./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor688763805 <...> forked to background, child pid 3185 no interfaces have a carrier [ 23.413822][ T3186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 23.429491][ T3186] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts. execve("./syz-executor688763805", ["./syz-executor688763805"], 0x7ffc5b333c70 /* 10 vars */) = 0 brk(NULL) = 0x5555557eb000 brk(0x5555557ebc40) = 0x5555557ebc40 arch_prctl(ARCH_SET_FS, 0x5555557eb300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor688763805", 4096) = 27 brk(0x55555580cc40) = 0x55555580cc40 brk(0x55555580d000) = 0x55555580d000 mprotect(0x7f2b320fc000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3613 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "3613", 4) = 4 close(3) = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3614 attached [pid 3614] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 3613] <... clone resumed>, child_tidptr=0x5555557eb5d0) = 3614 [pid 3614] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 3614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3614] setsid() = 1 [pid 3614] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3614] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3614] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3614] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3614] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3614] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3614] unshare(CLONE_NEWNS) = 0 [pid 3614] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3614] unshare(CLONE_NEWIPC) = 0 [pid 3614] unshare(CLONE_NEWCGROUP) = 0 [pid 3614] unshare(CLONE_NEWUTS) = 0 [pid 3614] unshare(CLONE_SYSVSEM) = 0 [pid 3614] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "16777216", 8) = 8 [pid 3614] close(3) = 0 [pid 3614] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "536870912", 9) = 9 [pid 3614] close(3) = 0 [pid 3614] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "1024", 4) = 4 [pid 3614] close(3) = 0 [pid 3614] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "8192", 4) = 4 [pid 3614] close(3) = 0 [pid 3614] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "1024", 4) = 4 [pid 3614] close(3) = 0 [pid 3614] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "1024", 4) = 4 [pid 3614] close(3) = 0 [pid 3614] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3614] close(3) = 0 [pid 3614] getpid() = 1 [pid 3614] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [ 44.853901][ T3614] dump_stack_lvl+0xcd/0x134 [ 44.858512][ T3614] print_report.cold+0x2ba/0x719 [ 44.863543][ T3614] ? nilfs_segctor_confirm+0x175/0x190 [ 44.869020][ T3614] kasan_report+0xb1/0x1e0 [ 44.873472][ T3614] ? nilfs_segctor_confirm+0x175/0x190 [ 44.878944][ T3614] nilfs_segctor_confirm+0x175/0x190 [ 44.884239][ T3614] nilfs_detach_log_writer+0x856/0x9f0 [ 44.889714][ T3614] ? nilfs_clean_segments+0xa80/0xa80 [ 44.895093][ T3614] ? collect_domain_accesses+0xbf0/0xbf0 [ 44.900739][ T3614] ? prepare_to_wait_exclusive+0x2b0/0x2b0 [ 44.906571][ T3614] ? dispose_list+0x1e0/0x1e0 [ 44.911254][ T3614] nilfs_put_super+0x3f/0x1a0 [ 44.915934][ T3614] ? nilfs_freeze+0xc0/0xc0 [ 44.920438][ T3614] generic_shutdown_super+0x154/0x410 [ 44.925811][ T3614] kill_block_super+0x97/0xf0 [ 44.930497][ T3614] deactivate_locked_super+0x94/0x160 [ 44.935873][ T3614] deactivate_super+0xad/0xd0 [ 44.940549][ T3614] cleanup_mnt+0x2ae/0x3d0 [ 44.944963][ T3614] task_work_run+0xdd/0x1a0 [ 44.949481][ T3614] do_exit+0xad5/0x29b0 [ 44.953647][ T3614] ? mm_update_next_owner+0x7a0/0x7a0 [ 44.959029][ T3614] ? _raw_spin_unlock_irq+0x1f/0x40 [ 44.964260][ T3614] ? _raw_spin_unlock_irq+0x1f/0x40 [ 44.969563][ T3614] do_group_exit+0xd2/0x2f0 [ 44.974075][ T3614] __x64_sys_exit_group+0x3a/0x50 [ 44.979117][ T3614] do_syscall_64+0x35/0xb0 [ 44.983564][ T3614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 44.989478][ T3614] RIP: 0033:0x7f2b32092779 [ 44.993889][ T3614] Code: Unable to access opcode bytes at 0x7f2b3209274f. [ 45.000991][ T3614] RSP: 002b:00007ffe78a167e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 45.009428][ T3614] RAX: ffffffffffffffda RBX: 00007f2b32102310 RCX: 00007f2b32092779 [ 45.017403][ T3614] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 45.025376][ T3614] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000120080522 [ 45.033346][ T3614] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2b32102310 [ 45.041323][ T3614] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 45.049329][ T3614] [ 45.052338][ T3614] [ 45.054646][ T3614] Allocated by task 3614: [ 45.058969][ T3614] kasan_save_stack+0x1e/0x40 [ 45.063656][ T3614] __kasan_kmalloc+0xa9/0xd0 [ 45.068253][ T3614] nilfs_find_or_create_root+0x84/0x4d0 [ 45.073806][ T3614] nilfs_attach_checkpoint+0xc1/0x4b0 [ 45.079198][ T3614] nilfs_mount+0xb12/0xfb0 [ 45.083622][ T3614] legacy_get_tree+0x105/0x220 [ 45.088391][ T3614] vfs_get_tree+0x89/0x2f0 [ 45.092830][ T3614] path_mount+0x1326/0x1e20 [ 45.097504][ T3614] __x64_sys_mount+0x27f/0x300 [ 45.102262][ T3614] do_syscall_64+0x35/0xb0 [ 45.106672][ T3614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.112565][ T3614] [ 45.114877][ T3614] Freed by task 3614: [ 45.118844][ T3614] kasan_save_stack+0x1e/0x40 [ 45.123711][ T3614] kasan_set_track+0x21/0x30 [ 45.128293][ T3614] kasan_set_free_info+0x20/0x30 [ 45.133662][ T3614] ____kasan_slab_free+0x166/0x1c0 [ 45.138774][ T3614] slab_free_freelist_hook+0x8b/0x1c0 [ 45.144222][ T3614] kfree+0xe2/0x580 [ 45.148018][ T3614] nilfs_put_root+0xb1/0xd0 [ 45.152520][ T3614] nilfs_clear_inode+0x29a/0x330 [ 45.157452][ T3614] nilfs_evict_inode+0x318/0x440 [ 45.162396][ T3614] evict+0x2ed/0x6b0 [ 45.166293][ T3614] dispose_list+0x117/0x1e0 [ 45.170798][ T3614] evict_inodes+0x352/0x450 [ 45.175296][ T3614] generic_shutdown_super+0xab/0x410 [ 45.180748][ T3614] kill_block_super+0x97/0xf0 [ 45.185420][ T3614] deactivate_locked_super+0x94/0x160 [ 45.190796][ T3614] deactivate_super+0xad/0xd0 [ 45.195468][ T3614] cleanup_mnt+0x2ae/0x3d0 [ 45.199883][ T3614] task_work_run+0xdd/0x1a0 [ 45.204410][ T3614] do_exit+0xad5/0x29b0 [ 45.208592][ T3614] do_group_exit+0xd2/0x2f0 [ 45.213119][ T3614] __x64_sys_exit_group+0x3a/0x50 [ 45.218168][ T3614] do_syscall_64+0x35/0xb0 [ 45.222579][ T3614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.228485][ T3614] [ 45.230799][ T3614] The buggy address belongs to the object at ffff88801fb9d800 [ 45.230799][ T3614] which belongs to the cache kmalloc-256 of size 256 [ 45.244948][ T3614] The buggy address is located 48 bytes inside of [ 45.244948][ T3614] 256-byte region [ffff88801fb9d800, ffff88801fb9d900) [ 45.258144][ T3614] [ 45.260461][ T3614] The buggy address belongs to the physical page: [ 45.266862][ T3614] page:ffffea00007ee700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1fb9c [ 45.277006][ T3614] head:ffffea00007ee700 order:1 compound_mapcount:0 compound_pincount:0 [ 45.285671][ T3614] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 45.293656][ T3614] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888011841b40 [ 45.302248][ T3614] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 45.310829][ T3614] page dumped because: kasan: bad access detected [ 45.317229][ T3614] page_owner tracks the page as allocated [ 45.322929][ T3614] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 6651662018, free_ts 0 [ 45.342573][ T3614] get_page_from_freelist+0x109b/0x2ce0 [ 45.348132][ T3614] __alloc_pages+0x1c7/0x510 [ 45.352726][ T3614] alloc_page_interleave+0x1e/0x200 [ 45.357955][ T3614] alloc_pages+0x22f/0x270 [ 45.362369][ T3614] allocate_slab+0x27e/0x3d0 [ 45.366950][ T3614] ___slab_alloc+0x84f/0xe80 [ 45.371532][ T3614] __slab_alloc.constprop.0+0x4d/0xa0 [ 45.376897][ T3614] kmem_cache_alloc_trace+0x323/0x3e0 [ 45.382355][ T3614] bus_add_driver+0xcf/0x640 [ 45.386963][ T3614] driver_register+0x220/0x3a0 [ 45.391719][ T3614] phy_driver_register+0x21f/0x340 [ 45.396843][ T3614] phy_drivers_register+0x60/0xd0 [ 45.401964][ T3614] do_one_initcall+0xfe/0x650 [ 45.406641][ T3614] kernel_init_freeable+0x6b1/0x73a [ 45.411846][ T3614] kernel_init+0x1a/0x1d0 [ 45.416175][ T3614] ret_from_fork+0x1f/0x30 [ 45.420608][ T3614] page_owner free stack trace missing [ 45.425986][ T3614] [ 45.428297][ T3614] Memory state around the buggy address: [ 45.433919][ T3614] ffff88801fb9d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.441986][ T3614] ffff88801fb9d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.450050][ T3614] >ffff88801fb9d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.458111][ T3614] ^ [ 45.463734][ T3614] ffff88801fb9d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.471795][ T3614] ffff88801fb9d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.479852][ T3614] ================================================================== [ 45.488519][ T3614] Kernel panic - not syncing: panic_on_warn set ... [ 45.495140][ T3614] CPU: 0 PID: 3614 Comm: syz-executor688 Not tainted 6.0.0-syzkaller-05118-g833477fce7a1 #0 [ 45.505231][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 45.515462][ T3614] Call Trace: [ 45.518983][ T3614] [ 45.521908][ T3614] dump_stack_lvl+0xcd/0x134 [ 45.526497][ T3614] panic+0x2c8/0x627 [ 45.530464][ T3614] ? panic_print_sys_info.part.0+0x10b/0x10b [ 45.536432][ T3614] ? preempt_schedule_common+0x59/0xc0 [ 45.541882][ T3614] ? preempt_schedule_thunk+0x16/0x18 [ 45.547249][ T3614] ? nilfs_segctor_confirm+0x175/0x190 [ 45.552792][ T3614] end_report.part.0+0x3f/0x7c [ 45.557552][ T3614] kasan_report.cold+0xa/0xf [ 45.562228][ T3614] ? nilfs_segctor_confirm+0x175/0x190 [ 45.567774][ T3614] nilfs_segctor_confirm+0x175/0x190 [ 45.573049][ T3614] nilfs_detach_log_writer+0x856/0x9f0 [ 45.578512][ T3614] ? nilfs_clean_segments+0xa80/0xa80 [ 45.584005][ T3614] ? collect_domain_accesses+0xbf0/0xbf0 [ 45.589646][ T3614] ? prepare_to_wait_exclusive+0x2b0/0x2b0 [ 45.595977][ T3614] ? dispose_list+0x1e0/0x1e0 [ 45.600651][ T3614] nilfs_put_super+0x3f/0x1a0 [ 45.605325][ T3614] ? nilfs_freeze+0xc0/0xc0 [ 45.609854][ T3614] generic_shutdown_super+0x154/0x410 [ 45.615228][ T3614] kill_block_super+0x97/0xf0 [ 45.619910][ T3614] deactivate_locked_super+0x94/0x160 [ 45.625297][ T3614] deactivate_super+0xad/0xd0 [ 45.629995][ T3614] cleanup_mnt+0x2ae/0x3d0 [ 45.634494][ T3614] task_work_run+0xdd/0x1a0 [ 45.639110][ T3614] do_exit+0xad5/0x29b0 [ 45.643265][ T3614] ? mm_update_next_owner+0x7a0/0x7a0 [ 45.648740][ T3614] ? _raw_spin_unlock_irq+0x1f/0x40 [ 45.653971][ T3614] ? _raw_spin_unlock_irq+0x1f/0x40 [ 45.659176][ T3614] do_group_exit+0xd2/0x2f0 [ 45.663668][ T3614] __x64_sys_exit_group+0x3a/0x50 [ 45.668681][ T3614] do_syscall_64+0x35/0xb0 [ 45.673086][ T3614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.679229][ T3614] RIP: 0033:0x7f2b32092779 [ 45.683642][ T3614] Code: Unable to access opcode bytes at 0x7f2b3209274f. [ 45.690637][ T3614] RSP: 002b:00007ffe78a167e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 45.699118][ T3614] RAX: ffffffffffffffda RBX: 00007f2b32102310 RCX: 00007f2b32092779 [ 45.707088][ T3614] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 45.715038][ T3614] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000120080522 [ 45.722989][ T3614] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2b32102310 [ 45.731048][ T3614] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 45.739025][ T3614] [ 45.742594][ T3614] Kernel Offset: disabled [ 45.746917][ T3614] Rebooting in 86400 seconds..