./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2520489151 <...> forked to background, child pid 192 Starting sshd: [ 6.481940][ T231] sshd (231) used greatest stack depth: 23672 bytes left OK syzkaller syzkaller login: [ 14.481728][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 14.481733][ T23] audit: type=1400 audit(1669521500.109:71): avc: denied { transition } for pid=265 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.487361][ T23] audit: type=1400 audit(1669521500.109:72): avc: denied { write } for pid=265 comm="sh" path="pipe:[10636]" dev="pipefs" ino=10636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts. execve("./syz-executor2520489151", ["./syz-executor2520489151"], 0x7ffe40c8a9c0 /* 10 vars */) = 0 brk(NULL) = 0x5555556ac000 brk(0x5555556acc40) = 0x5555556acc40 arch_prctl(ARCH_SET_FS, 0x5555556ac300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555556ac5d0) = 304 set_robust_list(0x5555556ac5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fa3abad1760, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fa3abad1e30}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fa3abad1800, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa3abad1e30}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2520489151", 4096) = 28 brk(0x5555556cdc40) = 0x5555556cdc40 brk(0x5555556ce000) = 0x5555556ce000 mprotect(0x7fa3abb93000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 304 mkdir("./syzkaller.JIRX5a", 0700) = 0 chmod("./syzkaller.JIRX5a", 0777) = 0 chdir("./syzkaller.JIRX5a") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ac5d0) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x5555556ac5e0, 24) = 0 [pid 306] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setsid() = 1 [pid 306] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 306] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 306] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 306] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 306] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 306] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 306] unshare(CLONE_NEWNS) = 0 [pid 306] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 306] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 306] unshare(CLONE_NEWCGROUP) = 0 [pid 306] unshare(CLONE_NEWUTS) = 0 [pid 306] unshare(CLONE_SYSVSEM) = 0 [pid 306] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 306] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 306] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 306] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 306] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 306] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 306] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 306] getpid() = 1 [pid 306] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 308] set_robust_list(0x7fa3abac09e0, 24) = 0 [pid 308] memfd_create("syzkaller", 0) = 3 [pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa3a36a0000 [pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 308] munmap(0x7fa3a36a0000, 1048576) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 308] close(3) = 0 [pid 308] mkdir("./file0", 0777) = 0 [ 26.279406][ T23] audit: type=1400 audit(1669521511.879:75): avc: denied { mount } for pid=306 comm="syz-executor252" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 26.302514][ T23] audit: type=1400 audit(1669521511.879:76): avc: denied { mounton } for pid=306 comm="syz-executor252" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [pid 308] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 308] chdir("./file0") = 0 [pid 308] ioctl(4, LOOP_CLR_FD) = 0 [pid 308] close(4) = 0 [pid 308] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fa3abb997ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 1 [pid 308] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 308] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fa3abb997ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 1 [pid 308] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 308] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fa3abb997ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 1 [pid 308] open("./bus", O_RDWR) = 5 [pid 308] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fa3abb997ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 1 [pid 308] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fa3abb997bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa3a377f000 [pid 307] mprotect(0x7fa3a3780000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] clone(child_stack=0x7fa3a379f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4], tls=0x7fa3a379f700, child_tidptr=0x7fa3a379f9d0) = 4 [pid 307] futex(0x7fa3abb997b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fa3abb997bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 1 [pid 308] write(4, 0x20000f80, 9) = 9 [pid 308] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7fa3abb997a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 312 attached [pid 312] set_robust_list(0x7fa3a379f9e0, 24) = 0 [ 26.324119][ T23] audit: type=1400 audit(1669521511.909:77): avc: denied { mounton } for pid=306 comm="syz-executor252" path="/dev/binderfs" dev="devtmpfs" ino=10818 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 26.330286][ T308] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.347536][ T23] audit: type=1400 audit(1669521511.909:78): avc: denied { mount } for pid=306 comm="syz-executor252" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [pid 312] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 308] <... futex resumed>) = ? [pid 307] <... futex resumed>) = ? [ 26.375760][ T312] EXT4-fs error (device loop0): ext4_mb_generate_buddy:747: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.379257][ T23] audit: type=1400 audit(1669521511.909:79): avc: denied { read write } for pid=306 comm="syz-executor252" name="loop0" dev="devtmpfs" ino=9304 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 308] +++ killed by SIGBUS (core dumped) +++ [ 26.417780][ T23] audit: type=1400 audit(1669521511.909:80): avc: denied { open } for pid=306 comm="syz-executor252" path="/dev/loop0" dev="devtmpfs" ino=9304 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 26.438700][ T312] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 6 with error 28 [ 26.442652][ T23] audit: type=1400 audit(1669521511.909:81): avc: denied { ioctl } for pid=306 comm="syz-executor252" path="/dev/loop0" dev="devtmpfs" ino=9304 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 26.454319][ T312] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.454319][ T312] [ 26.480071][ T23] audit: type=1400 audit(1669521511.909:82): avc: denied { mounton } for pid=307 comm="syz-executor252" path="/root/syzkaller.JIRX5a/0/file0" dev="sda1" ino=1141 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 26.490003][ T312] EXT4-fs (loop0): Total free blocks count 0 [ 26.519766][ T312] EXT4-fs (loop0): Free/Dirty block details [pid 312] +++ killed by SIGBUS (core dumped) +++ [pid 307] +++ killed by SIGBUS (core dumped) +++ [pid 306] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=17} --- [pid 306] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 306] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 306] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 306] getdents64(3, 0x5555556ad620 /* 4 entries */, 32768) = 112 [pid 306] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 306] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 306] unlink("./0/binderfs") = 0 [ 26.525628][ T312] EXT4-fs (loop0): free_blocks=2415919104 [ 26.531336][ T312] EXT4-fs (loop0): dirty_blocks=48 [ 26.536420][ T312] EXT4-fs (loop0): Block reservation details [ 26.542395][ T312] EXT4-fs (loop0): i_reserved_data_blocks=3 [ 26.552914][ T93] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 8196 with max blocks 4 with error 28 [ 26.565373][ T93] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.565373][ T93] [pid 306] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 306] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 306] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 306] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 306] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 306] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 306] getdents64(4, 0x5555556b5660 /* 2 entries */, 32768) = 48 [pid 306] getdents64(4, 0x5555556b5660 /* 0 entries */, 32768) = 0 [pid 306] close(4) = 0 [pid 306] rmdir("./0/file0") = 0 [pid 306] getdents64(3, 0x5555556ad620 /* 0 entries */, 32768) = 0 [pid 306] close(3) = 0 [pid 306] rmdir("./0") = 0 [pid 306] mkdir("./1", 0777) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 306] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 306] close(3) = 0 [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ac5d0) = 5 ./strace-static-x86_64: Process 313 attached [pid 313] set_robust_list(0x5555556ac5e0, 24) = 0 [pid 313] chdir("./1") = 0 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 313] setpgid(0, 0) = 0 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 313] write(3, "1000", 4) = 4 [pid 313] close(3) = 0 [pid 313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 313] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa3abaa0000 [pid 313] mprotect(0x7fa3abaa1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 313] clone(child_stack=0x7fa3abac03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 314 attached [pid 314] set_robust_list(0x7fa3abac09e0, 24) = 0 [pid 314] futex(0x7fa3abb997a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] <... clone resumed>, parent_tid=[6], tls=0x7fa3abac0700, child_tidptr=0x7fa3abac09d0) = 6 [pid 313] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 314] <... futex resumed>) = 0 [pid 314] memfd_create("syzkaller", 0) = 3 [pid 313] futex(0x7fa3abb997ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa3a36a0000 [pid 314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 314] munmap(0x7fa3a36a0000, 1048576) = 0 [pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 314] close(3) = 0 [pid 314] mkdir("./file0", 0777) = 0 [pid 314] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 314] chdir("./file0") = 0 [pid 314] ioctl(4, LOOP_CLR_FD) = 0 [pid 314] close(4) = 0 [pid 314] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 314] futex(0x7fa3abb997a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 313] futex(0x7fa3abb997ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 0 [pid 314] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 314] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7fa3abb997ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 1 [pid 314] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 314] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7fa3abb997ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 1 [pid 314] open("./bus", O_RDWR) = 5 [pid 314] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7fa3abb997ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 1 [pid 314] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 313] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7fa3abb997bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa3a377f000 [pid 313] mprotect(0x7fa3a3780000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 313] clone(child_stack=0x7fa3a379f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 314] write(4, 0x20000f80, 9 [pid 313] <... clone resumed>, parent_tid=[7], tls=0x7fa3a379f700, child_tidptr=0x7fa3a379f9d0) = 7 [pid 313] futex(0x7fa3abb997b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7fa3abb997bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... write resumed>) = 9 [pid 314] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7fa3abb997a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 318 attached [pid 318] set_robust_list(0x7fa3a379f9e0, 24) = 0 [pid 318] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 313] <... futex resumed>) = ? [pid 314] <... futex resumed>) = ? [pid 314] +++ killed by SIGBUS (core dumped) +++ [ 26.659620][ T314] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.680843][ T318] EXT4-fs error (device loop0): ext4_mb_generate_buddy:747: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.723402][ T318] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 6 with error 28 [ 26.735666][ T318] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.735666][ T318] [ 26.745309][ T318] EXT4-fs (loop0): Total free blocks count 0 [ 26.751290][ T318] EXT4-fs (loop0): Free/Dirty block details [ 26.757155][ T318] EXT4-fs (loop0): free_blocks=2415919104 [ 26.762881][ T318] EXT4-fs (loop0): dirty_blocks=80 [pid 318] +++ killed by SIGBUS (core dumped) +++ [pid 313] +++ killed by SIGBUS (core dumped) +++ [pid 306] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=11} --- [pid 306] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 306] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 306] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 306] getdents64(3, 0x5555556ad620 /* 4 entries */, 32768) = 112 [pid 306] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 306] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 306] unlink("./1/binderfs") = 0 [pid 306] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 306] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 306] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 306] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 306] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 306] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 306] getdents64(4, 0x5555556b5660 /* 2 entries */, 32768) = 48 [pid 306] getdents64(4, 0x5555556b5660 /* 0 entries */, 32768) = 0 [pid 306] close(4) = 0 [ 26.767973][ T318] EXT4-fs (loop0): Block reservation details [ 26.773975][ T318] EXT4-fs (loop0): i_reserved_data_blocks=5 [ 26.782144][ T93] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 8196 with max blocks 4 with error 28 [ 26.794613][ T93] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.794613][ T93] [pid 306] rmdir("./1/file0") = 0 [pid 306] getdents64(3, 0x5555556ad620 /* 0 entries */, 32768) = 0 [pid 306] close(3) = 0 [pid 306] rmdir("./1") = 0 [pid 306] mkdir("./2", 0777) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 306] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 306] close(3) = 0 [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ac5d0) = 8 ./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x5555556ac5e0, 24) = 0 [pid 319] chdir("./2") = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 319] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa3abaa0000 [pid 319] mprotect(0x7fa3abaa1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 319] clone(child_stack=0x7fa3abac03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[9], tls=0x7fa3abac0700, child_tidptr=0x7fa3abac09d0) = 9 [pid 319] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7fa3abb997ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x7fa3abac09e0, 24) = 0 [pid 320] memfd_create("syzkaller", 0) = 3 [pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa3a36a0000 [pid 320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 320] munmap(0x7fa3a36a0000, 1048576) = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 320] close(3) = 0 [pid 320] mkdir("./file0", 0777) = 0 [pid 320] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 320] chdir("./file0") = 0 [pid 320] ioctl(4, LOOP_CLR_FD) = 0 [pid 320] close(4) = 0 [pid 320] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7fa3abb997ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 320] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7fa3abb997ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 320] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7fa3abb997ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] open("./bus", O_RDWR) = 5 [pid 320] futex(0x7fa3abb997ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7fa3abb997ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 319] futex(0x7fa3abb997a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7fa3abb997bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa3a377f000 [pid 319] mprotect(0x7fa3a3780000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 319] clone(child_stack=0x7fa3a379f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[10], tls=0x7fa3a379f700, child_tidptr=0x7fa3a379f9d0) = 10 [pid 319] futex(0x7fa3abb997b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7fa3abb997bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x7fa3a379f9e0, 24) = 0 [pid 320] write(4, 0x20000f80, 9 [pid 324] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 319] <... futex resumed>) = ? [ 26.869439][ T320] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.892171][ T324] EXT4-fs error (device loop0): ext4_mb_generate_buddy:747: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.907244][ T320] ------------[ cut here ]------------ [ 26.912697][ T320] kernel BUG at fs/ext4/inode.c:2837! [ 26.918887][ T320] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 26.924942][ T320] CPU: 0 PID: 320 Comm: syz-executor252 Not tainted 5.4.210-syzkaller-00006-gc80a5b2e7f63 #0 [ 26.935058][ T320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 26.945103][ T320] RIP: 0010:ext4_writepages+0x3a2b/0x3a50 [ 26.950787][ T320] Code: 94 c3 40 0f 94 c6 31 ff e8 f2 9f a0 ff 84 db 75 2e e8 59 9d a0 ff 48 bb 00 00 00 00 00 fc ff df e9 a9 f6 ff ff e8 45 9d a0 ff <0f> 0b e8 3e 9d a0 ff 0f 0b e8 37 9d a0 ff e8 62 a5 3b ff eb a3 e8 [ 26.970360][ T320] RSP: 0018:ffff8881dc90f460 EFLAGS: 00010293 [ 26.976410][ T320] RAX: ffffffff81c4a22b RBX: 0000010000000000 RCX: ffff8881dcf60fc0 [ 26.984347][ T320] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 26.992287][ T320] RBP: ffff8881dc90f830 R08: ffffffff81c470f7 R09: ffffed103cc0600b [ 27.000225][ T320] R10: ffffed103cc0600b R11: 1ffff1103cc0600a R12: ffff8881e6030100 [ 27.008166][ T320] R13: ffff8881dc90f9a0 R14: 0000010410000000 R15: 0000000000000001 [ 27.016104][ T320] FS: 00007fa3abac0700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 27.024998][ T320] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.031548][ T320] CR2: 0000000020000204 CR3: 00000001dc8d9000 CR4: 00000000003406f0 [ 27.039491][ T320] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.047429][ T320] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.055365][ T320] Call Trace: [ 27.058628][ T320] ? __ext4_handle_dirty_metadata+0x27d/0x620 [ 27.064661][ T320] ? ext4_mark_iloc_dirty+0x24af/0x3440 [ 27.070173][ T320] ? ext4_chunk_trans_blocks+0x2a0/0x2a0 [ 27.075771][ T320] ? ext4_readpage+0x2c0/0x2c0 [ 27.080502][ T320] ? ext4_reserve_inode_write+0x19c/0x220 [ 27.086189][ T320] ? ext4_mark_inode_dirty+0x4ca/0x780 [ 27.091613][ T320] ? ext4_blocks_for_truncate+0x220/0x220 [ 27.097301][ T320] ? __ext4_journal_start_sb+0x290/0x440 [ 27.102911][ T320] ? iov_iter_advance+0x263/0xb20 [ 27.107903][ T320] ? ext4_readpage+0x2c0/0x2c0 [ 27.112633][ T320] do_writepages+0x13a/0x280 [ 27.117190][ T320] ? debug_smp_processor_id+0x20/0x20 [ 27.122526][ T320] ? __writepage+0x110/0x110 [ 27.127082][ T320] ? balance_dirty_pages_ratelimited+0x363/0x520 [ 27.133375][ T320] ? ext4_da_write_begin+0xf80/0xf80 [ 27.138626][ T320] file_write_and_wait_range+0x33f/0x410 [ 27.144226][ T320] ? __filemap_set_wb_err+0x160/0x160 [ 27.149566][ T320] ? grab_cache_page_write_begin+0x90/0x90 [ 27.155344][ T320] ? file_remove_privs+0x640/0x640 [ 27.160424][ T320] __generic_file_fsync+0x6e/0x190 [ 27.165503][ T320] ext4_sync_file+0x266/0xc70 [ 27.170147][ T320] ext4_file_write_iter+0xa05/0x10e0 [ 27.175398][ T320] ? ext4_file_read_iter+0x140/0x140 [ 27.180649][ T320] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 27.185728][ T320] ? _raw_spin_lock_irqsave+0x210/0x210 [ 27.191240][ T320] ? cgroup_update_frozen+0x139/0x360 [ 27.196578][ T320] ? cgroup_update_frozen+0x139/0x360 [ 27.201925][ T320] ? cgroup_leave_frozen+0x13b/0x290 [ 27.207180][ T320] ? iov_iter_init+0x83/0x160 [ 27.211825][ T320] __vfs_write+0x5e3/0x780 [ 27.216209][ T320] ? __kernel_write+0x340/0x340 [ 27.221032][ T320] ? check_preemption_disabled+0x9e/0x330 [ 27.226718][ T320] ? debug_smp_processor_id+0x20/0x20 [ 27.232061][ T320] ? selinux_file_permission+0x2c2/0x530 [ 27.237660][ T320] vfs_write+0x210/0x4f0 [ 27.241870][ T320] ksys_write+0x198/0x2c0 [ 27.246167][ T320] ? do_syscall_64+0x1c0/0x1c0 [ 27.250903][ T320] ? __ia32_sys_read+0x80/0x80 [ 27.255639][ T320] do_syscall_64+0xcb/0x1c0 [ 27.260120][ T320] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 27.265985][ T320] RIP: 0033:0x7fa3abb14879 [ 27.270479][ T320] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 27.290066][ T320] RSP: 002b:00007fa3abac02f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 27.298463][ T320] RAX: ffffffffffffffda RBX: 00007fa3abb997a0 RCX: 00007fa3abb14879 [ 27.306414][ T320] RDX: 0000000000000009 RSI: 0000000020000f80 RDI: 0000000000000004 [ 27.314370][ T320] RBP: 00007fa3abb66908 R08: 0000000000000000 R09: 0000000000000000 [ 27.322315][ T320] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3abb661a0 [ 27.330256][ T320] R13: 0000000020000800 R14: 0030656c69662f2e R15: 00007fa3abb997a8 [ 27.338199][ T320] Modules linked in: [ 27.342159][ T320] ---[ end trace 5033c555afb9c602 ]--- [ 27.347618][ T320] RIP: 0010:ext4_writepages+0x3a2b/0x3a50 [ 27.353349][ T320] Code: 94 c3 40 0f 94 c6 31 ff e8 f2 9f a0 ff 84 db 75 2e e8 59 9d a0 ff 48 bb 00 00 00 00 00 fc ff df e9 a9 f6 ff ff e8 45 9d a0 ff <0f> 0b e8 3e 9d a0 ff 0f 0b e8 37 9d a0 ff e8 62 a5 3b ff eb a3 e8 [ 27.372963][ T320] RSP: 0018:ffff8881dc90f460 EFLAGS: 00010293 [ 27.379025][ T320] RAX: ffffffff81c4a22b RBX: 0000010000000000 RCX: ffff8881dcf60fc0 [ 27.386984][ T320] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 27.394965][ T320] RBP: ffff8881dc90f830 R08: ffffffff81c470f7 R09: ffffed103cc0600b [ 27.402934][ T320] R10: ffffed103cc0600b R11: 1ffff1103cc0600a R12: ffff8881e6030100 [ 27.410988][ T320] R13: ffff8881dc90f9a0 R14: 0000010410000000 R15: 0000000000000001 [ 27.418952][ T320] FS: 00007fa3abac0700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 27.427851][ T320] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.434552][ T320] CR2: 0000000020000204 CR3: 00000001dc8d9000 CR4: 00000000003406f0 [ 27.442528][ T320] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.450500][ T320] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.458473][ T320] Kernel panic - not syncing: Fatal exception [ 27.464684][ T320] Kernel Offset: disabled [ 27.468989][ T320] Rebooting in 86400 seconds..