./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2308561874 <...> Warning: Permanently added '10.128.1.64' (ECDSA) to the list of known hosts. execve("./syz-executor2308561874", ["./syz-executor2308561874"], 0x7fffefb81490 /* 10 vars */) = 0 brk(NULL) = 0x55555692d000 brk(0x55555692dc40) = 0x55555692dc40 arch_prctl(ARCH_SET_FS, 0x55555692d300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2308561874", 4096) = 28 brk(0x55555694ec40) = 0x55555694ec40 brk(0x55555694f000) = 0x55555694f000 mprotect(0x7f60a6c45000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 ftruncate(3, 262144) = 0 pwrite64(3, "\x20\x00\x00\x00\x00\x01\x00\x00\x0c\xe2\xff\x8b\x06\x00\x00\x00\x0f\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x20\x00\x00\x20\x00\x00\x00\x74\x1f\x17\x63\x74\x1f\x1f\x63\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\xee\xff\x73\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x00", 89, 1024) = 89 pwrite64(3, "\x03\x00\x00\x00\x13\x00\x00\x00\x23\x00\x00\x00\xce\x00\x0f", 15, 2048) = 15 pwrite64(3, "\xff\xff\xff\xff\xfc\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 1024, 3072) = 1024 pwrite64(3, "\xff\xff", 2, 19456) = 2 pwrite64(3, "\xed\x41\x00\x00\x00\x04\x00\x00\x73\x1f\x1f\x63\x74\x1f\x1f\x63\x74\x1f\x1f\x63\x00\x00\x00\x00\x00\x00\x04\x00\x02", 29, 35968) = 29 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 close(3) = 0 openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 syzkaller login: [ 40.208052][ T3612] loop0: detected capacity change from 0 to 512 [ 40.218550][ T3612] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 40.239363][ T3612] ------------[ cut here ]------------ [ 40.244839][ T3612] kernel BUG at fs/ext4/ext4.h:3329! [ 40.250179][ T3612] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 40.256405][ T3612] CPU: 1 PID: 3612 Comm: syz-executor230 Not tainted 6.0.0-syzkaller-09039-ga6afa4199d3d #0 [ 40.266620][ T3612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 40.276653][ T3612] RIP: 0010:ext4_get_group_info+0x36e/0x3d0 [ 40.282540][ T3612] Code: ff 48 c7 c2 a0 18 03 8a be e3 02 00 00 48 c7 c7 00 19 03 8a c6 05 d9 07 ad 0b 01 e8 1d 5f 20 07 e9 d9 fd ff ff e8 22 4a 5d ff <0f> 0b e8 ab 5f aa ff e9 ea fc ff ff e8 a1 5f aa ff e9 24 fd ff ff [ 40.302131][ T3612] RSP: 0018:ffffc90003f3f3f8 EFLAGS: 00010293 [ 40.308185][ T3612] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 40.316161][ T3612] RDX: ffff88801effd880 RSI: ffffffff821dcd0e RDI: 0000000000000004 [ 40.324135][ T3612] RBP: ffff8880216fc000 R08: 0000000000000004 R09: 0000000000000001 [ 40.332093][ T3612] R10: 0000000000000001 R11: 000000000008c07c R12: ffff8880216fe000 [ 40.340051][ T3612] R13: ffff8880216fe678 R14: 0000000000000001 R15: ffffc90003f3f7f4 [ 40.348016][ T3612] FS: 000055555692d300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 40.356936][ T3612] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.363507][ T3612] CR2: 000055cc682b0288 CR3: 000000001ce22000 CR4: 0000000000350ee0 [ 40.371465][ T3612] Call Trace: [ 40.374729][ T3612] [ 40.377651][ T3612] ext4_mb_load_buddy_gfp+0xc9/0x1350 [ 40.383221][ T3612] ext4_mballoc_query_range+0xa1/0x8a0 [ 40.388672][ T3612] ? ext4_getfsmap_helper+0xce0/0xce0 [ 40.394208][ T3612] ? ext4_trim_fs+0x17b0/0x17b0 [ 40.399071][ T3612] ? rcu_read_lock_sched_held+0xd/0x70 [ 40.404527][ T3612] ? trace_kmalloc+0x32/0x100 [ 40.409215][ T3612] ext4_getfsmap_datadev+0x1747/0x2970 [ 40.414684][ T3612] ? ext4_getfsmap_datadev_helper+0x9d0/0x9d0 [ 40.420743][ T3612] ? ext4_dax_fault+0x20/0x20 [ 40.425409][ T3612] ? sort+0x92/0xc0 [ 40.429297][ T3612] ? is_bpf_text_address+0x77/0x170 [ 40.434494][ T3612] ? lock_downgrade+0x6e0/0x6e0 [ 40.439342][ T3612] ? __stack_depot_save+0x35/0x500 [ 40.444473][ T3612] ext4_getfsmap+0x6ca/0x990 [ 40.449055][ T3612] ? ext4_fsmap_to_internal+0x2c0/0x2c0 [ 40.454591][ T3612] ? ext4_sb_setuuid+0x20/0x20 [ 40.459356][ T3612] ? rcu_read_lock_sched_held+0xd/0x70 [ 40.464813][ T3612] ? lock_acquire+0x480/0x570 [ 40.469480][ T3612] ? rcu_read_lock_sched_held+0xd/0x70 [ 40.474937][ T3612] ? ext4_getfsmap_datadev_helper+0x9d0/0x9d0 [ 40.480994][ T3612] ? lock_downgrade+0x6e0/0x6e0 [ 40.485836][ T3612] ext4_ioc_getfsmap+0x2de/0x890 [ 40.491037][ T3612] ? ext4_ioctl_group_add+0x580/0x580 [ 40.496412][ T3612] ? lock_acquire+0x480/0x570 [ 40.501078][ T3612] ? lock_release+0x560/0x780 [ 40.505750][ T3612] ? trace_kmalloc+0x32/0x100 [ 40.510418][ T3612] ? debug_check_no_obj_freed+0x20c/0x420 [ 40.516136][ T3612] ? trace_hardirqs_on+0x2d/0x120 [ 40.521168][ T3612] ? tomoyo_path_number_perm+0x413/0x550 [ 40.526797][ T3612] ? kfree+0xe2/0x580 [ 40.530770][ T3612] __ext4_ioctl+0x368/0x4c00 [ 40.535359][ T3612] ? tomoyo_path_number_perm+0x162/0x550 [ 40.540986][ T3612] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 40.546784][ T3612] ? ext4_reset_inode_seed+0x440/0x440 [ 40.552245][ T3612] ? __sanitizer_cov_trace_switch+0x50/0x90 [ 40.558138][ T3612] ? do_vfs_ioctl+0x132/0x15c0 [ 40.562893][ T3612] ? vfs_fileattr_set+0xbe0/0xbe0 [ 40.568094][ T3612] ? rcu_read_lock_sched_held+0xd/0x70 [ 40.573647][ T3612] ? lock_release+0x560/0x780 [ 40.578333][ T3612] ? calibrate_delay+0xe53/0x1120 [ 40.583359][ T3612] ? lock_downgrade+0x6e0/0x6e0 [ 40.588202][ T3612] ? bpf_lsm_file_ioctl+0x5/0x10 [ 40.593134][ T3612] ? ext4_fileattr_set+0x1a80/0x1a80 [ 40.598422][ T3612] __x64_sys_ioctl+0x193/0x200 [ 40.603181][ T3612] do_syscall_64+0x35/0xb0 [ 40.607591][ T3612] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 40.613476][ T3612] RIP: 0033:0x7f60a6bd8f99 [ 40.617879][ T3612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 40.637563][ T3612] RSP: 002b:00007ffd26c3bbc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 40.645967][ T3612] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f60a6bd8f99 [ 40.653924][ T3612] RDX: 0000000020000200 RSI: 00000000c0c0583b RDI: 0000000000000003 [ 40.661882][ T3612] RBP: 00007f60a6b98760 R08: 0000000000000000 R09: 0000000000000000 [ 40.669840][ T3612] R10: 000055555692d2c0 R11: 0000000000000246 R12: 00007f60a6b987f0 [ 40.677884][ T3612] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 40.685847][ T3612] [ 40.688854][ T3612] Modules linked in: [ 40.692990][ T3612] ---[ end trace 0000000000000000 ]--- [ 40.698495][ T3612] RIP: 0010:ext4_get_group_info+0x36e/0x3d0 [ 40.704408][ T3612] Code: ff 48 c7 c2 a0 18 03 8a be e3 02 00 00 48 c7 c7 00 19 03 8a c6 05 d9 07 ad 0b 01 e8 1d 5f 20 07 e9 d9 fd ff ff e8 22 4a 5d ff <0f> 0b e8 ab 5f aa ff e9 ea fc ff ff e8 a1 5f aa ff e9 24 fd ff ff [ 40.724065][ T3612] RSP: 0018:ffffc90003f3f3f8 EFLAGS: 00010293 [ 40.730151][ T3612] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 40.738141][ T3612] RDX: ffff88801effd880 RSI: ffffffff821dcd0e RDI: 0000000000000004 [ 40.746131][ T3612] RBP: ffff8880216fc000 R08: 0000000000000004 R09: 0000000000000001 [ 40.754081][ T3612] R10: 0000000000000001 R11: 000000000008c07c R12: ffff8880216fe000 [ 40.762069][ T3612] R13: ffff8880216fe678 R14: 0000000000000001 R15: ffffc90003f3f7f4 [ 40.770147][ T3612] FS: 000055555692d300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 40.779098][ T3612] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.785717][ T3612] CR2: 000055cc682b0288 CR3: 000000001ce22000 CR4: 0000000000350ee0 [ 40.793683][ T3612] Kernel panic - not syncing: Fatal exception [ 40.799805][ T3612] Kernel Offset: disabled [ 40.804110][ T3612] Rebooting in 86400 seconds..