./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2600010411
<...>
Warning: Permanently added '10.128.0.227' (ECDSA) to the list of known hosts.
execve("./syz-executor2600010411", ["./syz-executor2600010411"], 0x7ffdaab57c50 /* 10 vars */) = 0
brk(NULL) = 0x555556785000
brk(0x555556785c40) = 0x555556785c40
arch_prctl(ARCH_SET_FS, 0x555556785300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2600010411", 4096) = 28
brk(0x5555567a6c40) = 0x5555567a6c40
brk(0x5555567a7000) = 0x5555567a7000
mprotect(0x7f623beda000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
ftruncate(3, 65538) = 0
pwrite64(3, "syzk", 4, 0) = 4
pwrite64(3, "syzkall", 7, 4) = 7
pwrite64(3, "/tmp/syz-ima", 12, 11) = 12
pwrite64(3, "\x00\x04\x40\x00\x01\x00\x01\x00\x24\x00\x00\xfc\x00\x1c\x08\x10\x7f\x13\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32, 1024) = 32
pwrite64(3, "\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32, 2048) = 32
pwrite64(3, "\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 2144, 2176) = 2144
pwrite64(3, "\x01\x00\x2e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x2e\x2e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x66\x69\x6c\x65\x33\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x66\x69"..., 128, 36864) = 128
pwrite64(3, "\x02\x00\x2e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x2e\x2e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00", 64, 37889) = 64
pwrite64(3, "\x73\x79\x7a\x6b\x61\x6c\x6c\x65\x72\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32, 41981) = 32
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
mkdir("./file1", 0777) = 0
mount("/dev/loop0", "./file1", "minix", MS_NOSUID|MS_SILENT|MS_I_VERSION, "\x8f\x46\x64\xd7\x83\xd3\x20\xa4\x1d\x85\xef\x2d\x70\x32\x64\x47\x1d\x84\xd3\xfc\x2a\xd1\x44\xa6\x2d\x17\x25\xe9\x6e\x05\xd1\xac\x0f\x85\x7c\x6d\xca\x78\x74\xe0\xcd\x88\x96\x86\x15\x4c\x42\xbb\x35\xf9\x26\xbd\xe0\xfc\xda\x56\x9b\x8f\x5f\x82\x8e\x69\x40\xb1\xb1\x5d\xb0\x5b\x5b\xb2\x77\x71\xae\xa1\x54\x98\xe4\xc2\xc7\x20\x0a\xec\x2f\x5d\xfb\x99\x26\xf8\x1f\xa9\xea\x82\x68\x04\xa3\x78\x06\x9c\xe0\x86"...) = 0
openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5
chdir("./file1") = 0
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
close(3) = 0
mkdir("./bus", 000) = 0
syzkaller login: [ 50.416398][ T3616] loop0: detected capacity change from 0 to 128
[ 50.442971][ T3616] ================================================================================
[ 50.452577][ T3616] UBSAN: shift-out-of-bounds in fs/minix/inode.c:380:57
[ 50.460083][ T3616] shift exponent 64512 is too large for 64-bit type 'unsigned long'
[ 50.468293][ T3616] CPU: 0 PID: 3616 Comm: syz-executor260 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0
[ 50.478391][ T3616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 50.488476][ T3616] Call Trace:
[ 50.491797][ T3616]
[ 50.494732][ T3616] dump_stack_lvl+0x1b1/0x28e
[ 50.499493][ T3616] ? fortify_panic+0x13/0x13
[ 50.504091][ T3616] ? vsnprintf+0x1af/0x1ce0
[ 50.508644][ T3616] ? panic+0x715/0x715
[ 50.512871][ T3616] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 50.519020][ T3616] ? print_irqtrace_events+0x220/0x220
[ 50.524501][ T3616] __ubsan_handle_shift_out_of_bounds+0x33d/0x3b0
[ 50.530970][ T3616] ? slab_free_freelist_hook+0x12e/0x1a0
[ 50.536826][ T3616] minix_statfs+0x363/0x370
[ 50.541445][ T3616] vfs_statfs+0x136/0x310
[ 50.545782][ T3616] ? ovl_mount_dir+0x1ee/0x2b0
[ 50.550666][ T3616] ovl_get_upper+0x13a/0x5d0
[ 50.555294][ T3616] ? ovl_fill_super+0x2790/0x2790
[ 50.560431][ T3616] ? rcu_read_lock_sched_held+0x87/0x110
[ 50.566344][ T3616] ? ovl_fill_super+0x1299/0x2790
[ 50.571384][ T3616] ? __kmalloc+0x226/0x370
[ 50.575812][ T3616] ? ovl_fill_super+0x1299/0x2790
[ 50.580845][ T3616] ? memcpy+0x3c/0x60
[ 50.585457][ T3616] ovl_fill_super+0x1522/0x2790
[ 50.590423][ T3616] ? ovl_mount+0x30/0x30
[ 50.594683][ T3616] ? sget+0x523/0x560
[ 50.598683][ T3616] ? free_anon_bdev+0x20/0x20
[ 50.603400][ T3616] ? ovl_mount+0x30/0x30
[ 50.607649][ T3616] mount_nodev+0x52/0xe0
[ 50.611987][ T3616] legacy_get_tree+0xea/0x180
[ 50.616669][ T3616] ? virtio_fs_zero_page_range+0x150/0x150
[ 50.622488][ T3616] vfs_get_tree+0x88/0x270
[ 50.626960][ T3616] do_new_mount+0x289/0xad0
[ 50.631541][ T3616] ? do_move_mount_old+0x150/0x150
[ 50.636670][ T3616] ? user_path_at_empty+0x149/0x1a0
[ 50.641902][ T3616] __se_sys_mount+0x2d3/0x3c0
[ 50.646602][ T3616] ? __x64_sys_mount+0xc0/0xc0
[ 50.651628][ T3616] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 50.657626][ T3616] ? __x64_sys_mount+0x1c/0xc0
[ 50.662404][ T3616] do_syscall_64+0x3d/0xb0
[ 50.666829][ T3616] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.672729][ T3616] RIP: 0033:0x7f623be6d0f9
[ 50.677145][ T3616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 50.697016][ T3616] RSP: 002b:00007ffdd8977d98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 50.705474][ T3616] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f623be6d0f9
[ 50.713882][ T3616] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000000000000
[ 50.722130][ T3616] RBP: 00007f623be2c8c0 R08: 0000000020000400 R09: 0000000000000000
[ 50.730103][ T3616] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f623be2c950
[ 50.738336][ T3616] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 50.746848][ T3616]
[ 50.751633][ T3616] ================================================================================
[ 50.761487][ T3616] Kernel panic - not syncing: panic_on_warn set ...
[ 50.768162][ T3616] CPU: 0 PID: 3616 Comm: syz-executor260 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0
[ 50.778231][ T3616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 50.788463][ T3616] Call Trace:
[ 50.791734][ T3616]
[ 50.794655][ T3616] dump_stack_lvl+0x1b1/0x28e
[ 50.799329][ T3616] ? fortify_panic+0x13/0x13
[ 50.803909][ T3616] ? panic+0x715/0x715
[ 50.808016][ T3616] ? __irq_work_queue_local+0x121/0x180
[ 50.813569][ T3616] ? vscnprintf+0x59/0x80
[ 50.818092][ T3616] panic+0x2d6/0x715
[ 50.822030][ T3616] ? __ubsan_handle_shift_out_of_bounds+0x360/0x3b0
[ 50.828708][ T3616] ? fb_is_primary_device+0xcc/0xcc
[ 50.834013][ T3616] ? panic+0x715/0x715
[ 50.838079][ T3616] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 50.844088][ T3616] ? print_irqtrace_events+0x220/0x220
[ 50.849808][ T3616] __ubsan_handle_shift_out_of_bounds+0x3af/0x3b0
[ 50.857010][ T3616] ? slab_free_freelist_hook+0x12e/0x1a0
[ 50.862648][ T3616] minix_statfs+0x363/0x370
[ 50.867168][ T3616] vfs_statfs+0x136/0x310
[ 50.871504][ T3616] ? ovl_mount_dir+0x1ee/0x2b0
[ 50.876276][ T3616] ovl_get_upper+0x13a/0x5d0
[ 50.882008][ T3616] ? ovl_fill_super+0x2790/0x2790
[ 50.887037][ T3616] ? rcu_read_lock_sched_held+0x87/0x110
[ 50.892707][ T3616] ? ovl_fill_super+0x1299/0x2790
[ 50.897736][ T3616] ? __kmalloc+0x226/0x370
[ 50.902153][ T3616] ? ovl_fill_super+0x1299/0x2790
[ 50.907194][ T3616] ? memcpy+0x3c/0x60
[ 50.911188][ T3616] ovl_fill_super+0x1522/0x2790
[ 50.916329][ T3616] ? ovl_mount+0x30/0x30
[ 50.920760][ T3616] ? sget+0x523/0x560
[ 50.924917][ T3616] ? free_anon_bdev+0x20/0x20
[ 50.929596][ T3616] ? ovl_mount+0x30/0x30
[ 50.933837][ T3616] mount_nodev+0x52/0xe0
[ 50.938112][ T3616] legacy_get_tree+0xea/0x180
[ 50.942885][ T3616] ? virtio_fs_zero_page_range+0x150/0x150
[ 50.948702][ T3616] vfs_get_tree+0x88/0x270
[ 50.953127][ T3616] do_new_mount+0x289/0xad0
[ 50.957721][ T3616] ? do_move_mount_old+0x150/0x150
[ 50.962921][ T3616] ? user_path_at_empty+0x149/0x1a0
[ 50.968125][ T3616] __se_sys_mount+0x2d3/0x3c0
[ 50.972898][ T3616] ? __x64_sys_mount+0xc0/0xc0
[ 50.977669][ T3616] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 50.983844][ T3616] ? __x64_sys_mount+0x1c/0xc0
[ 50.988646][ T3616] do_syscall_64+0x3d/0xb0
[ 50.993476][ T3616] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.000771][ T3616] RIP: 0033:0x7f623be6d0f9
[ 51.005293][ T3616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 51.024904][ T3616] RSP: 002b:00007ffdd8977d98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 51.033701][ T3616] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f623be6d0f9
[ 51.042291][ T3616] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000000000000
[ 51.051802][ T3616] RBP: 00007f623be2c8c0 R08: 0000000020000400 R09: 0000000000000000
[ 51.059907][ T3616] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f623be2c950
[ 51.068270][ T3616] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 51.076544][ T3616]
[ 51.080048][ T3616] Kernel Offset: disabled
[ 51.084569][ T3616] Rebooting in 86400 seconds..