./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1093245122

<...>
Warning: Permanently added '10.128.0.246' (ECDSA) to the list of known hosts.
execve("./syz-executor1093245122", ["./syz-executor1093245122"], 0x7ffd3d0e6800 /* 10 vars */) = 0
brk(NULL)                               = 0x555555708000
brk(0x555555708c40)                     = 0x555555708c40
arch_prctl(ARCH_SET_FS, 0x555555708300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1093245122", 4096) = 28
brk(0x555555729c40)                     = 0x555555729c40
brk(0x55555572a000)                     = 0x55555572a000
mprotect(0x7f546d1eb000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./file0", 000)                   = 0
pipe2([3, 4], 0)                        = 0
write(4, "\x15\x00\x00\x00\x65\xff\xff\x01\x80\x00\x00\x08\x00\x39\x50\x32\x30\x30\x30\x2e\x4c", 21) = 21
dup(4)                                  = 5
write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = 24
write(5, "\x4c\x01\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 311) = 311
mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000004") = 0
syzkaller login: [   37.005413][   T26] ==================================================================
[   37.013655][   T26] BUG: KASAN: slab-out-of-bounds in _copy_to_iter+0xa46/0x1000
[   37.021188][   T26] Write of size 12 at addr ffff888022e8a127 by task kworker/1:1/26
[   37.029057][   T26] 
[   37.031364][   T26] CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[   37.041228][   T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[   37.051266][   T26] Workqueue: events p9_read_work
[   37.056191][   T26] Call Trace:
[   37.059458][   T26]  <TASK>
[   37.062383][   T26]  dump_stack_lvl+0x1e3/0x2cb
[   37.067051][   T26]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   37.072503][   T26]  ? __wake_up_klogd+0xcd/0x100
[   37.077344][   T26]  ? panic+0x766/0x766
[   37.081393][   T26]  ? _printk+0xcf/0x10f
[   37.085537][   T26]  print_address_description+0x74/0x340
[   37.091068][   T26]  print_report+0x107/0x220
[   37.095553][   T26]  ? lock_acquire+0xa5/0x400
[   37.100123][   T26]  ? pipe_read+0x121/0x12a0
[   37.104608][   T26]  ? __virt_addr_valid+0x21b/0x2d0
[   37.109705][   T26]  ? __phys_addr+0xb5/0x160
[   37.114189][   T26]  ? _copy_to_iter+0xa46/0x1000
[   37.119023][   T26]  kasan_report+0x139/0x170
[   37.123512][   T26]  ? _copy_to_iter+0xa46/0x1000
[   37.128347][   T26]  kasan_check_range+0x2a7/0x2e0
[   37.133263][   T26]  ? _copy_to_iter+0xa46/0x1000
[   37.138105][   T26]  memcpy+0x3c/0x60
[   37.141906][   T26]  _copy_to_iter+0xa46/0x1000
[   37.146580][   T26]  ? stack_trace_snprint+0xf0/0xf0
[   37.151681][   T26]  ? iov_iter_init+0x1a0/0x1a0
[   37.156428][   T26]  ? mutex_lock_io_nested+0x60/0x60
[   37.161639][   T26]  ? rcu_read_lock_sched_held+0x5f/0x130
[   37.167256][   T26]  ? page_copy_sane+0x46/0x3a0
[   37.172003][   T26]  copy_page_to_iter+0xd2/0x1b0
[   37.176847][   T26]  pipe_read+0x58a/0x12a0
[   37.181171][   T26]  ? pipe_wait_writable+0x5a0/0x5a0
[   37.186357][   T26]  ? trace_lock_release+0x95/0x220
[   37.191546][   T26]  ? rcu_read_lock_sched_held+0x5f/0x130
[   37.197167][   T26]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   37.203137][   T26]  ? iov_iter_kvec+0x4a/0x1a0
[   37.207807][   T26]  __kernel_read+0x3c4/0x7e0
[   37.212387][   T26]  ? rw_verify_area+0x1a0/0x1a0
[   37.217220][   T26]  ? rcu_read_lock_sched_held+0x5f/0x130
[   37.222835][   T26]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   37.228795][   T26]  ? rcu_read_lock_sched_held+0x5f/0x130
[   37.234411][   T26]  ? lock_release+0x81/0x870
[   37.238982][   T26]  ? security_file_permission+0x45f/0x5c0
[   37.244684][   T26]  ? kernel_read+0xc1/0x1f0
[   37.249170][   T26]  p9_read_work+0x389/0xfa0
[   37.253657][   T26]  ? p9_conn_create+0x5b0/0x5b0
[   37.258491][   T26]  process_one_work+0x81c/0xd10
[   37.263325][   T26]  ? __switch_to_asm+0x34/0x60
[   37.268075][   T26]  ? worker_detach_from_pool+0x260/0x260
[   37.273694][   T26]  ? _raw_spin_lock_irqsave+0x120/0x120
[   37.279222][   T26]  ? kthread_data+0x4d/0xc0
[   37.283707][   T26]  ? wq_worker_running+0x95/0x190
[   37.288713][   T26]  worker_thread+0xb14/0x1330
[   37.293378][   T26]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   37.299254][   T26]  kthread+0x266/0x300
[   37.303305][   T26]  ? rcu_lock_release+0x20/0x20
[   37.308145][   T26]  ? kthread_blkcg+0xd0/0xd0
[   37.312717][   T26]  ret_from_fork+0x1f/0x30
[   37.317126][   T26]  </TASK>
[   37.320126][   T26] 
[   37.322432][   T26] Allocated by task 3611:
[   37.326741][   T26]  kasan_set_track+0x4c/0x70
[   37.331311][   T26]  __kasan_kmalloc+0x97/0xb0
[   37.335876][   T26]  __kmalloc+0xaf/0x1a0
[   37.340012][   T26]  p9_client_prepare_req+0x4f9/0xbb0
[   37.345280][   T26]  p9_client_rpc+0x1a2/0xad0
[   37.349860][   T26]  p9_client_walk+0x1d6/0x690
[   37.354518][   T26]  v9fs_fid_xattr_set+0x288/0x440
[   37.359524][   T26]  v9fs_xattr_set+0x55/0x100
[   37.364093][   T26]  __vfs_setxattr+0x3f4/0x430
[   37.368751][   T26]  __vfs_setxattr_noperm+0x128/0x5d0
[   37.374016][   T26]  vfs_setxattr+0x228/0x450
[   37.378507][   T26]  path_setxattr+0x3b0/0x4b0
[   37.383079][   T26]  __x64_sys_setxattr+0xb7/0xd0
[   37.387910][   T26]  do_syscall_64+0x2b/0x70
[   37.392309][   T26]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   37.398181][   T26] 
[   37.400485][   T26] The buggy address belongs to the object at ffff888022e8a120
[   37.400485][   T26]  which belongs to the cache kmalloc-16 of size 16
[   37.414339][   T26] The buggy address is located 7 bytes inside of
[   37.414339][   T26]  16-byte region [ffff888022e8a120, ffff888022e8a130)
[   37.427336][   T26] 
[   37.429643][   T26] The buggy address belongs to the physical page:
[   37.436032][   T26] page:ffffea00008ba280 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888022e8aba0 pfn:0x22e8a
[   37.447463][   T26] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   37.454999][   T26] raw: 00fff00000000200 dead000000000100 dead000000000122 ffff8880120413c0
[   37.463569][   T26] raw: ffff888022e8aba0 0000000080800076 00000001ffffffff 0000000000000000
[   37.472125][   T26] page dumped because: kasan: bad access detected
[   37.478514][   T26] page_owner tracks the page as allocated
[   37.484204][   T26] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 7751239110, free_ts 0
[   37.500758][   T26]  get_page_from_freelist+0x72b/0x7a0
[   37.506109][   T26]  __alloc_pages+0x259/0x560
[   37.510676][   T26]  alloc_page_interleave+0x22/0x1c0
[   37.515858][   T26]  alloc_slab_page+0x70/0xf0
[   37.520434][   T26]  allocate_slab+0x5e/0x4b0
[   37.524917][   T26]  ___slab_alloc+0x7f4/0xeb0
[   37.529486][   T26]  __kmem_cache_alloc_node+0x252/0x310
[   37.535011][   T26]  __kmalloc_node_track_caller+0x9c/0x1a0
[   37.540710][   T26]  kvasprintf+0xdb/0x190
[   37.544930][   T26]  kobject_set_name_vargs+0x5d/0x110
[   37.550194][   T26]  dev_set_name+0xd1/0x120
[   37.554591][   T26]  usb_hub_create_port_device+0x3ca/0xb50
[   37.560289][   T26]  hub_configure+0x194c/0x2770
[   37.565032][   T26]  hub_probe+0x886/0xa00
[   37.569254][   T26]  usb_probe_interface+0x66e/0xb60
[   37.574345][   T26]  call_driver_probe+0x96/0x250
[   37.579175][   T26] page_owner free stack trace missing
[   37.584523][   T26] 
[   37.586825][   T26] Memory state around the buggy address:
[   37.592433][   T26]  ffff888022e8a000: 00 04 fc fc 00 04 fc fc 00 04 fc fc 00 04 fc fc
[   37.600471][   T26]  ffff888022e8a080: 00 04 fc fc 00 04 fc fc fb fb fc fc fb fb fc fc
[   37.608510][   T26] >ffff888022e8a100: fb fb fc fc 00 03 fc fc fa fb fc fc fa fb fc fc
[   37.616544][   T26]                                   ^
[   37.621893][   T26]  ffff888022e8a180: fa fb fc fc fa fb fc fc 00 06 fc fc fa fb fc fc
[   37.629927][   T26]  ffff888022e8a200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   37.637962][   T26] ==================================================================
[   37.651504][   T26] Kernel panic - not syncing: panic_on_warn set ...
[   37.658102][   T26] CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[   37.667967][   T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[   37.678002][   T26] Workqueue: events p9_read_work
[   37.682924][   T26] Call Trace:
[   37.686185][   T26]  <TASK>
[   37.689101][   T26]  dump_stack_lvl+0x1e3/0x2cb
[   37.693763][   T26]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   37.699203][   T26]  ? panic+0x766/0x766
[   37.703248][   T26]  ? preempt_schedule_common+0xb7/0xe0
[   37.708692][   T26]  ? preempt_schedule+0xd9/0xe0
[   37.713525][   T26]  ? vscnprintf+0x59/0x80
[   37.717837][   T26]  panic+0x316/0x766
[   37.721713][   T26]  ? memcpy_page_flushcache+0xfc/0xfc
[   37.727091][   T26]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   37.733054][   T26]  ? _copy_to_iter+0xa46/0x1000
[   37.737886][   T26]  end_report+0x91/0xa0
[   37.742023][   T26]  kasan_report+0x146/0x170
[   37.746506][   T26]  ? _copy_to_iter+0xa46/0x1000
[   37.751337][   T26]  kasan_check_range+0x2a7/0x2e0
[   37.756253][   T26]  ? _copy_to_iter+0xa46/0x1000
[   37.761088][   T26]  memcpy+0x3c/0x60
[   37.764890][   T26]  _copy_to_iter+0xa46/0x1000
[   37.769559][   T26]  ? stack_trace_snprint+0xf0/0xf0
[   37.774659][   T26]  ? iov_iter_init+0x1a0/0x1a0
[   37.779416][   T26]  ? mutex_lock_io_nested+0x60/0x60
[   37.784604][   T26]  ? rcu_read_lock_sched_held+0x5f/0x130
[   37.790226][   T26]  ? page_copy_sane+0x46/0x3a0
[   37.794979][   T26]  copy_page_to_iter+0xd2/0x1b0
[   37.799818][   T26]  pipe_read+0x58a/0x12a0
[   37.804145][   T26]  ? pipe_wait_writable+0x5a0/0x5a0
[   37.809335][   T26]  ? trace_lock_release+0x95/0x220
[   37.814440][   T26]  ? rcu_read_lock_sched_held+0x5f/0x130
[   37.820059][   T26]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   37.826026][   T26]  ? iov_iter_kvec+0x4a/0x1a0
[   37.830692][   T26]  __kernel_read+0x3c4/0x7e0
[   37.835274][   T26]  ? rw_verify_area+0x1a0/0x1a0
[   37.840112][   T26]  ? rcu_read_lock_sched_held+0x5f/0x130
[   37.845731][   T26]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   37.851696][   T26]  ? rcu_read_lock_sched_held+0x5f/0x130
[   37.857315][   T26]  ? lock_release+0x81/0x870
[   37.861903][   T26]  ? security_file_permission+0x45f/0x5c0
[   37.867614][   T26]  ? kernel_read+0xc1/0x1f0
[   37.872106][   T26]  p9_read_work+0x389/0xfa0
[   37.876597][   T26]  ? p9_conn_create+0x5b0/0x5b0
[   37.881434][   T26]  process_one_work+0x81c/0xd10
[   37.886274][   T26]  ? __switch_to_asm+0x34/0x60
[   37.891032][   T26]  ? worker_detach_from_pool+0x260/0x260
[   37.896654][   T26]  ? _raw_spin_lock_irqsave+0x120/0x120
[   37.902186][   T26]  ? kthread_data+0x4d/0xc0
[   37.906678][   T26]  ? wq_worker_running+0x95/0x190
[   37.911689][   T26]  worker_thread+0xb14/0x1330
[   37.916358][   T26]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   37.922247][   T26]  kthread+0x266/0x300
[   37.926301][   T26]  ? rcu_lock_release+0x20/0x20
[   37.931140][   T26]  ? kthread_blkcg+0xd0/0xd0
[   37.935720][   T26]  ret_from_fork+0x1f/0x30
[   37.940128][   T26]  </TASK>
[   37.943278][   T26] Kernel Offset: disabled
[   37.947592][   T26] Rebooting in 86400 seconds..