./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3145632018 <...> DUID 00:04:e6:d8:3e:4c:c1:15:84:42:dc:00:60:8c:e3:5f:26:b4 forked to background, child pid 3186 [ 24.440101][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 24.450125][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.230' (ECDSA) to the list of known hosts. execve("./syz-executor3145632018", ["./syz-executor3145632018"], 0x7ffe0f6effe0 /* 10 vars */) = 0 brk(NULL) = 0x5555570af000 brk(0x5555570afc40) = 0x5555570afc40 arch_prctl(ARCH_SET_FS, 0x5555570af300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3145632018", 4096) = 28 brk(0x5555570d0c40) = 0x5555570d0c40 brk(0x5555570d1000) = 0x5555570d1000 mprotect(0x7f7c0b186000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3615 attached , child_tidptr=0x5555570af5d0) = 3615 [pid 3615] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3615] setsid() = 1 [pid 3615] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3615] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3615] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3615] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3615] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3615] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3615] unshare(CLONE_NEWNS) = 0 [pid 3615] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3615] unshare(CLONE_NEWIPC) = 0 [pid 3615] unshare(CLONE_NEWCGROUP) = 0 [pid 3615] unshare(CLONE_NEWUTS) = 0 [pid 3615] unshare(CLONE_SYSVSEM) = 0 [pid 3615] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] write(3, "16777216", 8) = 8 [pid 3615] close(3) = 0 [pid 3615] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] write(3, "536870912", 9) = 9 [pid 3615] close(3) = 0 [pid 3615] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] write(3, "1024", 4) = 4 [pid 3615] close(3) = 0 [pid 3615] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] write(3, "8192", 4) = 4 [pid 3615] close(3) = 0 [pid 3615] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] write(3, "1024", 4) = 4 [pid 3615] close(3) = 0 [pid 3615] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] write(3, "1024", 4) = 4 [pid 3615] close(3) = 0 [pid 3615] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3615] close(3) = 0 [pid 3615] getpid() = 1 [pid 3615] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [ 42.052922][ T3615] dump_stack_lvl+0x1b1/0x28e [ 42.057596][ T3615] ? fortify_panic+0x13/0x13 [ 42.062168][ T3615] ? _printk+0xc0/0x100 [ 42.066305][ T3615] ? __wake_up_klogd+0xd6/0x100 [ 42.071139][ T3615] ? __wake_up_klogd+0xcd/0x100 [ 42.075968][ T3615] ? panic+0x715/0x715 [ 42.080020][ T3615] ? _printk+0xc0/0x100 [ 42.084158][ T3615] print_address_description+0x65/0x4b0 [ 42.090123][ T3615] print_report+0x108/0x1f0 [ 42.094615][ T3615] ? read_lock_is_recursive+0x10/0x10 [ 42.099973][ T3615] ? nilfs_test_metadata_dirty+0x39/0x210 [ 42.105687][ T3615] kasan_report+0xc3/0xf0 [ 42.110048][ T3615] ? do_raw_spin_lock+0x148/0x360 [ 42.115056][ T3615] ? nilfs_test_metadata_dirty+0x39/0x210 [ 42.120761][ T3615] nilfs_test_metadata_dirty+0x39/0x210 [ 42.126306][ T3615] nilfs_segctor_confirm+0x78/0x2d0 [ 42.131495][ T3615] nilfs_detach_log_writer+0x4c1/0xbd0 [ 42.136939][ T3615] ? __might_sleep+0xc0/0xc0 [ 42.141515][ T3615] ? nilfs_attach_log_writer+0x8f0/0x8f0 [ 42.147131][ T3615] ? hook_sb_delete+0x988/0xab0 [ 42.151962][ T3615] ? wake_bit_function+0x240/0x240 [ 42.157058][ T3615] ? hook_inode_free_security+0xa0/0xa0 [ 42.162583][ T3615] ? clear_inode+0x150/0x150 [ 42.167168][ T3615] ? nilfs_free_inode+0x70/0x70 [ 42.172014][ T3615] nilfs_put_super+0x4b/0x150 [ 42.176686][ T3615] ? nilfs_free_inode+0x70/0x70 [ 42.181523][ T3615] generic_shutdown_super+0x128/0x300 [ 42.186883][ T3615] kill_block_super+0x79/0xd0 [ 42.191550][ T3615] deactivate_locked_super+0xa7/0xf0 [ 42.196827][ T3615] cleanup_mnt+0x4ce/0x560 [ 42.201242][ T3615] ? _raw_spin_unlock_irq+0x1f/0x40 [ 42.206434][ T3615] task_work_run+0x146/0x1c0 [ 42.211012][ T3615] do_exit+0x55e/0x20a0 [ 42.215149][ T3615] ? _raw_spin_unlock_irq+0x1f/0x40 [ 42.220343][ T3615] ? lockdep_hardirqs_on+0x8d/0x130 [ 42.225534][ T3615] ? _raw_spin_unlock_irq+0x2a/0x40 [ 42.230717][ T3615] ? ptrace_notify+0x245/0x340 [ 42.235473][ T3615] ? mm_update_next_owner+0x6d0/0x6d0 [ 42.240842][ T3615] ? do_notify_parent+0xe00/0xe00 [ 42.245865][ T3615] do_group_exit+0x23b/0x2f0 [ 42.250444][ T3615] __x64_sys_exit_group+0x3b/0x40 [ 42.255452][ T3615] do_syscall_64+0x3d/0xb0 [ 42.259849][ T3615] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.265730][ T3615] RIP: 0033:0x7f7c0b111689 [ 42.270132][ T3615] Code: Unable to access opcode bytes at RIP 0x7f7c0b11165f. [ 42.277476][ T3615] RSP: 002b:00007ffc6dfe57a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 42.285870][ T3615] RAX: ffffffffffffffda RBX: 00007f7c0b18c3f0 RCX: 00007f7c0b111689 [ 42.293826][ T3615] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 42.301780][ T3615] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: bb1414ac6dfe5827 [ 42.309733][ T3615] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c0b18c3f0 [ 42.317691][ T3615] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 42.325655][ T3615] [ 42.328661][ T3615] [ 42.330967][ T3615] Allocated by task 3615: [ 42.335276][ T3615] ____kasan_kmalloc+0xcd/0x100 [ 42.340112][ T3615] kmem_cache_alloc_trace+0x97/0x310 [ 42.345377][ T3615] nilfs_find_or_create_root+0x142/0x4f0 [ 42.350992][ T3615] nilfs_attach_checkpoint+0xcd/0x4a0 [ 42.356434][ T3615] nilfs_fill_super+0x2e8/0x5d0 [ 42.361265][ T3615] nilfs_mount+0x613/0x9b0 [ 42.365662][ T3615] legacy_get_tree+0xea/0x180 [ 42.370320][ T3615] vfs_get_tree+0x88/0x270 [ 42.374751][ T3615] do_new_mount+0x289/0xad0 [ 42.379233][ T3615] __se_sys_mount+0x2d3/0x3c0 [ 42.383890][ T3615] do_syscall_64+0x3d/0xb0 [ 42.388289][ T3615] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.394169][ T3615] [ 42.396473][ T3615] Freed by task 3615: [ 42.400432][ T3615] kasan_set_track+0x3d/0x60 [ 42.405001][ T3615] kasan_set_free_info+0x1f/0x40 [ 42.409920][ T3615] ____kasan_slab_free+0xd8/0x120 [ 42.414926][ T3615] slab_free_freelist_hook+0x12e/0x1a0 [ 42.420363][ T3615] kfree+0xda/0x210 [ 42.424153][ T3615] nilfs_evict_inode+0xe5/0x3d0 [ 42.428987][ T3615] evict+0x2a4/0x620 [ 42.432870][ T3615] evict_inodes+0x658/0x700 [ 42.437354][ T3615] generic_shutdown_super+0x94/0x300 [ 42.442617][ T3615] kill_block_super+0x79/0xd0 [ 42.447360][ T3615] deactivate_locked_super+0xa7/0xf0 [ 42.452624][ T3615] cleanup_mnt+0x4ce/0x560 [ 42.457021][ T3615] task_work_run+0x146/0x1c0 [ 42.461593][ T3615] do_exit+0x55e/0x20a0 [ 42.465729][ T3615] do_group_exit+0x23b/0x2f0 [ 42.470301][ T3615] __x64_sys_exit_group+0x3b/0x40 [ 42.475305][ T3615] do_syscall_64+0x3d/0xb0 [ 42.479702][ T3615] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.485574][ T3615] [ 42.487881][ T3615] The buggy address belongs to the object at ffff88814012ae00 [ 42.487881][ T3615] which belongs to the cache kmalloc-256 of size 256 [ 42.501915][ T3615] The buggy address is located 48 bytes inside of [ 42.501915][ T3615] 256-byte region [ffff88814012ae00, ffff88814012af00) [ 42.515082][ T3615] [ 42.517390][ T3615] The buggy address belongs to the physical page: [ 42.523784][ T3615] page:ffffea0005004a80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14012a [ 42.534005][ T3615] head:ffffea0005004a80 order:1 compound_mapcount:0 compound_pincount:0 [ 42.542309][ T3615] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff) [ 42.550358][ T3615] raw: 057ff00000010200 ffffea0005004a00 dead000000000003 ffff888012041b40 [ 42.558921][ T3615] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 42.567481][ T3615] page dumped because: kasan: bad access detected [ 42.573870][ T3615] page_owner tracks the page as allocated [ 42.579564][ T3615] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 6972671988, free_ts 0 [ 42.599251][ T3615] get_page_from_freelist+0x742/0x7c0 [ 42.604612][ T3615] __alloc_pages+0x259/0x560 [ 42.609183][ T3615] alloc_page_interleave+0x22/0x1c0 [ 42.614483][ T3615] alloc_slab_page+0x70/0xf0 [ 42.619080][ T3615] allocate_slab+0x5e/0x520 [ 42.623565][ T3615] ___slab_alloc+0x3ee/0xc40 [ 42.628136][ T3615] kmem_cache_alloc_trace+0x25f/0x310 [ 42.633489][ T3615] bus_add_driver+0xde/0x600 [ 42.638061][ T3615] driver_register+0x2e9/0x3e0 [ 42.642806][ T3615] do_one_initcall+0x1b9/0x3e0 [ 42.647551][ T3615] do_initcall_level+0x168/0x218 [ 42.652478][ T3615] do_initcalls+0x4b/0x8c [ 42.656789][ T3615] kernel_init_freeable+0x3f1/0x57b [ 42.661967][ T3615] kernel_init+0x19/0x2b0 [ 42.666277][ T3615] ret_from_fork+0x1f/0x30 [ 42.670675][ T3615] page_owner free stack trace missing [ 42.676022][ T3615] [ 42.678329][ T3615] Memory state around the buggy address: [ 42.683936][ T3615] ffff88814012ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.691978][ T3615] ffff88814012ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.700016][ T3615] >ffff88814012ae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.708052][ T3615] ^ [ 42.713661][ T3615] ffff88814012ae80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.721698][ T3615] ffff88814012af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.729743][ T3615] ================================================================== [ 42.741089][ T3615] Kernel panic - not syncing: panic_on_warn set ... [ 42.747693][ T3615] CPU: 1 PID: 3615 Comm: syz-executor314 Not tainted 6.0.0-rc7-syzkaller-00180-g70575e77839f #0 [ 42.758082][ T3615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 42.768120][ T3615] Call Trace: [ 42.771384][ T3615] [ 42.774299][ T3615] dump_stack_lvl+0x1b1/0x28e [ 42.778961][ T3615] ? fortify_panic+0x13/0x13 [ 42.783531][ T3615] ? panic+0x715/0x715 [ 42.787581][ T3615] ? preempt_schedule_common+0xb7/0xe0 [ 42.793022][ T3615] ? vscnprintf+0x59/0x80 [ 42.797333][ T3615] panic+0x2d6/0x715 [ 42.801217][ T3615] ? fb_is_primary_device+0xcc/0xcc [ 42.806399][ T3615] ? _raw_spin_unlock_irqrestore+0x110/0x120 [ 42.812362][ T3615] ? print_report+0x1b4/0x1f0 [ 42.817024][ T3615] ? nilfs_test_metadata_dirty+0x39/0x210 [ 42.822727][ T3615] end_report+0x91/0xa0 [ 42.826864][ T3615] kasan_report+0xd0/0xf0 [ 42.831175][ T3615] ? do_raw_spin_lock+0x148/0x360 [ 42.836185][ T3615] ? nilfs_test_metadata_dirty+0x39/0x210 [ 42.841894][ T3615] nilfs_test_metadata_dirty+0x39/0x210 [ 42.847426][ T3615] nilfs_segctor_confirm+0x78/0x2d0 [ 42.852609][ T3615] nilfs_detach_log_writer+0x4c1/0xbd0 [ 42.858050][ T3615] ? __might_sleep+0xc0/0xc0 [ 42.862626][ T3615] ? nilfs_attach_log_writer+0x8f0/0x8f0 [ 42.868239][ T3615] ? hook_sb_delete+0x988/0xab0 [ 42.873072][ T3615] ? wake_bit_function+0x240/0x240 [ 42.878167][ T3615] ? hook_inode_free_security+0xa0/0xa0 [ 42.883696][ T3615] ? clear_inode+0x150/0x150 [ 42.888269][ T3615] ? nilfs_free_inode+0x70/0x70 [ 42.893113][ T3615] nilfs_put_super+0x4b/0x150 [ 42.897792][ T3615] ? nilfs_free_inode+0x70/0x70 [ 42.902638][ T3615] generic_shutdown_super+0x128/0x300 [ 42.908003][ T3615] kill_block_super+0x79/0xd0 [ 42.912672][ T3615] deactivate_locked_super+0xa7/0xf0 [ 42.917948][ T3615] cleanup_mnt+0x4ce/0x560 [ 42.922355][ T3615] ? _raw_spin_unlock_irq+0x1f/0x40 [ 42.927540][ T3615] task_work_run+0x146/0x1c0 [ 42.932118][ T3615] do_exit+0x55e/0x20a0 [ 42.936257][ T3615] ? _raw_spin_unlock_irq+0x1f/0x40 [ 42.941437][ T3615] ? lockdep_hardirqs_on+0x8d/0x130 [ 42.946619][ T3615] ? _raw_spin_unlock_irq+0x2a/0x40 [ 42.951802][ T3615] ? ptrace_notify+0x245/0x340 [ 42.956548][ T3615] ? mm_update_next_owner+0x6d0/0x6d0 [ 42.961906][ T3615] ? do_notify_parent+0xe00/0xe00 [ 42.966944][ T3615] do_group_exit+0x23b/0x2f0 [ 42.971516][ T3615] __x64_sys_exit_group+0x3b/0x40 [ 42.976524][ T3615] do_syscall_64+0x3d/0xb0 [ 42.980925][ T3615] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.986801][ T3615] RIP: 0033:0x7f7c0b111689 [ 42.991195][ T3615] Code: Unable to access opcode bytes at RIP 0x7f7c0b11165f. [ 42.998537][ T3615] RSP: 002b:00007ffc6dfe57a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 43.006929][ T3615] RAX: ffffffffffffffda RBX: 00007f7c0b18c3f0 RCX: 00007f7c0b111689 [ 43.014884][ T3615] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 43.022925][ T3615] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: bb1414ac6dfe5827 [ 43.030879][ T3615] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c0b18c3f0 [ 43.038833][ T3615] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 43.046791][ T3615] [ 43.049959][ T3615] Kernel Offset: disabled [ 43.054287][ T3615] Rebooting in 86400 seconds..