./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3462338851 <...> forked to background, child pid 4906 no interfaces have a carrier [ 29.809536][ T4907] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.825124][ T4907] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.23' (ED25519) to the list of known hosts. execve("./syz-executor3462338851", ["./syz-executor3462338851"], 0x7ffe39f0e0f0 /* 10 vars */) = 0 brk(NULL) = 0x55559329a000 brk(0x55559329ad00) = 0x55559329ad00 arch_prctl(ARCH_SET_FS, 0x55559329a380) = 0 set_tid_address(0x55559329a650) = 5237 set_robust_list(0x55559329a660, 24) = 0 rseq(0x55559329aca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3462338851", 4096) = 28 getrandom("\x65\xc8\x08\x4e\x69\x79\xea\x2f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55559329ad00 brk(0x5555932bbd00) = 0x5555932bbd00 brk(0x5555932bc000) = 0x5555932bc000 mprotect(0x7fbdcb053000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5238 attached [pid 5238] set_robust_list(0x55559329a660, 24 [pid 5237] <... clone resumed>, child_tidptr=0x55559329a650) = 5238 [pid 5238] <... set_robust_list resumed>) = 0 [pid 5237] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5238] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5240 attached ./strace-static-x86_64: Process 5239 attached [pid 5239] set_robust_list(0x55559329a660, 24 [pid 5238] <... clone resumed>, child_tidptr=0x55559329a650) = 5239 [pid 5240] set_robust_list(0x55559329a660, 24 [pid 5239] <... set_robust_list resumed>) = 0 [pid 5237] <... clone resumed>, child_tidptr=0x55559329a650) = 5240 [pid 5240] <... set_robust_list resumed>) = 0 [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5240] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5239] setpgid(0, 0) = 0 [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5242 attached ./strace-static-x86_64: Process 5241 attached [pid 5237] <... clone resumed>, child_tidptr=0x55559329a650) = 5241 [pid 5240] <... clone resumed>, child_tidptr=0x55559329a650) = 5242 [pid 5242] set_robust_list(0x55559329a660, 24 [pid 5241] set_robust_list(0x55559329a660, 24 [pid 5239] <... openat resumed>) = 3 [pid 5241] <... set_robust_list resumed>) = 0 [pid 5242] <... set_robust_list resumed>) = 0 [pid 5237] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5241] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5239] write(3, "1000", 4 [pid 5242] setpgid(0, 0 [pid 5239] <... write resumed>) = 4 ./strace-static-x86_64: Process 5243 attached [pid 5242] <... setpgid resumed>) = 0 [pid 5239] close(3 [pid 5237] <... clone resumed>, child_tidptr=0x55559329a650) = 5243 [pid 5243] set_robust_list(0x55559329a660, 24 [pid 5242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5239] <... close resumed>) = 0 [pid 5243] <... set_robust_list resumed>) = 0 [pid 5237] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5244 attached executing program [pid 5243] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5242] <... openat resumed>) = 3 [pid 5239] write(1, "executing program\n", 18 [pid 5244] set_robust_list(0x55559329a660, 24 [pid 5242] write(3, "1000", 4 [pid 5239] <... write resumed>) = 18 ./strace-static-x86_64: Process 5245 attached [pid 5244] <... set_robust_list resumed>) = 0 [pid 5242] <... write resumed>) = 4 [pid 5241] <... clone resumed>, child_tidptr=0x55559329a650) = 5244 [pid 5239] mknodat(AT_FDCWD, "./file0", 000./strace-static-x86_64: Process 5246 attached [pid 5237] <... clone resumed>, child_tidptr=0x55559329a650) = 5245 [pid 5245] set_robust_list(0x55559329a660, 24 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5242] close(3 [pid 5239] <... mknodat resumed>) = 0 [pid 5245] <... set_robust_list resumed>) = 0 [pid 5244] <... prctl resumed>) = 0 [pid 5242] <... close resumed>) = 0 [pid 5244] setpgid(0, 0 [pid 5242] write(1, "executing program\n", 18executing program [pid 5246] set_robust_list(0x55559329a660, 24 [pid 5245] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5244] <... setpgid resumed>) = 0 [pid 5243] <... clone resumed>, child_tidptr=0x55559329a650) = 5246 [pid 5242] <... write resumed>) = 18 [pid 5239] pipe2( [pid 5246] <... set_robust_list resumed>) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5247 attached [pid 5246] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5244] <... openat resumed>) = 3 [pid 5242] mknodat(AT_FDCWD, "./file0", 000 [pid 5239] <... pipe2 resumed>[3, 4], 0) = 0 [pid 5247] set_robust_list(0x55559329a660, 24 [pid 5244] write(3, "1000", 4 [pid 5242] <... mknodat resumed>) = -1 EEXIST (File exists) [pid 5247] <... set_robust_list resumed>) = 0 [pid 5245] <... clone resumed>, child_tidptr=0x55559329a650) = 5247 [pid 5244] <... write resumed>) = 4 [pid 5242] pipe2( [pid 5246] <... prctl resumed>) = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5246] setpgid(0, 0 [pid 5244] close(3 [pid 5242] <... pipe2 resumed>[3, 4], 0) = 0 [pid 5239] dup(4 [pid 5247] <... prctl resumed>) = 0 [pid 5246] <... setpgid resumed>) = 0 [pid 5244] <... close resumed>) = 0 [pid 5242] dup(4 [pid 5239] <... dup resumed>) = 5 [pid 5247] setpgid(0, 0 [pid 5246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5242] <... dup resumed>) = 5 [pid 5244] write(1, "executing program\n", 18 [pid 5239] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,access=any,k" [pid 5247] <... setpgid resumed>) = 0 [pid 5242] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,access=any,k" [pid 5244] <... write resumed>) = 18 executing program [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5246] <... openat resumed>) = 3 [pid 5244] mknodat(AT_FDCWD, "./file0", 000 [pid 5246] write(3, "1000", 4 [pid 5244] <... mknodat resumed>) = -1 EEXIST (File exists) [pid 5247] <... openat resumed>) = 3 [pid 5246] <... write resumed>) = 4 [pid 5244] pipe2( [pid 5247] write(3, "1000", 4 [pid 5244] <... pipe2 resumed>[3, 4], 0) = 0 [pid 5247] <... write resumed>) = 4 [pid 5246] close(3 [pid 5244] dup(4) = 5 [pid 5244] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,access=any,k" [pid 5247] close(3) = 0 [pid 5247] write(1, "executing program\n", 18executing program ) = 18 [pid 5247] mknodat(AT_FDCWD, "./file0", 000) = -1 EEXIST (File exists) [pid 5247] pipe2([3, 4], 0) = 0 [pid 5246] <... close resumed>) = 0 [pid 5246] write(1, "executing program\n", 18 [pid 5247] dup(4) = 5 [pid 5247] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,access=any,k"executing program [pid 5246] <... write resumed>) = 18 [pid 5246] mknodat(AT_FDCWD, "./file0", 000) = -1 EEXIST (File exists) syzkaller login: [ 54.821468][ T5239] ------------[ cut here ]------------ [ 54.827114][ T5239] kmem_cache of name '9p-fcall-cache-(null)' already exists [ 54.835905][ T5239] WARNING: CPU: 0 PID: 5239 at mm/slab_common.c:108 __kmem_cache_create_args+0xa7/0x320 [ 54.845797][ T5239] Modules linked in: [ 54.849850][ T5239] CPU: 0 UID: 0 PID: 5239 Comm: syz-executor346 Not tainted 6.12.0-rc3-next-20241016-syzkaller #0 [ 54.860585][ T5239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [pid 5246] pipe2([3, 4], 0) = 0 [pid 5246] dup(4) = 5 [ 54.870698][ T5239] RIP: 0010:__kmem_cache_create_args+0xa7/0x320 [ 54.876978][ T5239] Code: 8e 48 8b 1b 48 39 eb 74 25 48 8b 7b f8 4c 89 fe e8 ce 95 e7 09 85 c0 75 e8 90 48 c7 c7 e7 08 0c 8e 4c 89 fe e8 ea 59 78 ff 90 <0f> 0b 90 90 4c 89 ff be 20 00 00 00 e8 28 97 e7 09 48 85 c0 0f 85 [ 54.897194][ T5239] RSP: 0018:ffffc9000387f788 EFLAGS: 00010246 [ 54.903457][ T5239] RAX: 79783cf9f1ddbd00 RBX: ffff88802ceff928 RCX: ffff888033299e00 [ 54.911538][ T5239] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 54.919535][ T5239] RBP: ffffffff8ea20cf8 R08: ffffffff8155d7b2 R09: fffffbfff1cfa3e0 [ 54.927643][ T5239] R10: dffffc0000000000 R11: fffffbfff1cfa3e0 R12: 0000000000020018 [ 54.935720][ T5239] R13: 0000000000000000 R14: ffffc9000387f860 R15: ffff8880780ecf80 [ 54.943734][ T5239] FS: 000055559329a380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 54.952749][ T5239] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.959359][ T5239] CR2: 0000000020001000 CR3: 0000000072c80000 CR4: 00000000003526f0 [ 54.967415][ T5239] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.975490][ T5239] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.983517][ T5239] Call Trace: [ 54.986898][ T5239] [ 54.989897][ T5239] ? __warn+0x168/0x4e0 [ 54.994076][ T5239] ? __kmem_cache_create_args+0xa7/0x320 [ 54.999774][ T5239] ? report_bug+0x2b3/0x500 [ 55.004308][ T5239] ? __kmem_cache_create_args+0xa7/0x320 [ 55.010036][ T5239] ? handle_bug+0x60/0x90 [ 55.014387][ T5239] ? exc_invalid_op+0x1a/0x50 [ 55.019063][ T5239] ? asm_exc_invalid_op+0x1a/0x20 [ 55.024161][ T5239] ? __warn_printk+0x292/0x360 [ 55.028954][ T5239] ? __kmem_cache_create_args+0xa7/0x320 [ 55.034682][ T5239] ? __kmem_cache_create_args+0xa6/0x320 [ 55.040407][ T5239] p9_client_create+0xbc0/0x1150 [ 55.045346][ T5239] ? __pfx_p9_client_create+0x10/0x10 [ 55.050858][ T5239] ? __asan_memset+0x23/0x50 [ 55.055495][ T5239] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 55.061393][ T5239] ? __raw_spin_lock_init+0x45/0x100 [ 55.066704][ T5239] v9fs_session_init+0x1e4/0x1b80 [ 55.071846][ T5239] ? __pfx_v9fs_session_init+0x10/0x10 [ 55.077330][ T5239] ? __kasan_kmalloc+0x98/0xb0 [ 55.082169][ T5239] ? __kmalloc_cache_noprof+0x243/0x390 [ 55.087765][ T5239] ? v9fs_mount+0xb2/0xaa0 [ 55.092273][ T5239] v9fs_mount+0xcf/0xaa0 [ 55.096540][ T5239] ? __pfx_aa_get_newest_label+0x10/0x10 [ 55.102224][ T5239] ? __pfx_v9fs_mount+0x10/0x10 [ 55.107103][ T5239] ? __kmalloc_cache_noprof+0x243/0x390 [ 55.112762][ T5239] legacy_get_tree+0xee/0x190 [ 55.117465][ T5239] ? __pfx_v9fs_mount+0x10/0x10 [ 55.122393][ T5239] vfs_get_tree+0x90/0x2b0 [ 55.126827][ T5239] do_new_mount+0x2be/0xb40 [ 55.131455][ T5239] ? __pfx_do_new_mount+0x10/0x10 [ 55.136505][ T5239] __se_sys_mount+0x2d6/0x3c0 [ 55.141246][ T5239] ? __pfx___se_sys_mount+0x10/0x10 [ 55.146485][ T5239] ? exc_page_fault+0x590/0x8c0 [ 55.151425][ T5239] ? __x64_sys_mount+0x20/0xc0 [ 55.156218][ T5239] do_syscall_64+0xf3/0x230 [ 55.160793][ T5239] ? clear_bhb_loop+0x35/0x90 [ 55.165486][ T5239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.171450][ T5239] RIP: 0033:0x7fbdcafdfea9 [ 55.175890][ T5239] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.195628][ T5239] RSP: 002b:00007ffd58901248 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 55.204126][ T5239] RAX: ffffffffffffffda RBX: 00007fbdcb02904e RCX: 00007fbdcafdfea9 [ 55.212189][ T5239] RDX: 0000000020004380 RSI: 0000000020000180 RDI: 0000000000000000 [ 55.220262][ T5239] RBP: 00000000000f4240 R08: 0000000020000280 R09: 00000000000000a0 [ 55.228254][ T5239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 55.236312][ T5239] R13: 00007ffd58901468 R14: 00007ffd58901270 R15: 00007ffd58901260 [ 55.244339][ T5239] [ 55.247351][ T5239] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 55.254621][ T5239] CPU: 0 UID: 0 PID: 5239 Comm: syz-executor346 Not tainted 6.12.0-rc3-next-20241016-syzkaller #0 [ 55.265194][ T5239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 55.275251][ T5239] Call Trace: [ 55.278608][ T5239] [ 55.281549][ T5239] dump_stack_lvl+0x241/0x360 [ 55.286241][ T5239] ? __pfx_dump_stack_lvl+0x10/0x10 [ 55.291448][ T5239] ? __pfx__printk+0x10/0x10 [ 55.296062][ T5239] ? vscnprintf+0x5d/0x90 [ 55.300400][ T5239] panic+0x349/0x880 [ 55.304296][ T5239] ? __warn+0x177/0x4e0 [ 55.308444][ T5239] ? __pfx_panic+0x10/0x10 [ 55.312963][ T5239] __warn+0x34b/0x4e0 [ 55.317001][ T5239] ? __kmem_cache_create_args+0xa7/0x320 [ 55.322717][ T5239] report_bug+0x2b3/0x500 [ 55.327044][ T5239] ? __kmem_cache_create_args+0xa7/0x320 [ 55.332670][ T5239] handle_bug+0x60/0x90 [ 55.336829][ T5239] exc_invalid_op+0x1a/0x50 [ 55.341330][ T5239] asm_exc_invalid_op+0x1a/0x20 [ 55.346187][ T5239] RIP: 0010:__kmem_cache_create_args+0xa7/0x320 [ 55.352461][ T5239] Code: 8e 48 8b 1b 48 39 eb 74 25 48 8b 7b f8 4c 89 fe e8 ce 95 e7 09 85 c0 75 e8 90 48 c7 c7 e7 08 0c 8e 4c 89 fe e8 ea 59 78 ff 90 <0f> 0b 90 90 4c 89 ff be 20 00 00 00 e8 28 97 e7 09 48 85 c0 0f 85 [ 55.372077][ T5239] RSP: 0018:ffffc9000387f788 EFLAGS: 00010246 [ 55.378146][ T5239] RAX: 79783cf9f1ddbd00 RBX: ffff88802ceff928 RCX: ffff888033299e00 [ 55.386112][ T5239] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 55.394078][ T5239] RBP: ffffffff8ea20cf8 R08: ffffffff8155d7b2 R09: fffffbfff1cfa3e0 [ 55.402047][ T5239] R10: dffffc0000000000 R11: fffffbfff1cfa3e0 R12: 0000000000020018 [ 55.410033][ T5239] R13: 0000000000000000 R14: ffffc9000387f860 R15: ffff8880780ecf80 [ 55.418025][ T5239] ? __warn_printk+0x292/0x360 [ 55.422801][ T5239] ? __kmem_cache_create_args+0xa6/0x320 [ 55.428441][ T5239] p9_client_create+0xbc0/0x1150 [ 55.433387][ T5239] ? __pfx_p9_client_create+0x10/0x10 [ 55.438757][ T5239] ? __asan_memset+0x23/0x50 [ 55.443867][ T5239] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 55.449682][ T5239] ? __raw_spin_lock_init+0x45/0x100 [ 55.454970][ T5239] v9fs_session_init+0x1e4/0x1b80 [ 55.460449][ T5239] ? __pfx_v9fs_session_init+0x10/0x10 [ 55.465938][ T5239] ? __kasan_kmalloc+0x98/0xb0 [ 55.470718][ T5239] ? __kmalloc_cache_noprof+0x243/0x390 [ 55.476275][ T5239] ? v9fs_mount+0xb2/0xaa0 [ 55.480697][ T5239] v9fs_mount+0xcf/0xaa0 [ 55.484942][ T5239] ? __pfx_aa_get_newest_label+0x10/0x10 [ 55.490579][ T5239] ? __pfx_v9fs_mount+0x10/0x10 [ 55.495511][ T5239] ? __kmalloc_cache_noprof+0x243/0x390 [ 55.501067][ T5239] legacy_get_tree+0xee/0x190 [ 55.505742][ T5239] ? __pfx_v9fs_mount+0x10/0x10 [ 55.510602][ T5239] vfs_get_tree+0x90/0x2b0 [ 55.515024][ T5239] do_new_mount+0x2be/0xb40 [ 55.519526][ T5239] ? __pfx_do_new_mount+0x10/0x10 [ 55.524644][ T5239] __se_sys_mount+0x2d6/0x3c0 [ 55.529342][ T5239] ? __pfx___se_sys_mount+0x10/0x10 [ 55.534561][ T5239] ? exc_page_fault+0x590/0x8c0 [ 55.539432][ T5239] ? __x64_sys_mount+0x20/0xc0 [ 55.544211][ T5239] do_syscall_64+0xf3/0x230 [ 55.548711][ T5239] ? clear_bhb_loop+0x35/0x90 [ 55.553391][ T5239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.559375][ T5239] RIP: 0033:0x7fbdcafdfea9 [ 55.563784][ T5239] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.583407][ T5239] RSP: 002b:00007ffd58901248 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 55.591837][ T5239] RAX: ffffffffffffffda RBX: 00007fbdcb02904e RCX: 00007fbdcafdfea9 [ 55.599814][ T5239] RDX: 0000000020004380 RSI: 0000000020000180 RDI: 0000000000000000 [ 55.607785][ T5239] RBP: 00000000000f4240 R08: 0000000020000280 R09: 00000000000000a0 [ 55.615749][ T5239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 55.623725][ T5239] R13: 00007ffd58901468 R14: 00007ffd58901270 R15: 00007ffd58901260 [ 55.631790][ T5239] [ 55.635066][ T5239] Kernel Offset: disabled [ 55.639431][ T5239] Rebooting in 86400 seconds..