./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2366152161

<...>
Warning: Permanently added '10.128.0.250' (ED25519) to the list of known hosts.
execve("./syz-executor2366152161", ["./syz-executor2366152161"], 0x7fffc67f4220 /* 10 vars */) = 0
brk(NULL)                               = 0x5555677de000
brk(0x5555677ded00)                     = 0x5555677ded00
arch_prctl(ARCH_SET_FS, 0x5555677de380) = 0
set_tid_address(0x5555677de650)         = 5081
set_robust_list(0x5555677de660, 24)     = 0
rseq(0x5555677deca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2366152161", 4096) = 28
getrandom("\xc7\x4e\xec\x0e\x77\x0c\x78\xf5", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555677ded00
brk(0x5555677ffd00)                     = 0x5555677ffd00
brk(0x555567800000)                     = 0x555567800000
mprotect(0x7f5c7c9b2000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
[   59.279075][ T5081] ==================================================================
[   59.287211][ T5081] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x7b/0xe0
[   59.294710][ T5081] Write of size 48 at addr ffff888026243308 by task syz-executor236/5081
[   59.303154][ T5081] 
[   59.305475][ T5081] CPU: 0 PID: 5081 Comm: syz-executor236 Not tainted 6.9.0-rc2-next-20240403-syzkaller #0
[   59.315662][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   59.325765][ T5081] Call Trace:
[   59.329040][ T5081]  <TASK>
[   59.331976][ T5081]  dump_stack_lvl+0x241/0x360
[   59.336682][ T5081]  ? __pfx_dump_stack_lvl+0x10/0x10
[   59.343103][ T5081]  ? __pfx__printk+0x10/0x10
[   59.347681][ T5081]  ? _printk+0xd5/0x120
[   59.351832][ T5081]  ? __virt_addr_valid+0x183/0x520
[   59.356954][ T5081]  ? __virt_addr_valid+0x183/0x520
[   59.362073][ T5081]  print_report+0x169/0x550
[   59.366573][ T5081]  ? __virt_addr_valid+0x183/0x520
[   59.371766][ T5081]  ? __virt_addr_valid+0x183/0x520
[   59.376880][ T5081]  ? __virt_addr_valid+0x44e/0x520
[   59.382003][ T5081]  ? __phys_addr+0xba/0x170
[   59.386538][ T5081]  ? _copy_from_user+0x7b/0xe0
[   59.391317][ T5081]  kasan_report+0x143/0x180
[   59.395818][ T5081]  ? _copy_from_user+0x7b/0xe0
[   59.400689][ T5081]  kasan_check_range+0x282/0x290
[   59.405621][ T5081]  _copy_from_user+0x7b/0xe0
[   59.410270][ T5081]  do_handle_open+0x204/0x660
[   59.414946][ T5081]  ? __pfx_do_handle_open+0x10/0x10
[   59.420481][ T5081]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   59.426799][ T5081]  ? exc_page_fault+0x585/0x8e0
[   59.431993][ T5081]  do_syscall_64+0xfb/0x240
[   59.436494][ T5081]  entry_SYSCALL_64_after_hwframe+0x72/0x7a
[   59.442402][ T5081] RIP: 0033:0x7f5c7c93f2a9
[   59.446809][ T5081] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   59.466672][ T5081] RSP: 002b:00007ffe1f5b4848 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[   59.475082][ T5081] RAX: ffffffffffffffda RBX: 00007ffe1f5b4a28 RCX: 00007f5c7c93f2a9
[   59.483146][ T5081] RDX: 0000000000008c00 RSI: 0000000020000000 RDI: 00000000ffffffff
[   59.491289][ T5081] RBP: 00007f5c7c9b2610 R08: 0000000000000000 R09: 0000000000000000
[   59.499266][ T5081] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001
[   59.507262][ T5081] R13: 00007ffe1f5b4a18 R14: 0000000000000001 R15: 0000000000000001
[   59.515249][ T5081]  </TASK>
[   59.518286][ T5081] 
[   59.520602][ T5081] Allocated by task 5081:
[   59.524916][ T5081]  kasan_save_track+0x3f/0x80
[   59.529697][ T5081]  __kasan_kmalloc+0x98/0xb0
[   59.534400][ T5081]  __kmalloc_noprof+0x200/0x410
[   59.539264][ T5081]  do_handle_open+0x162/0x660
[   59.544062][ T5081]  do_syscall_64+0xfb/0x240
[   59.548587][ T5081]  entry_SYSCALL_64_after_hwframe+0x72/0x7a
[   59.557617][ T5081] 
[   59.559940][ T5081] The buggy address belongs to the object at ffff888026243300
[   59.559940][ T5081]  which belongs to the cache kmalloc-64 of size 64
[   59.574566][ T5081] The buggy address is located 8 bytes inside of
[   59.574566][ T5081]  allocated 48-byte region [ffff888026243300, ffff888026243330)
[   59.588713][ T5081] 
[   59.591046][ T5081] The buggy address belongs to the physical page:
[   59.597641][ T5081] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26243
[   59.606704][ T5081] flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
[   59.613993][ T5081] page_type: 0xffffefff(slab)
[   59.618666][ T5081] raw: 00fff80000000000 ffff888015041640 ffffea0000af65c0 dead000000000002
[   59.627237][ T5081] raw: 0000000000000000 0000000080200020 00000001ffffefff 0000000000000000
[   59.636167][ T5081] page dumped because: kasan: bad access detected
[   59.642565][ T5081] page_owner tracks the page as allocated
[   59.648268][ T5081] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 27, tgid -1419877071 (kdevtmpfs), ts 27, free_ts 0
[   59.665542][ T5081]  post_alloc_hook+0x1f3/0x230
[   59.670334][ T5081]  get_page_from_freelist+0x2e7e/0x2f40
[   59.675965][ T5081]  __alloc_pages_noprof+0x256/0x6c0
[   59.681154][ T5081]  alloc_slab_page+0x5f/0x120
[   59.685830][ T5081]  allocate_slab+0x5a/0x2e0
[   59.690414][ T5081]  ___slab_alloc+0xcd1/0x14b0
[   59.695082][ T5081]  __slab_alloc+0x58/0xa0
[   59.699402][ T5081]  __kmalloc_noprof+0x25e/0x410
[   59.706323][ T5081]  security_inode_init_security+0x126/0x440
[   59.712217][ T5081]  shmem_mknod+0xc5/0x1d0
[   59.716536][ T5081]  vfs_mknod+0x36d/0x3b0
[   59.720770][ T5081]  devtmpfs_work_loop+0x96b/0x1040
[   59.725879][ T5081]  devtmpfsd+0x4c/0x50
[   59.729945][ T5081]  kthread+0x2f0/0x390
[   59.734113][ T5081]  ret_from_fork+0x4b/0x80
[   59.738560][ T5081]  ret_from_fork_asm+0x1a/0x30
[   59.743341][ T5081] page_owner free stack trace missing
[   59.748698][ T5081] 
[   59.751100][ T5081] Memory state around the buggy address:
[   59.756751][ T5081]  ffff888026243200: 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc
[   59.764831][ T5081]  ffff888026243280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   59.772922][ T5081] >ffff888026243300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   59.780979][ T5081]                                      ^
[   59.786598][ T5081]  ffff888026243380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   59.794752][ T5081]  ffff888026243400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   59.802918][ T5081] ==================================================================
[   59.811283][ T5081] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   59.818518][ T5081] CPU: 1 PID: 5081 Comm: syz-executor236 Not tainted 6.9.0-rc2-next-20240403-syzkaller #0
[   59.828412][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   59.838546][ T5081] Call Trace:
[   59.841868][ T5081]  <TASK>
[   59.844815][ T5081]  dump_stack_lvl+0x241/0x360
[   59.849525][ T5081]  ? __pfx_dump_stack_lvl+0x10/0x10
[   59.854865][ T5081]  ? __pfx__printk+0x10/0x10
[   59.859472][ T5081]  ? preempt_schedule+0xe1/0xf0
[   59.864319][ T5081]  ? vscnprintf+0x5d/0x90
[   59.868646][ T5081]  panic+0x349/0x860
[   59.872714][ T5081]  ? check_panic_on_warn+0x21/0xb0
[   59.877909][ T5081]  ? __pfx_panic+0x10/0x10
[   59.882319][ T5081]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   59.888296][ T5081]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   59.894620][ T5081]  ? print_report+0x502/0x550
[   59.899342][ T5081]  check_panic_on_warn+0x86/0xb0
[   59.904303][ T5081]  ? _copy_from_user+0x7b/0xe0
[   59.909077][ T5081]  end_report+0x77/0x160
[   59.913313][ T5081]  kasan_report+0x154/0x180
[   59.917816][ T5081]  ? _copy_from_user+0x7b/0xe0
[   59.922603][ T5081]  kasan_check_range+0x282/0x290
[   59.927565][ T5081]  _copy_from_user+0x7b/0xe0
[   59.932164][ T5081]  do_handle_open+0x204/0x660
[   59.936962][ T5081]  ? __pfx_do_handle_open+0x10/0x10
[   59.942271][ T5081]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   59.948606][ T5081]  ? exc_page_fault+0x585/0x8e0
[   59.953482][ T5081]  do_syscall_64+0xfb/0x240
[   59.958007][ T5081]  entry_SYSCALL_64_after_hwframe+0x72/0x7a
[   59.963899][ T5081] RIP: 0033:0x7f5c7c93f2a9
[   59.968308][ T5081] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   59.987928][ T5081] RSP: 002b:00007ffe1f5b4848 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[   59.996426][ T5081] RAX: ffffffffffffffda RBX: 00007ffe1f5b4a28 RCX: 00007f5c7c93f2a9
[   60.004391][ T5081] RDX: 0000000000008c00 RSI: 0000000020000000 RDI: 00000000ffffffff
[   60.012356][ T5081] RBP: 00007f5c7c9b2610 R08: 0000000000000000 R09: 0000000000000000
[   60.020316][ T5081] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001
[   60.028319][ T5081] R13: 00007ffe1f5b4a18 R14: 0000000000000001 R15: 0000000000000001
[   60.036312][ T5081]  </TASK>
[   60.039767][ T5081] Kernel Offset: disabled
[   60.044080][ T5081] Rebooting in 86400 seconds..