./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor898050093
<...>
t(1695395781.570:64): avc: denied { rlimitinh } for pid=222 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 12.098061][ T30] audit: type=1400 audit(1695395781.570:65): avc: denied { siginh } for pid=222 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 13.392773][ T224] sshd (224) used greatest stack depth: 20312 bytes left
Warning: Permanently added '10.128.0.242' (ED25519) to the list of known hosts.
execve("./syz-executor898050093", ["./syz-executor898050093"], 0x7ffef22e6040 /* 10 vars */) = 0
brk(NULL) = 0x55555601f000
brk(0x55555601fd00) = 0x55555601fd00
arch_prctl(ARCH_SET_FS, 0x55555601f380) = 0
set_tid_address(0x55555601f650) = 291
set_robust_list(0x55555601f660, 24) = 0
rseq(0x55555601fca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor898050093", 4096) = 27
getrandom("\xf4\x84\x96\x61\x01\x96\xb1\xb0", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555601fd00
brk(0x555556040d00) = 0x555556040d00
brk(0x555556041000) = 0x555556041000
mprotect(0x7fb972efe000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.THjtyP", 0700) = 0
chmod("./syzkaller.THjtyP", 0777) = 0
chdir("./syzkaller.THjtyP") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555601f650) = 292
./strace-static-x86_64: Process 292 attached
[pid 292] set_robust_list(0x55555601f660, 24) = 0
[pid 292] chdir("./0") = 0
[pid 292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 292] setpgid(0, 0) = 0
[pid 292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 292] write(3, "1000", 4) = 4
[pid 292] close(3) = 0
[pid 292] symlink("/dev/binderfs", "./binderfs") = 0
[ 20.894057][ T30] audit: type=1400 audit(1695395790.370:66): avc: denied { execmem } for pid=291 comm="syz-executor898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 20.916298][ T30] audit: type=1400 audit(1695395790.380:67): avc: denied { read write } for pid=291 comm="syz-executor898" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid 292] memfd_create("syzkaller", 0) = 3
[pid 292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb96aa4b000
[pid 292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 292] munmap(0x7fb96aa4b000, 262144) = 0
[pid 292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 292] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 292] close(3) = 0
[pid 292] mkdir("./file1", 0777) = 0
[ 20.940995][ T30] audit: type=1400 audit(1695395790.380:68): avc: denied { open } for pid=291 comm="syz-executor898" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 20.945029][ T292] loop0: detected capacity change from 0 to 512
[ 20.965915][ T30] audit: type=1400 audit(1695395790.380:69): avc: denied { ioctl } for pid=291 comm="syz-executor898" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 20.997721][ T30] audit: type=1400 audit(1695395790.450:70): avc: denied { mounton } for pid=292 comm="syz-executor898" path="/root/syzkaller.THjtyP/0/file1" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 21.008642][ T292] EXT4-fs (loop0): 1 orphan inode deleted
[ 21.029248][ T292] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[pid 292] mount("/dev/loop0", "./file1", "ext4", MS_REC, ",errors=continue") = 0
[pid 292] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 292] chdir("./file1") = 0
[pid 292] ioctl(4, LOOP_CLR_FD) = 0
[pid 292] close(4) = 0
[ 21.040251][ T30] audit: type=1400 audit(1695395790.520:71): avc: denied { mount } for pid=292 comm="syz-executor898" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 21.040273][ T292] ext4 filesystem being mounted at /root/syzkaller.THjtyP/0/file1 supports timestamps until 2038 (0x7fffffff)
[pid 292] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 292] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5
[pid 292] ftruncate(5, 33587195) = 0
[pid 292] sendfile(4, 5, NULL, 281474978811912) = 167936
[pid 292] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 292] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME, 000) = 6
[pid 292] write(6, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 28) = 28
[pid 292] sendfile(6, 6, [0] => [32767], 32767) = 32767
[pid 292] sendfile(6, 6, [32767] => [65534], 32767) = 32767
[pid 292] sendfile(6, 6, [65534] => [98301], 32767) = 32767
[pid 292] sendfile(6, 6, [98301] => [131068], 32767) = 32767
[pid 292] sendfile(6, 6, [131068] => [163835], 32767) = 32767
[pid 292] sendfile(6, 6, [163835] => [196602], 32767) = 32767
[pid 292] sendfile(6, 6, [196602] => [229369], 32767) = 32767
[pid 292] sendfile(6, 6, [229369] => [262116], 32767) = 32747
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 292] exit_group(0) = ?
[ 21.079188][ T30] audit: type=1400 audit(1695395790.560:72): avc: denied { write } for pid=292 comm="syz-executor898" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 21.101195][ T30] audit: type=1400 audit(1695395790.560:73): avc: denied { add_name } for pid=292 comm="syz-executor898" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 21.106301][ T292] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm syz-executor898: Invalid block bitmap block 0 in block_group 0
[pid 292] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=292, si_uid=0, si_status=0, si_utime=0, si_stime=12} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560206f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 21.121831][ T30] audit: type=1400 audit(1695395790.560:74): avc: denied { create } for pid=292 comm="syz-executor898" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 21.155623][ T30] audit: type=1400 audit(1695395790.560:75): avc: denied { read write open } for pid=292 comm="syz-executor898" path="/root/syzkaller.THjtyP/0/file1/bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 21.181106][ T292] EXT4-fs error (device loop0): ext4_discard_preallocations:5102: comm syz-executor898: Error -117 reading block bitmap for 0
unlink("./0/binderfs") = 0
[ 21.197457][ T8] ==================================================================
[ 21.205327][ T8] BUG: KASAN: use-after-free in ext4_find_extent+0xbab/0xdb0
[ 21.212528][ T8] Read of size 4 at addr ffff88811a234058 by task kworker/u4:0/8
[ 21.220091][ T8]
[ 21.222244][ T8] CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0
[ 21.231878][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 21.241863][ T8] Workqueue: writeback wb_workfn (flush-7:0)
[ 21.247675][ T8] Call Trace:
[ 21.250800][ T8]
[ 21.253581][ T8] dump_stack_lvl+0x151/0x1b7
[ 21.258095][ T8] ? io_uring_drop_tctx_refs+0x190/0x190
[ 21.263560][ T8] ? __wake_up_klogd+0xd5/0x110
[ 21.268243][ T8] ? panic+0x751/0x751
[ 21.272152][ T8] print_address_description+0x87/0x3b0
[ 21.277531][ T8] kasan_report+0x179/0x1c0
[ 21.281870][ T8] ? __read_extent_tree_block+0x1e0/0x7b0
[ 21.287430][ T8] ? ext4_find_extent+0xbab/0xdb0
[ 21.292288][ T8] ? ext4_find_extent+0xbab/0xdb0
[ 21.297152][ T8] __asan_report_load4_noabort+0x14/0x20
[ 21.302617][ T8] ext4_find_extent+0xbab/0xdb0
[ 21.307302][ T8] ext4_ext_map_blocks+0x254/0x7250
[ 21.312348][ T8] ? __kasan_check_write+0x14/0x20
[ 21.317285][ T8] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 21.322589][ T8] ? ret_from_fork+0x1f/0x30
[ 21.327098][ T8] ? stack_trace_snprint+0xf0/0xf0
[ 21.332063][ T8] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 21.337685][ T8] ? __stack_depot_save+0x40d/0x470
[ 21.342715][ T8] ? ext4_ext_release+0x10/0x10
[ 21.347402][ T8] ? __kasan_slab_alloc+0xc3/0xe0
[ 21.352261][ T8] ? __kasan_slab_alloc+0xb1/0xe0
[ 21.357125][ T8] ? slab_post_alloc_hook+0x53/0x2c0
[ 21.362251][ T8] ? kmem_cache_alloc+0xf5/0x200
[ 21.367019][ T8] ? ext4_alloc_io_end_vec+0x2a/0x170
[ 21.372485][ T8] ? ext4_writepages+0x13b4/0x4000
[ 21.377440][ T8] ? do_writepages+0x40e/0x670
[ 21.382032][ T8] ? __writeback_single_inode+0xdf/0xa70
[ 21.387499][ T8] ? writeback_sb_inodes+0xb2e/0x1910
[ 21.392717][ T8] ? wb_writeback+0x3b9/0x9e0
[ 21.397223][ T8] ? wb_workfn+0x3d9/0x1110
[ 21.401561][ T8] ? process_one_work+0x6bb/0xc10
[ 21.406421][ T8] ? worker_thread+0xad5/0x12a0
[ 21.411108][ T8] ? kthread+0x421/0x510
[ 21.415189][ T8] ? ret_from_fork+0x1f/0x30
[ 21.419617][ T8] ? _raw_read_unlock+0x25/0x40
[ 21.424302][ T8] ? ext4_es_lookup_extent+0x33b/0x940
[ 21.429596][ T8] ext4_map_blocks+0xaa7/0x1e00
[ 21.434285][ T8] ? ext4_alloc_io_end_vec+0x2a/0x170
[ 21.439492][ T8] ? ext4_issue_zeroout+0x250/0x250
[ 21.444525][ T8] ? ext4_inode_journal_mode+0x1a5/0x470
[ 21.449995][ T8] ext4_writepages+0x1628/0x4000
[ 21.454770][ T8] ? ext4_readpage+0x230/0x230
[ 21.459376][ T8] ? __kasan_check_read+0x11/0x20
[ 21.464232][ T8] ? shmem_getpage_gfp+0x21cd/0x23c0
[ 21.469347][ T8] ? copy_page_from_iter_atomic+0x7fd/0x10e0
[ 21.475166][ T8] ? update_curr+0x391/0x5e0
[ 21.479591][ T8] ? ext4_readpage+0x230/0x230
[ 21.484190][ T8] do_writepages+0x40e/0x670
[ 21.488622][ T8] ? __writepage+0x130/0x130
[ 21.493043][ T8] ? sched_group_set_idle+0x640/0x640
[ 21.498254][ T8] ? sched_clock_cpu+0x18/0x3b0
[ 21.502937][ T8] __writeback_single_inode+0xdf/0xa70
[ 21.508234][ T8] writeback_sb_inodes+0xb2e/0x1910
[ 21.513286][ T8] ? sched_task_on_rq+0x40/0x50
[ 21.517953][ T8] ? queue_io+0x520/0x520
[ 21.522120][ T8] ? __writeback_inodes_wb+0x3f0/0x3f0
[ 21.527413][ T8] ? queue_io+0x3d0/0x520
[ 21.531580][ T8] wb_writeback+0x3b9/0x9e0
[ 21.535921][ T8] ? inode_cgwb_move_to_attached+0x3c0/0x3c0
[ 21.541735][ T8] ? set_worker_desc+0x158/0x1c0
[ 21.546505][ T8] ? __update_load_avg_cfs_rq+0xb1/0x2f0
[ 21.551974][ T8] ? __kasan_check_write+0x14/0x20
[ 21.556923][ T8] wb_workfn+0x3d9/0x1110
[ 21.561091][ T8] ? inode_wait_for_writeback+0x280/0x280
[ 21.566646][ T8] ? sched_clock+0x9/0x10
[ 21.570812][ T8] ? _raw_spin_unlock+0x4d/0x70
[ 21.575503][ T8] ? finish_task_switch+0x167/0x7b0
[ 21.580532][ T8] ? __kasan_check_read+0x11/0x20
[ 21.585391][ T8] ? read_word_at_a_time+0x12/0x20
[ 21.590862][ T8] ? strscpy+0x9c/0x260
[ 21.594853][ T8] process_one_work+0x6bb/0xc10
[ 21.599542][ T8] worker_thread+0xad5/0x12a0
[ 21.604054][ T8] kthread+0x421/0x510
[ 21.607959][ T8] ? worker_clr_flags+0x180/0x180
[ 21.612821][ T8] ? kthread_blkcg+0xd0/0xd0
[ 21.617245][ T8] ret_from_fork+0x1f/0x30
[ 21.621501][ T8]
[ 21.624361][ T8]
[ 21.626532][ T8] The buggy address belongs to the page:
[ 21.632003][ T8] page:ffffea0004688d00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11a234
[ 21.642068][ T8] flags: 0x4000000000000000(zone=1)
[ 21.647106][ T8] raw: 4000000000000000 ffffea0004688cc8 ffffea0004688588 0000000000000000
[ 21.655613][ T8] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 21.664030][ T8] page dumped because: kasan: bad access detected
[ 21.670287][ T8] page_owner tracks the page as freed
[ 21.675481][ T8] page last allocated via order 0, migratetype Movable, gfp_mask 0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 235, ts 15347230371, free_ts 15359232221
[ 21.690674][ T8] post_alloc_hook+0x1a3/0x1b0
[ 21.695282][ T8] prep_new_page+0x1b/0x110
[ 21.699622][ T8] get_page_from_freelist+0x3550/0x35d0
[ 21.704993][ T8] __alloc_pages+0x206/0x5e0
[ 21.709429][ T8] handle_pte_fault+0xe1f/0x2340
[ 21.714285][ T8] do_handle_mm_fault+0x1fed/0x2330
[ 21.719314][ T8] exc_page_fault+0x3b5/0x830
[ 21.723826][ T8] asm_exc_page_fault+0x27/0x30
[ 21.728552][ T8] page last free stack trace:
[ 21.733027][ T8] free_unref_page_prepare+0x7c8/0x7d0
[ 21.738322][ T8] free_unref_page_list+0x14b/0xa60
[ 21.743356][ T8] release_pages+0x1310/0x1370
[ 21.747957][ T8] free_pages_and_swap_cache+0x8a/0xa0
[ 21.753251][ T8] tlb_finish_mmu+0x177/0x320
[ 21.757772][ T8] exit_mmap+0x3ef/0x6f0
[ 21.761843][ T8] __mmput+0x95/0x310
[ 21.765661][ T8] mmput+0x5b/0x170
[ 21.769314][ T8] do_exit+0xbb4/0x2b60
[ 21.773298][ T8] do_group_exit+0x141/0x310
[ 21.777726][ T8] __x64_sys_exit_group+0x3f/0x40
[ 21.782587][ T8] do_syscall_64+0x3d/0xb0
[ 21.786838][ T8] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 21.792571][ T8]
[ 21.794736][ T8] Memory state around the buggy address:
[ 21.800209][ T8] ffff88811a233f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 21.808218][ T8] ffff88811a233f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 21.816123][ T8] >ffff88811a234000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 21.824015][ T8] ^
[ 21.830787][ T8] ffff88811a234080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 21.838685][ T8] ffff88811a234100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 21.846707][ T8] ==================================================================
[ 21.854602][ T8] Disabling lock debugging due to kernel taint
[ 21.860790][ T8] EXT4-fs error (device loop0): ext4_map_blocks:716: inode #16: block 79475419405449: comm kworker/u4:0: lblock 0 mapped to illegal pblock 79475419405449 (length 23)
[ 21.880184][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 23 with error 117
[ 21.892438][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 21.892438][ T8]
[ 21.902908][ T291] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5820: Corrupt filesystem
[ 21.912371][ T291] EXT4-fs error (device loop0): ext4_quota_off:6464: inode #3: comm syz-executor898: mark_inode_dirty error
umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556028730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556028730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file1") = 0
getdents64(3, 0x5555560206f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555601f650) = 299
./strace-static-x86_64: Process 299 attached
[pid 299] set_robust_list(0x55555601f660, 24) = 0
[pid 299] chdir("./1") = 0
[pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 299] setpgid(0, 0) = 0
[pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 299] write(3, "1000", 4) = 4
[pid 299] close(3) = 0
[pid 299] symlink("/dev/binderfs", "./binderfs") = 0
[pid 299] memfd_create("syzkaller", 0) = 3
[pid 299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb96aa4b000
[pid 299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 299] munmap(0x7fb96aa4b000, 262144) = 0
[pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 299] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 299] close(3) = 0
[pid 299] mkdir("./file1", 0777) = 0
[pid 299] mount("/dev/loop0", "./file1", "ext4", MS_REC, ",errors=continue") = 0
[pid 299] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 299] chdir("./file1") = 0
[pid 299] ioctl(4, LOOP_CLR_FD) = 0
[pid 299] close(4) = 0
[pid 299] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 299] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5
[pid 299] ftruncate(5, 33587195) = 0
[pid 299] sendfile(4, 5, NULL, 281474978811912) = 167936
[pid 299] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 299] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME, 000) = 6
[pid 299] write(6, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 28) = 28
[pid 299] sendfile(6, 6, [0] => [32767], 32767) = 32767
[pid 299] sendfile(6, 6, [32767] => [65534], 32767) = 32767
[pid 299] sendfile(6, 6, [65534] => [98301], 32767) = 32767
[pid 299] sendfile(6, 6, [98301] => [131068], 32767) = 32767
[pid 299] sendfile(6, 6, [131068] => [163835], 32767) = 32767
[pid 299] sendfile(6, 6, [163835] => [196602], 32767) = 32767
[pid 299] sendfile(6, 6, [196602] => [229369], 32767) = 32767
[pid 299] sendfile(6, 6, [229369] => [262116], 32767) = 32747
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 299] exit_group(0) = ?
[ 21.990752][ T299] loop0: detected capacity change from 0 to 512
[ 22.007862][ T299] EXT4-fs (loop0): 1 orphan inode deleted
[ 22.013451][ T299] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 22.024489][ T299] ext4 filesystem being mounted at /root/syzkaller.THjtyP/1/file1 supports timestamps until 2038 (0x7fffffff)
[pid 299] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560206f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
[ 22.065428][ T299] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm syz-executor898: Invalid block bitmap block 0 in block_group 0
[ 22.079319][ T299] EXT4-fs error (device loop0): ext4_discard_preallocations:5102: comm syz-executor898: Error -117 reading block bitmap for 0
[ 22.094879][ T298] EXT4-fs error (device loop0): ext4_map_blocks:716: inode #16: comm kworker/u4:3: lblock 0 mapped to illegal pblock 0 (length 23)
[ 22.108383][ T298] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 23 with error 117
[ 22.120629][ T298] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 22.120629][ T298]
[ 22.131251][ T291] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5820: Corrupt filesystem
[ 22.140615][ T291] EXT4-fs error (device loop0): ext4_quota_off:6464: inode #3: comm syz-executor898: mark_inode_dirty error
umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556028730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556028730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file1") = 0
getdents64(3, 0x5555560206f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555601f650) = 303
./strace-static-x86_64: Process 303 attached
[pid 303] set_robust_list(0x55555601f660, 24) = 0
[pid 303] chdir("./2") = 0
[pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 303] setpgid(0, 0) = 0
[pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 303] write(3, "1000", 4) = 4
[pid 303] close(3) = 0
[pid 303] symlink("/dev/binderfs", "./binderfs") = 0
[pid 303] memfd_create("syzkaller", 0) = 3
[pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb96aa4b000
[pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 303] munmap(0x7fb96aa4b000, 262144) = 0
[pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 303] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 303] close(3) = 0
[pid 303] mkdir("./file1", 0777) = 0
[pid 303] mount("/dev/loop0", "./file1", "ext4", MS_REC, ",errors=continue") = 0
[pid 303] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 303] chdir("./file1") = 0
[pid 303] ioctl(4, LOOP_CLR_FD) = 0
[pid 303] close(4) = 0
[pid 303] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 303] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5
[pid 303] ftruncate(5, 33587195) = 0
[pid 303] sendfile(4, 5, NULL, 281474978811912) = 167936
[pid 303] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 303] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME, 000) = 6
[pid 303] write(6, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 28) = 28
[pid 303] sendfile(6, 6, [0] => [32767], 32767) = 32767
[pid 303] sendfile(6, 6, [32767] => [65534], 32767) = 32767
[pid 303] sendfile(6, 6, [65534] => [98301], 32767) = 32767
[pid 303] sendfile(6, 6, [98301] => [131068], 32767) = 32767
[pid 303] sendfile(6, 6, [131068] => [163835], 32767) = 32767
[pid 303] sendfile(6, 6, [163835] => [196602], 32767) = 32767
[pid 303] sendfile(6, 6, [196602] => [229369], 32767) = 32767
[pid 303] sendfile(6, 6, [229369] => [262116], 32767) = 32747
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] sendfile(6, 6, [262116], 32767) = -1 ENOSPC (No space left on device)
[pid 303] exit_group(0) = ?
[ 22.236827][ T303] loop0: detected capacity change from 0 to 512
[ 22.248056][ T303] EXT4-fs (loop0): 1 orphan inode deleted
[ 22.253630][ T303] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 22.264653][ T303] ext4 filesystem being mounted at /root/syzkaller.THjtyP/2/file1 supports timestamps until 2038 (0x7fffffff)
[pid 303] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560206f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
[ 22.301757][ T303] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm syz-executor898: Invalid block bitmap block 0 in block_group 0
[ 22.315854][ T303] EXT4-fs error (device loop0): ext4_discard_preallocations:5102: comm syz-executor898: Error -117 reading block bitmap for 0
[ 22.331577][ T8] ------------[ cut here ]------------
[ 22.336910][ T8] kernel BUG at fs/ext4/inode.c:2421!
[ 22.342056][ T8] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 22.347950][ T8] CPU: 0 PID: 8 Comm: kworker/u4:0 Tainted: G B 5.15.131-syzkaller-00653-gea586874d2f9 #0
[ 22.358970][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 22.368866][ T8] Workqueue: writeback wb_workfn (flush-7:0)
[ 22.374680][ T8] RIP: 0010:ext4_writepages+0x3f4b/0x4000
[ 22.380236][ T8] Code: 00 74 08 48 89 df e8 44 f4 c9 ff 48 8b 3b 48 8b 74 24 48 48 8b 54 24 28 44 89 e9 45 89 f8 e8 8c 27 08 00 eb 58 e8 85 08 88 ff <0f> 0b e8 7e 08 88 ff eb 3b e8 77 08 88 ff eb 72 e8 70 08 88 ff 31
[ 22.399690][ T8] RSP: 0018:ffffc90000087000 EFLAGS: 00010293
[ 22.405580][ T8] RAX: ffffffff81e7ecfb RBX: dffffc0000000000 RCX: ffff888100263b40
[ 22.413391][ T8] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 22.421205][ T8] RBP: ffffc90000087410 R08: ffffffff81e7c6bb R09: ffffed10217c8541
[ 22.429099][ T8] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[ 22.436910][ T8] R13: ffffc900000872e0 R14: 0000000000000000 R15: 0000000000000000
[ 22.444723][ T8] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 22.453492][ T8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 22.459913][ T8] CR2: 00005555560286f8 CR3: 000000011de72000 CR4: 00000000003506b0
[ 22.467728][ T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 22.475533][ T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 22.483347][ T8] Call Trace:
[ 22.486473][ T8]
[ 22.489252][ T8] ? __die_body+0x62/0xb0
[ 22.493416][ T8] ? die+0x88/0xb0
[ 22.496973][ T8] ? do_trap+0x103/0x330
[ 22.501054][ T8] ? ext4_writepages+0x3f4b/0x4000
[ 22.506000][ T8] ? handle_invalid_op+0x95/0xc0
[ 22.510772][ T8] ? ext4_writepages+0x3f4b/0x4000
[ 22.515994][ T8] ? exc_invalid_op+0x32/0x50
[ 22.520494][ T8] ? asm_exc_invalid_op+0x1b/0x20
[ 22.525354][ T8] ? ext4_writepages+0x190b/0x4000
[ 22.530301][ T8] ? ext4_writepages+0x3f4b/0x4000
[ 22.535248][ T8] ? ext4_writepages+0x3f4b/0x4000
[ 22.540201][ T8] ? ext4_readpage+0x230/0x230
[ 22.544797][ T8] ? __kasan_check_read+0x11/0x20
[ 22.549657][ T8] ? shmem_getpage_gfp+0x21cd/0x23c0
[ 22.554777][ T8] ? copy_page_from_iter_atomic+0x7fd/0x10e0
[ 22.560596][ T8] ? update_curr+0x391/0x5e0
[ 22.565020][ T8] ? ext4_readpage+0x230/0x230
[ 22.569630][ T8] do_writepages+0x40e/0x670
[ 22.574049][ T8] ? __writepage+0x130/0x130
[ 22.578484][ T8] ? sched_group_set_idle+0x640/0x640
[ 22.583679][ T8] ? sched_clock_cpu+0x18/0x3b0
[ 22.588368][ T8] __writeback_single_inode+0xdf/0xa70
[ 22.593664][ T8] writeback_sb_inodes+0xb2e/0x1910
[ 22.598695][ T8] ? sched_task_on_rq+0x40/0x50
[ 22.603397][ T8] ? queue_io+0x520/0x520
[ 22.607547][ T8] ? __writeback_inodes_wb+0x3f0/0x3f0
[ 22.612843][ T8] ? queue_io+0x3d0/0x520
[ 22.617095][ T8] wb_writeback+0x3b9/0x9e0
[ 22.621439][ T8] ? inode_cgwb_move_to_attached+0x3c0/0x3c0
[ 22.627250][ T8] ? set_worker_desc+0x158/0x1c0
[ 22.632025][ T8] ? __update_load_avg_cfs_rq+0xb1/0x2f0
[ 22.637492][ T8] ? __kasan_check_write+0x14/0x20
[ 22.642442][ T8] wb_workfn+0x3d9/0x1110
[ 22.646608][ T8] ? inode_wait_for_writeback+0x280/0x280
[ 22.652160][ T8] ? sched_clock+0x9/0x10
[ 22.656333][ T8] ? _raw_spin_unlock+0x4d/0x70
[ 22.661014][ T8] ? finish_task_switch+0x167/0x7b0
[ 22.666051][ T8] ? __kasan_check_read+0x11/0x20
[ 22.670910][ T8] ? read_word_at_a_time+0x12/0x20
[ 22.675856][ T8] ? strscpy+0x9c/0x260
[ 22.679848][ T8] process_one_work+0x6bb/0xc10
[ 22.684537][ T8] worker_thread+0xad5/0x12a0
[ 22.689052][ T8] kthread+0x421/0x510
[ 22.692958][ T8] ? worker_clr_flags+0x180/0x180
[ 22.697818][ T8] ? kthread_blkcg+0xd0/0xd0
[ 22.702243][ T8] ret_from_fork+0x1f/0x30
[ 22.706494][ T8]
[ 22.709358][ T8] Modules linked in:
[ 22.713192][ T8] ---[ end trace 8a6cd6bc4a726ba4 ]---
[ 22.718428][ T8] RIP: 0010:ext4_writepages+0x3f4b/0x4000
[ 22.723939][ T8] Code: 00 74 08 48 89 df e8 44 f4 c9 ff 48 8b 3b 48 8b 74 24 48 48 8b 54 24 28 44 89 e9 45 89 f8 e8 8c 27 08 00 eb 58 e8 85 08 88 ff <0f> 0b e8 7e 08 88 ff eb 3b e8 77 08 88 ff eb 72 e8 70 08 88 ff 31
[ 22.743440][ T8] RSP: 0018:ffffc90000087000 EFLAGS: 00010293
[ 22.749302][ T8] RAX: ffffffff81e7ecfb RBX: dffffc0000000000 RCX: ffff888100263b40
[ 22.757147][ T8] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 22.764912][ T8] RBP: ffffc90000087410 R08: ffffffff81e7c6bb R09: ffffed10217c8541
[ 22.772762][ T8] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[ 22.780604][ T8] R13: ffffc900000872e0 R14: 0000000000000000 R15: 0000000000000000
[ 22.788481][ T8] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 22.797308][ T8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 22.803628][ T8] CR2: 00005555560286f8 CR3: 000000010c4ed000 CR4: 00000000003506b0
[ 22.811554][ T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 22.819278][ T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 22.827086][ T8] Kernel panic - not syncing: Fatal exception
[ 22.833124][ T8] Kernel Offset: disabled
[ 22.837247][ T8] Rebooting in 86400 seconds..