./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor689085739 <...> Warning: Permanently added '10.128.0.230' (ED25519) to the list of known hosts. execve("./syz-executor689085739", ["./syz-executor689085739"], 0x7ffe7db403b0 /* 10 vars */) = 0 brk(NULL) = 0x55557e364000 brk(0x55557e364d00) = 0x55557e364d00 arch_prctl(ARCH_SET_FS, 0x55557e364380) = 0 set_tid_address(0x55557e364650) = 290 set_robust_list(0x55557e364660, 24) = 0 rseq(0x55557e364ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor689085739", 4096) = 27 getrandom("\xd3\x31\x67\x51\x37\xe5\x14\xb7", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557e364d00 brk(0x55557e385d00) = 0x55557e385d00 brk(0x55557e386000) = 0x55557e386000 mprotect(0x7f771941f000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.CtDFkG", 0700) = 0 chmod("./syzkaller.CtDFkG", 0777) = 0 chdir("./syzkaller.CtDFkG") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e364650) = 292 ./strace-static-x86_64: Process 292 attached [pid 292] set_robust_list(0x55557e364660, 24) = 0 [pid 292] chdir("./0") = 0 [pid 292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 292] setpgid(0, 0) = 0 [pid 292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 292] write(3, "1000", 4) = 4 [pid 292] close(3) = 0 [pid 292] symlink("/dev/binderfs", "./binderfs") = 0 [pid 292] write(1, "executing program\n", 18executing program ) = 18 [pid 292] memfd_create("syzkaller", 0) = 3 [pid 292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7710f6c000 [pid 292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 292] munmap(0x7f7710f6c000, 138412032) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.002799][ T28] audit: type=1400 audit(1753022595.971:64): avc: denied { execmem } for pid=290 comm="syz-executor689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 292] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 292] close(3) = 0 [pid 292] close(4) = 0 [pid 292] mkdir("./file1", 0777) = 0 [ 25.030177][ T28] audit: type=1400 audit(1753022595.971:65): avc: denied { read write } for pid=290 comm="syz-executor689" name="loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.038873][ T292] loop0: detected capacity change from 0 to 1024 [ 25.055936][ T28] audit: type=1400 audit(1753022595.971:66): avc: denied { open } for pid=290 comm="syz-executor689" path="/dev/loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.064736][ T292] ======================================================= [ 25.064736][ T292] WARNING: The mand mount option has been deprecated and [ 25.064736][ T292] and is ignored by this kernel. Remove the mand [ 25.064736][ T292] option from the mount to silence this warning. [ 25.064736][ T292] ======================================================= [ 25.125017][ T28] audit: type=1400 audit(1753022595.971:67): avc: denied { ioctl } for pid=290 comm="syz-executor689" path="/dev/loop0" dev="devtmpfs" ino=118 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 292] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0 [pid 292] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 292] chdir("./file1") = 0 [pid 292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 292] ioctl(4, LOOP_CLR_FD) = 0 [pid 292] close(4) = 0 [pid 292] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 25.138536][ T292] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 25.151023][ T28] audit: type=1400 audit(1753022596.031:68): avc: denied { mounton } for pid=292 comm="syz-executor689" path="/root/syzkaller.CtDFkG/0/file1" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 292] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832 [ 25.184980][ T28] audit: type=1400 audit(1753022596.121:69): avc: denied { mount } for pid=292 comm="syz-executor689" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 25.190504][ T292] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor689: Allocating blocks 497-513 which overlap fs metadata [ 25.207109][ T28] audit: type=1400 audit(1753022596.141:70): avc: denied { write } for pid=292 comm="syz-executor689" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.223583][ T292] EXT4-fs (loop0): pa ffff88810fc08000: logic 256, phys. 385, len 8 [pid 292] ftruncate(4, 7) = 0 [pid 292] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 292] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 292] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6 [pid 292] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device) [pid 292] bpf(BPF_MAP_CREATE, NULL, 72) = -1 EFAULT (Bad address) [pid 292] exit_group(0) = ? [pid 292] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=292, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557e3656f0 /* 4 entries */, 32768) = 112 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557e36d730 /* 10 entries */, 32768) = 296 umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 [ 25.244517][ T28] audit: type=1400 audit(1753022596.141:71): avc: denied { add_name } for pid=292 comm="syz-executor689" name="memory.stat" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.252565][ T292] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 getdents64(5, 0x55557e375770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55557e375770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/file1/lost+found") = 0 umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55557e375770 /* 4 entries */, 32768) = 112 umount2("./0/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file0/file0") = 0 umount2("./0/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file0/file1") = 0 getdents64(5, 0x55557e375770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/file1/file0") = 0 umount2("./0/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file1") = 0 umount2("./0/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file2") = 0 umount2("./0/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file3") = 0 umount2("./0/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file.cold") = 0 umount2("./0/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 25.284398][ T28] audit: type=1400 audit(1753022596.141:72): avc: denied { create } for pid=292 comm="syz-executor689" name="memory.stat" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 25.290515][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 3302913836176, count = 16 [ 25.305754][ T28] audit: type=1400 audit(1753022596.141:73): avc: denied { read append open } for pid=292 comm="syz-executor689" path="/root/syzkaller.CtDFkG/0/file1/memory.stat" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 25.320599][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 3302913834894, count = 1283 [ 25.361535][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 3302913834880, count = 16 [ 25.376636][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 2216253864960, count = 16 [ 25.391563][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 2216253850117, count = 14856 [ 25.406896][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 2216253850112, count = 16 [ 25.421874][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 1602174126336, count = 16 [ 25.436768][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 1602174124292, count = 2051 [ 30.191851][ T290] EXT4-fs error: 28005 callbacks suppressed [ 30.191871][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 2220515235584, count = 16 [ 30.212813][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 2220515219974, count = 15621 [ 30.229761][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 2220515219968, count = 16 [ 30.247000][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 5579246471168, count = 16 [ 30.263278][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 5579246470662, count = 517 [ 30.279823][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 5579246470656, count = 16 [ 30.295285][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 5875532399888, count = 16 [ 30.310724][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 5875532395539, count = 4357 [ 30.325860][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 5875532395536, count = 16 [ 30.340823][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 5626498451456, count = 16 [ 35.201780][ T290] EXT4-fs error: 28122 callbacks suppressed [ 35.201799][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 12339843830601, count = 2875 [ 35.222913][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 12339843830592, count = 16 [ 35.237949][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 98787663872, count = 17079 [ 35.253109][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 98787663872, count = 16 [ 35.267912][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 12343924300080, count = 16 [ 35.282830][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 12343924296507, count = 3587 [ 35.298058][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 73216308746576, count = 16 [ 35.313212][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 73216308740377, count = 6208 [ 35.328376][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 73216308740368, count = 16 [ 35.343579][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 12348452968048, count = 16 unlink("./0/file1/memory.stat") = 0 umount2("./0/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/bus") = 0 getdents64(4, 0x55557e36d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = -1 EBUSY (Device or resource busy) umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./0/file1") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x55557e3656f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e364650) = 298 ./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x55557e364660, 24) = 0 [pid 298] chdir("./1") = 0 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 298] setpgid(0, 0) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 298] write(3, "1000", 4) = 4 [pid 298] close(3) = 0 [pid 298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 298] write(1, "executing program\n", 18executing program ) = 18 [pid 298] memfd_create("syzkaller", 0) = 3 [pid 298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7710f6c000 [pid 298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 298] munmap(0x7f7710f6c000, 138412032) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 36.535968][ T28] kauditd_printk_skb: 11 callbacks suppressed [ 36.536006][ T28] audit: type=1400 audit(1753022607.501:85): avc: denied { unmount } for pid=290 comm="syz-executor689" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 36.563038][ T290] EXT4-fs (loop0): unmounting filesystem. [pid 298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 298] close(3) = 0 [pid 298] close(4) = 0 [pid 298] mkdir("./file1", 0777) = 0 [pid 298] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0 [pid 298] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 298] chdir("./file1") = 0 [pid 298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 298] ioctl(4, LOOP_CLR_FD) = 0 [pid 298] close(4) = 0 [pid 298] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 36.589788][ T298] loop0: detected capacity change from 0 to 1024 [ 36.603307][ T298] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 36.625626][ T298] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor689: Allocating blocks 497-513 which overlap fs metadata [pid 298] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832 [pid 298] ftruncate(4, 7) = 0 [pid 298] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 298] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 298] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6 [pid 298] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device) [pid 298] bpf(BPF_MAP_CREATE, NULL, 72) = -1 EFAULT (Bad address) [pid 298] exit_group(0) = ? [pid 298] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557e3656f0 /* 4 entries */, 32768) = 112 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557e36d730 /* 10 entries */, 32768) = 296 umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55557e375770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55557e375770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./1/file1/lost+found") = 0 umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55557e375770 /* 4 entries */, 32768) = 112 umount2("./1/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file0/file0") = 0 umount2("./1/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file0/file1") = 0 getdents64(5, 0x55557e375770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./1/file1/file0") = 0 umount2("./1/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file1") = 0 umount2("./1/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file2") = 0 umount2("./1/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file3") = 0 umount2("./1/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file.cold") = 0 umount2("./1/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 36.640615][ T298] EXT4-fs (loop0): pa ffff8881149ae348: logic 256, phys. 385, len 8 [ 36.648662][ T298] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 36.683334][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 219116346554544, count = 16 [ 36.698457][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 219116346521792, count = 32767 [ 36.713739][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 219116346521792, count = 16 [ 36.728841][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 7918943104, count = 16 [ 36.743819][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 7918929920, count = 13188 [ 36.758920][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 7918929920, count = 16 [ 36.773644][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 158910702947136, count = 16 [ 36.788840][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 158910702944256, count = 2889 unlink("./1/file1/memory.stat") = 0 executing program [ 37.218561][ T287] strace-static-x[287]: segfault at 0 ip 0000000000489320 sp 00007ffe7db3fff8 error 6 in strace-static-x86_64[401000+130000] likely on CPU 0 (core 0, socket 0) [ 37.234771][ T287] Code: 0f 84 00 00 00 00 00 00 00 00 00 00 e9 70 00 00 00 00 00 00 00 00 e9 22 ff ff 00 00 00 00 00 00 00 00 00 00 00 0f 00 00 00 00 <00> 00 00 00 84 c7 00 00 00 00 00 00 00 00 00 00 ec 08 8b 17 00 00 [ 37.256900][ T290] EXT4-fs (loop0): unmounting filesystem. [ 37.271395][ T302] loop0: detected capacity change from 0 to 1024 [ 37.293068][ T302] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. executing program [ 37.313634][ T302] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor689: Allocating blocks 497-513 which overlap fs metadata [ 37.328349][ T302] EXT4-fs (loop0): pa ffff8881149aef18: logic 256, phys. 385, len 8 [ 37.336460][ T302] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 37.360103][ T290] EXT4-fs (loop0): unmounting filesystem. [ 37.375397][ T305] loop0: detected capacity change from 0 to 1024 [ 37.393219][ T305] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 37.415833][ T305] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor689: Allocating blocks 497-513 which overlap fs metadata [ 37.430680][ T305] EXT4-fs (loop0): pa ffff888125cdabd0: logic 256, phys. 385, len 8 [ 37.438860][ T305] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 37.454772][ T290] ================================================================== [ 37.462952][ T290] BUG: KASAN: use-after-free in ext4_ext_remove_space+0x2f43/0x3fb0 [ 37.471230][ T290] Read of size 4 at addr ffff8881255cedb8 by task syz-executor689/290 [ 37.479385][ T290] [ 37.481712][ T290] CPU: 0 PID: 290 Comm: syz-executor689 Not tainted 6.1.141-syzkaller-00039-g145c7fad733f #0 [ 37.491948][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.502025][ T290] Call Trace: [ 37.505316][ T290] [ 37.508339][ T290] __dump_stack+0x21/0x24 [ 37.512682][ T290] dump_stack_lvl+0xee/0x150 [ 37.517289][ T290] ? __cfi_dump_stack_lvl+0x8/0x8 [ 37.522328][ T290] ? ext4_inode_block_valid+0x2d7/0x3f0 [ 37.527967][ T290] ? ext4_ext_remove_space+0x2f43/0x3fb0 [ 37.533627][ T290] print_address_description+0x71/0x210 [ 37.539215][ T290] print_report+0x4a/0x60 [ 37.543911][ T290] kasan_report+0x122/0x150 [ 37.548512][ T290] ? ext4_ext_remove_space+0x2f43/0x3fb0 [ 37.554157][ T290] __asan_report_load4_noabort+0x14/0x20 [ 37.559791][ T290] ext4_ext_remove_space+0x2f43/0x3fb0 [ 37.565253][ T290] ? ext4_es_free_extent+0x3de/0x4c0 [ 37.570555][ T290] ? ext4_es_insert_extent+0x2d70/0x2d70 [ 37.576205][ T290] ? ext4_da_release_space+0x1d6/0x480 [ 37.581707][ T290] ? __cfi_ext4_ext_remove_space+0x10/0x10 [ 37.587536][ T290] ? ext4_es_remove_extent+0x1d9/0x330 [ 37.593005][ T290] ext4_ext_truncate+0x200/0x320 [ 37.597953][ T290] ext4_truncate+0x9a6/0xf90 [ 37.602552][ T290] ? __cfi_ext4_truncate+0x10/0x10 [ 37.607675][ T290] ext4_evict_inode+0xcc3/0x1460 [ 37.612646][ T290] ? _raw_spin_unlock+0x4c/0x70 [ 37.617518][ T290] ? __cfi_ext4_evict_inode+0x10/0x10 [ 37.622906][ T290] ? _raw_spin_unlock+0x4c/0x70 [ 37.627816][ T290] ? inode_io_list_del+0x19b/0x1b0 [ 37.633036][ T290] ? __cfi_ext4_evict_inode+0x10/0x10 [ 37.638523][ T290] evict+0x493/0x890 [ 37.642521][ T290] ? __kasan_check_write+0x14/0x20 [ 37.647656][ T290] ? proc_nr_inodes+0x2f0/0x2f0 [ 37.652522][ T290] ? lockref_put_return+0x152/0x1c0 [ 37.657738][ T290] ? __cfi_lockref_put_return+0x10/0x10 [ 37.663304][ T290] ? __kasan_check_write+0x14/0x20 [ 37.668430][ T290] iput+0x620/0x670 [ 37.672248][ T290] do_unlinkat+0x375/0x6b0 [ 37.676744][ T290] ? __cfi_do_unlinkat+0x10/0x10 [ 37.681687][ T290] ? getname_flags+0x206/0x500 [ 37.686467][ T290] __x64_sys_unlink+0x49/0x50 [ 37.691151][ T290] x64_sys_call+0x958/0x9a0 [ 37.695747][ T290] do_syscall_64+0x4c/0xa0 [ 37.700275][ T290] ? clear_bhb_loop+0x30/0x80 [ 37.704950][ T290] ? clear_bhb_loop+0x30/0x80 [ 37.709673][ T290] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 37.715651][ T290] RIP: 0033:0x7f77193aad17 [ 37.720087][ T290] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 37.739896][ T290] RSP: 002b:00007ffe05f6c0a8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 37.748328][ T290] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f77193aad17 [ 37.756317][ T290] RDX: 00007ffe05f6c0d0 RSI: 00007ffe05f6c160 RDI: 00007ffe05f6c160 [ 37.764373][ T290] RBP: 00007ffe05f6c160 R08: 0000000000000000 R09: 0000000000000000 [ 37.772445][ T290] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe05f6d250 [ 37.780507][ T290] R13: 000055557e36d700 R14: 431bde82d7b634db R15: 00007ffe05f6e2e0 [ 37.788491][ T290] [ 37.791516][ T290] [ 37.793922][ T290] The buggy address belongs to the physical page: [ 37.800325][ T290] page:ffffea0004957380 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1255ce [ 37.810562][ T290] flags: 0x4000000000000000(zone=1) [ 37.815867][ T290] raw: 4000000000000000 ffffea00049573c8 ffffea0004957348 0000000000000000 [ 37.824448][ T290] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 37.833047][ T290] page dumped because: kasan: bad access detected [ 37.839450][ T290] page_owner info is not present (never set?) [ 37.845532][ T290] [ 37.847847][ T290] Memory state around the buggy address: [ 37.853473][ T290] ffff8881255cec80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.861541][ T290] ffff8881255ced00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.869595][ T290] >ffff8881255ced80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.877657][ T290] ^ [ 37.883543][ T290] ffff8881255cee00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.891601][ T290] ffff8881255cee80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.900142][ T290] ================================================================== [ 37.908366][ T290] Disabling lock debugging due to kernel taint [ 37.916082][ T290] EXT4-fs (loop0): unmounting filesystem. [ 37.918706][ T28] audit: type=1400 audit(1753022608.881:86): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 37.943604][ T28] audit: type=1400 audit(1753022608.881:87): avc: denied { search } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 executing program [ 37.964982][ T28] audit: type=1400 audit(1753022608.881:88): avc: denied { write } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 37.974653][ T308] loop0: detected capacity change from 0 to 1024 [ 37.986734][ T28] audit: type=1400 audit(1753022608.881:89): avc: denied { add_name } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 38.013192][ T28] audit: type=1400 audit(1753022608.881:90): avc: denied { create } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 38.014964][ T308] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 38.033867][ T28] audit: type=1400 audit(1753022608.881:91): avc: denied { append open } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 38.065168][ T28] audit: type=1400 audit(1753022608.881:92): avc: denied { getattr } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 38.073962][ T308] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor689: Allocating blocks 497-513 which overlap fs metadata [ 38.102383][ T308] EXT4-fs (loop0): pa ffff888125d2bf18: logic 256, phys. 385, len 8 [ 38.110556][ T308] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 executing program [ 38.133887][ T290] EXT4-fs (loop0): unmounting filesystem. [ 38.149211][ T311] loop0: detected capacity change from 0 to 1024 [ 38.173138][ T311] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 38.193482][ T311] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor689: Allocating blocks 497-513 which overlap fs metadata [ 38.208118][ T311] EXT4-fs (loop0): pa ffff888125d2b9d8: logic 256, phys. 385, len 8 [ 38.216199][ T311] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 executing program [ 38.241678][ T290] EXT4-fs (loop0): unmounting filesystem. [ 38.259716][ T314] loop0: detected capacity change from 0 to 1024 [ 38.283935][ T314] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 38.303451][ T314] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor689: Allocating blocks 497-513 which overlap fs metadata [ 38.318079][ T314] EXT4-fs (loop0): pa ffff888125cac930: logic 256, phys. 385, len 8 [ 38.326116][ T314] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 38.345340][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 2263978, count = 0 [ 38.359689][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 2263968, count = 16 [ 38.374173][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 227633266688, count = 30208 [ 38.389352][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 2263966, count = 0 [ 38.403661][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 2263952, count = 16 [ 38.418194][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 227633266688, count = 30096 [ 38.433764][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 2263946, count = 0 [ 38.448611][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 2263936, count = 16 executing program [ 40.195369][ T290] EXT4-fs (loop0): unmounting filesystem. [ 40.213434][ T317] loop0: detected capacity change from 0 to 1024 [ 40.243438][ T317] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 40.264957][ T317] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor689: Allocating blocks 497-513 which overlap fs metadata [ 40.279730][ T317] EXT4-fs (loop0): pa ffff88810fc82d20: logic 256, phys. 385, len 8 executing program [ 40.287924][ T317] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 40.312890][ T290] EXT4-fs (loop0): unmounting filesystem. [ 40.328409][ T321] loop0: detected capacity change from 0 to 1024 [ 40.343119][ T321] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 40.364227][ T321] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor689: Allocating blocks 497-513 which overlap fs metadata [ 40.378895][ T321] EXT4-fs (loop0): pa ffff888125caca80: logic 256, phys. 385, len 8 executing program [ 40.386952][ T321] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 40.405700][ T290] EXT4-fs (loop0): unmounting filesystem. [ 40.420743][ T324] loop0: detected capacity change from 0 to 1024 [ 40.443027][ T324] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 40.463463][ T324] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor689: Allocating blocks 497-513 which overlap fs metadata [ 40.478421][ T324] EXT4-fs (loop0): pa ffff88810fc82e70: logic 256, phys. 385, len 8 executing program [ 40.486483][ T324] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 40.509692][ T290] EXT4-fs (loop0): unmounting filesystem. [ 40.525262][ T327] loop0: detected capacity change from 0 to 1024 [ 40.543545][ T327] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 40.563318][ T327] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor689: Allocating blocks 497-513 which overlap fs metadata [ 40.577959][ T327] EXT4-fs (loop0): pa ffff888125cac2a0: logic 256, phys. 385, len 8 [ 40.585994][ T327] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 40.604969][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 225176820549648, count = 16 [ 40.620259][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 225176820529993, count = 19660 [ 40.635860][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 225176820529984, count = 16 [ 40.651098][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 40174265775344, count = 16 [ 40.666277][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 40174265756452, count = 18908 [ 40.681490][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 40174265756448, count = 16 [ 40.696486][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 155358849938784, count = 16 [ 40.711597][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 155358849934444, count = 4351 executing program [ 41.897674][ T290] EXT4-fs (loop0): unmounting filesystem. [ 41.926893][ T330] loop0: detected capacity change from 0 to 1024 [ 41.943670][ T330] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 41.964097][ T330] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor689: Allocating blocks 497-513 which overlap fs metadata [ 41.978785][ T330] EXT4-fs (loop0): pa ffff888114bdfbd0: logic 256, phys. 385, len 8 [ 41.986826][ T330] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 42.005126][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 71864489492829, count = 16733 [ 42.020426][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 71864489492816, count = 16 [ 42.035586][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 217704510336320, count = 16 [ 42.050710][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 217704510336325, count = 3 [ 42.065674][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 9336360832, count = 16 [ 42.080292][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 9336356864, count = 3973 [ 42.095155][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 9336356864, count = 16 [ 42.109840][ T290] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor689: Freeing blocks not in datazone - block = 145199959377350, count = 16516 [ 43.669408][ T290] EXT4-fs (loop0): unmounting filesystem. [ 43.682004][ T290] syz-executor689[290]: segfault at 18 ip 00007f77193de8e0 sp 00007ffe05f6db18 error 6 in syz-executor689085739[7f7719375000+7f000] likely on CPU 0 (core 0, socket 0) [ 43.698824][ T290] Code: 7c 24 00 00 00 00 00 00 00 00 20 89 44 24 00 00 00 00 00 00 00 00 24 0c eb c7 00 00 00 00 00 00 00 00 1f 84 00 00 00 00 00 00 <00> 00 00 00 05 f7 c7 02 00 00 00 00 00 00 00 00 48 89 f0 4c 00 00