./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2790008074

<...>
DUID 00:04:a4:32:67:f0:55:bb:60:fb:9b:a6:3e:57:83:d8:2c:c8
forked to background, child pid 4667
[   21.051744][ T4668] 8021q: adding VLAN 0 to HW filter on device bond0
[   21.060174][ T4668] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.131' (ECDSA) to the list of known hosts.
execve("./syz-executor2790008074", ["./syz-executor2790008074"], 0x7ffc218e69d0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555709a000
brk(0x55555709ac40)                     = 0x55555709ac40
arch_prctl(ARCH_SET_FS, 0x55555709a300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2790008074", 4096) = 28
brk(0x5555570bbc40)                     = 0x5555570bbc40
brk(0x5555570bc000)                     = 0x5555570bc000
mprotect(0x7f37ae651000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555709a5d0) = 5000
./strace-static-x86_64: Process 5000 attached
[pid  5000] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5000] setsid()                    = 1
[pid  5000] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5000] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5000] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5000] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5000] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5000] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5000] unshare(CLONE_NEWNS)        = 0
[pid  5000] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5000] unshare(CLONE_NEWIPC)       = 0
[pid  5000] unshare(CLONE_NEWCGROUP)    = 0
[pid  5000] unshare(CLONE_NEWUTS)       = 0
[pid  5000] unshare(CLONE_SYSVSEM)      = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "16777216", 8)     = 8
[pid  5000] close(3)                    = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "536870912", 9)    = 9
[pid  5000] close(3)                    = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "1024", 4)         = 4
[pid  5000] close(3)                    = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "8192", 4)         = 4
[pid  5000] close(3)                    = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "1024", 4)         = 4
[pid  5000] close(3)                    = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "1024", 4)         = 4
[pid  5000] close(3)                    = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5000] close(3)                    = 0
[pid  5000] getpid()                    = 1
[pid  5000] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5000] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5000] unshare(CLONE_NEWNET)       = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "0 65535", 7)      = 7
[pid  5000] close(3)                    = 0
[pid  5000] mkdir("/dev/binderfs", 0777) = 0
[pid  5000] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5000] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5000] memfd_create("syzkaller", 0) = 3
[pid  5000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f37a6191000
syzkaller login: [   41.564505][ T5000] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5000 'syz-executor279'
[pid  5000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5000] munmap(0x7f37a6191000, 16777216) = 0
[pid  5000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5000] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5000] close(3)                    = 0
[pid  5000] mkdir("./file0", 0777)      = 0
[pid  5000] mount("/dev/loop0", "./file0", "jfs", MS_LAZYTIME, "") = 0
[pid  5000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5000] chdir("./file0")            = 0
[pid  5000] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5000] close(4)                    = 0
[pid  5000] mkdir("./file1", 000)       = 0
[pid  5000] mkdir("./bus", 000)         = 0
[pid  5000] mkdirat(AT_FDCWD, "./file0", 000) = 0
[pid  5000] open(".", O_RDONLY)         = 4
[   41.660117][ T5000] loop0: detected capacity change from 0 to 32768
[   41.694283][ T5000] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 1
[   41.694283][ T5000] 
[   41.706347][ T5000] ERROR: (device loop0): remounting filesystem as read-only
[   41.713704][ T5000] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 3
[   41.713704][ T5000] 
[   41.725063][ T5000] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   41.725063][ T5000] 
[   41.736440][ T5000] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 5
[   41.736440][ T5000] 
[   41.748483][ T5000] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 6
[   41.748483][ T5000] 
[pid  5000] getdents(4, 0x20000180 /* 4 entries */, 4102) = 112
[pid  5000] exit_group(1)               = ?
[   41.759715][ T5000] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 7
[   41.759715][ T5000] 
[   41.797359][ T5000] ==================================================================
[   41.805438][ T5000] BUG: KASAN: user-memory-access in __destroy_inode+0x307/0x740
[   41.813171][ T5000] Write of size 4 at addr 0000000b00000000 by task syz-executor279/5000
[   41.821478][ T5000] 
[   41.823786][ T5000] CPU: 1 PID: 5000 Comm: syz-executor279 Not tainted 6.4.0-rc6-syzkaller-00195-g40f71e7cd3c6 #0
[   41.834177][ T5000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   41.844232][ T5000] Call Trace:
[   41.847500][ T5000]  <TASK>
[   41.850417][ T5000]  dump_stack_lvl+0xd9/0x150
[   41.855005][ T5000]  ? __destroy_inode+0x307/0x740
[   41.859928][ T5000]  kasan_report+0xec/0x130
[   41.864334][ T5000]  ? __destroy_inode+0x307/0x740
[   41.869259][ T5000]  kasan_check_range+0x141/0x190
[   41.874180][ T5000]  __destroy_inode+0x307/0x740
[   41.878934][ T5000]  destroy_inode+0x91/0x1b0
[   41.883422][ T5000]  dispose_list+0x117/0x1e0
[   41.887909][ T5000]  evict_inodes+0x345/0x440
[   41.892400][ T5000]  ? dispose_list+0x1e0/0x1e0
[   41.897062][ T5000]  ? shrink_dcache_for_umount+0x169/0x340
[   41.902762][ T5000]  generic_shutdown_super+0xaf/0x480
[   41.908056][ T5000]  kill_block_super+0xa1/0x100
[   41.912802][ T5000]  deactivate_locked_super+0x98/0x160
[   41.918162][ T5000]  deactivate_super+0xb1/0xd0
[   41.922826][ T5000]  cleanup_mnt+0x2ae/0x3d0
[   41.927229][ T5000]  task_work_run+0x16f/0x270
[   41.931803][ T5000]  ? task_work_cancel+0x30/0x30
[   41.936638][ T5000]  do_exit+0xaa3/0x29b0
[   41.941384][ T5000]  ? lock_downgrade+0x690/0x690
[   41.946249][ T5000]  ? do_raw_spin_lock+0x124/0x2b0
[   41.951259][ T5000]  ? mm_update_next_owner+0x7b0/0x7b0
[   41.956616][ T5000]  ? spin_bug+0x1c0/0x1c0
[   41.960960][ T5000]  ? _raw_spin_unlock_irq+0x23/0x50
[   41.966193][ T5000]  do_group_exit+0xd4/0x2a0
[   41.970682][ T5000]  __x64_sys_exit_group+0x3e/0x50
[   41.975694][ T5000]  do_syscall_64+0x39/0xb0
[   41.980104][ T5000]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   41.985989][ T5000] RIP: 0033:0x7f37ae5dca49
[   41.990389][ T5000] Code: Unable to access opcode bytes at 0x7f37ae5dca1f.
[   41.997388][ T5000] RSP: 002b:00007fff483946a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   42.005786][ T5000] RAX: ffffffffffffffda RBX: 00007f37ae657330 RCX: 00007f37ae5dca49
[   42.013741][ T5000] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   42.021706][ T5000] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007f37ae651e40
[   42.031568][ T5000] R10: 00007f37ae651e40 R11: 0000000000000246 R12: 00007f37ae657330
[   42.039522][ T5000] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   42.047566][ T5000]  </TASK>
[   42.050566][ T5000] ==================================================================
[   42.059151][ T5000] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   42.066348][ T5000] CPU: 1 PID: 5000 Comm: syz-executor279 Not tainted 6.4.0-rc6-syzkaller-00195-g40f71e7cd3c6 #0
[   42.076739][ T5000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   42.086775][ T5000] Call Trace:
[   42.090034][ T5000]  <TASK>
[   42.092954][ T5000]  dump_stack_lvl+0xd9/0x150
[   42.097534][ T5000]  panic+0x686/0x730
[   42.101419][ T5000]  ? panic_smp_self_stop+0xa0/0xa0
[   42.106517][ T5000]  ? preempt_schedule_thunk+0x1a/0x20
[   42.111876][ T5000]  ? preempt_schedule_common+0x45/0xb0
[   42.117322][ T5000]  check_panic_on_warn+0xb1/0xc0
[   42.122264][ T5000]  end_report+0xe9/0x120
[   42.126499][ T5000]  ? __destroy_inode+0x307/0x740
[   42.131457][ T5000]  kasan_report+0xf9/0x130
[   42.135868][ T5000]  ? __destroy_inode+0x307/0x740
[   42.140792][ T5000]  kasan_check_range+0x141/0x190
[   42.145800][ T5000]  __destroy_inode+0x307/0x740
[   42.150550][ T5000]  destroy_inode+0x91/0x1b0
[   42.155055][ T5000]  dispose_list+0x117/0x1e0
[   42.159633][ T5000]  evict_inodes+0x345/0x440
[   42.164299][ T5000]  ? dispose_list+0x1e0/0x1e0
[   42.168963][ T5000]  ? shrink_dcache_for_umount+0x169/0x340
[   42.174666][ T5000]  generic_shutdown_super+0xaf/0x480
[   42.179940][ T5000]  kill_block_super+0xa1/0x100
[   42.184693][ T5000]  deactivate_locked_super+0x98/0x160
[   42.190053][ T5000]  deactivate_super+0xb1/0xd0
[   42.194711][ T5000]  cleanup_mnt+0x2ae/0x3d0
[   42.199108][ T5000]  task_work_run+0x16f/0x270
[   42.203679][ T5000]  ? task_work_cancel+0x30/0x30
[   42.208518][ T5000]  do_exit+0xaa3/0x29b0
[   42.212655][ T5000]  ? lock_downgrade+0x690/0x690
[   42.217495][ T5000]  ? do_raw_spin_lock+0x124/0x2b0
[   42.222507][ T5000]  ? mm_update_next_owner+0x7b0/0x7b0
[   42.227859][ T5000]  ? spin_bug+0x1c0/0x1c0
[   42.232176][ T5000]  ? _raw_spin_unlock_irq+0x23/0x50
[   42.237368][ T5000]  do_group_exit+0xd4/0x2a0
[   42.241849][ T5000]  __x64_sys_exit_group+0x3e/0x50
[   42.246855][ T5000]  do_syscall_64+0x39/0xb0
[   42.251311][ T5000]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   42.257197][ T5000] RIP: 0033:0x7f37ae5dca49
[   42.261598][ T5000] Code: Unable to access opcode bytes at 0x7f37ae5dca1f.
[   42.268599][ T5000] RSP: 002b:00007fff483946a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   42.277000][ T5000] RAX: ffffffffffffffda RBX: 00007f37ae657330 RCX: 00007f37ae5dca49
[   42.284971][ T5000] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   42.293020][ T5000] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007f37ae651e40
[   42.300986][ T5000] R10: 00007f37ae651e40 R11: 0000000000000246 R12: 00007f37ae657330
[   42.308943][ T5000] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   42.316938][ T5000]  </TASK>
[   42.320787][ T5000] Kernel Offset: disabled
[   42.325109][ T5000] Rebooting in 86400 seconds..