./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1503330899

<...>
Warning: Permanently added '10.128.1.112' (ED25519) to the list of known hosts.
execve("./syz-executor1503330899", ["./syz-executor1503330899"], 0x7ffe2097a4d0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555e17d000
brk(0x55555e17dd00)                     = 0x55555e17dd00
arch_prctl(ARCH_SET_FS, 0x55555e17d380) = 0
set_tid_address(0x55555e17d650)         = 5827
set_robust_list(0x55555e17d660, 24)     = 0
rseq(0x55555e17dca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1503330899", 4096) = 28
getrandom("\x85\xbf\x09\x26\xdc\x47\x4c\x2c", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55555e17dd00
brk(0x55555e19ed00)                     = 0x55555e19ed00
brk(0x55555e19f000)                     = 0x55555e19f000
mprotect(0x7fb22908d000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0executing program
) = 0x21000000
write(1, "executing program\n", 18)     = 18
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb220a00000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
munmap(0x7fb220a00000, 138412032)       = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
close(4)                                = 0
mkdir("./file0", 0777)                  = 0
[   58.738688][ T5827] loop0: detected capacity change from 0 to 2048
mount("/dev/loop0", "./file0", "nilfs2", 0, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = -1 EBUSY (Device or resource busy)
socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE) = 4
getsockopt(4, SOL_SOCKET, SO_PEERCRED, {pid=0, uid=3327, gid=4294967040}, [12]) = 0
setfsuid(3327)                          = 0
mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
chdir("./file0")                        = 0
open("./file0", O_RDONLY)               = 5
[   58.783318][ T5829] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   58.827095][ T5827] ==================================================================
[   58.835189][ T5827] BUG: KASAN: slab-out-of-bounds in ovl_inode_upper+0x36/0x80
[   58.842674][ T5827] Read of size 8 at addr ffff88807df938e0 by task syz-executor150/5827
[   58.850897][ T5827] 
[   58.853229][ T5827] CPU: 0 UID: 0 PID: 5827 Comm: syz-executor150 Not tainted 6.12.0-next-20241125-syzkaller #0
[   58.863456][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   58.873503][ T5827] Call Trace:
[   58.876777][ T5827]  <TASK>
[   58.879700][ T5827]  dump_stack_lvl+0x241/0x360
[   58.884374][ T5827]  ? __pfx_dump_stack_lvl+0x10/0x10
[   58.889563][ T5827]  ? __pfx__printk+0x10/0x10
[   58.894147][ T5827]  ? _printk+0xd5/0x120
[   58.898294][ T5827]  ? __virt_addr_valid+0x183/0x530
[   58.903397][ T5827]  ? __virt_addr_valid+0x183/0x530
[   58.908500][ T5827]  print_report+0x169/0x550
[   58.913001][ T5827]  ? __virt_addr_valid+0x183/0x530
[   58.918101][ T5827]  ? __virt_addr_valid+0x183/0x530
[   58.923201][ T5827]  ? __virt_addr_valid+0x45f/0x530
[   58.928300][ T5827]  ? __phys_addr+0xba/0x170
[   58.932797][ T5827]  ? ovl_inode_upper+0x36/0x80
[   58.937555][ T5827]  kasan_report+0x143/0x180
[   58.942053][ T5827]  ? ovl_inode_upper+0x36/0x80
[   58.946820][ T5827]  ovl_inode_upper+0x36/0x80
[   58.951405][ T5827]  ovl_file_accessed+0x7e/0x370
[   58.956250][ T5827]  ? __pfx_ovl_file_accessed+0x10/0x10
[   58.961703][ T5827]  backing_file_mmap+0x1f8/0x260
[   58.966635][ T5827]  ovl_mmap+0x1c9/0x220
[   58.970784][ T5827]  ? __pfx_ovl_mmap+0x10/0x10
[   58.975454][ T5827]  ? __pfx_ovl_file_accessed+0x10/0x10
[   58.980905][ T5827]  ? __mas_set_range+0x133/0x3c0
[   58.985837][ T5827]  __mmap_region+0x2204/0x2cd0
[   58.990602][ T5827]  ? __pfx___mmap_region+0x10/0x10
[   58.995711][ T5827]  ? __pfx_validate_chain+0x10/0x10
[   59.000901][ T5827]  ? __lock_acquire+0x1397/0x2100
[   59.005928][ T5827]  ? arch_get_unmapped_area_topdown+0x28e/0xc50
[   59.012192][ T5827]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[   59.018771][ T5827]  ? cap_mmap_addr+0x163/0x2c0
[   59.023527][ T5827]  mmap_region+0x1d0/0x2c0
[   59.028022][ T5827]  ? security_mmap_addr+0x6f/0x250
[   59.033126][ T5827]  do_mmap+0x8f0/0x1000
[   59.037278][ T5827]  ? __pfx_do_mmap+0x10/0x10
[   59.041866][ T5827]  ? __pfx_down_write_killable+0x10/0x10
[   59.047501][ T5827]  ? common_file_perm+0x1a6/0x210
[   59.052523][ T5827]  vm_mmap_pgoff+0x214/0x430
[   59.057106][ T5827]  ? lockdep_hardirqs_on+0x99/0x150
[   59.062293][ T5827]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   59.067390][ T5827]  ? __fget_files+0x2a/0x410
[   59.071972][ T5827]  ? __fget_files+0x395/0x410
[   59.076641][ T5827]  ? __fget_files+0x2a/0x410
[   59.081227][ T5827]  ksys_mmap_pgoff+0x4eb/0x720
[   59.085987][ T5827]  ? __x64_sys_mmap+0x7f/0x140
[   59.090773][ T5827]  do_syscall_64+0xf3/0x230
[   59.095269][ T5827]  ? clear_bhb_loop+0x35/0x90
[   59.099938][ T5827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.105841][ T5827] RIP: 0033:0x7fb229019739
[   59.110253][ T5827] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   59.129871][ T5827] RSP: 002b:00007fffdd8656a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   59.138291][ T5827] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fb229019739
[   59.146267][ T5827] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffc000
[   59.154245][ T5827] RBP: 00007fb22908d610 R08: 0000000000000005 R09: 0000000000000000
[   59.162212][ T5827] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001
[   59.170176][ T5827] R13: 00007fffdd865878 R14: 0000000000000001 R15: 0000000000000001
[   59.178145][ T5827]  </TASK>
[   59.181155][ T5827] 
[   59.183467][ T5827] Allocated by task 5827:
[   59.187786][ T5827]  kasan_save_track+0x3f/0x80
[   59.192469][ T5827]  __kasan_slab_alloc+0x66/0x80
[   59.197314][ T5827]  kmem_cache_alloc_lru_noprof+0x1dd/0x390
[   59.203122][ T5827]  nilfs_alloc_inode+0x2e/0x110
[   59.207969][ T5827]  alloc_inode+0x65/0x1a0
[   59.212299][ T5827]  iget5_locked+0x4a/0xa0
[   59.216628][ T5827]  nilfs_iget+0x130/0x810
[   59.220943][ T5827]  nilfs_lookup+0x198/0x210
[   59.225436][ T5827]  __lookup_slow+0x28c/0x3f0
[   59.230015][ T5827]  lookup_one_unlocked+0x1a4/0x290
[   59.235114][ T5827]  ovl_lookup_single+0x200/0xbd0
[   59.240043][ T5827]  ovl_lookup_layer+0x417/0x510
[   59.244884][ T5827]  ovl_lookup+0xcf7/0x2a60
[   59.249290][ T5827]  path_openat+0x11a7/0x3590
[   59.253867][ T5827]  do_filp_open+0x27f/0x4e0
[   59.258357][ T5827]  do_sys_openat2+0x13e/0x1d0
[   59.263025][ T5827]  __x64_sys_open+0x225/0x270
[   59.267695][ T5827]  do_syscall_64+0xf3/0x230
[   59.272189][ T5827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.278076][ T5827] 
[   59.280388][ T5827] The buggy address belongs to the object at ffff88807df93300
[   59.280388][ T5827]  which belongs to the cache nilfs2_inode_cache of size 1504
[   59.295126][ T5827] The buggy address is located 0 bytes to the right of
[   59.295126][ T5827]  allocated 1504-byte region [ffff88807df93300, ffff88807df938e0)
[   59.309689][ T5827] 
[   59.311999][ T5827] The buggy address belongs to the physical page:
[   59.318404][ T5827] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7df90
[   59.327150][ T5827] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   59.335632][ T5827] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   59.343173][ T5827] page_type: f5(slab)
[   59.347141][ T5827] raw: 00fff00000000040 ffff88801f711140 dead000000000122 0000000000000000
[   59.355713][ T5827] raw: 0000000000000000 0000000080140014 00000001f5000000 0000000000000000
[   59.364284][ T5827] head: 00fff00000000040 ffff88801f711140 dead000000000122 0000000000000000
[   59.372937][ T5827] head: 0000000000000000 0000000080140014 00000001f5000000 0000000000000000
[   59.381614][ T5827] head: 00fff00000000003 ffffea0001f7e401 ffffffffffffffff 0000000000000000
[   59.390273][ T5827] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   59.398924][ T5827] page dumped because: kasan: bad access detected
[   59.405331][ T5827] page_owner tracks the page as allocated
[   59.411028][ T5827] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 5827, tgid 5827 (syz-executor150), ts 58768101635, free_ts 15530782696
[   59.433585][ T5827]  post_alloc_hook+0x1f3/0x230
[   59.438345][ T5827]  get_page_from_freelist+0x3725/0x3870
[   59.443879][ T5827]  __alloc_pages_noprof+0x292/0x710
[   59.449069][ T5827]  alloc_pages_mpol_noprof+0x3e8/0x680
[   59.454535][ T5827]  alloc_slab_page+0x6a/0x140
[   59.459208][ T5827]  allocate_slab+0x5a/0x2f0
[   59.463706][ T5827]  ___slab_alloc+0xcd1/0x14b0
[   59.468381][ T5827]  __slab_alloc+0x58/0xa0
[   59.472710][ T5827]  kmem_cache_alloc_lru_noprof+0x26c/0x390
[   59.478510][ T5827]  nilfs_alloc_inode+0x2e/0x110
[   59.483354][ T5827]  alloc_inode+0x65/0x1a0
[   59.487675][ T5827]  iget5_locked+0x4a/0xa0
[   59.491998][ T5827]  nilfs_iget_locked+0x113/0x160
[   59.496920][ T5827]  nilfs_dat_read+0xc3/0x320
[   59.501502][ T5827]  load_nilfs+0x579/0x1090
[   59.505913][ T5827]  nilfs_fill_super+0x31e/0x720
[   59.510755][ T5827] page last free pid 1 tgid 1 stack trace:
[   59.516542][ T5827]  free_unref_page+0xdf9/0x1140
[   59.521379][ T5827]  free_contig_range+0x152/0x550
[   59.526304][ T5827]  destroy_args+0x92/0x910
[   59.530710][ T5827]  debug_vm_pgtable+0x4be/0x550
[   59.535550][ T5827]  do_one_initcall+0x248/0x880
[   59.540311][ T5827]  do_initcall_level+0x157/0x210
[   59.545238][ T5827]  do_initcalls+0x3f/0x80
[   59.549556][ T5827]  kernel_init_freeable+0x435/0x5d0
[   59.554740][ T5827]  kernel_init+0x1d/0x2b0
[   59.559059][ T5827]  ret_from_fork+0x4b/0x80
[   59.563460][ T5827]  ret_from_fork_asm+0x1a/0x30
[   59.568213][ T5827] 
[   59.570523][ T5827] Memory state around the buggy address:
[   59.576135][ T5827]  ffff88807df93780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.584268][ T5827]  ffff88807df93800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.592314][ T5827] >ffff88807df93880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   59.600355][ T5827]                                                        ^
[   59.607531][ T5827]  ffff88807df93900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   59.615600][ T5827]  ffff88807df93980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   59.623643][ T5827] ==================================================================
[   59.633017][ T5827] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   59.640227][ T5827] CPU: 0 UID: 0 PID: 5827 Comm: syz-executor150 Not tainted 6.12.0-next-20241125-syzkaller #0
[   59.650465][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   59.660506][ T5827] Call Trace:
[   59.663778][ T5827]  <TASK>
[   59.666702][ T5827]  dump_stack_lvl+0x241/0x360
[   59.671376][ T5827]  ? __pfx_dump_stack_lvl+0x10/0x10
[   59.676565][ T5827]  ? __pfx__printk+0x10/0x10
[   59.681148][ T5827]  ? preempt_schedule+0xe1/0xf0
[   59.685987][ T5827]  ? vscnprintf+0x5d/0x90
[   59.690311][ T5827]  panic+0x349/0x880
[   59.694202][ T5827]  ? check_panic_on_warn+0x21/0xb0
[   59.699305][ T5827]  ? __pfx_panic+0x10/0x10
[   59.703711][ T5827]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   59.709688][ T5827]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   59.716001][ T5827]  ? print_report+0x502/0x550
[   59.720672][ T5827]  check_panic_on_warn+0x86/0xb0
[   59.725598][ T5827]  ? ovl_inode_upper+0x36/0x80
[   59.730354][ T5827]  end_report+0x77/0x160
[   59.734587][ T5827]  kasan_report+0x154/0x180
[   59.739083][ T5827]  ? ovl_inode_upper+0x36/0x80
[   59.743849][ T5827]  ovl_inode_upper+0x36/0x80
[   59.748434][ T5827]  ovl_file_accessed+0x7e/0x370
[   59.753278][ T5827]  ? __pfx_ovl_file_accessed+0x10/0x10
[   59.758726][ T5827]  backing_file_mmap+0x1f8/0x260
[   59.763658][ T5827]  ovl_mmap+0x1c9/0x220
[   59.767805][ T5827]  ? __pfx_ovl_mmap+0x10/0x10
[   59.772471][ T5827]  ? __pfx_ovl_file_accessed+0x10/0x10
[   59.777920][ T5827]  ? __mas_set_range+0x133/0x3c0
[   59.782852][ T5827]  __mmap_region+0x2204/0x2cd0
[   59.787622][ T5827]  ? __pfx___mmap_region+0x10/0x10
[   59.792725][ T5827]  ? __pfx_validate_chain+0x10/0x10
[   59.797929][ T5827]  ? __lock_acquire+0x1397/0x2100
[   59.802956][ T5827]  ? arch_get_unmapped_area_topdown+0x28e/0xc50
[   59.809188][ T5827]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[   59.815767][ T5827]  ? cap_mmap_addr+0x163/0x2c0
[   59.820522][ T5827]  mmap_region+0x1d0/0x2c0
[   59.824929][ T5827]  ? security_mmap_addr+0x6f/0x250
[   59.830031][ T5827]  do_mmap+0x8f0/0x1000
[   59.834185][ T5827]  ? __pfx_do_mmap+0x10/0x10
[   59.838764][ T5827]  ? __pfx_down_write_killable+0x10/0x10
[   59.844391][ T5827]  ? common_file_perm+0x1a6/0x210
[   59.849418][ T5827]  vm_mmap_pgoff+0x214/0x430
[   59.854000][ T5827]  ? lockdep_hardirqs_on+0x99/0x150
[   59.859190][ T5827]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   59.864291][ T5827]  ? __fget_files+0x2a/0x410
[   59.868876][ T5827]  ? __fget_files+0x395/0x410
[   59.873545][ T5827]  ? __fget_files+0x2a/0x410
[   59.878127][ T5827]  ksys_mmap_pgoff+0x4eb/0x720
[   59.882885][ T5827]  ? __x64_sys_mmap+0x7f/0x140
[   59.887638][ T5827]  do_syscall_64+0xf3/0x230
[   59.892139][ T5827]  ? clear_bhb_loop+0x35/0x90
[   59.896809][ T5827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.902692][ T5827] RIP: 0033:0x7fb229019739
[   59.907095][ T5827] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   59.926686][ T5827] RSP: 002b:00007fffdd8656a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   59.935091][ T5827] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fb229019739
[   59.943052][ T5827] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020ffc000
[   59.951009][ T5827] RBP: 00007fb22908d610 R08: 0000000000000005 R09: 0000000000000000
[   59.958968][ T5827] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001
[   59.966924][ T5827] R13: 00007fffdd865878 R14: 0000000000000001 R15: 0000000000000001
[   59.974896][ T5827]  </TASK>
[   59.978148][ T5827] Kernel Offset: disabled
[   59.982459][ T5827] Rebooting in 86400 seconds..