./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor294458968 <...> DUID 00:04:dd:0f:a4:e5:cb:b8:04:95:2f:30:92:03:b3:b6:0d:bc forked to background, child pid 4657 [ 29.985332][ T4658] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.994715][ T4658] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts. execve("./syz-executor294458968", ["./syz-executor294458968"], 0x7ffd904ce620 /* 10 vars */) = 0 brk(NULL) = 0x555556c07000 brk(0x555556c07d40) = 0x555556c07d40 arch_prctl(ARCH_SET_FS, 0x555556c07400) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556c076d0) = 4988 set_robust_list(0x555556c076e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fc886b6afd0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fc886b6a520}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fc886b6b070, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc886b6a520}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor294458968", 4096) = 27 brk(0x555556c28d40) = 0x555556c28d40 brk(0x555556c29000) = 0x555556c29000 mprotect(0x7fc886c36000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fc886b64030, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fc886b6a520}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fc886b64030, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fc886b6a520}, NULL, 8) = 0 getpid() = 4988 mkdir("./syzkaller.dn4Kum", 0700) = 0 chmod("./syzkaller.dn4Kum", 0777) = 0 chdir("./syzkaller.dn4Kum") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c076d0) = 4989 ./strace-static-x86_64: Process 4989 attached [pid 4989] set_robust_list(0x555556c076e0, 24) = 0 [pid 4989] chdir("./0") = 0 [pid 4989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4989] setpgid(0, 0) = 0 [pid 4989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4989] write(3, "1000", 4) = 4 [pid 4989] close(3) = 0 [pid 4989] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4989] futex(0x7fc886c3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886b39000 [pid 4989] mprotect(0x7fc886b3a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4989] clone(child_stack=0x7fc886b592f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4990], tls=0x7fc886b59700, child_tidptr=0x7fc886b599d0) = 4990 [pid 4989] futex(0x7fc886c3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4989] futex(0x7fc886c3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4990 attached [pid 4990] set_robust_list(0x7fc886b599e0, 24) = 0 [pid 4990] memfd_create("syzkaller", 0) = 3 [pid 4990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e739000 syzkaller login: [ 56.907871][ T4990] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4990 'syz-executor294' [pid 4990] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\x7e\x21\x01\xb8\xf1\x48\x38\x8e\x2d\x76\x37\xb9\x06\x20\xe6\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x05\x01\x00\x00\x00\x00\x00\x00\x05\x02\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x02\x70"..., 16777216) = 16777216 [pid 4990] munmap(0x7fc87e739000, 16777216) = 0 [pid 4990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4990] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4990] close(3) = 0 [pid 4990] mkdir("./file0", 0777) = 0 [ 57.082445][ T4990] loop0: detected capacity change from 0 to 32768 [ 57.099975][ T4990] XFS (loop0): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [pid 4990] mount("/dev/loop0", "./file0", "xfs", MS_LAZYTIME, "uquota,nolazytime,logbufs=00000000000000000005,inode64,allocsize=86m,,nouuid") = 0 [pid 4990] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4990] chdir("./file0") = 0 [pid 4990] ioctl(4, LOOP_CLR_FD) = 0 [pid 4990] close(4) = 0 [pid 4990] futex(0x7fc886c3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4990] futex(0x7fc886c3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4989] <... futex resumed>) = 0 [pid 4989] futex(0x7fc886c3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4989] futex(0x7fc886c3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4990] <... futex resumed>) = 0 [pid 4990] openat(AT_FDCWD, "blkio.throttle.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 4990] futex(0x7fc886c3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4989] <... futex resumed>) = 0 [pid 4989] futex(0x7fc886c3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4989] futex(0x7fc886c3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4990] <... futex resumed>) = 1 [pid 4990] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 4990] futex(0x7fc886c3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4989] <... futex resumed>) = 0 [pid 4989] futex(0x7fc886c3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4989] futex(0x7fc886c3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4990] <... futex resumed>) = 1 [pid 4990] ftruncate(4, 7) = 0 [pid 4990] futex(0x7fc886c3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4989] <... futex resumed>) = 0 [pid 4989] futex(0x7fc886c3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4989] futex(0x7fc886c3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4990] <... futex resumed>) = 1 [pid 4990] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 4990] futex(0x7fc886c3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4989] <... futex resumed>) = 0 [pid 4989] futex(0x7fc886c3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4989] futex(0x7fc886c3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4990] <... futex resumed>) = 1 [pid 4990] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200013c0} --- [pid 4990] write(5, 0x200013c0, 18) = -1 EFAULT (Bad address) [pid 4990] futex(0x7fc886c3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4989] <... futex resumed>) = 0 [pid 4989] futex(0x7fc886c3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4989] futex(0x7fc886c3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f718000 [pid 4989] mprotect(0x7fc87f719000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4989] clone(child_stack=0x7fc87f7382f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5000 attached [pid 4990] <... futex resumed>) = 1 [pid 5000] set_robust_list(0x7fc87f7389e0, 24 [pid 4989] <... clone resumed>, parent_tid=[5000], tls=0x7fc87f738700, child_tidptr=0x7fc87f7389d0) = 5000 [pid 4990] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x58, 0x26, 0x20), 0x20000140 [pid 4989] futex(0x7fc886c3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.129068][ T4990] XFS (loop0): Ending clean mount [ 57.137727][ T4990] XFS (loop0): Quotacheck needed: Please wait. [ 57.158596][ T4990] XFS (loop0): Quotacheck: Done. [pid 4989] futex(0x7fc886c3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5000] <... set_robust_list resumed>) = 0 [pid 5000] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x58, 0x26, 0x20), 0x20000140 [pid 4990] <... ioctl resumed>) = 0 [pid 4990] futex(0x7fc886c3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.205563][ T5000] ================================================================== [ 57.213679][ T5000] BUG: KASAN: slab-out-of-bounds in xfs_getbmap+0x1c06/0x1c90 [ 57.221150][ T5000] Read of size 4 at addr ffff88801872aa78 by task syz-executor294/5000 [ 57.229375][ T5000] [ 57.231688][ T5000] CPU: 1 PID: 5000 Comm: syz-executor294 Not tainted 6.3.0-syzkaller-12049-g58390c8ce1bd #0 [ 57.241930][ T5000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 57.252059][ T5000] Call Trace: [ 57.255359][ T5000] [ 57.258294][ T5000] dump_stack_lvl+0x1e7/0x2d0 [ 57.262960][ T5000] ? irq_work_queue+0xca/0x150 [ 57.267724][ T5000] ? nf_tcp_handle_invalid+0x650/0x650 [ 57.273172][ T5000] ? panic+0x770/0x770 [ 57.277229][ T5000] ? _printk+0xd5/0x120 [ 57.281371][ T5000] print_report+0x163/0x540 [ 57.285873][ T5000] ? __virt_addr_valid+0x22f/0x2e0 [ 57.291077][ T5000] ? __phys_addr+0xba/0x170 [ 57.295597][ T5000] ? xfs_getbmap+0x1c06/0x1c90 [ 57.300363][ T5000] kasan_report+0x176/0x1b0 [ 57.304867][ T5000] ? xfs_getbmap+0x1c06/0x1c90 [ 57.309726][ T5000] xfs_getbmap+0x1c06/0x1c90 [ 57.314322][ T5000] ? xfs_bmap_count_blocks+0x5f0/0x5f0 [ 57.319801][ T5000] ? kvmalloc_node+0x72/0x180 [ 57.324479][ T5000] ? rcu_is_watching+0x15/0xb0 [ 57.329241][ T5000] ? kvmalloc_node+0x72/0x180 [ 57.333921][ T5000] ? __kmalloc_node+0xe8/0x230 [ 57.338675][ T5000] ? xfs_ioc_getbmap+0x152/0x7a0 [ 57.343607][ T5000] xfs_ioc_getbmap+0x243/0x7a0 [ 57.348377][ T5000] ? xfs_ioc_fsgetxattra+0x100/0x100 [ 57.353738][ T5000] ? tomoyo_path_number_perm+0x663/0x840 [ 57.359370][ T5000] ? ____kasan_slab_free+0xd6/0x120 [ 57.364564][ T5000] ? __kmem_cache_free+0x264/0x3c0 [ 57.369659][ T5000] ? tomoyo_path_number_perm+0x663/0x840 [ 57.375278][ T5000] ? security_file_ioctl+0x71/0xa0 [ 57.380381][ T5000] ? __se_sys_ioctl+0x47/0x160 [ 57.385137][ T5000] ? do_syscall_64+0x41/0xc0 [ 57.389722][ T5000] xfs_file_ioctl+0xbf5/0x16a0 [ 57.394494][ T5000] ? xfs_ioc_swapext+0x590/0x590 [ 57.399418][ T5000] ? mark_lock+0x9a/0x340 [ 57.403738][ T5000] ? do_vfs_ioctl+0x1c28/0x2b10 [ 57.408578][ T5000] ? __x64_compat_sys_ioctl+0x90/0x90 [ 57.413940][ T5000] ? __lock_acquire+0x2000/0x2000 [ 57.418951][ T5000] ? lockdep_hardirqs_on+0x98/0x140 [ 57.424146][ T5000] ? __kmem_cache_free+0x264/0x3c0 [ 57.429243][ T5000] ? tomoyo_path_number_perm+0x663/0x840 [ 57.434866][ T5000] ? tomoyo_path_number_perm+0x6e4/0x840 [ 57.440578][ T5000] ? smack_log+0x123/0x540 [ 57.444986][ T5000] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 57.450434][ T5000] ? smk_access+0x4b0/0x4b0 [ 57.454929][ T5000] ? smk_access+0x477/0x4b0 [ 57.459446][ T5000] ? smk_tskacc+0x2ff/0x360 [ 57.463954][ T5000] ? smack_file_ioctl+0x2ee/0x390 [ 57.468986][ T5000] ? smack_file_alloc_security+0xe0/0xe0 [ 57.474657][ T5000] ? __fget_files+0x3cf/0x440 [ 57.479333][ T5000] ? bpf_lsm_file_ioctl+0x9/0x10 [ 57.484297][ T5000] ? security_file_ioctl+0x81/0xa0 [ 57.489417][ T5000] ? xfs_ioc_swapext+0x590/0x590 [ 57.494364][ T5000] __se_sys_ioctl+0xf1/0x160 [ 57.498962][ T5000] do_syscall_64+0x41/0xc0 [ 57.503386][ T5000] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.509292][ T5000] RIP: 0033:0x7fc886bade49 [ 57.513716][ T5000] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 57.533321][ T5000] RSP: 002b:00007fc87f738208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.541742][ T5000] RAX: ffffffffffffffda RBX: 00007fc886c3c7b8 RCX: 00007fc886bade49 [ 57.549705][ T5000] RDX: 0000000020000140 RSI: 00000000c0205826 RDI: 0000000000000005 [ 57.557668][ T5000] RBP: 00007fc886c3c7b0 R08: 00007fc87f738700 R09: 0000000000000000 [ 57.565627][ T5000] R10: 00007fc87f738700 R11: 0000000000000246 R12: 00007fc886c3c7bc [ 57.573592][ T5000] R13: 00007ffdc483022f R14: 00007fc87f738300 R15: 0000000000022000 [ 57.581557][ T5000] [ 57.584565][ T5000] [ 57.586877][ T5000] Allocated by task 4450: [ 57.591217][ T5000] kasan_set_track+0x4f/0x70 [ 57.595814][ T5000] __kasan_kmalloc+0x98/0xb0 [ 57.600502][ T5000] __kmalloc_node+0xb8/0x230 [ 57.605095][ T5000] kvmalloc_node+0x72/0x180 [ 57.609610][ T5000] simple_xattr_alloc+0x43/0xa0 [ 57.614461][ T5000] shmem_initxattrs+0x8e/0x1e0 [ 57.619226][ T5000] security_inode_init_security+0x2df/0x3f0 [ 57.625136][ T5000] shmem_mknod+0xba/0x1c0 [ 57.629475][ T5000] path_openat+0x13df/0x3170 [ 57.634054][ T5000] do_filp_open+0x234/0x490 [ 57.638550][ T5000] do_sys_openat2+0x13f/0x500 [ 57.643223][ T5000] __x64_sys_openat+0x247/0x290 [ 57.648066][ T5000] do_syscall_64+0x41/0xc0 [ 57.652473][ T5000] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.658366][ T5000] [ 57.660687][ T5000] The buggy address belongs to the object at ffff88801872aa00 [ 57.660687][ T5000] which belongs to the cache kmalloc-64 of size 64 [ 57.674590][ T5000] The buggy address is located 79 bytes to the right of [ 57.674590][ T5000] allocated 41-byte region [ffff88801872aa00, ffff88801872aa29) [ 57.689085][ T5000] [ 57.691486][ T5000] The buggy address belongs to the physical page: [ 57.697911][ T5000] page:ffffea000061ca80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1872a [ 57.708135][ T5000] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 57.715680][ T5000] page_type: 0xffffffff() [ 57.719994][ T5000] raw: 00fff00000000200 ffff888012441640 ffffea0000ad39c0 dead000000000002 [ 57.728566][ T5000] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 57.737321][ T5000] page dumped because: kasan: bad access detected [ 57.743805][ T5000] page_owner tracks the page as allocated [ 57.749508][ T5000] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 4439, tgid 4439 (S02sysctl), ts 15189537421, free_ts 15177747790 [ 57.767573][ T5000] post_alloc_hook+0x1e6/0x210 [ 57.772329][ T5000] get_page_from_freelist+0x321c/0x33a0 [ 57.777966][ T5000] __alloc_pages+0x255/0x670 [ 57.782572][ T5000] alloc_slab_page+0x6a/0x160 [ 57.787250][ T5000] new_slab+0x84/0x2f0 [ 57.791330][ T5000] ___slab_alloc+0xa85/0x10a0 [ 57.796006][ T5000] __kmem_cache_alloc_node+0x1b8/0x290 [ 57.801457][ T5000] kmalloc_trace+0x2a/0xe0 [ 57.805869][ T5000] load_elf_binary+0x1cdb/0x2830 [ 57.810819][ T5000] bprm_execve+0x90e/0x1740 [ 57.815319][ T5000] do_execveat_common+0x580/0x720 [ 57.820337][ T5000] __x64_sys_execve+0x92/0xa0 [ 57.825026][ T5000] do_syscall_64+0x41/0xc0 [ 57.829437][ T5000] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.835434][ T5000] page last free stack trace: [ 57.840122][ T5000] free_unref_page_prepare+0x903/0xa30 [ 57.845586][ T5000] free_unref_page_list+0x596/0x830 [ 57.850867][ T5000] release_pages+0x2193/0x2470 [ 57.855621][ T5000] tlb_flush_mmu+0x100/0x210 [ 57.860216][ T5000] tlb_finish_mmu+0xd4/0x1f0 [ 57.864820][ T5000] exit_mmap+0x3da/0xaf0 [ 57.869062][ T5000] __mmput+0x115/0x3c0 [ 57.873124][ T5000] exec_mmap+0x672/0x700 [ 57.877359][ T5000] begin_new_exec+0x665/0xf10 [ 57.882080][ T5000] load_elf_binary+0x95d/0x2830 [ 57.887037][ T5000] bprm_execve+0x90e/0x1740 [ 57.891546][ T5000] do_execveat_common+0x580/0x720 [ 57.896572][ T5000] __x64_sys_execve+0x92/0xa0 [ 57.901242][ T5000] do_syscall_64+0x41/0xc0 [ 57.905653][ T5000] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.911570][ T5000] [ 57.913887][ T5000] Memory state around the buggy address: [ 57.919505][ T5000] ffff88801872a900: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 57.927552][ T5000] ffff88801872a980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 57.935698][ T5000] >ffff88801872aa00: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 57.943745][ T5000] ^ [pid 4990] futex(0x7fc886c3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4989] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 57.951707][ T5000] ffff88801872aa80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 57.959768][ T5000] ffff88801872ab00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 57.967830][ T5000] ================================================================== [ 57.977353][ T5000] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 57.984585][ T5000] CPU: 0 PID: 5000 Comm: syz-executor294 Not tainted 6.3.0-syzkaller-12049-g58390c8ce1bd #0 [ 57.994662][ T5000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 58.004893][ T5000] Call Trace: [ 58.008270][ T5000] [ 58.011213][ T5000] dump_stack_lvl+0x1e7/0x2d0 [ 58.015900][ T5000] ? nf_tcp_handle_invalid+0x650/0x650 [ 58.021359][ T5000] ? panic+0x770/0x770 [ 58.025419][ T5000] ? preempt_schedule_common+0x83/0xc0 [ 58.030870][ T5000] ? vscnprintf+0x5d/0x80 [ 58.035186][ T5000] panic+0x30f/0x770 [ 58.039152][ T5000] ? check_panic_on_warn+0x21/0xa0 [ 58.044346][ T5000] ? __memcpy_flushcache+0x2b0/0x2b0 [ 58.049626][ T5000] ? _raw_spin_unlock_irqrestore+0x12c/0x140 [ 58.055590][ T5000] ? _raw_spin_unlock+0x40/0x40 [ 58.060420][ T5000] ? print_report+0x4fb/0x540 [ 58.065098][ T5000] check_panic_on_warn+0x82/0xa0 [ 58.070026][ T5000] ? xfs_getbmap+0x1c06/0x1c90 [ 58.074861][ T5000] end_report+0x63/0x110 [ 58.079265][ T5000] kasan_report+0x183/0x1b0 [ 58.083804][ T5000] ? xfs_getbmap+0x1c06/0x1c90 [ 58.088657][ T5000] xfs_getbmap+0x1c06/0x1c90 [ 58.093267][ T5000] ? xfs_bmap_count_blocks+0x5f0/0x5f0 [ 58.098718][ T5000] ? kvmalloc_node+0x72/0x180 [ 58.103379][ T5000] ? rcu_is_watching+0x15/0xb0 [ 58.108127][ T5000] ? kvmalloc_node+0x72/0x180 [ 58.112788][ T5000] ? __kmalloc_node+0xe8/0x230 [ 58.117537][ T5000] ? xfs_ioc_getbmap+0x152/0x7a0 [ 58.122474][ T5000] xfs_ioc_getbmap+0x243/0x7a0 [ 58.127225][ T5000] ? xfs_ioc_fsgetxattra+0x100/0x100 [ 58.132496][ T5000] ? tomoyo_path_number_perm+0x663/0x840 [ 58.138114][ T5000] ? ____kasan_slab_free+0xd6/0x120 [ 58.143297][ T5000] ? __kmem_cache_free+0x264/0x3c0 [ 58.148408][ T5000] ? tomoyo_path_number_perm+0x663/0x840 [ 58.154038][ T5000] ? security_file_ioctl+0x71/0xa0 [ 58.159135][ T5000] ? __se_sys_ioctl+0x47/0x160 [ 58.163885][ T5000] ? do_syscall_64+0x41/0xc0 [ 58.168462][ T5000] xfs_file_ioctl+0xbf5/0x16a0 [ 58.173212][ T5000] ? xfs_ioc_swapext+0x590/0x590 [ 58.178155][ T5000] ? mark_lock+0x9a/0x340 [ 58.182471][ T5000] ? do_vfs_ioctl+0x1c28/0x2b10 [ 58.187306][ T5000] ? __x64_compat_sys_ioctl+0x90/0x90 [ 58.192664][ T5000] ? __lock_acquire+0x2000/0x2000 [ 58.197677][ T5000] ? lockdep_hardirqs_on+0x98/0x140 [ 58.202871][ T5000] ? __kmem_cache_free+0x264/0x3c0 [ 58.207964][ T5000] ? tomoyo_path_number_perm+0x663/0x840 [ 58.213582][ T5000] ? tomoyo_path_number_perm+0x6e4/0x840 [ 58.219202][ T5000] ? smack_log+0x123/0x540 [ 58.223604][ T5000] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 58.229051][ T5000] ? smk_access+0x4b0/0x4b0 [ 58.233570][ T5000] ? smk_access+0x477/0x4b0 [ 58.238184][ T5000] ? smk_tskacc+0x2ff/0x360 [ 58.243049][ T5000] ? smack_file_ioctl+0x2ee/0x390 [ 58.248107][ T5000] ? smack_file_alloc_security+0xe0/0xe0 [ 58.253740][ T5000] ? __fget_files+0x3cf/0x440 [ 58.258412][ T5000] ? bpf_lsm_file_ioctl+0x9/0x10 [ 58.263361][ T5000] ? security_file_ioctl+0x81/0xa0 [ 58.268461][ T5000] ? xfs_ioc_swapext+0x590/0x590 [ 58.273395][ T5000] __se_sys_ioctl+0xf1/0x160 [ 58.278036][ T5000] do_syscall_64+0x41/0xc0 [ 58.282529][ T5000] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.288495][ T5000] RIP: 0033:0x7fc886bade49 [ 58.292892][ T5000] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.312484][ T5000] RSP: 002b:00007fc87f738208 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 58.320985][ T5000] RAX: ffffffffffffffda RBX: 00007fc886c3c7b8 RCX: 00007fc886bade49 [ 58.328942][ T5000] RDX: 0000000020000140 RSI: 00000000c0205826 RDI: 0000000000000005 [ 58.336894][ T5000] RBP: 00007fc886c3c7b0 R08: 00007fc87f738700 R09: 0000000000000000 [ 58.344848][ T5000] R10: 00007fc87f738700 R11: 0000000000000246 R12: 00007fc886c3c7bc [ 58.352801][ T5000] R13: 00007ffdc483022f R14: 00007fc87f738300 R15: 0000000000022000 [ 58.360761][ T5000] [ 58.364004][ T5000] Kernel Offset: disabled [ 58.368347][ T5000] Rebooting in 86400 seconds..