./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3164758244 <...> Warning: Permanently added '10.128.1.172' (ED25519) to the list of known hosts. execve("./syz-executor3164758244", ["./syz-executor3164758244"], 0x7fffc2c49c60 /* 10 vars */) = 0 brk(NULL) = 0x555575a1c000 brk(0x555575a1cd40) = 0x555575a1cd40 arch_prctl(ARCH_SET_FS, 0x555575a1c3c0) = 0 set_tid_address(0x555575a1c690) = 282 set_robust_list(0x555575a1c6a0, 24) = 0 rseq(0x555575a1cce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3164758244", 4096) = 28 getrandom("\x25\xab\xb3\x0e\xdf\x9f\xe5\x3c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555575a1cd40 brk(0x555575a3dd40) = 0x555575a3dd40 brk(0x555575a3e000) = 0x555575a3e000 mprotect(0x7fc22f1e6000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555575a1c690) = 283 ./strace-static-x86_64: Process 283 attached [pid 283] set_robust_list(0x555575a1c6a0, 24) = 0 [pid 282] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] mkdir("./syzkaller.mfCNgL", 0700 [pid 282] <... clone resumed>, child_tidptr=0x555575a1c690) = 284 ./strace-static-x86_64: Process 284 attached [pid 282] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] set_robust_list(0x555575a1c6a0, 24 [pid 283] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 285 attached [pid 282] <... clone resumed>, child_tidptr=0x555575a1c690) = 285 [pid 282] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] <... set_robust_list resumed>) = 0 [pid 283] chmod("./syzkaller.mfCNgL", 0777) = 0 [pid 283] chdir("./syzkaller.mfCNgL") = 0 [pid 283] mkdir("./0", 0777 [pid 284] mkdir("./syzkaller.UejNx1", 0700 [pid 282] <... clone resumed>, child_tidptr=0x555575a1c690) = 286 [pid 285] set_robust_list(0x555575a1c6a0, 24 [pid 283] <... mkdir resumed>) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 286 attached [pid 282] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] <... set_robust_list resumed>) = 0 [pid 284] <... mkdir resumed>) = 0 [pid 283] <... openat resumed>) = 3 [pid 284] chmod("./syzkaller.UejNx1", 0777) = 0 [pid 284] chdir("./syzkaller.UejNx1") = 0 [pid 284] mkdir("./0", 0777) = 0 [pid 282] <... clone resumed>, child_tidptr=0x555575a1c690) = 287 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555575a1c690) = 288 [pid 285] mkdir("./syzkaller.fXI6Lb", 0700) = 0 [pid 285] chmod("./syzkaller.fXI6Lb", 0777) = 0 [pid 285] chdir("./syzkaller.fXI6Lb") = 0 [pid 285] mkdir("./0", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 285] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 285] close(3) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555575a1c690) = 290 [pid 286] set_robust_list(0x555575a1c6a0, 24) = 0 [pid 286] mkdir("./syzkaller.8PM0XW", 0700 [pid 283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 283] close(3) = 0 [pid 286] <... mkdir resumed>) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] chmod("./syzkaller.8PM0XW", 0777./strace-static-x86_64: Process 287 attached ./strace-static-x86_64: Process 288 attached [pid 287] set_robust_list(0x555575a1c6a0, 24./strace-static-x86_64: Process 290 attached [pid 288] set_robust_list(0x555575a1c6a0, 24 [pid 287] <... set_robust_list resumed>) = 0 [pid 288] <... set_robust_list resumed>) = 0 [pid 287] mkdir("./syzkaller.zaPRt1", 0700 [pid 286] <... chmod resumed>) = 0 [pid 288] chdir("./0" [pid 286] chdir("./syzkaller.8PM0XW") = 0 [pid 287] <... mkdir resumed>) = 0 [pid 288] <... chdir resumed>) = 0 [pid 290] set_robust_list(0x555575a1c6a0, 24 [pid 288] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 287] chmod("./syzkaller.zaPRt1", 0777 [pid 290] <... set_robust_list resumed>) = 0 [pid 288] <... prctl resumed>) = 0 [pid 288] setpgid(0, 0 [pid 287] <... chmod resumed>) = 0 [pid 290] chdir("./0" [pid 288] <... setpgid resumed>) = 0 [pid 287] chdir("./syzkaller.zaPRt1" [pid 288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 287] <... chdir resumed>) = 0 [pid 290] <... chdir resumed>) = 0 [pid 286] mkdir("./0", 0777 [pid 288] <... openat resumed>) = 3 [pid 290] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 288] write(3, "1000", 4 [pid 287] mkdir("./0", 0777 [pid 290] <... prctl resumed>) = 0 [pid 288] <... write resumed>) = 4 [pid 286] <... mkdir resumed>) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] <... mkdir resumed>) = 0 [pid 290] setpgid(0, 0 [pid 288] close(3 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] <... setpgid resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 288] symlink("/dev/binderfs", "./binderfs" [pid 287] <... openat resumed>) = 3 [pid 286] <... openat resumed>) = 3 [pid 286] ioctl(3, LOOP_CLR_FD [pid 288] <... symlink resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 290] <... openat resumed>) = 3 [pid 288] write(1, "executing program\n", 18 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) executing program [pid 290] write(3, "1000", 4 [pid 288] <... write resumed>) = 18 [pid 287] close(3 [pid 288] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... close resumed>) = 0 [pid 290] <... write resumed>) = 4 [pid 288] <... futex resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] rt_sigaction(SIGRT_1, {sa_handler=0x7fc22f18b2a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc22f17c450}, [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 286] close(3) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] close(3 [pid 288] <... rt_sigaction resumed>NULL, 8) = 0 [pid 288] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 290] <... close resumed>) = 0 [pid 288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... clone resumed>, child_tidptr=0x555575a1c690) = 291 [pid 290] symlink("/dev/binderfs", "./binderfs" [pid 288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc22f101000 [pid 290] <... symlink resumed>) = 0 [pid 288] mprotect(0x7fc22f102000, 131072, PROT_READ|PROT_WRITE [pid 290] write(1, "executing program\n", 18 [pid 288] <... mprotect resumed>) = 0 executing program [pid 288] rt_sigprocmask(SIG_BLOCK, ~[], [pid 283] <... clone resumed>, child_tidptr=0x555575a1c690) = 292 [pid 290] <... write resumed>) = 18 [pid 288] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc22f121990, parent_tid=0x7fc22f121990, exit_signal=0, stack=0x7fc22f101000, stack_size=0x20300, tls=0x7fc22f1216c0} [pid 290] <... futex resumed>) = 0 [pid 286] <... clone resumed>, child_tidptr=0x555575a1c690) = 293 [pid 288] <... clone3 resumed> => {parent_tid=[294]}, 88) = 294 [pid 290] rt_sigaction(SIGRT_1, {sa_handler=0x7fc22f18b2a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc22f17c450}, [pid 288] rt_sigprocmask(SIG_SETMASK, [], [pid 290] <... rt_sigaction resumed>NULL, 8) = 0 [pid 288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 288] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 288] <... futex resumed>) = 0 [pid 288] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc22f101000 [pid 290] mprotect(0x7fc22f102000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 291 attached ./strace-static-x86_64: Process 292 attached [pid 292] set_robust_list(0x555575a1c6a0, 24) = 0 [pid 292] chdir("./0") = 0 [pid 290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 294 attached [pid 291] set_robust_list(0x555575a1c6a0, 24 [pid 292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 292] setpgid(0, 0) = 0 [pid 292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 294] set_robust_list(0x7fc22f1219a0, 24 [pid 291] <... set_robust_list resumed>) = 0 [pid 290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc22f121990, parent_tid=0x7fc22f121990, exit_signal=0, stack=0x7fc22f101000, stack_size=0x20300, tls=0x7fc22f1216c0}./strace-static-x86_64: Process 293 attached [pid 292] <... openat resumed>) = 3 [pid 293] set_robust_list(0x555575a1c6a0, 24) = 0 [pid 293] chdir("./0" [pid 292] write(3, "1000", 4 [pid 290] <... clone3 resumed> => {parent_tid=[296]}, 88) = 296 [pid 292] <... write resumed>) = 4 [pid 293] <... chdir resumed>) = 0 [pid 292] close(3) = 0 [pid 293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 292] symlink("/dev/binderfs", "./binderfs" [pid 293] setpgid(0, 0 [pid 290] rt_sigprocmask(SIG_SETMASK, [], [pid 293] <... setpgid resumed>) = 0 [pid 291] chdir("./0" [pid 290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 290] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 294] <... set_robust_list resumed>) = 0 [pid 291] <... chdir resumed>) = 0 [pid 290] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 291] prctl(PR_SET_PDEATHSIG, SIGKILL [ 21.360655][ T24] audit: type=1400 audit(1752216602.169:64): avc: denied { execmem } for pid=282 comm="syz-executor316" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.378719][ T24] audit: type=1400 audit(1752216602.189:65): avc: denied { read write } for pid=283 comm="syz-executor316" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 294] rt_sigprocmask(SIG_SETMASK, [], executing program executing program [pid 292] <... symlink resumed>) = 0 [pid 294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... prctl resumed>) = 0 [pid 293] <... openat resumed>) = 3 [pid 292] write(1, "executing program\n", 18 [pid 293] write(3, "1000", 4 [pid 292] <... write resumed>) = 18 [pid 293] <... write resumed>) = 4 [pid 292] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 293] close(3) = 0 [pid 292] <... futex resumed>) = 0 [pid 293] symlink("/dev/binderfs", "./binderfs" [pid 292] rt_sigaction(SIGRT_1, {sa_handler=0x7fc22f18b2a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc22f17c450}, [pid 293] <... symlink resumed>) = 0 [pid 292] <... rt_sigaction resumed>NULL, 8) = 0 [pid 292] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc22f101000 [pid 292] mprotect(0x7fc22f102000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 292] rt_sigprocmask(SIG_BLOCK, ~[], [pid 293] write(1, "executing program\n", 18) = 18 [pid 293] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] rt_sigaction(SIGRT_1, {sa_handler=0x7fc22f18b2a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc22f17c450}, [pid 292] <... rt_sigprocmask resumed>[], 8) = 0 [pid 292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc22f121990, parent_tid=0x7fc22f121990, exit_signal=0, stack=0x7fc22f101000, stack_size=0x20300, tls=0x7fc22f1216c0} [pid 293] <... rt_sigaction resumed>NULL, 8) = 0 [pid 293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc22f101000 [pid 293] mprotect(0x7fc22f102000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 293] rt_sigprocmask(SIG_BLOCK, ~[], [pid 292] <... clone3 resumed> => {parent_tid=[297]}, 88) = 297 [pid 292] rt_sigprocmask(SIG_SETMASK, [], [pid 293] <... rt_sigprocmask resumed>[], 8) = 0 [pid 292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc22f121990, parent_tid=0x7fc22f121990, exit_signal=0, stack=0x7fc22f101000, stack_size=0x20300, tls=0x7fc22f1216c0} [pid 292] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 292] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 293] <... clone3 resumed> => {parent_tid=[298]}, 88) = 298 [pid 293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 293] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x7fc22f1219a0, 24) = 0 [pid 298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] memfd_create("syzkaller", 0) = 3 [pid 298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc226d01000 ./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x7fc22f1219a0, 24) = 0 [pid 297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] memfd_create("syzkaller", 0) = 3 [pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc226d01000 [pid 298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [ 21.410937][ T24] audit: type=1400 audit(1752216602.189:66): avc: denied { open } for pid=283 comm="syz-executor316" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 298] <... write resumed>) = 524288 ./strace-static-x86_64: Process 296 attached [pid 297] <... write resumed>) = 524288 [pid 294] memfd_create("syzkaller", 0 [pid 291] setpgid(0, 0 [pid 298] munmap(0x7fc226d01000, 138412032 [pid 297] munmap(0x7fc226d01000, 138412032 [pid 296] set_robust_list(0x7fc22f1219a0, 24 [pid 291] <... setpgid resumed>) = 0 [pid 294] <... memfd_create resumed>) = 3 [pid 298] <... munmap resumed>) = 0 [pid 297] <... munmap resumed>) = 0 [pid 296] <... set_robust_list resumed>) = 0 [pid 294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... openat resumed>) = 4 [pid 297] <... openat resumed>) = 4 [pid 296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... openat resumed>) = 3 [pid 294] <... mmap resumed>) = 0x7fc226d01000 [pid 291] write(3, "1000", 4 [pid 298] ioctl(4, LOOP_SET_FD, 3 [pid 297] ioctl(4, LOOP_SET_FD, 3 [pid 296] memfd_create("syzkaller", 0 [pid 291] <... write resumed>) = 4 [pid 296] <... memfd_create resumed>) = 3 [pid 296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc226d01000 [pid 296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 291] close(3) = 0 [pid 291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 291] write(1, "executing program\n", 18executing program ) = 18 [pid 291] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] rt_sigaction(SIGRT_1, {sa_handler=0x7fc22f18b2a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc22f17c450}, NULL, 8) = 0 [pid 296] <... write resumed>) = 524288 [pid 296] munmap(0x7fc226d01000, 138412032 [pid 291] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 296] <... munmap resumed>) = 0 [pid 291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 291] <... mmap resumed>) = 0x7fc22f101000 [pid 297] <... ioctl resumed>) = 0 [pid 291] mprotect(0x7fc22f102000, 131072, PROT_READ|PROT_WRITE [pid 297] close(3 [pid 291] <... mprotect resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 297] close(4 [pid 291] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc22f121990, parent_tid=0x7fc22f121990, exit_signal=0, stack=0x7fc22f101000, stack_size=0x20300, tls=0x7fc22f1216c0}./strace-static-x86_64: Process 301 attached => {parent_tid=[301]}, 88) = 301 [pid 298] <... ioctl resumed>) = 0 [pid 291] rt_sigprocmask(SIG_SETMASK, [], [pid 301] set_robust_list(0x7fc22f1219a0, 24 [pid 298] close(3) = 0 [pid 298] close(4 [pid 294] <... write resumed>) = 524288 [pid 294] munmap(0x7fc226d01000, 138412032) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 301] <... set_robust_list resumed>) = 0 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] memfd_create("syzkaller", 0) = 3 [pid 301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc226d01000 [pid 301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 301] munmap(0x7fc226d01000, 138412032) = 0 [ 21.437844][ T24] audit: type=1400 audit(1752216602.189:67): avc: denied { ioctl } for pid=284 comm="syz-executor316" path="/dev/loop1" dev="devtmpfs" ino=116 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 301] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... close resumed>) = 0 [pid 296] <... openat resumed>) = 4 [pid 298] mkdir("./file1", 0777 [pid 296] ioctl(4, LOOP_SET_FD, 3 [pid 298] <... mkdir resumed>) = 0 [ 21.518883][ T298] ====================================================== [ 21.518883][ T298] WARNING: the mand mount option is being deprecated and [ 21.518883][ T298] will be removed in v5.15! [ 21.518883][ T298] ====================================================== [pid 298] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 301] <... openat resumed>) = 4 [pid 297] <... close resumed>) = 0 [pid 294] <... openat resumed>) = 4 [pid 301] ioctl(4, LOOP_SET_FD, 3 [pid 297] mkdir("./file1", 0777 [pid 294] ioctl(4, LOOP_SET_FD, 3 [pid 297] <... mkdir resumed>) = 0 [ 21.518935][ T24] audit: type=1400 audit(1752216602.339:68): avc: denied { mounton } for pid=293 comm="syz-executor316" path="/root/syzkaller.8PM0XW/0/file1" dev="sda1" ino=2039 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 297] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 296] <... ioctl resumed>) = 0 [pid 296] close(3) = 0 [pid 296] close(4) = 0 [pid 296] mkdir("./file1", 0777) = 0 [pid 294] <... ioctl resumed>) = 0 [pid 301] <... ioctl resumed>) = 0 [pid 296] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 294] close(3 [pid 301] close(3 [pid 294] <... close resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 294] close(4 [ 21.674379][ T298] EXT4-fs (loop3): Ignoring removed nobh option [ 21.684156][ T297] EXT4-fs (loop0): Ignoring removed nobh option [ 21.685627][ T296] EXT4-fs (loop2): Ignoring removed nobh option [ 21.690862][ T297] EXT4-fs (loop0): Ignoring removed bh option [ 21.697509][ T296] EXT4-fs (loop2): Ignoring removed bh option [ 21.703273][ T298] EXT4-fs (loop3): Ignoring removed bh option [pid 301] close(4 [pid 294] <... close resumed>) = 0 [pid 294] mkdir("./file1", 0777) = 0 [ 21.708963][ T296] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 21.715296][ T297] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 21.727371][ T298] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 294] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 296] <... mount resumed>) = 0 [pid 297] <... mount resumed>) = 0 [pid 297] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 297] chdir("./file1") = 0 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 296] chdir("./file1") = 0 [ 21.741684][ T296] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 21.754711][ T297] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 21.775804][ T24] audit: type=1400 audit(1752216602.599:69): avc: denied { mount } for pid=290 comm="syz-executor316" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 296] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 301] <... close resumed>) = 0 [pid 301] mkdir("./file1", 0777) = 0 [pid 301] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 297] <... openat resumed>) = 4 [pid 296] <... openat resumed>) = 4 [pid 297] ioctl(4, LOOP_CLR_FD [pid 296] ioctl(4, LOOP_CLR_FD [pid 297] <... ioctl resumed>) = 0 [pid 296] <... ioctl resumed>) = 0 [pid 297] close(4 [pid 296] close(4 [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 297] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [ 21.802597][ T298] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 21.822799][ T301] EXT4-fs (loop4): Ignoring removed nobh option [ 21.851636][ T294] EXT4-fs (loop1): Ignoring removed nobh option [ 21.851983][ T301] EXT4-fs (loop4): Ignoring removed bh option [pid 296] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... mount resumed>) = 0 [pid 297] <... futex resumed>) = 1 [pid 296] <... futex resumed>) = 1 [pid 292] <... futex resumed>) = 0 [pid 298] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 297] futex(0x7fc22f1ec6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] futex(0x7fc22f1ec6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 292] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... futex resumed>) = 0 [pid 298] chdir("./file1") = 0 [pid 297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 292] <... futex resumed>) = 0 [pid 290] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 297] openat(AT_FDCWD, "./file1", O_RDWR [pid 296] <... futex resumed>) = 0 [pid 292] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... futex resumed>) = 1 [pid 298] ioctl(4, LOOP_CLR_FD) = 0 [pid 297] <... openat resumed>) = 4 [pid 296] openat(AT_FDCWD, "./file1", O_RDWR [pid 290] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... openat resumed>) = 4 [pid 297] <... futex resumed>) = 1 [pid 296] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 292] <... futex resumed>) = 0 [pid 297] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 296] <... futex resumed>) = 1 [pid 292] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... futex resumed>) = 0 [pid 297] <... pwrite64 resumed>) = 87490 [pid 296] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 292] <... futex resumed>) = 0 [pid 290] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... pwrite64 resumed>) = 87490 [pid 292] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... futex resumed>) = 1 [pid 296] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 296] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7fc22f1ec6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc22f0e0000 [pid 290] mprotect(0x7fc22f0e1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc22f100990, parent_tid=0x7fc22f100990, exit_signal=0, stack=0x7fc22f0e0000, stack_size=0x20300, tls=0x7fc22f1006c0} => {parent_tid=[313]}, 88) = 313 [pid 290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 290] futex(0x7fc22f1ec6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7fc22f1ec6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... futex resumed>) = 1 [ 21.865198][ T301] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 21.871028][ T294] EXT4-fs (loop1): Ignoring removed bh option [ 21.886233][ T24] audit: type=1400 audit(1752216602.699:70): avc: denied { read write } for pid=292 comm="syz-executor316" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 21.900293][ T296] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor316: Allocating blocks 497-513 which overlap fs metadata [pid 296] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864./strace-static-x86_64: Process 313 attached [pid 298] close(4 [pid 297] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... pwrite64 resumed>) = 176128 [pid 296] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7fc22f1ec6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 292] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 290] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 292] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 292] <... futex resumed>) = 0 [pid 290] <... futex resumed>) = 1 [pid 296] truncate("./file1", 1 [pid 292] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... truncate resumed>) = 0 [pid 296] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 296] futex(0x7fc22f1ec6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] set_robust_list(0x7fc22f1009a0, 24) = 0 [pid 313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 313] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 298] <... close resumed>) = 0 [pid 297] <... futex resumed>) = 1 [pid 292] <... futex resumed>) = 0 [pid 298] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 292] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=29000000} [pid 298] <... futex resumed>) = 1 [pid 297] <... openat resumed>) = 5 [pid 293] <... futex resumed>) = 0 [pid 298] futex(0x7fc22f1ec6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 293] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... futex resumed>) = 1 [pid 293] <... futex resumed>) = 0 [pid 292] <... futex resumed>) = 0 [pid 298] openat(AT_FDCWD, "./file1", O_RDWR [pid 297] futex(0x7fc22f1ec6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 293] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 292] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... openat resumed>) = 4 [pid 297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 292] <... futex resumed>) = 0 [pid 298] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 292] futex(0x7fc22f1ec6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... futex resumed>) = 1 [pid 293] <... futex resumed>) = 0 [pid 292] <... futex resumed>) = 0 [pid 293] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 293] <... futex resumed>) = 0 [pid 292] <... mmap resumed>) = 0x7fc22f0e0000 [pid 293] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 292] mprotect(0x7fc22f0e1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 21.923443][ T294] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 21.923582][ T24] audit: type=1400 audit(1752216602.699:71): avc: denied { open } for pid=292 comm="syz-executor316" path="/root/syzkaller.mfCNgL/0/file1/file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 21.955665][ T313] ------------[ cut here ]------------ [pid 292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc22f100990, parent_tid=0x7fc22f100990, exit_signal=0, stack=0x7fc22f0e0000, stack_size=0x20300, tls=0x7fc22f1006c0}./strace-static-x86_64: Process 317 attached [pid 298] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 317] set_robust_list(0x7fc22f1009a0, 24 [pid 298] <... pwrite64 resumed>) = 87490 [pid 292] <... clone3 resumed> => {parent_tid=[317]}, 88) = 317 [pid 317] <... set_robust_list resumed>) = 0 [pid 298] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 292] rt_sigprocmask(SIG_SETMASK, [], [pid 317] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... futex resumed>) = 1 [pid 293] <... futex resumed>) = 0 [pid 292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] futex(0x7fc22f1ec6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 293] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 21.975854][ T297] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor316: Allocating blocks 497-513 which overlap fs metadata [ 21.990633][ T313] kernel BUG at fs/ext4/extents.c:1014! [ 21.991007][ T301] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 292] futex(0x7fc22f1ec6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 293] <... futex resumed>) = 0 [pid 292] <... futex resumed>) = 0 [pid 298] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 297] <... pwrite64 resumed>) = 176128 [pid 293] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 292] futex(0x7fc22f1ec6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... openat resumed>) = 5 [pid 298] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 293] <... futex resumed>) = 0 [pid 298] futex(0x7fc22f1ec6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 293] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 293] <... futex resumed>) = 0 [ 21.997134][ T313] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 22.021752][ T294] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 22.026570][ T313] CPU: 0 PID: 313 Comm: syz-executor316 Not tainted 5.10.238-syzkaller-00008-g59e9a7228857 #0 [ 22.026575][ T313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [pid 298] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 293] futex(0x7fc22f1ec6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc22f0e0000 [pid 293] mprotect(0x7fc22f0e1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc22f100990, parent_tid=0x7fc22f100990, exit_signal=0, stack=0x7fc22f0e0000, stack_size=0x20300, tls=0x7fc22f1006c0} => {parent_tid=[319]}, 88) = 319 [pid 293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 293] futex(0x7fc22f1ec6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7fc22f1ec6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... pwrite64 resumed>) = 176128 [pid 298] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] futex(0x7fc22f1ec6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 294] <... mount resumed>) = 0 [pid 294] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 294] chdir("./file1") = 0 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 294] ioctl(4, LOOP_CLR_FD) = 0 [pid 294] close(4 [pid 292] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 292] futex(0x7fc22f1ec6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc22f0bf000 [pid 292] mprotect(0x7fc22f0c0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc22f0df990, parent_tid=0x7fc22f0df990, exit_signal=0, stack=0x7fc22f0bf000, stack_size=0x20300, tls=0x7fc22f0df6c0} => {parent_tid=[320]}, 88) = 320 [pid 292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 292] futex(0x7fc22f1ec6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 292] futex(0x7fc22f1ec6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] <... close resumed>) = 0 [pid 294] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... futex resumed>) = 0 [pid 288] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 288] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] <... futex resumed>) = 1 [pid 294] openat(AT_FDCWD, "./file1", O_RDWR [pid 301] <... mount resumed>) = 0 [pid 294] <... openat resumed>) = 4 [pid 301] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 301] chdir("./file1" [pid 294] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... futex resumed>) = 0 [pid 288] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 288] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... chdir resumed>) = 0 [pid 294] <... futex resumed>) = 1 [pid 294] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 301] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 301] ioctl(4, LOOP_CLR_FD) = 0 [ 22.026605][ T313] RIP: 0010:ext4_ext_insert_index+0x52d/0x530 [ 22.026622][ T313] Code: 4c 89 fa e9 ca fd ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c dd fd ff ff 4c 89 f7 e8 ad a2 d3 ff e9 d0 fd ff ff e8 83 b2 99 ff <0f> 0b 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec c0 00 00 [ 22.053673][ T317] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor316: Allocating blocks 497-513 which overlap fs metadata [ 22.060998][ T313] RSP: 0018:ffffc90000dd6b20 EFLAGS: 00010293 [ 22.061010][ T313] RAX: ffffffff81c9e18d RBX: ffff888120947424 RCX: ffff8881214d93c0 [ 22.061015][ T313] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 22.061022][ T313] RBP: ffffc90000dd6b90 R08: dffffc0000000000 R09: ffffed1024186551 [ 22.061027][ T313] R10: ffffed1024186551 R11: 1ffff11024186550 R12: 0000000000000000 [ 22.061032][ T313] R13: 00000000000000cb R14: 00000000fffffffe R15: 0000000000000054 [ 22.061040][ T313] FS: 00007fc22f1006c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 22.061046][ T313] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 301] close(4) = 0 [pid 301] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... futex resumed>) = 0 [pid 291] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] openat(AT_FDCWD, "./file1", O_RDWR [pid 317] <... pwrite64 resumed>) = 176128 [pid 297] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] futex(0x7fc22f1ec6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = 0 [pid 317] <... futex resumed>) = 0 [pid 297] futex(0x7fc22f1ec6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 317] futex(0x7fc22f1ec6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... openat resumed>) = 4 [ 22.061052][ T313] CR2: 000020000002c0bf CR3: 00000001206c7000 CR4: 00000000003506b0 [ 22.061068][ T313] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.075672][ T298] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor316: Allocating blocks 497-513 which overlap fs metadata [ 22.077169][ T313] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.210413][ T313] Call Trace: [ 22.213698][ T313] ext4_ext_insert_extent+0x38c3/0x4530 [ 22.219218][ T313] ? ext4_ext_next_allocated_block+0x2e0/0x2e0 [ 22.225430][ T313] ? get_implied_cluster_alloc+0x526/0x940 [ 22.231214][ T313] ext4_ext_map_blocks+0x148c/0x5d40 [ 22.236480][ T313] ? _raw_write_trylock+0x140/0x140 [ 22.241660][ T313] ? _raw_write_unlock+0x2b/0x60 [ 22.246668][ T313] ? ext4_ext_release+0x10/0x10 [ 22.251520][ T313] ? ext4_fc_track_template+0xb5/0x600 [ 22.256972][ T313] ? ext4_fc_track_range+0x250/0x250 [ 22.262349][ T313] ? ext4_es_lookup_extent+0x32d/0x8c0 [ 22.267796][ T313] ext4_map_blocks+0x978/0x1bc0 [ 22.272627][ T313] ? __kasan_slab_alloc+0xbd/0xf0 [ 22.277629][ T313] ? slab_post_alloc_hook+0x5d/0x2f0 [ 22.282888][ T313] ? kmem_cache_alloc+0x165/0x2e0 [ 22.287901][ T313] ? ext4_issue_zeroout+0x1a0/0x1a0 [ 22.293077][ T313] _ext4_get_block+0x1bb/0x4b0 [ 22.297824][ T313] ? ext4_get_block+0x50/0x50 [ 22.302480][ T313] ? slab_post_alloc_hook+0x7d/0x2f0 [ 22.307740][ T313] ext4_get_block_unwritten+0x2a/0x40 [ 22.313086][ T313] ext4_block_write_begin+0x567/0x1330 [ 22.318523][ T313] ? alloc_page_buffers+0x3aa/0x4a0 [ 22.323697][ T313] ? _ext4_get_block+0x4b0/0x4b0 [ 22.328653][ T313] ? ext4_print_free_blocks+0x2c0/0x2c0 [ 22.334480][ T313] ? __kasan_check_read+0x11/0x20 [ 22.339490][ T313] ? ext4_inode_journal_mode+0x19a/0x480 [ 22.345224][ T313] ext4_write_begin+0x651/0x1550 [ 22.350144][ T313] ? ext4_readahead+0x110/0x110 [ 22.354974][ T313] ? domain_dirty_limits+0x28f/0x3c0 [ 22.360241][ T313] ? ext4_get_group_desc+0x25f/0x2b0 [ 22.365509][ T313] ? __kasan_check_read+0x11/0x20 [ 22.370510][ T313] ? mark_buffer_dirty+0x1cc/0x330 [ 22.375599][ T313] ? __ext4_handle_dirty_metadata+0x2eb/0x7f0 [ 22.381645][ T313] ? __kasan_check_write+0x14/0x20 [ 22.386733][ T313] ext4_da_write_begin+0x455/0xe80 [ 22.391848][ T313] ? ext4_set_page_dirty+0x1a0/0x1a0 [ 22.397122][ T313] ? down_read_killable+0xe0/0xe0 [ 22.402127][ T313] ? __ext4_journal_stop+0x36/0x1a0 [ 22.407299][ T313] ? ext4_write_end+0xa00/0xed0 [ 22.412126][ T313] ? iov_iter_advance+0x1f7/0x750 [ 22.417129][ T313] generic_perform_write+0x2be/0x510 [ 22.422395][ T313] ? grab_cache_page_write_begin+0xb0/0xb0 [ 22.428223][ T313] ? down_write+0xac/0x110 [ 22.432631][ T313] ? down_read_killable+0xe0/0xe0 [ 22.437643][ T313] ? __switch_to+0x50f/0xfc0 [ 22.442212][ T313] ? generic_write_checks+0x3d4/0x480 [ 22.447562][ T313] ext4_buffered_write_iter+0x4b8/0x640 [ 22.453093][ T313] ext4_file_write_iter+0x536/0x1980 [ 22.458359][ T313] ? _raw_spin_unlock_irq+0x4e/0x70 [ 22.463536][ T313] ? finish_task_switch+0x12e/0x5a0 [ 22.468713][ T313] ? avc_policy_seqno+0x1b/0x70 [ 22.473549][ T313] ? selinux_file_permission+0x2a5/0x510 [ 22.479174][ T313] ? ext4_file_read_iter+0x530/0x530 [ 22.484439][ T313] ? security_file_permission+0x83/0xa0 [ 22.489963][ T313] ? iov_iter_init+0x3f/0x120 [ 22.494617][ T313] vfs_write+0x725/0xd60 [ 22.498847][ T313] ? kernel_write+0x3c0/0x3c0 [ 22.503502][ T313] ? ptrace_stop+0x69f/0x9c0 [ 22.508069][ T313] ? __fget_files+0x2c4/0x320 [ 22.512723][ T313] ? __fdget+0x1a1/0x230 [ 22.517202][ T313] ? __x64_sys_pwrite64+0xec/0x220 [ 22.522288][ T313] __x64_sys_pwrite64+0x191/0x220 [ 22.527292][ T313] ? ksys_pwrite64+0x1b0/0x1b0 [ 22.532032][ T313] ? syscall_trace_enter+0x4b/0x170 [ 22.537206][ T313] do_syscall_64+0x31/0x40 [ 22.541598][ T313] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 22.547476][ T313] RIP: 0033:0x7fc22f164e89 [ 22.551869][ T313] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 301] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... futex resumed>) = 0 [pid 291] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 294] <... pwrite64 resumed>) = 87490 [pid 294] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... futex resumed>) = 0 [pid 288] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 288] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] <... futex resumed>) = 1 [pid 294] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 294] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... pwrite64 resumed>) = 87490 [pid 288] <... futex resumed>) = 0 [pid 288] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 288] futex(0x7fc22f1ec6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc22f0e0000 [pid 288] mprotect(0x7fc22f0e1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc22f100990, parent_tid=0x7fc22f100990, exit_signal=0, stack=0x7fc22f0e0000, stack_size=0x20300, tls=0x7fc22f1006c0} => {parent_tid=[321]}, 88) = 321 [pid 288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 288] futex(0x7fc22f1ec6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 288] futex(0x7fc22f1ec6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] <... futex resumed>) = 1 [pid 294] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 301] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... futex resumed>) = 0 [pid 291] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 ./strace-static-x86_64: Process 321 attached [pid 293] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 292] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 291] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 288] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 291] futex(0x7fc22f1ec6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] futex(0x7fc22f1ec6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 293] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... futex resumed>) = 0 [pid 288] <... futex resumed>) = 0 [pid 291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... futex resumed>) = 0 [pid 293] <... futex resumed>) = 1 [pid 291] <... mmap resumed>) = 0x7fc22f0e0000 [pid 288] <... mmap resumed>) = 0x7fc22f0bf000 [pid 291] mprotect(0x7fc22f0e1000, 131072, PROT_READ|PROT_WRITE [pid 288] mprotect(0x7fc22f0c0000, 131072, PROT_READ|PROT_WRITE [pid 291] <... mprotect resumed>) = 0 [pid 288] <... mprotect resumed>) = 0 [pid 321] set_robust_list(0x7fc22f1009a0, 24 [pid 301] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 298] truncate("./file1", 1 [pid 293] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] rt_sigprocmask(SIG_BLOCK, ~[], [pid 288] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... rt_sigprocmask resumed>[], 8) = 0 [pid 321] <... set_robust_list resumed>) = 0 [pid 288] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] <... openat resumed>) = 5 [pid 291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc22f100990, parent_tid=0x7fc22f100990, exit_signal=0, stack=0x7fc22f0e0000, stack_size=0x20300, tls=0x7fc22f1006c0} [pid 288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc22f0df990, parent_tid=0x7fc22f0df990, exit_signal=0, stack=0x7fc22f0bf000, stack_size=0x20300, tls=0x7fc22f0df6c0} [pid 291] <... clone3 resumed> => {parent_tid=[322]}, 88) = 322 [pid 288] <... clone3 resumed> => {parent_tid=[323]}, 88) = 323 [pid 291] rt_sigprocmask(SIG_SETMASK, [], [pid 288] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] futex(0x7fc22f1ec6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] futex(0x7fc22f1ec6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... futex resumed>) = 0 [pid 288] <... futex resumed>) = 0 [pid 291] futex(0x7fc22f1ec6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] futex(0x7fc22f1ec6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... futex resumed>) = 0 [pid 291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc22f0bf000 [pid 291] mprotect(0x7fc22f0c0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 291] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc22f0df990, parent_tid=0x7fc22f0df990, exit_signal=0, stack=0x7fc22f0bf000, stack_size=0x20300, tls=0x7fc22f0df6c0} => {parent_tid=[324]}, 88) = 324 [pid 291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 291] futex(0x7fc22f1ec6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] futex(0x7fc22f1ec6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... truncate resumed>) = 0 [pid 321] rt_sigprocmask(SIG_SETMASK, [], [pid 301] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 22.571542][ T313] RSP: 002b:00007fc22f100218 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 22.579930][ T313] RAX: ffffffffffffffda RBX: 00007fc22f1ec6d8 RCX: 00007fc22f164e89 [ 22.587888][ T313] RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000005 [ 22.595882][ T313] RBP: 00007fc22f1ec6d0 R08: 00007fff33d14ee7 R09: 0000000000000000 [ 22.603852][ T313] R10: 0000000000009000 R11: 0000000000000246 R12: 00007fc22f1b9614 [ 22.611809][ T313] R13: 0031656c69662f2e R14: 00007fff33d14e00 R15: 00007fff33d14ee8 [ 22.619762][ T313] Modules linked in: ./strace-static-x86_64: Process 324 attached ./strace-static-x86_64: Process 323 attached ./strace-static-x86_64: Process 322 attached ./strace-static-x86_64: Process 320 attached ./strace-static-x86_64: Process 319 attached [pid 321] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 301] <... futex resumed>) = 0 [pid 298] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] set_robust_list(0x7fc22f0df9a0, 24 [pid 323] set_robust_list(0x7fc22f0df9a0, 24 [pid 322] set_robust_list(0x7fc22f1009a0, 24 [pid 320] set_robust_list(0x7fc22f0df9a0, 24 [pid 319] set_robust_list(0x7fc22f1009a0, 24 [pid 301] futex(0x7fc22f1ec6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] <... futex resumed>) = 1 [pid 293] <... futex resumed>) = 0 [pid 324] <... set_robust_list resumed>) = 0 [pid 324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 324] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 323] <... set_robust_list resumed>) = 0 [pid 322] <... set_robust_list resumed>) = 0 [pid 320] <... set_robust_list resumed>) = 0 [pid 319] <... set_robust_list resumed>) = 0 [pid 298] futex(0x7fc22f1ec6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 294] <... pwrite64 resumed>) = 176128 [pid 294] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 294] futex(0x7fc22f1ec6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 323] truncate("./file1", 1) = 0 [pid 323] futex(0x7fc22f1ec6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... futex resumed>) = 0 [pid 323] <... futex resumed>) = 1 [pid 323] futex(0x7fc22f1ec6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 22.630450][ T313] ---[ end trace de1ed338089d1dda ]--- [ 22.634368][ T294] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor316: Allocating blocks 497-513 which overlap fs metadata [ 22.640186][ T313] RIP: 0010:ext4_ext_insert_index+0x52d/0x530 [ 22.656195][ T324] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor316: Allocating blocks 497-513 which overlap fs metadata [pid 322] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 320] truncate("./file1", 1 [pid 291] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 291] futex(0x7fc22f1ec6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 291] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] <... truncate resumed>) = 0 [pid 320] futex(0x7fc22f1ec6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7fc22f1ec6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 319] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 292] exit_group(0 [pid 317] <... futex resumed>) = ? [pid 292] <... exit_group resumed>) = ? [pid 317] +++ exited with 0 +++ [pid 320] <... futex resumed>) = ? [pid 320] +++ exited with 0 +++ [pid 301] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = ? [pid 324] <... pwrite64 resumed>) = 176128 [pid 297] +++ exited with 0 +++ [pid 292] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=292, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 324] futex(0x7fc22f1ec6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7fc22f1ec6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 283] <... restart_syscall resumed>) = 0 [pid 283] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] futex(0x7fc22f1ec6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 283] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 283] <... openat resumed>) = 3 [ 22.656713][ T313] Code: 4c 89 fa e9 ca fd ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c dd fd ff ff 4c 89 f7 e8 ad a2 d3 ff e9 d0 fd ff ff e8 83 b2 99 ff <0f> 0b 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec c0 00 00 [ 22.687040][ T319] ------------[ cut here ]------------ [ 22.695130][ T321] ------------[ cut here ]------------ [ 22.697181][ T322] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor316: Allocating blocks 497-513 which overlap fs metadata [ 22.717261][ T321] kernel BUG at fs/ext4/extents.c:1014! [ 22.718671][ T319] kernel BUG at fs/ext4/extents.c:1014! [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x555575a1d730 /* 4 entries */, 32768) = 112 [ 22.722911][ T313] RSP: 0018:ffffc90000dd6b20 EFLAGS: 00010293 [ 22.733778][ T24] audit: type=1400 audit(1752216603.539:72): avc: denied { unmount } for pid=283 comm="syz-executor316" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 22.736987][ T313] RAX: ffffffff81c9e18d RBX: ffff888120947424 RCX: ffff8881214d93c0 [ 22.757583][ T321] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 22.764975][ T313] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 22.770839][ T321] CPU: 0 PID: 321 Comm: syz-executor316 Tainted: G D 5.10.238-syzkaller-00008-g59e9a7228857 #0 [ 22.770844][ T321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 22.770867][ T321] RIP: 0010:ext4_ext_insert_index+0x52d/0x530 [ 22.778881][ T313] RBP: ffffc90000dd6b90 R08: dffffc0000000000 R09: ffffed1024186551 [ 22.790413][ T321] Code: 4c 89 fa e9 ca fd ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c dd fd ff ff 4c 89 f7 e8 ad a2 d3 ff e9 d0 fd ff ff e8 83 b2 99 ff <0f> 0b 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec c0 00 00 [ 22.790420][ T321] RSP: 0018:ffffc90000e56b20 EFLAGS: 00010293 [ 22.801043][ T313] R10: ffffed1024186551 R11: 1ffff11024186550 R12: 0000000000000000 [ 22.806633][ T321] RAX: ffffffff81c9e18d RBX: ffff888121108424 RCX: ffff88810ac84f00 [ 22.806639][ T321] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 22.806645][ T321] RBP: ffffc90000e56b90 R08: dffffc0000000000 R09: ffffed102418f055 [ 22.806651][ T321] R10: ffffed102418f055 R11: 1ffff1102418f054 R12: 0000000000000000 [ 22.806656][ T321] R13: 00000000000000cb R14: 00000000fffffffe R15: 0000000000000054 [ 22.806672][ T321] FS: 00007fc22f1006c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 22.815003][ T313] R13: 00000000000000cb R14: 00000000fffffffe R15: 0000000000000054 [ 22.834223][ T321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.834229][ T321] CR2: 0000555575a25738 CR3: 0000000120691000 CR4: 00000000003506b0 [ 22.834237][ T321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.834242][ T321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.834245][ T321] Call Trace: [ 22.834261][ T321] ext4_ext_insert_extent+0x38c3/0x4530 [ 22.834273][ T321] ? ext4_ext_next_allocated_block+0x2e0/0x2e0 [ 22.834280][ T321] ? get_implied_cluster_alloc+0x526/0x940 [ 22.834294][ T321] ext4_ext_map_blocks+0x148c/0x5d40 [ 22.840511][ T313] FS: 00007fc22f1006c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 22.848288][ T321] ? _raw_write_trylock+0x140/0x140 [ 22.848299][ T321] ? __kasan_check_write+0x14/0x20 [ 22.848314][ T321] ? _raw_spin_lock+0xe0/0xe0 [ 22.985648][ T321] ? ext4_ext_release+0x10/0x10 [ 22.990580][ T321] ? ext4_fc_track_template+0xb5/0x600 [ 22.996207][ T321] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 23.002075][ T321] ? ext4_es_lookup_extent+0x32d/0x8c0 [ 23.007591][ T321] ext4_map_blocks+0x978/0x1bc0 [ 23.012428][ T321] ? __kasan_slab_alloc+0xbd/0xf0 [ 23.017448][ T321] ? slab_post_alloc_hook+0x5d/0x2f0 [ 23.022701][ T321] ? kmem_cache_alloc+0x165/0x2e0 [ 23.028233][ T321] ? ext4_issue_zeroout+0x1a0/0x1a0 [ 23.033400][ T321] _ext4_get_block+0x1bb/0x4b0 [ 23.038133][ T321] ? ext4_get_block+0x50/0x50 [ 23.042786][ T321] ? slab_post_alloc_hook+0x7d/0x2f0 [ 23.048581][ T321] ext4_get_block_unwritten+0x2a/0x40 [ 23.054012][ T321] ext4_block_write_begin+0x567/0x1330 [ 23.059447][ T321] ? alloc_page_buffers+0x3aa/0x4a0 [ 23.064636][ T321] ? _ext4_get_block+0x4b0/0x4b0 [ 23.069635][ T321] ? ext4_print_free_blocks+0x2c0/0x2c0 [ 23.075151][ T321] ? __kasan_check_read+0x11/0x20 [ 23.080148][ T321] ? ext4_inode_journal_mode+0x19a/0x480 [ 23.085750][ T321] ext4_write_begin+0x651/0x1550 [ 23.090657][ T321] ? ext4_readahead+0x110/0x110 [ 23.095475][ T321] ? domain_dirty_limits+0x28f/0x3c0 [ 23.100820][ T321] ? ext4_get_group_desc+0x25f/0x2b0 [ 23.106075][ T321] ? __kasan_check_read+0x11/0x20 [ 23.111068][ T321] ? mark_buffer_dirty+0x1cc/0x330 [ 23.116150][ T321] ? __ext4_handle_dirty_metadata+0x2eb/0x7f0 [ 23.122182][ T321] ? __kasan_check_write+0x14/0x20 [ 23.127696][ T321] ext4_da_write_begin+0x455/0xe80 [ 23.132775][ T321] ? ext4_set_page_dirty+0x1a0/0x1a0 [ 23.138033][ T321] ? down_read_killable+0xe0/0xe0 [ 23.143028][ T321] ? __ext4_journal_stop+0x36/0x1a0 [ 23.148192][ T321] ? ext4_write_end+0xa00/0xed0 [ 23.153035][ T321] ? iov_iter_advance+0x1f7/0x750 [ 23.158139][ T321] generic_perform_write+0x2be/0x510 [ 23.163702][ T321] ? preempt_count_add+0x90/0x1b0 [ 23.168709][ T321] ? grab_cache_page_write_begin+0xb0/0xb0 [ 23.174485][ T321] ? down_write+0x104/0x110 [ 23.178957][ T321] ? down_read_killable+0xe0/0xe0 [ 23.183966][ T321] ? __switch_to+0x50f/0xfc0 [ 23.188531][ T321] ? generic_write_checks+0x3d4/0x480 [ 23.193880][ T321] ext4_buffered_write_iter+0x4b8/0x640 [ 23.199397][ T321] ext4_file_write_iter+0x536/0x1980 [ 23.204653][ T321] ? _raw_spin_unlock_irq+0x4e/0x70 [ 23.209844][ T321] ? finish_task_switch+0x12e/0x5a0 [ 23.215017][ T321] ? avc_policy_seqno+0x1b/0x70 [ 23.219852][ T321] ? selinux_file_permission+0x2a5/0x510 [ 23.225457][ T321] ? ext4_file_read_iter+0x530/0x530 [ 23.230712][ T321] ? security_file_permission+0x83/0xa0 [ 23.236240][ T321] ? iov_iter_init+0x3f/0x120 [ 23.240899][ T321] vfs_write+0x725/0xd60 [ 23.245132][ T321] ? kernel_write+0x3c0/0x3c0 [ 23.249780][ T321] ? ptrace_stop+0x69f/0x9c0 [ 23.254339][ T321] ? __fget_files+0x2c4/0x320 [ 23.258988][ T321] ? __fdget+0x1a1/0x230 [ 23.263200][ T321] ? __x64_sys_pwrite64+0xec/0x220 [ 23.268292][ T321] __x64_sys_pwrite64+0x191/0x220 [ 23.273289][ T321] ? ksys_pwrite64+0x1b0/0x1b0 [ 23.278021][ T321] ? syscall_trace_enter+0x4b/0x170 [ 23.283189][ T321] do_syscall_64+0x31/0x40 [ 23.287578][ T321] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.293450][ T321] RIP: 0033:0x7fc22f164e89 [ 23.297836][ T321] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 23.317411][ T321] RSP: 002b:00007fc22f100218 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 23.325797][ T321] RAX: ffffffffffffffda RBX: 00007fc22f1ec6d8 RCX: 00007fc22f164e89 [pid 283] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 322] <... pwrite64 resumed>) = 176128 [pid 301] truncate("./file1", 1) = 0 [pid 301] futex(0x7fc22f1ec6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 23.333758][ T321] RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000005 [ 23.341703][ T321] RBP: 00007fc22f1ec6d0 R08: 00007fff33d14ee7 R09: 0000000000000000 [ 23.349647][ T321] R10: 0000000000009000 R11: 0000000000000246 R12: 00007fc22f1b9614 [ 23.357791][ T321] R13: 0031656c69662f2e R14: 00007fff33d14e00 R15: 00007fff33d14ee8 [ 23.365785][ T321] Modules linked in: [ 23.369729][ T319] invalid opcode: 0000 [#3] PREEMPT SMP KASAN [ 23.374476][ T321] ---[ end trace de1ed338089d1ddb ]--- [ 23.375842][ T319] CPU: 1 PID: 319 Comm: syz-executor316 Tainted: G D 5.10.238-syzkaller-00008-g59e9a7228857 #0 [ 23.375847][ T319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 23.375865][ T319] RIP: 0010:ext4_ext_insert_index+0x52d/0x530 [ 23.375875][ T319] Code: 4c 89 fa e9 ca fd ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c dd fd ff ff 4c 89 f7 e8 ad a2 d3 ff e9 d0 fd ff ff e8 83 b2 99 ff <0f> 0b 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec c0 00 00 [ 23.375881][ T319] RSP: 0018:ffffc90000e36b20 EFLAGS: 00010293 [ 23.375893][ T319] RAX: ffffffff81c9e18d RBX: ffff8881210a1424 RCX: ffff88810ac162c0 [ 23.375899][ T319] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 23.375907][ T319] RBP: ffffc90000e36b90 R08: dffffc0000000000 R09: ffffed10241916be [ 23.375914][ T319] R10: ffffed10241916be R11: 1ffff110241916bd R12: 0000000000000000 [ 23.375919][ T319] R13: 00000000000000cb R14: 00000000fffffffe R15: 0000000000000054 [ 23.375926][ T319] FS: 00007fc22f1006c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 23.375942][ T319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.381697][ T321] RIP: 0010:ext4_ext_insert_index+0x52d/0x530 [ 23.393059][ T319] CR2: 0000200000002000 CR3: 000000012070f000 CR4: 00000000003506a0 [ 23.393069][ T319] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.393073][ T319] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.393076][ T319] Call Trace: [ 23.393092][ T319] ext4_ext_insert_extent+0x38c3/0x4530 [ 23.393109][ T319] ? ext4_ext_next_allocated_block+0x2e0/0x2e0 [ 23.403443][ T321] Code: 4c 89 fa e9 ca fd ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c dd fd ff ff 4c 89 f7 e8 ad a2 d3 ff e9 d0 fd ff ff e8 83 b2 99 ff <0f> 0b 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec c0 00 00 [ 23.409187][ T319] ? get_implied_cluster_alloc+0x526/0x940 [ 23.409205][ T319] ext4_ext_map_blocks+0x148c/0x5d40 [ 23.429252][ T321] RSP: 0018:ffffc90000dd6b20 EFLAGS: 00010293 [ 23.434970][ T319] ? _raw_write_trylock+0x140/0x140 [ 23.434981][ T319] ? _raw_write_unlock+0x2b/0x60 [ 23.434992][ T319] ? ext4_ext_release+0x10/0x10 [ 23.435001][ T319] ? ext4_fc_track_template+0xb5/0x600 [ 23.435009][ T319] ? ext4_fc_track_range+0x250/0x250 [ 23.435020][ T319] ? ext4_es_lookup_extent+0x32d/0x8c0 [ 23.435028][ T319] ext4_map_blocks+0x978/0x1bc0 [ 23.435046][ T319] ? __kasan_slab_alloc+0xbd/0xf0 [ 23.443349][ T321] [ 23.450948][ T319] ? slab_post_alloc_hook+0x5d/0x2f0 [ 23.450957][ T319] ? kmem_cache_alloc+0x165/0x2e0 [ 23.450975][ T319] ? ext4_issue_zeroout+0x1a0/0x1a0 [ 23.459206][ T321] RAX: ffffffff81c9e18d RBX: ffff888120947424 RCX: ffff8881214d93c0 [ 23.466876][ T319] _ext4_get_block+0x1bb/0x4b0 [ 23.466886][ T319] ? ext4_get_block+0x50/0x50 [ 23.466903][ T319] ? slab_post_alloc_hook+0x7d/0x2f0 [ 23.475122][ T321] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 23.483855][ T319] ext4_get_block_unwritten+0x2a/0x40 [ 23.483863][ T319] ext4_block_write_begin+0x567/0x1330 [ 23.483876][ T319] ? alloc_page_buffers+0x3aa/0x4a0 [ 23.483883][ T319] ? _ext4_get_block+0x4b0/0x4b0 [ 23.483897][ T319] ? ext4_print_free_blocks+0x2c0/0x2c0 [ 23.490793][ T321] RBP: ffffc90000dd6b90 R08: dffffc0000000000 R09: ffffed1024186551 [ 23.497919][ T319] ? __kasan_check_read+0x11/0x20 [ 23.497930][ T319] ? ext4_inode_journal_mode+0x19a/0x480 [ 23.497940][ T319] ext4_write_begin+0x651/0x1550 [ 23.497953][ T319] ? ext4_readahead+0x110/0x110 [ 23.497972][ T319] ? domain_dirty_limits+0x28f/0x3c0 [ 23.506229][ T321] R10: ffffed1024186551 R11: 1ffff11024186550 R12: 0000000000000000 [ 23.513914][ T319] ? ext4_get_group_desc+0x25f/0x2b0 [ 23.513924][ T319] ? __kasan_check_read+0x11/0x20 [ 23.513942][ T319] ? mark_buffer_dirty+0x1cc/0x330 [ 23.522146][ T321] R13: 00000000000000cb R14: 00000000fffffffe R15: 0000000000000054 [ 23.525149][ T319] ? __ext4_handle_dirty_metadata+0x2eb/0x7f0 [ 23.525160][ T319] ? __kasan_check_write+0x14/0x20 [ 23.525174][ T319] ext4_da_write_begin+0x455/0xe80 [ 23.530858][ T321] FS: 00007fc22f1006c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.536920][ T319] ? ext4_set_page_dirty+0x1a0/0x1a0 [ 23.536931][ T319] ? down_read_killable+0xe0/0xe0 [ 23.536942][ T319] ? __ext4_journal_stop+0x36/0x1a0 [ 23.536949][ T319] ? ext4_write_end+0xa00/0xed0 [ 23.536959][ T319] ? iov_iter_advance+0x1f7/0x750 [ 23.536978][ T319] generic_perform_write+0x2be/0x510 [ 23.556869][ T321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.562345][ T319] ? preempt_count_add+0x90/0x1b0 [ 23.562366][ T319] ? grab_cache_page_write_begin+0xb0/0xb0 [ 23.567886][ T321] CR2: 0000555575a25738 CR3: 0000000120691000 CR4: 00000000003506b0 [ 23.573662][ T319] ? down_write+0xac/0x110 [ 23.573672][ T319] ? down_read_killable+0xe0/0xe0 [ 23.573679][ T319] ? __switch_to+0x50f/0xfc0 [ 23.573695][ T319] ? generic_write_checks+0x3d4/0x480 [ 23.579201][ T321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.583856][ T319] ext4_buffered_write_iter+0x4b8/0x640 [ 23.583867][ T319] ext4_file_write_iter+0x536/0x1980 [ 23.583884][ T319] ? _raw_spin_unlock_irq+0x4e/0x70 [ 23.589445][ T321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.594507][ T319] ? finish_task_switch+0x12e/0x5a0 [ 23.594517][ T319] ? avc_policy_seqno+0x1b/0x70 [ 23.594526][ T319] ? selinux_file_permission+0x2a5/0x510 [ 23.594536][ T319] ? ext4_file_read_iter+0x530/0x530 [ 23.594546][ T319] ? security_file_permission+0x83/0xa0 [ 23.594555][ T319] ? iov_iter_init+0x3f/0x120 [ 23.594571][ T319] vfs_write+0x725/0xd60 [ 23.600358][ T321] Kernel panic - not syncing: Fatal exception [ 23.605459][ T319] ? kernel_write+0x3c0/0x3c0 [ 23.934114][ T319] ? ptrace_stop+0x69f/0x9c0 [ 23.938743][ T319] ? __fget_files+0x2c4/0x320 [ 23.943431][ T319] ? __fdget+0x1a1/0x230 [ 23.947657][ T319] ? __x64_sys_pwrite64+0xec/0x220 [ 23.952750][ T319] __x64_sys_pwrite64+0x191/0x220 [ 23.957760][ T319] ? ksys_pwrite64+0x1b0/0x1b0 [ 23.962506][ T319] ? syscall_trace_enter+0x4b/0x170 [ 23.967692][ T319] do_syscall_64+0x31/0x40 [ 23.972104][ T319] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.977983][ T319] RIP: 0033:0x7fc22f164e89 [ 23.982402][ T319] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 24.002005][ T319] RSP: 002b:00007fc22f100218 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 24.010401][ T319] RAX: ffffffffffffffda RBX: 00007fc22f1ec6d8 RCX: 00007fc22f164e89 [ 24.018352][ T319] RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000005 [ 24.026318][ T319] RBP: 00007fc22f1ec6d0 R08: 00007fff33d14ee7 R09: 0000000000000000 [ 24.034278][ T319] R10: 0000000000009000 R11: 0000000000000246 R12: 00007fc22f1b9614 [ 24.042235][ T319] R13: 0031656c69662f2e R14: 00007fff33d14e00 R15: 00007fff33d14ee8 [ 24.050194][ T319] Modules linked in: [ 24.054370][ T321] Kernel Offset: disabled [ 24.058700][ T321] Rebooting in 86400 seconds..