./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor620298194 <...> forked to background, child pid 4643 no interfaces have a carri[ 22.841118][ T4644] 8021q: adding VLAN 0 to HW filter on device bond0 er [ 22.851185][ T4644] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.252' (ECDSA) to the list of known hosts. execve("./syz-executor620298194", ["./syz-executor620298194"], 0x7ffe9a9a6c50 /* 10 vars */) = 0 brk(NULL) = 0x555556400000 brk(0x555556400c40) = 0x555556400c40 arch_prctl(ARCH_SET_FS, 0x555556400300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555564005d0) = 5065 set_robust_list(0x5555564005e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fc830ba0580, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fc830ba0c50}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fc830ba0620, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc830ba0c50}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor620298194", 4096) = 27 brk(0x555556421c40) = 0x555556421c40 brk(0x555556422000) = 0x555556422000 mprotect(0x7fc830c61000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5065 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "5065", 4) = 4 close(3) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564005d0) = 5067 ./strace-static-x86_64: Process 5067 attached [pid 5067] set_robust_list(0x5555564005e0, 24) = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] futex(0x7fc830c6770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc830b6f000 [pid 5067] mprotect(0x7fc830b70000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5067] clone(child_stack=0x7fc830b8f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5068], tls=0x7fc830b8f700, child_tidptr=0x7fc830b8f9d0) = 5068 [pid 5067] futex(0x7fc830c67708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7fc830c6770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x7fc830b8f9e0, 24) = 0 [pid 5068] memfd_create("syzkaller", 0) = 3 [pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc82876f000 [pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5068] munmap(0x7fc82876f000, 1048576) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5068] close(3) = 0 [pid 5068] mkdir("./file0", 0777) = 0 [pid 5068] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_NODIRATIME, "") = 0 [pid 5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5068] chdir("./file0") = 0 [pid 5068] ioctl(4, LOOP_CLR_FD) = 0 [pid 5068] close(4) = 0 [pid 5068] futex(0x7fc830c6770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] futex(0x7fc830c67708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7fc830c67708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] futex(0x7fc830c6770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... futex resumed>) = 0 [pid 5068] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 5068] futex(0x7fc830c6770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] futex(0x7fc830c67708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7fc830c67708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] futex(0x7fc830c6770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... futex resumed>) = 0 [pid 5068] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [pid 5068] futex(0x7fc830c6770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7fc830c67708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7fc830c6770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... futex resumed>) = 1 syzkaller login: [ 42.579529][ T5068] loop0: detected capacity change from 0 to 2048 [ 42.596615][ T5069] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5068] sendfile(4, 5, NULL, 140737974943952 [pid 5067] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5067] futex(0x7fc830c6770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5067] futex(0x7fc830c6771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc82884e000 [pid 5067] mprotect(0x7fc82884f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5067] clone(child_stack=0x7fc82886e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5070], tls=0x7fc82886e700, child_tidptr=0x7fc82886e9d0) = 5070 [pid 5067] futex(0x7fc830c67718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7fc830c6771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5070 attached [pid 5070] set_robust_list(0x7fc82886e9e0, 24) = 0 [pid 5070] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5070] futex(0x7fc830c6771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = 1 [pid 5067] futex(0x7fc830c67718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5067] futex(0x7fc830c6771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... open resumed>) = 6 [pid 5070] futex(0x7fc830c6771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7fc830c67718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] openat(-1, "/proc/self/exe", O_RDONLY [pid 5067] <... futex resumed>) = 0 [pid 5070] <... openat resumed>) = 7 [pid 5067] futex(0x7fc830c6771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] futex(0x7fc830c6771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7fc830c67718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 42.619389][ T27] audit: type=1800 audit(1675387199.390:2): pid=5068 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor620" name="bus" dev="loop0" ino=18 res=0 errno=0 [pid 5067] futex(0x7fc830c6771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] sendfile(6, 7, NULL, 140737974943952 [pid 5067] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 42.757879][ C1] ------------[ cut here ]------------ [ 42.763419][ C1] kernel BUG at mm/filemap.c:1615! [ 42.768632][ C1] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 42.774693][ C1] CPU: 1 PID: 21 Comm: ksoftirqd/1 Not tainted 6.2.0-rc6-syzkaller-00050-g9f266ccaa2f5 #0 [ 42.784656][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 42.794718][ C1] RIP: 0010:folio_end_writeback+0x391/0x3b0 [ 42.800656][ C1] Code: ef e8 93 06 24 00 e9 82 fe ff ff 4c 89 e7 e8 a6 06 24 00 e9 c8 fc ff ff 48 89 ef e8 99 06 24 00 e9 d5 fd ff ff e8 7f fb d5 ff <0f> 0b e8 88 06 24 00 e9 11 fe ff ff 48 89 df e8 7b 06 24 00 e9 80 [ 42.820427][ C1] RSP: 0018:ffffc900001b7c78 EFLAGS: 00010246 [ 42.826490][ C1] RAX: 0000000000000000 RBX: 0000000000ae8b00 RCX: 0000000000000100 [ 42.834467][ C1] RDX: ffff888012639d40 RSI: ffffffff81aaf761 RDI: 0000000000000001 [ 42.842424][ C1] RBP: ffffea0000ae8bc0 R08: 0000000000000001 R09: 0000000000000000 [ 42.850381][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffffea0000ae8bf4 [ 42.858344][ C1] R13: ffffea0000ae8bc0 R14: ffff8880735cf150 R15: 0000000000000000 [ 42.866308][ C1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 42.875227][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.881798][ C1] CR2: 00007fc830c25fc0 CR3: 0000000076c15000 CR4: 0000000000350ee0 [ 42.889767][ C1] Call Trace: [ 42.893030][ C1] [ 42.895947][ C1] end_buffer_async_write+0x309/0x900 [ 42.901314][ C1] ? __bread_gfp+0x330/0x330 [ 42.905896][ C1] end_bio_bh_io_sync+0xde/0x130 [ 42.910828][ C1] ? invalidate_bh_lrus+0x30/0x30 [ 42.915843][ C1] bio_endio+0x651/0x7f0 [ 42.920076][ C1] blk_update_request+0x436/0x1380 [ 42.925181][ C1] blk_mq_end_request+0x4f/0x80 [ 42.930022][ C1] lo_complete_rq+0x1c6/0x280 [ 42.934697][ C1] blk_complete_reqs+0xad/0xe0 [ 42.939454][ C1] __do_softirq+0x1fb/0xadc [ 42.943961][ C1] ? __irq_exit_rcu+0x180/0x180 [ 42.948799][ C1] run_ksoftirqd+0x31/0x60 [ 42.953201][ C1] smpboot_thread_fn+0x659/0xa20 [ 42.958134][ C1] ? sort_range+0x30/0x30 [ 42.962461][ C1] kthread+0x2e8/0x3a0 [ 42.966603][ C1] ? kthread_complete_and_exit+0x40/0x40 [ 42.972225][ C1] ret_from_fork+0x1f/0x30 [ 42.976729][ C1] [ 42.979731][ C1] Modules linked in: [ 42.983658][ C1] ---[ end trace 0000000000000000 ]--- [ 42.989128][ C1] RIP: 0010:folio_end_writeback+0x391/0x3b0 [pid 5067] exit_group(0) = ? [ 42.995042][ C1] Code: ef e8 93 06 24 00 e9 82 fe ff ff 4c 89 e7 e8 a6 06 24 00 e9 c8 fc ff ff 48 89 ef e8 99 06 24 00 e9 d5 fd ff ff e8 7f fb d5 ff <0f> 0b e8 88 06 24 00 e9 11 fe ff ff 48 89 df e8 7b 06 24 00 e9 80 [ 43.014694][ C1] RSP: 0018:ffffc900001b7c78 EFLAGS: 00010246 [ 43.020824][ C1] RAX: 0000000000000000 RBX: 0000000000ae8b00 RCX: 0000000000000100 [ 43.028860][ C1] RDX: ffff888012639d40 RSI: ffffffff81aaf761 RDI: 0000000000000001 [ 43.036898][ C1] RBP: ffffea0000ae8bc0 R08: 0000000000000001 R09: 0000000000000000 [ 43.044874][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffffea0000ae8bf4 [ 43.052868][ C1] R13: ffffea0000ae8bc0 R14: ffff8880735cf150 R15: 0000000000000000 [ 43.060885][ C1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 43.069881][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.076463][ C1] CR2: 00007fc830c25fc0 CR3: 0000000076c15000 CR4: 0000000000350ee0 [ 43.084461][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 43.092511][ C1] Kernel Offset: disabled [ 43.096826][ C1] Rebooting in 86400 seconds..