./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3060185792 <...> Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts. execve("./syz-executor3060185792", ["./syz-executor3060185792"], 0x7fffa3ccc4c0 /* 10 vars */) = 0 brk(NULL) = 0x555556940000 brk(0x555556940c40) = 0x555556940c40 arch_prctl(ARCH_SET_FS, 0x555556940300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3060185792", 4096) = 28 brk(0x555556961c40) = 0x555556961c40 brk(0x555556962000) = 0x555556962000 mprotect(0x7f7fbdd5c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3607 attached , child_tidptr=0x5555569405d0) = 3607 [pid 3607] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3607] setsid() = 1 [pid 3607] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3607] unshare(CLONE_NEWNS) = 0 [pid 3607] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3607] unshare(CLONE_NEWIPC) = 0 [pid 3607] unshare(CLONE_NEWCGROUP) = 0 [pid 3607] unshare(CLONE_NEWUTS) = 0 [pid 3607] unshare(CLONE_SYSVSEM) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "16777216", 8) = 8 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "536870912", 9) = 9 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "8192", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3607] close(3) = 0 [pid 3607] getpid() = 1 [pid 3607] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [ 42.189350][ T3607] dump_stack_lvl+0x1b1/0x28e [ 42.194018][ T3607] ? fortify_panic+0x13/0x13 [ 42.198587][ T3607] ? __wake_up_klogd+0xcd/0x100 [ 42.203415][ T3607] ? panic+0x715/0x715 [ 42.207463][ T3607] ? _printk+0xc0/0x100 [ 42.211596][ T3607] print_address_description+0x65/0x4b0 [ 42.217123][ T3607] print_report+0x108/0x1f0 [ 42.221612][ T3607] ? _raw_spin_lock+0x40/0x40 [ 42.226268][ T3607] ? run_lookup_entry+0x3f4/0x560 [ 42.231269][ T3607] ? ntfs_read_run_nb+0x51c/0xde0 [ 42.236270][ T3607] ? run_unpack+0x84f/0xd00 [ 42.240751][ T3607] kasan_report+0xc3/0xf0 [ 42.245057][ T3607] ? run_unpack+0x84f/0xd00 [ 42.249541][ T3607] run_unpack+0x84f/0xd00 [ 42.253853][ T3607] run_unpack_ex+0xcc/0x870 [ 42.258336][ T3607] ? kvmalloc_node+0x6e/0x180 [ 42.262993][ T3607] ? ni_enum_attr_ex+0x2f6/0x6d0 [ 42.267912][ T3607] ? run_unpack+0xd00/0xd00 [ 42.272392][ T3607] ? ni_find_attr+0x8c0/0x8c0 [ 42.277045][ T3607] ? mi_read+0x260/0x510 [ 42.281265][ T3607] ntfs_iget5+0x1cf2/0x36a0 [ 42.285753][ T3607] ? check_index_root+0x680/0x680 [ 42.290757][ T3607] ntfs_loadlog_and_replay+0x1ac/0x5c0 [ 42.296193][ T3607] ? ntfs_extend_init+0x5a0/0x5a0 [ 42.301203][ T3607] ? evict+0x5d5/0x620 [ 42.305252][ T3607] ntfs_fill_super+0x2333/0x42a0 [ 42.310183][ T3607] ? put_ntfs+0x2a0/0x2a0 [ 42.314489][ T3607] ? vscnprintf+0x80/0x80 [ 42.318798][ T3607] ? set_blocksize+0x1d5/0x360 [ 42.323543][ T3607] get_tree_bdev+0x400/0x620 [ 42.328111][ T3607] ? put_ntfs+0x2a0/0x2a0 [ 42.332419][ T3607] vfs_get_tree+0x88/0x270 [ 42.336815][ T3607] do_new_mount+0x289/0xad0 [ 42.341297][ T3607] ? do_move_mount_old+0x150/0x150 [ 42.346399][ T3607] ? user_path_at_empty+0x149/0x1a0 [ 42.351584][ T3607] __se_sys_mount+0x2d3/0x3c0 [ 42.356258][ T3607] ? __x64_sys_mount+0xc0/0xc0 [ 42.361007][ T3607] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 42.366973][ T3607] ? __x64_sys_mount+0x1c/0xc0 [ 42.371726][ T3607] do_syscall_64+0x3d/0xb0 [ 42.376132][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.382017][ T3607] RIP: 0033:0x7f7fbdc890ea [ 42.386414][ T3607] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 d8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 42.405997][ T3607] RSP: 002b:00007ffee86b8698 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 42.414388][ T3607] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fbdc890ea [ 42.422337][ T3607] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffee86b86b0 [ 42.430290][ T3607] RBP: 00007ffee86b86b0 R08: 00007ffee86b86f0 R09: 00005555569402c0 [ 42.438242][ T3607] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004 [ 42.446192][ T3607] R13: 00007ffee86b86f0 R14: 000000000000010c R15: 0000000020001b20 [ 42.454154][ T3607] [ 42.457152][ T3607] [ 42.459455][ T3607] The buggy address belongs to the physical page: [ 42.465844][ T3607] page:ffffea0001dd6640 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x77599 [ 42.475987][ T3607] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 42.483097][ T3607] raw: 00fff00000000000 0000000000000000 ffffffff00000301 0000000000000000 [ 42.491669][ T3607] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 42.500230][ T3607] page dumped because: kasan: bad access detected [ 42.506623][ T3607] page_owner tracks the page as freed [ 42.511967][ T3607] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3241, tgid 3241 (dhcpcd-run-hook), ts 23732337905, free_ts 42102154451 [ 42.533562][ T3607] get_page_from_freelist+0x742/0x7c0 [ 42.538945][ T3607] __alloc_pages+0x259/0x560 [ 42.543520][ T3607] alloc_slab_page+0x70/0xf0 [ 42.548260][ T3607] allocate_slab+0x5e/0x520 [ 42.552739][ T3607] ___slab_alloc+0x3ee/0xc40 [ 42.557308][ T3607] kmem_cache_alloc+0x25d/0x310 [ 42.562142][ T3607] getname_flags+0xb8/0x4e0 [ 42.566625][ T3607] __se_sys_newfstatat+0xbd/0x7c0 [ 42.571631][ T3607] do_syscall_64+0x3d/0xb0 [ 42.576028][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.581899][ T3607] page last free stack trace: [ 42.586547][ T3607] free_pcp_prepare+0x812/0x900 [ 42.591374][ T3607] free_unref_page+0x7d/0x5f0 [ 42.596027][ T3607] __unfreeze_partials+0x1ab/0x200 [ 42.601119][ T3607] put_cpu_partial+0x106/0x170 [ 42.605859][ T3607] qlist_free_all+0x2b/0x70 [ 42.610340][ T3607] kasan_quarantine_reduce+0x169/0x180 [ 42.615780][ T3607] __kasan_slab_alloc+0x2f/0xd0 [ 42.620606][ T3607] kmem_cache_alloc_node+0x1cc/0x350 [ 42.625870][ T3607] __alloc_skb+0xcf/0x2b0 [ 42.630194][ T3607] tcp_stream_alloc_skb+0x3c/0x300 [ 42.635282][ T3607] tcp_sendmsg_locked+0xd70/0x40c0 [ 42.640371][ T3607] tcp_sendmsg+0x2c/0x40 [ 42.644606][ T3607] sock_write_iter+0x3d4/0x540 [ 42.649349][ T3607] vfs_write+0x7dc/0xc50 [ 42.653571][ T3607] ksys_write+0x177/0x2a0 [ 42.657879][ T3607] do_syscall_64+0x3d/0xb0 [ 42.662273][ T3607] [ 42.664577][ T3607] Memory state around the buggy address: [ 42.670183][ T3607] ffff888077599600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.678218][ T3607] ffff888077599680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.686259][ T3607] >ffff888077599700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.694297][ T3607] ^ [ 42.698340][ T3607] ffff888077599780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.706377][ T3607] ffff888077599800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.714411][ T3607] ================================================================== [ 42.723270][ T3607] Kernel panic - not syncing: panic_on_warn set ... [ 42.729876][ T3607] CPU: 1 PID: 3607 Comm: syz-executor306 Not tainted 6.0.0-rc7-syzkaller-00250-ga962b54e162c #0 [ 42.740286][ T3607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 42.750323][ T3607] Call Trace: [ 42.753586][ T3607] [ 42.756506][ T3607] dump_stack_lvl+0x1b1/0x28e [ 42.761167][ T3607] ? fortify_panic+0x13/0x13 [ 42.765739][ T3607] ? panic+0x715/0x715 [ 42.769789][ T3607] ? preempt_schedule_common+0xb7/0xe0 [ 42.775227][ T3607] ? vscnprintf+0x59/0x80 [ 42.779539][ T3607] panic+0x2d6/0x715 [ 42.783421][ T3607] ? fb_is_primary_device+0xcc/0xcc [ 42.788606][ T3607] ? _raw_spin_unlock_irqrestore+0x110/0x120 [ 42.794566][ T3607] ? print_report+0x1b4/0x1f0 [ 42.799228][ T3607] ? run_unpack+0x84f/0xd00 [ 42.803712][ T3607] end_report+0x91/0xa0 [ 42.807855][ T3607] kasan_report+0xd0/0xf0 [ 42.812165][ T3607] ? run_unpack+0x84f/0xd00 [ 42.816648][ T3607] run_unpack+0x84f/0xd00 [ 42.820966][ T3607] run_unpack_ex+0xcc/0x870 [ 42.825453][ T3607] ? kvmalloc_node+0x6e/0x180 [ 42.830123][ T3607] ? ni_enum_attr_ex+0x2f6/0x6d0 [ 42.835048][ T3607] ? run_unpack+0xd00/0xd00 [ 42.839540][ T3607] ? ni_find_attr+0x8c0/0x8c0 [ 42.844203][ T3607] ? mi_read+0x260/0x510 [ 42.848435][ T3607] ntfs_iget5+0x1cf2/0x36a0 [ 42.852938][ T3607] ? check_index_root+0x680/0x680 [ 42.857951][ T3607] ntfs_loadlog_and_replay+0x1ac/0x5c0 [ 42.863399][ T3607] ? ntfs_extend_init+0x5a0/0x5a0 [ 42.868419][ T3607] ? evict+0x5d5/0x620 [ 42.872476][ T3607] ntfs_fill_super+0x2333/0x42a0 [ 42.877414][ T3607] ? put_ntfs+0x2a0/0x2a0 [ 42.881732][ T3607] ? vscnprintf+0x80/0x80 [ 42.886047][ T3607] ? set_blocksize+0x1d5/0x360 [ 42.890801][ T3607] get_tree_bdev+0x400/0x620 [ 42.895379][ T3607] ? put_ntfs+0x2a0/0x2a0 [ 42.899697][ T3607] vfs_get_tree+0x88/0x270 [ 42.904098][ T3607] do_new_mount+0x289/0xad0 [ 42.908593][ T3607] ? do_move_mount_old+0x150/0x150 [ 42.913690][ T3607] ? user_path_at_empty+0x149/0x1a0 [ 42.918878][ T3607] __se_sys_mount+0x2d3/0x3c0 [ 42.923544][ T3607] ? __x64_sys_mount+0xc0/0xc0 [ 42.928379][ T3607] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 42.934349][ T3607] ? __x64_sys_mount+0x1c/0xc0 [ 42.939100][ T3607] do_syscall_64+0x3d/0xb0 [ 42.943503][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.949381][ T3607] RIP: 0033:0x7f7fbdc890ea [ 42.953785][ T3607] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 d8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 42.973372][ T3607] RSP: 002b:00007ffee86b8698 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 42.981775][ T3607] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fbdc890ea [ 42.989735][ T3607] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffee86b86b0 [ 42.997690][ T3607] RBP: 00007ffee86b86b0 R08: 00007ffee86b86f0 R09: 00005555569402c0 [ 43.005649][ T3607] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004 [ 43.013604][ T3607] R13: 00007ffee86b86f0 R14: 000000000000010c R15: 0000000020001b20 [ 43.021565][ T3607] [ 43.024733][ T3607] Kernel Offset: disabled [ 43.029048][ T3607] Rebooting in 86400 seconds..