./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2266308900

<...>
Warning: Permanently added '10.128.1.125' (ED25519) to the list of known hosts.
execve("./syz-executor2266308900", ["./syz-executor2266308900"], 0x7ffc652dcc20 /* 10 vars */) = 0
brk(NULL)                               = 0x555556a94000
brk(0x555556a94d40)                     = 0x555556a94d40
arch_prctl(ARCH_SET_FS, 0x555556a943c0) = 0
set_tid_address(0x555556a94690)         = 285
set_robust_list(0x555556a946a0, 24)     = 0
rseq(0x555556a94ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2266308900", 4096) = 28
getrandom("\x79\x30\xd6\x17\xff\xa9\x7d\x04", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555556a94d40
brk(0x555556ab5d40)                     = 0x555556ab5d40
brk(0x555556ab6000)                     = 0x555556ab6000
mprotect(0x7fbe68800000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24
close(3)                                = 0
mkdir("./syzkaller.37JDH6", 0700)       = 0
chmod("./syzkaller.37JDH6", 0777)       = 0
chdir("./syzkaller.37JDH6")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a94690) = 286
./strace-static-x86_64: Process 286 attached
[pid   286] set_robust_list(0x555556a946a0, 24) = 0
[pid   286] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   286] setsid()                    = 1
[pid   286] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   286] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   286] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   286] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   286] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   286] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   286] unshare(CLONE_NEWNS)        = 0
[pid   286] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   286] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   286] unshare(CLONE_NEWCGROUP)    = 0
[pid   286] unshare(CLONE_NEWUTS)       = 0
[pid   286] unshare(CLONE_SYSVSEM)      = 0
[pid   286] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   286] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   286] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   286] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   286] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   286] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   286] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   286] getpid()                    = 1
[pid   286] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   286] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   286] unshare(CLONE_NEWNET)       = 0
[pid   286] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   286] write(3, "0 65535", 7)      = 7
[pid   286] close(3)                    = 0
[pid   286] mkdir("/dev/binderfs", 0777) = 0
[pid   286] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   286] futex(0x7fbe688066cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   286] rt_sigaction(SIGRT_1, {sa_handler=0x7fbe687a4b40, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbe68795cf0}, NULL, 8) = 0
[pid   286] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbe6871b000
[pid   286] mprotect(0x7fbe6871c000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbe6873b990, parent_tid=0x7fbe6873b990, exit_signal=0, stack=0x7fbe6871b000, stack_size=0x20300, tls=0x7fbe6873b6c0} => {parent_tid=[2]}, 88) = 2
[pid   286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   286] futex(0x7fbe688066c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   286] futex(0x7fbe688066cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 287 attached
 <unfinished ...>
[pid   287] set_robust_list(0x7fbe6873b9a0, 24) = 0
[pid   287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   287] memfd_create("syzkaller", 0) = 3
[pid   287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbe6031b000
[pid   287] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid   287] munmap(0x7fbe6031b000, 262144) = 0
[pid   287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   287] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   287] close(3)                    = 0
[pid   287] mkdir("./file1", 0777)      = 0
[   19.776017][   T24] audit: type=1400 audit(1693660443.050:66): avc:  denied  { execmem } for  pid=285 comm="syz-executor226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   19.779191][   T24] audit: type=1400 audit(1693660443.050:67): avc:  denied  { mounton } for  pid=285 comm="syz-executor226" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   19.783178][   T24] audit: type=1400 audit(1693660443.050:68): avc:  denied  { mount } for  pid=285 comm="syz-executor226" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   19.787110][   T24] audit: type=1400 audit(1693660443.060:69): avc:  denied  { mounton } for  pid=286 comm="syz-executor226" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   19.790919][   T24] audit: type=1400 audit(1693660443.060:70): avc:  denied  { mount } for  pid=286 comm="syz-executor226" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   19.794627][   T24] audit: type=1400 audit(1693660443.060:71): avc:  denied  { mounton } for  pid=286 comm="syz-executor226" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   19.809685][   T24] audit: type=1400 audit(1693660443.080:72): avc:  denied  { mounton } for  pid=286 comm="syz-executor226" path="/dev/binderfs" dev="devtmpfs" ino=357 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   19.832562][   T24] audit: type=1400 audit(1693660443.090:73): avc:  denied  { mount } for  pid=286 comm="syz-executor226" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   19.832579][  T287] EXT4-fs (loop0): 1 orphan inode deleted
[   19.855148][   T24] audit: type=1400 audit(1693660443.090:74): avc:  denied  { read write } for  pid=286 comm="syz-executor226" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   19.860634][  T287] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,norecovery,dioread_lock,errors=remount-ro,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_alloc,max_dir_size_kb=0x00000000000004e1,
[pid   287] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "errors=remount-ro,norecovery,dioread_lock,errors=remount-ro,noauto_da_alloc,resgid=0x000000000000000"...) = 0
[pid   287] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid   287] chdir("./file1")            = 0
[pid   287] ioctl(4, LOOP_CLR_FD)       = 0
[pid   287] close(4)                    = 0
[pid   287] futex(0x7fbe688066cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   286] <... futex resumed>)        = 0
[pid   286] futex(0x7fbe688066c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   286] futex(0x7fbe688066cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   287] <... futex resumed>)        = 1
[pid   287] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 4
[pid   287] futex(0x7fbe688066cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   286] <... futex resumed>)        = 0
[pid   286] futex(0x7fbe688066c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   286] futex(0x7fbe688066cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   287] <... futex resumed>)        = 1
[pid   287] write(4, "\x78\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294966945) = 167936
[pid   287] futex(0x7fbe688066cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   286] <... futex resumed>)        = 0
[pid   286] futex(0x7fbe688066c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   286] futex(0x7fbe688066cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   287] <... futex resumed>)        = 1
[pid   287] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   287] futex(0x7fbe688066cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   286] <... futex resumed>)        = 0
[pid   286] futex(0x7fbe688066c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   286] futex(0x7fbe688066cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   287] <... futex resumed>)        = 1
[pid   287] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5
[pid   287] futex(0x7fbe688066cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   286] <... futex resumed>)        = 0
[pid   286] futex(0x7fbe688066c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   286] futex(0x7fbe688066dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbe6033a000
[pid   286] mprotect(0x7fbe6033b000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbe6035a990, parent_tid=0x7fbe6035a990, exit_signal=0, stack=0x7fbe6033a000, stack_size=0x20300, tls=0x7fbe6035a6c0} => {parent_tid=[3]}, 88) = 3
[pid   286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   286] futex(0x7fbe688066d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   286] futex(0x7fbe688066dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   287] <... futex resumed>)        = 1
[pid   287] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 292 attached
 <unfinished ...>
[pid   292] set_robust_list(0x7fbe6035a9a0, 24) = 0
[pid   292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   292] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x2b, 0x30), 0x20000080 <unfinished ...>
[pid   287] <... write resumed>)        = 262144
[pid   287] futex(0x7fbe688066cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   19.884667][   T24] audit: type=1400 audit(1693660443.100:75): avc:  denied  { open } for  pid=286 comm="syz-executor226" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   19.905922][  T287] ext4 filesystem being mounted at /root/syzkaller.37JDH6/file1 supports timestamps until 2038 (0x7fffffff)
[   19.958161][  T292] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm syz-executor226: Invalid block bitmap block 0 in block_group 0
[pid   287] futex(0x7fbe688066c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   286] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   286] futex(0x7fbe688066dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[   19.973284][  T292] EXT4-fs (loop0): Remounting filesystem read-only
[   19.979593][  T292] EXT4-fs error (device loop0) in ext4_mb_clear_bb:5614: Corrupt filesystem
[   19.988340][  T292] ==================================================================
[   19.996223][  T292] BUG: KASAN: out-of-bounds in ext4_ext_remove_space+0x1fbc/0x4e10
[   20.004014][  T292] Read of size 18446744073709551544 at addr ffff88811baa3054 by task syz-executor226/292
[   20.013651][  T292] 
[   20.015818][  T292] CPU: 1 PID: 292 Comm: syz-executor226 Not tainted 5.10.192-syzkaller-00409-gc8ca447a86a2 #0
[   20.025886][  T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[   20.035801][  T292] Call Trace:
[   20.038912][  T292]  dump_stack_lvl+0x1e2/0x24b
[   20.043429][  T292]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   20.048802][  T292]  ? panic+0x80b/0x80b
[   20.052743][  T292]  print_address_description+0x81/0x3b0
[   20.058111][  T292]  kasan_report+0x179/0x1c0
[   20.062721][  T292]  ? ext4_ext_remove_space+0x1fbc/0x4e10
[   20.068166][  T292]  ? ext4_ext_remove_space+0x1fbc/0x4e10
[pid   286] exit_group(1)               = ?
[pid   287] <... futex resumed>)        = ?
[pid   287] +++ exited with 1 +++
[   20.073623][  T292]  kasan_check_range+0x293/0x2a0
[   20.078409][  T292]  ? ext4_ext_remove_space+0x1fbc/0x4e10
[   20.083860][  T292]  memmove+0x2d/0x70
[   20.087590][  T292]  ext4_ext_remove_space+0x1fbc/0x4e10
[   20.092901][  T292]  ? ext4_da_release_space+0x1a5/0x430
[   20.098185][  T292]  ? ext4_ext_index_trans_blocks+0x120/0x120
[   20.104012][  T292]  ? ext4_es_remove_extent+0x1ac/0x380
[   20.109383][  T292]  ? ext4_zero_partial_blocks+0x1c2/0x220
[   20.115031][  T292]  ext4_punch_hole+0x720/0xb10
[   20.119693][  T292]  ext4_fallocate+0x2e8/0x1ca0
[   20.124229][  T292]  ? avc_policy_seqno+0x1b/0x70
[   20.128904][  T292]  ? ext4_ext_truncate+0x200/0x200
[   20.133854][  T292]  ? fsnotify_perm+0x67/0x4e0
[   20.138365][  T292]  ? security_file_permission+0x7b/0xb0
[   20.143850][  T292]  ? preempt_count_add+0x92/0x1a0
[   20.148698][  T292]  vfs_fallocate+0x492/0x570
[   20.153136][  T292]  do_vfs_ioctl+0x1686/0x1a30
[   20.157633][  T292]  ? ioctl_has_perm+0x3f0/0x560
[   20.162321][  T292]  ? __x32_compat_sys_ioctl+0x90/0x90
[   20.167541][  T292]  ? has_cap_mac_admin+0x3c0/0x3c0
[   20.172479][  T292]  ? __kasan_check_write+0x14/0x20
[   20.177425][  T292]  ? _raw_spin_unlock_irq+0x4e/0x70
[   20.182459][  T292]  ? cgroup_leave_frozen+0x164/0x2c0
[   20.187588][  T292]  ? selinux_file_ioctl+0x3cc/0x540
[   20.192617][  T292]  ? selinux_file_alloc_security+0x120/0x120
[   20.198426][  T292]  ? __fget_files+0x31e/0x380
[   20.203046][  T292]  ? security_file_ioctl+0x84/0xb0
[   20.207980][  T292]  __se_sys_ioctl+0x99/0x190
[   20.213275][  T292]  __x64_sys_ioctl+0x7b/0x90
[   20.217696][  T292]  do_syscall_64+0x34/0x70
[   20.221947][  T292]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[   20.227674][  T292] RIP: 0033:0x7fbe6877e729
[   20.231929][  T292] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   20.251427][  T292] RSP: 002b:00007fbe6035a218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   20.259803][  T292] RAX: ffffffffffffffda RBX: 00007fbe688066d8 RCX: 00007fbe6877e729
[   20.267603][  T292] RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000004
[   20.275425][  T292] RBP: 00007fbe688066d0 R08: 00007fffa8dac757 R09: 0000000000000000
[   20.283225][  T292] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbe687d3678
[   20.291119][  T292] R13: 0000000000000002 R14: 00007fffa8dac670 R15: 6f6f6c2f7665642f
[   20.298937][  T292] 
[   20.301110][  T292] The buggy address belongs to the page:
[   20.306581][  T292] page:ffffea00046ea8c0 refcount:2 mapcount:0 mapping:ffff888109191c10 index:0x3a pfn:0x11baa3
[   20.316755][  T292] aops:def_blk_aops ino:0
[   20.320989][  T292] flags: 0x4000000000002036(referenced|uptodate|lru|active|private)
[   20.328800][  T292] raw: 4000000000002036 ffffea0004440248 ffffea0004707c88 ffff888109191c10
[   20.337219][  T292] raw: 000000000000003a ffff88811c496930 00000002ffffffff ffff888100142000
[   20.345635][  T292] page dumped because: kasan: bad access detected
[   20.351891][  T292] page->mem_cgroup:ffff888100142000
[   20.356921][  T292] page_owner tracks the page as allocated
[   20.362484][  T292] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 287, ts 19953384406, free_ts 19753654753
[   20.380057][  T292]  prep_new_page+0x166/0x180
[   20.384465][  T292]  get_page_from_freelist+0x2d8c/0x2f30
[   20.389846][  T292]  __alloc_pages_nodemask+0x435/0xaf0
[   20.395049][  T292]  pagecache_get_page+0x669/0x950
[   20.399916][  T292]  __getblk_gfp+0x221/0x7e0
[   20.404253][  T292]  ext4_ext_insert_extent+0xf88/0x4d20
[   20.409635][  T292]  ext4_ext_map_blocks+0x1b4c/0x6be0
[   20.414766][  T292]  ext4_map_blocks+0xaa7/0x1ec0
[   20.419442][  T292]  _ext4_get_block+0x21b/0x610
[   20.424053][  T292]  ext4_get_block+0x39/0x50
[   20.428392][  T292]  ext4_block_write_begin+0x61e/0x13b0
[   20.433690][  T292]  ext4_write_begin+0x6fa/0x1730
[   20.438456][  T292]  ext4_da_write_begin+0x49d/0xf60
[   20.443398][  T292]  generic_perform_write+0x2cd/0x570
[   20.448531][  T292]  ext4_buffered_write_iter+0x482/0x610
[   20.453899][  T292]  ext4_file_write_iter+0x193/0x1c80
[   20.459022][  T292] page last free stack trace:
[   20.463549][  T292]  free_unref_page_prepare+0x2ae/0x2d0
[   20.468828][  T292]  free_unref_page_list+0x122/0xb20
[   20.473859][  T292]  release_pages+0xea0/0xef0
[   20.478283][  T292]  free_pages_and_swap_cache+0x8a/0xa0
[   20.483579][  T292]  tlb_finish_mmu+0x177/0x320
[   20.488101][  T292]  unmap_region+0x31c/0x370
[   20.492431][  T292]  __do_munmap+0x699/0x8c0
[   20.496685][  T292]  __se_sys_munmap+0x120/0x1a0
[   20.501287][  T292]  __x64_sys_munmap+0x5b/0x70
[   20.505799][  T292]  do_syscall_64+0x34/0x70
[   20.510056][  T292]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[   20.516002][  T292] 
[   20.518158][  T292] Memory state around the buggy address:
[   20.523636][  T292]  ffff88811baa2f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.531643][  T292]  ffff88811baa2f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.539548][  T292] >ffff88811baa3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.547438][  T292]                                                  ^
[   20.553945][  T292]  ffff88811baa3080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.561992][  T292]  ffff88811baa3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.569876][  T292] ==================================================================
[pid   292] <... ioctl resumed>)        = ?
[   20.577768][  T292] Disabling lock debugging due to kernel taint
[   20.584360][  T292] EXT4-fs error (device loop0): __ext4_get_inode_loc:4426: comm syz-executor226: Invalid inode table block 0 in block_group 0
[   20.597430][  T292] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem
[   20.607034][  T292] EXT4-fs error (device loop0): ext4_punch_hole:4218: inode #16: comm syz-executor226: mark_inode_dirty error
[pid   292] +++ exited with 1 +++
[pid   286] +++ exited with 1 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=286, si_uid=0, si_status=1, si_utime=0, si_stime=15} ---
exit_group(0)                           = ?
+++ exited with 0 +++