./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor357088703 <...> DUID 00:04:7c:8f:25:e4:1e:61:d4:15:b8:1c:50:2a:7f:f5:0b:01 forked to background, child pid 3186 [ 25.327166][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.342401][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts. execve("./syz-executor357088703", ["./syz-executor357088703"], 0x7ffc88565350 /* 10 vars */) = 0 brk(NULL) = 0x5555558c3000 brk(0x5555558c3c40) = 0x5555558c3c40 arch_prctl(ARCH_SET_FS, 0x5555558c3300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor357088703", 4096) = 27 brk(0x5555558e4c40) = 0x5555558e4c40 brk(0x5555558e5000) = 0x5555558e5000 mprotect(0x7fd4303b1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3608 attached , child_tidptr=0x5555558c35d0) = 3608 [pid 3608] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3608] setsid() = 1 [pid 3608] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3608] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3608] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3608] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3608] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3608] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3608] unshare(CLONE_NEWNS) = 0 [pid 3608] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3608] unshare(CLONE_NEWIPC) = 0 [pid 3608] unshare(CLONE_NEWCGROUP) = 0 [pid 3608] unshare(CLONE_NEWUTS) = 0 [pid 3608] unshare(CLONE_SYSVSEM) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "16777216", 8) = 8 [pid 3608] close(3) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "536870912", 9) = 9 [pid 3608] close(3) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "1024", 4) = 4 [pid 3608] close(3) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "8192", 4) = 4 [pid 3608] close(3) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "1024", 4) = 4 [pid 3608] close(3) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "1024", 4) = 4 [pid 3608] close(3) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3608] close(3) = 0 [pid 3608] getpid() = 1 [pid 3608] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [ 50.912239][ T3608] dump_stack_lvl+0x1b1/0x28e [ 50.916931][ T3608] ? fortify_panic+0x13/0x13 [ 50.921514][ T3608] ? _printk+0xc0/0x100 [ 50.925665][ T3608] ? __wake_up_klogd+0xd6/0x100 [ 50.930520][ T3608] ? __wake_up_klogd+0xcd/0x100 [ 50.935364][ T3608] ? panic+0x715/0x715 [ 50.939438][ T3608] ? _printk+0xc0/0x100 [ 50.943591][ T3608] print_address_description+0x65/0x4b0 [ 50.949145][ T3608] print_report+0x108/0x1f0 [ 50.953641][ T3608] ? read_lock_is_recursive+0x10/0x10 [ 50.959005][ T3608] ? nilfs_test_metadata_dirty+0x39/0x210 [ 50.964718][ T3608] kasan_report+0xc3/0xf0 [ 50.969038][ T3608] ? do_raw_spin_lock+0x148/0x360 [ 50.974057][ T3608] ? nilfs_test_metadata_dirty+0x39/0x210 [ 50.979772][ T3608] nilfs_test_metadata_dirty+0x39/0x210 [ 50.985313][ T3608] nilfs_segctor_confirm+0x78/0x2d0 [ 50.990512][ T3608] nilfs_detach_log_writer+0x4c1/0xbd0 [ 50.995968][ T3608] ? __might_sleep+0xc0/0xc0 [ 51.000556][ T3608] ? nilfs_attach_log_writer+0x8f0/0x8f0 [ 51.006184][ T3608] ? hook_sb_delete+0x988/0xab0 [ 51.011021][ T3608] ? wake_bit_function+0x240/0x240 [ 51.016123][ T3608] ? hook_inode_free_security+0xa0/0xa0 [ 51.021660][ T3608] ? clear_inode+0x150/0x150 [ 51.026241][ T3608] ? nilfs_free_inode+0x70/0x70 [ 51.031097][ T3608] nilfs_put_super+0x4b/0x150 [ 51.035786][ T3608] ? nilfs_free_inode+0x70/0x70 [ 51.040630][ T3608] generic_shutdown_super+0x130/0x310 [ 51.046017][ T3608] kill_block_super+0x79/0xd0 [ 51.050687][ T3608] deactivate_locked_super+0xa7/0xf0 [ 51.055965][ T3608] cleanup_mnt+0x4ce/0x560 [ 51.060372][ T3608] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.065564][ T3608] task_work_run+0x146/0x1c0 [ 51.070152][ T3608] do_exit+0x55e/0x20a0 [ 51.074295][ T3608] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.079491][ T3608] ? lockdep_hardirqs_on+0x8d/0x130 [ 51.084704][ T3608] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.089902][ T3608] ? ptrace_notify+0x245/0x340 [ 51.094654][ T3608] ? mm_update_next_owner+0x6d0/0x6d0 [ 51.100020][ T3608] ? do_notify_parent+0xe00/0xe00 [ 51.105035][ T3608] do_group_exit+0x23b/0x2f0 [ 51.109615][ T3608] __x64_sys_exit_group+0x3b/0x40 [ 51.114628][ T3608] do_syscall_64+0x3d/0xb0 [ 51.119036][ T3608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.124920][ T3608] RIP: 0033:0x7fd43033fb69 [ 51.129321][ T3608] Code: Unable to access opcode bytes at 0x7fd43033fb3f. [ 51.136322][ T3608] RSP: 002b:00007fffdf3f26a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 51.144725][ T3608] RAX: ffffffffffffffda RBX: 00007fd4303b7330 RCX: 00007fd43033fb69 [ 51.152775][ T3608] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 51.160733][ T3608] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007fd4303b1e40 [ 51.168693][ T3608] R10: 00007fffdf3f25c0 R11: 0000000000000246 R12: 00007fd4303b7330 [ 51.176660][ T3608] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 51.184715][ T3608] [ 51.187723][ T3608] [ 51.190035][ T3608] Allocated by task 3608: [ 51.194347][ T3608] ____kasan_kmalloc+0xcd/0x100 [ 51.199201][ T3608] kmem_cache_alloc_trace+0x97/0x310 [ 51.204482][ T3608] nilfs_find_or_create_root+0x142/0x4f0 [ 51.210108][ T3608] nilfs_attach_checkpoint+0xcd/0x4a0 [ 51.215477][ T3608] nilfs_fill_super+0x2e8/0x5d0 [ 51.220323][ T3608] nilfs_mount+0x613/0x9b0 [ 51.224733][ T3608] legacy_get_tree+0xea/0x180 [ 51.229401][ T3608] vfs_get_tree+0x88/0x270 [ 51.233809][ T3608] do_new_mount+0x289/0xad0 [ 51.238299][ T3608] __se_sys_mount+0x2d3/0x3c0 [ 51.242966][ T3608] do_syscall_64+0x3d/0xb0 [ 51.247377][ T3608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.253349][ T3608] [ 51.255659][ T3608] Freed by task 3608: [ 51.259621][ T3608] kasan_set_track+0x3d/0x60 [ 51.264201][ T3608] kasan_set_free_info+0x1f/0x40 [ 51.269130][ T3608] ____kasan_slab_free+0xd8/0x120 [ 51.274144][ T3608] slab_free_freelist_hook+0x12e/0x1a0 [ 51.279596][ T3608] kfree+0xda/0x210 [ 51.283396][ T3608] nilfs_evict_inode+0xe5/0x3d0 [ 51.288327][ T3608] evict+0x2a4/0x620 [ 51.292213][ T3608] evict_inodes+0x658/0x700 [ 51.296707][ T3608] generic_shutdown_super+0x94/0x310 [ 51.301981][ T3608] kill_block_super+0x79/0xd0 [ 51.306648][ T3608] deactivate_locked_super+0xa7/0xf0 [ 51.311942][ T3608] cleanup_mnt+0x4ce/0x560 [ 51.316362][ T3608] task_work_run+0x146/0x1c0 [ 51.320949][ T3608] do_exit+0x55e/0x20a0 [ 51.325096][ T3608] do_group_exit+0x23b/0x2f0 [ 51.329775][ T3608] __x64_sys_exit_group+0x3b/0x40 [ 51.334787][ T3608] do_syscall_64+0x3d/0xb0 [ 51.339193][ T3608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.345114][ T3608] [ 51.347427][ T3608] The buggy address belongs to the object at ffff8880216e0e00 [ 51.347427][ T3608] which belongs to the cache kmalloc-256 of size 256 [ 51.361466][ T3608] The buggy address is located 48 bytes inside of [ 51.361466][ T3608] 256-byte region [ffff8880216e0e00, ffff8880216e0f00) [ 51.374644][ T3608] [ 51.376954][ T3608] The buggy address belongs to the physical page: [ 51.383350][ T3608] page:ffffea000085b800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x216e0 [ 51.393489][ T3608] head:ffffea000085b800 order:1 compound_mapcount:0 compound_pincount:0 [ 51.401797][ T3608] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 51.409767][ T3608] raw: 00fff00000010200 ffffea00009ae400 dead000000000002 ffff888012041b40 [ 51.418335][ T3608] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 51.426899][ T3608] page dumped because: kasan: bad access detected [ 51.433292][ T3608] page_owner tracks the page as allocated [ 51.438991][ T3608] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2000(__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 8135988995, free_ts 0 [ 51.457036][ T3608] get_page_from_freelist+0x742/0x7c0 [ 51.462400][ T3608] __alloc_pages+0x259/0x560 [ 51.466980][ T3608] alloc_page_interleave+0x22/0x1c0 [ 51.472165][ T3608] alloc_slab_page+0x70/0xf0 [ 51.476745][ T3608] allocate_slab+0x5e/0x520 [ 51.481271][ T3608] ___slab_alloc+0x3ee/0xc40 [ 51.485861][ T3608] kmem_cache_alloc_trace+0x25f/0x310 [ 51.491233][ T3608] usb_string+0xf8/0x320 [ 51.495470][ T3608] usb_cache_string+0x7b/0x120 [ 51.500240][ T3608] usb_new_device+0x36f/0x18b0 [ 51.505019][ T3608] register_root_hub+0x296/0x560 [ 51.510051][ T3608] usb_add_hcd+0xbdc/0x11e0 [ 51.514546][ T3608] vhci_hcd_probe+0x15f/0x3c0 [ 51.519211][ T3608] platform_probe+0x130/0x1b0 [ 51.523880][ T3608] call_driver_probe+0x96/0x250 [ 51.528730][ T3608] really_probe+0x24c/0x9f0 [ 51.533224][ T3608] page_owner free stack trace missing [ 51.538573][ T3608] [ 51.540902][ T3608] Memory state around the buggy address: [ 51.546516][ T3608] ffff8880216e0d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.554567][ T3608] ffff8880216e0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.562612][ T3608] >ffff8880216e0e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.570652][ T3608] ^ [ 51.576265][ T3608] ffff8880216e0e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.584310][ T3608] ffff8880216e0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.592353][ T3608] ================================================================== [ 51.609700][ T3608] Kernel panic - not syncing: panic_on_warn set ... [ 51.616321][ T3608] CPU: 1 PID: 3608 Comm: syz-executor357 Not tainted 6.0.0-syzkaller-03015-g2bca25eaeba6 #0 [ 51.626378][ T3608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 51.636439][ T3608] Call Trace: [ 51.639729][ T3608] [ 51.642663][ T3608] dump_stack_lvl+0x1b1/0x28e [ 51.647434][ T3608] ? fortify_panic+0x13/0x13 [ 51.652020][ T3608] ? panic+0x715/0x715 [ 51.656083][ T3608] ? preempt_schedule_common+0xb7/0xe0 [ 51.661531][ T3608] ? vscnprintf+0x59/0x80 [ 51.665857][ T3608] panic+0x2d6/0x715 [ 51.669747][ T3608] ? fb_is_primary_device+0xcc/0xcc [ 51.674942][ T3608] ? _raw_spin_unlock_irqrestore+0x110/0x120 [ 51.680919][ T3608] ? print_report+0x1b4/0x1f0 [ 51.685599][ T3608] ? nilfs_test_metadata_dirty+0x39/0x210 [ 51.691310][ T3608] end_report+0x91/0xa0 [ 51.695457][ T3608] kasan_report+0xd0/0xf0 [ 51.699785][ T3608] ? do_raw_spin_lock+0x148/0x360 [ 51.704802][ T3608] ? nilfs_test_metadata_dirty+0x39/0x210 [ 51.710517][ T3608] nilfs_test_metadata_dirty+0x39/0x210 [ 51.716064][ T3608] nilfs_segctor_confirm+0x78/0x2d0 [ 51.721256][ T3608] nilfs_detach_log_writer+0x4c1/0xbd0 [ 51.726716][ T3608] ? __might_sleep+0xc0/0xc0 [ 51.731302][ T3608] ? nilfs_attach_log_writer+0x8f0/0x8f0 [ 51.736927][ T3608] ? hook_sb_delete+0x988/0xab0 [ 51.741768][ T3608] ? wake_bit_function+0x240/0x240 [ 51.746870][ T3608] ? hook_inode_free_security+0xa0/0xa0 [ 51.752404][ T3608] ? clear_inode+0x150/0x150 [ 51.756983][ T3608] ? nilfs_free_inode+0x70/0x70 [ 51.761825][ T3608] nilfs_put_super+0x4b/0x150 [ 51.766494][ T3608] ? nilfs_free_inode+0x70/0x70 [ 51.771340][ T3608] generic_shutdown_super+0x130/0x310 [ 51.776701][ T3608] kill_block_super+0x79/0xd0 [ 51.781367][ T3608] deactivate_locked_super+0xa7/0xf0 [ 51.786658][ T3608] cleanup_mnt+0x4ce/0x560 [ 51.791066][ T3608] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.796259][ T3608] task_work_run+0x146/0x1c0 [ 51.800845][ T3608] do_exit+0x55e/0x20a0 [ 51.804988][ T3608] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.810179][ T3608] ? lockdep_hardirqs_on+0x8d/0x130 [ 51.815372][ T3608] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.820559][ T3608] ? ptrace_notify+0x245/0x340 [ 51.825335][ T3608] ? mm_update_next_owner+0x6d0/0x6d0 [ 51.830695][ T3608] ? do_notify_parent+0xe00/0xe00 [ 51.835709][ T3608] do_group_exit+0x23b/0x2f0 [ 51.840290][ T3608] __x64_sys_exit_group+0x3b/0x40 [ 51.845301][ T3608] do_syscall_64+0x3d/0xb0 [ 51.849731][ T3608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.855617][ T3608] RIP: 0033:0x7fd43033fb69 [ 51.860017][ T3608] Code: Unable to access opcode bytes at 0x7fd43033fb3f. [ 51.867020][ T3608] RSP: 002b:00007fffdf3f26a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 51.875423][ T3608] RAX: ffffffffffffffda RBX: 00007fd4303b7330 RCX: 00007fd43033fb69 [ 51.883385][ T3608] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 51.891342][ T3608] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007fd4303b1e40 [ 51.899306][ T3608] R10: 00007fffdf3f25c0 R11: 0000000000000246 R12: 00007fd4303b7330 [ 51.907286][ T3608] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 51.915255][ T3608] [ 51.918422][ T3608] Kernel Offset: disabled [ 51.922752][ T3608] Rebooting in 86400 seconds..