./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor880831923 <...> Warning: Permanently added '10.128.1.41' (ECDSA) to the list of known hosts. execve("./syz-executor880831923", ["./syz-executor880831923"], 0x7ffc60c85e40 /* 10 vars */) = 0 brk(NULL) = 0x555555f48000 brk(0x555555f48c40) = 0x555555f48c40 arch_prctl(ARCH_SET_FS, 0x555555f48300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor880831923", 4096) = 27 brk(0x555555f69c40) = 0x555555f69c40 brk(0x555555f6a000) = 0x555555f6a000 mprotect(0x7f8f746bf000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3608 attached , child_tidptr=0x555555f485d0) = 3608 [pid 3608] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3608] setsid() = 1 [pid 3608] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3608] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3608] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3608] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3608] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3608] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3608] unshare(CLONE_NEWNS) = 0 [pid 3608] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3608] unshare(CLONE_NEWIPC) = 0 [pid 3608] unshare(CLONE_NEWCGROUP) = 0 [pid 3608] unshare(CLONE_NEWUTS) = 0 [pid 3608] unshare(CLONE_SYSVSEM) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "16777216", 8) = 8 [pid 3608] close(3) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "536870912", 9) = 9 [pid 3608] close(3) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "1024", 4) = 4 [pid 3608] close(3) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "8192", 4) = 4 [pid 3608] close(3) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "1024", 4) = 4 [pid 3608] close(3) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "1024", 4) = 4 [pid 3608] close(3) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3608] close(3) = 0 [pid 3608] getpid() = 1 [pid 3608] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [ 49.817364][ T3608] dump_stack_lvl+0x1b1/0x28e [ 49.822041][ T3608] ? fortify_panic+0x13/0x13 [ 49.826620][ T3608] ? _printk+0xc0/0x100 [ 49.830761][ T3608] ? __wake_up_klogd+0xd6/0x100 [ 49.835597][ T3608] ? __wake_up_klogd+0xcd/0x100 [ 49.840450][ T3608] ? panic+0x715/0x715 [ 49.844508][ T3608] ? _printk+0xc0/0x100 [ 49.848657][ T3608] print_address_description+0x65/0x4b0 [ 49.854193][ T3608] print_report+0x108/0x1f0 [ 49.858683][ T3608] ? read_lock_is_recursive+0x10/0x10 [ 49.864041][ T3608] ? nilfs_test_metadata_dirty+0x39/0x210 [ 49.869750][ T3608] kasan_report+0xc3/0xf0 [ 49.874063][ T3608] ? do_raw_spin_lock+0x148/0x360 [ 49.879073][ T3608] ? nilfs_test_metadata_dirty+0x39/0x210 [ 49.884780][ T3608] nilfs_test_metadata_dirty+0x39/0x210 [ 49.890316][ T3608] nilfs_segctor_confirm+0x78/0x2d0 [ 49.895502][ T3608] nilfs_detach_log_writer+0x4c1/0xbd0 [ 49.900946][ T3608] ? __might_sleep+0xc0/0xc0 [ 49.905529][ T3608] ? nilfs_attach_log_writer+0x8f0/0x8f0 [ 49.911147][ T3608] ? hook_sb_delete+0x988/0xab0 [ 49.915984][ T3608] ? wake_bit_function+0x240/0x240 [ 49.921081][ T3608] ? hook_inode_free_security+0xa0/0xa0 [ 49.926612][ T3608] ? clear_inode+0x150/0x150 [ 49.931187][ T3608] ? nilfs_free_inode+0x70/0x70 [ 49.936109][ T3608] nilfs_put_super+0x4b/0x150 [ 49.940859][ T3608] ? nilfs_free_inode+0x70/0x70 [ 49.945696][ T3608] generic_shutdown_super+0x128/0x300 [ 49.951054][ T3608] kill_block_super+0x79/0xd0 [ 49.955719][ T3608] deactivate_locked_super+0xa7/0xf0 [ 49.960994][ T3608] cleanup_mnt+0x4ce/0x560 [ 49.965398][ T3608] ? _raw_spin_unlock_irq+0x1f/0x40 [ 49.970591][ T3608] task_work_run+0x146/0x1c0 [ 49.975170][ T3608] do_exit+0x55e/0x20a0 [ 49.979314][ T3608] ? _raw_spin_unlock_irq+0x1f/0x40 [ 49.984496][ T3608] ? lockdep_hardirqs_on+0x8d/0x130 [ 49.989682][ T3608] ? _raw_spin_unlock_irq+0x2a/0x40 [ 49.994864][ T3608] ? ptrace_notify+0x245/0x340 [ 49.999637][ T3608] ? mm_update_next_owner+0x6d0/0x6d0 [ 50.004995][ T3608] ? do_notify_parent+0xe00/0xe00 [ 50.010009][ T3608] do_group_exit+0x23b/0x2f0 [ 50.014593][ T3608] __x64_sys_exit_group+0x3b/0x40 [ 50.019604][ T3608] do_syscall_64+0x3d/0xb0 [ 50.024009][ T3608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.029894][ T3608] RIP: 0033:0x7f8f7464dba9 [ 50.034296][ T3608] Code: Unable to access opcode bytes at RIP 0x7f8f7464db7f. [ 50.041644][ T3608] RSP: 002b:00007fff5b90d628 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 50.050217][ T3608] RAX: ffffffffffffffda RBX: 00007f8f746c5330 RCX: 00007f8f7464dba9 [ 50.058177][ T3608] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 50.066130][ T3608] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007f8f746bfe40 [ 50.074171][ T3608] R10: 00007f8f746bfe40 R11: 0000000000000246 R12: 00007f8f746c5330 [ 50.082128][ T3608] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 50.090092][ T3608] [ 50.093099][ T3608] [ 50.095412][ T3608] Allocated by task 3608: [ 50.099721][ T3608] ____kasan_kmalloc+0xcd/0x100 [ 50.104561][ T3608] kmem_cache_alloc_trace+0x97/0x310 [ 50.109830][ T3608] nilfs_find_or_create_root+0x142/0x4f0 [ 50.115465][ T3608] nilfs_attach_checkpoint+0xcd/0x4a0 [ 50.120820][ T3608] nilfs_fill_super+0x2e8/0x5d0 [ 50.125657][ T3608] nilfs_mount+0x613/0x9b0 [ 50.130056][ T3608] legacy_get_tree+0xea/0x180 [ 50.134718][ T3608] vfs_get_tree+0x88/0x270 [ 50.139123][ T3608] do_new_mount+0x289/0xad0 [ 50.143611][ T3608] __se_sys_mount+0x2d3/0x3c0 [ 50.148280][ T3608] do_syscall_64+0x3d/0xb0 [ 50.152710][ T3608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.158592][ T3608] [ 50.160902][ T3608] Freed by task 3608: [ 50.164862][ T3608] kasan_set_track+0x3d/0x60 [ 50.169436][ T3608] kasan_set_free_info+0x1f/0x40 [ 50.174357][ T3608] ____kasan_slab_free+0xd8/0x120 [ 50.179365][ T3608] slab_free_freelist_hook+0x12e/0x1a0 [ 50.184806][ T3608] kfree+0xda/0x210 [ 50.188598][ T3608] nilfs_evict_inode+0xe5/0x3d0 [ 50.193434][ T3608] evict+0x2a4/0x620 [ 50.197314][ T3608] evict_inodes+0x658/0x700 [ 50.201805][ T3608] generic_shutdown_super+0x94/0x300 [ 50.207071][ T3608] kill_block_super+0x79/0xd0 [ 50.211731][ T3608] deactivate_locked_super+0xa7/0xf0 [ 50.216998][ T3608] cleanup_mnt+0x4ce/0x560 [ 50.221400][ T3608] task_work_run+0x146/0x1c0 [ 50.226059][ T3608] do_exit+0x55e/0x20a0 [ 50.230193][ T3608] do_group_exit+0x23b/0x2f0 [ 50.234772][ T3608] __x64_sys_exit_group+0x3b/0x40 [ 50.239779][ T3608] do_syscall_64+0x3d/0xb0 [ 50.244187][ T3608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.250154][ T3608] [ 50.252465][ T3608] The buggy address belongs to the object at ffff888144eac400 [ 50.252465][ T3608] which belongs to the cache kmalloc-256 of size 256 [ 50.266503][ T3608] The buggy address is located 48 bytes inside of [ 50.266503][ T3608] 256-byte region [ffff888144eac400, ffff888144eac500) [ 50.279677][ T3608] [ 50.281986][ T3608] The buggy address belongs to the physical page: [ 50.288381][ T3608] page:ffffea000513ab00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x144eac [ 50.298600][ T3608] head:ffffea000513ab00 order:1 compound_mapcount:0 compound_pincount:0 [ 50.306907][ T3608] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff) [ 50.314969][ T3608] raw: 057ff00000010200 ffffea000513ac80 dead000000000004 ffff888012041b40 [ 50.323538][ T3608] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 50.332724][ T3608] page dumped because: kasan: bad access detected [ 50.339122][ T3608] page_owner tracks the page as allocated [ 50.344828][ T3608] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 2084344812, free_ts 0 [ 50.364457][ T3608] get_page_from_freelist+0x742/0x7c0 [ 50.369832][ T3608] __alloc_pages+0x259/0x560 [ 50.374408][ T3608] alloc_page_interleave+0x22/0x1c0 [ 50.379589][ T3608] alloc_slab_page+0x70/0xf0 [ 50.384164][ T3608] allocate_slab+0x5e/0x520 [ 50.388653][ T3608] ___slab_alloc+0x3ee/0xc40 [ 50.393231][ T3608] __kmalloc_track_caller+0x2bb/0x370 [ 50.398605][ T3608] krealloc+0x5c/0xe0 [ 50.402569][ T3608] add_sysfs_param+0xc8/0x800 [ 50.407233][ T3608] kernel_add_sysfs_param+0xb0/0x126 [ 50.412514][ T3608] param_sysfs_builtin+0x1fb/0x2a5 [ 50.417615][ T3608] param_sysfs_init+0x68/0x6c [ 50.422277][ T3608] do_one_initcall+0x1b9/0x3e0 [ 50.427026][ T3608] do_initcall_level+0x168/0x218 [ 50.431949][ T3608] do_initcalls+0x4b/0x8c [ 50.436262][ T3608] kernel_init_freeable+0x3f1/0x57b [ 50.441450][ T3608] page_owner free stack trace missing [ 50.446798][ T3608] [ 50.449105][ T3608] Memory state around the buggy address: [ 50.454730][ T3608] ffff888144eac300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.462774][ T3608] ffff888144eac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.470824][ T3608] >ffff888144eac400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 50.478866][ T3608] ^ [ 50.484475][ T3608] ffff888144eac480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 50.492538][ T3608] ffff888144eac500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.500618][ T3608] ================================================================== [ 50.515975][ T3608] Kernel panic - not syncing: panic_on_warn set ... [ 50.522593][ T3608] CPU: 0 PID: 3608 Comm: syz-executor880 Not tainted 6.0.0-rc7-syzkaller-00220-gffb4d94b4314 #0 [ 50.533010][ T3608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 50.543052][ T3608] Call Trace: [ 50.546314][ T3608] [ 50.549229][ T3608] dump_stack_lvl+0x1b1/0x28e [ 50.553890][ T3608] ? fortify_panic+0x13/0x13 [ 50.558476][ T3608] ? panic+0x715/0x715 [ 50.562539][ T3608] ? preempt_schedule_common+0xb7/0xe0 [ 50.568096][ T3608] ? vscnprintf+0x59/0x80 [ 50.572422][ T3608] panic+0x2d6/0x715 [ 50.576314][ T3608] ? fb_is_primary_device+0xcc/0xcc [ 50.581608][ T3608] ? _raw_spin_unlock_irqrestore+0x110/0x120 [ 50.587601][ T3608] ? print_report+0x1b4/0x1f0 [ 50.592271][ T3608] ? nilfs_test_metadata_dirty+0x39/0x210 [ 50.597969][ T3608] end_report+0x91/0xa0 [ 50.602105][ T3608] kasan_report+0xd0/0xf0 [ 50.606423][ T3608] ? do_raw_spin_lock+0x148/0x360 [ 50.611607][ T3608] ? nilfs_test_metadata_dirty+0x39/0x210 [ 50.617314][ T3608] nilfs_test_metadata_dirty+0x39/0x210 [ 50.622864][ T3608] nilfs_segctor_confirm+0x78/0x2d0 [ 50.628054][ T3608] nilfs_detach_log_writer+0x4c1/0xbd0 [ 50.633498][ T3608] ? __might_sleep+0xc0/0xc0 [ 50.638080][ T3608] ? nilfs_attach_log_writer+0x8f0/0x8f0 [ 50.643701][ T3608] ? hook_sb_delete+0x988/0xab0 [ 50.648539][ T3608] ? wake_bit_function+0x240/0x240 [ 50.653639][ T3608] ? hook_inode_free_security+0xa0/0xa0 [ 50.659435][ T3608] ? clear_inode+0x150/0x150 [ 50.664014][ T3608] ? nilfs_free_inode+0x70/0x70 [ 50.668853][ T3608] nilfs_put_super+0x4b/0x150 [ 50.673520][ T3608] ? nilfs_free_inode+0x70/0x70 [ 50.678360][ T3608] generic_shutdown_super+0x128/0x300 [ 50.683734][ T3608] kill_block_super+0x79/0xd0 [ 50.688399][ T3608] deactivate_locked_super+0xa7/0xf0 [ 50.693671][ T3608] cleanup_mnt+0x4ce/0x560 [ 50.698072][ T3608] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.703256][ T3608] task_work_run+0x146/0x1c0 [ 50.707852][ T3608] do_exit+0x55e/0x20a0 [ 50.712025][ T3608] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.717230][ T3608] ? lockdep_hardirqs_on+0x8d/0x130 [ 50.722440][ T3608] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.727638][ T3608] ? ptrace_notify+0x245/0x340 [ 50.732398][ T3608] ? mm_update_next_owner+0x6d0/0x6d0 [ 50.737776][ T3608] ? do_notify_parent+0xe00/0xe00 [ 50.742806][ T3608] do_group_exit+0x23b/0x2f0 [ 50.747395][ T3608] __x64_sys_exit_group+0x3b/0x40 [ 50.752417][ T3608] do_syscall_64+0x3d/0xb0 [ 50.756823][ T3608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.762705][ T3608] RIP: 0033:0x7f8f7464dba9 [ 50.767122][ T3608] Code: Unable to access opcode bytes at RIP 0x7f8f7464db7f. [ 50.774512][ T3608] RSP: 002b:00007fff5b90d628 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 50.782942][ T3608] RAX: ffffffffffffffda RBX: 00007f8f746c5330 RCX: 00007f8f7464dba9 [ 50.790903][ T3608] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 50.798858][ T3608] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007f8f746bfe40 [ 50.806813][ T3608] R10: 00007f8f746bfe40 R11: 0000000000000246 R12: 00007f8f746c5330 [ 50.814786][ T3608] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 50.822762][ T3608] [ 50.825924][ T3608] Kernel Offset: disabled [ 50.830269][ T3608] Rebooting in 86400 seconds..