./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3952505731

<...>
DUID 00:04:cd:7d:74:7d:04:96:3f:c0:f2:1a:da:5a:49:b1:9f:fb
forked to background, child pid 4817
[   29.453226][ T4818] 8021q: adding VLAN 0 to HW filter on device bond0
[   29.464502][ T4818] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
syzkaller login: [   76.173177][   T14] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.15.199' (ECDSA) to the list of known hosts.
execve("./syz-executor3952505731", ["./syz-executor3952505731"], 0x7ffdc2ae9e80 /* 10 vars */) = 0
brk(NULL)                               = 0x55555648c000
brk(0x55555648cc40)                     = 0x55555648cc40
arch_prctl(ARCH_SET_FS, 0x55555648c300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3952505731", 4096) = 28
brk(0x5555564adc40)                     = 0x5555564adc40
brk(0x5555564ae000)                     = 0x5555564ae000
mprotect(0x7febb2509000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mmap(0x20000000, 16506880, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
openat(AT_FDCWD, "/dev/vcsu", O_RDONLY) = 3
[   88.030112][ T5243] ==================================================================
[   88.038203][ T5243] BUG: KASAN: stack-out-of-bounds in collapse_file+0x4edf/0x5830
[   88.045914][ T5243] Read of size 8 at addr ffffc90003bbf908 by task syz-executor395/5243
[   88.054136][ T5243] 
[   88.056449][ T5243] CPU: 0 PID: 5243 Comm: syz-executor395 Not tainted 6.1.0-rc4-next-20221111-syzkaller #0
[   88.066325][ T5243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   88.076511][ T5243] Call Trace:
[   88.079776][ T5243]  <TASK>
[   88.082694][ T5243]  dump_stack_lvl+0xcd/0x134
[   88.087305][ T5243]  print_report+0x15e/0x45d
[   88.091821][ T5243]  ? collapse_file+0x4edf/0x5830
[   88.096749][ T5243]  kasan_report+0xbb/0x1f0
[   88.101150][ T5243]  ? collapse_file+0x4edf/0x5830
[   88.106072][ T5243]  collapse_file+0x4edf/0x5830
[   88.110824][ T5243]  ? is_refcount_suitable+0x840/0x840
[   88.116194][ T5243]  ? find_held_lock+0x2d/0x110
[   88.120955][ T5243]  ? hpage_collapse_scan_file+0x2c3/0x18e0
[   88.126749][ T5243]  ? xas_find+0x2fe/0x7d0
[   88.131071][ T5243]  hpage_collapse_scan_file+0xdba/0x18e0
[   88.136693][ T5243]  ? collapse_file+0x5830/0x5830
[   88.141626][ T5243]  madvise_collapse+0x521/0xb30
[   88.146465][ T5243]  ? current_is_khugepaged+0x20/0x20
[   88.151736][ T5243]  ? mas_prev_nentry+0x65b/0x1300
[   88.156750][ T5243]  madvise_vma_behavior+0x6f6/0x1db0
[   88.162023][ T5243]  ? mas_prev+0x153/0x650
[   88.166341][ T5243]  ? madvise_vma_anon_name+0xf0/0xf0
[   88.171618][ T5243]  ? find_vma_prev+0xe0/0x160
[   88.176290][ T5243]  ? vm_unmapped_area+0x760/0x760
[   88.181304][ T5243]  ? lock_release+0x810/0x810
[   88.185988][ T5243]  madvise_walk_vmas+0x1c7/0x2b0
[   88.190930][ T5243]  ? madvise_vma_anon_name+0xf0/0xf0
[   88.196255][ T5243]  ? __remove_memory+0x40/0x40
[   88.201101][ T5243]  ? find_held_lock+0x2d/0x110
[   88.205854][ T5243]  do_madvise.part.0+0x24a/0x340
[   88.210779][ T5243]  ? madvise_dontneed_free_valid_vma.part.0+0x240/0x240
[   88.217702][ T5243]  ? _raw_spin_unlock_irq+0x1f/0x40
[   88.222885][ T5243]  ? lockdep_hardirqs_on+0x79/0x100
[   88.228073][ T5243]  __x64_sys_madvise+0x113/0x150
[   88.232999][ T5243]  ? syscall_trace_enter.constprop.0+0xb0/0x250
[   88.239226][ T5243]  do_syscall_64+0x35/0xb0
[   88.243632][ T5243]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   88.249514][ T5243] RIP: 0033:0x7febb249cb29
[   88.253930][ T5243] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   88.273533][ T5243] RSP: 002b:00007ffdc0d58878 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   88.281962][ T5243] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007febb249cb29
[   88.289937][ T5243] RDX: 0000000000000019 RSI: 0000000000600003 RDI: 0000000020000000
[   88.297905][ T5243] RBP: 00007febb2460cd0 R08: 0000000000000000 R09: 0000000000000000
[   88.305872][ T5243] R10: 0000000000000000 R11: 0000000000000246 R12: 00007febb2460d60
[   88.313828][ T5243] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   88.321791][ T5243]  </TASK>
[   88.324793][ T5243] 
[   88.327108][ T5243] The buggy address belongs to stack of task syz-executor395/5243
[   88.334884][ T5243]  and is located at offset 120 in frame:
[   88.340576][ T5243]  collapse_file+0x0/0x5830
[   88.345068][ T5243] 
[   88.347371][ T5243] This frame has 4 objects:
[   88.351850][ T5243]  [32, 40) 'hpage'
[   88.351859][ T5243]  [64, 72) 'folio'
[   88.355656][ T5243]  [96, 112) 'pagelist'
[   88.359449][ T5243]  [128, 184) 'xas'
[   88.363587][ T5243] 
[   88.369785][ T5243] The buggy address belongs to the virtual mapping at
[   88.369785][ T5243]  [ffffc90003bb8000, ffffc90003bc1000) created by:
[   88.369785][ T5243]  kernel_clone+0xe7/0x980
[   88.387251][ T5243] 
[   88.389562][ T5243] The buggy address belongs to the physical page:
[   88.395955][ T5243] page:ffffea0000a69b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29a6c
[   88.406091][ T5243] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   88.413186][ T5243] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   88.421790][ T5243] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   88.430370][ T5243] page dumped because: kasan: bad access detected
[   88.436762][ T5243] page_owner tracks the page as allocated
[   88.442455][ T5243] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5240, tgid 5240 (strace-static-x), ts 87999283973, free_ts 82222049820
[   88.461883][ T5243]  get_page_from_freelist+0x10b5/0x2d50
[   88.467414][ T5243]  __alloc_pages+0x1c7/0x5a0
[   88.471984][ T5243]  alloc_pages+0x1a6/0x270
[   88.476390][ T5243]  __vmalloc_node_range+0x971/0x13b0
[   88.481661][ T5243]  copy_process+0x12d2/0x7520
[   88.486324][ T5243]  kernel_clone+0xe7/0x980
[   88.490725][ T5243]  __do_sys_clone+0xba/0x100
[   88.495302][ T5243]  do_syscall_64+0x35/0xb0
[   88.499704][ T5243]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   88.505583][ T5243] page last free stack trace:
[   88.510232][ T5243]  free_pcp_prepare+0x65c/0xc00
[   88.515065][ T5243]  free_unref_page+0x19/0x4d0
[   88.519724][ T5243]  __folio_put+0xc1/0x130
[   88.524040][ T5243]  anon_pipe_buf_release+0x369/0x430
[   88.529318][ T5243]  pipe_read+0x610/0x1100
[   88.533641][ T5243]  vfs_read+0x7f6/0x930
[   88.537787][ T5243]  ksys_read+0x1e8/0x250
[   88.542017][ T5243]  do_syscall_64+0x35/0xb0
[   88.546417][ T5243]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   88.552295][ T5243] 
[   88.554597][ T5243] Memory state around the buggy address:
[   88.560205][ T5243]  ffffc90003bbf800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   88.568267][ T5243]  ffffc90003bbf880: 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 00
[   88.576313][ T5243] >ffffc90003bbf900: f2 f2 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00
[   88.584351][ T5243]                       ^
[   88.588655][ T5243]  ffffc90003bbf980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   88.596696][ T5243]  ffffc90003bbfa00: 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00
[   88.604733][ T5243] ==================================================================
[   88.619479][ T5243] Kernel panic - not syncing: panic_on_warn set ...
[   88.626069][ T5243] CPU: 0 PID: 5243 Comm: syz-executor395 Not tainted 6.1.0-rc4-next-20221111-syzkaller #0
[   88.636000][ T5243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   88.646041][ T5243] Call Trace:
[   88.649309][ T5243]  <TASK>
[   88.652231][ T5243]  dump_stack_lvl+0xcd/0x134
[   88.656828][ T5243]  panic+0x2c8/0x622
[   88.660716][ T5243]  ? panic_print_sys_info.part.0+0x110/0x110
[   88.666684][ T5243]  ? preempt_schedule_common+0x59/0xc0
[   88.672136][ T5243]  ? preempt_schedule_thunk+0x16/0x20
[   88.677521][ T5243]  end_report.part.0+0x3f/0x7c
[   88.682283][ T5243]  ? collapse_file+0x4edf/0x5830
[   88.687214][ T5243]  kasan_report.cold+0xa/0xf
[   88.691796][ T5243]  ? collapse_file+0x4edf/0x5830
[   88.696724][ T5243]  collapse_file+0x4edf/0x5830
[   88.701488][ T5243]  ? is_refcount_suitable+0x840/0x840
[   88.706856][ T5243]  ? find_held_lock+0x2d/0x110
[   88.711614][ T5243]  ? hpage_collapse_scan_file+0x2c3/0x18e0
[   88.717410][ T5243]  ? xas_find+0x2fe/0x7d0
[   88.721744][ T5243]  hpage_collapse_scan_file+0xdba/0x18e0
[   88.727391][ T5243]  ? collapse_file+0x5830/0x5830
[   88.732331][ T5243]  madvise_collapse+0x521/0xb30
[   88.737179][ T5243]  ? current_is_khugepaged+0x20/0x20
[   88.742456][ T5243]  ? mas_prev_nentry+0x65b/0x1300
[   88.747479][ T5243]  madvise_vma_behavior+0x6f6/0x1db0
[   88.752756][ T5243]  ? mas_prev+0x153/0x650
[   88.757073][ T5243]  ? madvise_vma_anon_name+0xf0/0xf0
[   88.762363][ T5243]  ? find_vma_prev+0xe0/0x160
[   88.767041][ T5243]  ? vm_unmapped_area+0x760/0x760
[   88.772059][ T5243]  ? lock_release+0x810/0x810
[   88.776726][ T5243]  madvise_walk_vmas+0x1c7/0x2b0
[   88.781669][ T5243]  ? madvise_vma_anon_name+0xf0/0xf0
[   88.786980][ T5243]  ? __remove_memory+0x40/0x40
[   88.791765][ T5243]  ? find_held_lock+0x2d/0x110
[   88.796526][ T5243]  do_madvise.part.0+0x24a/0x340
[   88.801465][ T5243]  ? madvise_dontneed_free_valid_vma.part.0+0x240/0x240
[   88.808417][ T5243]  ? _raw_spin_unlock_irq+0x1f/0x40
[   88.813603][ T5243]  ? lockdep_hardirqs_on+0x79/0x100
[   88.818792][ T5243]  __x64_sys_madvise+0x113/0x150
[   88.823716][ T5243]  ? syscall_trace_enter.constprop.0+0xb0/0x250
[   88.829944][ T5243]  do_syscall_64+0x35/0xb0
[   88.834346][ T5243]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   88.840236][ T5243] RIP: 0033:0x7febb249cb29
[   88.844639][ T5243] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   88.864254][ T5243] RSP: 002b:00007ffdc0d58878 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   88.872658][ T5243] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007febb249cb29
[   88.880615][ T5243] RDX: 0000000000000019 RSI: 0000000000600003 RDI: 0000000020000000
[   88.888568][ T5243] RBP: 00007febb2460cd0 R08: 0000000000000000 R09: 0000000000000000
[   88.896613][ T5243] R10: 0000000000000000 R11: 0000000000000246 R12: 00007febb2460d60
[   88.904567][ T5243] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   88.912546][ T5243]  </TASK>
[   88.915716][ T5243] Kernel Offset: disabled
[   88.920031][ T5243] Rebooting in 86400 seconds..