./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4049169025 <...> Warning: Permanently added '10.128.0.196' (ED25519) to the list of known hosts. execve("./syz-executor4049169025", ["./syz-executor4049169025"], 0x7fff0b946130 /* 10 vars */) = 0 brk(NULL) = 0x55555575d000 brk(0x55555575dd40) = 0x55555575dd40 arch_prctl(ARCH_SET_FS, 0x55555575d3c0) = 0 set_tid_address(0x55555575d690) = 5059 set_robust_list(0x55555575d6a0, 24) = 0 rseq(0x55555575dce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4049169025", 4096) = 28 getrandom("\x84\x7b\xfd\x61\x84\xa2\x59\x6d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555575dd40 brk(0x55555577ed40) = 0x55555577ed40 brk(0x55555577f000) = 0x55555577f000 mprotect(0x7fc07f32a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached , child_tidptr=0x55555575d690) = 5060 [pid 5060] set_robust_list(0x55555575d6a0, 24) = 0 [pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5060] setpgid(0, 0) = 0 [pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5060] write(3, "1000", 4) = 4 [pid 5060] close(3) = 0 [pid 5060] futex(0x7fc07f33060c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] rt_sigaction(SIGRT_1, {sa_handler=0x7fc07f2c9370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc07f2baa20}, NULL, 8) = 0 [pid 5060] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc07f240000 [pid 5060] mprotect(0x7fc07f241000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc07f260990, parent_tid=0x7fc07f260990, exit_signal=0, stack=0x7fc07f240000, stack_size=0x20300, tls=0x7fc07f2606c0}./strace-static-x86_64: Process 5062 attached [pid 5062] rseq(0x7fc07f260fe0, 0x20, 0, 0x53053053 [pid 5060] <... clone3 resumed> => {parent_tid=[5062]}, 88) = 5062 [pid 5062] <... rseq resumed>) = 0 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] set_robust_list(0x7fc07f2609a0, 24 [pid 5060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... set_robust_list resumed>) = 0 [pid 5060] futex(0x7fc07f330608, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], [pid 5060] <... futex resumed>) = 0 [pid 5062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5060] futex(0x7fc07f33060c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] memfd_create("syzkaller", 0) = 3 [pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc076e40000 [ 73.278202][ T5062] syz-executor404[5062]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5062] munmap(0x7fc076e40000, 138412032) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5062] close(3) = 0 [pid 5062] mkdir("./file0", 0777) = 0 [pid 5062] mount("/dev/loop0", "./file0", "jfs", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5062] chdir("./file0") = 0 [pid 5062] ioctl(4, LOOP_CLR_FD) = 0 [ 73.526765][ T5062] loop0: detected capacity change from 0 to 32768 [pid 5062] close(4) = 0 [pid 5062] futex(0x7fc07f33060c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7fc07f330608, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5062] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5060] futex(0x7fc07f33060c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... open resumed>) = 4 [pid 5062] futex(0x7fc07f33060c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] futex(0x7fc07f330608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7fc07f330608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7fc07f33060c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] write(4, "\x46\x52\x4f\x5a\x45\x4e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871111 [pid 5060] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5060] futex(0x7fc07f33061c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc07f21f000 [pid 5060] mprotect(0x7fc07f220000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc07f23f990, parent_tid=0x7fc07f23f990, exit_signal=0, stack=0x7fc07f21f000, stack_size=0x20300, tls=0x7fc07f23f6c0}./strace-static-x86_64: Process 5063 attached [pid 5063] rseq(0x7fc07f23ffe0, 0x20, 0, 0x53053053 [pid 5060] <... clone3 resumed> => {parent_tid=[5063]}, 88) = 5063 [pid 5063] <... rseq resumed>) = 0 [pid 5063] set_robust_list(0x7fc07f23f9a0, 24 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... set_robust_list resumed>) = 0 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], [pid 5060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5060] futex(0x7fc07f330618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7fc07f33061c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... openat resumed>) = 5 [pid 5063] futex(0x7fc07f33061c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7fc07f330618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7fc07f33061c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 73.757111][ T5062] ================================================================================ [ 73.766708][ T5062] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_xtree.c:622:9 [ 73.774836][ T5062] index 19 is out of range for type 'xad_t[18]' (aka 'struct xad[18]') [ 73.783524][ T5062] CPU: 0 PID: 5062 Comm: syz-executor404 Not tainted 6.6.0-syzkaller-03860-g5a6a09e97199 #0 [ 73.793637][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 73.803735][ T5062] Call Trace: [pid 5063] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5060] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 73.807041][ T5062] [ 73.810012][ T5062] dump_stack_lvl+0x1e7/0x2d0 [ 73.814752][ T5062] ? __get_metapage+0x9b2/0x1040 [ 73.819758][ T5062] ? nf_tcp_handle_invalid+0x650/0x650 [ 73.825263][ T5062] ? panic+0x770/0x770 [ 73.829399][ T5062] __ubsan_handle_out_of_bounds+0x11c/0x150 [ 73.835386][ T5062] xtInsert+0xf45/0xfa0 [ 73.839608][ T5062] ? xtSearch+0x1ca0/0x1ca0 [ 73.844163][ T5062] ? mark_lock+0x9a/0x340 [ 73.848542][ T5062] ? dquot_drop+0x2a0/0x2a0 [ 73.853076][ T5062] ? rcu_is_watching+0x15/0xb0 [ 73.857858][ T5062] ? __mark_inode_dirty+0x3e7/0xd90 [ 73.863074][ T5062] extAlloc+0xa74/0x1000 [ 73.867358][ T5062] ? jfs_ioc_trim+0x660/0x660 [ 73.872078][ T5062] ? clear_nonspinnable+0x60/0x60 [ 73.877147][ T5062] jfs_get_block+0x41b/0xe60 [ 73.881773][ T5062] ? jfs_dirty_inode+0x240/0x240 [ 73.886736][ T5062] ? _raw_spin_unlock+0x28/0x40 [ 73.891608][ T5062] ? folio_create_buffers+0x132/0x250 [ 73.896996][ T5062] __block_write_begin_int+0x54d/0x1ac0 [ 73.902575][ T5062] ? folio_add_lru+0x27b/0x9d0 [ 73.907371][ T5062] ? jfs_dirty_inode+0x240/0x240 [ 73.912315][ T5062] ? folio_zero_new_buffers+0x530/0x530 [ 73.917877][ T5062] ? pagecache_get_page+0x243/0x590 [ 73.923087][ T5062] ? jfs_dirty_inode+0x240/0x240 [ 73.928040][ T5062] block_write_begin+0x9b/0x1e0 [ 73.932910][ T5062] jfs_write_begin+0x31/0x70 [ 73.937512][ T5062] generic_perform_write+0x31b/0x630 [ 73.942825][ T5062] ? generic_file_direct_write+0x3f0/0x3f0 [ 73.948642][ T5062] ? mnt_put_write_access_file+0xc2/0x100 [ 73.954387][ T5062] ? __generic_file_write_iter+0x101/0x230 [ 73.960209][ T5062] generic_file_write_iter+0xaf/0x310 [ 73.965598][ T5062] vfs_write+0x792/0xb20 [ 73.969874][ T5062] ? file_end_write+0x250/0x250 [ 73.974754][ T5062] ? __fget_files+0x3fe/0x480 [ 73.979441][ T5062] ? __fget_files+0x29/0x480 [ 73.984059][ T5062] ? __fdget_pos+0x2b0/0x340 [ 73.988740][ T5062] ? ksys_write+0x7b/0x2c0 [ 73.993173][ T5062] ksys_write+0x1a0/0x2c0 [ 73.997520][ T5062] ? __ia32_sys_read+0x90/0x90 [ 74.002296][ T5062] ? syscall_enter_from_user_mode+0x32/0x230 [ 74.008394][ T5062] ? syscall_enter_from_user_mode+0x8c/0x230 [ 74.014400][ T5062] do_syscall_64+0x44/0x110 [ 74.018918][ T5062] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 74.024825][ T5062] RIP: 0033:0x7fc07f2a3489 [ 74.029251][ T5062] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 74.048993][ T5062] RSP: 002b:00007fc07f260218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 74.057441][ T5062] RAX: ffffffffffffffda RBX: 00007fc07f330608 RCX: 00007fc07f2a3489 [ 74.065438][ T5062] RDX: 00000000200000c7 RSI: 00000000200000c0 RDI: 0000000000000004 [ 74.073417][ T5062] RBP: 00007fc07f330600 R08: 0000000000000000 R09: 0000000000000000 [ 74.081396][ T5062] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc07f2fcf74 [ 74.089386][ T5062] R13: 00007fc07f2f70c0 R14: 0030656c69662f2e R15: 0065766973727563 [ 74.097383][ T5062] [ 74.101904][ T5062] ================================================================================ [ 74.116870][ T5062] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 74.124110][ T5062] CPU: 0 PID: 5062 Comm: syz-executor404 Not tainted 6.6.0-syzkaller-03860-g5a6a09e97199 #0 [ 74.134207][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 74.144295][ T5062] Call Trace: [ 74.147600][ T5062] [ 74.150558][ T5062] dump_stack_lvl+0x1e7/0x2d0 [ 74.155277][ T5062] ? nf_tcp_handle_invalid+0x650/0x650 [ 74.160772][ T5062] ? panic+0x770/0x770 [ 74.164887][ T5062] ? vscnprintf+0x5d/0x80 [ 74.169262][ T5062] panic+0x30f/0x770 [ 74.173205][ T5062] ? check_panic_on_warn+0x21/0xa0 [ 74.178365][ T5062] ? __memcpy_flushcache+0x2b0/0x2b0 [ 74.183697][ T5062] ? dump_stack_lvl+0x253/0x2d0 [ 74.188609][ T5062] check_panic_on_warn+0x82/0xa0 [ 74.193620][ T5062] __ubsan_handle_out_of_bounds+0x13c/0x150 [ 74.199687][ T5062] xtInsert+0xf45/0xfa0 [ 74.203906][ T5062] ? xtSearch+0x1ca0/0x1ca0 [ 74.208487][ T5062] ? mark_lock+0x9a/0x340 [ 74.212870][ T5062] ? dquot_drop+0x2a0/0x2a0 [ 74.217430][ T5062] ? rcu_is_watching+0x15/0xb0 [ 74.222243][ T5062] ? __mark_inode_dirty+0x3e7/0xd90 [ 74.227487][ T5062] extAlloc+0xa74/0x1000 [ 74.231806][ T5062] ? jfs_ioc_trim+0x660/0x660 [ 74.236529][ T5062] ? clear_nonspinnable+0x60/0x60 [ 74.241606][ T5062] jfs_get_block+0x41b/0xe60 [ 74.246261][ T5062] ? jfs_dirty_inode+0x240/0x240 [ 74.251251][ T5062] ? _raw_spin_unlock+0x28/0x40 [pid 5060] exit_group(0) = ? [ 74.256150][ T5062] ? folio_create_buffers+0x132/0x250 [ 74.261574][ T5062] __block_write_begin_int+0x54d/0x1ac0 [ 74.267171][ T5062] ? folio_add_lru+0x27b/0x9d0 [ 74.272008][ T5062] ? jfs_dirty_inode+0x240/0x240 [ 74.277008][ T5062] ? folio_zero_new_buffers+0x530/0x530 [ 74.282624][ T5062] ? pagecache_get_page+0x243/0x590 [ 74.287875][ T5062] ? jfs_dirty_inode+0x240/0x240 [ 74.292855][ T5062] block_write_begin+0x9b/0x1e0 [ 74.297758][ T5062] jfs_write_begin+0x31/0x70 [ 74.302388][ T5062] generic_perform_write+0x31b/0x630 [ 74.307734][ T5062] ? generic_file_direct_write+0x3f0/0x3f0 [ 74.313592][ T5062] ? mnt_put_write_access_file+0xc2/0x100 [ 74.319338][ T5062] ? __generic_file_write_iter+0x101/0x230 [ 74.325160][ T5062] generic_file_write_iter+0xaf/0x310 [ 74.330550][ T5062] vfs_write+0x792/0xb20 [ 74.334810][ T5062] ? file_end_write+0x250/0x250 [ 74.339675][ T5062] ? __fget_files+0x3fe/0x480 [ 74.344365][ T5062] ? __fget_files+0x29/0x480 [ 74.348975][ T5062] ? __fdget_pos+0x2b0/0x340 [ 74.353577][ T5062] ? ksys_write+0x7b/0x2c0 [ 74.358008][ T5062] ksys_write+0x1a0/0x2c0 [ 74.362353][ T5062] ? __ia32_sys_read+0x90/0x90 [ 74.367144][ T5062] ? syscall_enter_from_user_mode+0x32/0x230 [ 74.373149][ T5062] ? syscall_enter_from_user_mode+0x8c/0x230 [ 74.379149][ T5062] do_syscall_64+0x44/0x110 [ 74.383662][ T5062] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 74.389672][ T5062] RIP: 0033:0x7fc07f2a3489 [ 74.394101][ T5062] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 74.413713][ T5062] RSP: 002b:00007fc07f260218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 74.422234][ T5062] RAX: ffffffffffffffda RBX: 00007fc07f330608 RCX: 00007fc07f2a3489 [ 74.430212][ T5062] RDX: 00000000200000c7 RSI: 00000000200000c0 RDI: 0000000000000004 [ 74.438191][ T5062] RBP: 00007fc07f330600 R08: 0000000000000000 R09: 0000000000000000 [ 74.446185][ T5062] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc07f2fcf74 [ 74.454512][ T5062] R13: 00007fc07f2f70c0 R14: 0030656c69662f2e R15: 0065766973727563 [ 74.462522][ T5062] [ 74.465799][ T5062] Kernel Offset: disabled [ 74.470203][ T5062] Rebooting in 86400 seconds..