./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor781727313 <...> Warning: Permanently added '10.128.0.110' (ECDSA) to the list of known hosts. execve("./syz-executor781727313", ["./syz-executor781727313"], 0x7ffcd4c52e30 /* 10 vars */) = 0 brk(NULL) = 0x5555566b6000 brk(0x5555566b6c40) = 0x5555566b6c40 arch_prctl(ARCH_SET_FS, 0x5555566b6300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor781727313", 4096) = 27 brk(0x5555566d7c40) = 0x5555566d7c40 brk(0x5555566d8000) = 0x5555566d8000 mprotect(0x7fcde115c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 ftruncate(3, 65538) = 0 pwrite64(3, "syzk", 4, 0) = 4 pwrite64(3, "syzkall", 7, 4) = 7 pwrite64(3, "/tmp/syz-ima", 12, 11) = 12 pwrite64(3, "\x00\x04\x40\x00\x01\x00\x01\x00\x24\x00\x00\xfc\x00\x1c\x08\x10\x7f\x13\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32, 1024) = 32 pwrite64(3, "\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32, 2048) = 32 pwrite64(3, "\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 2144, 2176) = 2144 pwrite64(3, "\x01\x00\x2e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x2e\x2e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x66\x69\x6c\x65\x33\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x66\x69"..., 128, 36864) = 128 pwrite64(3, "\x02\x00\x2e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x2e\x2e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00", 64, 37889) = 64 pwrite64(3, "\x73\x79\x7a\x6b\x61\x6c\x6c\x65\x72\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32, 41981) = 32 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 mkdir("./file1", 0777) = 0 mount("/dev/loop0", "./file1", "minix", MS_NOSUID|MS_SILENT|MS_I_VERSION, "\x8f\x46\x64\xd7\x83\xd3\x20\xa4\x1d\x85\xef\x2d\x70\x32\x64\x47\x1d\x84\xd3\xfc\x2a\xd1\x44\xa6\x2d\x17\x25\xe9\x6e\x05\xd1\xac\x0f\x85\x7c\x6d\xca\x78\x74\xe0\xcd\x88\x96\x86\x15\x4c\x42\xbb\x35\xf9\x26\xbd\xe0\xfc\xda\x56\x9b\x8f\x5f\x82\x8e\x69\x40\xb1\xb1\x5d\xb0\x5b\x5b\xb2\x77\x71\xae\xa1\x54\x98\xe4\xc2\xc7\x20\x0a\xec\x2f\x5d\xfb\x99\x26\xf8\x1f\xa9\xea\x82\x68\x04\xa3\x78\x06\x9c\xe0\x86"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 5 chdir("./file1") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 close(3) = 0 mkdir("./bus", 000) = 0 syzkaller login: [ 33.358542][ T3602] loop0: detected capacity change from 0 to 128 [ 33.371429][ T3602] ================================================================================ [ 33.381234][ T3602] UBSAN: shift-out-of-bounds in fs/minix/inode.c:380:57 [ 33.388835][ T3602] shift exponent 64512 is too large for 64-bit type 'long unsigned int' [ 33.397478][ T3602] CPU: 0 PID: 3602 Comm: syz-executor781 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0 [ 33.407590][ T3602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 33.417665][ T3602] Call Trace: [ 33.420932][ T3602] [ 33.423860][ T3602] dump_stack_lvl+0xcd/0x134 [ 33.428442][ T3602] ubsan_epilogue+0xb/0x50 [ 33.432859][ T3602] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 [ 33.439618][ T3602] ? rwlock_bug.part.0+0x90/0x90 [ 33.444546][ T3602] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 33.450337][ T3602] ? debug_check_no_obj_freed+0x20c/0x420 [ 33.456041][ T3602] minix_statfs.cold+0x17/0x1c [ 33.460793][ T3602] statfs_by_dentry+0x133/0x210 [ 33.465630][ T3602] vfs_statfs+0x36/0x90 [ 33.469769][ T3602] ovl_check_namelen+0x80/0x110 [ 33.474600][ T3602] ? ovl_statfs+0x1e0/0x1e0 [ 33.479084][ T3602] ? ovl_mount_dir+0x181/0x1f0 [ 33.483839][ T3602] ovl_fill_super+0x12fe/0x62b0 [ 33.488673][ T3602] ? lock_release+0x780/0x780 [ 33.493355][ T3602] ? ida_alloc_range+0x5d5/0x890 [ 33.498280][ T3602] ? rcu_read_lock_sched_held+0xd/0x70 [ 33.503737][ T3602] ? ovl_workdir_create+0x930/0x930 [ 33.508923][ T3602] ? sget+0x472/0x580 [ 33.512905][ T3602] ? lock_downgrade+0x6e0/0x6e0 [ 33.517753][ T3602] ? down_write+0x153/0x220 [ 33.522258][ T3602] ? down_write_killable_nested+0x250/0x250 [ 33.528156][ T3602] ? do_raw_spin_lock+0x120/0x2a0 [ 33.533178][ T3602] ? sget+0x11f/0x580 [ 33.537161][ T3602] ? kill_litter_super+0xa0/0xa0 [ 33.542094][ T3602] ? ovl_workdir_create+0x930/0x930 [ 33.547309][ T3602] mount_nodev+0x60/0x110 [ 33.551642][ T3602] ? ovl_own_xattr_set+0x10/0x10 [ 33.556572][ T3602] legacy_get_tree+0x105/0x220 [ 33.561327][ T3602] ? ns_capable+0xd9/0x100 [ 33.565762][ T3602] vfs_get_tree+0x89/0x2f0 [ 33.570175][ T3602] path_mount+0x1326/0x1e20 [ 33.574679][ T3602] ? kmem_cache_free+0xeb/0x5b0 [ 33.579525][ T3602] ? finish_automount+0x960/0x960 [ 33.584547][ T3602] ? putname+0xfe/0x140 [ 33.588702][ T3602] __x64_sys_mount+0x27f/0x300 [ 33.593483][ T3602] ? copy_mnt_ns+0xae0/0xae0 [ 33.598070][ T3602] ? _raw_spin_unlock_irq+0x2a/0x40 [ 33.603266][ T3602] ? ptrace_notify+0xfa/0x140 [ 33.607957][ T3602] do_syscall_64+0x35/0xb0 [ 33.612369][ T3602] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 33.618253][ T3602] RIP: 0033:0x7fcde10ef0f9 [ 33.622689][ T3602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.642387][ T3602] RSP: 002b:00007fff4b9b7ae8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 33.650819][ T3602] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcde10ef0f9 [ 33.658784][ T3602] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000000000000 [ 33.666746][ T3602] RBP: 00007fcde10ae8c0 R08: 0000000020000400 R09: 0000000000000000 [ 33.674708][ T3602] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcde10ae950 [ 33.682669][ T3602] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 33.690643][ T3602] [ 33.696573][ T3602] ================================================================================ [ 33.706334][ T3602] Kernel panic - not syncing: panic_on_warn set ... [ 33.712945][ T3602] CPU: 0 PID: 3602 Comm: syz-executor781 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0 [ 33.723018][ T3602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 33.733068][ T3602] Call Trace: [ 33.736335][ T3602] [ 33.739246][ T3602] dump_stack_lvl+0xcd/0x134 [ 33.743826][ T3602] panic+0x2c8/0x622 [ 33.747722][ T3602] ? panic_print_sys_info.part.0+0x10b/0x10b [ 33.753715][ T3602] ? ubsan_epilogue+0x3e/0x50 [ 33.758416][ T3602] ubsan_epilogue+0x4a/0x50 [ 33.763094][ T3602] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 [ 33.769846][ T3602] ? rwlock_bug.part.0+0x90/0x90 [ 33.774858][ T3602] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 33.780668][ T3602] ? debug_check_no_obj_freed+0x20c/0x420 [ 33.786373][ T3602] minix_statfs.cold+0x17/0x1c [ 33.791139][ T3602] statfs_by_dentry+0x133/0x210 [ 33.796000][ T3602] vfs_statfs+0x36/0x90 [ 33.800141][ T3602] ovl_check_namelen+0x80/0x110 [ 33.805052][ T3602] ? ovl_statfs+0x1e0/0x1e0 [ 33.809566][ T3602] ? ovl_mount_dir+0x181/0x1f0 [ 33.814785][ T3602] ovl_fill_super+0x12fe/0x62b0 [ 33.819633][ T3602] ? lock_release+0x780/0x780 [ 33.824300][ T3602] ? ida_alloc_range+0x5d5/0x890 [ 33.829260][ T3602] ? rcu_read_lock_sched_held+0xd/0x70 [ 33.834719][ T3602] ? ovl_workdir_create+0x930/0x930 [ 33.839916][ T3602] ? sget+0x472/0x580 [ 33.843894][ T3602] ? lock_downgrade+0x6e0/0x6e0 [ 33.848739][ T3602] ? down_write+0x153/0x220 [ 33.853260][ T3602] ? down_write_killable_nested+0x250/0x250 [ 33.859153][ T3602] ? do_raw_spin_lock+0x120/0x2a0 [ 33.864178][ T3602] ? sget+0x11f/0x580 [ 33.868159][ T3602] ? kill_litter_super+0xa0/0xa0 [ 33.873094][ T3602] ? ovl_workdir_create+0x930/0x930 [ 33.878285][ T3602] mount_nodev+0x60/0x110 [ 33.882614][ T3602] ? ovl_own_xattr_set+0x10/0x10 [ 33.887540][ T3602] legacy_get_tree+0x105/0x220 [ 33.892310][ T3602] ? ns_capable+0xd9/0x100 [ 33.896738][ T3602] vfs_get_tree+0x89/0x2f0 [ 33.901157][ T3602] path_mount+0x1326/0x1e20 [ 33.905658][ T3602] ? kmem_cache_free+0xeb/0x5b0 [ 33.910506][ T3602] ? finish_automount+0x960/0x960 [ 33.915543][ T3602] ? putname+0xfe/0x140 [ 33.919700][ T3602] __x64_sys_mount+0x27f/0x300 [ 33.924464][ T3602] ? copy_mnt_ns+0xae0/0xae0 [ 33.929054][ T3602] ? _raw_spin_unlock_irq+0x2a/0x40 [ 33.934268][ T3602] ? ptrace_notify+0xfa/0x140 [ 33.938939][ T3602] do_syscall_64+0x35/0xb0 [ 33.943544][ T3602] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 33.949433][ T3602] RIP: 0033:0x7fcde10ef0f9 [ 33.953838][ T3602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.973614][ T3602] RSP: 002b:00007fff4b9b7ae8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 33.982018][ T3602] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcde10ef0f9 [ 33.989979][ T3602] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000000000000 [ 33.997959][ T3602] RBP: 00007fcde10ae8c0 R08: 0000000020000400 R09: 0000000000000000 [ 34.005922][ T3602] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcde10ae950 [ 34.013879][ T3602] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 34.021848][ T3602] [ 34.025484][ T3602] Kernel Offset: disabled [ 34.029792][ T3602] Rebooting in 86400 seconds..