./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3107438419 <...> Warning: Permanently added '10.128.1.106' (ED25519) to the list of known hosts. execve("./syz-executor3107438419", ["./syz-executor3107438419"], 0x7ffe6b96b210 /* 10 vars */) = 0 brk(NULL) = 0x5555608a5000 brk(0x5555608a5d00) = 0x5555608a5d00 arch_prctl(ARCH_SET_FS, 0x5555608a5380) = 0 set_tid_address(0x5555608a5650) = 5218 set_robust_list(0x5555608a5660, 24) = 0 rseq(0x5555608a5ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3107438419", 4096) = 28 getrandom("\x45\xf0\x1f\x70\x95\xab\x8b\x23", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555608a5d00 brk(0x5555608c6d00) = 0x5555608c6d00 brk(0x5555608c7000) = 0x5555608c7000 mprotect(0x7fc9cece6000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5219 attached [pid 5219] set_robust_list(0x5555608a5660, 24) = 0 [pid 5219] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5218] <... clone resumed>, child_tidptr=0x5555608a5650) = 5219 [pid 5218] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5220 attached [pid 5220] set_robust_list(0x5555608a5660, 24 [pid 5219] <... clone resumed>, child_tidptr=0x5555608a5650) = 5220 [pid 5220] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5221 attached [pid 5218] <... clone resumed>, child_tidptr=0x5555608a5650) = 5221 [pid 5221] set_robust_list(0x5555608a5660, 24 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5218] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5221] <... set_robust_list resumed>) = 0 [pid 5220] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5222 attached [pid 5221] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5218] <... clone resumed>, child_tidptr=0x5555608a5650) = 5222 [pid 5222] set_robust_list(0x5555608a5660, 24 [pid 5220] setpgid(0, 0 [pid 5218] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5223 attached [pid 5222] <... set_robust_list resumed>) = 0 [pid 5220] <... setpgid resumed>) = 0 [pid 5222] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5225 attached ./strace-static-x86_64: Process 5224 attached [pid 5223] set_robust_list(0x5555608a5660, 24 [pid 5221] <... clone resumed>, child_tidptr=0x5555608a5650) = 5223 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5225] set_robust_list(0x5555608a5660, 24 [pid 5223] <... set_robust_list resumed>) = 0 [ 61.872945][ T29] audit: type=1400 audit(1728667959.929:88): avc: denied { execmem } for pid=5218 comm="syz-executor310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 5223] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5220] <... openat resumed>) = 3 [pid 5218] <... clone resumed>, child_tidptr=0x5555608a5650) = 5224 [pid 5225] <... set_robust_list resumed>) = 0 [pid 5224] set_robust_list(0x5555608a5660, 24 [pid 5223] <... prctl resumed>) = 0 [pid 5222] <... clone resumed>, child_tidptr=0x5555608a5650) = 5225 [pid 5218] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5225] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5224] <... set_robust_list resumed>) = 0 [pid 5223] setpgid(0, 0 [pid 5220] write(3, "1000", 4 [pid 5225] <... prctl resumed>) = 0 [pid 5224] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5223] <... setpgid resumed>) = 0 [pid 5220] <... write resumed>) = 4 [pid 5220] close(3) = 0 ./strace-static-x86_64: Process 5226 attached [pid 5223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5227 attached [pid 5225] setpgid(0, 0 executing program [pid 5227] set_robust_list(0x5555608a5660, 24 [pid 5225] <... setpgid resumed>) = 0 [pid 5220] write(1, "executing program\n", 18 [pid 5226] set_robust_list(0x5555608a5660, 24 [pid 5220] <... write resumed>) = 18 [pid 5226] <... set_robust_list resumed>) = 0 [pid 5220] mkdirat(AT_FDCWD, "./file0", 000 [pid 5218] <... clone resumed>, child_tidptr=0x5555608a5650) = 5226 [pid 5227] <... set_robust_list resumed>) = 0 [pid 5226] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5224] <... clone resumed>, child_tidptr=0x5555608a5650) = 5227 [pid 5223] <... openat resumed>) = 3 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5225] <... openat resumed>) = 3 [pid 5223] write(3, "1000", 4 [pid 5220] <... mkdirat resumed>) = 0 [pid 5227] <... prctl resumed>) = 0 [pid 5225] write(3, "1000", 4 [pid 5223] <... write resumed>) = 4 ./strace-static-x86_64: Process 5228 attached [pid 5227] setpgid(0, 0 [pid 5225] <... write resumed>) = 4 [pid 5223] close(3 [pid 5220] pipe2( [pid 5228] set_robust_list(0x5555608a5660, 24 [pid 5227] <... setpgid resumed>) = 0 [pid 5226] <... clone resumed>, child_tidptr=0x5555608a5650) = 5228 [pid 5225] close(3 [pid 5223] <... close resumed>) = 0 [pid 5228] <... set_robust_list resumed>) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5225] <... close resumed>) = 0 executing program [pid 5223] write(1, "executing program\n", 18 [pid 5220] <... pipe2 resumed>[3, 4], 0) = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5227] <... openat resumed>) = 3 [pid 5225] write(1, "executing program\n", 18 [pid 5223] <... write resumed>) = 18 executing program [pid 5225] <... write resumed>) = 18 [pid 5228] <... prctl resumed>) = 0 [pid 5228] setpgid(0, 0 [pid 5227] write(3, "1000", 4 [pid 5223] mkdirat(AT_FDCWD, "./file0", 000 [pid 5228] <... setpgid resumed>) = 0 executing program [pid 5227] <... write resumed>) = 4 [pid 5225] mkdirat(AT_FDCWD, "./file0", 000 [pid 5220] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000004,cache=fscache," [pid 5227] close(3 [pid 5223] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5227] <... close resumed>) = 0 [pid 5223] pipe2( [pid 5227] write(1, "executing program\n", 18 [pid 5223] <... pipe2 resumed>[3, 4], 0) = 0 [pid 5227] <... write resumed>) = 18 [pid 5227] mkdirat(AT_FDCWD, "./file0", 000 [pid 5223] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000004,cache=fscache," [pid 5228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5227] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5225] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5228] <... openat resumed>) = 3 [pid 5227] pipe2( [pid 5225] pipe2([3, 4], 0) = 0 [pid 5227] <... pipe2 resumed>[3, 4], 0) = 0 [pid 5228] write(3, "1000", 4 [pid 5227] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000004,cache=fscache," [pid 5225] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000004,cache=fscache," [pid 5228] <... write resumed>) = 4 [pid 5228] close(3) = 0 executing program [pid 5228] write(1, "executing program\n", 18) = 18 [pid 5228] mkdirat(AT_FDCWD, "./file0", 000) = -1 EEXIST (File exists) [ 61.950267][ T29] audit: type=1400 audit(1728667960.009:89): avc: denied { mounton } for pid=5220 comm="syz-executor310" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 61.973289][ T5225] ------------[ cut here ]------------ [ 61.978981][ T5225] kmem_cache of name '9p-fcall-cache' already exists [ 61.989706][ T5225] WARNING: CPU: 1 PID: 5225 at mm/slab_common.c:107 __kmem_cache_create_args+0xb0/0x3c0 [pid 5228] pipe2([3, 4], 0) = 0 [ 61.999700][ T5225] Modules linked in: [ 62.003639][ T5225] CPU: 1 UID: 0 PID: 5225 Comm: syz-executor310 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0 [ 62.014882][ T5225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 62.025003][ T5225] RIP: 0010:__kmem_cache_create_args+0xb0/0x3c0 [ 62.031309][ T5225] Code: 98 48 3d f0 d5 31 8e 74 25 48 8b 7b 60 48 89 ee e8 95 6c 42 09 85 c0 75 e0 90 48 c7 c7 68 16 7b 8d 48 89 ee e8 21 18 7e ff 90 <0f> 0b 90 90 be 20 00 00 00 48 89 ef e8 1f 6e 42 09 48 85 c0 0f 85 [ 62.050984][ T5225] RSP: 0018:ffffc9000210f900 EFLAGS: 00010282 [ 62.057098][ T5225] RAX: 0000000000000000 RBX: ffff88814b6e28c0 RCX: ffffffff814e71a9 [ 62.065086][ T5225] RDX: ffff888030049e00 RSI: ffffffff814e71b6 RDI: 0000000000000001 [ 62.073105][ T5225] RBP: ffffffff8cc39660 R08: 0000000000000001 R09: 0000000000000000 [ 62.081119][ T5225] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 62.089136][ T5225] R13: 0000000000020018 R14: ffffc9000210f9f0 R15: 0000000000020018 [ 62.097173][ T5225] FS: 00005555608a5380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 62.106107][ T5225] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.112755][ T5225] CR2: 00005639ced904a0 CR3: 0000000077c96000 CR4: 00000000003526f0 [ 62.120820][ T5225] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.128895][ T5225] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.136912][ T5225] Call Trace: [ 62.140209][ T5225] [ 62.143154][ T5225] ? __warn+0xea/0x3d0 [ 62.147291][ T5225] ? __kmem_cache_create_args+0xb0/0x3c0 [ 62.152957][ T5225] ? report_bug+0x3c0/0x580 [ 62.157515][ T5225] ? handle_bug+0x54/0xa0 [ 62.161870][ T5225] ? exc_invalid_op+0x17/0x50 [ 62.166550][ T5225] ? asm_exc_invalid_op+0x1a/0x20 [ 62.171742][ T5225] ? __warn_printk+0x199/0x350 [ 62.176543][ T5225] ? __warn_printk+0x1a6/0x350 [ 62.181362][ T5225] ? __kmem_cache_create_args+0xb0/0x3c0 [ 62.187046][ T5225] p9_client_create+0xebd/0x11b0 [ 62.192005][ T5225] ? __pfx_p9_client_create+0x10/0x10 [ 62.197481][ T5225] ? __raw_spin_lock_init+0x3a/0x110 [ 62.202795][ T5225] v9fs_session_init+0x1f8/0x1a80 [ 62.207904][ T5225] ? __pfx_v9fs_session_init+0x10/0x10 [ 62.213393][ T5225] ? kasan_save_track+0x14/0x30 [ 62.218305][ T5225] v9fs_mount+0xc6/0xa50 [ 62.222572][ T5225] ? __pfx_v9fs_mount+0x10/0x10 [ 62.227475][ T5225] ? selinux_sb_eat_lsm_opts+0x594/0x700 [ 62.233142][ T5225] ? cap_capable+0x1cf/0x240 [ 62.237882][ T5225] ? __pfx_v9fs_mount+0x10/0x10 [ 62.242750][ T5225] legacy_get_tree+0x109/0x220 [ 62.247582][ T5225] vfs_get_tree+0x8f/0x380 [ 62.252042][ T5225] path_mount+0x14e6/0x1f20 [ 62.256578][ T5225] ? kmem_cache_free+0x152/0x4b0 [ 62.261576][ T5225] ? __pfx_path_mount+0x10/0x10 [ 62.266459][ T5225] ? putname+0x12e/0x170 [ 62.270749][ T5225] __x64_sys_mount+0x294/0x320 [ 62.275545][ T5225] ? __pfx___x64_sys_mount+0x10/0x10 [ 62.280888][ T5225] ? _raw_spin_unlock_irq+0x2e/0x50 [ 62.286102][ T5225] ? ptrace_notify+0xf1/0x130 [ 62.290844][ T5225] do_syscall_64+0xcd/0x250 [ 62.295377][ T5225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.301344][ T5225] RIP: 0033:0x7fc9cec72e69 [ 62.305796][ T5225] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 62.325549][ T5225] RSP: 002b:00007ffead8fbcb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 62.334038][ T5225] RAX: ffffffffffffffda RBX: 00007fc9cecbc04e RCX: 00007fc9cec72e69 [ 62.342055][ T5225] RDX: 0000000020000280 RSI: 00000000200002c0 RDI: 0000000000000000 [ 62.350066][ T5225] RBP: 00000000000f4240 R08: 0000000020000400 R09: 00000000000000a0 [ 62.358106][ T5225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 62.366098][ T5225] R13: 00007ffead8fbed8 R14: 00007ffead8fbce0 R15: 00007ffead8fbcd0 [ 62.374145][ T5225] [ 62.377210][ T5225] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 62.384501][ T5225] CPU: 1 UID: 0 PID: 5225 Comm: syz-executor310 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0 [ 62.395688][ T5225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 62.405741][ T5225] Call Trace: [ 62.409011][ T5225] [ 62.412025][ T5225] dump_stack_lvl+0x3d/0x1f0 [ 62.416617][ T5225] panic+0x71d/0x800 [ 62.420507][ T5225] ? __pfx_panic+0x10/0x10 [ 62.424928][ T5225] ? show_trace_log_lvl+0x29d/0x3d0 [ 62.430123][ T5225] ? check_panic_on_warn+0x1f/0xb0 [ 62.435234][ T5225] ? __kmem_cache_create_args+0xb0/0x3c0 [ 62.440863][ T5225] check_panic_on_warn+0xab/0xb0 [ 62.445824][ T5225] __warn+0xf6/0x3d0 [ 62.449715][ T5225] ? __kmem_cache_create_args+0xb0/0x3c0 [ 62.455357][ T5225] report_bug+0x3c0/0x580 [ 62.459705][ T5225] handle_bug+0x54/0xa0 [ 62.463853][ T5225] exc_invalid_op+0x17/0x50 [ 62.468353][ T5225] asm_exc_invalid_op+0x1a/0x20 [ 62.473195][ T5225] RIP: 0010:__kmem_cache_create_args+0xb0/0x3c0 [ 62.479438][ T5225] Code: 98 48 3d f0 d5 31 8e 74 25 48 8b 7b 60 48 89 ee e8 95 6c 42 09 85 c0 75 e0 90 48 c7 c7 68 16 7b 8d 48 89 ee e8 21 18 7e ff 90 <0f> 0b 90 90 be 20 00 00 00 48 89 ef e8 1f 6e 42 09 48 85 c0 0f 85 [ 62.499049][ T5225] RSP: 0018:ffffc9000210f900 EFLAGS: 00010282 [ 62.505120][ T5225] RAX: 0000000000000000 RBX: ffff88814b6e28c0 RCX: ffffffff814e71a9 [ 62.513087][ T5225] RDX: ffff888030049e00 RSI: ffffffff814e71b6 RDI: 0000000000000001 [ 62.521055][ T5225] RBP: ffffffff8cc39660 R08: 0000000000000001 R09: 0000000000000000 [ 62.529024][ T5225] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 62.536990][ T5225] R13: 0000000000020018 R14: ffffc9000210f9f0 R15: 0000000000020018 [ 62.544968][ T5225] ? __warn_printk+0x199/0x350 [ 62.549739][ T5225] ? __warn_printk+0x1a6/0x350 [ 62.554519][ T5225] p9_client_create+0xebd/0x11b0 [ 62.559491][ T5225] ? __pfx_p9_client_create+0x10/0x10 [ 62.564883][ T5225] ? __raw_spin_lock_init+0x3a/0x110 [ 62.570177][ T5225] v9fs_session_init+0x1f8/0x1a80 [ 62.575213][ T5225] ? __pfx_v9fs_session_init+0x10/0x10 [ 62.580688][ T5225] ? kasan_save_track+0x14/0x30 [ 62.585541][ T5225] v9fs_mount+0xc6/0xa50 [ 62.589788][ T5225] ? __pfx_v9fs_mount+0x10/0x10 [ 62.594644][ T5225] ? selinux_sb_eat_lsm_opts+0x594/0x700 [ 62.600283][ T5225] ? cap_capable+0x1cf/0x240 [ 62.604876][ T5225] ? __pfx_v9fs_mount+0x10/0x10 [ 62.609728][ T5225] legacy_get_tree+0x109/0x220 [ 62.614503][ T5225] vfs_get_tree+0x8f/0x380 [ 62.618931][ T5225] path_mount+0x14e6/0x1f20 [ 62.623443][ T5225] ? kmem_cache_free+0x152/0x4b0 [ 62.628381][ T5225] ? __pfx_path_mount+0x10/0x10 [ 62.633238][ T5225] ? putname+0x12e/0x170 [ 62.637485][ T5225] __x64_sys_mount+0x294/0x320 [ 62.642254][ T5225] ? __pfx___x64_sys_mount+0x10/0x10 [ 62.647545][ T5225] ? _raw_spin_unlock_irq+0x2e/0x50 [ 62.652749][ T5225] ? ptrace_notify+0xf1/0x130 [ 62.657435][ T5225] do_syscall_64+0xcd/0x250 [ 62.661945][ T5225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.667841][ T5225] RIP: 0033:0x7fc9cec72e69 [ 62.672250][ T5225] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 62.691853][ T5225] RSP: 002b:00007ffead8fbcb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 62.700268][ T5225] RAX: ffffffffffffffda RBX: 00007fc9cecbc04e RCX: 00007fc9cec72e69 [ 62.708236][ T5225] RDX: 0000000020000280 RSI: 00000000200002c0 RDI: 0000000000000000 [ 62.716200][ T5225] RBP: 00000000000f4240 R08: 0000000020000400 R09: 00000000000000a0 [ 62.724167][ T5225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 62.732136][ T5225] R13: 00007ffead8fbed8 R14: 00007ffead8fbce0 R15: 00007ffead8fbcd0 [ 62.740118][ T5225] [ 62.743422][ T5225] Kernel Offset: disabled [ 62.747803][ T5225] Rebooting in 86400 seconds..