./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor985380442 <...> [ 8.218778][ T23] audit: type=1400 audit(1745548162.100:27): avc: denied { create } for pid=185 comm="dbus-daemon" name="messagebus.pid" scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 8.227768][ T23] audit: type=1400 audit(1745548162.100:28): avc: denied { write open } for pid=185 comm="dbus-daemon" path="/run/messagebus.pid" dev="tmpfs" ino=11289 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 8.237017][ T23] audit: type=1400 audit(1745548162.100:29): avc: denied { getattr } for pid=185 comm="dbus-daemon" path="/run/messagebus.pid" dev="tmpfs" ino=11289 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 8.424231][ T23] audit: type=1400 audit(1745548162.330:30): avc: denied { search } for pid=199 comm="dhcpcd" name="/" dev="tmpfs" ino=10909 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 15.567199][ T23] kauditd_printk_skb: 30 callbacks suppressed [ 15.567210][ T23] audit: type=1400 audit(1745548169.470:61): avc: denied { transition } for pid=287 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.579809][ T23] audit: type=1400 audit(1745548169.470:62): avc: denied { noatsecure } for pid=287 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.596207][ T23] audit: type=1400 audit(1745548169.470:63): avc: denied { write } for pid=287 comm="sh" path="pipe:[10096]" dev="pipefs" ino=10096 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 15.621485][ T23] audit: type=1400 audit(1745548169.480:64): avc: denied { rlimitinh } for pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.641973][ T23] audit: type=1400 audit(1745548169.480:65): avc: denied { siginh } for pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.59' (ED25519) to the list of known hosts. execve("./syz-executor985380442", ["./syz-executor985380442"], 0x7fff2acf7720 /* 10 vars */) = 0 brk(NULL) = 0x555576c1c000 brk(0x555576c1cd00) = 0x555576c1cd00 arch_prctl(ARCH_SET_FS, 0x555576c1c380) = 0 set_tid_address(0x555576c1c650) = 357 set_robust_list(0x555576c1c660, 24) = 0 rseq(0x555576c1cca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor985380442", 4096) = 27 getrandom("\xd8\xc0\x97\x5b\x5e\xfe\x26\x97", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555576c1cd00 brk(0x555576c3dd00) = 0x555576c3dd00 brk(0x555576c3e000) = 0x555576c3e000 mprotect(0x7f8db2462000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.7qfAar", 0700) = 0 chmod("./syzkaller.7qfAar", 0777) = 0 chdir("./syzkaller.7qfAar") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555576c1c650) = 359 ./strace-static-x86_64: Process 359 attached [pid 359] set_robust_list(0x555576c1c660, 24) = 0 [pid 359] chdir("./0") = 0 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] setpgid(0, 0) = 0 [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 359] write(3, "1000", 4) = 4 [pid 359] close(3) = 0 [pid 359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 359] write(1, "executing program\n", 18executing program ) = 18 [pid 359] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 359] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 359] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 359] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 359] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 359] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 359] memfd_create("syzkaller", 0) = 5 [pid 359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8da9faf000 [pid 359] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 359] munmap(0x7f8da9faf000, 138412032) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.279350][ T23] audit: type=1400 audit(1745548179.180:66): avc: denied { execmem } for pid=357 comm="syz-executor985" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 359] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 359] close(5) = 0 [ 25.305133][ T23] audit: type=1400 audit(1745548179.190:67): avc: denied { read write } for pid=357 comm="syz-executor985" name="loop0" dev="devtmpfs" ino=9429 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.336006][ T23] audit: type=1400 audit(1745548179.190:68): avc: denied { open } for pid=357 comm="syz-executor985" path="/dev/loop0" dev="devtmpfs" ino=9429 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 359] close(6) = 0 [pid 359] mkdir("./file0", 0777) = 0 [ 25.365314][ T23] audit: type=1400 audit(1745548179.190:69): avc: denied { ioctl } for pid=357 comm="syz-executor985" path="/dev/loop0" dev="devtmpfs" ino=9429 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.407082][ T23] audit: type=1400 audit(1745548179.210:70): avc: denied { read write } for pid=359 comm="syz-executor985" name="vhost-vsock" dev="devtmpfs" ino=9565 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.434318][ T23] audit: type=1400 audit(1745548179.210:71): avc: denied { open } for pid=359 comm="syz-executor985" path="/dev/vhost-vsock" dev="devtmpfs" ino=9565 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.461473][ T23] audit: type=1400 audit(1745548179.210:72): avc: denied { ioctl } for pid=359 comm="syz-executor985" path="/dev/vhost-vsock" dev="devtmpfs" ino=9565 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.492654][ T23] audit: type=1400 audit(1745548179.290:73): avc: denied { mounton } for pid=359 comm="syz-executor985" path="/root/syzkaller.7qfAar/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 359] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 359] chdir("./file0") = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 359] ioctl(6, LOOP_CLR_FD) = 0 [pid 359] close(6) = 0 [pid 359] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [ 25.493517][ T359] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.539616][ T23] audit: type=1400 audit(1745548179.440:74): avc: denied { mount } for pid=359 comm="syz-executor985" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 359] write(6, "#! ./file1\n", 11) = 11 [pid 359] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 359] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor) [pid 359] exit_group(0) = ? [pid 359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555576c1d6f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 25.570826][ T23] audit: type=1400 audit(1745548179.450:75): avc: denied { write } for pid=359 comm="syz-executor985" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.598766][ T360] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-359: bg 0: block 234: padding at end of block bitmap is not set [ 25.615837][ T360] vhost-359 (360) used greatest stack depth: 22824 bytes left [ 25.629828][ T103] ------------[ cut here ]------------ [ 25.635679][ T103] kernel BUG at fs/ext4/inode.c:2844! [ 25.641685][ T103] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 25.647475][ T103] CPU: 1 PID: 103 Comm: kworker/u4:2 Not tainted 5.4.290-syzkaller-00001-g986c38813dff #0 [ 25.657887][ T103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 25.668747][ T103] Workqueue: writeback wb_workfn (flush-7:0) [ 25.676477][ T103] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 25.683749][ T103] Code: 82 9a ff 31 ff 89 de e8 48 82 9a ff 45 84 f6 75 2e e8 fe 7f 9a ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 ea 7f 9a ff <0f> 0b e8 e3 7f 9a ff 0f 0b e8 dc 7f 9a ff e8 c7 39 35 ff eb 99 e8 [ 25.706014][ T103] RSP: 0018:ffff8881ee9af0c0 EFLAGS: 00010293 [ 25.712988][ T103] RAX: ffffffff81cb1ae6 RBX: 0000010000000000 RCX: ffff8881f0e29f80 [ 25.720988][ T103] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 25.729272][ T103] RBP: ffff8881ee9af4b0 R08: ffffffff81cae736 R09: ffffed103b9e3a9f [ 25.737875][ T103] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881dcf1d5a0 [ 25.746184][ T103] R13: 0000000000000001 R14: 0000010410000000 R15: dffffc0000000000 [ 25.754538][ T103] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 25.763943][ T103] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.770881][ T103] CR2: 0000555576c256f8 CR3: 00000001dffb5000 CR4: 00000000003406a0 [ 25.779957][ T103] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.788480][ T103] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.797418][ T103] Call Trace: [ 25.800772][ T103] ? __die+0xbc/0x100 [ 25.804862][ T103] ? die+0x2a/0x50 [ 25.808399][ T103] ? do_trap+0x1a4/0x310 [ 25.812593][ T103] ? do_invalid_op+0x105/0x120 [ 25.817843][ T103] ? ext4_writepages+0x3c96/0x3cc0 [ 25.823979][ T103] ? ext4_writepages+0x3c96/0x3cc0 [ 25.829865][ T103] ? invalid_op+0x1e/0x30 [ 25.834403][ T103] ? ext4_writepages+0x8e6/0x3cc0 [ 25.839594][ T103] ? ext4_writepages+0x3c96/0x3cc0 [ 25.844847][ T103] ? ext4_writepages+0x3c96/0x3cc0 [ 25.849881][ T103] ? blk_mq_dispatch_rq_list+0x1218/0x16f0 [ 25.856189][ T103] ? blk_mq_get_driver_tag+0x690/0x690 [ 25.862017][ T103] ? kvm_sched_clock_read+0x18/0x40 [ 25.867042][ T103] ? ext4_readpage+0x2d0/0x2d0 [ 25.871644][ T103] ? __kasan_check_write+0x14/0x20 [ 25.876676][ T103] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 25.882120][ T103] ? _raw_spin_lock+0x1b0/0x1b0 [ 25.887387][ T103] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 25.893672][ T103] ? check_preemption_disabled+0x9f/0x320 [ 25.900570][ T103] ? update_blocked_averages+0xd19/0xdb0 [ 25.907230][ T103] ? check_preemption_disabled+0x9f/0x320 [ 25.913190][ T103] ? update_load_avg+0x43f/0x1250 [ 25.919289][ T103] ? check_preemption_disabled+0x9f/0x320 [ 25.925768][ T103] ? ext4_readpage+0x2d0/0x2d0 [ 25.930775][ T103] do_writepages+0x12b/0x270 [ 25.935988][ T103] ? __writepage+0x110/0x110 [ 25.941419][ T103] ? __kasan_check_write+0x14/0x20 [ 25.947820][ T103] ? _raw_spin_lock+0xa4/0x1b0 [ 25.952919][ T103] ? _raw_spin_trylock_bh+0x190/0x190 [ 25.958594][ T103] __writeback_single_inode+0xdb/0xc80 [ 25.963885][ T103] writeback_sb_inodes+0x9e0/0x1800 [ 25.969353][ T103] ? _raw_spin_lock+0xa4/0x1b0 [ 25.974418][ T103] ? queue_io+0x5b0/0x5b0 [ 25.979493][ T103] ? writeback_sb_inodes+0x1800/0x1800 [ 25.986089][ T103] ? queue_io+0x3f8/0x5b0 [ 25.991252][ T103] wb_writeback+0x403/0xd70 [ 25.997072][ T103] ? wb_io_lists_depopulated+0x170/0x170 [ 26.003798][ T103] ? check_preemption_disabled+0x9f/0x320 [ 26.009706][ T103] ? debug_smp_processor_id+0x20/0x20 [ 26.016790][ T103] ? __kasan_check_write+0x14/0x20 [ 26.022601][ T103] ? check_preemption_disabled+0x9f/0x320 [ 26.029165][ T103] wb_workfn+0x3b6/0x1230 [ 26.034213][ T103] ? inode_wait_for_writeback+0x280/0x280 [ 26.041225][ T103] ? _raw_spin_unlock_irq+0x4e/0x70 [ 26.046903][ T103] ? finish_task_switch+0x130/0x590 [ 26.052704][ T103] ? __schedule+0xb0d/0x1320 [ 26.057392][ T103] ? __kasan_check_read+0x11/0x20 [ 26.062523][ T103] ? strscpy+0x9c/0x260 [ 26.066679][ T103] process_one_work+0x781/0xd50 [ 26.072367][ T103] worker_thread+0xa27/0x1360 [ 26.078281][ T103] ? _raw_spin_lock+0x1b0/0x1b0 [ 26.083323][ T103] kthread+0x321/0x3a0 [ 26.087890][ T103] ? worker_clr_flags+0x180/0x180 [ 26.093164][ T103] ? kthread_blkcg+0xd0/0xd0 [ 26.097715][ T103] ret_from_fork+0x1f/0x30 [ 26.102037][ T103] Modules linked in: [ 26.106224][ T103] ---[ end trace affd87baa4198891 ]--- [ 26.111721][ T103] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 26.117433][ T103] Code: 82 9a ff 31 ff 89 de e8 48 82 9a ff 45 84 f6 75 2e e8 fe 7f 9a ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 ea 7f 9a ff <0f> 0b e8 e3 7f 9a ff 0f 0b e8 dc 7f 9a ff e8 c7 39 35 ff eb 99 e8 [ 26.141058][ T103] RSP: 0018:ffff8881ee9af0c0 EFLAGS: 00010293 [ 26.148399][ T103] RAX: ffffffff81cb1ae6 RBX: 0000010000000000 RCX: ffff8881f0e29f80 [ 26.156584][ T103] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 26.164692][ T103] RBP: ffff8881ee9af4b0 R08: ffffffff81cae736 R09: ffffed103b9e3a9f [ 26.173362][ T103] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881dcf1d5a0 [ 26.181993][ T103] R13: 0000000000000001 R14: 0000010410000000 R15: dffffc0000000000 [ 26.190161][ T103] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 26.199197][ T103] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.205803][ T103] CR2: 0000555576c256f8 CR3: 00000001e1ebd000 CR4: 00000000003406a0 [ 26.214711][ T103] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.223738][ T103] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.231470][ T103] Kernel panic - not syncing: Fatal exception [ 26.238462][ T103] Kernel Offset: disabled [ 26.243204][ T103] Rebooting in 86400 seconds..