./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor701414893
<...>
DUID 00:04:d9:3a:76:1c:b4:63:be:bc:0b:c2:08:9c:83:36:98:31
forked to background, child pid 3187
[ 25.662374][ T3188] 8021q: adding VLAN 0 to HW filter on device bond0
[ 25.672545][ T3188] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts.
execve("./syz-executor701414893", ["./syz-executor701414893"], 0x7fffaf467480 /* 10 vars */) = 0
brk(NULL) = 0x555557028000
brk(0x555557028c40) = 0x555557028c40
arch_prctl(ARCH_SET_FS, 0x555557028300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor701414893", 4096) = 27
brk(0x555557049c40) = 0x555557049c40
brk(0x55555704a000) = 0x55555704a000
mprotect(0x7faf6c99e000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/profiling", O_RDWR|O_CREAT|O_LARGEFILE|O_CLOEXEC, 000) = 3
syzkaller login: [ 48.701853][ T3608] kernel profiling enabled (shift: 0)
[ 48.876599][ C1] ==================================================================
[ 48.884677][ C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0
[ 48.891779][ C1] Read of size 8 at addr ffffc900038aef20 by task syz-executor701/3608
[ 48.899992][ C1]
[ 48.902297][ C1] CPU: 1 PID: 3608 Comm: syz-executor701 Not tainted 6.0.0-rc7-syzkaller-00239-gb357fd1c2afc #0
[ 48.912765][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 48.922805][ C1] Call Trace:
[ 48.926066][ C1]
[ 48.928893][ C1] dump_stack_lvl+0x1e3/0x2cb
[ 48.933560][ C1] ? io_alloc_page_table+0x110/0x110
[ 48.938824][ C1] ? _printk+0xcf/0x10f
[ 48.942958][ C1] ? __wake_up_klogd+0xd6/0x100
[ 48.947787][ C1] ? __wake_up_klogd+0xcd/0x100
[ 48.952625][ C1] ? panic+0x76b/0x76b
[ 48.956678][ C1] ? _printk+0xcf/0x10f
[ 48.960827][ C1] print_address_description+0x65/0x4b0
[ 48.966362][ C1] print_report+0x108/0x220
[ 48.970848][ C1] ? rcu_read_lock_sched_held+0x89/0x130
[ 48.976465][ C1] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 48.982430][ C1] ? run_posix_cpu_timers+0x472/0x800
[ 48.987788][ C1] ? profile_pc+0xa4/0xe0
[ 48.992101][ C1] kasan_report+0xfb/0x130
[ 48.996502][ C1] ? profile_pc+0xa4/0xe0
[ 49.000814][ C1] ? _raw_spin_unlock_irqrestore+0xd4/0x130
[ 49.006693][ C1] profile_pc+0xa4/0xe0
[ 49.010835][ C1] profile_tick+0xcd/0x120
[ 49.015239][ C1] tick_sched_timer+0x381/0x540
[ 49.020078][ C1] __hrtimer_run_queues+0x4cb/0xa60
[ 49.025273][ C1] ? tick_setup_sched_timer+0x2c0/0x2c0
[ 49.030805][ C1] ? hrtimer_interrupt+0xfd0/0xfd0
[ 49.035925][ C1] ? ktime_get_update_offsets_now+0x449/0x460
[ 49.041979][ C1] hrtimer_interrupt+0x3a6/0xfd0
[ 49.046908][ C1] ? irq_exit_rcu+0x20/0x20
[ 49.051410][ C1] __sysvec_apic_timer_interrupt+0xf9/0x280
[ 49.057308][ C1] sysvec_apic_timer_interrupt+0x8c/0xb0
[ 49.062925][ C1]
[ 49.065843][ C1]
[ 49.068763][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 49.074727][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130
[ 49.081221][ C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 92 96 9a f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 07 be 1a f7 65 8b 05 a8 b9 bf 75 85 c0 74 3f 48 c7 04 24 0e 36
[ 49.100812][ C1] RSP: 0018:ffffc900038aef20 EFLAGS: 00000206
[ 49.106865][ C1] RAX: fa0e2628b42fb800 RBX: 1ffff92000715de8 RCX: ffffffff8169b33a
[ 49.114826][ C1] RDX: dffffc0000000000 RSI: ffffffff8aad7740 RDI: 0000000000000001
[ 49.122781][ C1] RBP: ffffc900038aefb0 R08: dffffc0000000000 R09: fffffbfff1ff4622
[ 49.130741][ C1] R10: fffffbfff1ff4622 R11: 1ffffffff1ff4621 R12: dffffc0000000000
[ 49.138702][ C1] R13: 1ffff92000715de4 R14: ffffc900038aef40 R15: 0000000000000246
[ 49.146679][ C1] ? mark_lock+0x9a/0x350
[ 49.150999][ C1] ? _raw_spin_unlock+0x40/0x40
[ 49.155837][ C1] ? stack_trace_save+0x1f0/0x1f0
[ 49.160850][ C1] rmqueue_pcplist+0x1ee/0x500
[ 49.165600][ C1] ? reserve_highatomic_pageblock+0x2f0/0x2f0
[ 49.171649][ C1] ? mark_lock+0x9a/0x350
[ 49.175968][ C1] rmqueue+0x1c11/0x1f60
[ 49.180196][ C1] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 49.186181][ C1] ? clear_sched_clock_stable+0x60/0x60
[ 49.191724][ C1] ? check_new_pages+0x360/0x360
[ 49.196673][ C1] ? zone_watermark_fast+0xc3/0x230
[ 49.201860][ C1] get_page_from_freelist+0x497/0x7a0
[ 49.207221][ C1] __alloc_pages+0x259/0x560
[ 49.211799][ C1] ? zone_statistics+0x160/0x160
[ 49.216721][ C1] ? alloc_pages_bulk_array_mempolicy+0x79e/0x9b0
[ 49.223125][ C1] __vmalloc_node_range+0x8f4/0x1290
[ 49.228409][ C1] ? profile_init+0xea/0x130
[ 49.232990][ C1] ? sysfs_kf_read+0x390/0x390
[ 49.237747][ C1] vzalloc+0x75/0x80
[ 49.241627][ C1] ? profile_init+0xea/0x130
[ 49.246202][ C1] profile_init+0xea/0x130
[ 49.250612][ C1] profiling_store+0x59/0xc0
[ 49.255185][ C1] kernfs_fop_write_iter+0x3ac/0x500
[ 49.260461][ C1] do_iter_write+0x6f0/0xc50
[ 49.265040][ C1] ? vfs_iter_write+0xa0/0xa0
[ 49.269705][ C1] ? vfs_iter_write+0x69/0xa0
[ 49.274367][ C1] iter_file_splice_write+0x830/0xff0
[ 49.279730][ C1] ? splice_from_pipe+0x220/0x220
[ 49.284750][ C1] ? splice_shrink_spd+0xb0/0xb0
[ 49.289724][ C1] ? splice_from_pipe+0x220/0x220
[ 49.294763][ C1] direct_splice_actor+0xe6/0x1c0
[ 49.299796][ C1] splice_direct_to_actor+0x4e4/0xc00
[ 49.305179][ C1] ? do_splice_direct+0x3f0/0x3f0
[ 49.310199][ C1] ? pipe_to_sendpage+0x340/0x340
[ 49.315216][ C1] ? bpf_lsm_file_permission+0x5/0x10
[ 49.320585][ C1] ? security_file_permission+0xe0/0x5c0
[ 49.326207][ C1] do_splice_direct+0x2a0/0x3f0
[ 49.331053][ C1] ? splice_direct_to_actor+0xc00/0xc00
[ 49.336591][ C1] ? rcu_read_lock_any_held+0xb3/0x150
[ 49.342043][ C1] vfs_copy_file_range+0x9f5/0x1380
[ 49.347238][ C1] ? generic_copy_file_range+0x150/0x150
[ 49.352862][ C1] ? __might_fault+0xb2/0x110
[ 49.357558][ C1] __se_sys_copy_file_range+0x34c/0x5e0
[ 49.363110][ C1] ? __x64_sys_copy_file_range+0xf0/0xf0
[ 49.368731][ C1] ? __ct_user_exit+0x81/0xe0
[ 49.373397][ C1] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 49.379364][ C1] ? __x64_sys_copy_file_range+0x1d/0xf0
[ 49.384988][ C1] do_syscall_64+0x2b/0x70
[ 49.389396][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.395276][ C1] RIP: 0033:0x7faf6c931b29
[ 49.399679][ C1] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 49.419288][ C1] RSP: 002b:00007ffd379af598 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
[ 49.427696][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faf6c931b29
[ 49.435657][ C1] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000003
[ 49.443616][ C1] RBP: 00007faf6c8f5cd0 R08: 0000000000000008 R09: 0000000000000000
[ 49.451588][ C1] R10: 0000000020000040 R11: 0000000000000246 R12: 00007faf6c8f5d60
[ 49.459557][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 49.467537][ C1]
[ 49.470546][ C1]
[ 49.472856][ C1] The buggy address belongs to stack of task syz-executor701/3608
[ 49.480675][ C1] and is located at offset 0 in frame:
[ 49.486203][ C1] _raw_spin_unlock_irqrestore+0x0/0x130
[ 49.491840][ C1]
[ 49.494150][ C1] This frame has 1 object:
[ 49.498546][ C1] [32, 40) 'flags.i.i.i.i'
[ 49.498555][ C1]
[ 49.505340][ C1] The buggy address belongs to the virtual mapping at
[ 49.505340][ C1] [ffffc900038a8000, ffffc900038b1000) created by:
[ 49.505340][ C1] dup_task_struct+0x8b/0x490
[ 49.523045][ C1]
[ 49.525376][ C1] The buggy address belongs to the physical page:
[ 49.531790][ C1] page:ffffea00007643c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d90f
[ 49.541933][ C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 49.549037][ C1] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 49.557611][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 49.566185][ C1] page dumped because: kasan: bad access detected
[ 49.572584][ C1] page_owner tracks the page as allocated
[ 49.578282][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 3188, tgid 3188 (dhcpcd), ts 38265053481, free_ts 38261539019
[ 49.596934][ C1] get_page_from_freelist+0x72b/0x7a0
[ 49.602382][ C1] __alloc_pages+0x259/0x560
[ 49.607001][ C1] __vmalloc_node_range+0x8f4/0x1290
[ 49.612270][ C1] alloc_thread_stack_node+0x307/0x500
[ 49.617726][ C1] dup_task_struct+0x8b/0x490
[ 49.622389][ C1] copy_process+0x637/0x3f60
[ 49.626961][ C1] kernel_clone+0x22f/0x7a0
[ 49.631446][ C1] __x64_sys_clone+0x276/0x2e0
[ 49.636193][ C1] do_syscall_64+0x2b/0x70
[ 49.640593][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.646497][ C1] page last free stack trace:
[ 49.651247][ C1] free_pcp_prepare+0x812/0x900
[ 49.656106][ C1] free_unref_page_list+0xb4/0x7b0
[ 49.661232][ C1] release_pages+0x22c3/0x2540
[ 49.665991][ C1] tlb_flush_mmu+0x850/0xa70
[ 49.670569][ C1] tlb_finish_mmu+0xcb/0x200
[ 49.675161][ C1] exit_mmap+0x1dc/0x530
[ 49.679404][ C1] __mmput+0x111/0x3a0
[ 49.683463][ C1] exit_mm+0x211/0x2f0
[ 49.687518][ C1] do_exit+0x4e1/0x20a0
[ 49.691672][ C1] do_group_exit+0x23b/0x2f0
[ 49.696257][ C1] __x64_sys_exit_group+0x3b/0x40
[ 49.701266][ C1] do_syscall_64+0x2b/0x70
[ 49.705678][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.711559][ C1]
[ 49.713896][ C1] Memory state around the buggy address:
[ 49.719518][ C1] ffffc900038aee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 49.727567][ C1] ffffc900038aee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 49.735612][ C1] >ffffc900038aef00: 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00
[ 49.743656][ C1] ^
[ 49.748746][ C1] ffffc900038aef80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[ 49.756788][ C1] ffffc900038af000: 00 f2 f2 f2 00 f3 f3 f3 00 00 00 00 00 00 00 00
[ 49.764830][ C1] ==================================================================
[ 49.772887][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 49.779474][ C1] CPU: 1 PID: 3608 Comm: syz-executor701 Not tainted 6.0.0-rc7-syzkaller-00239-gb357fd1c2afc #0
[ 49.789884][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 49.799949][ C1] Call Trace:
[ 49.803223][ C1]
[ 49.806073][ C1] dump_stack_lvl+0x1e3/0x2cb
[ 49.810752][ C1] ? io_alloc_page_table+0x110/0x110
[ 49.816027][ C1] ? panic+0x76b/0x76b
[ 49.820087][ C1] ? vscnprintf+0x59/0x80
[ 49.824408][ C1] panic+0x316/0x76b
[ 49.828294][ C1] ? fb_is_primary_device+0xcc/0xcc
[ 49.833484][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 49.839394][ C1] ? profile_pc+0xa4/0xe0
[ 49.843709][ C1] end_report+0x91/0xa0
[ 49.847852][ C1] kasan_report+0x108/0x130
[ 49.852341][ C1] ? profile_pc+0xa4/0xe0
[ 49.856662][ C1] ? _raw_spin_unlock_irqrestore+0xd4/0x130
[ 49.862543][ C1] profile_pc+0xa4/0xe0
[ 49.866686][ C1] profile_tick+0xcd/0x120
[ 49.871090][ C1] tick_sched_timer+0x381/0x540
[ 49.875929][ C1] __hrtimer_run_queues+0x4cb/0xa60
[ 49.881114][ C1] ? tick_setup_sched_timer+0x2c0/0x2c0
[ 49.886652][ C1] ? hrtimer_interrupt+0xfd0/0xfd0
[ 49.891746][ C1] ? ktime_get_update_offsets_now+0x449/0x460
[ 49.897806][ C1] hrtimer_interrupt+0x3a6/0xfd0
[ 49.902746][ C1] ? irq_exit_rcu+0x20/0x20
[ 49.907241][ C1] __sysvec_apic_timer_interrupt+0xf9/0x280
[ 49.913121][ C1] sysvec_apic_timer_interrupt+0x8c/0xb0
[ 49.918741][ C1]
[ 49.921661][ C1]
[ 49.924580][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 49.930546][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130
[ 49.937031][ C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 92 96 9a f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 07 be 1a f7 65 8b 05 a8 b9 bf 75 85 c0 74 3f 48 c7 04 24 0e 36
[ 49.956645][ C1] RSP: 0018:ffffc900038aef20 EFLAGS: 00000206
[ 49.962707][ C1] RAX: fa0e2628b42fb800 RBX: 1ffff92000715de8 RCX: ffffffff8169b33a
[ 49.970663][ C1] RDX: dffffc0000000000 RSI: ffffffff8aad7740 RDI: 0000000000000001
[ 49.978618][ C1] RBP: ffffc900038aefb0 R08: dffffc0000000000 R09: fffffbfff1ff4622
[ 49.986583][ C1] R10: fffffbfff1ff4622 R11: 1ffffffff1ff4621 R12: dffffc0000000000
[ 49.994539][ C1] R13: 1ffff92000715de4 R14: ffffc900038aef40 R15: 0000000000000246
[ 50.002501][ C1] ? mark_lock+0x9a/0x350
[ 50.006829][ C1] ? _raw_spin_unlock+0x40/0x40
[ 50.011666][ C1] ? stack_trace_save+0x1f0/0x1f0
[ 50.016680][ C1] rmqueue_pcplist+0x1ee/0x500
[ 50.021429][ C1] ? reserve_highatomic_pageblock+0x2f0/0x2f0
[ 50.027478][ C1] ? mark_lock+0x9a/0x350
[ 50.031795][ C1] rmqueue+0x1c11/0x1f60
[ 50.036022][ C1] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 50.041994][ C1] ? clear_sched_clock_stable+0x60/0x60
[ 50.047525][ C1] ? check_new_pages+0x360/0x360
[ 50.052450][ C1] ? zone_watermark_fast+0xc3/0x230
[ 50.057642][ C1] get_page_from_freelist+0x497/0x7a0
[ 50.063003][ C1] __alloc_pages+0x259/0x560
[ 50.067577][ C1] ? zone_statistics+0x160/0x160
[ 50.072499][ C1] ? alloc_pages_bulk_array_mempolicy+0x79e/0x9b0
[ 50.078903][ C1] __vmalloc_node_range+0x8f4/0x1290
[ 50.084182][ C1] ? profile_init+0xea/0x130
[ 50.088756][ C1] ? sysfs_kf_read+0x390/0x390
[ 50.093502][ C1] vzalloc+0x75/0x80
[ 50.097382][ C1] ? profile_init+0xea/0x130
[ 50.101957][ C1] profile_init+0xea/0x130
[ 50.106358][ C1] profiling_store+0x59/0xc0
[ 50.110931][ C1] kernfs_fop_write_iter+0x3ac/0x500
[ 50.116285][ C1] do_iter_write+0x6f0/0xc50
[ 50.120883][ C1] ? vfs_iter_write+0xa0/0xa0
[ 50.125548][ C1] ? vfs_iter_write+0x69/0xa0
[ 50.130210][ C1] iter_file_splice_write+0x830/0xff0
[ 50.135749][ C1] ? splice_from_pipe+0x220/0x220
[ 50.140761][ C1] ? splice_shrink_spd+0xb0/0xb0
[ 50.145689][ C1] ? splice_from_pipe+0x220/0x220
[ 50.150707][ C1] direct_splice_actor+0xe6/0x1c0
[ 50.155717][ C1] splice_direct_to_actor+0x4e4/0xc00
[ 50.161080][ C1] ? do_splice_direct+0x3f0/0x3f0
[ 50.166089][ C1] ? pipe_to_sendpage+0x340/0x340
[ 50.171101][ C1] ? bpf_lsm_file_permission+0x5/0x10
[ 50.176460][ C1] ? security_file_permission+0xe0/0x5c0
[ 50.182076][ C1] do_splice_direct+0x2a0/0x3f0
[ 50.186915][ C1] ? splice_direct_to_actor+0xc00/0xc00
[ 50.192445][ C1] ? rcu_read_lock_any_held+0xb3/0x150
[ 50.197894][ C1] vfs_copy_file_range+0x9f5/0x1380
[ 50.203084][ C1] ? generic_copy_file_range+0x150/0x150
[ 50.208706][ C1] ? __might_fault+0xb2/0x110
[ 50.213386][ C1] __se_sys_copy_file_range+0x34c/0x5e0
[ 50.218922][ C1] ? __x64_sys_copy_file_range+0xf0/0xf0
[ 50.224539][ C1] ? __ct_user_exit+0x81/0xe0
[ 50.229208][ C1] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 50.235171][ C1] ? __x64_sys_copy_file_range+0x1d/0xf0
[ 50.240790][ C1] do_syscall_64+0x2b/0x70
[ 50.245189][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.251072][ C1] RIP: 0033:0x7faf6c931b29
[ 50.255475][ C1] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 50.275063][ C1] RSP: 002b:00007ffd379af598 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
[ 50.283462][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faf6c931b29
[ 50.291419][ C1] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000003
[ 50.299373][ C1] RBP: 00007faf6c8f5cd0 R08: 0000000000000008 R09: 0000000000000000
[ 50.307327][ C1] R10: 0000000020000040 R11: 0000000000000246 R12: 00007faf6c8f5d60
[ 50.315284][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 50.323246][ C1]
[ 50.326405][ C1] Kernel Offset: disabled
[ 50.330720][ C1] Rebooting in 86400 seconds..