./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1177003605

<...>
Warning: Permanently added '10.128.1.59' (ED25519) to the list of known hosts.
execve("./syz-executor1177003605", ["./syz-executor1177003605"], 0x7ffef9efd680 /* 10 vars */) = 0
brk(NULL)                               = 0x55558d571000
brk(0x55558d571d00)                     = 0x55558d571d00
arch_prctl(ARCH_SET_FS, 0x55558d571380) = 0
set_tid_address(0x55558d571650)         = 294
set_robust_list(0x55558d571660, 24)     = 0
rseq(0x55558d571ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1177003605", 4096) = 28
getrandom("\xe7\x41\x00\xb6\xb9\x17\x09\x6b", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55558d571d00
brk(0x55558d592d00)                     = 0x55558d592d00
brk(0x55558d593000)                     = 0x55558d593000
mprotect(0x7ff9166a3000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
executing program
write(1, "executing program\n", 18)     = 18
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff90e1f2000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
munmap(0x7ff90e1f2000, 138412032)       = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
[   23.464385][   T30] audit: type=1400 audit(1743505701.569:66): avc:  denied  { execmem } for  pid=294 comm="syz-executor117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
[   23.498584][   T30] audit: type=1400 audit(1743505701.599:67): avc:  denied  { read write } for  pid=294 comm="syz-executor117" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   23.524166][  T294] loop0: detected capacity change from 0 to 4096
[   23.530369][   T30] audit: type=1400 audit(1743505701.599:68): avc:  denied  { open } for  pid=294 comm="syz-executor117" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   23.556472][   T30] audit: type=1400 audit(1743505701.629:69): avc:  denied  { ioctl } for  pid=294 comm="syz-executor117" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
close(4)                                = 0
mkdir("./file0", 0777)                  = 0
[   23.632003][   T30] audit: type=1400 audit(1743505701.739:70): avc:  denied  { mounton } for  pid=294 comm="syz-executor117" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
writev(-1, [{iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base="\x43\xa4\xad\x53\x49\x7d\xe0\x32\x75\xd7\xe9\x0e\x89\x0f\xbd\x3e\xd3\xd4\xb1\x42\xce\x0b\xd9\x2a\x5a\x8b\x52\x09\x32\x5a\x5a\xd6\x7f\xd2\x7c\x6e\x49\x41\xee\x4a\x0c\x5a\xe7\xd4\x40\x26\x2d\xc5\xf6\x8a\xe2\xfa\xbd\x93\xf9\x39\x8e\x51\x7f\xd0\x56\xcd\xbb\x6f\xcb\x0c\xfc\x02\x95\xa2\xe3\xf3\x6a\x09\x62\x73\x1c\x3a\x34\x34\x08\x9d\x88\x06\x8d\xce\x88\xe2\xd3\x1e\x3c\x24\x1e\xa7\xd0\xee\xc7\x29\x3f\xaa"..., iov_len=140}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], 6) = -1 EBADF (Bad file descriptor)
creat("./file1", 000)                   = 4
open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
mount("/dev/loop0", "./bus", NULL, MS_BIND|MS_STRICTATIME, NULL) = 0
open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6
[   23.753300][  T294] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   23.764330][   T30] audit: type=1400 audit(1743505701.869:71): avc:  denied  { mount } for  pid=294 comm="syz-executor117" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
write(6, "\x23\x21\x20\x0a\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 2097152
mount("./file1", "./file1", NULL, MS_NOSUID|MS_BIND|MS_MOVE, NULL) = 0
mkdir("./file1", 0777)                  = -1 EEXIST (File exists)
[   23.793350][   T30] audit: type=1400 audit(1743505701.869:72): avc:  denied  { write } for  pid=294 comm="syz-executor117" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   23.814485][  T294] ================================================================================
[   23.815323][   T30] audit: type=1400 audit(1743505701.869:73): avc:  denied  { add_name } for  pid=294 comm="syz-executor117" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   23.824495][  T294] UBSAN: shift-out-of-bounds in fs/ext4/super.c:2494:15
[   23.845677][   T30] audit: type=1400 audit(1743505701.869:74): avc:  denied  { create } for  pid=294 comm="syz-executor117" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   23.852646][  T294] shift exponent 156404570 is too large for 32-bit type 'int'
[   23.873646][   T30] audit: type=1400 audit(1743505701.869:75): avc:  denied  { write } for  pid=294 comm="syz-executor117" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   23.881033][  T294] CPU: 0 PID: 294 Comm: syz-executor117 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0
[   23.913399][  T294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   23.923301][  T294] Call Trace:
[   23.926627][  T294]  <TASK>
[   23.929682][  T294]  dump_stack_lvl+0x151/0x1c0
[   23.934197][  T294]  ? io_uring_drop_tctx_refs+0x190/0x190
[   23.939669][  T294]  dump_stack+0x15/0x20
[   23.943650][  T294]  __ubsan_handle_shift_out_of_bounds+0x3bf/0x420
[   23.950305][  T294]  parse_options+0x2c9d/0x2d20
[   23.955027][  T294]  ? ext4_superblock_csum_verify+0x420/0x420
[   23.960829][  T294]  ? memcpy+0x56/0x70
[   23.964737][  T294]  ext4_remount+0x8ff/0x2cf0
[   23.969363][  T294]  ? alloc_fs_context+0x674/0x830
[   23.974216][  T294]  ? avc_has_perm_noaudit+0x348/0x430
[   23.979449][  T294]  ? ext4_statfs+0xe00/0xe00
[   23.984567][  T294]  ? shrink_dcache_sb+0x144/0x190
[   23.989548][  T294]  ? dentry_lru_isolate+0x330/0x330
[   23.994802][  T294]  ? ext4_statfs+0xe00/0xe00
[   23.999256][  T294]  legacy_reconfigure+0xfa/0x110
[   24.004137][  T294]  reconfigure_super+0x436/0x860
[   24.009385][  T294]  path_mount+0xcc3/0x1070
[   24.013646][  T294]  __se_sys_mount+0x2c4/0x3b0
[   24.018150][  T294]  ? __x64_sys_mount+0xd0/0xd0
[   24.022763][  T294]  ? __kasan_check_write+0x14/0x20
[   24.027705][  T294]  __x64_sys_mount+0xbf/0xd0
[   24.032142][  T294]  x64_sys_call+0x49d/0x9a0
[   24.036457][  T294]  do_syscall_64+0x3b/0xb0
[   24.040711][  T294]  ? clear_bhb_loop+0x35/0x90
[   24.045229][  T294]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   24.050970][  T294] RIP: 0033:0x7ff916630cfa
[   24.055222][  T294] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   24.075050][  T294] RSP: 002b:00007ffc16fb4248 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   24.083404][  T294] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff916630cfa
[   24.091204][  T294] RDX: 0000200000002040 RSI: 0000200000002080 RDI: 0000000000000000
mount(NULL, "./file1", 0x200000002040, MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_SILENT, "") = 0
openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = -1 ENOTDIR (Not a directory)
exit_group(0)                           = ?
+++ exited with 0 +++
[   24.099276][  T294] RBP: 0000200000002080 R08: 00007ffc16fb42