./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1465501978 <...> Warning: Permanently added '10.128.0.16' (ED25519) to the list of known hosts. execve("./syz-executor1465501978", ["./syz-executor1465501978"], 0x7fff4024e5f0 /* 10 vars */) = 0 brk(NULL) = 0x555557306000 brk(0x555557306d00) = 0x555557306d00 arch_prctl(ARCH_SET_FS, 0x555557306380) = 0 set_tid_address(0x555557306650) = 356 set_robust_list(0x555557306660, 24) = 0 rseq(0x555557306ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1465501978", 4096) = 28 getrandom("\x22\x9c\x8d\x25\xe6\x80\x6e\x5a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557306d00 brk(0x555557327d00) = 0x555557327d00 brk(0x555557328000) = 0x555557328000 mprotect(0x7f8f67776000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f5f2c6000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7f8f5f2c6000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 [ 24.170776][ T23] audit: type=1400 audit(1705198829.309:66): avc: denied { execmem } for pid=356 comm="syz-executor146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 24.191894][ T23] audit: type=1400 audit(1705198829.329:67): avc: denied { read write } for pid=356 comm="syz-executor146" name="loop0" dev="devtmpfs" ino=9324 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 close(4) = 0 mkdir("./file1", 0777) = 0 [ 24.216588][ T23] audit: type=1400 audit(1705198829.329:68): avc: denied { open } for pid=356 comm="syz-executor146" path="/dev/loop0" dev="devtmpfs" ino=9324 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.241240][ T23] audit: type=1400 audit(1705198829.329:69): avc: denied { ioctl } for pid=356 comm="syz-executor146" path="/dev/loop0" dev="devtmpfs" ino=9324 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.289186][ T23] audit: type=1400 audit(1705198829.419:70): avc: denied { mounton } for pid=356 comm="syz-executor146" path="/root/file1" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 24.331140][ T356] EXT4-fs (loop0): 1 orphan inode deleted [ 24.336675][ T356] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.345798][ T23] audit: type=1400 audit(1705198829.489:71): avc: denied { mount } for pid=356 comm="syz-executor146" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 24.345812][ T356] ext4 filesystem being mounted at /root/file1 supports timestamps until 2038 (0x7fffffff) creat("./bus", 000) = 4 mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 openat(AT_FDCWD, 0x20000080, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [ 24.385220][ T23] audit: type=1400 audit(1705198829.519:72): avc: denied { write } for pid=356 comm="syz-executor146" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 24.388653][ T356] ------------[ cut here ]------------ [ 24.407423][ T23] audit: type=1400 audit(1705198829.519:73): avc: denied { add_name } for pid=356 comm="syz-executor146" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 24.412292][ T356] kernel BUG at fs/ext4/ext4.h:2984! [ 24.412467][ T356] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 24.433503][ T23] audit: type=1400 audit(1705198829.519:74): avc: denied { create } for pid=356 comm="syz-executor146" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 24.437909][ T356] CPU: 1 PID: 356 Comm: syz-executor146 Not tainted 5.4.259-syzkaller-00012-g57a39998c138 #0 [ 24.444031][ T23] audit: type=1400 audit(1705198829.519:75): avc: denied { write open } for pid=356 comm="syz-executor146" path="/root/file1/bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 24.463933][ T356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 24.463956][ T356] RIP: 0010:ext4_mb_find_by_goal+0xc10/0xc50 [ 24.463964][ T356] Code: fc ff ff 89 d1 80 e1 07 80 c1 03 38 c1 0f 8c 0d fc ff ff 48 89 d7 e8 6f 7b c8 ff 48 8b 54 24 30 e9 fb fb ff ff e8 a0 aa 98 ff <0f> 0b e8 c9 64 6f ff e8 94 aa 98 ff 0f 0b e8 8d aa 98 ff 0f 0b e8 [ 24.463975][ T356] RSP: 0018:ffff8881dd2c6720 EFLAGS: 00010293 [ 24.538695][ T356] RAX: ffffffff81cb9a00 RBX: 0000000000000001 RCX: ffff8881dd173f00 [ 24.546507][ T356] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 24.554412][ T356] RBP: ffff8881dd2c6830 R08: ffffffff81cb8f29 R09: ffffed103b88048e [ 24.562214][ T356] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 24.570039][ T356] R13: ffff8881dd24a3f0 R14: 1ffff1103ba58cf4 R15: 1ffff1103ba4947e [ 24.577940][ T356] FS: 0000555557306380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 24.586706][ T356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.593255][ T356] CR2: 00007fff4024cc58 CR3: 00000001dd7ec000 CR4: 00000000003406a0 [ 24.601054][ T356] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.608878][ T356] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.616671][ T356] Call Trace: [ 24.619813][ T356] ? __die+0xb4/0x100 [ 24.623618][ T356] ? die+0x26/0x50 [ 24.627296][ T356] ? do_trap+0x1e7/0x340 [ 24.631377][ T356] ? ext4_mb_find_by_goal+0xc10/0xc50 [ 24.636583][ T356] ? ext4_mb_find_by_goal+0xc10/0xc50 [ 24.641807][ T356] ? do_invalid_op+0xfb/0x110 [ 24.646303][ T356] ? ext4_mb_find_by_goal+0xc10/0xc50 [ 24.651542][ T356] ? invalid_op+0x1e/0x30 [ 24.655810][ T356] ? ext4_mb_find_by_goal+0x139/0xc50 [ 24.660994][ T356] ? ext4_mb_find_by_goal+0xc10/0xc50 [ 24.666196][ T356] ? ext4_mb_find_by_goal+0xc10/0xc50 [ 24.671401][ T356] ? ext4_mb_new_blocks+0x29f/0x2d10 [ 24.676680][ T356] ? ext4_map_blocks+0xa2f/0x1ba0 [ 24.681797][ T356] ? ext4_write_begin+0x5ba/0x1900 [ 24.686734][ T356] ? ext4_mb_use_inode_pa+0x4b0/0x4b0 [ 24.691957][ T356] ? ext4_file_write_iter+0x499/0x10e0 [ 24.697276][ T356] ? do_iter_readv_writev+0x591/0x7a0 [ 24.702456][ T356] ? do_iter_write+0x170/0x560 [ 24.707048][ T356] ? vfs_writev+0x206/0x350 [ 24.711385][ T356] ? do_writev+0x1aa/0x340 [ 24.715652][ T356] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 24.721554][ T356] ext4_mb_regular_allocator+0x229/0x10d0 [ 24.727100][ T356] ? ext4_mb_initialize_context+0x7e3/0xbb0 [ 24.732826][ T356] ? ext4_mb_normalize_request+0x263/0x11d0 [ 24.738553][ T356] ? ext4_mb_normalize_request+0x11d0/0x11d0 [ 24.744511][ T356] ext4_mb_new_blocks+0x59a/0x2d10 [ 24.749472][ T356] ? memset+0x1f/0x40 [ 24.753470][ T356] ? ext4_ext_check_overlap+0x180/0x5b0 [ 24.758952][ T356] ? ext4_inode_to_goal_block+0x265/0x360 [ 24.764498][ T356] ext4_ext_map_blocks+0x1e70/0x7450 [ 24.769622][ T356] ? __unwind_start+0x708/0x890 [ 24.774302][ T356] ? prep_new_page+0x18f/0x370 [ 24.778899][ T356] ? deref_stack_reg+0x1f0/0x1f0 [ 24.783787][ T356] ? do_iter_write+0x170/0x560 [ 24.788386][ T356] ? ext4_ext_release+0x10/0x10 [ 24.793072][ T356] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 24.798985][ T356] ? check_preemption_disabled+0x9f/0x320 [ 24.804541][ T356] ? stack_trace_save+0x1c0/0x1c0 [ 24.809393][ T356] ? debug_smp_processor_id+0x20/0x20 [ 24.814686][ T356] ? arch_stack_walk+0x111/0x140 [ 24.819495][ T356] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 24.825361][ T356] ? _raw_read_unlock+0x21/0x40 [ 24.830224][ T356] ? ext4_es_lookup_extent+0x559/0x9d0 [ 24.835529][ T356] ext4_map_blocks+0xa2f/0x1ba0 [ 24.840221][ T356] ? ext4_issue_zeroout+0x150/0x150 [ 24.845252][ T356] ? ext4_write_begin+0x419/0x1900 [ 24.850184][ T356] ? do_iter_write+0x170/0x560 [ 24.854790][ T356] ? vfs_writev+0x206/0x350 [ 24.859145][ T356] ? do_writev+0x1aa/0x340 [ 24.863384][ T356] ? do_syscall_64+0xca/0x1c0 [ 24.868017][ T356] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 24.874977][ T356] _ext4_get_block+0x21b/0x610 [ 24.879650][ T356] ? ext4_get_block+0x40/0x40 [ 24.884270][ T356] ? check_preemption_disabled+0x9f/0x320 [ 24.889944][ T356] ? debug_smp_processor_id+0x20/0x20 [ 24.895229][ T356] ext4_block_write_begin+0x68a/0x1390 [ 24.900630][ T356] ? _raw_spin_trylock_bh+0x190/0x190 [ 24.905812][ T356] ? ext4_es_is_delayed+0x40/0x40 [ 24.910685][ T356] ? trace_android_fs_datawrite_start+0x200/0x200 [ 24.917006][ T356] ? ext4_should_dioread_nolock+0x94/0x500 [ 24.922653][ T356] ext4_write_begin+0x5ba/0x1900 [ 24.927424][ T356] ? __generic_file_write_iter+0x159/0x530 [ 24.933061][ T356] ? ext4_readpages+0x110/0x110 [ 24.937754][ T356] ? kmem_cache_free+0x10b/0x2c0 [ 24.942522][ T356] ext4_da_write_begin+0x4a3/0xfe0 [ 24.947560][ T356] ? down_write_trylock+0x130/0x130 [ 24.952590][ T356] ? ext4_set_page_dirty+0x190/0x190 [ 24.957721][ T356] ? fault_in_pages_readable+0x181/0x270 [ 24.963184][ T356] ? iov_iter_fault_in_readable+0x4c0/0x4c0 [ 24.968911][ T356] ? __vfs_getxattr+0x600/0x6d0 [ 24.973602][ T356] ? iov_iter_fault_in_readable+0x49d/0x4c0 [ 24.979353][ T356] ? vfs_getxattr_alloc+0x5a0/0x5a0 [ 24.984364][ T356] ? check_preemption_disabled+0x9f/0x320 [ 24.989937][ T356] ? asan.module_dtor+0x20/0x20 [ 24.994742][ T356] ? debug_smp_processor_id+0x20/0x20 [ 24.999925][ T356] ? ktime_get_coarse_real_ts64+0xcc/0xe0 [ 25.005503][ T356] generic_perform_write+0x2c7/0x560 [ 25.010603][ T356] ? grab_cache_page_write_begin+0x90/0x90 [ 25.016346][ T356] ? file_remove_privs+0x640/0x640 [ 25.021295][ T356] ? down_write_trylock+0xd7/0x130 [ 25.026230][ T356] __generic_file_write_iter+0x224/0x530 [ 25.031703][ T356] ext4_file_write_iter+0x499/0x10e0 [ 25.036820][ T356] ? check_preemption_disabled+0x9f/0x320 [ 25.042377][ T356] ? ext4_file_read_iter+0x140/0x140 [ 25.047499][ T356] ? check_preemption_disabled+0x9f/0x320 [ 25.053083][ T356] ? check_preemption_disabled+0x9f/0x320 [ 25.058705][ T356] ? debug_smp_processor_id+0x20/0x20 [ 25.064158][ T356] ? debug_smp_processor_id+0x20/0x20 [ 25.069338][ T356] do_iter_readv_writev+0x591/0x7a0 [ 25.074635][ T356] ? vfs_dedupe_file_range+0x890/0x890 [ 25.080003][ T356] ? security_file_permission+0x117/0x2f0 [ 25.085586][ T356] do_iter_write+0x170/0x560 [ 25.089978][ T356] vfs_writev+0x206/0x350 [ 25.094138][ T356] ? do_writev+0x340/0x340 [ 25.098392][ T356] ? syscall_trace_enter+0x650/0x940 [ 25.103511][ T356] ? __fdget_pos+0x255/0x2e0 [ 25.107936][ T356] do_writev+0x1aa/0x340 [ 25.112013][ T356] ? do_syscall_64+0x1c0/0x1c0 [ 25.116614][ T356] ? do_readv+0x460/0x460 [ 25.120784][ T356] do_syscall_64+0xca/0x1c0 [ 25.125131][ T356] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 25.130843][ T356] Modules linked in: [ 25.134741][ T356] ---[ end trace 5db25116ed0e90da ]--- [ 25.140035][ T356] RIP: 0010:ext4_mb_find_by_goal+0xc10/0xc50 [ 25.145826][ T356] Code: fc ff ff 89 d1 80 e1 07 80 c1 03 38 c1 0f 8c 0d fc ff ff 48 89 d7 e8 6f 7b c8 ff 48 8b 54 24 30 e9 fb fb ff ff e8 a0 aa 98 ff <0f> 0b e8 c9 64 6f ff e8 94 aa 98 ff 0f 0b e8 8d aa 98 ff 0f 0b e8 [ 25.165505][ T356] RSP: 0018:ffff8881dd2c6720 EFLAGS: 00010293 [ 25.172173][ T356] RAX: ffffffff81cb9a00 RBX: 0000000000000001 RCX: ffff8881dd173f00 [ 25.179969][ T356] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 25.187740][ T356] RBP: ffff8881dd2c6830 R08: ffffffff81cb8f29 R09: ffffed103b88048e [ 25.196056][ T356] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 25.203863][ T356] R13: ffff8881dd24a3f0 R14: 1ffff1103ba58cf4 R15: 1ffff1103ba4947e [ 25.211763][ T356] FS: 0000555557306380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 25.220533][ T356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.227007][ T356] CR2: 00007fff4024cc58 CR3: 00000001dd7ec000 CR4: 00000000003406a0 [ 25.235330][ T356] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.243530][ T356] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.251468][ T356] Kernel panic - not syncing: Fatal exception [ 25.257740][ T356] Kernel Offset: disabled [ 25.261912][ T356] Rebooting in 86400 seconds..