./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1334765589 <...> Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. execve("./syz-executor1334765589", ["./syz-executor1334765589"], 0x7ffc18b9d020 /* 10 vars */) = 0 brk(NULL) = 0x55555564c000 brk(0x55555564cd00) = 0x55555564cd00 arch_prctl(ARCH_SET_FS, 0x55555564c3c0) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1334765589", 4096) = 28 brk(0x55555566dd00) = 0x55555566dd00 brk(0x55555566e000) = 0x55555566e000 mprotect(0x7f36294cb000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 412 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "412", 3) = 3 close(3) = 0 mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24 close(3) = 0 chmod("/dev/raw-gadget", 0666) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f36294139f0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f3629417e70}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f36294139f0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f3629417e70}, NULL, 8) = 0 getpid() = 412 mkdir("./syzkaller.AGzpwl", 0700) = 0 chmod("./syzkaller.AGzpwl", 0777) = 0 chdir("./syzkaller.AGzpwl") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555564c690) = 414 ./strace-static-x86_64: Process 414 attached [pid 414] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 414] setsid() = 1 [pid 414] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 414] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 414] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 414] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 414] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 414] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 414] unshare(CLONE_NEWNS) = 0 [pid 414] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 414] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 414] unshare(CLONE_NEWCGROUP) = 0 [pid 414] unshare(CLONE_NEWUTS) = 0 [pid 414] unshare(CLONE_SYSVSEM) = 0 [pid 414] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 414] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 414] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 414] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 414] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 414] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 414] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 414] getpid() = 1 [pid 414] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 424] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 421] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 420] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 424] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 421] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 420] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 414] <... clone resumed>) = 8 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS) = 9 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS) = 10 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS./strace-static-x86_64: Process 423 attached [pid 423] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 423] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- ./strace-static-x86_64: Process 428 attached ./strace-static-x86_64: Process 426 attached ./strace-static-x86_64: Process 425 attached [pid 425] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 428] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 414] <... clone resumed>) = 11 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS [pid 428] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 425] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 426] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 426] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- ./strace-static-x86_64: Process 430 attached [pid 430] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 430] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 414] <... clone resumed>) = 12 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS./strace-static-x86_64: Process 422 attached [pid 422] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 422] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- ./strace-static-x86_64: Process 427 attached [pid 427] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 427] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- ./strace-static-x86_64: Process 429 attached [pid 414] <... clone resumed>) = 13 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS./strace-static-x86_64: Process 431 attached [pid 429] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 430] +++ killed by SIGSEGV +++ [pid 429] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 431] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 414] <... clone resumed>) = 14 ./strace-static-x86_64: Process 432 attached [pid 431] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS./strace-static-x86_64: Process 433 attached [pid 433] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 414] <... clone resumed>) = 15 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS [pid 433] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- ./strace-static-x86_64: Process 434 attached [pid 414] <... clone resumed>) = 16 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS [pid 434] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- ./strace-static-x86_64: Process 435 attached [pid 434] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 414] <... clone resumed>) = 17 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS [pid 435] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 435] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 414] <... clone resumed>) = 18 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS./strace-static-x86_64: Process 436 attached [pid 436] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- ./strace-static-x86_64: Process 437 attached [pid 436] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 414] <... clone resumed>) = 19 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS./strace-static-x86_64: Process 438 attached [pid 437] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 414] <... clone resumed>) = 20 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS [pid 437] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 438] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 438] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 432] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 432] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 414] <... clone resumed>) = 21 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS./strace-static-x86_64: Process 440 attached [pid 440] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 440] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 438] +++ killed by SIGSEGV +++ [pid 414] <... clone resumed>) = 22 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS./strace-static-x86_64: Process 441 attached ) = 23 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS [pid 441] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 441] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 414] <... clone resumed>) = 24 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS./strace-static-x86_64: Process 443 attached ) = 25 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS [pid 443] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 443] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 414] <... clone resumed>) = 26 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS./strace-static-x86_64: Process 444 attached [pid 444] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 444] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- ./strace-static-x86_64: Process 445 attached [pid 414] <... clone resumed>) = 27 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS [pid 445] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 445] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- ./strace-static-x86_64: Process 439 attached [pid 439] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 439] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- ./strace-static-x86_64: Process 442 attached [pid 442] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 442] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 414] <... clone resumed>) = 28 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS [pid 439] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 446 attached ./strace-static-x86_64: Process 447 attached [pid 414] <... clone resumed>) = 29 [pid 446] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 446] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS [pid 447] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- ./strace-static-x86_64: Process 448 attached [pid 414] <... clone resumed>) = 30 [pid 448] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS [pid 448] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- ./strace-static-x86_64: Process 449 attached [pid 449] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 414] <... clone resumed>) = 31 [pid 449] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS./strace-static-x86_64: Process 450 attached [pid 450] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 414] <... clone resumed>) = 32 [pid 450] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS./strace-static-x86_64: Process 451 attached [pid 451] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 451] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 414] <... clone resumed>) = 33 [pid 414] clone(child_stack=0x30, flags=CLONE_NEWNS./strace-static-x86_64: Process 452 attached [pid 452] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} --- [pid 414] <... clone resumed>) = 34 [pid 452] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 414] exit_group(1) = ? [pid 450] +++ killed by SIGKILL +++ [pid 449] +++ killed by SIGKILL +++ [ 26.553894][ T414] loop0: detected capacity change from 0 to 128 [pid 447] +++ killed by SIGKILL +++ [pid 433] +++ killed by SIGSEGV (core dumped) +++ [pid 431] +++ killed by SIGSEGV (core dumped) +++ [pid 429] +++ killed by SIGSEGV (core dumped) +++ [pid 427] +++ killed by SIGSEGV (core dumped) +++ [pid 426] +++ killed by SIGSEGV (core dumped) +++ [pid 428] +++ killed by SIGSEGV (core dumped) +++ [pid 425] +++ killed by SIGSEGV (core dumped) +++ [pid 422] +++ killed by SIGSEGV (core dumped) +++ [pid 421] +++ killed by SIGSEGV (core dumped) +++ [pid 423] +++ killed by SIGSEGV (core dumped) +++ [pid 420] +++ killed by SIGSEGV (core dumped) +++ [pid 424] +++ killed by SIGSEGV (core dumped) +++ [pid 437] +++ killed by SIGSEGV (core dumped) +++ [pid 435] +++ killed by SIGSEGV (core dumped) +++ [pid 441] +++ killed by SIGSEGV (core dumped) +++ [pid 443] +++ killed by SIGSEGV (core dumped) +++ [pid 436] +++ killed by SIGSEGV (core dumped) +++ [pid 434] +++ killed by SIGSEGV (core dumped) +++ [pid 440] +++ killed by SIGSEGV (core dumped) +++ [pid 445] +++ killed by SIGSEGV (core dumped) +++ [pid 432] +++ killed by SIGSEGV (core dumped) +++ [pid 444] +++ killed by SIGSEGV (core dumped) +++ [pid 442] +++ killed by SIGSEGV (core dumped) +++ [pid 446] +++ killed by SIGSEGV (core dumped) +++ [pid 448] +++ killed by SIGSEGV (core dumped) +++ [pid 451] +++ killed by SIGSEGV (core dumped) +++ [ 26.736002][ T94] ================================================================== [ 26.743891][ T94] BUG: KASAN: use-after-free in move_expired_inodes+0x181/0x890 [ 26.751348][ T94] Read of size 8 at addr ffff88811d9a0590 by task kworker/u4:2/94 [ 26.758989][ T94] [ 26.761158][ T94] CPU: 1 PID: 94 Comm: kworker/u4:2 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0 [ 26.770791][ T94] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 26.780692][ T94] Workqueue: writeback wb_workfn (flush-7:0) [ 26.786499][ T94] Call Trace: [ 26.789621][ T94] [ 26.792401][ T94] dump_stack_lvl+0x151/0x1b7 [ 26.796916][ T94] ? bfq_pos_tree_add_move+0x43e/0x43e [ 26.802212][ T94] ? panic+0x727/0x727 [ 26.806224][ T94] ? do_iter_readv_writev+0x558/0x720 [ 26.811407][ T94] print_address_description+0x87/0x3d0 [ 26.816789][ T94] kasan_report+0x1a6/0x1f0 [ 26.821128][ T94] ? move_expired_inodes+0x181/0x890 [ 26.826249][ T94] ? move_expired_inodes+0x181/0x890 [ 26.831371][ T94] __asan_report_load8_noabort+0x14/0x20 [ 26.836843][ T94] move_expired_inodes+0x181/0x890 [ 26.841787][ T94] ? __writeback_inodes_wb+0x410/0x410 [ 26.847081][ T94] ? lo_write_bvec+0x35e/0x5d0 [ 26.851679][ T94] queue_io+0x29f/0x500 [ 26.855673][ T94] ? __kasan_check_write+0x14/0x20 [ 26.860618][ T94] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 26.865567][ T94] wb_writeback+0x3c3/0x9e0 [ 26.869909][ T94] ? inode_cgwb_move_to_attached+0x400/0x400 [ 26.875720][ T94] ? widen_string+0x41/0x3a0 [ 26.880145][ T94] ? __kasan_check_write+0x14/0x20 [ 26.885093][ T94] ? vsnprintf+0x1c02/0x1ce0 [ 26.889519][ T94] wb_do_writeback+0x222/0xbd0 [ 26.894123][ T94] ? wb_workfn+0x3e0/0x3e0 [ 26.898373][ T94] ? compat_start_thread+0x20/0x20 [ 26.903322][ T94] ? set_worker_desc+0x158/0x1c0 [ 26.908099][ T94] ? work_busy+0x250/0x250 [ 26.912346][ T94] ? finish_task_switch+0x173/0x710 [ 26.917381][ T94] ? kthread_data+0x52/0xc0 [ 26.921721][ T94] wb_workfn+0xf8/0x3e0 [ 26.925714][ T94] process_one_work+0x6db/0xc00 [ 26.930401][ T94] worker_thread+0xb3e/0x1340 [ 26.934916][ T94] kthread+0x41c/0x500 [ 26.938817][ T94] ? worker_clr_flags+0x180/0x180 [ 26.943682][ T94] ? kthread_blkcg+0xd0/0xd0 [ 26.948105][ T94] ret_from_fork+0x1f/0x30 [ 26.952361][ T94] [ 26.955222][ T94] [ 26.957392][ T94] Allocated by task 431: [ 26.961473][ T94] __kasan_slab_alloc+0xb2/0xe0 [ 26.966159][ T94] kmem_cache_alloc+0x189/0x2f0 [ 26.970844][ T94] fat_alloc_inode+0x1d/0xa0 [ 26.976053][ T94] new_inode_pseudo+0x64/0x220 [ 26.980653][ T94] new_inode+0x28/0x1c0 [ 26.984643][ T94] fat_build_inode+0x1d9/0x3a0 [ 26.989242][ T94] msdos_create+0x480/0x580 [ 26.993595][ T94] path_openat+0x1323/0x2ea0 [ 26.998011][ T94] do_filp_open+0x277/0x4f0 [ 27.002348][ T94] filp_open+0x255/0x2b0 [ 27.006429][ T94] do_coredump+0x1ca9/0x2320 [ 27.010857][ T94] get_signal+0x48c/0x1600 [ 27.015108][ T94] arch_do_signal_or_restart+0x9f/0x670 [ 27.020489][ T94] exit_to_user_mode_loop+0xd4/0x110 [ 27.025613][ T94] exit_to_user_mode_prepare+0x3b/0x40 [ 27.030913][ T94] irqentry_exit_to_user_mode+0x9/0x20 [ 27.036198][ T94] irqentry_exit+0x12/0x40 [ 27.040452][ T94] exc_page_fault+0x75/0x1a0 [ 27.044879][ T94] asm_exc_page_fault+0x27/0x30 [ 27.049564][ T94] [ 27.051736][ T94] Freed by task 0: [ 27.055294][ T94] kasan_set_track+0x4c/0x70 [ 27.059728][ T94] kasan_set_free_info+0x23/0x40 [ 27.064494][ T94] ____kasan_slab_free+0x126/0x160 [ 27.069448][ T94] __kasan_slab_free+0x11/0x20 [ 27.074043][ T94] slab_free_freelist_hook+0xc9/0x1a0 [ 27.079246][ T94] kmem_cache_free+0x11a/0x2e0 [ 27.083852][ T94] fat_free_inode+0x20/0x30 [ 27.088368][ T94] i_callback+0x4b/0x70 [ 27.092354][ T94] rcu_do_batch+0x55b/0xbe0 [ 27.096691][ T94] rcu_core+0x506/0x1000 [ 27.100773][ T94] rcu_core_si+0x9/0x10 [ 27.104763][ T94] __do_softirq+0x27e/0x5dc [ 27.109190][ T94] [ 27.111361][ T94] Last potentially related work creation: [ 27.116919][ T94] kasan_save_stack+0x3b/0x60 [ 27.121437][ T94] __kasan_record_aux_stack+0xd3/0xf0 [ 27.126637][ T94] kasan_record_aux_stack_noalloc+0xb/0x10 [ 27.132282][ T94] call_rcu+0x140/0x1400 [ 27.136357][ T94] evict+0x5de/0x630 [ 27.140090][ T94] iput+0x61c/0x7d0 [ 27.143735][ T94] dentry_unlink_inode+0x349/0x430 [ 27.150072][ T94] __dentry_kill+0x3e2/0x5d0 [ 27.154498][ T94] dentry_kill+0xc0/0x2a0 [ 27.158664][ T94] dput+0x175/0x320 [ 27.162309][ T94] __fput+0x65a/0x910 [ 27.166127][ T94] ____fput+0x15/0x20 [ 27.169945][ T94] task_work_run+0x147/0x1b0 [ 27.174374][ T94] ptrace_notify+0x29a/0x340 [ 27.178798][ T94] do_exit+0x1c65/0x24d0 [ 27.182879][ T94] do_group_exit+0x13a/0x300 [ 27.187305][ T94] get_signal+0x77e/0x1600 [ 27.191559][ T94] arch_do_signal_or_restart+0x9f/0x670 [ 27.196938][ T94] exit_to_user_mode_loop+0xd4/0x110 [ 27.202059][ T94] exit_to_user_mode_prepare+0x3b/0x40 [ 27.207353][ T94] irqentry_exit_to_user_mode+0x9/0x20 [ 27.212648][ T94] irqentry_exit+0x12/0x40 [ 27.217053][ T94] exc_page_fault+0x75/0x1a0 [ 27.221468][ T94] asm_exc_page_fault+0x27/0x30 [ 27.226154][ T94] [ 27.228324][ T94] The buggy address belongs to the object at ffff88811d9a0410 [ 27.228324][ T94] which belongs to the cache fat_inode_cache of size 912 [ 27.242569][ T94] The buggy address is located 384 bytes inside of [ 27.242569][ T94] 912-byte region [ffff88811d9a0410, ffff88811d9a07a0) [ 27.255668][ T94] The buggy address belongs to the page: [ 27.261135][ T94] page:ffffea0004766800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d9a0 [ 27.271212][ T94] head:ffffea0004766800 order:2 compound_mapcount:0 compound_pincount:0 [ 27.279366][ T94] flags: 0x4000000000010200(slab|head|zone=1) [ 27.285267][ T94] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888108586a80 [ 27.293694][ T94] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 27.302098][ T94] page dumped because: kasan: bad access detected [ 27.308348][ T94] page_owner tracks the page as allocated [ 27.313903][ T94] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 423, ts 26584952315, free_ts 0 [ 27.332824][ T94] post_alloc_hook+0x1ab/0x1b0 [ 27.337422][ T94] get_page_from_freelist+0x38b/0x400 [ 27.342631][ T94] __alloc_pages+0x3a8/0x7c0 [ 27.347056][ T94] allocate_slab+0x62/0x580 [ 27.351396][ T94] ___slab_alloc+0x2e2/0x6f0 [ 27.355822][ T94] __slab_alloc+0x4a/0x90 [ 27.359990][ T94] kmem_cache_alloc+0x205/0x2f0 [ 27.364761][ T94] fat_alloc_inode+0x1d/0xa0 [ 27.369188][ T94] new_inode_pseudo+0x64/0x220 [ 27.373798][ T94] new_inode+0x28/0x1c0 [ 27.377779][ T94] fat_build_inode+0x1d9/0x3a0 [ 27.382384][ T94] msdos_create+0x480/0x580 [ 27.386720][ T94] path_openat+0x1323/0x2ea0 [ 27.391175][ T94] do_filp_open+0x277/0x4f0 [ 27.395502][ T94] filp_open+0x255/0x2b0 [ 27.399580][ T94] do_coredump+0x1ca9/0x2320 [ 27.404002][ T94] page_owner free stack trace missing [ 27.409210][ T94] [ 27.411371][ T94] Memory state around the buggy address: [ 27.416850][ T94] ffff88811d9a0480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.424750][ T94] ffff88811d9a0500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.432678][ T94] >ffff88811d9a0580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.440545][ T94] ^ [ 27.444993][ T94] ffff88811d9a0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.452904][ T94] ffff88811d9a0680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.460769][ T94] ================================================================== [ 27.468672][ T94] Disabling lock debugging due to kernel taint [pid 452] +++ killed by SIGKILL +++ [pid 414] +++ exited with 1 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=414, si_uid=0, si_status=1, si_utime=0, si_stime=22} --- exit_group(0) = ? +++ exited with 0 +++ [