program: r0 = syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000140)='./file1\x00', 0x3000c00, &(0x7f0000000200)=ANY=[], 0x1, 0x654, &(0x7f0000000a40)="$eJzs3c9vHGf9B/D3rje2N99+UzdN2hRVitVIgLBI/EMumAsBIeRDhapy4GwlTmNlkxbbRW6FqMvPaw/5A8rBN05I3COVCxe49epjJQSXXjCnRTM7a29tr38Ux2uX1yuafZ6ZZ+Z5Ps9nZ3Z214o2wP+s+Yk0nqSW+YnX1or1zY2Z1ubGzMNuPclIknrS6BSp/avdbn+c3E5nyUvFxqq7Wr9xHi/NvfHJZ5ufdtYa1VLuXz/ouKNZr5aMJxmqypPq785h/Y0e1l1te4ZFwm50EweDdiFJu/SPx50tP/3LM9stPZr7HX3omQ+cA7XOfXOPseRidaEX7wM6d8XOPftcWx90AAAAAHAKnt3KVtZyadBxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHlS/f5/rVrq3fp4at3f/x+utqWqny3Xj7f7k6cVBwAAAAAAAACcoutb2cpaLnXX27Xyb/6vlCtXysf/yztZyWKWczNrWchqVrOcqSRjPR0Nry2sri5PHeHI6X2PnD4k0JGqbJ7MvAEAAAAAAADgS+aXmd/5+z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJwFtWSoU5TLlW59LPVGktEkw8V+68nfuvXz7MmgAwAAAIBT8OxWtrKWS931dq38zP9C+bl/NO/kUVazlNW0spi75XcBnU/99c2NmdbmxszDYtnb7/f+eawwyh7T+e5h/5GvlXs0cy9L5ZabuZO30srd1MsjC9e68ewf1wdFTLXvVo4Y2d2qLGb+YVXu8f6xJtvPMb9MGSszcmE7I5NVbEU2njs4E8d8dnaPNJX6drBXdo20axJfKOcXq7KYz2/75Xwgdmdiuufse+HgnCdf+9MffnK/9ejB/XsrE2dnSgdbr8qhqmyXj829mZjpycSLX8ZM9DVZZuLq9vp8fpgfZyLjeT3LWcrPspDVLGY8PyhrC9X5XOu55Ptk6vbn1l4/LJLh6gztPFnHi+mV8thLWcqP8lbuZjGvlv+mM5VvZTazmet5hq8e4ZW23ueqb///vsHf+HpVaSb5XVWeDUVen+vJa+9r7ljZ1rtlJ0uXT/5+1PhKVSnG+FVVng27MzHVk4nnD87E78uXlZXWowfL9xfePtpwlz+sKsV19JszdZcozpfLxZNVrn3+7Cjant+3bapsu7LdVt/TdnW7rXOlrve9Uoer93B7e5ou217ct22mbLvW07bf+y0AzryL37g43Px786/Nj5q/bt5vvjb6/ZFvj7w8nAt/vvCdxuTQV+sv1/6Yj/KLnc//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF7fy7nsPFlqtxeVdlXa7/X6fpvNc6f6c2SkO+tIzyaCmPJzkbGT+3+12u9pSOwvxHFxpF0bSfupjNZLs13S9d8sHAzl/BvzCBDx1t1Yfvn1r5d33vrn0cOHNxTcXH83Nzs5Nzs2+OnPr3lJrcbLzOOgogadh56Y/6EgAAAAAAAAAAACAozqZ/zPQTNJ/n/6jj57mVAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBzan4ijSepZWry5mSxvrkx0yqWbn1nz0aSepLaz5Pax8ntdJaM9XRX6zfO46W5Nz75bPPTnb4a3f3rBx13NOvVkvEkQ1V5Uv3d+a/7q23PsEjYjW7iYND+EwAA//9nMgTf") ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000100)={0xc351, r0, 0x2}) r2 = openat$cgroup(r0, &(0x7f00000004c0)='syz0\x00', 0x200002, 0x0) r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={0xffffffffffffffff, r2, 0x9, 0x0, @void}, 0x10) fstat(r1, &(0x7f00000010c0)) openat$cgroup_pressure(r2, &(0x7f0000000500)='memory.pressure\x00', 0x2, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) mount$9p_fd(0x0, &(0x7f0000000540)='./file1\x00', &(0x7f0000000400), 0x9, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, 'hfsplus\x00'}}, {@appraise_type}, {@uid_lt={'uid<', r4}}]}}) fcntl$getownex(r3, 0x10, &(0x7f0000000440)={0x0, 0x0}) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r5, 0xfffffffffffffff7, &(0x7f0000000480)=""/51) r6 = socket$key(0xf, 0x3, 0x2) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000140), r7) sendmsg$NLBL_MGMT_C_ADDDEF(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x24, r8, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xa}]}, 0x24}}, 0x0) sendmsg$key(r6, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2, 0x400000000000003, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private0}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1}}]}, 0x70}}, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r10 = getpid() sched_setscheduler(r10, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(r5, 0x2, &(0x7f00000000c0)=0x4) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r11 = syz_clone(0x0, 0x0, 0xfffffffffffffead, 0x0, 0x0, 0x0) ptrace(0x10, r11) unshare(0x63000200) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xcc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x84414, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9a3, 0x0, @perf_config_ext={0x1ea, 0x2}, 0x0, 0x2, 0xffffffff, 0x0, 0x5, 0x1000000, 0x1, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x9) ptrace(0x8, r11) r12 = syz_pidfd_open(r11, 0x0) process_mrelease(r12, 0x700000000000000) write$binfmt_script(r9, &(0x7f0000000240), 0x208e24b) [ 73.091932][ T4664] Bluetooth: hci0: command tx timeout [ 73.195297][ T5326] loop0: detected capacity change from 0 to 1024 [ 73.236937][ T5326] 9pnet_fd: Insufficient options for proto=fd [ 74.715118][ T5326] ================================================================== [ 74.718058][ T5326] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x341/0x3d0 [ 74.720917][ T5326] Write of size 4064 at addr ffffc9000d511020 by task syz.0.0/5326 [ 74.723714][ T5326] [ 74.724552][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 74.740715][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.744748][ T5326] Call Trace: [ 74.745996][ T5326] [ 74.747111][ T5326] dump_stack_lvl+0x241/0x360 [ 74.748916][ T5326] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.750874][ T5326] ? __pfx__printk+0x10/0x10 [ 74.752737][ T5326] ? _printk+0xd5/0x120 [ 74.754314][ T5326] print_report+0x169/0x550 [ 74.755817][ T5326] ? __virt_addr_valid+0xbd/0x530 [ 74.757790][ T5326] ? vrealloc_noprof+0x341/0x3d0 [ 74.759635][ T5326] kasan_report+0x143/0x180 [ 74.761373][ T5326] ? vrealloc_noprof+0x341/0x3d0 [ 74.763275][ T5326] kasan_check_range+0x282/0x290 [ 74.765157][ T5326] __asan_memset+0x23/0x50 [ 74.766915][ T5326] vrealloc_noprof+0x341/0x3d0 [ 74.768750][ T5326] push_insn_history+0x16c/0x6a0 [ 74.770706][ T5326] do_check+0x692f/0xfcd0 [ 74.772403][ T5326] ? __pfx_do_check+0x10/0x10 [ 74.774255][ T5326] ? mark_reg_not_init+0xd4/0x4b0 [ 74.776196][ T5326] ? __asan_memcpy+0x40/0x70 [ 74.778014][ T5326] ? mark_reg_not_init+0xd4/0x4b0 [ 74.779993][ T5326] do_check_common+0x1564/0x2010 [ 74.781738][ T5326] bpf_check+0x804e/0x1fc90 [ 74.783256][ T5326] ? validate_chain+0x11e/0x5920 [ 74.785053][ T5326] ? __pfx_validate_chain+0x10/0x10 [ 74.787082][ T5326] ? mark_lock+0x9a/0x360 [ 74.788716][ T5326] ? __pfx_validate_chain+0x10/0x10 [ 74.790621][ T5326] ? validate_chain+0x11e/0x5920 [ 74.792505][ T5326] ? __pfx_validate_chain+0x10/0x10 [ 74.794540][ T5326] ? validate_chain+0x11e/0x5920 [ 74.796376][ T5326] ? __lock_acquire+0x1397/0x2100 [ 74.798203][ T5326] ? validate_chain+0x11e/0x5920 [ 74.800118][ T5326] ? mark_lock+0x9a/0x360 [ 74.801783][ T5326] ? __pfx_validate_chain+0x10/0x10 [ 74.803743][ T5326] ? validate_chain+0x11e/0x5920 [ 74.805562][ T5326] ? validate_chain+0x11e/0x5920 [ 74.807522][ T5326] ? validate_chain+0x11e/0x5920 [ 74.809383][ T5326] ? __pfx_validate_chain+0x10/0x10 [ 74.811353][ T5326] ? validate_chain+0x11e/0x5920 [ 74.813239][ T5326] ? validate_chain+0x11e/0x5920 [ 74.815172][ T5326] ? validate_chain+0x11e/0x5920 [ 74.817138][ T5326] ? __pfx_validate_chain+0x10/0x10 [ 74.819138][ T5326] ? __pfx_validate_chain+0x10/0x10 [ 74.821397][ T5326] ? __pfx_bpf_check+0x10/0x10 [ 74.823496][ T5326] ? mark_lock+0x9a/0x360 [ 74.825168][ T5326] ? __lock_acquire+0x1397/0x2100 [ 74.827449][ T5326] ? mark_lock+0x9a/0x360 [ 74.829170][ T5326] ? __lock_acquire+0x1397/0x2100 [ 74.831045][ T5326] ? __pfx_lock_acquire+0x10/0x10 [ 74.832916][ T5326] ? ktime_get_with_offset+0x8c/0x290 [ 74.834966][ T5326] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 74.837272][ T5326] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 74.839642][ T5326] ? ktime_get_with_offset+0x8c/0x290 [ 74.841736][ T5326] ? seqcount_lockdep_reader_access+0x157/0x220 [ 74.844096][ T5326] ? lockdep_hardirqs_on+0x99/0x150 [ 74.846130][ T5326] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 74.848522][ T5326] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 74.851058][ T5326] ? bpf_obj_name_cpy+0x18a/0x1d0 [ 74.852966][ T5326] bpf_prog_load+0x1667/0x20f0 [ 74.854904][ T5326] ? __pfx_bpf_prog_load+0x10/0x10 [ 74.856857][ T5326] ? __pfx___might_resched+0x10/0x10 [ 74.858849][ T5326] ? __might_fault+0xc6/0x120 [ 74.860606][ T5326] __sys_bpf+0x4ee/0x810 [ 74.862222][ T5326] ? __pfx___sys_bpf+0x10/0x10 [ 74.864026][ T5326] ? __rseq_handle_notify_resume+0x34d/0x14e0 [ 74.866255][ T5326] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 74.868403][ T5326] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 74.870728][ T5326] ? do_syscall_64+0x100/0x230 [ 74.872556][ T5326] __x64_sys_bpf+0x7c/0x90 [ 74.874279][ T5326] do_syscall_64+0xf3/0x230 [ 74.876057][ T5326] ? clear_bhb_loop+0x35/0x90 [ 74.877918][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.880129][ T5326] RIP: 0033:0x7f0a97f85d29 [ 74.881772][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.888462][ T5326] RSP: 002b:00007f0a98e9b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 74.891229][ T5326] RAX: ffffffffffffffda RBX: 00007f0a98175fa0 RCX: 00007f0a97f85d29 [ 74.893915][ T5326] RDX: 0000000000000048 RSI: 00000000200017c0 RDI: 0000000000000005 [ 74.896520][ T5326] RBP: 00007f0a98001b08 R08: 0000000000000000 R09: 0000000000000000 [ 74.899558][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.902561][ T5326] R13: 0000000000000000 R14: 00007f0a98175fa0 R15: 00007ffea986cb68 [ 74.905892][ T5326] [ 74.907082][ T5326] [ 74.907909][ T5326] The buggy address belongs to the virtual mapping at [ 74.907909][ T5326] [ffffc9000d4f1000, ffffc9000d513000) created by: [ 74.907909][ T5326] kvrealloc_noprof+0xc7/0x120 [ 74.914162][ T5326] [ 74.915083][ T5326] The buggy address belongs to the physical page: [ 74.917273][ T5326] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x1fc2 pfn:0x47672 [ 74.920658][ T5326] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 74.923234][ T5326] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 74.926752][ T5326] raw: 0000000000001fc2 0000000000000000 00000001ffffffff 0000000000000000 [ 74.929831][ T5326] page dumped because: kasan: bad access detected [ 74.932149][ T5326] page_owner tracks the page as allocated [ 74.934212][ T5326] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 5326, tgid 5325 (syz.0.0), ts 74713943622, free_ts 74696315706 [ 74.940080][ T5326] post_alloc_hook+0x1f3/0x230 [ 74.941778][ T5326] get_page_from_freelist+0x365c/0x37a0 [ 74.943725][ T5326] __alloc_pages_slowpath+0x414/0x1020 [ 74.945746][ T5326] __alloc_pages_noprof+0x49b/0x710 [ 74.947669][ T5326] alloc_pages_mpol_noprof+0x3e8/0x680 [ 74.949664][ T5326] __vmalloc_node_range_noprof+0x9c9/0x1380 [ 74.951830][ T5326] __kvmalloc_node_noprof+0x142/0x190 [ 74.953937][ T5326] kvrealloc_noprof+0xc7/0x120 [ 74.955724][ T5326] push_insn_history+0x16c/0x6a0 [ 74.957618][ T5326] do_check+0x692f/0xfcd0 [ 74.959341][ T5326] do_check_common+0x1564/0x2010 [ 74.961154][ T5326] bpf_check+0x804e/0x1fc90 [ 74.962821][ T5326] bpf_prog_load+0x1667/0x20f0 [ 74.964630][ T5326] __sys_bpf+0x4ee/0x810 [ 74.966186][ T5326] __x64_sys_bpf+0x7c/0x90 [ 74.967891][ T5326] do_syscall_64+0xf3/0x230 [ 74.969544][ T5326] page last free pid 5326 tgid 5325 stack trace: [ 74.971844][ T5326] free_unref_folios+0xe39/0x18b0 [ 74.973642][ T5326] shrink_folio_list+0x3193/0x5ca0 [ 74.975571][ T5326] evict_folios+0x3c86/0x5800 [ 74.977378][ T5326] try_to_shrink_lruvec+0x9a6/0xc70 [ 74.979321][ T5326] shrink_one+0x3b9/0x850 [ 74.980854][ T5326] shrink_node+0x37c5/0x3e50 [ 74.982547][ T5326] do_try_to_free_pages+0x78c/0x1cf0 [ 74.984454][ T5326] try_to_free_pages+0x47c/0x1050 [ 74.986451][ T5326] __alloc_pages_direct_reclaim+0x178/0x3c0 [ 74.988585][ T5326] __alloc_pages_slowpath+0x764/0x1020 [ 74.990619][ T5326] __alloc_pages_noprof+0x49b/0x710 [ 74.992556][ T5326] alloc_pages_mpol_noprof+0x3e8/0x680 [ 74.994461][ T5326] alloc_slab_page+0x6a/0x110 [ 74.996251][ T5326] allocate_slab+0x1c0/0x2b0 [ 74.998067][ T5326] ___slab_alloc+0xc27/0x14a0 [ 74.999860][ T5326] __slab_alloc+0x58/0xa0 [ 75.001441][ T5326] [ 75.002339][ T5326] Memory state around the buggy address: [ 75.004753][ T5326] ffffc9000d510f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.007770][ T5326] ffffc9000d510f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.010687][ T5326] >ffffc9000d511000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 75.013584][ T5326] ^ [ 75.015601][ T5326] ffffc9000d511080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 75.018657][ T5326] ffffc9000d511100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 75.021855][ T5326] ================================================================== [ 75.025488][ T5326] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 75.028196][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 75.032046][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.035971][ T5326] Call Trace: [ 75.037482][ T5326] [ 75.038637][ T5326] dump_stack_lvl+0x241/0x360 [ 75.040373][ T5326] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.042336][ T5326] ? __pfx__printk+0x10/0x10 [ 75.044006][ T5326] ? lock_release+0xbf/0xa30 [ 75.045745][ T5326] ? vscnprintf+0x5d/0x90 [ 75.047368][ T5326] panic+0x349/0x880 [ 75.048894][ T5326] ? check_panic_on_warn+0x21/0xb0 [ 75.050858][ T5326] ? __pfx_panic+0x10/0x10 [ 75.052575][ T5326] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 75.054771][ T5326] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 75.057325][ T5326] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.059992][ T5326] ? print_report+0x502/0x550 [ 75.061758][ T5326] check_panic_on_warn+0x86/0xb0 [ 75.063561][ T5326] ? vrealloc_noprof+0x341/0x3d0 [ 75.065485][ T5326] end_report+0x77/0x160 [ 75.067092][ T5326] kasan_report+0x154/0x180 [ 75.068811][ T5326] ? vrealloc_noprof+0x341/0x3d0 [ 75.070723][ T5326] kasan_check_range+0x282/0x290 [ 75.072661][ T5326] __asan_memset+0x23/0x50 [ 75.074371][ T5326] vrealloc_noprof+0x341/0x3d0 [ 75.076176][ T5326] push_insn_history+0x16c/0x6a0 [ 75.078146][ T5326] do_check+0x692f/0xfcd0 [ 75.079888][ T5326] ? __pfx_do_check+0x10/0x10 [ 75.081806][ T5326] ? mark_reg_not_init+0xd4/0x4b0 [ 75.083683][ T5326] ? __asan_memcpy+0x40/0x70 [ 75.085765][ T5326] ? mark_reg_not_init+0xd4/0x4b0 [ 75.087931][ T5326] do_check_common+0x1564/0x2010 [ 75.089903][ T5326] bpf_check+0x804e/0x1fc90 [ 75.091655][ T5326] ? validate_chain+0x11e/0x5920 [ 75.093537][ T5326] ? __pfx_validate_chain+0x10/0x10 [ 75.095548][ T5326] ? mark_lock+0x9a/0x360 [ 75.097174][ T5326] ? __pfx_validate_chain+0x10/0x10 [ 75.098977][ T5326] ? validate_chain+0x11e/0x5920 [ 75.100813][ T5326] ? __pfx_validate_chain+0x10/0x10 [ 75.102821][ T5326] ? validate_chain+0x11e/0x5920 [ 75.104726][ T5326] ? __lock_acquire+0x1397/0x2100 [ 75.106761][ T5326] ? validate_chain+0x11e/0x5920 [ 75.108646][ T5326] ? mark_lock+0x9a/0x360 [ 75.110367][ T5326] ? __pfx_validate_chain+0x10/0x10 [ 75.112327][ T5326] ? validate_chain+0x11e/0x5920 [ 75.114212][ T5326] ? validate_chain+0x11e/0x5920 [ 75.116101][ T5326] ? validate_chain+0x11e/0x5920 [ 75.118085][ T5326] ? __pfx_validate_chain+0x10/0x10 [ 75.120118][ T5326] ? validate_chain+0x11e/0x5920 [ 75.122041][ T5326] ? validate_chain+0x11e/0x5920 [ 75.123999][ T5326] ? validate_chain+0x11e/0x5920 [ 75.125917][ T5326] ? __pfx_validate_chain+0x10/0x10 [ 75.128072][ T5326] ? __pfx_validate_chain+0x10/0x10 [ 75.130042][ T5326] ? __pfx_bpf_check+0x10/0x10 [ 75.131843][ T5326] ? mark_lock+0x9a/0x360 [ 75.133438][ T5326] ? __lock_acquire+0x1397/0x2100 [ 75.135468][ T5326] ? mark_lock+0x9a/0x360 [ 75.138609][ T5326] ? __lock_acquire+0x1397/0x2100 [ 75.140596][ T5326] ? __pfx_lock_acquire+0x10/0x10 [ 75.142606][ T5326] ? ktime_get_with_offset+0x8c/0x290 [ 75.144698][ T5326] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 75.146994][ T5326] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 75.149406][ T5326] ? ktime_get_with_offset+0x8c/0x290 [ 75.151457][ T5326] ? seqcount_lockdep_reader_access+0x157/0x220 [ 75.153903][ T5326] ? lockdep_hardirqs_on+0x99/0x150 [ 75.155995][ T5326] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 75.158701][ T5326] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 75.161382][ T5326] ? bpf_obj_name_cpy+0x18a/0x1d0 [ 75.163387][ T5326] bpf_prog_load+0x1667/0x20f0 [ 75.165282][ T5326] ? __pfx_bpf_prog_load+0x10/0x10 [ 75.167271][ T5326] ? __pfx___might_resched+0x10/0x10 [ 75.169271][ T5326] ? __might_fault+0xc6/0x120 [ 75.171082][ T5326] __sys_bpf+0x4ee/0x810 [ 75.172605][ T5326] ? __pfx___sys_bpf+0x10/0x10 [ 75.174416][ T5326] ? __rseq_handle_notify_resume+0x34d/0x14e0 [ 75.176699][ T5326] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 75.178947][ T5326] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 75.181317][ T5326] ? do_syscall_64+0x100/0x230 [ 75.183149][ T5326] __x64_sys_bpf+0x7c/0x90 [ 75.185163][ T5326] do_syscall_64+0xf3/0x230 [ 75.187116][ T5326] ? clear_bhb_loop+0x35/0x90 [ 75.188946][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.191251][ T5326] RIP: 0033:0x7f0a97f85d29 [ 75.192950][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.200130][ T5326] RSP: 002b:00007f0a98e9b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 75.203296][ T5326] RAX: ffffffffffffffda RBX: 00007f0a98175fa0 RCX: 00007f0a97f85d29 [ 75.206249][ T5326] RDX: 0000000000000048 RSI: 00000000200017c0 RDI: 0000000000000005 [ 75.209280][ T5326] RBP: 00007f0a98001b08 R08: 0000000000000000 R09: 0000000000000000 [ 75.212167][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.215044][ T5326] R13: 0000000000000000 R14: 00007f0a98175fa0 R15: 00007ffea986cb68 [ 75.218087][ T5326] [ 75.219537][ T5326] Kernel Offset: disabled [ 75.221178][ T5326] Rebooting in 86400 seconds..