./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor990074285

<...>
Warning: Permanently added '10.128.0.72' (ECDSA) to the list of known hosts.
execve("./syz-executor990074285", ["./syz-executor990074285"], 0x7ffc05c14eb0 /* 10 vars */) = 0
brk(NULL)                               = 0x5555555a3000
brk(0x5555555a3c40)                     = 0x5555555a3c40
arch_prctl(ARCH_SET_FS, 0x5555555a3300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor990074285", 4096) = 27
brk(0x5555555c4c40)                     = 0x5555555c4c40
brk(0x5555555c5000)                     = 0x5555555c5000
mprotect(0x7fc18e829000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
syzkaller login: [   56.568148][ T5290] ==================================================================
[   56.576237][ T5290] BUG: KASAN: slab-out-of-bounds in copy_array+0x96/0x100
[   56.583344][ T5290] Write of size 232 at addr ffff88801ed62600 by task syz-executor990/5290
[   56.591825][ T5290] 
[   56.594132][ T5290] CPU: 0 PID: 5290 Comm: syz-executor990 Not tainted 6.1.0-rc6-next-20221124-syzkaller #0
[   56.604003][ T5290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   56.614043][ T5290] Call Trace:
[   56.617309][ T5290]  <TASK>
[   56.620225][ T5290]  dump_stack_lvl+0xd1/0x138
[   56.624804][ T5290]  print_report+0x15e/0x45d
[   56.629312][ T5290]  ? __phys_addr+0xc8/0x140
[   56.633808][ T5290]  ? copy_array+0x96/0x100
[   56.638212][ T5290]  kasan_report+0xbf/0x1f0
[   56.642625][ T5290]  ? copy_array+0x96/0x100
[   56.647041][ T5290]  kasan_check_range+0x141/0x190
[   56.651989][ T5290]  memcpy+0x3d/0x60
[   56.655810][ T5290]  copy_array+0x96/0x100
[   56.660042][ T5290]  copy_verifier_state+0xa9/0xbe0
[   56.665056][ T5290]  pop_stack+0x8c/0x2f0
[   56.669200][ T5290]  do_check_common+0x372b/0xc5e0
[   56.674135][ T5290]  ? check_helper_call+0x8d80/0x8d80
[   56.679410][ T5290]  ? check_cfg+0x67a/0xb60
[   56.683830][ T5290]  bpf_check+0x7371/0xad00
[   56.688258][ T5290]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   56.694239][ T5290]  ? bpf_get_btf_vmlinux+0x20/0x20
[   56.699346][ T5290]  ? find_held_lock+0x2d/0x110
[   56.704103][ T5290]  ? bpf_prog_load+0x1486/0x2230
[   56.709033][ T5290]  ? lock_downgrade+0x6e0/0x6e0
[   56.713874][ T5290]  ? __might_fault+0xd9/0x180
[   56.718540][ T5290]  ? memset+0x24/0x50
[   56.722508][ T5290]  ? bpf_obj_name_cpy+0x148/0x1a0
[   56.727524][ T5290]  bpf_prog_load+0x1543/0x2230
[   56.732278][ T5290]  ? __bpf_prog_put.constprop.0+0x220/0x220
[   56.738159][ T5290]  ? find_held_lock+0x2d/0x110
[   56.742916][ T5290]  ? bpf_lsm_bpf+0x9/0x10
[   56.747234][ T5290]  __sys_bpf+0x1436/0x4ff0
[   56.751634][ T5290]  ? lock_release+0x810/0x810
[   56.756300][ T5290]  ? bpf_perf_link_attach+0x520/0x520
[   56.761654][ T5290]  ? do_raw_spin_lock+0x124/0x2b0
[   56.766662][ T5290]  ? rwlock_bug.part.0+0x90/0x90
[   56.771580][ T5290]  ? _raw_spin_lock_irq+0x45/0x50
[   56.776610][ T5290]  ? find_held_lock+0x2d/0x110
[   56.781363][ T5290]  ? _raw_spin_unlock_irq+0x23/0x50
[   56.786553][ T5290]  ? lockdep_hardirqs_on+0x7d/0x100
[   56.791738][ T5290]  __x64_sys_bpf+0x79/0xc0
[   56.796138][ T5290]  do_syscall_64+0x39/0xb0
[   56.800538][ T5290]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.806468][ T5290] RIP: 0033:0x7fc18e7bbc29
[   56.810868][ T5290] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.830476][ T5290] RSP: 002b:00007ffd8f27a968 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   56.838873][ T5290] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc18e7bbc29
[   56.846827][ T5290] RDX: 0000000000000048 RSI: 0000000020000200 RDI: 0000000000000005
[   56.855647][ T5290] RBP: 00007fc18e77fdd0 R08: 0000000000000000 R09: 0000000000000000
[   56.863600][ T5290] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fc18e77fe60
[   56.871554][ T5290] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   56.879512][ T5290]  </TASK>
[   56.882520][ T5290] 
[   56.884823][ T5290] Allocated by task 5290:
[   56.889131][ T5290]  kasan_save_stack+0x22/0x40
[   56.893799][ T5290]  kasan_set_track+0x25/0x30
[   56.898374][ T5290]  __kasan_krealloc+0x145/0x180
[   56.903210][ T5290]  krealloc+0xa8/0x100
[   56.907261][ T5290]  push_jmp_history+0x89/0x260
[   56.912014][ T5290]  do_check_common+0x4b47/0xc5e0
[   56.916950][ T5290]  bpf_check+0x7371/0xad00
[   56.921351][ T5290]  bpf_prog_load+0x1543/0x2230
[   56.926121][ T5290]  __sys_bpf+0x1436/0x4ff0
[   56.930522][ T5290]  __x64_sys_bpf+0x79/0xc0
[   56.934918][ T5290]  do_syscall_64+0x39/0xb0
[   56.939319][ T5290]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.945198][ T5290] 
[   56.947503][ T5290] The buggy address belongs to the object at ffff88801ed62600
[   56.947503][ T5290]  which belongs to the cache kmalloc-256 of size 256
[   56.961532][ T5290] The buggy address is located 0 bytes inside of
[   56.961532][ T5290]  256-byte region [ffff88801ed62600, ffff88801ed62700)
[   56.974613][ T5290] 
[   56.976919][ T5290] The buggy address belongs to the physical page:
[   56.983306][ T5290] page:ffffea00007b5880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ed62
[   56.993436][ T5290] head:ffffea00007b5880 order:1 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
[   57.003475][ T5290] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   57.011442][ T5290] raw: 00fff00000010200 ffff888012441b40 ffffea0000809f80 dead000000000002
[   57.020006][ T5290] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   57.028564][ T5290] page dumped because: kasan: bad access detected
[   57.034954][ T5290] page_owner tracks the page as allocated
[   57.040646][ T5290] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 56, tgid 56 (kworker/u4:4), ts 7761288109, free_ts 0
[   57.060684][ T5290]  get_page_from_freelist+0x119c/0x2cd0
[   57.066221][ T5290]  __alloc_pages+0x1cb/0x5b0
[   57.070797][ T5290]  alloc_pages+0x1aa/0x270
[   57.075199][ T5290]  allocate_slab+0x25e/0x350
[   57.079775][ T5290]  ___slab_alloc+0xa91/0x1400
[   57.084444][ T5290]  __slab_alloc.constprop.0+0x56/0xa0
[   57.089801][ T5290]  __kmem_cache_alloc_node+0x1a9/0x430
[   57.095246][ T5290]  kmalloc_trace+0x26/0x60
[   57.099645][ T5290]  scsi_probe_and_add_lun+0x3ae/0x34d0
[   57.106050][ T5290]  __scsi_scan_target+0x21f/0xda0
[   57.111056][ T5290]  scsi_scan_channel+0x148/0x1e0
[   57.115976][ T5290]  scsi_scan_host_selected+0x2e3/0x3b0
[   57.121429][ T5290]  do_scsi_scan_host+0x1e8/0x260
[   57.126355][ T5290]  do_scan_async+0x42/0x500
[   57.130840][ T5290]  async_run_entry_fn+0x9c/0x530
[   57.135766][ T5290]  process_one_work+0x9bf/0x1710
[   57.140689][ T5290] page_owner free stack trace missing
[   57.146033][ T5290] 
[   57.148336][ T5290] Memory state around the buggy address:
[   57.153945][ T5290]  ffff88801ed62500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.161992][ T5290]  ffff88801ed62580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.170045][ T5290] >ffff88801ed62600: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[   57.178083][ T5290]                                ^
[   57.183168][ T5290]  ffff88801ed62680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.191208][ T5290]  ffff88801ed62700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.199246][ T5290] ==================================================================
[   57.212148][ T5290] Kernel panic - not syncing: panic_on_warn set ...
[   57.218747][ T5290] CPU: 0 PID: 5290 Comm: syz-executor990 Not tainted 6.1.0-rc6-next-20221124-syzkaller #0
[   57.228618][ T5290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.238652][ T5290] Call Trace:
[   57.241914][ T5290]  <TASK>
[   57.244827][ T5290]  dump_stack_lvl+0xd1/0x138
[   57.249412][ T5290]  panic+0x2cc/0x626
[   57.253292][ T5290]  ? panic_print_sys_info.part.0+0x110/0x110
[   57.259254][ T5290]  ? preempt_schedule_common+0x59/0xc0
[   57.264700][ T5290]  ? preempt_schedule_thunk+0x1a/0x20
[   57.270062][ T5290]  end_report.part.0+0x3f/0x7c
[   57.274810][ T5290]  ? copy_array+0x96/0x100
[   57.279210][ T5290]  kasan_report.cold+0xa/0xf
[   57.283790][ T5290]  ? copy_array+0x96/0x100
[   57.288192][ T5290]  kasan_check_range+0x141/0x190
[   57.293120][ T5290]  memcpy+0x3d/0x60
[   57.296913][ T5290]  copy_array+0x96/0x100
[   57.301141][ T5290]  copy_verifier_state+0xa9/0xbe0
[   57.306153][ T5290]  pop_stack+0x8c/0x2f0
[   57.310299][ T5290]  do_check_common+0x372b/0xc5e0
[   57.315234][ T5290]  ? check_helper_call+0x8d80/0x8d80
[   57.320511][ T5290]  ? check_cfg+0x67a/0xb60
[   57.324918][ T5290]  bpf_check+0x7371/0xad00
[   57.329325][ T5290]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   57.335297][ T5290]  ? bpf_get_btf_vmlinux+0x20/0x20
[   57.340400][ T5290]  ? find_held_lock+0x2d/0x110
[   57.345153][ T5290]  ? bpf_prog_load+0x1486/0x2230
[   57.350082][ T5290]  ? lock_downgrade+0x6e0/0x6e0
[   57.354920][ T5290]  ? __might_fault+0xd9/0x180
[   57.359588][ T5290]  ? memset+0x24/0x50
[   57.363556][ T5290]  ? bpf_obj_name_cpy+0x148/0x1a0
[   57.368581][ T5290]  bpf_prog_load+0x1543/0x2230
[   57.373356][ T5290]  ? __bpf_prog_put.constprop.0+0x220/0x220
[   57.379245][ T5290]  ? find_held_lock+0x2d/0x110
[   57.384010][ T5290]  ? bpf_lsm_bpf+0x9/0x10
[   57.388332][ T5290]  __sys_bpf+0x1436/0x4ff0
[   57.392735][ T5290]  ? lock_release+0x810/0x810
[   57.397406][ T5290]  ? bpf_perf_link_attach+0x520/0x520
[   57.402768][ T5290]  ? do_raw_spin_lock+0x124/0x2b0
[   57.407780][ T5290]  ? rwlock_bug.part.0+0x90/0x90
[   57.412705][ T5290]  ? _raw_spin_lock_irq+0x45/0x50
[   57.417725][ T5290]  ? find_held_lock+0x2d/0x110
[   57.422485][ T5290]  ? _raw_spin_unlock_irq+0x23/0x50
[   57.427678][ T5290]  ? lockdep_hardirqs_on+0x7d/0x100
[   57.432867][ T5290]  __x64_sys_bpf+0x79/0xc0
[   57.437269][ T5290]  do_syscall_64+0x39/0xb0
[   57.441674][ T5290]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.447557][ T5290] RIP: 0033:0x7fc18e7bbc29
[   57.451958][ T5290] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.471564][ T5290] RSP: 002b:00007ffd8f27a968 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   57.479964][ T5290] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc18e7bbc29
[   57.487924][ T5290] RDX: 0000000000000048 RSI: 0000000020000200 RDI: 0000000000000005
[   57.495881][ T5290] RBP: 00007fc18e77fdd0 R08: 0000000000000000 R09: 0000000000000000
[   57.503838][ T5290] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fc18e77fe60
[   57.511883][ T5290] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   57.519845][ T5290]  </TASK>
[   57.523071][ T5290] Kernel Offset: disabled
[   57.527390][ T5290] Rebooting in 86400 seconds..