./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3647355019

<...>
Warning: Permanently added '10.128.0.85' (ED25519) to the list of known hosts.
execve("./syz-executor3647355019", ["./syz-executor3647355019"], 0x7ffc042ebe90 /* 10 vars */) = 0
brk(NULL)                               = 0x55558e71f000
brk(0x55558e71fd00)                     = 0x55558e71fd00
arch_prctl(ARCH_SET_FS, 0x55558e71f380) = 0
set_tid_address(0x55558e71f650)         = 296
set_robust_list(0x55558e71f660, 24)     = 0
rseq(0x55558e71fca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3647355019", 4096) = 28
getrandom("\x7f\xde\x63\xaa\x2d\x6b\x30\x03", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55558e71fd00
brk(0x55558e740d00)                     = 0x55558e740d00
brk(0x55558e741000)                     = 0x55558e741000
mprotect(0x7f53bbc31000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
write(1, "executing program\n", 18executing program
)     = 18
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53b3781000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
munmap(0x7f53b3781000, 138412032)       = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
[   30.465949][   T24] audit: type=1400 audit(1742664969.160:66): avc:  denied  { execmem } for  pid=296 comm="syz-executor364" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   30.475438][   T24] audit: type=1400 audit(1742664969.170:67): avc:  denied  { read write } for  pid=296 comm="syz-executor364" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   30.479246][   T24] audit: type=1400 audit(1742664969.170:68): avc:  denied  { open } for  pid=296 comm="syz-executor364" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   30.485863][   T24] audit: type=1400 audit(1742664969.170:69): avc:  denied  { ioctl } for  pid=296 comm="syz-executor364" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
close(4)                                = 0
mkdir("./file0", 0777)                  = 0
[   30.581816][   T24] audit: type=1400 audit(1742664969.280:70): avc:  denied  { mounton } for  pid=296 comm="syz-executor364" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   30.645160][  T296] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor364: inode #1: comm syz-executor364: iget: illegal inode #
[   30.659009][  T296] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor364: error while reading EA inode 1 err=-117
[   30.671927][  T296] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2806: Unable to expand inode 15. Delete some EAs or run e2fsck.
mount("/dev/loop0", "./file0", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "usrjquota=,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0"...) = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
chdir("./file0")                        = 0
creat("./bus", 000)                     = 4
mount("/dev/loop0", "./bus", NULL, MS_NODEV|MS_SYNCHRONOUS|MS_BIND|MS_REC|MS_SILENT|MS_POSIXACL|MS_UNBINDABLE|MS_RELATIME|MS_KERNMOUNT, NULL) = 0
open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[   30.685013][  T296] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor364: inode #1: comm syz-executor364: iget: illegal inode #
[   30.698821][  T296] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor364: error while reading EA inode 1 err=-117
[   30.711455][  T296] EXT4-fs (loop0): 1 orphan inode deleted
[   30.716976][  T296] EXT4-fs (loop0): mounted filesystem without journal. Opts: usrjquota=,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,stripe=0x0000000000000000,journal_dev=0x0000000000000dcc,,errors=continue
mmap(0x200000000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x200000000000
request_key(NULL, NULL, 0x200000001fee, 0) = -1 EFAULT (Bad address)
[   30.742193][   T24] audit: type=1400 audit(1742664969.440:71): avc:  denied  { mount } for  pid=296 comm="syz-executor364" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   30.751885][  T296] ==================================================================
[   30.764520][   T24] audit: type=1400 audit(1742664969.440:72): avc:  denied  { write } for  pid=296 comm="syz-executor364" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   30.771965][  T296] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x11b3/0x3a60
[   30.771976][  T296] Read of size 18446744073709551600 at addr ffff888120329008 by task syz-executor364/296
[   30.771979][  T296] 
[   30.771991][  T296] CPU: 0 PID: 296 Comm: syz-executor364 Not tainted 5.10.234-syzkaller-00033-g094fc3778d6b #0
[   30.772007][  T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   30.794699][   T24] audit: type=1400 audit(1742664969.440:73): avc:  denied  { add_name } for  pid=296 comm="syz-executor364" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   30.801804][  T296] Call Trace:
[   30.801823][  T296]  dump_stack_lvl+0x1e2/0x24b
[   30.801834][  T296]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   30.801842][  T296]  ? panic+0x812/0x812
[   30.801862][  T296]  print_address_description+0x81/0x3b0
[   30.811815][   T24] audit: type=1400 audit(1742664969.440:74): avc:  denied  { create } for  pid=296 comm="syz-executor364" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   30.813610][  T296]  kasan_report+0x179/0x1c0
[   30.824082][   T24] audit: type=1400 audit(1742664969.440:75): avc:  denied  { write open } for  pid=296 comm="syz-executor364" path="/root/file0/file0/bus" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   30.833671][  T296]  ? ext4_xattr_set_entry+0x11b3/0x3a60
[   30.833682][  T296]  ? ext4_xattr_set_entry+0x11b3/0x3a60
[   30.833694][  T296]  kasan_check_range+0x293/0x2a0
[   30.833704][  T296]  ? ext4_xattr_set_entry+0x11b3/0x3a60
[   30.833713][  T296]  memmove+0x2d/0x70
[   30.833730][  T296]  ext4_xattr_set_entry+0x11b3/0x3a60
[   30.954831][  T296]  ? ext4_get_group_desc+0x1f1/0x2b0
[   30.960041][  T296]  ? ext4_xattr_ibody_set+0x390/0x390
[   30.965340][  T296]  ? ext4_get_inode_loc+0x1d0/0x1d0
[   30.970394][  T296]  ? ____kasan_kmalloc+0xed/0x110
[   30.975323][  T296]  ? ____kasan_kmalloc+0xdb/0x110
[   30.980182][  T296]  ? __kasan_kmalloc+0x9/0x10
[   30.984795][  T296]  ? __kmalloc+0x1aa/0x330
[   30.989036][  T296]  ? ext4_convert_inline_data_nolock+0x116/0xd80
[   30.995211][  T296]  ? errseq_check+0x41/0x70
[   30.999554][  T296]  ? __ext4_journal_get_write_access+0x21a/0x490
[   31.005703][  T296]  ext4_xattr_ibody_set+0x124/0x390
[   31.010916][  T296]  ext4_destroy_inline_data_nolock+0x1d3/0x5d0
[   31.016909][  T296]  ? ext4_destroy_inline_data+0xe0/0xe0
[   31.022423][  T296]  ? __ext4_check_dir_entry+0x59c/0x880
[   31.027975][  T296]  ? ext4_check_all_de+0x61/0x100
[   31.032840][  T296]  ? ext4_check_all_de+0xc7/0x100
[   31.037722][  T296]  ext4_convert_inline_data_nolock+0x3d8/0xd80
[   31.043675][  T296]  ? ext4_add_dirent_to_inline+0x4a0/0x4a0
[   31.049315][  T296]  ? __kasan_check_read+0x11/0x20
[   31.054178][  T296]  ? get_max_inline_xattr_value_size+0x4f7/0x640
[   31.060336][  T296]  ext4_try_add_inline_entry+0x805/0xb60
[   31.065807][  T296]  ? security_dentry_create_files_as+0xc0/0xc0
[   31.071798][  T296]  ? ext4_da_write_inline_data_end+0x280/0x280
[   31.077798][  T296]  ? ext4_fname_setup_ci_filename+0x70/0x480
[   31.083688][  T296]  ext4_add_entry+0x6c2/0x1280
[   31.088288][  T296]  ? ext4_inc_count+0x190/0x190
[   31.092978][  T296]  ? dquot_initialize+0x20/0x20
[   31.097781][  T296]  ? ext4_lookup+0x549/0xaa0
[   31.102288][  T296]  ext4_add_nondir+0x97/0x270
[   31.106800][  T296]  ext4_create+0x348/0x530
[   31.111053][  T296]  ? ext4_lookup+0xaa0/0xaa0
[   31.115478][  T296]  ? selinux_inode_create+0x22/0x30
[   31.120626][  T296]  ? security_inode_create+0xbc/0x100
[   31.125826][  T296]  ? ext4_lookup+0xaa0/0xaa0
[   31.130259][  T296]  path_openat+0x1377/0x3000
[   31.134687][  T296]  ? do_filp_open+0x460/0x460
[   31.139191][  T296]  do_filp_open+0x21c/0x460
[   31.143545][  T296]  ? vfs_tmpfile+0x2b0/0x2b0
[   31.147957][  T296]  ? get_unused_fd_flags+0x94/0xa0
[   31.152907][  T296]  do_sys_openat2+0x13f/0x710
[   31.157417][  T296]  ? ptrace_stop+0x6dc/0xa30
[   31.161841][  T296]  ? do_sys_open+0x220/0x220
[   31.166270][  T296]  ? _raw_spin_unlock_irq+0x4e/0x70
[   31.171338][  T296]  ? ptrace_notify+0x24c/0x350
[   31.175906][  T296]  __x64_sys_openat+0x243/0x290
[   31.180592][  T296]  ? __ia32_sys_open+0x270/0x270
[   31.185392][  T296]  ? irqentry_exit_to_user_mode+0x41/0x80
[   31.190928][  T296]  ? syscall_enter_from_user_mode+0x57/0x1a0
[   31.196823][  T296]  do_syscall_64+0x34/0x70
[   31.201075][  T296]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   31.206803][  T296] RIP: 0033:0x7f53bbbbebf9
[   31.211058][  T296] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   31.230516][  T296] RSP: 002b:00007ffcf525aef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   31.238744][  T296] RAX: ffffffffffffffda RBX: 0000000000000073 RCX: 00007f53bbbbebf9
[   31.246567][  T296] RDX: 000000000000275a RSI: 00002000000000c0 RDI: 00000000ffffff9c
[   31.254599][  T296] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   31.262465][  T296] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f53bbc23604
[   31.270279][  T296] R13: 00007ffcf525b0d8 R14: 0000000000000001 R15: 0000000000000001
[   31.278096][  T296] 
[   31.280342][  T296] The buggy address belongs to the page:
[   31.285931][  T296] page:ffffea000480ca40 refcount:1 mapcount:1 mapping:0000000000000000 index:0x5594656df pfn:0x120329
[   31.296702][  T296] anon flags: 0x4000000000080014(uptodate|lru|swapbacked)
[   31.303635][  T296] raw: 4000000000080014 ffffea000480c9c8 ffffea000475c3c8 ffff88810ec77509
[   31.312235][  T296] raw: 00000005594656df 0000000000000000 0000000100000000 ffff88810013e000
[   31.320641][  T296] page dumped because: kasan: bad access detected
[   31.326890][  T296] page->mem_cgroup:ffff88810013e000
[   31.331925][  T296] page_owner tracks the page as allocated
[   31.337485][  T296] page last allocated via order 0, migratetype Movable, gfp_mask 0x100cca(GFP_HIGHUSER_MOVABLE), pid 298, ts 30644168472, free_ts 24775416846
[   31.351767][  T296]  prep_new_page+0x166/0x180
[   31.356161][  T296]  get_page_from_freelist+0x2d8c/0x2f30
[   31.361667][  T296]  __alloc_pages_nodemask+0x435/0xaf0
[   31.366956][  T296]  wp_page_copy+0x226/0x1940
[   31.371377][  T296]  do_wp_page+0x71b/0xca0
[   31.375541][  T296]  handle_pte_fault+0xd31/0x3e10
[   31.380338][  T296]  handle_mm_fault+0x11d6/0x1a10
[   31.385088][  T296]  exc_page_fault+0x2a6/0x5b0
[   31.389598][  T296]  asm_exc_page_fault+0x1e/0x30
[   31.394284][  T296] page last free stack trace:
[   31.398826][  T296]  free_unref_page_prepare+0x2ae/0x2d0
[   31.404092][  T296]  free_unref_page_list+0x122/0xb20
[   31.409127][  T296]  release_pages+0xea0/0xef0
[   31.413561][  T296]  free_pages_and_swap_cache+0x8a/0xa0
[   31.418852][  T296]  tlb_finish_mmu+0x177/0x320
[   31.423363][  T296]  unmap_region+0x31c/0x370
[   31.427793][  T296]  __do_munmap+0x699/0x8c0
[   31.432136][  T296]  __se_sys_munmap+0x120/0x1a0
[   31.436967][  T296]  __x64_sys_munmap+0x5b/0x70
[   31.441572][  T296]  do_syscall_64+0x34/0x70
[   31.445809][  T296]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   31.451536][  T296] 
[   31.453719][  T296] Memory state around the buggy address:
[   31.459186][  T296]  ffff888120328f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.467071][  T296]  ffff888120328f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.475074][  T296] >ffff888120329000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.482960][  T296]                       ^
[   31.487126][  T296]  ffff888120329080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
openat(AT_FDCWD, 0x2000000000c0, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
exit_group(0)                           = ?
+++ exited with 0 +++
[   31.495034][  T296]  ffff888120329100: 00 00