./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor75825258 <...> DUID 00:04:f8:b5:8a:47:ae:09:95:3a:43:2d:d7:42:86:31:94:89 forked to background, child pid 4645 [ 31.741605][ T4646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.760513][ T4646] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.69' (ECDSA) to the list of known hosts. execve("./syz-executor75825258", ["./syz-executor75825258"], 0x7ffe9d222dd0 /* 10 vars */) = 0 brk(NULL) = 0x555555b97000 brk(0x555555b97c40) = 0x555555b97c40 arch_prctl(ARCH_SET_FS, 0x555555b97300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555b975d0) = 5066 set_robust_list(0x555555b975e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7ff72f437690, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7ff72f437d60}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7ff72f437730, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff72f437d60}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor75825258", 4096) = 26 brk(0x555555bb8c40) = 0x555555bb8c40 brk(0x555555bb9000) = 0x555555bb9000 mprotect(0x7ff72f4fa000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5066 mkdir("./syzkaller.jFpcRf", 0700) = 0 chmod("./syzkaller.jFpcRf", 0777) = 0 chdir("./syzkaller.jFpcRf") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b975d0) = 5067 ./strace-static-x86_64: Process 5067 attached [pid 5067] set_robust_list(0x555555b975e0, 24) = 0 [pid 5067] chdir("./0") = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] futex(0x7ff72f5007ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff72f406000 [pid 5067] mprotect(0x7ff72f407000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5067] clone(child_stack=0x7ff72f4263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5069], tls=0x7ff72f426700, child_tidptr=0x7ff72f4269d0) = 5069 [pid 5067] futex(0x7ff72f5007e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7ff72f5007ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5069 attached [pid 5069] set_robust_list(0x7ff72f4269e0, 24) = 0 [pid 5069] memfd_create("syzkaller", 0) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff727006000 [pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5069] munmap(0x7ff727006000, 1048576) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5069] close(3) = 0 [pid 5069] mkdir("./file0", 0777) = 0 syzkaller login: [ 54.566140][ T5069] loop0: detected capacity change from 0 to 2048 [ 54.587947][ T5070] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5069] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_NODIRATIME, "") = 0 [pid 5069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] chdir("./file0") = 0 [pid 5069] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] close(4) = 0 [pid 5069] futex(0x7ff72f5007ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7ff72f5007e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7ff72f5007ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... futex resumed>) = 1 [pid 5069] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 5069] futex(0x7ff72f5007ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7ff72f5007e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7ff72f5007ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... futex resumed>) = 1 [pid 5069] openat(-1, "/proc/self/exe", O_RDONLY) = 5 [pid 5069] futex(0x7ff72f5007ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7ff72f5007e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7ff72f5007ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... futex resumed>) = 1 [pid 5069] sendfile(4, 5, NULL, 140737974943952 [pid 5067] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5067] futex(0x7ff72f5007fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff7270e5000 [pid 5067] mprotect(0x7ff7270e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5067] clone(child_stack=0x7ff7271053f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5071 attached , parent_tid=[5071], tls=0x7ff727105700, child_tidptr=0x7ff7271059d0) = 5071 [ 54.601165][ T27] audit: type=1800 audit(1671768129.300:2): pid=5069 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor758" name="bus" dev="loop0" ino=18 res=0 errno=0 [pid 5067] futex(0x7ff72f5007f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7ff72f5007fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] set_robust_list(0x7ff7271059e0, 24) = 0 [pid 5071] open(NULL, O_RDONLY|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_LARGEFILE|O_DIRECTORY, 000) = -1 EFAULT (Bad address) [pid 5071] futex(0x7ff72f5007fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7ff72f5007f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7ff72f5007fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5071] futex(0x7ff72f5007fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5071] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5067] futex(0x7ff72f5007f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7ff72f5007fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... open resumed>) = 6 [pid 5071] futex(0x7ff72f5007fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7ff72f5007f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7ff72f5007fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] openat(-1, "/proc/self/exe", O_RDONLY) = 7 [pid 5071] futex(0x7ff72f5007fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7ff72f5007f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7ff72f5007fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] sendfile(6, 7, NULL, 140737974943952 [pid 5067] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 54.791414][ C0] ------------[ cut here ]------------ [ 54.797016][ C0] kernel BUG at mm/filemap.c:1615! [ 54.802134][ C0] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 54.808201][ C0] CPU: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.1.0-syzkaller-14321-g0a924817d2ed #0 [ 54.817750][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 54.827809][ C0] RIP: 0010:folio_end_writeback+0x34d/0x530 [pid 5067] exit_group(0 [pid 5069] <... sendfile resumed>) = ? [pid 5067] <... exit_group resumed>) = ? [pid 5069] +++ exited with 0 +++ [ 54.833741][ C0] Code: 84 87 00 00 00 e8 13 5a d2 ff e9 36 fd ff ff e8 09 5a d2 ff 4c 89 f7 48 c7 c6 20 84 f8 8a e8 ca 3a 10 00 0f 0b e8 f3 59 d2 ff <0f> 0b e8 ec 59 d2 ff 4c 89 f7 48 c7 c6 60 86 f8 8a e8 ad 3a 10 00 [ 54.853480][ C0] RSP: 0018:ffffc90000147b88 EFLAGS: 00010246 [ 54.859564][ C0] RAX: ffffffff81b9813d RBX: 0000000000000082 RCX: ffff88813fefba80 [ 54.867549][ C0] RDX: 0000000080000100 RSI: ffffffff8aedcc60 RDI: ffffffff8b4bbfe0 [ 54.875555][ C0] RBP: 1ffffd40000ed426 R08: dffffc0000000000 R09: fffffbfff1d2cabe [ 54.883534][ C0] R10: fffffbfff1d2cabe R11: 1ffffffff1d2cabd R12: ffffea000076a134 [ 54.891510][ C0] R13: dffffc0000000000 R14: ffffea000076a100 R15: 1ffffd40000ed420 [ 54.899477][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 54.908406][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.914977][ C0] CR2: 00007ff727105718 CR3: 00000000291ab000 CR4: 00000000003506f0 [ 54.922948][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.930920][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.938881][ C0] Call Trace: [ 54.942150][ C0] [ 54.945073][ C0] ? mark_buffer_write_io_error+0x340/0x340 [ 54.950976][ C0] end_bio_bh_io_sync+0xb1/0x110 [ 54.955946][ C0] blk_update_request+0x51c/0x1040 [ 54.961078][ C0] blk_mq_end_request+0x39/0x70 [ 54.966033][ C0] blk_done_softirq+0x119/0x160 [ 54.970898][ C0] __do_softirq+0x277/0x738 [ 54.975446][ C0] ? run_ksoftirqd+0xa2/0x100 [ 54.980195][ C0] ? __lock_text_end+0x6/0x6 [ 54.984776][ C0] ? run_ksoftirqd+0x84/0x100 [ 54.989437][ C0] run_ksoftirqd+0xa2/0x100 [ 54.993929][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 54.999134][ C0] ? smpboot_thread_fn+0x2d9/0xa10 [ 55.004265][ C0] ? takeover_tasklets+0x890/0x890 [ 55.009369][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 55.014559][ C0] smpboot_thread_fn+0x533/0xa10 [ 55.019661][ C0] kthread+0x266/0x300 [ 55.023737][ C0] ? cpu_report_death+0x2a0/0x2a0 [ 55.028768][ C0] ? kthread_blkcg+0xd0/0xd0 [ 55.033402][ C0] ret_from_fork+0x1f/0x30 [ 55.037819][ C0] [ 55.040821][ C0] Modules linked in: [ 55.044773][ C0] ---[ end trace 0000000000000000 ]--- [ 55.050318][ C0] RIP: 0010:folio_end_writeback+0x34d/0x530 [ 55.056237][ C0] Code: 84 87 00 00 00 e8 13 5a d2 ff e9 36 fd ff ff e8 09 5a d2 ff 4c 89 f7 48 c7 c6 20 84 f8 8a e8 ca 3a 10 00 0f 0b e8 f3 59 d2 ff <0f> 0b e8 ec 59 d2 ff 4c 89 f7 48 c7 c6 60 86 f8 8a e8 ad 3a 10 00 [ 55.075883][ C0] RSP: 0018:ffffc90000147b88 EFLAGS: 00010246 [ 55.081972][ C0] RAX: ffffffff81b9813d RBX: 0000000000000082 RCX: ffff88813fefba80 [ 55.089997][ C0] RDX: 0000000080000100 RSI: ffffffff8aedcc60 RDI: ffffffff8b4bbfe0 [ 55.098018][ C0] RBP: 1ffffd40000ed426 R08: dffffc0000000000 R09: fffffbfff1d2cabe [ 55.106043][ C0] R10: fffffbfff1d2cabe R11: 1ffffffff1d2cabd R12: ffffea000076a134 [ 55.114230][ C0] R13: dffffc0000000000 R14: ffffea000076a100 R15: 1ffffd40000ed420 [ 55.122202][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 55.131178][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.137835][ C0] CR2: 00007ff727105718 CR3: 00000000291ab000 CR4: 00000000003506f0 [ 55.145840][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.153869][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 55.161863][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 55.169253][ C0] Kernel Offset: disabled [ 55.173580][ C0] Rebooting in 86400 seconds..