task:syz-execprog    state:R  running task     stack:0     pid:4398  tgid:4397  ppid:4395   task_flags:0x400040 flags:0x00000000
Call Trace:
[<ffffffff86245be6>] context_switch kernel/sched/core.c:5377 [inline]
[<ffffffff86245be6>] __schedule+0xe4c/0x3d70 kernel/sched/core.c:6764
==================================================================
BUG: KASAN: stack-out-of-bounds in walk_stackframe+0x406/0x474 arch/riscv/kernel/stacktrace.c:67
Read of size 8 at addr ffff8f8003e57a08 by task kworker/1:4/5091

CPU: 1 UID: 0 PID: 5091 Comm: kworker/1:4 Not tainted 6.14.0-rc1-syzkaller-g245aece3750d #0
Hardware name: riscv-virtio,qemu (DT)
Workqueue: events_power_efficient wg_ratelimiter_gc_entries
Call Trace:
[<ffffffff80074518>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:132
[<ffffffff80003206>] show_stack+0x30/0x3c arch/riscv/kernel/stacktrace.c:138
[<ffffffff8005fa4c>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff8005fa4c>] dump_stack_lvl+0x12e/0x1a6 lib/dump_stack.c:120
[<ffffffff8000eac8>] print_address_description mm/kasan/report.c:378 [inline]
[<ffffffff8000eac8>] print_report+0x28e/0x5aa mm/kasan/report.c:489
[<ffffffff80a69b12>] kasan_report+0xf0/0x214 mm/kasan/report.c:602
[<ffffffff80a6b94e>] __asan_report_load8_noabort+0x12/0x1a mm/kasan/report_generic.c:381
[<ffffffff800740e8>] walk_stackframe+0x406/0x474 arch/riscv/kernel/stacktrace.c:67
[<ffffffff80074518>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:132
[<ffffffff80003206>] show_stack+0x30/0x3c arch/riscv/kernel/stacktrace.c:138
[<ffffffff80201892>] sched_show_task kernel/sched/core.c:7719 [inline]
[<ffffffff80201892>] sched_show_task+0x460/0x61c kernel/sched/core.c:7694
[<ffffffff8020fc54>] show_state_filter+0xcc/0x28e kernel/sched/core.c:7764
[<ffffffff81d55834>] show_state include/linux/sched/debug.h:21 [inline]
[<ffffffff81d55834>] fn_show_state+0x1a/0x22 drivers/tty/vt/keyboard.c:614
[<ffffffff81d55e2a>] k_spec drivers/tty/vt/keyboard.c:667 [inline]
[<ffffffff81d55e2a>] k_spec+0x102/0x16c drivers/tty/vt/keyboard.c:656
[<ffffffff81d58b16>] kbd_keycode drivers/tty/vt/keyboard.c:1522 [inline]
[<ffffffff81d58b16>] kbd_event+0x8ac/0x1056 drivers/tty/vt/keyboard.c:1541
[<ffffffff83e16a8c>] input_handle_events_default+0xfe/0x174 drivers/input/input.c:2575
[<ffffffff83e1f11e>] input_pass_values+0x660/0x7f8 drivers/input/input.c:127
[<ffffffff83e20c6a>] input_event_dispose drivers/input/input.c:341 [inline]
[<ffffffff83e20c6a>] input_handle_event+0x232/0x13e6 drivers/input/input.c:369
[<ffffffff83e21eb4>] input_event drivers/input/input.c:395 [inline]
[<ffffffff83e21eb4>] input_event+0x96/0xd2 drivers/input/input.c:390
[<ffffffff84720d8e>] input_sync include/linux/input.h:464 [inline]
[<ffffffff84720d8e>] hidinput_report_event+0xc0/0x114 drivers/hid/hid-input.c:1733
[<ffffffff847168d6>] hid_report_raw_event+0x26e/0x1146 drivers/hid/hid-core.c:2055
[<ffffffff84717aa4>] __hid_input_report.constprop.0+0x2f6/0x3fa drivers/hid/hid-core.c:2118
[<ffffffff84717bda>] hid_input_report+0x32/0x44 drivers/hid/hid-core.c:2140
[<ffffffff848ac616>] hid_irq_in+0x2f6/0x732 drivers/hid/usbhid/hid-core.c:285
[<ffffffff8366b7ae>] __usb_hcd_giveback_urb+0x362/0x6f4 drivers/usb/core/hcd.c:1650
[<ffffffff8366bea4>] usb_hcd_giveback_urb+0x364/0x3fe drivers/usb/core/hcd.c:1734
[<ffffffff83bb4158>] dummy_timer+0x134a/0x3458 drivers/usb/gadget/udc/dummy_hcd.c:1994
[<ffffffff803d99e2>] __run_hrtimer kernel/time/hrtimer.c:1738 [inline]
[<ffffffff803d99e2>] __hrtimer_run_queues+0x1ac/0xe32 kernel/time/hrtimer.c:1802
[<ffffffff803da7a8>] hrtimer_run_softirq+0x140/0x2e6 kernel/time/hrtimer.c:1819
[<ffffffff80156a72>] handle_softirqs+0x4b2/0x132e kernel/softirq.c:561
[<ffffffff80157bbe>] __do_softirq kernel/softirq.c:595 [inline]
[<ffffffff80157bbe>] invoke_softirq kernel/softirq.c:435 [inline]
[<ffffffff80157bbe>] __irq_exit_rcu+0x18c/0x550 kernel/softirq.c:662
[<ffffffff801595c4>] irq_exit_rcu+0x10/0xf8 kernel/softirq.c:678
[<ffffffff8623ad08>] handle_riscv_irq+0x40/0x4c arch/riscv/kernel/traps.c:378
[<ffffffff862612ce>] call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:356

The buggy address belongs to the virtual mapping at
 [ffff8f8003e50000, ffff8f8003e59000) created by:
 kernel_clone+0x11e/0xc3c kernel/fork.c:2815

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffffaf8020cfff00 pfn:0xa0cff
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 0000000000000000 dead000000000122 0000000000000000
raw: ffffaf8020cfff00 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 3037, tgid 3037 (dhcpcd), ts 972827604200, free_ts 971280500400
 __set_page_owner+0xa2/0x710 mm/page_owner.c:320
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0xea/0x1e2 mm/page_alloc.c:1551
 prep_new_page mm/page_alloc.c:1559 [inline]
 get_page_from_freelist+0xf78/0x2bd6 mm/page_alloc.c:3477
 __alloc_frozen_pages_noprof+0x1e8/0x20fc mm/page_alloc.c:4739
 alloc_pages_mpol+0x1fa/0x5b8 mm/mempolicy.c:2270
 alloc_frozen_pages_noprof+0x174/0x2f0 mm/mempolicy.c:2341
 alloc_pages_noprof+0x20/0x48 mm/mempolicy.c:2361
 vm_area_alloc_pages mm/vmalloc.c:3591 [inline]
 __vmalloc_area_node mm/vmalloc.c:3669 [inline]
 __vmalloc_node_range_noprof+0x640/0x120a mm/vmalloc.c:3846
 alloc_thread_stack_node kernel/fork.c:314 [inline]
 dup_task_struct kernel/fork.c:1127 [inline]
 copy_process+0x2c02/0x6c8e kernel/fork.c:2233
 kernel_clone+0x11e/0xc3c kernel/fork.c:2815
 __do_sys_clone+0xe4/0x118 kernel/fork.c:2958
 __se_sys_clone kernel/fork.c:2926 [inline]
 __riscv_sys_clone+0xa0/0x10e kernel/fork.c:2926
 syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
 do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
 handle_exception+0x146/0x152 arch/riscv/kernel/entry.S:197
page last free pid 4363 tgid 4363 stack trace:
 __reset_page_owner+0x8c/0x400 mm/page_owner.c:297
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_frozen_pages+0x96a/0x155c mm/page_alloc.c:2660
 __free_slab+0xcc/0x172 mm/slub.c:2655
 free_slab+0x38/0x1ae mm/slub.c:2678
 discard_slab mm/slub.c:2684 [inline]
 __put_partials+0x178/0x1e6 mm/slub.c:3153
 put_cpu_partial+0x17c/0x296 mm/slub.c:3228
 __slab_free+0x112/0x3fa mm/slub.c:4479
 do_slab_free mm/slub.c:4561 [inline]
 ___cache_free+0x1a4/0x1de mm/slub.c:4667
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x76/0x168 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x158/0x1ba mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x5c/0x82 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4115 [inline]
 slab_alloc_node mm/slub.c:4164 [inline]
 __kmalloc_cache_noprof+0x10a/0x3f8 mm/slub.c:4320
 kmalloc_noprof include/linux/slab.h:901 [inline]
 __sk_attach_prog+0x56/0x274 net/core/filter.c:1468
 sk_attach_filter+0x46/0x170 net/core/filter.c:1545
 sk_setsockopt+0x2a94/0x3a2c net/core/sock.c:1460
 sock_setsockopt+0x54/0x6e net/core/sock.c:1646

Memory state around the buggy address:
 ffff8f8003e57900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8f8003e57980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8f8003e57a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                      ^
 ffff8f8003e57a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8f8003e57b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================