./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor861056052 <...> Warning: Permanently added '10.128.1.46' (ECDSA) to the list of known hosts. execve("./syz-executor861056052", ["./syz-executor861056052"], 0x7ffdcc068040 /* 10 vars */) = 0 brk(NULL) = 0x555556c10000 brk(0x555556c10c40) = 0x555556c10c40 arch_prctl(ARCH_SET_FS, 0x555556c10300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor861056052", 4096) = 27 brk(0x555556c31c40) = 0x555556c31c40 brk(0x555556c32000) = 0x555556c32000 mprotect(0x7fa360711000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 ftruncate(3, 2097152) = 0 pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 close(3) = 0 chdir("./file0") = 0 creat("./bus", 000) = 3 open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 openat(AT_FDCWD, "/proc/self/exe", O_RDONLY) = 6 syzkaller login: [ 51.105359][ T3599] loop0: detected capacity change from 0 to 4096 [ 51.121637][ T3599] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. sendfile(4, 6, NULL, 2147483663) = 851968 ftruncate(3, 1) = 0 open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME, 000) = 7 [ 51.142428][ T27] audit: type=1800 audit(1659763023.685:2): pid=3599 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor861" name="bus" dev="loop0" ino=17 res=0 errno=0 [ 51.170890][ T3599] ------------[ cut here ]------------ [ 51.176575][ T3599] kernel BUG at fs/ext4/inode.c:2722! [ 51.182012][ T3599] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 51.188087][ T3599] CPU: 1 PID: 3599 Comm: syz-executor861 Not tainted 5.19.0-rc4-next-20220628-syzkaller #0 [ 51.198046][ T3599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 51.208084][ T3599] RIP: 0010:ext4_writepages+0x23d0/0x3b60 [ 51.213797][ T3599] Code: e1 be 00 10 00 00 4c 89 ef 48 d3 ee ba 01 00 00 00 e8 d4 22 fe ff 83 c0 01 89 84 24 bc 00 00 00 e9 42 e5 ff ff e8 f0 3b 60 ff <0f> 0b e8 e9 3b 60 ff 44 0f b6 a4 24 e3 00 00 00 89 5c 24 08 e9 e9 [ 51.233397][ T3599] RSP: 0018:ffffc90002eff4b0 EFLAGS: 00010293 [ 51.239510][ T3599] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 51.247485][ T3599] RDX: ffff888020b23a80 RSI: ffffffff821a7b20 RDI: 0000000000000007 [ 51.255453][ T3599] RBP: ffff888072c43c80 R08: 0000000000000007 R09: 0000000000000000 [ 51.263440][ T3599] R10: 0000000000000001 R11: 1ffffffff1fc7c2c R12: 0000000000000001 [ 51.271407][ T3599] R13: ffff888072c43ee0 R14: ffffc90002effa00 R15: ffff888022f30000 [ 51.279381][ T3599] FS: 0000555556c10300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 51.288325][ T3599] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.294902][ T3599] CR2: 00000000004571f0 CR3: 000000007e8c0000 CR4: 00000000003506e0 [ 51.302866][ T3599] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.310828][ T3599] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.318796][ T3599] Call Trace: [ 51.322077][ T3599] [ 51.325003][ T3599] ? userns_owner+0x40/0x40 [ 51.329530][ T3599] ? find_held_lock+0x2d/0x110 [ 51.334296][ T3599] ? __lock_acquire+0x163e/0x5660 [ 51.339313][ T3599] ? __ext4_mark_inode_dirty+0x8d0/0x8d0 [ 51.344947][ T3599] ? __brelse+0x84/0xa0 [ 51.349096][ T3599] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 51.355064][ T3599] ? mark_lock.part.0+0xee/0x1910 [ 51.360084][ T3599] ? find_held_lock+0x2d/0x110 [ 51.364840][ T3599] ? do_writepages+0x50b/0x690 [ 51.369590][ T3599] ? lock_downgrade+0x6e0/0x6e0 [ 51.374432][ T3599] ? do_raw_spin_lock+0x120/0x2a0 [ 51.379460][ T3599] ? rwlock_bug.part.0+0x90/0x90 [ 51.384397][ T3599] ? balance_dirty_pages+0x1872/0x2890 [ 51.389860][ T3599] ? __ext4_mark_inode_dirty+0x8d0/0x8d0 [ 51.395485][ T3599] do_writepages+0x1ab/0x690 [ 51.400083][ T3599] ? writeback_set_ratelimit+0x150/0x150 [ 51.405712][ T3599] ? wbc_attach_and_unlock_inode+0x449/0x8d0 [ 51.411700][ T3599] ? lock_downgrade+0x6e0/0x6e0 [ 51.416546][ T3599] ? lock_release+0x780/0x780 [ 51.421212][ T3599] ? do_raw_spin_unlock+0x171/0x230 [ 51.426403][ T3599] ? _raw_spin_unlock+0x24/0x40 [ 51.431334][ T3599] ? wbc_attach_and_unlock_inode+0x49f/0x8d0 [ 51.437345][ T3599] filemap_fdatawrite_wbc+0x143/0x1b0 [ 51.442713][ T3599] __filemap_fdatawrite_range+0xb4/0xf0 [ 51.448252][ T3599] ? delete_from_page_cache_batch+0xde0/0xde0 [ 51.454317][ T3599] file_write_and_wait_range+0xb2/0x120 [ 51.459853][ T3599] ext4_sync_file+0x21a/0xfd0 [ 51.464519][ T3599] ? ext4_getfsmap+0x990/0x990 [ 51.469282][ T3599] vfs_fsync_range+0x13a/0x220 [ 51.474036][ T3599] ext4_buffered_write_iter+0x27d/0x330 [ 51.479571][ T3599] ext4_file_write_iter+0x43c/0x1520 [ 51.484843][ T3599] ? __lock_acquire+0x163e/0x5660 [ 51.489855][ T3599] ? ext4_buffered_write_iter+0x330/0x330 [ 51.495565][ T3599] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 51.501528][ T3599] ? aa_path_link+0x2f0/0x2f0 [ 51.506193][ T3599] new_sync_write+0x315/0x4d0 [ 51.510864][ T3599] ? new_sync_read+0x560/0x560 [ 51.515614][ T3599] ? lock_release+0x780/0x780 [ 51.520278][ T3599] vfs_write+0x7c0/0xac0 [ 51.524509][ T3599] ksys_write+0x127/0x250 [ 51.528825][ T3599] ? __ia32_sys_read+0xb0/0xb0 [ 51.533570][ T3599] ? lockdep_hardirqs_on+0x79/0x100 [ 51.538756][ T3599] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.543943][ T3599] ? ptrace_notify+0xfa/0x140 [ 51.548607][ T3599] do_syscall_64+0x35/0xb0 [ 51.553010][ T3599] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 51.558888][ T3599] RIP: 0033:0x7fa3606a4069 [ 51.563311][ T3599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.582904][ T3599] RSP: 002b:00007ffc3d475f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 51.591303][ T3599] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fa3606a4069 [ 51.599259][ T3599] RDX: 0000000000000016 RSI: 0000000020002580 RDI: 0000000000000007 [ 51.607214][ T3599] RBP: 00007fa360663860 R08: 0000000000000000 R09: 0000000000000000 [ 51.615170][ T3599] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3606638f0 [ 51.623124][ T3599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 51.631104][ T3599] [ 51.634106][ T3599] Modules linked in: [ 51.638396][ T3599] ---[ end trace 0000000000000000 ]--- [ 51.643861][ T3599] RIP: 0010:ext4_writepages+0x23d0/0x3b60 [ 51.649623][ T3599] Code: e1 be 00 10 00 00 4c 89 ef 48 d3 ee ba 01 00 00 00 e8 d4 22 fe ff 83 c0 01 89 84 24 bc 00 00 00 e9 42 e5 ff ff e8 f0 3b 60 ff <0f> 0b e8 e9 3b 60 ff 44 0f b6 a4 24 e3 00 00 00 89 5c 24 08 e9 e9 [ 51.669382][ T3599] RSP: 0018:ffffc90002eff4b0 EFLAGS: 00010293 [ 51.675473][ T3599] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 51.683445][ T3599] RDX: ffff888020b23a80 RSI: ffffffff821a7b20 RDI: 0000000000000007 [ 51.691434][ T3599] RBP: ffff888072c43c80 R08: 0000000000000007 R09: 0000000000000000 [ 51.699429][ T3599] R10: 0000000000000001 R11: 1ffffffff1fc7c2c R12: 0000000000000001 [ 51.707412][ T3599] R13: ffff888072c43ee0 R14: ffffc90002effa00 R15: ffff888022f30000 [ 51.715409][ T3599] FS: 0000555556c10300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 51.724333][ T3599] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.730930][ T3599] CR2: 00000000004571f0 CR3: 000000007e8c0000 CR4: 00000000003506e0 [ 51.738929][ T3599] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.746937][ T3599] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.754927][ T3599] Kernel panic - not syncing: Fatal exception [ 51.761139][ T3599] Kernel Offset: disabled [ 51.765455][ T3599] Rebooting in 86400 seconds..