./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor172755898 <...> forked to background, child pid 4651 no interfaces have a carrier [ 21.038924][ T4652] 8021q: adding VLAN 0 to HW filter on device bond0 [ 21.047891][ T4652] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.86' (ECDSA) to the list of known hosts. execve("./syz-executor172755898", ["./syz-executor172755898"], 0x7ffd422ddf10 /* 10 vars */) = 0 brk(NULL) = 0x555556c46000 brk(0x555556c46c40) = 0x555556c46c40 arch_prctl(ARCH_SET_FS, 0x555556c46300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor172755898", 4096) = 27 brk(0x555556c67c40) = 0x555556c67c40 brk(0x555556c68000) = 0x555556c68000 mprotect(0x7faa28f2a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5074 attached , child_tidptr=0x555556c465d0) = 5074 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 5075 attached [pid 5073] <... clone resumed>, child_tidptr=0x555556c465d0) = 5075 [pid 5074] <... openat resumed>) = 3 [pid 5074] ioctl(3, LOOP_CLR_FD [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5074] close(3) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c465d0) = 5077 ./strace-static-x86_64: Process 5077 attached [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] memfd_create("syzkaller", 0 [pid 5073] <... clone resumed>, child_tidptr=0x555556c465d0) = 5076 [pid 5077] <... memfd_create resumed>) = 3 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faa20a6f000 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c465d0) = 5078 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c465d0) = 5079 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c465d0) = 5080 [pid 5075] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 5076 attached ) = 3 [pid 5075] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5075] close(3) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5076] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5075] <... clone resumed>, child_tidptr=0x555556c465d0) = 5081 ./strace-static-x86_64: Process 5079 attached [pid 5076] <... openat resumed>) = 3 [pid 5079] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 5081 attached [pid 5076] ioctl(3, LOOP_CLR_FD [pid 5079] <... openat resumed>) = 3 [pid 5079] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5079] close(3 [pid 5076] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5076] close(3 [pid 5079] <... close resumed>) = 0 [pid 5079] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5076] <... close resumed>) = 0 [pid 5081] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5078 attached ./strace-static-x86_64: Process 5080 attached [pid 5078] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5080] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5078] <... openat resumed>) = 3 [pid 5079] <... clone resumed>, child_tidptr=0x555556c465d0) = 5083 [pid 5080] ioctl(3, LOOP_CLR_FD [pid 5078] ioctl(3, LOOP_CLR_FD [pid 5080] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] setpgid(0, 0 [pid 5078] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5076] <... clone resumed>, child_tidptr=0x555556c465d0) = 5084 ./strace-static-x86_64: Process 5084 attached [pid 5080] close(3 [pid 5081] <... setpgid resumed>) = 0 [pid 5078] close(3 [pid 5080] <... close resumed>) = 0 [pid 5078] <... close resumed>) = 0 [pid 5080] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5078] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 5083 attached [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5081] write(3, "1000", 4 [pid 5078] <... clone resumed>, child_tidptr=0x555556c465d0) = 5086 ./strace-static-x86_64: Process 5086 attached [pid 5081] <... write resumed>) = 4 [pid 5084] <... prctl resumed>) = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5081] close(3 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] setpgid(0, 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] <... openat resumed>) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] memfd_create("syzkaller", 0 [pid 5081] <... close resumed>) = 0 [pid 5086] <... memfd_create resumed>) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faa20a6f000 syzkaller login: [ 38.258095][ T5077] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5077 'syz-executor172' [pid 5084] <... setpgid resumed>) = 0 [pid 5083] <... prctl resumed>) = 0 [pid 5081] memfd_create("syzkaller", 0 [pid 5080] <... clone resumed>, child_tidptr=0x555556c465d0) = 5085 ./strace-static-x86_64: Process 5085 attached [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5083] setpgid(0, 0 [pid 5081] <... memfd_create resumed>) = 3 [pid 5083] <... setpgid resumed>) = 0 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5084] <... openat resumed>) = 3 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5081] <... mmap resumed>) = 0x7faa20a6f000 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5083] <... openat resumed>) = 3 [pid 5085] <... prctl resumed>) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faa20a6f000 [pid 5084] write(3, "1000", 4) = 4 [pid 5083] write(3, "1000", 4 [pid 5084] close(3 [pid 5083] <... write resumed>) = 4 [pid 5084] <... close resumed>) = 0 [pid 5083] close(3 [pid 5084] memfd_create("syzkaller", 0) = 3 [pid 5083] <... close resumed>) = 0 [pid 5083] memfd_create("syzkaller", 0 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5083] <... memfd_create resumed>) = 3 [pid 5084] <... mmap resumed>) = 0x7faa20a6f000 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faa20a6f000 [pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304 [pid 5083] <... write resumed>) = 4194304 [pid 5084] <... write resumed>) = 4194304 [pid 5083] munmap(0x7faa20a6f000, 4194304 [pid 5084] munmap(0x7faa20a6f000, 4194304) = 0 [pid 5083] <... munmap resumed>) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5084] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5083] <... openat resumed>) = 4 [pid 5084] <... openat resumed>) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3 [pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5084] close(3) = 0 [pid 5084] mkdir("./file0", 0777 [pid 5083] <... ioctl resumed>) = 0 [pid 5083] close(3) = 0 [pid 5083] mkdir("./file0", 0777 [pid 5077] <... write resumed>) = 4194304 [pid 5077] munmap(0x7faa20a6f000, 4194304) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5086] <... write resumed>) = 4194304 [pid 5086] munmap(0x7faa20a6f000, 4194304 [pid 5077] <... openat resumed>) = 4 [pid 5086] <... munmap resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5077] ioctl(4, LOOP_SET_FD, 3 [pid 5086] <... openat resumed>) = 4 [pid 5084] <... mkdir resumed>) = 0 [pid 5083] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5083] mount("/dev/loop4", "./file0", "reiserfs", MS_NOEXEC|MS_I_VERSION, "" [pid 5086] ioctl(4, LOOP_SET_FD, 3 [ 38.455932][ T5083] loop4: detected capacity change from 0 to 8192 [ 38.463524][ T5084] loop2: detected capacity change from 0 to 8192 [ 38.483892][ T5077] loop0: detected capacity change from 0 to 8192 [ 38.491808][ T5086] loop3: detected capacity change from 0 to 8192 [pid 5084] mount("/dev/loop2", "./file0", "reiserfs", MS_NOEXEC|MS_I_VERSION, "" [pid 5086] <... ioctl resumed>) = 0 [pid 5085] <... write resumed>) = 4194304 [pid 5081] <... write resumed>) = 4194304 [pid 5077] <... ioctl resumed>) = 0 [pid 5086] close(3 [pid 5081] munmap(0x7faa20a6f000, 4194304 [pid 5086] <... close resumed>) = 0 [pid 5085] munmap(0x7faa20a6f000, 4194304 [pid 5081] <... munmap resumed>) = 0 [pid 5086] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5085] <... munmap resumed>) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5086] mount("/dev/loop3", "./file0", "reiserfs", MS_NOEXEC|MS_I_VERSION, "" [pid 5085] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5081] <... openat resumed>) = 4 [pid 5085] <... openat resumed>) = 4 [ 38.494550][ T5083] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 38.511335][ T5083] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 38.520908][ T5083] REISERFS (device loop4): using ordered data mode [ 38.521466][ T5084] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 38.527392][ T5083] reiserfs: using flush barriers [ 38.530115][ T5081] loop1: detected capacity change from 0 to 8192 [pid 5081] ioctl(4, LOOP_SET_FD, 3 [pid 5085] ioctl(4, LOOP_SET_FD, 3 [ 38.551611][ T5084] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 38.551671][ T5084] REISERFS (device loop2): using ordered data mode [ 38.561453][ T5085] loop5: detected capacity change from 0 to 8192 [ 38.567543][ T5084] reiserfs: using flush barriers [ 38.574330][ T5083] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [pid 5077] close(3) = 0 [pid 5085] <... ioctl resumed>) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5085] mount("/dev/loop5", "./file0", "reiserfs", MS_NOEXEC|MS_I_VERSION, "" [pid 5081] <... ioctl resumed>) = 0 [pid 5077] mkdir("./file0", 0777 [pid 5081] close(3 [pid 5077] <... mkdir resumed>) = -1 EEXIST (File exists) [ 38.579952][ T5084] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 38.597424][ T5083] REISERFS (device loop4): checking transaction log (loop4) [ 38.613009][ T5085] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 38.621617][ T5084] REISERFS (device loop2): checking transaction log (loop2) [ 38.632783][ T5085] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [pid 5081] <... close resumed>) = 0 [pid 5077] mount("/dev/loop0", "./file0", "reiserfs", MS_NOEXEC|MS_I_VERSION, "" [pid 5081] mkdir("./file0", 0777) = -1 EEXIST (File exists) [ 38.638896][ T5086] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 38.664152][ T5086] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 38.679612][ T5085] REISERFS (device loop5): using ordered data mode [ 38.684837][ T5081] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 38.686218][ T5085] reiserfs: using flush barriers [ 38.686890][ T5086] REISERFS (device loop3): using ordered data mode [ 38.700171][ T5077] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 38.704154][ T5085] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 38.710647][ T5077] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 38.727066][ T5086] reiserfs: using flush barriers [ 38.741355][ T5077] REISERFS (device loop0): using ordered data mode [ 38.753202][ T5081] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 38.755276][ T5077] reiserfs: using flush barriers [ 38.765060][ T5085] REISERFS (device loop5): checking transaction log (loop5) [ 38.771689][ T5077] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 38.778446][ T5081] REISERFS (device loop1): using ordered data mode [ 38.800229][ T5086] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 38.808644][ T5081] reiserfs: using flush barriers [ 38.829518][ T5083] REISERFS (device loop4): Using r5 hash to sort names [ 38.834256][ T5077] REISERFS (device loop0): checking transaction log (loop0) [ 38.837153][ T5083] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [pid 5081] mount("/dev/loop1", "./file0", "reiserfs", MS_NOEXEC|MS_I_VERSION, "" [pid 5084] <... mount resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5084] chdir("./file0") = 0 [pid 5084] ioctl(4, LOOP_CLR_FD) = 0 [ 38.854190][ T5084] REISERFS (device loop2): Using r5 hash to sort names [ 38.862280][ T5084] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 38.868795][ T5086] REISERFS (device loop3): checking transaction log (loop3) [ 38.871547][ T5081] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 38.900925][ T5081] REISERFS (device loop1): checking transaction log (loop1) [pid 5084] close(4 [pid 5083] <... mount resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5084] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5083] <... openat resumed>) = 3 [pid 5084] <... open resumed>) = 4 [pid 5083] chdir("./file0") = 0 [pid 5083] ioctl(4, LOOP_CLR_FD) = 0 [pid 5083] close(4) = 0 [pid 5083] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 5083] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5083] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5083] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5084] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5084] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [ 38.914035][ T26] audit: type=1800 audit(1679764633.117:2): pid=5084 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor172" name="bus" dev="loop2" ino=4 res=0 errno=0 [ 38.939834][ T5081] REISERFS warning: reiserfs-5090 is_tree_node: node level 0 does not match to the expected one -1 [ 38.993656][ T5081] REISERFS error (device loop1): vs-5150 search_by_key: invalid format found in block 0. Fsck? [ 39.005084][ T26] audit: type=1800 audit(1679764633.117:3): pid=5083 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor172" name="bus" dev="loop4" ino=4 res=0 errno=0 [ 39.005664][ T5085] REISERFS (device loop5): Using r5 hash to sort names [ 39.050691][ T5081] REISERFS (device loop1): Remounting filesystem read-only [ 39.059910][ T5081] REISERFS error (device loop1): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] [ 39.076133][ T5081] REISERFS warning (device loop1): reiserfs_fill_super: corrupt root inode, run fsck [ 39.087915][ T5081] ================================================================== [ 39.095977][ T5081] BUG: KASAN: vmalloc-out-of-bounds in cleanup_bitmap_list.part.0+0x4ac/0x5f0 [ 39.097560][ T5077] REISERFS (device loop0): Using r5 hash to sort names [ 39.104837][ T5081] Read of size 8 at addr ffffc900015ce008 by task syz-executor172/5081 [ 39.104853][ T5081] [ 39.104857][ T5081] CPU: 0 PID: 5081 Comm: syz-executor172 Not tainted 6.3.0-rc3-syzkaller-00317-g65aca32efdcb #0 [ 39.104876][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 39.104887][ T5081] Call Trace: [ 39.104892][ T5081] [ 39.128678][ T5086] REISERFS (device loop3): Using r5 hash to sort names [ 39.132605][ T5081] dump_stack_lvl+0xd9/0x150 [ 39.132636][ T5081] print_address_description.constprop.0+0x2c/0x3c0 [ 39.143594][ T5085] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 39.145940][ T5081] ? cleanup_bitmap_list.part.0+0x4ac/0x5f0 [ 39.145976][ T5081] kasan_report+0x11c/0x130 [ 39.150943][ T5077] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 39.155720][ T5081] ? cleanup_bitmap_list.part.0+0x4ac/0x5f0 [ 39.155754][ T5081] cleanup_bitmap_list.part.0+0x4ac/0x5f0 [ 39.168677][ T5086] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 39.175910][ T5081] free_journal_ram+0x165/0x600 [ 39.175943][ T5081] ? do_raw_spin_unlock+0x175/0x230 [ 39.175966][ T5081] journal_release_error+0x76/0xa0 [ 39.175992][ T5081] reiserfs_fill_super+0x107a/0x2ea0 [ 39.236405][ T5081] ? reiserfs_remount+0x1650/0x1650 [ 39.241602][ T5081] ? sget+0x47b/0x580 [ 39.245577][ T5081] ? snprintf+0xbf/0x100 [ 39.249809][ T5081] ? vsprintf+0x30/0x30 [ 39.253951][ T5081] ? wait_for_completion_io_timeout+0x20/0x20 [ 39.260007][ T5081] ? up_write+0x1b4/0x520 [ 39.264337][ T5081] mount_bdev+0x351/0x410 [ 39.268656][ T5081] ? reiserfs_remount+0x1650/0x1650 [ 39.273841][ T5081] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 39.278849][ T5081] legacy_get_tree+0x109/0x220 [ 39.283597][ T5081] vfs_get_tree+0x8d/0x350 [ 39.287998][ T5081] path_mount+0x1342/0x1e40 [ 39.292496][ T5081] ? kmem_cache_free+0xe9/0x480 [ 39.297339][ T5081] ? finish_automount+0x9b0/0x9b0 [ 39.302349][ T5081] ? putname+0x102/0x140 [ 39.306579][ T5081] __x64_sys_mount+0x283/0x300 [ 39.311330][ T5081] ? copy_mnt_ns+0xb30/0xb30 [ 39.315904][ T5081] ? lockdep_hardirqs_on+0x7d/0x100 [ 39.321103][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50 [ 39.326290][ T5081] ? ptrace_notify+0xfe/0x140 [ 39.330950][ T5081] do_syscall_64+0x39/0xb0 [ 39.335354][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 39.341235][ T5081] RIP: 0033:0x7faa28ebd7ba [ 39.345633][ T5081] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 39.365309][ T5081] RSP: 002b:00007fff39b8a798 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 39.373702][ T5081] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faa28ebd7ba [ 39.381656][ T5081] RDX: 0000000020001100 RSI: 0000000020001140 RDI: 00007fff39b8a7b0 [ 39.389612][ T5081] RBP: 00007fff39b8a7b0 R08: 00007fff39b8a7f0 R09: 0000000000000000 [ 39.397563][ T5081] R10: 0000000000800008 R11: 0000000000000286 R12: 0000000000000004 [ 39.405525][ T5081] R13: 0000555556c462c0 R14: 0000000000800008 R15: 00007fff39b8a7f0 [ 39.413501][ T5081] [ 39.416504][ T5081] [ 39.418810][ T5081] The buggy address belongs to the virtual mapping at [ 39.418810][ T5081] [ffffc900015ce000, ffffc900015d0000) created by: [ 39.418810][ T5081] reiserfs_allocate_list_bitmaps+0x58/0x1d0 [ 39.437814][ T5081] [ 39.440122][ T5081] The buggy address belongs to the physical page: [ 39.446509][ T5081] page:ffffea0000a83000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a0c0 [ 39.456727][ T5081] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 39.463857][ T5081] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 39.472424][ T5081] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 39.481069][ T5081] page dumped because: kasan: bad access detected [ 39.487461][ T5081] page_owner tracks the page as allocated [ 39.493154][ T5081] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5081, tgid 5081 (syz-executor172), ts 38861865046, free_ts 31213342188 [ 39.512583][ T5081] get_page_from_freelist+0x1190/0x2e20 [ 39.518123][ T5081] __alloc_pages+0x1cb/0x4a0 [ 39.522697][ T5081] __alloc_pages_bulk+0x9a6/0x1590 [ 39.527791][ T5081] alloc_pages_bulk_array_mempolicy+0x1b7/0x360 [ 39.534034][ T5081] __vmalloc_node_range+0xe4b/0x1390 [ 39.539314][ T5081] vzalloc+0x6b/0x80 [ 39.543197][ T5081] reiserfs_allocate_list_bitmaps+0x58/0x1d0 [ 39.549171][ T5081] journal_init+0x3d2/0x64c0 [ 39.553750][ T5081] reiserfs_fill_super+0xc5b/0x2ea0 [ 39.558935][ T5081] mount_bdev+0x351/0x410 [ 39.563256][ T5081] legacy_get_tree+0x109/0x220 [ 39.568009][ T5081] vfs_get_tree+0x8d/0x350 [ 39.572410][ T5081] path_mount+0x1342/0x1e40 [ 39.576896][ T5081] __x64_sys_mount+0x283/0x300 [ 39.581646][ T5081] do_syscall_64+0x39/0xb0 [ 39.586044][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 39.591933][ T5081] page last free stack trace: [ 39.596582][ T5081] free_pcp_prepare+0x5d5/0xa50 [ 39.601429][ T5081] free_unref_page+0x1d/0x490 [ 39.606094][ T5081] __folio_put+0xc5/0x140 [ 39.610422][ T5081] anon_pipe_buf_release+0x3fb/0x4c0 [ 39.615699][ T5081] pipe_read+0x614/0x1110 [ 39.620014][ T5081] vfs_read+0x7fa/0x930 [ 39.624158][ T5081] ksys_read+0x1ec/0x250 [ 39.628386][ T5081] do_syscall_64+0x39/0xb0 [ 39.632787][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 39.638679][ T5081] [ 39.640983][ T5081] Memory state around the buggy address: [pid 5084] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5085] <... mount resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./file0") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 5085] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5085] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5085] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5077] <... mount resumed>) = 0 [pid 5077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5077] chdir("./file0") = 0 [pid 5077] ioctl(4, LOOP_CLR_FD) = 0 [pid 5077] close(4) = 0 [pid 5077] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 5077] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5077] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [ 39.646591][ T5081] ffffc900015cdf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 39.654651][ T5081] ffffc900015cdf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 39.662708][ T5081] >ffffc900015ce000: 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 39.670743][ T5081] ^ [ 39.675062][ T5081] ffffc900015ce080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 39.683112][ T5081] ffffc900015ce100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 39.691154][ T5081] ================================================================== [pid 5077] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5086] <... mount resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./file0") = 0 [pid 5086] ioctl(4, LOOP_CLR_FD) = 0 [pid 5086] close(4) = 0 [pid 5086] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 5086] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5086] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [ 39.706121][ T5081] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 39.709403][ T26] audit: type=1800 audit(1679764633.347:4): pid=5085 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor172" name="bus" dev="loop5" ino=4 res=0 errno=0 [ 39.709448][ T26] audit: type=1800 audit(1679764633.347:5): pid=5077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor172" name="bus" dev="loop0" ino=4 res=0 errno=0 [ 39.723457][ T26] audit: type=1800 audit(1679764633.927:6): pid=5086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor172" name="bus" dev="loop3" ino=4 res=0 errno=0 [ 39.774556][ T5081] CPU: 1 PID: 5081 Comm: syz-executor172 Not tainted 6.3.0-rc3-syzkaller-00317-g65aca32efdcb #0 [ 39.785023][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 39.795098][ T5081] Call Trace: [ 39.798381][ T5081] [ 39.801309][ T5081] dump_stack_lvl+0xd9/0x150 [ 39.805913][ T5081] panic+0x688/0x730 [ 39.809818][ T5081] ? panic_smp_self_stop+0x90/0x90 [ 39.814939][ T5081] ? preempt_schedule_thunk+0x1a/0x20 [ 39.820326][ T5081] ? preempt_schedule_common+0x45/0xb0 [ 39.825798][ T5081] check_panic_on_warn+0xb1/0xc0 [ 39.830742][ T5081] end_report+0xe9/0x120 [ 39.835001][ T5081] ? cleanup_bitmap_list.part.0+0x4ac/0x5f0 [ 39.840909][ T5081] kasan_report+0xf9/0x130 [ 39.845334][ T5081] ? cleanup_bitmap_list.part.0+0x4ac/0x5f0 [ 39.851246][ T5081] cleanup_bitmap_list.part.0+0x4ac/0x5f0 [pid 5086] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5084] <... write resumed>) = 4194304 [pid 5084] exit_group(0) = ? [pid 5083] <... write resumed>) = 4194304 [ 39.856988][ T5081] free_journal_ram+0x165/0x600 [ 39.861895][ T5081] ? do_raw_spin_unlock+0x175/0x230 [ 39.867105][ T5081] journal_release_error+0x76/0xa0 [ 39.872230][ T5081] reiserfs_fill_super+0x107a/0x2ea0 [ 39.877525][ T5081] ? reiserfs_remount+0x1650/0x1650 [ 39.882750][ T5081] ? sget+0x47b/0x580 [ 39.886738][ T5081] ? snprintf+0xbf/0x100 [ 39.890994][ T5081] ? vsprintf+0x30/0x30 [ 39.895155][ T5081] ? wait_for_completion_io_timeout+0x20/0x20 [ 39.901228][ T5081] ? up_write+0x1b4/0x520 [pid 5084] +++ exited with 0 +++ [pid 5083] exit_group(0) = ? [pid 5083] +++ exited with 0 +++ [pid 5076] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5079] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5076] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5076] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5079] ioctl(3, LOOP_CLR_FD [pid 5076] <... openat resumed>) = 3 [pid 5079] <... ioctl resumed>) = 0 [pid 5076] ioctl(3, LOOP_CLR_FD [pid 5079] close(3 [pid 5076] <... ioctl resumed>) = 0 [pid 5079] <... close resumed>) = 0 [pid 5076] close(3 [pid 5079] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5076] <... close resumed>) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5079] <... clone resumed>, child_tidptr=0x555556c465d0) = 5095 [pid 5076] <... clone resumed>, child_tidptr=0x555556c465d0) = 5096 ./strace-static-x86_64: Process 5096 attached [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 5095 attached [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5096] <... prctl resumed>) = 0 [pid 5096] setpgid(0, 0 [pid 5095] <... prctl resumed>) = 0 [pid 5096] <... setpgid resumed>) = 0 [pid 5095] setpgid(0, 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5095] <... setpgid resumed>) = 0 [ 39.905577][ T5081] mount_bdev+0x351/0x410 [ 39.909902][ T5081] ? reiserfs_remount+0x1650/0x1650 [ 39.915107][ T5081] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 39.920138][ T5081] legacy_get_tree+0x109/0x220 [ 39.924912][ T5081] vfs_get_tree+0x8d/0x350 [ 39.929334][ T5081] path_mount+0x1342/0x1e40 [ 39.933851][ T5081] ? kmem_cache_free+0xe9/0x480 [ 39.938710][ T5081] ? finish_automount+0x9b0/0x9b0 [ 39.943748][ T5081] ? putname+0x102/0x140 [ 39.947995][ T5081] __x64_sys_mount+0x283/0x300 [ 39.952767][ T5081] ? copy_mnt_ns+0xb30/0xb30 [pid 5096] <... openat resumed>) = 3 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5096] write(3, "1000", 4 [pid 5095] <... openat resumed>) = 3 [pid 5096] <... write resumed>) = 4 [pid 5095] write(3, "1000", 4 [pid 5096] close(3 [pid 5095] <... write resumed>) = 4 [pid 5096] <... close resumed>) = 0 [pid 5095] close(3 [pid 5096] memfd_create("syzkaller", 0 [pid 5095] <... close resumed>) = 0 [pid 5096] <... memfd_create resumed>) = 3 [pid 5095] memfd_create("syzkaller", 0 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5095] <... memfd_create resumed>) = 3 [pid 5096] <... mmap resumed>) = 0x7faa20a6f000 [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faa20a6f000 [ 39.957362][ T5081] ? lockdep_hardirqs_on+0x7d/0x100 [ 39.962572][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50 [ 39.967781][ T5081] ? ptrace_notify+0xfe/0x140 [ 39.972465][ T5081] do_syscall_64+0x39/0xb0 [ 39.976889][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 39.982787][ T5081] RIP: 0033:0x7faa28ebd7ba [ 39.987192][ T5081] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5086] <... write resumed>) = 4194304 [pid 5086] exit_group(0) = ? [pid 5085] <... write resumed>) = 4194304 [pid 5085] exit_group(0 [pid 5086] +++ exited with 0 +++ [pid 5085] <... exit_group resumed>) = ? [pid 5085] +++ exited with 0 +++ [ 40.006798][ T5081] RSP: 002b:00007fff39b8a798 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 40.015214][ T5081] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faa28ebd7ba [ 40.023182][ T5081] RDX: 0000000020001100 RSI: 0000000020001140 RDI: 00007fff39b8a7b0 [ 40.031154][ T5081] RBP: 00007fff39b8a7b0 R08: 00007fff39b8a7f0 R09: 0000000000000000 [ 40.039127][ T5081] R10: 0000000000800008 R11: 0000000000000286 R12: 0000000000000004 [ 40.047098][ T5081] R13: 0000555556c462c0 R14: 0000000000800008 R15: 00007fff39b8a7f0 [ 40.055073][ T5081] [ 40.058988][ T5081] Kernel Offset: disabled [ 40.063298][ T5081] Rebooting in 86400 seconds..