./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3089951126 <...> DUID 00:04:06:88:74:a7:04:75:62:cb:55:93:34:09:94:90:e1:fe forked to background, child pid 4811 [ 29.709016][ T4812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.725457][ T4812] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts. execve("./syz-executor3089951126", ["./syz-executor3089951126"], 0x7ffe88ecc080 /* 10 vars */) = 0 brk(NULL) = 0x555556f87000 brk(0x555556f87c40) = 0x555556f87c40 arch_prctl(ARCH_SET_FS, 0x555556f87300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3089951126", 4096) = 28 brk(0x555556fa8c40) = 0x555556fa8c40 brk(0x555556fa9000) = 0x555556fa9000 mprotect(0x7fe882a19000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 ftruncate(3, 262144) = 0 pwrite64(3, "\x20\x00\x00\x00\x00\x01\x00\x00\x0c\xe2\xff\x8b\x06\x00\x00\x00\x0f\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x20\x00\x00\x20\x00\x00\x00\x74\x1f\x17\x63\x74\x1f\x1f\x63\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\xee\xff\x73\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x00", 89, 1024) = 89 pwrite64(3, "\x03\x00\x00\x00\x13\x00\x00\x00\x23\x00\x00\x00\xce\x00\x0f", 15, 2048) = 15 pwrite64(3, "\xff\xff\xff\xff\xfc\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 1024, 3072) = 1024 pwrite64(3, "\xff\xff", 2, 19456) = 2 pwrite64(3, "\xed\x41\x00\x00\x00\x04\x00\x00\x73\x1f\x1f\x63\x74\x1f\x1f\x63\x74\x1f\x1f\x63\x00\x00\x00\x00\x00\x00\x04\x00\x02", 29, 35968) = 29 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 close(3) = 0 openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 syzkaller login: [ 54.183053][ T5240] loop0: detected capacity change from 0 to 512 [ 54.198990][ T5240] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 54.224241][ T5240] ------------[ cut here ]------------ [ 54.229812][ T5240] kernel BUG at fs/ext4/ext4.h:3329! [ 54.235696][ T5240] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 54.242048][ T5240] CPU: 0 PID: 5240 Comm: syz-executor308 Not tainted 6.1.0-rc3-next-20221104-syzkaller #0 [ 54.251935][ T5240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 54.261973][ T5240] RIP: 0010:ext4_get_group_info+0x36e/0x3d0 [ 54.267857][ T5240] Code: ff 48 c7 c2 80 42 03 8a be f8 02 00 00 48 c7 c7 80 3f 03 8a c6 05 8a 1a ae 0b 01 e8 7e 49 3b 07 e9 d9 fd ff ff e8 72 db 5d ff <0f> 0b e8 0b 68 aa ff e9 ea fc ff ff e8 01 68 aa ff e9 24 fd ff ff [ 54.287447][ T5240] RSP: 0018:ffffc90003c5f3e8 EFLAGS: 00010293 [ 54.293495][ T5240] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 54.301445][ T5240] RDX: ffff888027053a80 RSI: ffffffff821ef49e RDI: 0000000000000004 [ 54.309397][ T5240] RBP: ffff88802a754000 R08: 0000000000000004 R09: 0000000000000001 [ 54.317349][ T5240] R10: 0000000000000001 R11: 000000000008e001 R12: ffff88802a6ee000 [ 54.325300][ T5240] R13: ffff88802a6ee678 R14: 0000000000000001 R15: ffffc90003c5f7c8 [ 54.333258][ T5240] FS: 0000555556f87300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 54.342180][ T5240] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.348755][ T5240] CR2: 00007f05393f5a70 CR3: 0000000020646000 CR4: 00000000003506f0 [ 54.356708][ T5240] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.364663][ T5240] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.372613][ T5240] Call Trace: [ 54.375876][ T5240] [ 54.378792][ T5240] ext4_mb_load_buddy_gfp+0xc9/0x1c90 [ 54.384154][ T5240] ext4_mballoc_query_range+0xa1/0x860 [ 54.389600][ T5240] ? ext4_getfsmap_helper+0xce0/0xce0 [ 54.394955][ T5240] ? ext4_trim_fs+0x1800/0x1800 [ 54.399794][ T5240] ext4_getfsmap_datadev+0x17f4/0x2a10 [ 54.405331][ T5240] ? ext4_getfsmap_datadev_helper+0x9d0/0x9d0 [ 54.411382][ T5240] ? ext4_dax_fault+0x20/0x20 [ 54.416041][ T5240] ? sort+0x92/0xc0 [ 54.419844][ T5240] ? is_bpf_text_address+0x77/0x170 [ 54.425033][ T5240] ext4_getfsmap+0x6ca/0x990 [ 54.429614][ T5240] ? ext4_fsmap_to_internal+0x2c0/0x2c0 [ 54.435171][ T5240] ? is_bpf_text_address+0x99/0x170 [ 54.440356][ T5240] ? ext4_sb_setuuid+0x20/0x20 [ 54.445106][ T5240] ? find_held_lock+0x2d/0x110 [ 54.449859][ T5240] ? ext4_getfsmap_datadev_helper+0x9d0/0x9d0 [ 54.455909][ T5240] ? lock_downgrade+0x6e0/0x6e0 [ 54.460750][ T5240] ext4_ioc_getfsmap+0x344/0x990 [ 54.465669][ T5240] ? ext4_ioctl_group_add+0x580/0x580 [ 54.471036][ T5240] ? debug_check_no_obj_freed+0x20c/0x420 [ 54.476747][ T5240] ? lockdep_hardirqs_on+0x79/0x100 [ 54.481935][ T5240] ? __kmem_cache_free+0xab/0x3b0 [ 54.486947][ T5240] __ext4_ioctl+0x348/0x49d0 [ 54.491516][ T5240] ? tomoyo_path_number_perm+0x162/0x570 [ 54.497222][ T5240] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 54.503015][ T5240] ? ext4_reset_inode_seed+0x440/0x440 [ 54.508453][ T5240] ? __sanitizer_cov_trace_switch+0x50/0x90 [ 54.514335][ T5240] ? do_vfs_ioctl+0x132/0x1580 [ 54.519085][ T5240] ? vfs_fileattr_set+0xbe0/0xbe0 [ 54.524100][ T5240] ? find_held_lock+0x2d/0x110 [ 54.528852][ T5240] ? calibrate_delay+0xce3/0x1120 [ 54.533862][ T5240] ? lock_downgrade+0x6e0/0x6e0 [ 54.538700][ T5240] ? bpf_lsm_file_ioctl+0x5/0x10 [ 54.543627][ T5240] ? ext4_fileattr_set+0x1940/0x1940 [ 54.548916][ T5240] __x64_sys_ioctl+0x193/0x200 [ 54.553692][ T5240] do_syscall_64+0x35/0xb0 [ 54.558123][ T5240] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.564005][ T5240] RIP: 0033:0x7fe8829acf99 [ 54.568400][ T5240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 54.587989][ T5240] RSP: 002b:00007ffe0b216158 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 54.596384][ T5240] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe8829acf99 [ 54.604334][ T5240] RDX: 0000000020000200 RSI: 00000000c0c0583b RDI: 0000000000000003 [ 54.612284][ T5240] RBP: 00007fe88296c760 R08: 0000000000000000 R09: 0000000000000000 [ 54.620236][ T5240] R10: 0000555556f872c0 R11: 0000000000000246 R12: 00007fe88296c7f0 [ 54.628188][ T5240] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 54.636164][ T5240] [ 54.639174][ T5240] Modules linked in: [ 54.643188][ T5240] ---[ end trace 0000000000000000 ]--- [ 54.649798][ T5240] RIP: 0010:ext4_get_group_info+0x36e/0x3d0 [ 54.656922][ T5240] Code: ff 48 c7 c2 80 42 03 8a be f8 02 00 00 48 c7 c7 80 3f 03 8a c6 05 8a 1a ae 0b 01 e8 7e 49 3b 07 e9 d9 fd ff ff e8 72 db 5d ff <0f> 0b e8 0b 68 aa ff e9 ea fc ff ff e8 01 68 aa ff e9 24 fd ff ff [ 54.676699][ T5240] RSP: 0018:ffffc90003c5f3e8 EFLAGS: 00010293 [ 54.682770][ T5240] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 54.691046][ T5240] RDX: ffff888027053a80 RSI: ffffffff821ef49e RDI: 0000000000000004 [ 54.699121][ T5240] RBP: ffff88802a754000 R08: 0000000000000004 R09: 0000000000000001 [ 54.707125][ T5240] R10: 0000000000000001 R11: 000000000008e001 R12: ffff88802a6ee000 [ 54.715081][ T5240] R13: ffff88802a6ee678 R14: 0000000000000001 R15: ffffc90003c5f7c8 [ 54.723118][ T5240] FS: 0000555556f87300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 54.732071][ T5240] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.738667][ T5240] CR2: 00007f05393f5a70 CR3: 0000000020646000 CR4: 00000000003506f0 [ 54.746665][ T5240] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.754620][ T5240] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.762609][ T5240] Kernel panic - not syncing: Fatal exception [ 54.768827][ T5240] Kernel Offset: disabled [ 54.773143][ T5240] Rebooting in 86400 seconds..