./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor274412915 <...> Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts. execve("./syz-executor274412915", ["./syz-executor274412915"], 0x7fff90de3320 /* 10 vars */) = 0 brk(NULL) = 0x555556558000 brk(0x555556558c40) = 0x555556558c40 arch_prctl(ARCH_SET_FS, 0x555556558300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor274412915", 4096) = 27 brk(0x555556579c40) = 0x555556579c40 brk(0x55555657a000) = 0x55555657a000 mprotect(0x7f3b39d87000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5072 attached , child_tidptr=0x5555565585d0) = 5072 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 5073 attached [pid 5073] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5071] <... clone resumed>, child_tidptr=0x5555565585d0) = 5073 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5073] <... openat resumed>) = 3 [pid 5073] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5073] close(3./strace-static-x86_64: Process 5074 attached ) = 0 [pid 5072] <... openat resumed>) = 3 [pid 5072] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5071] <... clone resumed>, child_tidptr=0x5555565585d0) = 5074 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] close(3) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] <... clone resumed>, child_tidptr=0x5555565585d0) = 5075 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] <... clone resumed>, child_tidptr=0x5555565585d0) = 5076 ./strace-static-x86_64: Process 5075 attached ./strace-static-x86_64: Process 5076 attached [pid 5071] <... clone resumed>, child_tidptr=0x5555565585d0) = 5077 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565585d0) = 5078 [pid 5075] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 5078 attached ./strace-static-x86_64: Process 5077 attached ) = 0 [pid 5075] <... openat resumed>) = 3 [pid 5077] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5076] setpgid(0, 0 [pid 5075] ioctl(3, LOOP_CLR_FD [pid 5076] <... setpgid resumed>) = 0 [pid 5077] <... openat resumed>) = 3 [pid 5075] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5077] ioctl(3, LOOP_CLR_FD [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5075] close(3 [pid 5076] <... openat resumed>) = 3 [pid 5075] <... close resumed>) = 0 [pid 5076] write(3, "1000", 4 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5077] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5076] <... write resumed>) = 4 [pid 5077] close(3 [pid 5076] close(3 [pid 5074] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5076] <... close resumed>) = 0 [pid 5075] <... clone resumed>, child_tidptr=0x5555565585d0) = 5079 [pid 5077] <... close resumed>) = 0 [pid 5076] memfd_create("syzkaller", 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] <... openat resumed>) = 3 [pid 5074] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5073] <... clone resumed>, child_tidptr=0x5555565585d0) = 5080 [pid 5074] close(3) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565585d0) = 5081 [pid 5078] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5077] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached [pid 5078] <... openat resumed>) = 3 [pid 5077] <... clone resumed>, child_tidptr=0x5555565585d0) = 5082 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 5082 attached ./strace-static-x86_64: Process 5079 attached [pid 5080] setpgid(0, 0 [pid 5078] ioctl(3, LOOP_CLR_FD [pid 5080] <... setpgid resumed>) = 0 [pid 5078] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5078] close(3 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5079] <... prctl resumed>) = 0 [pid 5078] <... close resumed>) = 0 [pid 5082] <... prctl resumed>) = 0 [pid 5080] <... openat resumed>) = 3 [pid 5079] setpgid(0, 0 [pid 5078] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] setpgid(0, 0 [pid 5080] write(3, "1000", 4 [pid 5079] <... setpgid resumed>) = 0 [pid 5082] <... setpgid resumed>) = 0 [pid 5080] <... write resumed>) = 4 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5080] close(3 [pid 5079] <... openat resumed>) = 3 [pid 5078] <... clone resumed>, child_tidptr=0x5555565585d0) = 5084 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5080] <... close resumed>) = 0 [pid 5079] write(3, "1000", 4./strace-static-x86_64: Process 5084 attached ./strace-static-x86_64: Process 5081 attached [pid 5082] <... openat resumed>) = 3 [pid 5080] memfd_create("syzkaller", 0 [pid 5079] <... write resumed>) = 4 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5082] write(3, "1000", 4 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5080] <... memfd_create resumed>) = 3 [pid 5079] close(3 [pid 5084] <... prctl resumed>) = 0 [pid 5082] <... write resumed>) = 4 [pid 5081] <... prctl resumed>) = 0 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5079] <... close resumed>) = 0 [pid 5084] setpgid(0, 0 [pid 5082] close(3 [pid 5081] setpgid(0, 0 [pid 5080] <... mmap resumed>) = 0x7f3b318cc000 [pid 5079] memfd_create("syzkaller", 0 [pid 5076] <... memfd_create resumed>) = 3 [pid 5084] <... setpgid resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5081] <... setpgid resumed>) = 0 [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5079] <... memfd_create resumed>) = 3 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5082] memfd_create("syzkaller", 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5080] <... write resumed>) = 262144 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5076] <... mmap resumed>) = 0x7f3b318cc000 [pid 5084] <... openat resumed>) = 3 [pid 5082] <... memfd_create resumed>) = 3 [pid 5081] <... openat resumed>) = 3 [pid 5080] munmap(0x7f3b318cc000, 262144 [pid 5079] <... mmap resumed>) = 0x7f3b318cc000 [pid 5084] write(3, "1000", 4 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5081] write(3, "1000", 4 [pid 5080] <... munmap resumed>) = 0 [pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5084] <... write resumed>) = 4 [pid 5082] <... mmap resumed>) = 0x7f3b318cc000 [pid 5081] <... write resumed>) = 4 [pid 5080] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5084] close(3 [pid 5081] close(3 [pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5080] <... openat resumed>) = 4 [pid 5076] <... write resumed>) = 262144 [pid 5084] <... close resumed>) = 0 syzkaller login: [ 50.749446][ T5076] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5076 'syz-executor274' [pid 5081] <... close resumed>) = 0 [pid 5080] ioctl(4, LOOP_SET_FD, 3 [pid 5084] memfd_create("syzkaller", 0 [pid 5082] <... write resumed>) = 262144 [pid 5081] memfd_create("syzkaller", 0 [pid 5079] <... write resumed>) = 262144 [pid 5076] munmap(0x7f3b318cc000, 262144 [pid 5084] <... memfd_create resumed>) = 3 [pid 5082] munmap(0x7f3b318cc000, 262144 [pid 5081] <... memfd_create resumed>) = 3 [pid 5079] munmap(0x7f3b318cc000, 262144 [pid 5076] <... munmap resumed>) = 0 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5082] <... munmap resumed>) = 0 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5079] <... munmap resumed>) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5084] <... mmap resumed>) = 0x7f3b318cc000 [pid 5082] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5081] <... mmap resumed>) = 0x7f3b318cc000 [pid 5080] <... ioctl resumed>) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5076] <... openat resumed>) = 4 [pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5082] <... openat resumed>) = 4 [pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5080] close(3 [pid 5079] <... openat resumed>) = 4 [pid 5076] ioctl(4, LOOP_SET_FD, 3 [pid 5084] <... write resumed>) = 262144 [pid 5082] ioctl(4, LOOP_SET_FD, 3 [pid 5081] <... write resumed>) = 262144 [pid 5080] <... close resumed>) = 0 [pid 5079] ioctl(4, LOOP_SET_FD, 3 [pid 5084] munmap(0x7f3b318cc000, 262144 [pid 5081] munmap(0x7f3b318cc000, 262144 [pid 5080] mkdir("./file0", 0777 [pid 5084] <... munmap resumed>) = 0 [pid 5081] <... munmap resumed>) = 0 [pid 5080] <... mkdir resumed>) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5081] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5080] mount("/dev/loop1", "./file0", "ext4", 0, ",errors=continue" [pid 5076] <... ioctl resumed>) = 0 [pid 5084] <... openat resumed>) = 4 [pid 5081] <... openat resumed>) = 4 [ 50.806679][ T5080] loop1: detected capacity change from 0 to 512 [ 50.833253][ T5076] loop0: detected capacity change from 0 to 512 [ 50.840059][ T5082] loop4: detected capacity change from 0 to 512 [ 50.844021][ T5084] loop5: detected capacity change from 0 to 512 [pid 5084] ioctl(4, LOOP_SET_FD, 3 [pid 5081] ioctl(4, LOOP_SET_FD, 3 [pid 5082] <... ioctl resumed>) = 0 [pid 5079] <... ioctl resumed>) = 0 [pid 5076] close(3 [pid 5082] close(3 [pid 5079] close(3 [pid 5076] <... close resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5079] <... close resumed>) = 0 [pid 5076] mkdir("./file0", 0777 [pid 5082] mkdir("./file0", 0777 [pid 5079] mkdir("./file0", 0777 [pid 5076] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5082] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5079] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5076] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 5082] mount("/dev/loop4", "./file0", "ext4", 0, ",errors=continue" [pid 5079] mount("/dev/loop3", "./file0", "ext4", 0, ",errors=continue" [pid 5084] <... ioctl resumed>) = 0 [pid 5084] close(3) = 0 [pid 5084] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5084] mount("/dev/loop5", "./file0", "ext4", 0, ",errors=continue" [pid 5081] <... ioctl resumed>) = 0 [pid 5081] close(3) = 0 [pid 5081] mkdir("./file0", 0777) = -1 EEXIST (File exists) [ 50.847261][ T5079] loop3: detected capacity change from 0 to 512 [ 50.854124][ T5081] loop2: detected capacity change from 0 to 512 [ 50.895079][ T5079] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5081] mount("/dev/loop2", "./file0", "ext4", 0, ",errors=continue" [pid 5079] <... mount resumed>) = 0 [pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file0") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [ 50.901161][ T5084] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 50.918578][ T5080] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 50.919808][ T5076] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 50.943139][ T5082] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5079] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5082] <... mount resumed>) = 0 [pid 5080] <... mount resumed>) = 0 [pid 5079] <... openat resumed>) = 4 [pid 5082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5082] <... openat resumed>) = 3 [pid 5080] <... openat resumed>) = 3 [pid 5079] ioctl(4, FS_IOC_GETFSMAP, 0x20000200 [pid 5082] chdir("./file0" [pid 5080] chdir("./file0" [pid 5079] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... chdir resumed>) = 0 [pid 5080] <... chdir resumed>) = 0 [pid 5082] ioctl(4, LOOP_CLR_FD [pid 5080] ioctl(4, LOOP_CLR_FD [pid 5079] exit_group(0 [pid 5082] <... ioctl resumed>) = 0 [pid 5080] <... ioctl resumed>) = 0 [pid 5079] <... exit_group resumed>) = ? [pid 5082] close(4 [pid 5080] close(4 [pid 5079] +++ exited with 0 +++ [pid 5082] <... close resumed>) = 0 [pid 5080] <... close resumed>) = 0 [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5082] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5081] <... mount resumed>) = 0 [pid 5080] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5076] <... mount resumed>) = 0 [pid 5075] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5084] <... mount resumed>) = 0 [pid 5082] <... openat resumed>) = 4 [pid 5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5082] ioctl(4, FS_IOC_GETFSMAP, 0x20000200 [pid 5080] <... openat resumed>) = 4 [pid 5084] <... openat resumed>) = 3 [pid 5082] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5084] chdir("./file0" [pid 5082] exit_group(0 [pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5080] ioctl(4, FS_IOC_GETFSMAP, 0x20000200 [pid 5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5075] <... openat resumed>) = 3 [pid 5084] <... chdir resumed>) = 0 [pid 5082] <... exit_group resumed>) = ? [pid 5081] <... openat resumed>) = 3 [pid 5080] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5075] ioctl(3, LOOP_CLR_FD [pid 5084] ioctl(4, LOOP_CLR_FD [pid 5075] <... ioctl resumed>) = 0 [pid 5084] <... ioctl resumed>) = 0 [pid 5075] close(3 [pid 5084] close(4 [pid 5075] <... close resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5076] <... openat resumed>) = 3 [ 50.944330][ T5081] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5084] <... openat resumed>) = 4 [pid 5082] +++ exited with 0 +++ [pid 5081] chdir("./file0" [pid 5080] exit_group(0 [pid 5076] chdir("./file0" [pid 5075] <... clone resumed>, child_tidptr=0x5555565585d0) = 5094 [pid 5084] ioctl(4, FS_IOC_GETFSMAP, 0x20000200 [pid 5081] <... chdir resumed>) = 0 [pid 5080] <... exit_group resumed>) = ? [pid 5076] <... chdir resumed>) = 0 [pid 5077] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5077] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 ./strace-static-x86_64: Process 5094 attached [pid 5077] ioctl(3, LOOP_CLR_FD [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5077] <... ioctl resumed>) = 0 [pid 5094] <... prctl resumed>) = 0 [pid 5077] close(3 [pid 5094] setpgid(0, 0 [pid 5081] ioctl(4, LOOP_CLR_FD [pid 5080] +++ exited with 0 +++ [pid 5077] <... close resumed>) = 0 [pid 5076] ioctl(4, LOOP_CLR_FD [pid 5094] <... setpgid resumed>) = 0 [pid 5081] <... ioctl resumed>) = 0 [pid 5077] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5081] close(4 [pid 5076] <... ioctl resumed>) = 0 [pid 5094] <... openat resumed>) = 3 [pid 5081] <... close resumed>) = 0 [pid 5077] <... clone resumed>, child_tidptr=0x5555565585d0) = 5095 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] memfd_create("syzkaller", 0) = 3 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b318cc000 [pid 5076] close(4 [pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5081] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5076] <... close resumed>) = 0 [ 51.019970][ T5084] ------------[ cut here ]------------ [ 51.044794][ T5084] kernel BUG at fs/ext4/ext4.h:3331! [ 51.050155][ T5084] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 51.056253][ T5084] CPU: 0 PID: 5084 Comm: syz-executor274 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0 [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- ./strace-static-x86_64: Process 5095 attached [pid 5094] <... write resumed>) = 262144 [pid 5081] <... openat resumed>) = 4 [pid 5076] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5073] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5094] munmap(0x7f3b318cc000, 262144 [pid 5081] ioctl(4, FS_IOC_GETFSMAP, 0x20000200 [pid 5076] <... openat resumed>) = 4 [pid 5073] <... openat resumed>) = 3 [pid 5095] <... prctl resumed>) = 0 [pid 5094] <... munmap resumed>) = 0 [ 51.066165][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 51.076236][ T5084] RIP: 0010:ext4_get_group_info+0x3c9/0x430 [ 51.082185][ T5084] Code: ff 48 c7 c2 80 b5 62 8a be 06 03 00 00 48 c7 c7 e0 b5 62 8a c6 05 a6 3e 37 0c 01 e8 91 a2 95 07 e9 7e fd ff ff e8 e7 ae 5a ff <0f> 0b e8 40 7e a8 ff e9 8f fc ff ff e8 36 7e a8 ff e9 c9 fc ff ff [ 51.091811][ T5081] ------------[ cut here ]------------ [ 51.101792][ T5084] RSP: 0018:ffffc90003d6f3e8 EFLAGS: 00010293 [pid 5076] ioctl(4, FS_IOC_GETFSMAP, 0x20000200 [pid 5073] ioctl(3, LOOP_CLR_FD [pid 5095] setpgid(0, 0 [pid 5094] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5073] <... ioctl resumed>) = 0 [pid 5095] <... setpgid resumed>) = 0 [pid 5094] <... openat resumed>) = 4 [pid 5073] close(3 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5094] ioctl(4, LOOP_SET_FD, 3 [pid 5073] <... close resumed>) = 0 [pid 5095] <... openat resumed>) = 3 [pid 5094] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5095] write(3, "1000", 4 [pid 5094] ioctl(4, LOOP_CLR_FD [pid 5095] <... write resumed>) = 4 [pid 5094] <... ioctl resumed>) = 0 [pid 5073] <... clone resumed>, child_tidptr=0x5555565585d0) = 5097 [pid 5095] close(3) = 0 [pid 5095] memfd_create("syzkaller", 0) = 3 [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b318cc000 [pid 5094] ioctl(4, LOOP_SET_FD, 3 [pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5094] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5095] <... write resumed>) = 262144 [pid 5094] close(4 [pid 5095] munmap(0x7f3b318cc000, 262144 [pid 5094] <... close resumed>) = 0 [pid 5095] <... munmap resumed>) = 0 [pid 5094] close(3 [pid 5095] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5094] <... close resumed>) = 0 [pid 5095] <... openat resumed>) = 4 [pid 5094] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5095] ioctl(4, LOOP_SET_FD, 3 [pid 5094] <... openat resumed>) = 3 [pid 5095] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5094] ioctl(3, FS_IOC_GETFSMAP, 0x20000200 [pid 5095] ioctl(4, LOOP_CLR_FD [pid 5094] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5095] <... ioctl resumed>) = 0 [pid 5094] exit_group(0) = ? [pid 5094] +++ exited with 0 +++ [pid 5095] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5095] close(4) = 0 [pid 5095] close(3) = 0 [pid 5095] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5095] ioctl(3, FS_IOC_GETFSMAP, 0x20000200) = -1 EINVAL (Invalid argument) [pid 5095] exit_group(0) = ? [pid 5095] +++ exited with 0 +++ [ 51.101814][ T5084] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 51.101826][ T5084] RDX: ffff88802aef3a80 RSI: ffffffff82270df9 RDI: 0000000000000004 [ 51.101839][ T5084] RBP: ffff88807a1ba000 R08: 0000000000000004 R09: 0000000000000001 [ 51.109440][ T5076] ------------[ cut here ]------------ [ 51.113331][ T5084] R10: 0000000000000001 R11: 0000000000094001 R12: ffff88807a1b8000 [ 51.113347][ T5084] R13: ffff88807a1b8678 R14: 0000000000000001 R15: fffff520007adefc [ 51.113359][ T5084] FS: 0000555556558300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 51.167514][ T5076] kernel BUG at fs/ext4/ext4.h:3331! [ 51.168340][ T5084] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.185106][ T5084] CR2: 00007f3b3190b000 CR3: 0000000072a14000 CR4: 00000000003506f0 [ 51.186885][ T5081] kernel BUG at fs/ext4/ext4.h:3331! [ 51.193076][ T5084] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.193091][ T5084] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.193104][ T5084] Call Trace: [ 51.193109][ T5084] [ 51.193118][ T5084] ext4_mb_load_buddy_gfp+0xc9/0x1350 [ 51.226197][ T5084] ? ext4_mballoc_query_range+0x516/0x890 [ 51.231923][ T5084] ext4_mballoc_query_range+0xa5/0x890 [ 51.237364][ T5084] ? ext4_getfsmap_free_fixed_metadata+0x200/0x200 [ 51.243847][ T5084] ? ext4_trim_fs+0x1500/0x1500 [ 51.248764][ T5084] ? rcu_read_lock_sched_held+0x3e/0x70 [ 51.254292][ T5084] ? trace_ext4_fsmap_high_key+0x270/0x360 [ 51.260082][ T5084] ext4_getfsmap_datadev+0x178e/0x2480 [ 51.265529][ T5084] ? ext4_getfsmap_datadev_helper+0x9d0/0x9d0 [ 51.271674][ T5084] ? ext4_dax_fault+0x20/0x20 [ 51.276345][ T5084] ? sort+0x96/0xd0 [ 51.280138][ T5084] ? is_bpf_text_address+0x7b/0x1b0 [ 51.285329][ T5084] ext4_getfsmap+0x6ce/0x990 [ 51.289899][ T5084] ? ext4_fsmap_to_internal+0x2c0/0x2c0 [ 51.295435][ T5084] ? swap_inode_data+0x4e0/0x4e0 [ 51.300357][ T5084] ? find_held_lock+0x2d/0x110 [ 51.305122][ T5084] ? ext4_getfsmap_datadev_helper+0x9d0/0x9d0 [ 51.311173][ T5084] ? lock_downgrade+0x6e0/0x6e0 [ 51.316089][ T5084] ? trace_lock_acquire+0x1f1/0x290 [ 51.321313][ T5084] ext4_ioc_getfsmap+0x344/0x9c0 [ 51.326252][ T5084] ? ext4_getfsmap_format+0x570/0x570 [ 51.331625][ T5084] ? find_held_lock+0x2d/0x110 [ 51.336399][ T5084] ? debug_check_no_obj_freed+0x210/0x420 [ 51.342105][ T5084] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 51.348089][ T5084] ? lock_downgrade+0x6e0/0x6e0 [ 51.352918][ T5084] ? __kmem_cache_free+0xaf/0x2d0 [ 51.358025][ T5084] __ext4_ioctl+0x352/0x4b90 [ 51.363035][ T5084] ? tomoyo_path_number_perm+0x166/0x570 [ 51.368659][ T5084] ? ext4_reset_inode_seed+0x450/0x450 [ 51.374101][ T5084] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 51.379992][ T5084] ? do_vfs_ioctl+0x132/0x15b0 [ 51.384746][ T5084] ? vfs_fileattr_set+0xc40/0xc40 [ 51.389766][ T5084] ? find_held_lock+0x2d/0x110 [ 51.394519][ T5084] ? calibrate_delay+0x253/0x1130 [ 51.399634][ T5084] ? lock_downgrade+0x6e0/0x6e0 [ 51.404464][ T5084] ? ext4_fileattr_set+0x1a50/0x1a50 [ 51.409730][ T5084] __x64_sys_ioctl+0x197/0x210 [ 51.414472][ T5084] do_syscall_64+0x39/0xb0 [ 51.418871][ T5084] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.424749][ T5084] RIP: 0033:0x7f3b39d19409 [ 51.429158][ T5084] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.448752][ T5084] RSP: 002b:00007fff3fc18708 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 51.457152][ T5084] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f3b39d19409 [ 51.465102][ T5084] RDX: 0000000020000200 RSI: 00000000c0c0583b RDI: 0000000000000004 [ 51.473051][ T5084] RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d [ 51.481000][ T5084] R10: 00000000000003f1 R11: 0000000000000246 R12: 00007f3b39cd85e0 [ 51.488960][ T5084] R13: 00007fff3fc18730 R14: 00007fff3fc1871c R15: 00007fff3fc18720 [ 51.496911][ T5084] [ 51.499907][ T5084] Modules linked in: [ 51.503826][ T5081] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 51.509919][ T5081] CPU: 1 PID: 5081 Comm: syz-executor274 Tainted: G D 6.2.0-rc3-next-20230112-syzkaller #0 [ 51.521282][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 51.531349][ T5081] RIP: 0010:ext4_get_group_info+0x3c9/0x430 [ 51.537356][ T5081] Code: ff 48 c7 c2 80 b5 62 8a be 06 03 00 00 48 c7 c7 e0 b5 62 8a c6 05 a6 3e 37 0c 01 e8 91 a2 95 07 e9 7e fd ff ff e8 e7 ae 5a ff <0f> 0b e8 40 7e a8 ff e9 8f fc ff ff e8 36 7e a8 ff e9 c9 fc ff ff [ 51.557046][ T5081] RSP: 0018:ffffc90003d4f3e8 EFLAGS: 00010293 [ 51.563110][ T5081] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 51.571091][ T5081] RDX: ffff888020da1d40 RSI: ffffffff82270df9 RDI: 0000000000000004 [ 51.579055][ T5081] RBP: ffff88807a1ba000 R08: 0000000000000004 R09: 0000000000000001 [ 51.587022][ T5081] R10: 0000000000000001 R11: 0000000000094001 R12: ffff88807a1b8000 [ 51.595024][ T5081] R13: ffff88807a1b8678 R14: 0000000000000001 R15: fffff520007a9efc [ 51.603094][ T5081] FS: 0000555556558300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 51.612027][ T5081] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.618607][ T5081] CR2: 00007f3b39d5c558 CR3: 000000007caa4000 CR4: 00000000003506e0 [ 51.626584][ T5081] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.634563][ T5081] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.642546][ T5081] Call Trace: [ 51.645833][ T5081] [ 51.648760][ T5081] ext4_mb_load_buddy_gfp+0xc9/0x1350 [ 51.654140][ T5081] ? ext4_mballoc_query_range+0x516/0x890 [ 51.659859][ T5081] ext4_mballoc_query_range+0xa5/0x890 [ 51.665330][ T5081] ? ext4_getfsmap_free_fixed_metadata+0x200/0x200 [ 51.671846][ T5081] ? ext4_trim_fs+0x1500/0x1500 [ 51.676695][ T5081] ? ext4_getfsmap_datadev+0xe56/0x2480 [ 51.682240][ T5081] ? trace_ext4_fsmap_high_key+0x270/0x360 [ 51.688055][ T5081] ext4_getfsmap_datadev+0x178e/0x2480 [ 51.693538][ T5081] ? ext4_getfsmap_datadev_helper+0x9d0/0x9d0 [ 51.699609][ T5081] ? ext4_dax_fault+0x20/0x20 [ 51.704282][ T5081] ? sort+0x96/0xd0 [ 51.708144][ T5081] ? lock_release+0x5cf/0x810 [ 51.712814][ T5081] ? is_bpf_text_address+0x4/0x1b0 [ 51.717964][ T5081] ? is_bpf_text_address+0x7b/0x1b0 [ 51.723167][ T5081] ext4_getfsmap+0x6ce/0x990 [ 51.727771][ T5081] ? ext4_fsmap_to_internal+0x2c0/0x2c0 [ 51.733309][ T5081] ? is_bpf_text_address+0x9d/0x1b0 [ 51.738593][ T5081] ? swap_inode_data+0x4e0/0x4e0 [ 51.743616][ T5081] ? __kmem_cache_free+0xaf/0x2d0 [ 51.748644][ T5081] ? ext4_getfsmap_datadev_helper+0x9d0/0x9d0 [ 51.754717][ T5081] ? lock_downgrade+0x6e0/0x6e0 [ 51.759562][ T5081] ? trace_lock_acquire+0x1d1/0x290 [ 51.764762][ T5081] ext4_ioc_getfsmap+0x344/0x9c0 [ 51.769690][ T5081] ? ext4_getfsmap_format+0x570/0x570 [ 51.775144][ T5081] ? lock_release+0x5cf/0x810 [ 51.779826][ T5081] ? debug_check_no_obj_freed+0x210/0x420 [ 51.785547][ T5081] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 51.791367][ T5081] ? trace_hardirqs_on+0x31/0x180 [ 51.796589][ T5081] ? lock_downgrade+0x6e0/0x6e0 [ 51.801521][ T5081] ? tomoyo_path_number_perm+0x438/0x570 [ 51.807157][ T5081] ? __kmem_cache_free+0xaf/0x2d0 [ 51.812181][ T5081] __ext4_ioctl+0x352/0x4b90 [ 51.816763][ T5081] ? tomoyo_path_number_perm+0x166/0x570 [ 51.822401][ T5081] ? ext4_reset_inode_seed+0x450/0x450 [ 51.827868][ T5081] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 51.833768][ T5081] ? do_vfs_ioctl+0x132/0x15b0 [ 51.838560][ T5081] ? vfs_fileattr_set+0xc40/0xc40 [ 51.843592][ T5081] ? asm_common_interrupt+0x26/0x40 [ 51.848887][ T5081] ? trace_hardirqs_on+0x31/0x180 [ 51.853940][ T5081] ? asm_common_interrupt+0x26/0x40 [ 51.859157][ T5081] ? ext4_fileattr_set+0x1a50/0x1a50 [ 51.864446][ T5081] ? ext4_fileattr_set+0x1a50/0x1a50 [ 51.869752][ T5081] __x64_sys_ioctl+0x197/0x210 [ 51.874864][ T5081] do_syscall_64+0x39/0xb0 [ 51.879369][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.885273][ T5081] RIP: 0033:0x7f3b39d19409 [ 51.889683][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.909287][ T5081] RSP: 002b:00007fff3fc18708 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [pid 5077] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- ./strace-static-x86_64: Process 5097 attached [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5075] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5097] <... prctl resumed>) = 0 [pid 5075] <... openat resumed>) = 3 [ 51.918135][ T5081] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f3b39d19409 [ 51.926101][ T5081] RDX: 0000000020000200 RSI: 00000000c0c0583b RDI: 0000000000000004 [ 51.934177][ T5081] RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d [ 51.942152][ T5081] R10: 00000000000003f1 R11: 0000000000000246 R12: 00007f3b39cd85e0 [ 51.950113][ T5081] R13: 00007fff3fc18730 R14: 00007fff3fc1871c R15: 00007fff3fc18720 [ 51.958089][ T5081] [ 51.961100][ T5081] Modules linked in: [pid 5097] setpgid(0, 0 [pid 5075] ioctl(3, LOOP_CLR_FD [pid 5097] <... setpgid resumed>) = 0 [pid 5075] <... ioctl resumed>) = 0 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5075] close(3 [pid 5097] <... openat resumed>) = 3 [pid 5075] <... close resumed>) = 0 [ 51.981385][ T5076] invalid opcode: 0000 [#3] PREEMPT SMP KASAN [ 51.987501][ T5076] CPU: 0 PID: 5076 Comm: syz-executor274 Tainted: G D 6.2.0-rc3-next-20230112-syzkaller #0 [ 51.998885][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 52.009041][ T5076] RIP: 0010:ext4_get_group_info+0x3c9/0x430 [ 52.013274][ T5084] ---[ end trace 0000000000000000 ]--- [pid 5077] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5077] ioctl(3, LOOP_CLR_FD) = 0 [pid 5077] close(3) = 0 [pid 5077] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565585d0) = 5098 [ 52.014943][ T5076] Code: ff 48 c7 c2 80 b5 62 8a be 06 03 00 00 48 c7 c7 e0 b5 62 8a c6 05 a6 3e 37 0c 01 e8 91 a2 95 07 e9 7e fd ff ff e8 e7 ae 5a ff <0f> 0b e8 40 7e a8 ff e9 8f fc ff ff e8 36 7e a8 ff e9 c9 fc ff ff [ 52.014966][ T5076] RSP: 0018:ffffc90003cef3e8 EFLAGS: 00010293 [ 52.020915][ T5084] RIP: 0010:ext4_get_group_info+0x3c9/0x430 [ 52.039992][ T5076] [ 52.039998][ T5076] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 52.040011][ T5076] RDX: ffff888078eed7c0 RSI: ffffffff82270df9 RDI: 0000000000000004 [ 52.040022][ T5076] RBP: ffff88807a1ba000 R08: 0000000000000004 R09: 0000000000000001 [ 52.040034][ T5076] R10: 0000000000000001 R11: 0000000000094001 R12: ffff88807a1b8000 [ 52.040045][ T5076] R13: ffff88807a1b8678 R14: 0000000000000001 R15: fffff5200079defc [ 52.067831][ T5084] Code: ff 48 c7 c2 80 b5 62 8a be 06 03 00 00 48 c7 c7 e0 b5 62 8a c6 05 a6 3e 37 0c 01 e8 91 a2 95 07 e9 7e fd ff ff e8 e7 ae 5a ff <0f> 0b e8 40 7e a8 ff e9 8f fc ff ff e8 36 7e a8 ff e9 c9 fc ff ff [ 52.070301][ T5076] FS: 0000555556558300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 52.070326][ T5076] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.079389][ T5084] RSP: 0018:ffffc90003d6f3e8 EFLAGS: 00010293 [ 52.086522][ T5076] CR2: 00007f3b39d5d01d CR3: 000000002a91f000 CR4: 00000000003506f0 [ 52.086537][ T5076] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.086549][ T5076] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.086561][ T5076] Call Trace: [ 52.086567][ T5076] [ 52.095512][ T5084] [ 52.114111][ T5076] ext4_mb_load_buddy_gfp+0xc9/0x1350 [ 52.114143][ T5076] ? ext4_mballoc_query_range+0x516/0x890 [ 52.123820][ T5084] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 52.129631][ T5076] ext4_mballoc_query_range+0xa5/0x890 [ 52.136458][ T5084] RDX: ffff88802aef3a80 RSI: ffffffff82270df9 RDI: 0000000000000004 [ 52.143729][ T5076] ? ext4_getfsmap_free_fixed_metadata+0x200/0x200 [ 52.143760][ T5076] ? ext4_trim_fs+0x1500/0x1500 [ 52.152474][ T5084] RBP: ffff88807a1ba000 R08: 0000000000000004 R09: 0000000000000001 [ 52.159697][ T5076] ? ext4_getfsmap_datadev+0xe56/0x2480 [ 52.159726][ T5076] ? trace_ext4_fsmap_high_key+0x270/0x360 [ 52.163763][ T5084] R10: 0000000000000001 R11: 0000000000094001 R12: ffff88807a1b8000 [ 52.165921][ T5076] ext4_getfsmap_datadev+0x178e/0x2480 [ 52.165954][ T5076] ? ext4_getfsmap_datadev_helper+0x9d0/0x9d0 [ 52.168810][ T5084] R13: ffff88807a1b8678 R14: 0000000000000001 R15: fffff520007adefc [ 52.174032][ T5076] ? ext4_dax_fault+0x20/0x20 [ 52.174056][ T5076] ? sort+0x96/0xd0 [ 52.180687][ T5084] FS: 0000555556558300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 52.187739][ T5076] ? lock_release+0x5cf/0x810 [ 52.187763][ T5076] ? is_bpf_text_address+0x4/0x1b0 [ 52.193933][ T5084] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.201153][ T5076] ? is_bpf_text_address+0x7b/0x1b0 [ 52.201188][ T5076] ext4_getfsmap+0x6ce/0x990 [ 52.208424][ T5084] CR2: 00007fff3fc186e8 CR3: 0000000072a14000 CR4: 00000000003506e0 [ 52.212488][ T5076] ? ext4_fsmap_to_internal+0x2c0/0x2c0 [ 52.212515][ T5076] ? is_bpf_text_address+0x9d/0x1b0 [ 52.221160][ T5084] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.226124][ T5076] ? swap_inode_data+0x4e0/0x4e0 [ 52.226152][ T5076] ? __kmem_cache_free+0xaf/0x2d0 [ 52.232727][ T5084] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.239891][ T5076] ? ext4_getfsmap_datadev_helper+0x9d0/0x9d0 [ 52.239920][ T5076] ? lock_downgrade+0x6e0/0x6e0 [ 52.246074][ T5084] Kernel panic - not syncing: Fatal exception [ 52.251403][ T5076] ? trace_lock_acquire+0x1d1/0x290 [ 52.259381][ T5076] ext4_ioc_getfsmap+0x344/0x9c0 [ 52.264140][ T5076] ? ext4_getfsmap_format+0x570/0x570 [ 52.267944][ T5076] ? lock_release+0x5cf/0x810 [ 52.276945][ T5076] ? debug_check_no_obj_freed+0x210/0x420 [ 52.281619][ T5076] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 52.286742][ T5076] ? trace_hardirqs_on+0x31/0x180 [ 52.293583][ T5076] ? lock_downgrade+0x6e0/0x6e0 [ 52.298785][ T5076] ? tomoyo_path_number_perm+0x438/0x570 [ 52.303479][ T5076] ? __kmem_cache_free+0xaf/0x2d0 [ 52.311536][ T5076] __ext4_ioctl+0x352/0x4b90 [ 52.317064][ T5076] ? tomoyo_path_number_perm+0x166/0x570 [ 52.322255][ T5076] ? ext4_reset_inode_seed+0x450/0x450 [ 52.330226][ T5076] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 52.335162][ T5076] ? do_vfs_ioctl+0x132/0x15b0 [ 52.340233][ T5076] ? vfs_fileattr_set+0xc40/0xc40 [ 52.348202][ T5076] ? lock_release+0x5cf/0x810 [ 52.354341][ T5076] ? calibrate_delay+0x253/0x1130 [ 52.359184][ T5076] ? lock_downgrade+0x6e0/0x6e0 [ 52.365240][ T5076] ? lock_acquire+0x32/0xc0 [ 52.370425][ T5076] ? ext4_fileattr_set+0x1a50/0x1a50 [ 52.375348][ T5076] __x64_sys_ioctl+0x197/0x210 [ 52.380711][ T5076] do_syscall_64+0x39/0xb0 [ 52.385399][ T5076] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.391111][ T5076] RIP: 0033:0x7f3b39d19409 [ 52.396904][ T5076] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.401914][ T5076] RSP: 002b:00007fff3fc18708 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 52.412355][ T5076] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f3b39d19409 [ 52.417361][ T5076] RDX: 0000000020000200 RSI: 00000000c0c0583b RDI: 0000000000000004 [ 52.421931][ T5076] RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d [ 52.427542][ T5076] R10: 00000000000003f1 R11: 0000000000000246 R12: 00007f3b39cd85e0 [ 52.432986][ T5076] R13: 00007fff3fc18730 R14: 00007fff3fc1871c R15: 00007fff3fc18720 [ 52.438863][ T5076] [ 52.443599][ T5076] Modules linked in: [ 52.458537][ T5084] Kernel Offset: disabled [ 52.572170][ T5084] Rebooting in 86400 seconds..