./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3161077593 <...> Warning: Permanently added '10.128.0.65' (ECDSA) to the list of known hosts. execve("./syz-executor3161077593", ["./syz-executor3161077593"], 0x7ffeb5d2c5b0 /* 10 vars */) = 0 brk(NULL) = 0x5555560ca000 brk(0x5555560cac40) = 0x5555560cac40 arch_prctl(ARCH_SET_FS, 0x5555560ca300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555560ca5d0) = 303 set_robust_list(0x5555560ca5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f7626c506a0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f7626c50d70}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f7626c50740, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f7626c50d70}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3161077593", 4096) = 28 brk(0x5555560ebc40) = 0x5555560ebc40 brk(0x5555560ec000) = 0x5555560ec000 mprotect(0x7f7626d12000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 303 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) fstat(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "303", 3) = 3 close(3) = 0 getpid() = 303 mkdir("./syzkaller.QCICg7", 0700) = 0 chmod("./syzkaller.QCICg7", 0777) = 0 chdir("./syzkaller.QCICg7") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560ca5d0) = 304 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x5555560ca5e0, 24) = 0 [pid 304] chdir("./0") = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [ 21.365205][ T22] audit: type=1400 audit(1678605682.680:73): avc: denied { execmem } for pid=303 comm="syz-executor316" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 304] futex(0x7f7626d1878c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7626c1f000 [pid 304] mprotect(0x7f7626c20000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 304] clone(child_stack=0x7f7626c3f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[306], tls=0x7f7626c3f700, child_tidptr=0x7f7626c3f9d0) = 306 [pid 304] futex(0x7f7626d18788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f7626d1878c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x7f7626c3f9e0, 24) = 0 [pid 306] memfd_create("syzkaller", 0) = 3 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f761e81f000 [pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 306] munmap(0x7f761e81f000, 1048576) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 306] close(3) = 0 [pid 306] mkdir("./file0", 0777) = 0 [ 21.403792][ T22] audit: type=1400 audit(1678605682.720:74): avc: denied { read write } for pid=303 comm="syz-executor316" name="loop0" dev="devtmpfs" ino=9277 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.432654][ T22] audit: type=1400 audit(1678605682.720:75): avc: denied { open } for pid=303 comm="syz-executor316" path="/dev/loop0" dev="devtmpfs" ino=9277 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.458142][ T22] audit: type=1400 audit(1678605682.720:76): avc: denied { ioctl } for pid=303 comm="syz-executor316" path="/dev/loop0" dev="devtmpfs" ino=9277 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.484077][ T22] audit: type=1400 audit(1678605682.750:77): avc: denied { mounton } for pid=304 comm="syz-executor316" path="/root/syzkaller.QCICg7/0/file0" dev="sda1" ino=1141 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 306] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 306] chdir("./file0") = 0 [pid 306] ioctl(4, LOOP_CLR_FD) = 0 [pid 306] close(4) = 0 [pid 306] futex(0x7f7626d1878c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] futex(0x7f7626d18788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7f7626d18788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 304] futex(0x7f7626d1878c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 0 [pid 306] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 306] futex(0x7f7626d1878c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7f7626d18788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f7626d1879c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f761e8fe000 [pid 304] mprotect(0x7f761e8ff000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 304] clone(child_stack=0x7f761e91e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[310], tls=0x7f761e91e700, child_tidptr=0x7f761e91e9d0) = 310 [pid 304] futex(0x7f7626d18798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f7626d1879c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 1 [pid 306] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 306] futex(0x7f7626d1878c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f7626d18788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x7f761e91e9e0, 24) = 0 [pid 310] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 310] futex(0x7f7626d1879c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7f7626d18788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 304] futex(0x7f7626d1878c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 0 [pid 306] open("./bus", O_RDWR) = 5 [pid 306] futex(0x7f7626d1878c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7f7626d18788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f7626d1878c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 1 [pid 306] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7f7626d18788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] <... futex resumed>) = 1 [pid 306] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040) = -1 EFAULT (Bad address) [pid 306] futex(0x7f7626d1878c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f7626d18788, FUTEX_WAIT_PRIVATE, 0, NULLwrite to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory [pid 310] <... futex resumed>) = 1 [pid 304] write(1, "write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory\n", 90) = 90 [pid 304] exit_group(0) = ? [pid 306] <... futex resumed>) = ? [pid 310] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ [pid 304] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560cc630 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 21.510123][ T306] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 21.519919][ T22] audit: type=1400 audit(1678605682.840:78): avc: denied { mount } for pid=304 comm="syz-executor316" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 21.537235][ T306] EXT4-fs error (device loop0): ext4_mb_generate_buddy:747: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 21.542735][ T22] audit: type=1400 audit(1678605682.850:79): avc: denied { write } for pid=304 comm="syz-executor316" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.578762][ T22] audit: type=1400 audit(1678605682.850:80): avc: denied { add_name } for pid=304 comm="syz-executor316" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560d4670 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560d4670 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555560cc630 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 21.599487][ T22] audit: type=1400 audit(1678605682.850:81): avc: denied { create } for pid=304 comm="syz-executor316" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 21.619724][ T22] audit: type=1400 audit(1678605682.850:82): avc: denied { read write open } for pid=304 comm="syz-executor316" path="/root/syzkaller.QCICg7/0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 311 attached , child_tidptr=0x5555560ca5d0) = 311 [pid 311] set_robust_list(0x5555560ca5e0, 24) = 0 [pid 311] chdir("./1") = 0 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 311] futex(0x7f7626d1878c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7626c1f000 [pid 311] mprotect(0x7f7626c20000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 311] clone(child_stack=0x7f7626c3f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[312], tls=0x7f7626c3f700, child_tidptr=0x7f7626c3f9d0) = 312 [pid 311] futex(0x7f7626d18788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7f7626d1878c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 312 attached [pid 312] set_robust_list(0x7f7626c3f9e0, 24) = 0 [pid 312] memfd_create("syzkaller", 0) = 3 [pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f761e81f000 [pid 312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 312] munmap(0x7f761e81f000, 1048576) = 0 [pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 312] close(3) = 0 [pid 312] mkdir("./file0", 0777) = 0 [pid 312] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 312] chdir("./file0") = 0 [pid 312] ioctl(4, LOOP_CLR_FD) = 0 [pid 312] close(4) = 0 [pid 312] futex(0x7f7626d1878c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 311] <... futex resumed>) = 0 [pid 311] futex(0x7f7626d18788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7f7626d1878c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 312] futex(0x7f7626d1878c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 311] <... futex resumed>) = 0 [pid 311] futex(0x7f7626d18788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7f7626d1879c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f761e8fe000 [pid 311] mprotect(0x7f761e8ff000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 311] clone(child_stack=0x7f761e91e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[316], tls=0x7f761e91e700, child_tidptr=0x7f761e91e9d0) = 316 [pid 311] futex(0x7f7626d18798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7f7626d1879c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x7f761e91e9e0, 24) = 0 [pid 316] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 312] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 316] futex(0x7f7626d1879c, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = 0 [pid 311] futex(0x7f7626d18798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7f7626d1879c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] open("./bus", O_RDWR) = 5 [pid 316] futex(0x7f7626d1879c, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = 0 [pid 311] futex(0x7f7626d18798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7f7626d1879c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 311] <... futex resumed>) = 0 [pid 311] futex(0x7f7626d18798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] <... futex resumed>) = 1 [pid 316] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040) = -1 EFAULT (Bad address) [pid 316] futex(0x7f7626d1879c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 21.721717][ T312] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 21.752878][ T316] EXT4-fs error (device loop0): ext4_mb_generate_buddy:747: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 21.768180][ T312] ------------[ cut here ]------------ [ 21.773642][ T312] kernel BUG at fs/ext4/inode.c:2851! [ 21.779251][ T312] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 21.785323][ T312] CPU: 0 PID: 312 Comm: syz-executor316 Not tainted 5.4.225-syzkaller-00007-g250ac66f1853 #0 [ 21.795469][ T312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 21.805591][ T312] RIP: 0010:ext4_writepages+0x3a16/0x3a40 [ 21.811304][ T312] Code: 7a a2 ff 31 ff 89 de e8 f8 79 a2 ff 45 84 f6 75 2e e8 de 77 a2 ff 49 bd 00 00 00 00 00 fc ff df e9 6e f9 ff ff e8 ca 77 a2 ff <0f> 0b e8 c3 77 a2 ff 0f 0b e8 bc 77 a2 ff e8 77 87 3f ff eb 8f e8 [ 21.830891][ T312] RSP: 0018:ffff8881dc847440 EFLAGS: 00010293 [ 21.836955][ T312] RAX: ffffffff81c0bf36 RBX: 0000010000000000 RCX: ffff8881dd12ee40 [ 21.844918][ T312] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 21.852866][ T312] RBP: ffff8881dc847830 R08: ffffffff81c08d1f R09: ffffed103ccf0a97 [ 21.860816][ T312] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881e6785560 [pid 316] futex(0x7f7626d18798, FUTEX_WAIT_PRIVATE, 0, NULLwrite to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory [pid 311] write(1, "write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory\n", 90) = 90 [pid 311] exit_group(0 [pid 316] <... futex resumed>) = ? [pid 311] <... exit_group resumed>) = ? [pid 316] +++ exited with 0 +++ [ 21.868766][ T312] R13: dffffc0000000000 R14: 0000010410000000 R15: ffff8881dc847700 [ 21.876805][ T312] FS: 00007f7626c3f700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 21.885724][ T312] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.892301][ T312] CR2: 00007f7626c40000 CR3: 00000001dcc7c000 CR4: 00000000003406f0 [ 21.900257][ T312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.908295][ T312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.916245][ T312] Call Trace: [ 21.919524][ T312] ? _raw_spin_trylock_bh+0x190/0x190 [ 21.924891][ T312] ? mark_buffer_dirty+0x1cc/0x3b0 [ 21.929989][ T312] ? __ext4_handle_dirty_metadata+0x279/0x610 [ 21.936038][ T312] ? ext4_mark_iloc_dirty+0x2375/0x3560 [ 21.941581][ T312] ? ext4_readpage+0x2e0/0x2e0 [ 21.946367][ T312] ? domain_dirty_limits+0x1f1/0x3c0 [ 21.951669][ T312] ? balance_dirty_pages+0x1c6c/0x1f60 [ 21.957115][ T312] ? ext4_blocks_for_truncate+0x210/0x210 [ 21.962828][ T312] ? ext4_readpage+0x2e0/0x2e0 [ 21.967573][ T312] do_writepages+0x12b/0x270 [ 21.972146][ T312] ? debug_smp_processor_id+0x20/0x20 [ 21.977520][ T312] ? __writepage+0x110/0x110 [ 21.982096][ T312] ? balance_dirty_pages_ratelimited+0x39f/0x530 [ 21.988429][ T312] file_write_and_wait_range+0x341/0x410 [ 21.994052][ T312] ? __filemap_set_wb_err+0x190/0x190 [ 21.999423][ T312] ? grab_cache_page_write_begin+0x90/0x90 [ 22.005219][ T312] ? file_remove_privs+0x640/0x640 [ 22.010307][ T312] __generic_file_fsync+0x6e/0x190 [ 22.015399][ T312] ext4_sync_file+0x251/0xcc0 [ 22.020057][ T312] ext4_file_write_iter+0xa03/0x10e0 [ 22.025322][ T312] ? ext4_file_read_iter+0x140/0x140 [ 22.030587][ T312] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 22.035683][ T312] ? _raw_spin_lock_irqsave+0x210/0x210 [ 22.041222][ T312] ? cgroup_update_frozen+0x157/0xab0 [ 22.046585][ T312] ? cgroup_update_frozen+0x157/0xab0 [ 22.051937][ T312] ? cgroup_leave_frozen+0x13c/0x290 [ 22.057262][ T312] ? iov_iter_init+0x82/0x160 [ 22.061933][ T312] __vfs_write+0x5d3/0x750 [ 22.066338][ T312] ? __kernel_write+0x350/0x350 [ 22.071167][ T312] ? check_preemption_disabled+0x9f/0x320 [ 22.076962][ T312] ? debug_smp_processor_id+0x20/0x20 [ 22.082313][ T312] ? selinux_file_permission+0x2be/0x530 [ 22.087939][ T312] vfs_write+0x206/0x4e0 [ 22.092251][ T312] ksys_write+0x199/0x2c0 [ 22.096572][ T312] ? do_syscall_64+0x1c0/0x1c0 [ 22.101337][ T312] ? __ia32_sys_read+0x80/0x80 [ 22.106085][ T312] do_syscall_64+0xca/0x1c0 [ 22.110590][ T312] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 22.116488][ T312] Modules linked in: [ 22.120592][ T312] ---[ end trace 7d01f7f80b14b1ca ]--- [ 22.126059][ T312] RIP: 0010:ext4_writepages+0x3a16/0x3a40 [ 22.131790][ T312] Code: 7a a2 ff 31 ff 89 de e8 f8 79 a2 ff 45 84 f6 75 2e e8 de 77 a2 ff 49 bd 00 00 00 00 00 fc ff df e9 6e f9 ff ff e8 ca 77 a2 ff <0f> 0b e8 c3 77 a2 ff 0f 0b e8 bc 77 a2 ff e8 77 87 3f ff eb 8f e8 [ 22.151493][ T312] RSP: 0018:ffff8881dc847440 EFLAGS: 00010293 [ 22.157628][ T312] RAX: ffffffff81c0bf36 RBX: 0000010000000000 RCX: ffff8881dd12ee40 [ 22.165606][ T312] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 22.173594][ T312] RBP: ffff8881dc847830 R08: ffffffff81c08d1f R09: ffffed103ccf0a97 [ 22.181582][ T312] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881e6785560 [ 22.189562][ T312] R13: dffffc0000000000 R14: 0000010410000000 R15: ffff8881dc847700 [ 22.197526][ T312] FS: 00007f7626c3f700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 22.206474][ T312] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.213076][ T312] CR2: 00007f7626c40000 CR3: 00000001dcc7c000 CR4: 00000000003406f0 [ 22.221116][ T312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.229111][ T312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.237085][ T312] Kernel panic - not syncing: Fatal exception [ 22.243397][ T312] Kernel Offset: disabled [ 22.247710][ T312] Rebooting in 86400 seconds..