./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor517438480 <...> Warning: Permanently added '10.128.0.49' (ED25519) to the list of known hosts. execve("./syz-executor517438480", ["./syz-executor517438480"], 0x7ffc20bece80 /* 10 vars */) = 0 brk(NULL) = 0x555556203000 brk(0x555556203d40) = 0x555556203d40 arch_prctl(ARCH_SET_FS, 0x5555562033c0) = 0 set_tid_address(0x555556203690) = 365 set_robust_list(0x5555562036a0, 24) = 0 rseq(0x555556203ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor517438480", 4096) = 27 getrandom("\xf6\x0b\xf0\x00\xb6\x02\x2d\x66", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556203d40 brk(0x555556224d40) = 0x555556224d40 brk(0x555556225000) = 0x555556225000 mprotect(0x7f0cebd5e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.6zi0Bv", 0700) = 0 chmod("./syzkaller.6zi0Bv", 0777) = 0 chdir("./syzkaller.6zi0Bv") = 0 mkdir("./0", 0777) = 0 [ 39.334122][ T23] audit: type=1400 audit(1714051888.560:66): avc: denied { execmem } for pid=365 comm="syz-executor517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556203690) = 366 ./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x5555562036a0, 24) = 0 [pid 366] chdir("./0") = 0 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 366] setpgid(0, 0) = 0 [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 366] write(3, "1000", 4) = 4 [pid 366] close(3) = 0 [pid 366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 366] futex(0x7f0cebd646cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 366] rt_sigaction(SIGRT_1, {sa_handler=0x7f0cebd02070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0cebcf3220}, NULL, 8) = 0 [pid 366] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0cebc78000 [pid 366] mprotect(0x7f0cebc79000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0cebc98990, parent_tid=0x7f0cebc98990, exit_signal=0, stack=0x7f0cebc78000, stack_size=0x20300, tls=0x7f0cebc986c0} => {parent_tid=[368]}, 88) = 368 [pid 366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 366] futex(0x7f0cebd646c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 366] futex(0x7f0cebd646cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 368 attached [ 39.380778][ T23] audit: type=1400 audit(1714051888.610:67): avc: denied { read write } for pid=365 comm="syz-executor517" name="loop0" dev="devtmpfs" ino=9210 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 39.405400][ T23] audit: type=1400 audit(1714051888.610:68): avc: denied { open } for pid=365 comm="syz-executor517" path="/dev/loop0" dev="devtmpfs" ino=9210 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 368] set_robust_list(0x7f0cebc989a0, 24) = 0 [pid 368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 368] memfd_create("syzkaller", 0) = 3 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ce3878000 [pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 368] munmap(0x7f0ce3878000, 138412032) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 368] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 368] close(3) = 0 [pid 368] close(4) = 0 [pid 368] mkdir("./file0", 0777) = 0 [ 39.430894][ T23] audit: type=1400 audit(1714051888.610:69): avc: denied { ioctl } for pid=365 comm="syz-executor517" path="/dev/loop0" dev="devtmpfs" ino=9210 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 368] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 368] chdir("./file0") = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 368] ioctl(4, LOOP_CLR_FD) = 0 [pid 368] close(4) = 0 [ 39.472188][ T23] audit: type=1400 audit(1714051888.700:70): avc: denied { mounton } for pid=366 comm="syz-executor517" path="/root/syzkaller.6zi0Bv/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 39.505887][ T368] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 368] futex(0x7f0cebd646cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] <... futex resumed>) = 0 [pid 366] futex(0x7f0cebd646c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 366] futex(0x7f0cebd646cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 368] futex(0x7f0cebd646cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] <... futex resumed>) = 0 [pid 366] futex(0x7f0cebd646c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 366] futex(0x7f0cebd646cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 368] futex(0x7f0cebd646cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] <... futex resumed>) = 0 [pid 366] futex(0x7f0cebd646c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 366] futex(0x7f0cebd646cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 368] futex(0x7f0cebd646cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] <... futex resumed>) = 0 [pid 366] futex(0x7f0cebd646c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 366] futex(0x7f0cebd646dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0cebc57000 [pid 366] mprotect(0x7f0cebc58000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0cebc77990, parent_tid=0x7f0cebc77990, exit_signal=0, stack=0x7f0cebc57000, stack_size=0x20300, tls=0x7f0cebc776c0} => {parent_tid=[372]}, 88) = 372 [pid 366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 366] futex(0x7f0cebd646d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 366] futex(0x7f0cebd646dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [ 39.515463][ T23] audit: type=1400 audit(1714051888.740:71): avc: denied { mount } for pid=366 comm="syz-executor517" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 39.538638][ T23] audit: type=1400 audit(1714051888.760:72): avc: denied { write } for pid=366 comm="syz-executor517" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 ./strace-static-x86_64: Process 372 attached [pid 368] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000d0} --- [pid 366] <... futex resumed>) = ? [pid 372] +++ killed by SIGBUS +++ [pid 368] +++ killed by SIGBUS +++ [pid 366] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=366, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=7} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556204730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 39.561319][ T23] audit: type=1400 audit(1714051888.760:73): avc: denied { add_name } for pid=366 comm="syz-executor517" name="pids.current" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 39.564651][ T368] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 39.583082][ T23] audit: type=1400 audit(1714051888.760:74): avc: denied { create } for pid=366 comm="syz-executor517" name="pids.current" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 39.618643][ T23] audit: type=1400 audit(1714051888.770:75): avc: denied { read append open } for pid=366 comm="syz-executor517" path="/root/syzkaller.6zi0Bv/0/file0/pids.current" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555620c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555620c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556204730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 374 attached , child_tidptr=0x555556203690) = 374 [pid 374] set_robust_list(0x5555562036a0, 24) = 0 [pid 374] chdir("./1") = 0 [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 374] setpgid(0, 0) = 0 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 374] write(3, "1000", 4) = 4 [pid 374] close(3) = 0 [pid 374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 374] futex(0x7f0cebd646cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] rt_sigaction(SIGRT_1, {sa_handler=0x7f0cebd02070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0cebcf3220}, NULL, 8) = 0 [pid 374] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0cebc78000 [pid 374] mprotect(0x7f0cebc79000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0cebc98990, parent_tid=0x7f0cebc98990, exit_signal=0, stack=0x7f0cebc78000, stack_size=0x20300, tls=0x7f0cebc986c0}./strace-static-x86_64: Process 375 attached => {parent_tid=[375]}, 88) = 375 [pid 375] set_robust_list(0x7f0cebc989a0, 24) = 0 [pid 375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 375] futex(0x7f0cebd646c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 374] futex(0x7f0cebd646c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 375] memfd_create("syzkaller", 0) = 3 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ce3878000 [pid 374] futex(0x7f0cebd646cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 375] munmap(0x7f0ce3878000, 138412032) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 375] close(3) = 0 [pid 375] close(4) = 0 [pid 375] mkdir("./file0", 0777) = 0 [pid 375] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 375] chdir("./file0") = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 375] ioctl(4, LOOP_CLR_FD) = 0 [pid 375] close(4) = 0 [pid 375] futex(0x7f0cebd646cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f0cebd646c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f0cebd646cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... futex resumed>) = 1 [pid 375] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 375] futex(0x7f0cebd646cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f0cebd646c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f0cebd646cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 375] futex(0x7f0cebd646cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f0cebd646c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f0cebd646cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 375] futex(0x7f0cebd646cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 375] futex(0x7f0cebd646c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 374] futex(0x7f0cebd646c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f0cebd646dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 374] <... mmap resumed>) = 0x7f0cebc57000 [pid 374] mprotect(0x7f0cebc58000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0cebc77990, parent_tid=0x7f0cebc77990, exit_signal=0, stack=0x7f0cebc57000, stack_size=0x20300, tls=0x7f0cebc776c0} => {parent_tid=[379]}, 88) = 379 [pid 374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 374] futex(0x7f0cebd646d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f0cebd646dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x7f0cebc779a0, 24) = 0 [pid 379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 39.803451][ T375] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 39.839109][ T375] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000d0} --- [pid 379] ioctl(4, FIBMAP, 0x20000080) = 0 [pid 379] futex(0x7f0cebd646dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 379] <... futex resumed>) = 1 [pid 379] futex(0x7f0cebd646d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 379] +++ killed by SIGBUS +++ [pid 375] +++ killed by SIGBUS +++ [pid 374] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=374, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556204730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 39.866588][ T9] ------------[ cut here ]------------ [ 39.871899][ T9] kernel BUG at fs/ext4/inode.c:2844! [ 39.877633][ T9] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 39.883540][ T9] CPU: 0 PID: 9 Comm: kworker/u4:1 Not tainted 5.4.268-syzkaller-00003-g2d5d8240a7cb #0 [ 39.893076][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 39.903079][ T9] Workqueue: writeback wb_workfn (flush-7:0) [ 39.908987][ T9] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 39.914480][ T9] Code: d1 9b ff 31 ff 89 de e8 78 d1 9b ff 45 84 f6 75 2e e8 5e cf 9b ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 4a cf 9b ff <0f> 0b e8 43 cf 9b ff 0f 0b e8 3c cf 9b ff e8 57 dc 37 ff eb 99 e8 [ 39.934007][ T9] RSP: 0018:ffff8881f5dd70e0 EFLAGS: 00010293 [ 39.939911][ T9] RAX: ffffffff81c877d6 RBX: 0000010000000000 RCX: ffff8881f5dcaf40 [ 39.947722][ T9] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 39.955536][ T9] RBP: ffff8881f5dd74d0 R08: ffffffff81c84426 R09: ffffed103d270722 [ 39.963348][ T9] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881e93839b8 [ 39.971156][ T9] R13: 0000000000000001 R14: 0000018410000000 R15: dffffc0000000000 [ 39.979003][ T9] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 39.987751][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.994246][ T9] CR2: 00007f0cebd17b50 CR3: 00000001e2d8c000 CR4: 00000000003406b0 [ 40.002057][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.010037][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.017862][ T9] Call Trace: [ 40.020989][ T9] ? __die+0xb4/0x100 [ 40.024827][ T9] ? die+0x26/0x50 [ 40.028363][ T9] ? do_trap+0x1e7/0x340 [ 40.032443][ T9] ? ext4_writepages+0x3c96/0x3cc0 [ 40.037392][ T9] ? ext4_writepages+0x3c96/0x3cc0 [ 40.042339][ T9] ? do_invalid_op+0xfb/0x110 [ 40.046851][ T9] ? ext4_writepages+0x3c96/0x3cc0 [ 40.051813][ T9] ? invalid_op+0x1e/0x30 [ 40.056000][ T9] ? ext4_writepages+0x8e6/0x3cc0 [ 40.060831][ T9] ? ext4_writepages+0x3c96/0x3cc0 [ 40.065779][ T9] ? ext4_writepages+0x3c96/0x3cc0 [ 40.070749][ T9] ? deref_stack_reg+0x15c/0x1f0 [ 40.075592][ T9] ? get_reg+0x220/0x220 [ 40.079680][ T9] ? get_reg+0x220/0x220 [ 40.083753][ T9] ? get_reg+0x220/0x220 [ 40.087840][ T9] ? ext4_readpage+0x2e0/0x2e0 [ 40.092423][ T9] ? check_preemption_disabled+0x9f/0x320 [ 40.098004][ T9] ? update_load_avg+0xbdb/0x1210 [ 40.102857][ T9] ? unwind_next_frame+0x176a/0x1ea0 [ 40.107962][ T9] ? ext4_readpage+0x2e0/0x2e0 [ 40.112563][ T9] do_writepages+0x12b/0x270 [ 40.117036][ T9] ? get_reg+0x220/0x220 [ 40.121067][ T9] ? __writepage+0x110/0x110 [ 40.125511][ T9] ? _raw_spin_lock+0xa4/0x1b0 [ 40.130092][ T9] ? _raw_spin_trylock_bh+0x190/0x190 [ 40.135310][ T9] ? unwind_next_frame+0x181e/0x1ea0 [ 40.140422][ T9] ? _raw_spin_lock+0xa4/0x1b0 [ 40.145216][ T9] __writeback_single_inode+0xd9/0xcc0 [ 40.150697][ T9] writeback_sb_inodes+0x9e0/0x1800 [ 40.155724][ T9] ? _raw_spin_lock+0xa4/0x1b0 [ 40.160334][ T9] ? queue_io+0x500/0x500 [ 40.164519][ T9] ? writeback_sb_inodes+0x1800/0x1800 [ 40.169818][ T9] ? queue_io+0x358/0x500 [ 40.174132][ T9] wb_writeback+0x403/0xd70 [ 40.178504][ T9] ? wb_io_lists_depopulated+0x170/0x170 [ 40.183961][ T9] ? set_worker_desc+0x158/0x1c0 [ 40.188715][ T9] ? check_preemption_disabled+0x9f/0x320 [ 40.194274][ T9] ? kthread_data+0x4e/0xc0 [ 40.198638][ T9] wb_workfn+0x3b6/0x1230 [ 40.202790][ T9] ? inode_wait_for_writeback+0x280/0x280 [ 40.208437][ T9] ? dequeue_task_fair+0x4f4/0x12e0 [ 40.213476][ T9] ? find_next_bit+0x7b/0x100 [ 40.217979][ T9] ? _raw_spin_unlock_irq+0x4a/0x60 [ 40.223013][ T9] ? finish_task_switch+0x130/0x590 [ 40.228143][ T9] ? __schedule+0xb0d/0x1320 [ 40.232667][ T9] ? _raw_spin_lock_irqsave+0x210/0x210 [ 40.238032][ T9] ? read_word_at_a_time+0xe/0x20 [ 40.242905][ T9] ? strscpy+0x89/0x220 [ 40.246890][ T9] process_one_work+0x765/0xd20 [ 40.251581][ T9] worker_thread+0xaef/0x1470 [ 40.256097][ T9] kthread+0x2da/0x360 [ 40.259989][ T9] ? worker_clr_flags+0x170/0x170 [ 40.264853][ T9] ? kthread_blkcg+0xd0/0xd0 [ 40.269408][ T9] ret_from_fork+0x1f/0x30 [ 40.273631][ T9] Modules linked in: [ 40.277542][ T9] ---[ end trace 8943e2e06221a99b ]--- [ 40.282946][ T9] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 40.288434][ T9] Code: d1 9b ff 31 ff 89 de e8 78 d1 9b ff 45 84 f6 75 2e e8 5e cf 9b ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 4a cf 9b ff <0f> 0b e8 43 cf 9b ff 0f 0b e8 3c cf 9b ff e8 57 dc 37 ff eb 99 e8 [ 40.307907][ T9] RSP: 0018:ffff8881f5dd70e0 EFLAGS: 00010293 [ 40.313811][ T9] RAX: ffffffff81c877d6 RBX: 0000010000000000 RCX: ffff8881f5dcaf40 [ 40.321617][ T9] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 40.329560][ T9] RBP: ffff8881f5dd74d0 R08: ffffffff81c84426 R09: ffffed103d270722 [ 40.337540][ T9] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881e93839b8 [ 40.345368][ T9] R13: 0000000000000001 R14: 0000018410000000 R15: dffffc0000000000 [ 40.353148][ T9] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 40.361890][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.368285][ T9] CR2: 00007f0cebd17b50 CR3: 00000001e2d8c000 CR4: 00000000003406b0 [ 40.376173][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.383940][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.391771][ T9] Kernel panic - not syncing: Fatal exception [ 40.397866][ T9] Kernel Offset: disabled [ 40.402020][ T9] Rebooting in 86400 seconds..