./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2371792031 <...> Warning: Permanently added '10.128.1.75' (ECDSA) to the list of known hosts. execve("./syz-executor2371792031", ["./syz-executor2371792031"], 0x7fffc41982a0 /* 10 vars */) = 0 brk(NULL) = 0x555555693000 brk(0x555555693d00) = 0x555555693d00 arch_prctl(ARCH_SET_FS, 0x5555556933c0) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2371792031", 4096) = 28 brk(0x5555556b4d00) = 0x5555556b4d00 brk(0x5555556b5000) = 0x5555556b5000 mprotect(0x7f30539af000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f30538f45f0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f30538fb980}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f30538f45f0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f30538fb980}, NULL, 8) = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555693690) = 3607 ./strace-static-x86_64: Process 3607 attached [pid 3607] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3607] setsid() = 1 [pid 3607] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3607] unshare(CLONE_NEWNS) = 0 [pid 3607] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3607] unshare(CLONE_NEWIPC) = 0 [pid 3607] unshare(CLONE_NEWCGROUP) = 0 [pid 3607] unshare(CLONE_NEWUTS) = 0 [pid 3607] unshare(CLONE_SYSVSEM) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "16777216", 8) = 8 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "536870912", 9) = 9 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "8192", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3607] close(3) = 0 [pid 3607] getpid() = 1 [pid 3607] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [ 52.358922][ T3608] dump_stack_lvl+0x1b1/0x28e [ 52.363599][ T3608] ? fortify_panic+0x13/0x13 [ 52.368184][ T3608] ? _printk+0xc0/0x100 [ 52.372332][ T3608] ? __wake_up_klogd+0xd6/0x100 [ 52.377172][ T3608] ? __wake_up_klogd+0xcd/0x100 [ 52.382027][ T3608] ? panic+0x710/0x710 [ 52.386090][ T3608] ? _printk+0xc0/0x100 [ 52.390243][ T3608] print_address_description+0x65/0x4b0 [ 52.395796][ T3608] print_report+0x108/0x1f0 [ 52.400291][ T3608] ? __might_sleep+0xc0/0xc0 [ 52.404878][ T3608] ? rcu_read_lock_sched_held+0x5d/0x110 [ 52.410504][ T3608] ? udf_find_entry+0x8a5/0x14f0 [ 52.415435][ T3608] kasan_report+0xc3/0xf0 [ 52.419757][ T3608] ? udf_find_entry+0x8a5/0x14f0 [ 52.424685][ T3608] kasan_check_range+0x2a7/0x2e0 [ 52.429613][ T3608] ? udf_find_entry+0x8a5/0x14f0 [ 52.434542][ T3608] memcpy+0x3c/0x60 [ 52.438433][ T3608] udf_find_entry+0x8a5/0x14f0 [ 52.443188][ T3608] ? __stack_depot_save+0x42e/0x490 [ 52.448385][ T3608] ? udf_tmpfile+0x140/0x140 [ 52.452965][ T3608] ? rcu_read_lock_sched_held+0x5d/0x110 [ 52.458591][ T3608] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 52.464559][ T3608] ? rcu_read_lock_sched_held+0x5d/0x110 [ 52.470197][ T3608] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 52.476204][ T3608] ? d_alloc+0x193/0x1d0 [ 52.480434][ T3608] ? trace_lock_release+0x7b/0x1a0 [ 52.485624][ T3608] ? d_alloc+0x193/0x1d0 [ 52.489856][ T3608] ? lock_release+0x81/0x820 [ 52.494533][ T3608] udf_lookup+0xef/0x340 [ 52.498766][ T3608] ? lockdep_softirqs_off+0x430/0x430 [ 52.504150][ T3608] ? udf_get_parent+0x2d0/0x2d0 [ 52.508994][ T3608] ? do_raw_spin_lock+0x148/0x360 [ 52.514186][ T3608] ? do_raw_spin_unlock+0x134/0x8a0 [ 52.519376][ T3608] ? __d_alloc+0x557/0x750 [ 52.523808][ T3608] ? _raw_spin_unlock+0x24/0x40 [ 52.528648][ T3608] ? d_alloc+0x193/0x1d0 [ 52.532899][ T3608] __lookup_hash+0x115/0x240 [ 52.537481][ T3608] do_unlinkat+0x26b/0x940 [ 52.541984][ T3608] ? try_break_deleg+0x120/0x120 [ 52.546915][ T3608] ? kmem_cache_alloc+0x202/0x310 [ 52.551929][ T3608] ? getname_kernel+0x13c/0x2d0 [ 52.556777][ T3608] do_coredump+0x20fb/0x2970 [ 52.561368][ T3608] ? nfs_ssc_unregister+0x30/0x30 [ 52.566467][ T3608] ? rcu_read_lock_sched_held+0x5d/0x110 [ 52.572204][ T3608] ? verify_cpu+0xc0/0x100 [ 52.576617][ T3608] ? print_irqtrace_events+0x220/0x220 [ 52.582069][ T3608] ? do_raw_spin_unlock+0x134/0x8a0 [ 52.587263][ T3608] get_signal+0x1417/0x1770 [ 52.591757][ T3608] ? ptrace_notify+0x245/0x340 [ 52.596515][ T3608] ? ptrace_notify+0x340/0x340 [ 52.601536][ T3608] ? do_raw_spin_unlock+0x134/0x8a0 [ 52.606740][ T3608] arch_do_signal_or_restart+0x7b/0x730 [ 52.612282][ T3608] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.617469][ T3608] ? ptrace_notify+0x245/0x340 [ 52.622227][ T3608] ? get_sigframe_size+0x10/0x10 [ 52.627161][ T3608] ? __x64_sys_pwrite64+0x1ca/0x240 [ 52.632357][ T3608] exit_to_user_mode_loop+0x74/0x150 [ 52.637643][ T3608] exit_to_user_mode_prepare+0xb2/0x140 [ 52.643272][ T3608] syscall_exit_to_user_mode+0x26/0x60 [ 52.648725][ T3608] do_syscall_64+0x49/0xb0 [ 52.653137][ T3608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.659021][ T3608] RIP: 0033:0x7f30538fb8d6 [ 52.663460][ T3608] Code: b8 ff ff ff ff eb b9 e8 68 3b 04 00 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 48 89 54 24 10 48 89 74 [ 52.683057][ T3608] RSP: 002b:00007ffc4fc1dd88 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 52.691463][ T3608] RAX: ffffffffffffffe5 RBX: 0000000000000006 RCX: 00007f30538fb8d6 [ 52.699428][ T3608] RDX: 0000000000000027 RSI: 0000020006000001 RDI: 0000000000000006 [ 52.707387][ T3608] RBP: 00007ffc4fc1dda0 R08: 00007ffc4fc1dc20 R09: 0000555555693380 [ 52.715349][ T3608] R10: 6608000000000014 R11: 0000000000000246 R12: 0000000000000028 [ 52.723327][ T3608] R13: 0000000000000006 R14: 000000000000001c R15: 00000000200004a0 [ 52.731309][ T3608] [ 52.734330][ T3608] [ 52.736645][ T3608] Allocated by task 3608: [ 52.740960][ T3608] ____kasan_kmalloc+0xcd/0x100 [ 52.746068][ T3608] kmem_cache_alloc_trace+0x97/0x310 [ 52.751348][ T3608] udf_find_entry+0x7b6/0x14f0 [ 52.756187][ T3608] udf_lookup+0xef/0x340 [ 52.760592][ T3608] __lookup_hash+0x115/0x240 [ 52.765169][ T3608] do_unlinkat+0x26b/0x940 [ 52.769574][ T3608] do_coredump+0x20fb/0x2970 [ 52.774239][ T3608] get_signal+0x1417/0x1770 [ 52.778731][ T3608] arch_do_signal_or_restart+0x7b/0x730 [ 52.784536][ T3608] exit_to_user_mode_loop+0x74/0x150 [ 52.789813][ T3608] exit_to_user_mode_prepare+0xb2/0x140 [ 52.795349][ T3608] syscall_exit_to_user_mode+0x26/0x60 [ 52.800838][ T3608] do_syscall_64+0x49/0xb0 [ 52.805337][ T3608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.811221][ T3608] [ 52.813619][ T3608] The buggy address belongs to the object at ffff888028a79200 [ 52.813619][ T3608] which belongs to the cache kmalloc-256 of size 256 [ 52.827745][ T3608] The buggy address is located 90 bytes inside of [ 52.827745][ T3608] 256-byte region [ffff888028a79200, ffff888028a79300) [ 52.840926][ T3608] [ 52.843237][ T3608] The buggy address belongs to the physical page: [ 52.849649][ T3608] page:ffffea0000a29e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28a78 [ 52.859801][ T3608] head:ffffea0000a29e00 order:1 compound_mapcount:0 compound_pincount:0 [ 52.868203][ T3608] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 52.876175][ T3608] raw: 00fff00000010200 ffffea0000a29d80 dead000000000002 ffff888012041b40 [ 52.884747][ T3608] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 52.893311][ T3608] page dumped because: kasan: bad access detected [ 52.899708][ T3608] page_owner tracks the page as allocated [ 52.905491][ T3608] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2, tgid 2 (kthreadd), ts 11303152503, free_ts 0 [ 52.925118][ T3608] get_page_from_freelist+0x742/0x7c0 [ 52.930490][ T3608] __alloc_pages+0x259/0x560 [ 52.935103][ T3608] alloc_slab_page+0x70/0xf0 [ 52.939698][ T3608] allocate_slab+0x5e/0x520 [ 52.944205][ T3608] ___slab_alloc+0x3ee/0xc40 [ 52.948804][ T3608] kmem_cache_alloc_trace+0x25f/0x310 [ 52.954188][ T3608] set_kthread_struct+0xb1/0x1f0 [ 52.959127][ T3608] copy_process+0x134d/0x3fa0 [ 52.963853][ T3608] kernel_clone+0x21f/0x790 [ 52.968362][ T3608] kernel_thread+0x150/0x1d0 [ 52.972954][ T3608] kthreadd+0x57c/0x750 [ 52.977103][ T3608] ret_from_fork+0x1f/0x30 [ 52.981597][ T3608] page_owner free stack trace missing [ 52.986947][ T3608] [ 52.989262][ T3608] Memory state around the buggy address: [ 52.994877][ T3608] ffff888028a79180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.002932][ T3608] ffff888028a79200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.010977][ T3608] >ffff888028a79280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 [ 53.019019][ T3608] ^ [ 53.026984][ T3608] ffff888028a79300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.035115][ T3608] ffff888028a79380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.043260][ T3608] ================================================================== [ 53.052006][ T3608] Kernel panic - not syncing: panic_on_warn set ... [ 53.058623][ T3608] CPU: 0 PID: 3608 Comm: syz-executor237 Not tainted 6.0.0-syzkaller-09039-ga6afa4199d3d #0 [ 53.068701][ T3608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 53.078764][ T3608] Call Trace: [ 53.082036][ T3608] [ 53.085738][ T3608] dump_stack_lvl+0x1b1/0x28e [ 53.090413][ T3608] ? fortify_panic+0x13/0x13 [ 53.094991][ T3608] ? panic+0x710/0x710 [ 53.099069][ T3608] ? preempt_schedule_common+0xb7/0xe0 [ 53.104533][ T3608] ? vscnprintf+0x59/0x80 [ 53.108861][ T3608] panic+0x2d6/0x710 [ 53.112759][ T3608] ? fb_is_primary_device+0xcc/0xcc [ 53.117970][ T3608] ? _raw_spin_unlock_irqrestore+0x110/0x120 [ 53.123944][ T3608] ? print_report+0x1b4/0x1f0 [ 53.128615][ T3608] ? udf_find_entry+0x8a5/0x14f0 [ 53.133540][ T3608] end_report+0x91/0xa0 [ 53.137680][ T3608] kasan_report+0xd0/0xf0 [ 53.142076][ T3608] ? udf_find_entry+0x8a5/0x14f0 [ 53.147010][ T3608] kasan_check_range+0x2a7/0x2e0 [ 53.151934][ T3608] ? udf_find_entry+0x8a5/0x14f0 [ 53.156942][ T3608] memcpy+0x3c/0x60 [ 53.160735][ T3608] udf_find_entry+0x8a5/0x14f0 [ 53.165480][ T3608] ? __stack_depot_save+0x42e/0x490 [ 53.170666][ T3608] ? udf_tmpfile+0x140/0x140 [ 53.175235][ T3608] ? rcu_read_lock_sched_held+0x5d/0x110 [ 53.180849][ T3608] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 53.186809][ T3608] ? rcu_read_lock_sched_held+0x5d/0x110 [ 53.192424][ T3608] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 53.198386][ T3608] ? d_alloc+0x193/0x1d0 [ 53.202698][ T3608] ? trace_lock_release+0x7b/0x1a0 [ 53.207790][ T3608] ? d_alloc+0x193/0x1d0 [ 53.212013][ T3608] ? lock_release+0x81/0x820 [ 53.216590][ T3608] udf_lookup+0xef/0x340 [ 53.220828][ T3608] ? lockdep_softirqs_off+0x430/0x430 [ 53.226360][ T3608] ? udf_get_parent+0x2d0/0x2d0 [ 53.231221][ T3608] ? do_raw_spin_lock+0x148/0x360 [ 53.236231][ T3608] ? do_raw_spin_unlock+0x134/0x8a0 [ 53.241412][ T3608] ? __d_alloc+0x557/0x750 [ 53.245904][ T3608] ? _raw_spin_unlock+0x24/0x40 [ 53.250762][ T3608] ? d_alloc+0x193/0x1d0 [ 53.254989][ T3608] __lookup_hash+0x115/0x240 [ 53.259563][ T3608] do_unlinkat+0x26b/0x940 [ 53.263975][ T3608] ? try_break_deleg+0x120/0x120 [ 53.268895][ T3608] ? kmem_cache_alloc+0x202/0x310 [ 53.273908][ T3608] ? getname_kernel+0x13c/0x2d0 [ 53.278758][ T3608] do_coredump+0x20fb/0x2970 [ 53.283338][ T3608] ? nfs_ssc_unregister+0x30/0x30 [ 53.288428][ T3608] ? rcu_read_lock_sched_held+0x5d/0x110 [ 53.294052][ T3608] ? verify_cpu+0xc0/0x100 [ 53.298454][ T3608] ? print_irqtrace_events+0x220/0x220 [ 53.303901][ T3608] ? do_raw_spin_unlock+0x134/0x8a0 [ 53.309109][ T3608] get_signal+0x1417/0x1770 [ 53.313605][ T3608] ? ptrace_notify+0x245/0x340 [ 53.318356][ T3608] ? ptrace_notify+0x340/0x340 [ 53.323104][ T3608] ? do_raw_spin_unlock+0x134/0x8a0 [ 53.328298][ T3608] arch_do_signal_or_restart+0x7b/0x730 [ 53.333843][ T3608] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.339038][ T3608] ? ptrace_notify+0x245/0x340 [ 53.343799][ T3608] ? get_sigframe_size+0x10/0x10 [ 53.348862][ T3608] ? __x64_sys_pwrite64+0x1ca/0x240 [ 53.354066][ T3608] exit_to_user_mode_loop+0x74/0x150 [ 53.359340][ T3608] exit_to_user_mode_prepare+0xb2/0x140 [ 53.364885][ T3608] syscall_exit_to_user_mode+0x26/0x60 [ 53.370455][ T3608] do_syscall_64+0x49/0xb0 [ 53.374867][ T3608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.380752][ T3608] RIP: 0033:0x7f30538fb8d6 [ 53.385160][ T3608] Code: b8 ff ff ff ff eb b9 e8 68 3b 04 00 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 48 89 54 24 10 48 89 74 [ 53.404764][ T3608] RSP: 002b:00007ffc4fc1dd88 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 53.413163][ T3608] RAX: ffffffffffffffe5 RBX: 0000000000000006 RCX: 00007f30538fb8d6 [ 53.421124][ T3608] RDX: 0000000000000027 RSI: 0000020006000001 RDI: 0000000000000006 [ 53.429077][ T3608] RBP: 00007ffc4fc1dda0 R08: 00007ffc4fc1dc20 R09: 0000555555693380 [ 53.437048][ T3608] R10: 6608000000000014 R11: 0000000000000246 R12: 0000000000000028 [ 53.445001][ T3608] R13: 0000000000000006 R14: 000000000000001c R15: 00000000200004a0 [ 53.452972][ T3608] [ 53.456208][ T3608] Kernel Offset: disabled [ 53.460523][ T3608] Rebooting in 86400 seconds..