ? con_write+0x40/0x40
[   48.507515][ T3616]  vt_ioctl+0x1efa/0x2b20
[   48.507528][ T3616]  ? vt_waitactive+0x350/0x350
[   48.507541][ T3616]  ? tomoyo_path_number_perm+0x441/0x590
[   48.507559][ T3616]  ? lockdep_hardirqs_on+0x79/0x100
[   48.507574][ T3616]  ? tomoyo_path_number_perm+0x24e/0x590
[   48.507590][ T3616]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   48.507606][ T3616]  ? __sanitizer_cov_trace_switch+0x50/0x90
[   48.507621][ T3616]  ? vt_waitactive+0x350/0x350
[   48.507634][ T3616]  tty_ioctl+0xbbd/0x15e0
[   48.507647][ T3616]  ? tty_fasync+0x390/0x390
[   48.507659][ T3616]  ? selinux_inode_getsecctx+0x90/0x90
[   48.507672][ T3616]  ? find_held_lock+0x2d/0x110
[   48.507686][ T3616]  ? ptrace_notify+0xfa/0x140
[   48.507699][ T3616]  ? lock_downgrade+0x6e0/0x6e0
[   48.507714][ T3616]  ? selinux_file_ioctl+0xb1/0x270
[   48.507727][ T3616]  ? tty_fasync+0x390/0x390
[   48.507738][ T3616]  __x64_sys_ioctl+0x193/0x200
[   48.507753][ T3616]  do_syscall_64+0x35/0xb0
[   48.507764][ T3616]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   48.507782][ T3616] RIP: 0033:0x7f8e38fe2339
[   48.507792][ T3616] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   48.507805][ T3616] RSP: 002b:00007ffc7c6dc8d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   48.507819][ T3616] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e38fe2339
[   48.507829][ T3616] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000004
[   48.507837][ T3616] RBP: 00007f8e38fa6120 R08: 000000000000000d R09: 0000000000000000
[   48.507846][ T3616] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8e38fa61b0
[   48.507859][ T3616] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   48.507869][ T3616]  </TASK>
[   48.507873][ T3616] 
[   48.507877][ T3616] The buggy address belongs to the virtual mapping at
[   48.507877][ T3616]  [ffffc90004120000, ffffc90004129000) created by:
[   48.507877][ T3616]  kernel_clone+0xe7/0xab0
[   48.507896][ T3616] 
[   48.507898][ T3616] The buggy address belongs to the physical page:
[   48.507904][ T3616] page:ffffea00007a6b80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e9ae
[   48.507922][ T3616] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   48.507939][ T3616] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   48.507951][ T3616] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   48.507958][ T3616] page dumped because: kasan: bad access detected
[   48.507963][ T3616] page_owner tracks the page as allocated
[   48.507967][ T3616] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 7665331315, free_ts 0
[   48.507989][ T3616]  get_page_from_freelist+0x1290/0x3b70
[   48.508002][ T3616]  __alloc_pages+0x1c7/0x510
[   48.508013][ T3616]  alloc_pages+0x1aa/0x310
[   48.508027][ T3616]  __vmalloc_node_range+0x735/0x13e0
[   48.508042][ T3616]  copy_process+0x156e/0x7020
[   48.508053][ T3616]  kernel_clone+0xe7/0xab0
[   48.508064][ T3616]  kernel_thread+0xb5/0xf0
[   48.508075][ T3616]  kthreadd+0x4ea/0x750
[   48.508086][ T3616]  ret_from_fork+0x1f/0x30
[   48.508099][ T3616] page_owner free stack trace missing
[   48.508103][ T3616] 
[   48.508105][ T3616] Memory state around the buggy address:
[   48.508111][ T3616]  ffffc90004127c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   48.508119][ T3616]  ffffc90004127c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   48.508128][ T3616] >ffffc90004127d00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3
[   48.508134][ T3616]                                            ^
[   48.508140][ T3616]  ffffc90004127d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   48.508149][ T3616]  ffffc90004127e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   48.508155][ T3616] ==================================================================
[   48.508165][ T3616] Kernel panic - not syncing: panic_on_warn set ...
[   48.508170][ T3616] CPU: 1 PID: 3616 Comm: syz-executor359 Not tainted 5.19.0-rc6-syzkaller-00447-g55ea9bd66688 #0
[   48.508184][ T3616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   48.508190][ T3616] Call Trace:
[   48.508193][ T3616]  <TASK>
[   48.508197][ T3616]  dump_stack_lvl+0xcd/0x134
[   48.508211][ T3616]  panic+0x2d7/0x636
[   48.508224][ T3616]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   48.508238][ T3616]  ? sys_imageblit+0x1ed0/0x2240
[   48.508253][ T3616]  ? sys_imageblit+0x1ed0/0x2240
[   48.508267][ T3616]  end_report.part.0+0x3f/0x7c
[   48.508280][ T3616]  kasan_report.cold+0x93/0x1c6
[   48.508293][ T3616]  ? sys_imageblit+0x1ed0/0x2240
[   48.508307][ T3616]  sys_imageblit+0x1ed0/0x2240
[   48.508322][ T3616]  ? sys_copyarea+0x1fa0/0x1fa0
[   48.508337][ T3616]  drm_fbdev_fb_imageblit+0x15c/0x350
[   48.508353][ T3616]  bit_putcs+0x6e1/0xd20
[   48.508366][ T3616]  ? bit_clear+0x4f0/0x4f0
[   48.508380][ T3616]  ? kasan_save_stack+0x2e/0x40
[   48.508393][ T3616]  ? kasan_save_stack+0x1e/0x40
[   48.508406][ T3616]  ? __kasan_kmalloc+0xa6/0xd0
[   48.508419][ T3616]  ? fb_get_color_depth+0x11a/0x240
[   48.508434][ T3616]  ? __sanitizer_cov_trace_switch+0x50/0x90
[   48.508448][ T3616]  ? bit_clear+0x4f0/0x4f0
[   48.508460][ T3616]  fbcon_putcs+0x314/0x3e0
[   48.508473][ T3616]  do_update_region+0x399/0x630
[   48.508488][ T3616]  ? con_get_trans_old+0x2a0/0x2a0
[   48.508503][ T3616]  ? __kmalloc+0x64/0x4d0
[   48.508515][ T3616]  ? fbcon_invert_region+0x8f/0x1c0
[   48.508528][ T3616]  invert_screen+0x1d4/0x600
[   48.508540][ T3616]  ? vc_uniscr_copy_line+0x4c0/0x4c0
[   48.508552][ T3616]  ? rcu_read_lock_sched_held+0x3a/0x70
[   48.508567][ T3616]  ? trace_kmalloc+0x32/0xf0
[   48.508579][ T3616]  ? __kmalloc+0x221/0x4d0
[   48.508591][ T3616]  ? vc_do_resize+0x36c/0x1170
[   48.508603][ T3616]  clear_selection+0x55/0x70
[   48.508616][ T3616]  vc_do_resize+0xe61/0x1170
[   48.508629][ T3616]  ? lock_downgrade+0x6e0/0x6e0
[   48.508644][ T3616]  ? store_bind+0x720/0x720
[   48.508656][ T3616]  fbcon_do_set_font+0x43a/0x6f0
[   48.508669][ T3616]  fbcon_set_font+0x89c/0xab0
[   48.508682][ T3616]  ? fbcon_set_def_font+0x320/0x320
[   48.508695][ T3616]  con_font_op+0x75b/0xcc0
[   48.508707][ T3616]  ? con_write+0x40/0x40
[   48.508720][ T3616]  vt_ioctl+0x1efa/0x2b20
[   48.508732][ T3616]  ? vt_waitactive+0x350/0x350
[   48.508745][ T3616]  ? tomoyo_path_number_perm+0x441/0x590
[   48.508760][ T3616]  ? lockdep_hardirqs_on+0x79/0x100
[   48.508774][ T3616]  ? tomoyo_path_number_perm+0x24e/0x590
[   48.508790][ T3616]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   48.508806][ T3616]  ? __sanitizer_cov_trace_switch+0x50/0x90
[   48.508820][ T3616]  ? vt_waitactive+0x350/0x350
[   48.508833][ T3616]  tty_ioctl+0xbbd/0x15e0
[   48.508844][ T3616]  ? tty_fasync+0x390/0x390
[   48.508856][ T3616]  ? selinux_inode_getsecctx+0x90/0x90
[   48.508868][ T3616]  ? find_held_lock+0x2d/0x110
[   48.508882][ T3616]  ? ptrace_notify+0xfa/0x140
[   48.508893][ T3616]  ? lock_downgrade+0x6e0/0x6e0
[   48.508912][ T3616]  ? selinux_file_ioctl+0xb1/0x270
[   48.508924][ T3616]  ? tty_fasync+0x390/0x390
[   48.508936][ T3616]  __x64_sys_ioctl+0x193/0x200
[   48.508948][ T3616]  do_syscall_64+0x35/0xb0
[   48.508960][ T3616]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   48.508975][ T3616] RIP: 0033:0x7f8e38fe2339
[   48.508998][ T3616] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   48.509010][ T3616] RSP: 002b:00007ffc7c6dc8d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   48.509022][ T3616] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e38fe2339
[   48.509031][ T3616] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000004
[   48.509039][ T3616] RBP: 00007f8e38fa6120 R08: 000000000000000d R09: 0000000000000000
[   48.509047][ T3616] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8e38fa61b0
[   48.509055][ T3616] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   48.509064][ T3616]  </TASK>
[   48.509248][ T3616] Kernel Offset: disabled
[   49.501553][ T3616] Rebooting in 86400 seconds..