./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1371931978 <...> [ 7.446549][ T22] audit: type=1400 audit(1679192386.690:67): avc: denied { read write } for pid=234 comm="getty" name="utmp" dev="tmpfs" ino=10310 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 7.451514][ T22] audit: type=1400 audit(1679192386.690:68): avc: denied { open } for pid=234 comm="getty" path="/run/utmp" dev="tmpfs" ino=10310 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 7.455065][ T22] audit: type=1400 audit(1679192386.690:69): avc: denied { lock } for pid=234 comm="getty" path="/run/utmp" dev="tmpfs" ino=10310 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 7.458462][ T22] audit: type=1400 audit(1679192386.690:70): avc: denied { read } for pid=234 comm="getty" name="log" dev="sda1" ino=1125 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 syzkaller syzkaller login: [ 14.720339][ T22] audit: type=1400 audit(1679192393.960:71): avc: denied { transition } for pid=265 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.726420][ T22] audit: type=1400 audit(1679192393.970:72): avc: denied { write } for pid=265 comm="sh" path="pipe:[9622]" dev="pipefs" ino=9622 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts. execve("./syz-executor1371931978", ["./syz-executor1371931978"], 0x7ffd9dc94a70 /* 10 vars */) = 0 brk(NULL) = 0x555556973000 brk(0x555556973c40) = 0x555556973c40 arch_prctl(ARCH_SET_FS, 0x555556973300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555569735d0) = 304 set_robust_list(0x5555569735e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f02b23b35e0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f02b23b3cb0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f02b23b3680, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02b23b3cb0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1371931978", 4096) = 28 brk(0x555556994c40) = 0x555556994c40 brk(0x555556995000) = 0x555556995000 mprotect(0x7f02b2475000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 304 mkdir("./syzkaller.3BmZ0b", 0700) = 0 chmod("./syzkaller.3BmZ0b", 0777) = 0 chdir("./syzkaller.3BmZ0b") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569735d0) = 305 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x5555569735e0, 24) = 0 [pid 305] chdir("./0") = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 305] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02b2382000 [pid 305] mprotect(0x7f02b2383000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 305] clone(child_stack=0x7f02b23a23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[306], tls=0x7f02b23a2700, child_tidptr=0x7f02b23a29d0) = 306 [pid 305] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 21.860999][ T22] audit: type=1400 audit(1679192401.100:73): avc: denied { execmem } for pid=304 comm="syz-executor137" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.884503][ T22] audit: type=1400 audit(1679192401.130:74): avc: denied { read write } for pid=304 comm="syz-executor137" name="loop0" dev="devtmpfs" ino=1155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 305] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x7f02b23a29e0, 24) = 0 [pid 306] memfd_create("syzkaller", 0) = 3 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02a9f82000 [pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 306] munmap(0x7f02a9f82000, 1048576) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 306] close(3) = 0 [pid 306] mkdir("./bus", 0777) = 0 [ 21.915264][ T22] audit: type=1400 audit(1679192401.130:75): avc: denied { open } for pid=304 comm="syz-executor137" path="/dev/loop0" dev="devtmpfs" ino=1155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.940191][ T22] audit: type=1400 audit(1679192401.150:76): avc: denied { ioctl } for pid=304 comm="syz-executor137" path="/dev/loop0" dev="devtmpfs" ino=1155 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.966270][ T22] audit: type=1400 audit(1679192401.180:77): avc: denied { mounton } for pid=305 comm="syz-executor137" path="/root/syzkaller.3BmZ0b/0/bus" dev="sda1" ino=1141 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 21.995836][ T306] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 306] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue") = 0 [pid 306] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 306] chdir("./bus") = 0 [pid 306] ioctl(4, LOOP_CLR_FD) = 0 [pid 306] close(4) = 0 [pid 306] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 1 [pid 306] chdir("./file0") = 0 [pid 306] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 1 [pid 306] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 306] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] futex(0x7f02b247b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 305] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 0 [pid 306] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 306] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.005128][ T22] audit: type=1400 audit(1679192401.250:78): avc: denied { mount } for pid=305 comm="syz-executor137" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 22.005147][ T306] ext4 filesystem being mounted at /root/syzkaller.3BmZ0b/0/bus supports timestamps until 2038 (0x7fffffff) [pid 305] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 1 [pid 306] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 306] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 1 [pid 306] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 306] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02aa061000 [pid 305] mprotect(0x7f02aa062000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 305] clone(child_stack=0x7f02aa0813f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[311], tls=0x7f02aa081700, child_tidptr=0x7f02aa0819d0) = 311 [pid 305] futex(0x7f02b247b7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f02b247b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 1 [pid 306] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 306] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f02b247b7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x7f02aa0819e0, 24) = 0 [pid 311] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 311] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] exit_group(0 [pid 306] <... futex resumed>) = ? [pid 305] <... exit_group resumed>) = ? [pid 306] +++ exited with 0 +++ [pid 311] <... futex resumed>) = ? [ 22.045151][ T22] audit: type=1400 audit(1679192401.290:79): avc: denied { write } for pid=305 comm="syz-executor137" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.067628][ T22] audit: type=1400 audit(1679192401.290:80): avc: denied { add_name } for pid=305 comm="syz-executor137" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.088705][ T22] audit: type=1400 audit(1679192401.290:81): avc: denied { create } for pid=305 comm="syz-executor137" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 311] +++ exited with 0 +++ [pid 305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556974620 /* 4 entries */, 32768) = 104 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 22.109180][ T22] audit: type=1400 audit(1679192401.310:82): avc: denied { read write open } for pid=305 comm="syz-executor137" path="/root/syzkaller.3BmZ0b/0/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.135253][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 22.148484][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555697c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555697c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 getdents64(3, 0x555556974620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569735d0) = 313 ./strace-static-x86_64: Process 313 attached [pid 313] set_robust_list(0x5555569735e0, 24) = 0 [pid 313] chdir("./1") = 0 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 313] setpgid(0, 0) = 0 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 313] write(3, "1000", 4) = 4 [pid 313] close(3) = 0 [pid 313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 313] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02b2382000 [pid 313] mprotect(0x7f02b2383000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 313] clone(child_stack=0x7f02b23a23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[314], tls=0x7f02b23a2700, child_tidptr=0x7f02b23a29d0) = 314 ./strace-static-x86_64: Process 314 attached [pid 314] set_robust_list(0x7f02b23a29e0, 24) = 0 [pid 314] futex(0x7f02b247b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 314] <... futex resumed>) = 0 [pid 313] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 314] memfd_create("syzkaller", 0) = 3 [pid 314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02a9f82000 [pid 314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 314] munmap(0x7f02a9f82000, 1048576) = 0 [pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 314] close(3) = 0 [pid 314] mkdir("./bus", 0777) = 0 [pid 314] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue") = 0 [pid 314] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 314] chdir("./bus") = 0 [pid 314] ioctl(4, LOOP_CLR_FD) = 0 [pid 314] close(4) = 0 [pid 314] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 1 [pid 314] chdir("./file0") = 0 [pid 314] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 1 [pid 314] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 314] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 1 [pid 314] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 314] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 1 [pid 314] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 314] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 1 [pid 314] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 314] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02aa061000 [pid 313] mprotect(0x7f02aa062000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 313] clone(child_stack=0x7f02aa0813f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[318], tls=0x7f02aa081700, child_tidptr=0x7f02aa0819d0) = 318 [pid 313] futex(0x7f02b247b7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f02b247b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 1 [pid 314] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 318 attached [pid 318] set_robust_list(0x7f02aa0819e0, 24) = 0 [ 22.255260][ T314] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 22.264322][ T314] ext4 filesystem being mounted at /root/syzkaller.3BmZ0b/1/bus supports timestamps until 2038 (0x7fffffff) [ 22.288164][ T314] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 4 in block_group 0 [pid 318] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 318] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 318] <... futex resumed>) = 1 [ 22.306226][ T314] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 22.316723][ T314] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [ 22.330193][ T314] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 22.340038][ T314] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [pid 318] futex(0x7f02b247b7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 314] <... write resumed>) = 98304 [pid 314] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] exit_group(0 [pid 318] <... futex resumed>) = ? [pid 313] <... exit_group resumed>) = ? [pid 318] +++ exited with 0 +++ [pid 314] <... futex resumed>) = ? [pid 314] +++ exited with 0 +++ [pid 313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556974620 /* 4 entries */, 32768) = 104 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 22.353433][ T314] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 22.363192][ T314] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [ 22.376393][ T314] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 22.397989][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 22.411105][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555697c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555697c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 getdents64(3, 0x555556974620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569735d0) = 319 ./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x5555569735e0, 24) = 0 [pid 319] chdir("./2") = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 319] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02b2382000 [pid 319] mprotect(0x7f02b2383000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 319] clone(child_stack=0x7f02b23a23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[321], tls=0x7f02b23a2700, child_tidptr=0x7f02b23a29d0) = 321 [pid 319] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 321 attached [pid 321] set_robust_list(0x7f02b23a29e0, 24) = 0 [pid 321] memfd_create("syzkaller", 0) = 3 [pid 321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02a9f82000 [pid 321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 321] munmap(0x7f02a9f82000, 1048576) = 0 [pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 321] close(3) = 0 [pid 321] mkdir("./bus", 0777) = 0 [pid 321] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue") = 0 [pid 321] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 321] chdir("./bus") = 0 [pid 321] ioctl(4, LOOP_CLR_FD) = 0 [pid 321] close(4) = 0 [pid 321] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] chdir("./file0") = 0 [pid 321] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 321] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 321] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 321] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 321] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02aa061000 [pid 319] mprotect(0x7f02aa062000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 319] clone(child_stack=0x7f02aa0813f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[325], tls=0x7f02aa081700, child_tidptr=0x7f02aa0819d0) = 325 [pid 319] futex(0x7f02b247b7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f02b247b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 325 attached [ 22.546337][ T321] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 22.556081][ T321] ext4 filesystem being mounted at /root/syzkaller.3BmZ0b/2/bus supports timestamps until 2038 (0x7fffffff) [pid 325] set_robust_list(0x7f02aa0819e0, 24) = 0 [pid 325] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 319] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 319] futex(0x7f02b247b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 325] <... write resumed>) = 1048576 [pid 325] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.608884][ T321] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [ 22.627270][ T321] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 22.637180][ T321] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [pid 325] futex(0x7f02b247b7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 321] <... write resumed>) = 237568 [pid 321] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f02b247b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 319] exit_group(0 [pid 325] <... futex resumed>) = ? [pid 321] <... futex resumed>) = ? [pid 319] <... exit_group resumed>) = ? [pid 325] +++ exited with 0 +++ [pid 321] +++ exited with 0 +++ [pid 319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556974620 /* 4 entries */, 32768) = 104 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 22.650880][ T321] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 22.661994][ T321] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [ 22.675465][ T321] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 22.688468][ T321] syz-executor137 (321) used greatest stack depth: 22200 bytes left [ 22.696789][ T92] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 22.714637][ T92] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555697c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555697c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 getdents64(3, 0x555556974620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569735d0) = 326 ./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x5555569735e0, 24) = 0 [pid 326] chdir("./3") = 0 [pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 326] setpgid(0, 0) = 0 [pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 326] write(3, "1000", 4) = 4 [pid 326] close(3) = 0 [pid 326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 326] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02b2382000 [pid 326] mprotect(0x7f02b2383000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 326] clone(child_stack=0x7f02b23a23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[327], tls=0x7f02b23a2700, child_tidptr=0x7f02b23a29d0) = 327 ./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x7f02b23a29e0, 24) = 0 [pid 327] futex(0x7f02b247b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 326] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 327] <... futex resumed>) = 0 [pid 326] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 327] memfd_create("syzkaller", 0) = 3 [pid 327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02a9f82000 [pid 327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 327] munmap(0x7f02a9f82000, 1048576) = 0 [pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 327] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 327] close(3) = 0 [pid 327] mkdir("./bus", 0777) = 0 [pid 327] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue") = 0 [pid 327] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 327] chdir("./bus") = 0 [pid 327] ioctl(4, LOOP_CLR_FD) = 0 [pid 327] close(4) = 0 [pid 327] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 327] futex(0x7f02b247b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 326] <... futex resumed>) = 0 [pid 326] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 326] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 0 [pid 327] chdir("./file0") = 0 [pid 327] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = 0 [pid 326] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 1 [pid 327] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 327] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = 0 [pid 326] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 1 [pid 327] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 327] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = 0 [pid 326] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 1 [pid 327] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 327] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = 0 [pid 326] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 1 [pid 327] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 327] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = 0 [pid 326] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02aa061000 [pid 326] mprotect(0x7f02aa062000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 326] clone(child_stack=0x7f02aa0813f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 331 attached , parent_tid=[331], tls=0x7f02aa081700, child_tidptr=0x7f02aa0819d0) = 331 [pid 326] futex(0x7f02b247b7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7f02b247b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 1 [pid 327] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 331] set_robust_list(0x7f02aa0819e0, 24) = 0 [pid 331] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [ 22.815029][ T327] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 22.824257][ T327] ext4 filesystem being mounted at /root/syzkaller.3BmZ0b/3/bus supports timestamps until 2038 (0x7fffffff) [ 22.850865][ T327] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [pid 331] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 326] <... futex resumed>) = 0 [ 22.870270][ T327] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 22.880857][ T327] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [ 22.894124][ T327] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 22.903867][ T327] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [pid 331] futex(0x7f02b247b7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] <... write resumed>) = 16384 [pid 327] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] exit_group(0 [pid 331] <... futex resumed>) = ? [pid 326] <... exit_group resumed>) = ? [pid 331] +++ exited with 0 +++ [pid 327] <... futex resumed>) = ? [pid 327] +++ exited with 0 +++ [pid 326] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=326, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556974620 /* 4 entries */, 32768) = 104 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 22.917191][ T327] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 22.936927][ T92] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 22.950316][ T92] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555697c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555697c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 getdents64(3, 0x555556974620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569735d0) = 332 ./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x5555569735e0, 24) = 0 [pid 332] chdir("./4") = 0 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 332] setpgid(0, 0) = 0 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 332] write(3, "1000", 4) = 4 [pid 332] close(3) = 0 [pid 332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 332] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02b2382000 [pid 332] mprotect(0x7f02b2383000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 332] clone(child_stack=0x7f02b23a23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x7f02b23a29e0, 24) = 0 [pid 333] futex(0x7f02b247b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 332] <... clone resumed>, parent_tid=[333], tls=0x7f02b23a2700, child_tidptr=0x7f02b23a29d0) = 333 [pid 332] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] <... futex resumed>) = 0 [pid 333] memfd_create("syzkaller", 0) = 3 [pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02a9f82000 [pid 332] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 333] munmap(0x7f02a9f82000, 1048576) = 0 [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 333] close(3) = 0 [pid 333] mkdir("./bus", 0777) = 0 [pid 333] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue") = 0 [pid 333] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 333] chdir("./bus") = 0 [pid 333] ioctl(4, LOOP_CLR_FD) = 0 [pid 333] close(4) = 0 [pid 333] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] chdir("./file0") = 0 [pid 333] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 333] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 333] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 333] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 333] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02aa061000 [pid 332] mprotect(0x7f02aa062000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 332] clone(child_stack=0x7f02aa0813f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 337 attached , parent_tid=[337], tls=0x7f02aa081700, child_tidptr=0x7f02aa0819d0) = 337 [pid 337] set_robust_list(0x7f02aa0819e0, 24 [pid 332] futex(0x7f02b247b7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] <... set_robust_list resumed>) = 0 [pid 332] <... futex resumed>) = 0 [pid 337] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 332] futex(0x7f02b247b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 23.105326][ T333] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.114621][ T333] ext4 filesystem being mounted at /root/syzkaller.3BmZ0b/4/bus supports timestamps until 2038 (0x7fffffff) [pid 333] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 337] <... write resumed>) = 1048576 [pid 337] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 337] <... futex resumed>) = 1 [ 23.143347][ T333] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [ 23.162165][ T333] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 23.171898][ T333] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:430: comm syz-executor137: Invalid block bitmap block 0 in block_group 0 [ 23.185843][ T333] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [pid 337] futex(0x7f02b247b7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 333] <... write resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 333] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] exit_group(0 [pid 337] <... futex resumed>) = ? [pid 332] <... exit_group resumed>) = ? [pid 337] +++ exited with 0 +++ [pid 333] +++ exited with 0 +++ [pid 332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556974620 /* 4 entries */, 32768) = 104 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 23.199022][ T333] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 23.208587][ T333] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [ 23.221772][ T333] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 23.231267][ T333] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [ 23.244436][ T333] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 23.262491][ T92] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555697c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555697c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 getdents64(3, 0x555556974620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569735d0) = 338 ./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x5555569735e0, 24) = 0 [pid 338] chdir("./5") = 0 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 338] setpgid(0, 0) = 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 338] write(3, "1000", 4) = 4 [pid 338] close(3) = 0 [pid 338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 338] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02b2382000 [pid 338] mprotect(0x7f02b2383000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 338] clone(child_stack=0x7f02b23a23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[339], tls=0x7f02b23a2700, child_tidptr=0x7f02b23a29d0) = 339 [pid 338] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x7f02b23a29e0, 24) = 0 [pid 339] memfd_create("syzkaller", 0) = 3 [pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02a9f82000 [pid 339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 339] munmap(0x7f02a9f82000, 1048576) = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 339] close(3) = 0 [pid 339] mkdir("./bus", 0777) = 0 [pid 339] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue") = 0 [pid 339] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 339] chdir("./bus") = 0 [pid 339] ioctl(4, LOOP_CLR_FD) = 0 [pid 339] close(4) = 0 [pid 339] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] chdir("./file0") = 0 [pid 339] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 339] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 339] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 339] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 339] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02aa061000 [pid 338] mprotect(0x7f02aa062000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 338] clone(child_stack=0x7f02aa0813f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[343], tls=0x7f02aa081700, child_tidptr=0x7f02aa0819d0) = 343 [pid 338] futex(0x7f02b247b7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f02b247b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x7f02aa0819e0, 24) = 0 [pid 343] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 23.355373][ T339] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.364593][ T339] ext4 filesystem being mounted at /root/syzkaller.3BmZ0b/5/bus supports timestamps until 2038 (0x7fffffff) [ 23.392121][ T339] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [pid 339] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 343] <... write resumed>) = 1048576 [pid 343] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = 0 [pid 343] <... futex resumed>) = 1 [ 23.409389][ T339] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 23.419171][ T339] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:430: comm syz-executor137: Invalid block bitmap block 0 in block_group 0 [ 23.433205][ T339] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [ 23.446402][ T339] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [pid 343] futex(0x7f02b247b7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] <... write resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 339] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7f02b247b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] exit_group(0 [pid 343] <... futex resumed>) = ? [pid 338] <... exit_group resumed>) = ? [pid 343] +++ exited with 0 +++ [pid 339] <... futex resumed>) = ? [pid 339] +++ exited with 0 +++ [pid 338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556974620 /* 4 entries */, 32768) = 104 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 23.456190][ T339] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [ 23.469416][ T339] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 23.479008][ T339] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [ 23.492146][ T339] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 23.513513][ T92] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555697c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555697c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 getdents64(3, 0x555556974620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569735d0) = 344 ./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x5555569735e0, 24) = 0 [pid 344] chdir("./6") = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 344] setpgid(0, 0) = 0 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 344] write(3, "1000", 4) = 4 [pid 344] close(3) = 0 [pid 344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 344] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02b2382000 [pid 344] mprotect(0x7f02b2383000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 344] clone(child_stack=0x7f02b23a23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 345 attached , parent_tid=[345], tls=0x7f02b23a2700, child_tidptr=0x7f02b23a29d0) = 345 [pid 345] set_robust_list(0x7f02b23a29e0, 24) = 0 [pid 345] futex(0x7f02b247b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 344] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] <... futex resumed>) = 0 [pid 345] memfd_create("syzkaller", 0) = 3 [pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02a9f82000 [pid 344] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 345] munmap(0x7f02a9f82000, 1048576) = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 345] close(3) = 0 [pid 345] mkdir("./bus", 0777) = 0 [pid 345] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue") = 0 [pid 345] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 345] chdir("./bus") = 0 [pid 345] ioctl(4, LOOP_CLR_FD) = 0 [pid 345] close(4) = 0 [pid 345] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 1 [pid 345] chdir("./file0") = 0 [pid 345] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 1 [pid 345] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 345] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 1 [pid 345] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 345] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 1 [pid 345] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 345] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 345] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 345] <... futex resumed>) = 1 [pid 344] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02aa061000 [pid 344] mprotect(0x7f02aa062000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 344] clone(child_stack=0x7f02aa0813f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 349 attached , parent_tid=[349], tls=0x7f02aa081700, child_tidptr=0x7f02aa0819d0) = 349 [pid 349] set_robust_list(0x7f02aa0819e0, 24 [pid 344] futex(0x7f02b247b7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... set_robust_list resumed>) = 0 [pid 344] <... futex resumed>) = 0 [pid 349] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 344] futex(0x7f02b247b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 23.645280][ T345] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.654395][ T345] ext4 filesystem being mounted at /root/syzkaller.3BmZ0b/6/bus supports timestamps until 2038 (0x7fffffff) [pid 345] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 349] <... write resumed>) = 1048576 [pid 349] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] futex(0x7f02b247b7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 344] <... futex resumed>) = 0 [ 23.683145][ T345] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [ 23.702194][ T345] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 23.712360][ T345] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:430: comm syz-executor137: Invalid block bitmap block 0 in block_group 0 [ 23.726921][ T345] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [pid 345] <... write resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 345] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7f02b247b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 344] exit_group(0 [pid 349] <... futex resumed>) = ? [pid 345] <... futex resumed>) = 230 [pid 344] <... exit_group resumed>) = ? [pid 349] +++ exited with 0 +++ [ 23.740242][ T345] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 23.749942][ T345] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [ 23.763232][ T345] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [ 23.772903][ T345] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm syz-executor137: Invalid inode table block 0 in block_group 0 [ 23.786065][ T345] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6071: Corrupt filesystem [pid 345] +++ exited with 0 +++ [pid 344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556974620 /* 4 entries */, 32768) = 104 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 23.804472][ T92] EXT4-fs error (device loop0): __ext4_get_inode_loc:4715: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555697c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555697c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 getdents64(3, 0x555556974620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 350 attached , child_tidptr=0x5555569735d0) = 350 [pid 350] set_robust_list(0x5555569735e0, 24) = 0 [pid 350] chdir("./7") = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 350] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02b2382000 [pid 350] mprotect(0x7f02b2383000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 350] clone(child_stack=0x7f02b23a23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[351], tls=0x7f02b23a2700, child_tidptr=0x7f02b23a29d0) = 351 ./strace-static-x86_64: Process 351 attached [pid 351] set_robust_list(0x7f02b23a29e0, 24) = 0 [pid 351] futex(0x7f02b247b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] <... futex resumed>) = 0 [pid 351] memfd_create("syzkaller", 0 [pid 350] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 351] <... memfd_create resumed>) = 3 [pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02a9f82000 [pid 351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 351] munmap(0x7f02a9f82000, 1048576) = 0 [pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 351] close(3) = 0 [pid 351] mkdir("./bus", 0777) = 0 [pid 351] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue") = 0 [pid 351] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 351] chdir("./bus") = 0 [pid 351] ioctl(4, LOOP_CLR_FD) = 0 [pid 351] close(4) = 0 [pid 351] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] chdir("./file0") = 0 [pid 351] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 351] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 351] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 351] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f02b247b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 351] futex(0x7f02b247b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 350] <... futex resumed>) = 0 [pid 351] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 350] futex(0x7f02b247b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02aa061000 [pid 350] mprotect(0x7f02aa062000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 350] clone(child_stack=0x7f02aa0813f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[355], tls=0x7f02aa081700, child_tidptr=0x7f02aa0819d0) = 355 [pid 350] futex(0x7f02b247b7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f02b247b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x7f02aa0819e0, 24) = 0 [ 23.915762][ T351] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.924884][ T351] ext4 filesystem being mounted at /root/syzkaller.3BmZ0b/7/bus supports timestamps until 2038 (0x7fffffff) [pid 355] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 355] futex(0x7f02b247b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] futex(0x7f02b247b7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] <... futex resumed>) = 0 [ 23.952481][ T351] EXT4-fs error (device loop0): ext4_map_blocks:739: inode #19: block 224: comm syz-executor137: lblock 32 mapped to illegal pblock 224 (length 1) [ 23.967799][ T351] ------------[ cut here ]------------ [ 23.973268][ T351] kernel BUG at fs/ext4/ext4.h:2980! [ 23.978684][ T351] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 23.984762][ T351] CPU: 0 PID: 351 Comm: syz-executor137 Not tainted 5.4.225-syzkaller-00003-gf4e4be09c27c #0 [ 23.994886][ T351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 24.004939][ T351] RIP: 0010:ext4_mb_load_buddy_gfp+0xf29/0xf40 [ 24.011085][ T351] Code: ff e8 1b 1b ce ff e9 0a f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 52 f3 ff ff e8 21 1b ce ff e9 48 f3 ff ff e8 77 99 a0 ff <0f> 0b e8 70 99 a0 ff 0f 0b e8 69 99 a0 ff 0f 0b e8 62 99 a0 ff 0f [ 24.030858][ T351] RSP: 0018:ffff8881debbf0e8 EFLAGS: 00010293 [ 24.036911][ T351] RAX: ffffffff81c29d89 RBX: 0000000000000001 RCX: ffff8881f36c8fc0 [ 24.044875][ T351] RDX: 0000000000000000 RSI: 00000000fffffac6 RDI: 0000000000000001 [ 24.052828][ T351] RBP: ffff8881db6b2000 R08: ffffffff81c28f32 R09: ffffed103cc6a5ea [pid 350] exit_group(0 [pid 355] <... futex resumed>) = ? [pid 350] <... exit_group resumed>) = ? [pid 355] +++ exited with 0 +++ [ 24.060778][ T351] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1103b6d6e7e [ 24.068733][ T351] R13: dffffc0000000000 R14: 00000000fffffac6 R15: ffff8881db6b73f0 [ 24.076697][ T351] FS: 00007f02b23a2700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 24.085614][ T351] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.092175][ T351] CR2: 0000000020020000 CR3: 00000001f1fc3000 CR4: 00000000003406f0 [ 24.100130][ T351] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.108087][ T351] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.116048][ T351] Call Trace: [ 24.119324][ T351] ? ext4_get_group_number+0xdd/0x190 [ 24.124693][ T351] ext4_discard_preallocations+0x603/0xb90 [ 24.130490][ T351] ? ext4_exit_mballoc+0xf0/0xf0 [ 24.135417][ T351] ? __ext4_journal_start_sb+0x295/0x460 [ 24.141030][ T351] ext4_truncate+0xa12/0x12c0 [ 24.145691][ T351] ? ext4_mark_inode_dirty+0x7a0/0x7a0 [ 24.151176][ T351] ? ext4_should_dioread_nolock+0x94/0x500 [ 24.156967][ T351] ? __ext4_journal_stop+0x2f/0x190 [ 24.162145][ T351] ext4_write_begin+0xd5e/0x1900 [ 24.167085][ T351] ? ext4_readpages+0x110/0x110 [ 24.171927][ T351] ? finish_fault+0x230/0x230 [ 24.176598][ T351] ? up_read+0x6f/0x1b0 [ 24.180754][ T351] ? down_write_trylock+0x130/0x130 [ 24.185939][ T351] ext4_da_write_begin+0x4a3/0xfe0 [ 24.191095][ T351] ? __do_page_fault+0x725/0xbb0 [ 24.196015][ T351] ? ext4_set_page_dirty+0x190/0x190 [ 24.201288][ T351] ? page_fault+0x2f/0x40 [ 24.205607][ T351] ? iov_iter_advance+0xb6/0xb20 [ 24.210521][ T351] ? iov_iter_fault_in_readable+0x1a2/0x4c0 [ 24.216391][ T351] ? iov_iter_fault_in_readable+0x1db/0x4c0 [ 24.222274][ T351] ? iov_iter_fault_in_readable+0x313/0x4c0 [ 24.228148][ T351] ? asan.module_dtor+0x20/0x20 [ 24.232990][ T351] ? balance_dirty_pages_ratelimited+0x36c/0x530 [ 24.239312][ T351] generic_perform_write+0x2c7/0x560 [ 24.244580][ T351] ? grab_cache_page_write_begin+0x90/0x90 [ 24.250364][ T351] ? file_remove_privs+0x640/0x640 [ 24.255463][ T351] ? __schedule+0xb03/0x12a0 [ 24.260042][ T351] ? debug_smp_processor_id+0x20/0x20 [ 24.265416][ T351] ? down_write_trylock+0xd7/0x130 [ 24.270508][ T351] __generic_file_write_iter+0x239/0x490 [ 24.276251][ T351] ext4_file_write_iter+0x499/0x10e0 [ 24.281519][ T351] ? ext4_file_read_iter+0x140/0x140 [ 24.286781][ T351] ? retint_kernel+0x1b/0x1b [ 24.291364][ T351] ? iov_iter_init+0x82/0x160 [ 24.296035][ T351] __vfs_write+0x5d3/0x750 [ 24.300432][ T351] ? __kernel_write+0x350/0x350 [ 24.305260][ T351] ? check_preemption_disabled+0x9f/0x320 [ 24.310960][ T351] ? debug_smp_processor_id+0x20/0x20 [ 24.316311][ T351] ? selinux_file_permission+0x2be/0x530 [ 24.321925][ T351] vfs_write+0x206/0x4e0 [ 24.326154][ T351] ksys_write+0x199/0x2c0 [ 24.330463][ T351] ? do_syscall_64+0x1c0/0x1c0 [ 24.335216][ T351] ? __ia32_sys_read+0x80/0x80 [ 24.340057][ T351] do_syscall_64+0xca/0x1c0 [ 24.344553][ T351] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 24.350420][ T351] Modules linked in: [ 24.354648][ T351] ---[ end trace 9a2936a5f4735437 ]--- [ 24.360109][ T351] RIP: 0010:ext4_mb_load_buddy_gfp+0xf29/0xf40 [ 24.366277][ T351] Code: ff e8 1b 1b ce ff e9 0a f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 52 f3 ff ff e8 21 1b ce ff e9 48 f3 ff ff e8 77 99 a0 ff <0f> 0b e8 70 99 a0 ff 0f 0b e8 69 99 a0 ff 0f 0b e8 62 99 a0 ff 0f [ 24.385890][ T351] RSP: 0018:ffff8881debbf0e8 EFLAGS: 00010293 [ 24.391937][ T351] RAX: ffffffff81c29d89 RBX: 0000000000000001 RCX: ffff8881f36c8fc0 [ 24.399939][ T351] RDX: 0000000000000000 RSI: 00000000fffffac6 RDI: 0000000000000001 [ 24.407924][ T351] RBP: ffff8881db6b2000 R08: ffffffff81c28f32 R09: ffffed103cc6a5ea [ 24.416083][ T351] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1103b6d6e7e [ 24.424158][ T351] R13: dffffc0000000000 R14: 00000000fffffac6 R15: ffff8881db6b73f0 [ 24.432135][ T351] FS: 00007f02b23a2700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 24.441072][ T351] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.447672][ T351] CR2: 0000000020020000 CR3: 00000001f1fc3000 CR4: 00000000003406f0 [ 24.455660][ T351] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.463641][ T351] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.471592][ T351] Kernel panic - not syncing: Fatal exception [ 24.477899][ T351] Kernel Offset: disabled [ 24.482213][ T351] Rebooting in 86400 seconds..