loop3: detected capacity change from 0 to 10
block device autoloading is deprecated and will be removed.
==================================================================
BUG: KASAN: stack-out-of-bounds in profile_pc+0x181/0x190
Read of size 8 at addr ffff8880319478d0 by task syz-executor.3/4104
CPU: 0 PID: 4104 Comm: syz-executor.3 Not tainted 6.5.0-rc6-next-20230818 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
<IRQ>
dump_stack_lvl+0x91/0xf0
print_report+0xcc/0x620
kasan_report+0xbe/0xf0
profile_pc+0x181/0x190
profile_tick+0xa8/0xf0
tick_sched_timer+0xe6/0x110
__hrtimer_run_queues+0x17f/0xb60
hrtimer_interrupt+0x2ef/0x750
__sysvec_apic_timer_interrupt+0xb3/0x330
sysvec_apic_timer_interrupt+0x69/0x90
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:queued_spin_lock_slowpath+0x128/0xb20
Code: 00 00 00 65 48 2b 04 25 28 00 00 00 0f 85 5c 09 00 00 48 81 c4 88 00 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f e9 ba 21 00 00 f3 90 <e9> 71 ff ff ff 44 8b 74 24 48 41 81 fe 00 01 00 00 0f 84 e4 00 00
loop7: detected capacity change from 0 to 10
RSP: 0018:ffff8880319478c8 EFLAGS: 00000202
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff845cbacb
RDX: fffffbfff0ad8abd RSI: 0000000000000004 RDI: ffffffff856c55e0
RBP: ffffffff856c55e0 R08: 0000000000000000 R09: fffffbfff0ad8abc
R10: ffffffff856c55e3 R11: 0000000000000001 R12: 0000000000000003
R13: fffffbfff0ad8abc R14: 0000000000000001 R15: 1ffff11006328f1a
do_raw_spin_lock+0x1e0/0x270
free_vmap_area_noflush+0x114/0xc20
remove_vm_area+0x17c/0x210
vfree+0x97/0x840
do_ipt_get_ctl+0xb61/0xed0
nf_getsockopt+0x7c/0xd0
ip_getsockopt+0x190/0x1f0
tcp_getsockopt+0xa3/0x110
__sys_getsockopt+0x150/0x250
__x64_sys_getsockopt+0xbe/0x160
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
RIP: 0033:0x7fc79465913a
Code: 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd100df968 EFLAGS: 00000216 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc79465913a
RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007ffd100df990 R08: 00007ffd100df98c R09: ffffffffffff0000
R10: 00007ffd100df9f0 R11: 0000000000000216 R12: 00007ffd100df9f0
R13: 0000000000000003 R14: 00007ffd100df98c R15: 00007fc79473ad20
</TASK>
The buggy address belongs to stack of task syz-executor.3/4104
and is located at offset 0 in frame:
queued_spin_lock_slowpath+0x0/0xb20
This frame has 2 objects:
[48, 52) 'val'
[64, 68) 'val'
The buggy address belongs to the physical page:
page:000000005498b4ba refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31947
flags: 0x100000000000000(node=0|zone=1)
page_type: 0xffffffff()
raw: 0100000000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff888031947780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff888031947800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff888031947880: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1
^
ffff888031947900: 04 f2 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
ffff888031947980: 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00
==================================================================
block device autoloading is deprecated and will be removed.
block device autoloading is deprecated and will be removed.
loop1: detected capacity change from 0 to 10
----------------
Code disassembly (best guess):
0: 00 00 add %al,(%rax)
2: 00 65 48 add %ah,0x48(%rbp)
5: 2b 04 25 28 00 00 00 sub 0x28,%eax
c: 0f 85 5c 09 00 00 jne 0x96e
12: 48 81 c4 88 00 00 00 add $0x88,%rsp
19: 5b pop %rbx
1a: 5d pop %rbp
1b: 41 5c pop %r12
1d: 41 5d pop %r13
1f: 41 5e pop %r14
21: 41 5f pop %r15
23: e9 ba 21 00 00 jmpq 0x21e2
28: f3 90 pause
* 2a: e9 71 ff ff ff jmpq 0xffffffa0 <-- trapping instruction
2f: 44 8b 74 24 48 mov 0x48(%rsp),%r14d
34: 41 81 fe 00 01 00 00 cmp $0x100,%r14d
3b: 0f .byte 0xf
3c: 84 e4 test %ah,%ah