./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1474705570 <...> [ 3.966191][ T100] udevd[100]: starting version 3.2.11 [ 3.995623][ T101] udevd[101]: starting eudev-3.2.11 [ 4.971983][ T130] run-parts (130) used greatest stack depth: 22896 bytes left [ 14.732062][ T28] kauditd_printk_skb: 50 callbacks suppressed [ 14.732075][ T28] audit: type=1400 audit(1688332920.527:61): avc: denied { transition } for pid=228 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.738492][ T28] audit: type=1400 audit(1688332920.547:62): avc: denied { noatsecure } for pid=228 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.744806][ T28] audit: type=1400 audit(1688332920.547:63): avc: denied { write } for pid=228 comm="sh" path="pipe:[13413]" dev="pipefs" ino=13413 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 14.752177][ T28] audit: type=1400 audit(1688332920.547:64): avc: denied { rlimitinh } for pid=228 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.770847][ T28] audit: type=1400 audit(1688332920.547:65): avc: denied { siginh } for pid=228 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.710048][ T229] sshd (229) used greatest stack depth: 22864 bytes left Warning: Permanently added '10.128.0.176' (ECDSA) to the list of known hosts. execve("./syz-executor1474705570", ["./syz-executor1474705570"], 0x7ffe7340b5d0 /* 10 vars */) = 0 brk(NULL) = 0x55555630a000 brk(0x55555630ac40) = 0x55555630ac40 arch_prctl(ARCH_SET_FS, 0x55555630a300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555630a5d0) = 298 set_robust_list(0x55555630a5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fc41b7ae530, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fc41b7aec00}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fc41b7ae5d0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc41b7aec00}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1474705570", 4096) = 28 brk(0x55555632bc40) = 0x55555632bc40 brk(0x55555632c000) = 0x55555632c000 mprotect(0x7fc41b870000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 298 mkdir("./syzkaller.xy3dxJ", 0700) = 0 chmod("./syzkaller.xy3dxJ", 0777) = 0 chdir("./syzkaller.xy3dxJ") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555630a5d0) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x55555630a5e0, 24) = 0 [pid 300] chdir("./0") = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 300] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc41b77d000 [pid 300] mprotect(0x7fc41b77e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 300] clone(child_stack=0x7fc41b79d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[301], tls=0x7fc41b79d700, child_tidptr=0x7fc41b79d9d0) = 301 [pid 300] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x7fc41b79d9e0, 24) = 0 [pid 301] memfd_create("syzkaller", 0) = 3 [pid 301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc41337d000 [pid 301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 301] munmap(0x7fc41337d000, 1048576) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 24.618318][ T28] audit: type=1400 audit(1688332930.417:66): avc: denied { execmem } for pid=298 comm="syz-executor147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 24.638179][ T28] audit: type=1400 audit(1688332930.417:67): avc: denied { read write } for pid=298 comm="syz-executor147" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.656276][ T301] loop0: detected capacity change from 0 to 2048 [pid 301] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 301] close(3) = 0 [pid 301] mkdir("./file0", 0777) = 0 [ 24.662950][ T28] audit: type=1400 audit(1688332930.417:68): avc: denied { open } for pid=298 comm="syz-executor147" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.693037][ T28] audit: type=1400 audit(1688332930.417:69): avc: denied { ioctl } for pid=298 comm="syz-executor147" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.718545][ T28] audit: type=1400 audit(1688332930.477:70): avc: denied { mounton } for pid=300 comm="syz-executor147" path="/root/syzkaller.xy3dxJ/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 24.744397][ T301] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 301] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 301] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 301] chdir("./file0") = 0 [pid 301] ioctl(4, LOOP_CLR_FD) = 0 [pid 301] close(4) = 0 [pid 301] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 0 [pid 300] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 301] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 0 [pid 300] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 301] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 0 [pid 300] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] ftruncate(5, 33587195) = 0 [pid 301] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 0 [pid 300] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] sendfile(4, 5, NULL, 4) = 4 [pid 301] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 0 [pid 300] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7fc41b8767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc41345c000 [pid 300] mprotect(0x7fc41345d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 300] clone(child_stack=0x7fc41347c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[305], tls=0x7fc41347c700, child_tidptr=0x7fc41347c9d0) = 305 [pid 300] futex(0x7fc41b8767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7fc41b8767bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] sendfile(4, 5, NULL, 281474978811909./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x7fc41347c9e0, 24) = 0 [pid 305] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0x2004000) = 0x20000000 [pid 305] futex(0x7fc41b8767bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 0 [pid 300] futex(0x7fc41b8767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7fc41b8767bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] prlimit64(0, RLIMIT_CPU, NULL, [pid 300] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 24.752864][ T28] audit: type=1400 audit(1688332930.557:71): avc: denied { mount } for pid=300 comm="syz-executor147" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 24.764564][ T305] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1098: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.789857][ T28] audit: type=1400 audit(1688332930.557:72): avc: denied { write } for pid=300 comm="syz-executor147" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 24.802616][ T305] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 28 [ 24.823891][ T305] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.823891][ T305] [ 24.833483][ T305] EXT4-fs (loop0): Total free blocks count 0 [ 24.838204][ T28] audit: type=1400 audit(1688332930.557:73): avc: denied { add_name } for pid=300 comm="syz-executor147" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 24.839375][ T305] EXT4-fs (loop0): Free/Dirty block details [pid 305] <... prlimit64 resumed>{rlim_cur=RLIM64_INFINITY, rlim_max=RLIM64_INFINITY}) = 0 [pid 305] futex(0x7fc41b8767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 24.839402][ T305] EXT4-fs (loop0): free_blocks=2415919104 [ 24.871335][ T305] EXT4-fs (loop0): dirty_blocks=1664 [ 24.876384][ T305] EXT4-fs (loop0): Block reservation details [ 24.882180][ T305] EXT4-fs (loop0): i_reserved_data_blocks=127 [ 24.886438][ T28] audit: type=1400 audit(1688332930.557:74): avc: denied { create } for pid=300 comm="syz-executor147" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 24.909675][ T28] audit: type=1400 audit(1688332930.557:75): avc: denied { read write open } for pid=300 comm="syz-executor147" path="/root/syzkaller.xy3dxJ/0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 305] futex(0x7fc41b8767b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] exit_group(0 [pid 305] <... futex resumed>) = ? [pid 300] <... exit_group resumed>) = ? [pid 305] +++ exited with 0 +++ [pid 301] <... sendfile resumed>) = ? [pid 301] +++ exited with 0 +++ [pid 300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=32} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555630b620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 25.002509][ T305] syz-executor147 (305) used greatest stack depth: 22288 bytes left [ 25.015938][ T223] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 64 with max blocks 2048 with error 28 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556313660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556313660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55555630b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555630a5d0) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x55555630a5e0, 24) = 0 [pid 306] chdir("./1") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc41b77d000 [pid 306] mprotect(0x7fc41b77e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] clone(child_stack=0x7fc41b79d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[307], tls=0x7fc41b79d700, child_tidptr=0x7fc41b79d9d0) = 307 [pid 306] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x7fc41b79d9e0, 24) = 0 [pid 307] memfd_create("syzkaller", 0) = 3 [pid 307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc41337d000 [pid 307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 307] munmap(0x7fc41337d000, 1048576) = 0 [pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 307] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 307] close(3) = 0 [pid 307] mkdir("./file0", 0777) = 0 [pid 307] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 307] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 307] chdir("./file0") = 0 [pid 307] ioctl(4, LOOP_CLR_FD) = 0 [pid 307] close(4) = 0 [pid 307] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 307] futex(0x7fc41b8767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 306] <... futex resumed>) = 1 [pid 307] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 306] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... open resumed>) = 4 [pid 307] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 307] futex(0x7fc41b8767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 306] <... futex resumed>) = 0 [pid 307] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 306] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... open resumed>) = 5 [pid 307] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 1 [pid 306] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] ftruncate(5, 33587195) = 0 [pid 307] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] sendfile(4, 5, NULL, 4) = 4 [pid 307] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7fc41b8767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc41345c000 [pid 306] mprotect(0x7fc41345d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] clone(child_stack=0x7fc41347c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 310 attached , parent_tid=[310], tls=0x7fc41347c700, child_tidptr=0x7fc41347c9d0) = 310 [pid 310] set_robust_list(0x7fc41347c9e0, 24 [pid 306] futex(0x7fc41b8767b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] <... set_robust_list resumed>) = 0 [pid 306] <... futex resumed>) = 0 [pid 310] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0x2004000 [pid 306] futex(0x7fc41b8767bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] sendfile(4, 5, NULL, 281474978811909 [pid 310] <... mmap resumed>) = 0x20000000 [pid 310] futex(0x7fc41b8767bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 310] prlimit64(0, RLIMIT_CPU, NULL, [ 25.100064][ T307] loop0: detected capacity change from 0 to 2048 [ 25.124163][ T307] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 306] futex(0x7fc41b8767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 25.153658][ T310] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1098: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.168799][ T310] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 28 [ 25.181030][ T310] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.181030][ T310] [ 25.190752][ T310] EXT4-fs (loop0): Total free blocks count 0 [ 25.196741][ T310] EXT4-fs (loop0): Free/Dirty block details [pid 306] futex(0x7fc41b8767bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 310] <... prlimit64 resumed>{rlim_cur=RLIM64_INFINITY, rlim_max=RLIM64_INFINITY}) = 0 [pid 310] futex(0x7fc41b8767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 25.202453][ T310] EXT4-fs (loop0): free_blocks=2415919104 [ 25.208520][ T310] EXT4-fs (loop0): dirty_blocks=1600 [ 25.213804][ T310] EXT4-fs (loop0): Block reservation details [ 25.219633][ T310] EXT4-fs (loop0): i_reserved_data_blocks=126 [pid 310] futex(0x7fc41b8767b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] exit_group(0) = ? [pid 310] <... futex resumed>) = ? [pid 307] <... sendfile resumed>) = ? [pid 310] +++ exited with 0 +++ [pid 307] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555630b620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 25.351398][ T223] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 64 with max blocks 2048 with error 28 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556313660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556313660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x55555630b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555630a5d0) = 311 ./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x55555630a5e0, 24) = 0 [pid 311] chdir("./2") = 0 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 311] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc41b77d000 [pid 311] mprotect(0x7fc41b77e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 311] clone(child_stack=0x7fc41b79d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[312], tls=0x7fc41b79d700, child_tidptr=0x7fc41b79d9d0) = 312 [pid 311] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 312 attached [pid 312] set_robust_list(0x7fc41b79d9e0, 24) = 0 [pid 312] memfd_create("syzkaller", 0) = 3 [pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc41337d000 [pid 312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 312] munmap(0x7fc41337d000, 1048576) = 0 [pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 312] close(3) = 0 [pid 312] mkdir("./file0", 0777) = 0 [pid 312] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 312] chdir("./file0") = 0 [pid 312] ioctl(4, LOOP_CLR_FD) = 0 [pid 312] close(4) = 0 [pid 312] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = 0 [pid 311] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... futex resumed>) = 1 [pid 312] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 312] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = 0 [pid 311] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... futex resumed>) = 1 [pid 312] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 312] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = 0 [pid 311] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... futex resumed>) = 1 [pid 312] ftruncate(5, 33587195) = 0 [pid 312] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = 0 [pid 311] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... futex resumed>) = 1 [pid 312] sendfile(4, 5, NULL, 4) = 4 [pid 312] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = 0 [pid 311] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7fc41b8767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc41345c000 [pid 311] mprotect(0x7fc41345d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 311] clone(child_stack=0x7fc41347c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[315], tls=0x7fc41347c700, child_tidptr=0x7fc41347c9d0) = 315 [pid 311] futex(0x7fc41b8767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7fc41b8767bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... futex resumed>) = 1 [pid 312] sendfile(4, 5, NULL, 281474978811909./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x7fc41347c9e0, 24) = 0 [pid 315] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0x2004000) = 0x20000000 [pid 315] futex(0x7fc41b8767bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 311] <... futex resumed>) = 0 [pid 311] futex(0x7fc41b8767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7fc41b8767bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 25.447391][ T312] loop0: detected capacity change from 0 to 2048 [ 25.463965][ T312] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 25.482973][ T315] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1098: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 315] prlimit64(0, RLIMIT_CPU, NULL, [pid 311] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 25.497899][ T315] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 14 with error 28 [ 25.510068][ T315] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.510068][ T315] [ 25.519870][ T315] EXT4-fs (loop0): Total free blocks count 0 [ 25.525796][ T315] EXT4-fs (loop0): Free/Dirty block details [ 25.531410][ T315] EXT4-fs (loop0): free_blocks=2415919104 [ 25.537150][ T315] EXT4-fs (loop0): dirty_blocks=1536 [ 25.542313][ T315] EXT4-fs (loop0): Block reservation details [pid 315] <... prlimit64 resumed>{rlim_cur=RLIM64_INFINITY, rlim_max=RLIM64_INFINITY}) = 0 [pid 315] futex(0x7fc41b8767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 25.548274][ T315] EXT4-fs (loop0): i_reserved_data_blocks=122 [pid 315] futex(0x7fc41b8767b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] exit_group(0 [pid 315] <... futex resumed>) = ? [pid 311] <... exit_group resumed>) = ? [pid 315] +++ exited with 0 +++ [pid 312] <... sendfile resumed>) = ? [pid 312] +++ exited with 0 +++ [pid 311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555630b620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 25.679351][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 14 with max blocks 2048 with error 28 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556313660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556313660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x55555630b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555630a5d0) = 318 ./strace-static-x86_64: Process 318 attached [pid 318] set_robust_list(0x55555630a5e0, 24) = 0 [pid 318] chdir("./3") = 0 [pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 318] setpgid(0, 0) = 0 [pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 318] write(3, "1000", 4) = 4 [pid 318] close(3) = 0 [pid 318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 318] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc41b77d000 [pid 318] mprotect(0x7fc41b77e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 318] clone(child_stack=0x7fc41b79d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 319 attached , parent_tid=[319], tls=0x7fc41b79d700, child_tidptr=0x7fc41b79d9d0) = 319 [pid 319] set_robust_list(0x7fc41b79d9e0, 24 [pid 318] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 319] <... set_robust_list resumed>) = 0 [pid 319] memfd_create("syzkaller", 0) = 3 [pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc41337d000 [pid 319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 319] munmap(0x7fc41337d000, 1048576) = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 319] close(3) = 0 [pid 319] mkdir("./file0", 0777) = 0 [pid 319] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 319] chdir("./file0") = 0 [pid 319] ioctl(4, LOOP_CLR_FD) = 0 [pid 319] close(4) = 0 [pid 319] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = 0 [pid 318] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... futex resumed>) = 1 [pid 319] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 319] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 318] <... futex resumed>) = 0 [pid 319] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 318] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... open resumed>) = 5 [pid 318] <... futex resumed>) = 0 [pid 319] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7fc41b8767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 318] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 318] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... futex resumed>) = 0 [pid 319] ftruncate(5, 33587195) = 0 [pid 319] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = 0 [pid 318] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] futex(0x7fc41b8767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... futex resumed>) = 1 [pid 319] sendfile(4, 5, NULL, 4) = 4 [pid 319] futex(0x7fc41b8767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 318] <... futex resumed>) = 0 [pid 318] futex(0x7fc41b8767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] futex(0x7fc41b8767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc41345c000 [pid 318] mprotect(0x7fc41345d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 318] clone(child_stack=0x7fc41347c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 322 attached , parent_tid=[322], tls=0x7fc41347c700, child_tidptr=0x7fc41347c9d0) = 322 [pid 322] set_robust_list(0x7fc41347c9e0, 24 [pid 318] futex(0x7fc41b8767b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... set_robust_list resumed>) = 0 [pid 322] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0x2004000 [pid 318] <... futex resumed>) = 0 [pid 318] futex(0x7fc41b8767bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] sendfile(4, 5, NULL, 281474978811909 [pid 322] <... mmap resumed>) = 0x20000000 [pid 322] futex(0x7fc41b8767bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 322] futex(0x7fc41b8767b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 318] <... futex resumed>) = 0 [pid 322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 318] futex(0x7fc41b8767b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] prlimit64(0, RLIMIT_CPU, NULL, [pid 318] <... futex resumed>) = 0 [ 25.784567][ T319] loop0: detected capacity change from 0 to 2048 [ 25.804108][ T319] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 318] futex(0x7fc41b8767bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... prlimit64 resumed>0x20000080) = -1 EFAULT (Bad address) [pid 322] futex(0x7fc41b8767bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 322] futex(0x7fc41b8767b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 318] <... futex resumed>) = 0 [ 25.826092][ T322] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1098: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.841302][ T319] ------------[ cut here ]------------ [ 25.846602][ T319] kernel BUG at fs/ext4/inline.c:226! [ 25.851800][ T319] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 25.857691][ T319] CPU: 0 PID: 319 Comm: syz-executor147 Not tainted 6.1.25-syzkaller-00155-ged2a228522b9 #0 [ 25.867579][ T319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 25.877477][ T319] RIP: 0010:ext4_write_inline_data+0x3a4/0x3b0 [ 25.883463][ T319] Code: 07 fe c1 38 c1 0f 8c 42 ff ff ff 4c 89 e7 49 89 d6 e8 60 15 cb ff 4c 89 f2 e9 2f ff ff ff e8 53 f9 84 ff 0f 0b e8 4c f9 84 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 [ 25.902905][ T319] RSP: 0018:ffffc90000ea7108 EFLAGS: 00010293 [ 25.908806][ T319] RAX: ffffffff81efeb34 RBX: 000000000000003c RCX: ffff88811d7f9440 [ 25.916616][ T319] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000002000 [ 25.924431][ T319] RBP: ffffc90000ea7170 R08: ffffffff81efe8bd R09: ffffed1021a1bc4b [pid 318] exit_group(0 [pid 322] <... futex resumed>) = ? [ 25.932245][ T319] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000001000 [ 25.940063][ T319] R13: ffffc90000ea7200 R14: 0000000000002000 R15: 0000000000001000 [ 25.947863][ T319] FS: 00007fc41b79d700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 25.956634][ T319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.963057][ T319] CR2: 0000000020000080 CR3: 000000011e099000 CR4: 00000000003506b0 [ 25.970868][ T319] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 318] <... exit_group resumed>) = ? [pid 322] +++ exited with 0 +++ [ 25.978679][ T319] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.986584][ T319] Call Trace: [ 25.989698][ T319] [ 25.992479][ T319] ext4_write_inline_data_end+0x328/0xa90 [ 25.998037][ T319] ? put_page+0xc0/0xc0 [ 26.002026][ T319] ? pipe_zero+0x220/0x220 [ 26.006280][ T319] ext4_da_write_end+0x1ed/0x970 [ 26.011072][ T319] ? ext4_da_write_begin+0x920/0x920 [ 26.016177][ T319] generic_perform_write+0x3e6/0x5c0 [ 26.021306][ T319] ? generic_file_direct_write+0x6b0/0x6b0 [ 26.026938][ T319] ? generic_write_checks_count+0x490/0x490 [ 26.032746][ T319] ? arch_stack_walk+0xf3/0x140 [ 26.037436][ T319] ext4_buffered_write_iter+0x360/0x640 [ 26.042817][ T319] ext4_file_write_iter+0x194/0x1cf0 [ 26.047943][ T319] ? __stack_depot_save+0x36/0x480 [ 26.052884][ T319] ? kasan_set_track+0x60/0x70 [ 26.057483][ T319] ? kasan_set_track+0x4b/0x70 [ 26.062100][ T319] ? kasan_save_alloc_info+0x1f/0x30 [ 26.067207][ T319] ? __kasan_kmalloc+0x9c/0xb0 [ 26.071804][ T319] ? __kmalloc+0xb4/0x1e0 [ 26.075972][ T319] ? iter_file_splice_write+0x278/0xf90 [ 26.081353][ T319] ? direct_splice_actor+0xff/0x130 [ 26.086475][ T319] ? splice_direct_to_actor+0x4b4/0xbb0 [ 26.091859][ T319] ? do_splice_direct+0x27f/0x3c0 [ 26.096735][ T319] ? avc_policy_seqno+0x1b/0x70 [ 26.101406][ T319] ? ext4_file_read_iter+0x470/0x470 [ 26.106526][ T319] ? fsnotify_perm+0x6a/0x5d0 [ 26.111038][ T319] do_iter_write+0x6e6/0xc50 [ 26.115472][ T319] ? vfs_iter_write+0xa0/0xa0 [ 26.119975][ T319] ? __kasan_check_read+0x11/0x20 [ 26.124933][ T319] ? splice_from_pipe_next+0x5e9/0x640 [ 26.130220][ T319] vfs_iter_write+0x7c/0xa0 [ 26.134561][ T319] iter_file_splice_write+0x7f8/0xf90 [ 26.139762][ T319] ? generic_file_read_iter+0xad/0x4e0 [ 26.145079][ T319] ? splice_from_pipe+0x230/0x230 [ 26.149922][ T319] ? splice_shrink_spd+0xb0/0xb0 [ 26.154694][ T319] ? __kasan_check_read+0x11/0x20 [ 26.159568][ T319] ? fsnotify_perm+0x470/0x5d0 [ 26.164180][ T319] ? splice_from_pipe+0x230/0x230 [ 26.169015][ T319] direct_splice_actor+0xff/0x130 [ 26.173875][ T319] splice_direct_to_actor+0x4b4/0xbb0 [ 26.179087][ T319] ? do_splice_direct+0x3c0/0x3c0 [ 26.183943][ T319] ? pipe_to_sendpage+0x340/0x340 [ 26.188812][ T319] ? rw_verify_area+0xa7/0x1c0 [ 26.193406][ T319] do_splice_direct+0x27f/0x3c0 [ 26.198094][ T319] ? splice_direct_to_actor+0xbb0/0xbb0 [ 26.203470][ T319] ? fsnotify_perm+0x6a/0x5d0 [ 26.207988][ T319] ? security_file_permission+0x86/0xb0 [ 26.213381][ T319] do_sendfile+0x616/0xfe0 [ 26.217621][ T319] ? do_preadv+0x350/0x350 [ 26.221873][ T319] ? ptrace_notify+0x249/0x350 [ 26.226494][ T319] __x64_sys_sendfile64+0x1ce/0x230 [ 26.231595][ T319] ? __ia32_sys_sendfile+0x240/0x240 [ 26.236715][ T319] ? syscall_enter_from_user_mode+0x6a/0x190 [ 26.242556][ T319] do_syscall_64+0x3d/0xb0 [ 26.246790][ T319] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 26.252511][ T319] RIP: 0033:0x7fc41b7f15d9 [ 26.256765][ T319] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 26.276207][ T319] RSP: 002b:00007fc41b79d2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 26.284453][ T319] RAX: ffffffffffffffda RBX: 00007fc41b8767a0 RCX: 00007fc41b7f15d9 [ 26.292261][ T319] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 26.300076][ T319] RBP: 00007fc41b843840 R08: 0000000000000000 R09: 0000000000000000 [ 26.307894][ T319] R10: 0001000000201005 R11: 0000000000000246 R12: 00007fc41b8430c0 [ 26.315694][ T319] R13: 0000000020000f40 R14: 0030656c69662f2e R15: 00007fc41b8767a8 [ 26.323523][ T319] [ 26.326370][ T319] Modules linked in: [ 26.330274][ T319] ---[ end trace 0000000000000000 ]--- [ 26.335926][ T319] RIP: 0010:ext4_write_inline_data+0x3a4/0x3b0 [ 26.342035][ T319] Code: 07 fe c1 38 c1 0f 8c 42 ff ff ff 4c 89 e7 49 89 d6 e8 60 15 cb ff 4c 89 f2 e9 2f ff ff ff e8 53 f9 84 ff 0f 0b e8 4c f9 84 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 [ 26.361454][ T319] RSP: 0018:ffffc90000ea7108 EFLAGS: 00010293 [ 26.367303][ T319] RAX: ffffffff81efeb34 RBX: 000000000000003c RCX: ffff88811d7f9440 [ 26.375093][ T319] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000002000 [ 26.382916][ T319] RBP: ffffc90000ea7170 R08: ffffffff81efe8bd R09: ffffed1021a1bc4b [ 26.390705][ T319] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000001000 [ 26.398540][ T319] R13: ffffc90000ea7200 R14: 0000000000002000 R15: 0000000000001000 [ 26.406357][ T319] FS: 00007fc41b79d700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 26.415201][ T319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.421771][ T319] CR2: 0000000020000080 CR3: 000000011e099000 CR4: 00000000003506b0 [ 26.429614][ T319] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.437430][ T319] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.445242][ T319] Kernel panic - not syncing: Fatal exception [ 26.451447][ T319] Kernel Offset: disabled [ 26.455582][ T319] Rebooting in 86400 seconds..