./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor60866242

<...>
Warning: Permanently added '10.128.0.219' (ED25519) to the list of known hosts.
execve("./syz-executor60866242", ["./syz-executor60866242"], 0x7fff0e008360 /* 10 vars */) = 0
brk(NULL)                               = 0x555564ab0000
brk(0x555564ab0d00)                     = 0x555564ab0d00
arch_prctl(ARCH_SET_FS, 0x555564ab0380) = 0
set_tid_address(0x555564ab0650)         = 5067
set_robust_list(0x555564ab0660, 24)     = 0
rseq(0x555564ab0ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor60866242", 4096) = 26
getrandom("\xb5\x49\x39\x0d\x15\xae\x1e\x60", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555564ab0d00
brk(0x555564ad1d00)                     = 0x555564ad1d00
brk(0x555564ad2000)                     = 0x555564ad2000
mprotect(0x7fc70c41c000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached
, child_tidptr=0x555564ab0650) = 5068
[pid  5068] set_robust_list(0x555564ab0660, 24) = 0
[pid  5068] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5068] setsid()                    = 1
[pid  5068] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5068] unshare(CLONE_NEWNS)        = 0
[pid  5068] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5068] unshare(CLONE_NEWIPC)       = 0
[pid  5068] unshare(CLONE_NEWCGROUP)    = 0
[pid  5068] unshare(CLONE_NEWUTS)       = 0
[pid  5068] unshare(CLONE_SYSVSEM)      = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "16777216", 8)     = 8
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "536870912", 9)    = 9
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "8192", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5068] close(3)                    = 0
[pid  5068] getpid()                    = 1
[pid  5068] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5068] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5068] unshare(CLONE_NEWNET)       = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "0 65535", 7)      = 7
[pid  5068] close(3)                    = 0
[pid  5068] mkdir("/dev/binderfs", 0777) = 0
[pid  5068] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5068] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5068] memfd_create("syzkaller", 0) = 3
[pid  5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc703e00000
[pid  5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5068] munmap(0x7fc703e00000, 138412032) = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5068] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5068] close(3)                    = 0
[pid  5068] close(4)                    = 0
[pid  5068] mkdir("./file0", 0777)      = 0
[   74.156891][ T5068] loop0: detected capacity change from 0 to 32768
[   74.181703][ T5068] =======================================================
[   74.181703][ T5068] WARNING: The mand mount option has been deprecated and
[   74.181703][ T5068]          and is ignored by this kernel. Remove the mand
[pid  5068] mount("/dev/loop0", "./file0", "jfs", MS_RDONLY|MS_MANDLOCK|MS_NODIRATIME, "") = 0
[pid  5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5068] chdir("./file0")            = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[   74.181703][ T5068]          option from the mount to silence this warning.
[   74.181703][ T5068] =======================================================
[pid  5068] openat(AT_FDCWD, ".", O_RDONLY) = 4
[pid  5068] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0}) = 0
[pid  5068] exit_group(1)               = ?
[   74.294916][ T5068] ERROR: (device loop0): dbDiscardAG: -EIO
[   74.294916][ T5068] 
[   74.303282][ T5068] syz-executor608: attempt to access beyond end of device
[   74.303282][ T5068] loop0: rw=2051, sector=18014398509490176, nr_sectors = 8192 limit=32768
[   74.318956][ T5068] JFS: sb_issue_discard(ffff88807a2c6000, 2251799813686272, 1024, GFP_NOFS, 0) = -5 => failed!
[   74.329489][ T5068] blkno = 8000000000400, nblocks = 400
[   74.334970][ T5068] ERROR: (device loop0): dbFree: block to be freed is outside the map
[   74.334970][ T5068] 
[   74.354782][ T5068] BUG: Bad page state in process syz-executor608  pfn:22777
[   74.362429][ T5068] page:ffffea000089ddc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x22777
[   74.372760][ T5068] flags: 0xfff0000000800c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[   74.382368][ T5068] page_type: 0xffffffff()
[   74.386831][ T5068] raw: 00fff0000000800c ffffea0000a549c8 ffffc9000397f740 0000000000000000
[   74.395959][ T5068] raw: 0000000000000004 ffff8880221795d0 00000000ffffffff 0000000000000000
[   74.404651][ T5068] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   74.413210][ T5068] page_owner tracks the page as allocated
[   74.419562][ T5068] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5068, tgid 5068 (syz-executor608), ts 74292921704, free_ts 66346195086
[   74.436925][ T5068]  post_alloc_hook+0x1ea/0x210
[   74.442006][ T5068]  get_page_from_freelist+0x33ea/0x3580
[   74.447568][ T5068]  __alloc_pages+0x256/0x680
[   74.452516][ T5068]  alloc_pages_mpol+0x3de/0x650
[   74.457380][ T5068]  folio_alloc+0x12b/0x330
[   74.462260][ T5068]  filemap_alloc_folio+0xdf/0x500
[   74.467383][ T5068]  do_read_cache_folio+0xed/0x820
[   74.472763][ T5068]  do_read_cache_page+0x30/0x200
[   74.477712][ T5068]  __get_metapage+0x330/0x1050
[   74.482862][ T5068]  dbAllocCtl+0xd5/0x920
[   74.487120][ T5068]  dbAllocAG+0x28f/0x10b0
[   74.491819][ T5068]  dbDiscardAG+0x352/0xa10
[   74.496244][ T5068]  jfs_ioc_trim+0x433/0x670
[   74.501103][ T5068]  jfs_ioctl+0x2d0/0x3e0
[   74.505359][ T5068]  __se_sys_ioctl+0xfc/0x170
[   74.510289][ T5068]  do_syscall_64+0xfb/0x240
[   74.514815][ T5068] page last free pid 5058 tgid 5058 stack trace:
[   74.521379][ T5068]  free_unref_page_prepare+0x95d/0xa80
[   74.526896][ T5068]  free_unref_page+0x37/0x3f0
[   74.531813][ T5068]  pipe_read+0x6f2/0x13e0
[   74.536180][ T5068]  vfs_read+0x97b/0xb70
[   74.540446][ T5068]  ksys_read+0x1a0/0x2c0
[   74.544713][ T5068]  do_syscall_64+0xfb/0x240
[   74.549319][ T5068]  entry_SYSCALL_64_after_hwframe+0x6d/0x75
[   74.555800][ T5068] Modules linked in:
[   74.560174][ T5068] CPU: 1 PID: 5068 Comm: syz-executor608 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
[   74.570262][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[   74.580354][ T5068] Call Trace:
[   74.583644][ T5068]  <TASK>
[   74.586746][ T5068]  dump_stack_lvl+0x241/0x360
[   74.591468][ T5068]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.596675][ T5068]  ? __pfx_print_modules+0x10/0x10
[   74.601811][ T5068]  bad_page+0x14c/0x170
[   74.605993][ T5068]  free_unref_page_prepare+0xa28/0xa80
[   74.611465][ T5068]  free_unref_page_list+0x5a3/0x850
[   74.616686][ T5068]  ? __mod_zone_page_state+0xda/0x150
[   74.622070][ T5068]  release_pages+0x2117/0x2400
[   74.626856][ T5068]  ? __pfx_release_pages+0x10/0x10
[   74.631973][ T5068]  ? __pfx_delete_from_page_cache_batch+0x10/0x10
[   74.638404][ T5068]  ? mlock_drain_local+0x79/0x490
[   74.643447][ T5068]  ? mlock_drain_local+0x79/0x490
[   74.648469][ T5068]  ? mlock_drain_local+0x28d/0x490
[   74.653599][ T5068]  __folio_batch_release+0x84/0x100
[   74.658805][ T5068]  truncate_inode_pages_range+0x457/0xf70
[   74.664543][ T5068]  ? mark_lock+0x9a/0x350
[   74.668885][ T5068]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[   74.675176][ T5068]  ? __pfx_call_rcu+0x10/0x10
[   74.679868][ T5068]  dbUnmount+0x115/0x190
[   74.684125][ T5068]  jfs_umount+0x238/0x3a0
[   74.688483][ T5068]  jfs_put_super+0x8a/0x190
[   74.692993][ T5068]  ? __pfx_jfs_put_super+0x10/0x10
[   74.698204][ T5068]  generic_shutdown_super+0x136/0x2d0
[   74.703611][ T5068]  kill_block_super+0x44/0x90
[   74.708302][ T5068]  deactivate_locked_super+0xc4/0x130
[   74.713692][ T5068]  cleanup_mnt+0x426/0x4c0
[   74.718124][ T5068]  ? _raw_spin_unlock_irq+0x23/0x50
[   74.723347][ T5068]  task_work_run+0x24f/0x310
[   74.727958][ T5068]  ? __pfx_task_work_run+0x10/0x10
[   74.733093][ T5068]  ? do_exit+0xa16/0x27e0
[   74.737466][ T5068]  ? kmem_cache_free+0x102/0x2b0
[   74.742423][ T5068]  do_exit+0xa1b/0x27e0
[   74.746604][ T5068]  ? __pfx_do_exit+0x10/0x10
[   74.751215][ T5068]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   74.757207][ T5068]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   74.763547][ T5068]  ? _raw_spin_unlock_irq+0x23/0x50
[   74.768770][ T5068]  ? lockdep_hardirqs_on+0x99/0x150
[   74.774007][ T5068]  do_group_exit+0x207/0x2c0
[   74.778617][ T5068]  __x64_sys_exit_group+0x3f/0x40
[   74.783653][ T5068]  do_syscall_64+0xfb/0x240
[   74.788170][ T5068]  entry_SYSCALL_64_after_hwframe+0x6d/0x75
[   74.794075][ T5068] RIP: 0033:0x7fc70c3a1789
[   74.798510][ T5068] Code: Unable to access opcode bytes at 0x7fc70c3a175f.
[   74.805540][ T5068] RSP: 002b:00007ffe8f7b16b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   74.813982][ T5068] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fc70c3a1789
[   74.821964][ T5068] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   74.829941][ T5068] RBP: 00007fc70c4222d0 R08: ffffffffffffffb8 R09: 00007ffe8f7b1790
[   74.838023][ T5068] R10: 0000000000005e8b R11: 0000000000000246 R12: 00007fc70c4222d0
[   74.846102][ T5068] R13: 0000000000000000 R14: 00007fc70c423040 R15: 00007fc70c36fce0
[   74.854181][ T5068]  </TASK>
[pid  5068] +++ exited with 1 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=1, si_utime=1 /* 0.01 s */, si_stime=56 /* 0.56 s */} ---
exit_group(0)                           = ?
+++ exited with 0 +++
[