./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1163082355 <...> Warning: Permanently added '10.128.0.208' (ED25519) to the list of known hosts. execve("./syz-executor1163082355", ["./syz-executor1163082355"], 0x7ffd20eb6e50 /* 10 vars */) = 0 brk(NULL) = 0x55558deb0000 brk(0x55558deb0d00) = 0x55558deb0d00 arch_prctl(ARCH_SET_FS, 0x55558deb0380) = 0 set_tid_address(0x55558deb0650) = 293 set_robust_list(0x55558deb0660, 24) = 0 rseq(0x55558deb0ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1163082355", 4096) = 28 getrandom("\x91\x6b\xb2\x33\xeb\xb1\x79\xa0", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558deb0d00 brk(0x55558ded1d00) = 0x55558ded1d00 brk(0x55558ded2000) = 0x55558ded2000 mprotect(0x7f50cdb4e000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50c569c000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 munmap(0x7f50c569c000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 [ 21.929281][ T30] audit: type=1400 audit(1742147044.958:66): avc: denied { execmem } for pid=293 comm="syz-executor116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.950703][ T30] audit: type=1400 audit(1742147044.978:67): avc: denied { read write } for pid=293 comm="syz-executor116" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.951771][ T293] loop0: detected capacity change from 0 to 2048 [ 21.974866][ T30] audit: type=1400 audit(1742147044.978:68): avc: denied { open } for pid=293 comm="syz-executor116" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 close(4) = 0 mkdir("./file0", 0777) = 0 [ 22.005233][ T30] audit: type=1400 audit(1742147044.978:69): avc: denied { ioctl } for pid=293 comm="syz-executor116" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION, "quota,bsdgroups,nobh,mb_optimize_scan=0x0000000000000001,abort,,errors=continue") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 chdir("./file0") = 0 memfd_create("syzkaller", 0) = 4 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50c569c000 write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7f50c569c000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) ioctl(5, LOOP_CLR_FD) = 0 ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) close(5) = 0 close(4) = 0 memfd_create("syzkaller", 0) = 4 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50c569c000 write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 22.090616][ T30] audit: type=1400 audit(1742147045.118:70): avc: denied { mounton } for pid=293 comm="syz-executor116" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.095253][ T293] EXT4-fs (loop0): Ignoring removed nobh option munmap(0x7f50c569c000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) ioctl(5, LOOP_CLR_FD) = 0 ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) close(5) = 0 close(4) = 0 ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=536879104, userspace_addr=0x400000000000}) = -1 EBADF (Bad file descriptor) [ 22.129622][ T293] EXT4-fs (loop0): mounted filesystem without journal. Opts: quota,bsdgroups,nobh,mb_optimize_scan=0x0000000000000001,abort,,errors=continue. Quota mode: writeback. [ 22.146136][ T30] audit: type=1400 audit(1742147045.168:71): avc: denied { mount } for pid=293 comm="syz-executor116" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 22.146127][ T293] ext4 filesystem being mounted at /root/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 22.186740][ T30] audit: type=1400 audit(1742147045.208:72): avc: denied { write } for pid=293 comm="syz-executor116" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.194196][ T293] ------------[ cut here ]------------ [ 22.209180][ T30] audit: type=1400 audit(1742147045.208:73): avc: denied { add_name } for pid=293 comm="syz-executor116" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.214344][ T293] kernel BUG at fs/ext4/mballoc.c:1982! open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 mount("/dev/loop0", "./bus", NULL, MS_BIND|MS_RELATIME, NULL) = 0 creat("./bus", 000) = 5 io_setup(514, [0x7f50cda93000]) = 0 io_submit(0x7f50cda93000, 8, [{aio_data=0x25, aio_key=3875733507, aio_lio_opcode=IOCB_CMD_PWRITE, aio_fildes=5, aio_buf="\x2e\x2f\x62\x75\x73\x00\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6e\x6f\x64\x65\x6c\x61\x6c\x6c\x6f\x63\x2c\x67\x72\x70\x69\x64\x2c\x61\x75\x74\x6f\x5f\x64\x61\x5f\x61\x6c\x6c\x6f\x63\x2c\x00\x00\x00\x00\x00"..., aio_nbytes=90112, aio_offset=0, aio_resfd=0xffffffff}, 0xac7979badddbc933, 0x4692f67f6fbc5a68, 0xdc3c4907e911a6f4, 0x9d1ade978bd9dfa4, 0x9dcff7af50b89a9a, 0xce67a5e2f67fbb7f, 0x1e989c989c9d1f9d]) = 1 openat(AT_FDCWD, ".", O_RDONLY) = 6 [ 22.234916][ T30] audit: type=1400 audit(1742147045.208:74): avc: denied { create } for pid=293 comm="syz-executor116" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.240266][ T293] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 22.260387][ T30] audit: type=1400 audit(1742147045.208:75): avc: denied { read write open } for pid=293 comm="syz-executor116" path="/root/file0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.266161][ T293] CPU: 0 PID: 293 Comm: syz-executor116 Not tainted 5.15.178-syzkaller-00013-g7d1f9b5c2ff5 #0 [ 22.300273][ T293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 22.310172][ T293] RIP: 0010:mb_mark_used+0x1402/0x1420 [ 22.315466][ T293] Code: 0f 0b e8 d1 c6 83 ff 0f 0b e8 ca c6 83 ff 0f 0b e8 c3 c6 83 ff 0f 0b e8 bc c6 83 ff 0f 0b e8 b5 c6 83 ff 0f 0b e8 ae c6 83 ff <0f> 0b e8 a7 c6 83 ff 0f 0b e8 a0 c6 83 ff 0f 0b 66 2e 0f 1f 84 00 [ 22.334906][ T293] RSP: 0018:ffffc90000967590 EFLAGS: 00010293 [ 22.340912][ T293] RAX: ffffffff81eca602 RBX: 0000000000008000 RCX: ffff88810d060000 [ 22.348722][ T293] RDX: 0000000000000000 RSI: ffffffff80000000 RDI: 0000000000008000 [ 22.356533][ T293] RBP: ffffc90000967650 R08: ffffffff81ec92e3 R09: ffffed1020370e01 [ 22.364342][ T293] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888101b80000 [ 22.372152][ T293] R13: ffffffff80000000 R14: 0000000080000000 R15: ffffc90000967760 [ 22.379967][ T293] FS: 000055558deb0380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 22.388734][ T293] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.395154][ T293] CR2: 0000400000015000 CR3: 000000011de03000 CR4: 00000000003506b0 [ 22.403143][ T293] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.410951][ T293] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.418764][ T293] Call Trace: [ 22.421889][ T293] [ 22.424666][ T293] ? __die_body+0x62/0xb0 [ 22.428832][ T293] ? die+0x88/0xb0 [ 22.432389][ T293] ? do_trap+0x103/0x330 [ 22.436469][ T293] ? mb_mark_used+0x1402/0x1420 [ 22.441267][ T293] ? handle_invalid_op+0x95/0xc0 [ 22.446040][ T293] ? mb_mark_used+0x1402/0x1420 [ 22.450725][ T293] ? exc_invalid_op+0x32/0x50 [ 22.455238][ T293] ? asm_exc_invalid_op+0x1b/0x20 [ 22.460099][ T293] ? mb_mark_used+0xe3/0x1420 [ 22.464724][ T293] ? mb_mark_used+0x1402/0x1420 [ 22.469410][ T293] ? mb_mark_used+0x1402/0x1420 [ 22.474099][ T293] ? _find_next_bit+0x103/0x200 [ 22.478787][ T293] ext4_try_to_trim_range+0x6b9/0x11d0 [ 22.484080][ T293] ? mb_update_avg_fragment_size+0x430/0x430 [ 22.489896][ T293] ext4_trim_fs+0xd9b/0x16a0 [ 22.494336][ T293] ? mb_free_blocks+0x1190/0x1190 [ 22.499180][ T293] ? memcpy+0x56/0x70 [ 22.503000][ T293] ? __kasan_check_write+0x14/0x20 [ 22.507952][ T293] ? _copy_from_user+0x96/0xd0 [ 22.512554][ T293] ext4_ioctl+0x21ad/0x5830 [ 22.516893][ T293] ? do_vfs_ioctl+0xbc1/0x2a80 [ 22.521485][ T293] ? ext4_fileattr_set+0x16c0/0x16c0 [ 22.526606][ T293] ? __x64_compat_sys_ioctl+0x90/0x90 [ 22.531816][ T293] ? kvm_sched_clock_read+0x18/0x40 [ 22.536847][ T293] ? sched_clock+0x9/0x10 [ 22.541014][ T293] ? ioctl_has_perm+0x1f8/0x560 [ 22.545699][ T293] ? ioctl_has_perm+0x3f5/0x560 [ 22.550388][ T293] ? has_cap_mac_admin+0x3c0/0x3c0 [ 22.555336][ T293] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 22.560281][ T293] ? _raw_spin_lock_irqsave+0x210/0x210 [ 22.565662][ T293] ? selinux_file_ioctl+0x3cc/0x540 [ 22.570705][ T293] ? selinux_file_alloc_security+0x120/0x120 [ 22.576511][ T293] ? _raw_spin_unlock_irq+0x4e/0x70 [ 22.581546][ T293] ? ptrace_notify+0x24c/0x350 [ 22.586148][ T293] ? security_file_ioctl+0x84/0xb0 [ 22.591092][ T293] ? ext4_fileattr_set+0x16c0/0x16c0 [ 22.596214][ T293] __se_sys_ioctl+0x114/0x190 [ 22.600729][ T293] __x64_sys_ioctl+0x7b/0x90 [ 22.605155][ T293] x64_sys_call+0x98/0x9a0 [ 22.609407][ T293] do_syscall_64+0x3b/0xb0 [ 22.613658][ T293] ? clear_bhb_loop+0x35/0x90 [ 22.618171][ T293] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 22.623903][ T293] RIP: 0033:0x7f50cdad9ef9 [ 22.628159][ T293] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 22.647595][ T293] RSP: 002b:00007ffda8ff9e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 22.655839][ T293] RAX: ffffffffffffffda RBX: 00004000000001c0 RCX: 00007f50cdad9ef9 [ 22.663656][ T293] RDX: 0000400000000b40 RSI: 00000000c0185879 RDI: 0000000000000006 [ 22.671462][ T293] RBP: 0000000000000073 R08: 00007f50cdb53260 R09: 00007f50cdb53260 [ 22.679271][ T293] R10: 00007f50cdb53260 R11: 0000000000000246 R12: 0000000000000073 [ 22.687081][ T293] R13: 00004000000004c0 R14: 0000000000000001 R15: 0000000000000001 [ 22.694908][ T293] [ 22.697759][ T293] Modules linked in: [ 22.701617][ T293] ---[ end trace c99fc14bc7c0ec3b ]--- [ 22.707220][ T293] RIP: 0010:mb_mark_used+0x1402/0x1420 [ 22.712534][ T293] Code: 0f 0b e8 d1 c6 83 ff 0f 0b e8 ca c6 83 ff 0f 0b e8 c3 c6 83 ff 0f 0b e8 bc c6 83 ff 0f 0b e8 b5 c6 83 ff 0f 0b e8 ae c6 83 ff <0f> 0b e8 a7 c6 83 ff 0f 0b e8 a0 c6 83 ff 0f 0b 66 2e 0f 1f 84 00 [ 22.732001][ T293] RSP: 0018:ffffc90000967590 EFLAGS: 00010293 [ 22.737943][ T293] RAX: ffffffff81eca602 RBX: 0000000000008000 RCX: ffff88810d060000 [ 22.745663][ T293] RDX: 0000000000000000 RSI: ffffffff80000000 RDI: 0000000000008000 [ 22.753536][ T293] RBP: ffffc90000967650 R08: ffffffff81ec92e3 R09: ffffed1020370e01 [ 22.761332][ T293] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888101b80000 [ 22.769127][ T293] R13: ffffffff80000000 R14: 0000000080000000 R15: ffffc90000967760 [ 22.776911][ T293] FS: 000055558deb0380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 22.785972][ T293] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.792383][ T293] CR2: 0000400000015000 CR3: 000000011de03000 CR4: 00000000003506b0 [ 22.800191][ T293] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.808015][ T293] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.815797][ T293] Kernel panic - not syncing: Fatal exception [ 22.821784][ T293] Kernel Offset: disabled [ 22.825858][ T293] Rebooting in 86400 seconds..