./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1985588731
<...>
DUID 00:04:92:3d:a4:bf:d8:99:95:1d:d2:9f:0e:34:7d:20:a7:e6
forked to background, child pid 4689
[ 30.457384][ T4690] 8021q: adding VLAN 0 to HW filter on device bond0
[ 30.468001][ T4690] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts.
execve("./syz-executor1985588731", ["./syz-executor1985588731"], 0x7fff14324510 /* 10 vars */) = 0
brk(NULL) = 0x555556826000
brk(0x555556826c40) = 0x555556826c40
arch_prctl(ARCH_SET_FS, 0x555556826300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1985588731", 4096) = 28
brk(0x555556847c40) = 0x555556847c40
brk(0x555556848000) = 0x555556848000
mprotect(0x7f9effdcc000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9ef7907000
syzkaller login: [ 54.748376][ T5021] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5021 'syz-executor198'
write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x0b\x40"..., 33554432) = 33554432
munmap(0x7f9ef7907000, 33554432) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
[ 55.040429][ T5021] loop0: detected capacity change from 0 to 65536
[ 55.054582][ T5021] XFS (loop0): Deprecated V4 format (crc=0) will not be supported after September 2030.
[ 55.065364][ T5021] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
mount("/dev/loop0", "./file0", "xfs", 0, ",nouuid") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0") = 0
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
[ 55.092654][ T5021] XFS (loop0): Ending clean mount
[ 55.097940][ T5021] xfs filesystem being mounted at /root/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 55.122691][ T5021] ================================================================================
[ 55.132249][ T5021] UBSAN: array-index-out-of-bounds in fs/xfs/libxfs/xfs_attr_leaf.c:1560:3
[ 55.140860][ T5021] index 14 is out of range for type '__u8 [1]'
[ 55.147153][ T5021] CPU: 1 PID: 5021 Comm: syz-executor198 Not tainted 6.4.0-rc6-next-20230613-syzkaller #0
[ 55.157059][ T5021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 55.167106][ T5021] Call Trace:
[ 55.170374][ T5021]
[ 55.173307][ T5021] dump_stack_lvl+0x136/0x150
[ 55.177996][ T5021] __ubsan_handle_out_of_bounds+0xd5/0x140
[ 55.183795][ T5021] xfs_attr3_leaf_add_work+0x1528/0x1730
[ 55.189429][ T5021] xfs_attr3_leaf_add+0x750/0x880
[ 55.194450][ T5021] ? xfs_attr3_leaf_to_node+0xb40/0xb40
[ 55.199983][ T5021] ? xlog_grant_push_ail+0x2a/0xd0
[ 55.205089][ T5021] ? xfs_trans_roll+0x1d0/0x3d0
[ 55.209930][ T5021] ? __xfs_trans_commit+0x4d5/0xe20
[ 55.215121][ T5021] ? xfs_trans_buf_set_type+0x1f/0xa0
[ 55.220484][ T5021] xfs_attr_leaf_try_add+0x1b7/0x660
[ 55.225763][ T5021] ? xfs_attr_try_sf_addname+0x240/0x240
[ 55.231390][ T5021] ? rcu_is_watching+0x12/0xb0
[ 55.236141][ T5021] ? xfs_trans_add_item+0x283/0x310
[ 55.241339][ T5021] xfs_attr_set_iter+0x16c4/0x2f90
[ 55.246447][ T5021] ? xfs_init_attr_trans+0x3d0/0x3d0
[ 55.251724][ T5021] ? xfs_defer_trans_roll+0xdc/0x580
[ 55.256996][ T5021] ? xfs_defer_restore_resources+0x3b0/0x3b0
[ 55.262970][ T5021] xfs_xattri_finish_update+0x3c/0x140
[ 55.268421][ T5021] xfs_attr_finish_item+0x6d/0x280
[ 55.273523][ T5021] ? xfs_attri_item_relog+0x460/0x460
[ 55.278884][ T5021] xfs_defer_finish_noroll+0x93b/0x1f20
[ 55.284427][ T5021] ? xfs_defer_cancel_list+0x840/0x840
[ 55.289872][ T5021] ? ktime_get_coarse_real_ts64+0x1bb/0x200
[ 55.295763][ T5021] ? xfs_inode_item_push+0x350/0x350
[ 55.301057][ T5021] ? xfs_trans_run_precommits+0x18a/0x210
[ 55.306798][ T5021] __xfs_trans_commit+0x566/0xe20
[ 55.311822][ T5021] ? xfs_trans_free_items+0x340/0x340
[ 55.317195][ T5021] xfs_attr_set+0x12e5/0x2220
[ 55.321874][ T5021] ? xfs_attr_set_iter+0x2f90/0x2f90
[ 55.327250][ T5021] xfs_xattr_set+0xf2/0x1c0
[ 55.331753][ T5021] ? xfs_trans_alloc_dir+0x480/0x480
[ 55.337041][ T5021] ? evm_protected_xattr_common+0x185/0x1f0
[ 55.342929][ T5021] ? xattr_resolve_name+0x26e/0x3d0
[ 55.348123][ T5021] ? xfs_trans_alloc_dir+0x480/0x480
[ 55.353402][ T5021] __vfs_setxattr+0x173/0x1e0
[ 55.358067][ T5021] ? __vfs_removexattr+0x1c0/0x1c0
[ 55.363176][ T5021] ? security_inode_permission+0xc9/0xf0
[ 55.368814][ T5021] __vfs_setxattr_noperm+0x129/0x5f0
[ 55.374095][ T5021] __vfs_setxattr_locked+0x1d3/0x260
[ 55.379375][ T5021] vfs_setxattr+0x143/0x340
[ 55.383875][ T5021] ? __vfs_setxattr_locked+0x260/0x260
[ 55.389332][ T5021] do_setxattr+0x147/0x190
[ 55.393741][ T5021] setxattr+0x146/0x160
[ 55.397884][ T5021] ? do_setxattr+0x190/0x190
[ 55.402470][ T5021] ? find_held_lock+0x2d/0x110
[ 55.407231][ T5021] ? __mnt_want_write+0x3f/0x2e0
[ 55.412164][ T5021] ? lock_downgrade+0x690/0x690
[ 55.417007][ T5021] ? trace_lock_acquire+0x12d/0x180
[ 55.422199][ T5021] ? __mnt_want_write+0x3f/0x2e0
[ 55.427126][ T5021] ? lock_acquire+0x32/0xc0
[ 55.431619][ T5021] ? __mnt_want_write+0x3f/0x2e0
[ 55.436554][ T5021] ? __mnt_want_write+0x1fe/0x2e0
[ 55.441572][ T5021] path_setxattr+0x197/0x1c0
[ 55.446149][ T5021] ? setxattr+0x160/0x160
[ 55.450467][ T5021] ? lockdep_hardirqs_on+0x7d/0x100
[ 55.455662][ T5021] __x64_sys_setxattr+0xc4/0x160
[ 55.460588][ T5021] do_syscall_64+0x39/0xb0
[ 55.464996][ T5021] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.470878][ T5021] RIP: 0033:0x7f9effd537f9
[ 55.475280][ T5021] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.494872][ T5021] RSP: 002b:00007ffc33918058 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[ 55.503271][ T5021] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f9effd537f9
[ 55.511229][ T5021] RDX: 0000000020000680 RSI: 0000000020000200 RDI: 0000000020000000
[ 55.519183][ T5021] RBP: 00007f9effd13090 R08: 0000000000000000 R09: 0000000000000000
[ 55.527139][ T5021] R10: 0000000000000058 R11: 0000000000000246 R12: 00007f9effd13120
[ 55.535095][ T5021] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 55.543062][ T5021]
[ 55.546511][ T5021] ================================================================================
[ 55.555865][ T5021] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[ 55.563062][ T5021] CPU: 1 PID: 5021 Comm: syz-executor198 Not tainted 6.4.0-rc6-next-20230613-syzkaller #0
[ 55.572952][ T5021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 55.583005][ T5021] Call Trace:
[ 55.586279][ T5021]
[ 55.589207][ T5021] dump_stack_lvl+0xd9/0x150
[ 55.593807][ T5021] panic+0x686/0x730
[ 55.597713][ T5021] ? panic_smp_self_stop+0xa0/0xa0
[ 55.602836][ T5021] ? syslog_print_all+0x3a0/0x3a0
[ 55.607880][ T5021] check_panic_on_warn+0xb1/0xc0
[ 55.612825][ T5021] __ubsan_handle_out_of_bounds+0xfd/0x140
[ 55.618641][ T5021] xfs_attr3_leaf_add_work+0x1528/0x1730
[ 55.624297][ T5021] xfs_attr3_leaf_add+0x750/0x880
[ 55.629338][ T5021] ? xfs_attr3_leaf_to_node+0xb40/0xb40
[ 55.634884][ T5021] ? xlog_grant_push_ail+0x2a/0xd0
[ 55.640010][ T5021] ? xfs_trans_roll+0x1d0/0x3d0
[ 55.644868][ T5021] ? __xfs_trans_commit+0x4d5/0xe20
[ 55.650074][ T5021] ? xfs_trans_buf_set_type+0x1f/0xa0
[ 55.655454][ T5021] xfs_attr_leaf_try_add+0x1b7/0x660
[ 55.660752][ T5021] ? xfs_attr_try_sf_addname+0x240/0x240
[ 55.666397][ T5021] ? rcu_is_watching+0x12/0xb0
[ 55.671169][ T5021] ? xfs_trans_add_item+0x283/0x310
[ 55.676377][ T5021] xfs_attr_set_iter+0x16c4/0x2f90
[ 55.681503][ T5021] ? xfs_init_attr_trans+0x3d0/0x3d0
[ 55.686797][ T5021] ? xfs_defer_trans_roll+0xdc/0x580
[ 55.692090][ T5021] ? xfs_defer_restore_resources+0x3b0/0x3b0
[ 55.698078][ T5021] xfs_xattri_finish_update+0x3c/0x140
[ 55.703543][ T5021] xfs_attr_finish_item+0x6d/0x280
[ 55.708661][ T5021] ? xfs_attri_item_relog+0x460/0x460
[ 55.714039][ T5021] xfs_defer_finish_noroll+0x93b/0x1f20
[ 55.719601][ T5021] ? xfs_defer_cancel_list+0x840/0x840
[ 55.725060][ T5021] ? ktime_get_coarse_real_ts64+0x1bb/0x200
[ 55.730968][ T5021] ? xfs_inode_item_push+0x350/0x350
[ 55.736262][ T5021] ? xfs_trans_run_precommits+0x18a/0x210
[ 55.741992][ T5021] __xfs_trans_commit+0x566/0xe20
[ 55.747026][ T5021] ? xfs_trans_free_items+0x340/0x340
[ 55.752418][ T5021] xfs_attr_set+0x12e5/0x2220
[ 55.757107][ T5021] ? xfs_attr_set_iter+0x2f90/0x2f90
[ 55.762419][ T5021] xfs_xattr_set+0xf2/0x1c0
[ 55.766930][ T5021] ? xfs_trans_alloc_dir+0x480/0x480
[ 55.772233][ T5021] ? evm_protected_xattr_common+0x185/0x1f0
[ 55.778130][ T5021] ? xattr_resolve_name+0x26e/0x3d0
[ 55.783344][ T5021] ? xfs_trans_alloc_dir+0x480/0x480
[ 55.788634][ T5021] __vfs_setxattr+0x173/0x1e0
[ 55.793321][ T5021] ? __vfs_removexattr+0x1c0/0x1c0
[ 55.798432][ T5021] ? security_inode_permission+0xc9/0xf0
[ 55.804081][ T5021] __vfs_setxattr_noperm+0x129/0x5f0
[ 55.809373][ T5021] __vfs_setxattr_locked+0x1d3/0x260
[ 55.814668][ T5021] vfs_setxattr+0x143/0x340
[ 55.819176][ T5021] ? __vfs_setxattr_locked+0x260/0x260
[ 55.824649][ T5021] do_setxattr+0x147/0x190
[ 55.829068][ T5021] setxattr+0x146/0x160
[ 55.833225][ T5021] ? do_setxattr+0x190/0x190
[ 55.837826][ T5021] ? find_held_lock+0x2d/0x110
[ 55.842600][ T5021] ? __mnt_want_write+0x3f/0x2e0
[ 55.847543][ T5021] ? lock_downgrade+0x690/0x690
[ 55.852401][ T5021] ? trace_lock_acquire+0x12d/0x180
[ 55.857606][ T5021] ? __mnt_want_write+0x3f/0x2e0
[ 55.862549][ T5021] ? lock_acquire+0x32/0xc0
[ 55.867058][ T5021] ? __mnt_want_write+0x3f/0x2e0
[ 55.872006][ T5021] ? __mnt_want_write+0x1fe/0x2e0
[ 55.877044][ T5021] path_setxattr+0x197/0x1c0
[ 55.881640][ T5021] ? setxattr+0x160/0x160
[ 55.885973][ T5021] ? lockdep_hardirqs_on+0x7d/0x100
[ 55.891185][ T5021] __x64_sys_setxattr+0xc4/0x160
[ 55.896124][ T5021] do_syscall_64+0x39/0xb0
[ 55.900543][ T5021] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.906441][ T5021] RIP: 0033:0x7f9effd537f9
[ 55.910855][ T5021] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.930464][ T5021] RSP: 002b:00007ffc33918058 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[ 55.938879][ T5021] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f9effd537f9
[ 55.946850][ T5021] RDX: 0000000020000680 RSI: 0000000020000200 RDI: 0000000020000000
[ 55.954821][ T5021] RBP: 00007f9effd13090 R08: 0000000000000000 R09: 0000000000000000
[ 55.962788][ T5021] R10: 0000000000000058 R11: 0000000000000246 R12: 00007f9effd13120
[ 55.970758][ T5021] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 55.978740][ T5021]
[ 55.981902][ T5021] Kernel Offset: disabled
[ 55.986298][ T5021] Rebooting in 86400 seconds..