./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1685185930 <...> Warning: Permanently added '10.128.1.14' (ED25519) to the list of known hosts. execve("./syz-executor1685185930", ["./syz-executor1685185930"], 0x7ffcba10cac0 /* 10 vars */) = 0 brk(NULL) = 0x5555631ae000 brk(0x5555631aed00) = 0x5555631aed00 arch_prctl(ARCH_SET_FS, 0x5555631ae380) = 0 set_tid_address(0x5555631ae650) = 282 set_robust_list(0x5555631ae660, 24) = 0 rseq(0x5555631aeca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1685185930", 4096) = 28 getrandom("\x4c\x68\xc9\x60\x53\x49\xcd\xcb", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555631aed00 brk(0x5555631cfd00) = 0x5555631cfd00 brk(0x5555631d0000) = 0x5555631d0000 mprotect(0x7f0f0f883000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f073d3000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f0f073d3000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 [ 27.361708][ T24] audit: type=1400 audit(1750101659.560:64): avc: denied { execmem } for pid=282 comm="syz-executor168" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 27.381832][ T24] audit: type=1400 audit(1750101659.580:65): avc: denied { read write } for pid=282 comm="syz-executor168" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 27.406065][ T24] audit: type=1400 audit(1750101659.580:66): avc: denied { open } for pid=282 comm="syz-executor168" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 27.430129][ T24] audit: type=1400 audit(1750101659.580:67): avc: denied { ioctl } for pid=282 comm="syz-executor168" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 close(4) = 0 mkdir("./file1", 0777) = 0 [ 27.523298][ T282] ====================================================== [ 27.523298][ T282] WARNING: the mand mount option is being deprecated and [ 27.523298][ T282] will be removed in v5.15! [ 27.523298][ T282] ====================================================== [ 27.523307][ T24] audit: type=1400 audit(1750101659.730:68): avc: denied { mounton } for pid=282 comm="syz-executor168" path="/root/file1" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 27.645411][ T282] EXT4-fs (loop0): Ignoring removed nobh option [ 27.651826][ T282] EXT4-fs (loop0): Ignoring removed bh option [ 27.657958][ T282] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 27.673544][ T282] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 27.697878][ T24] audit: type=1400 audit(1750101659.900:69): avc: denied { mount } for pid=282 comm="syz-executor168" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 27.720962][ T24] audit: type=1400 audit(1750101659.920:70): avc: denied { read write } for pid=282 comm="syz-executor168" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 openat(AT_FDCWD, "./file1", O_RDWR) = 4 pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 061) = 5 pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 truncate("./file1", 5) = 0 openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 061) = 6 [ 27.729874][ T282] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor168: Allocating blocks 497-513 which overlap fs metadata [ 27.744174][ T24] audit: type=1400 audit(1750101659.920:71): avc: denied { open } for pid=282 comm="syz-executor168" path="/root/file1/file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 27.767876][ T282] ------------[ cut here ]------------ [ 27.786832][ T282] kernel BUG at fs/ext4/extents.c:1014! [ 27.792663][ T282] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 27.798726][ T282] CPU: 0 PID: 282 Comm: syz-executor168 Not tainted 5.10.238-syzkaller-00282-gd76d4cd0623a #0 [ 27.808937][ T282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 27.818999][ T282] RIP: 0010:ext4_ext_insert_index+0x52d/0x530 [ 27.825058][ T282] Code: 4c 89 fa e9 ca fd ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c dd fd ff ff 4c 89 f7 e8 ad a2 d3 ff e9 d0 fd ff ff e8 83 b2 99 ff <0f> 0b 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec c0 00 00 [ 27.844772][ T282] RSP: 0018:ffffc90000b46b20 EFLAGS: 00010293 [ 27.850824][ T282] RAX: ffffffff81c9e18d RBX: ffff888113c64424 RCX: ffff8881055b62c0 [ 27.858780][ T282] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 27.866738][ T282] RBP: ffffc90000b46b90 R08: dffffc0000000000 R09: ffffed10241853ba [ 27.874694][ T282] R10: ffffed10241853ba R11: 1ffff110241853b9 R12: 0000000000000000 [ 27.882648][ T282] R13: 00000000000000cb R14: 00000000fffffffe R15: 0000000000000054 [ 27.890779][ T282] FS: 00005555631ae380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 27.899686][ T282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.906253][ T282] CR2: 00005615520a1eb8 CR3: 00000001065ae000 CR4: 00000000003506b0 [ 27.914211][ T282] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.922165][ T282] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.930115][ T282] Call Trace: [ 27.933388][ T282] ext4_ext_insert_extent+0x38c3/0x4530 [ 27.938929][ T282] ? ext4_ext_next_allocated_block+0x2e0/0x2e0 [ 27.945065][ T282] ? get_implied_cluster_alloc+0x526/0x940 [ 27.950857][ T282] ext4_ext_map_blocks+0x148c/0x5d40 [ 27.956130][ T282] ? _raw_write_trylock+0x140/0x140 [ 27.961314][ T282] ? _raw_write_unlock+0x2b/0x60 [ 27.966234][ T282] ? ext4_ext_release+0x10/0x10 [ 27.971071][ T282] ? ext4_fc_track_template+0xb5/0x600 [ 27.976511][ T282] ? ext4_fc_track_range+0x250/0x250 [ 27.981806][ T282] ? ext4_es_lookup_extent+0x32d/0x8c0 [ 27.987253][ T282] ext4_map_blocks+0x978/0x1bc0 [ 27.992089][ T282] ? __kasan_slab_alloc+0xbd/0xf0 [ 27.997093][ T282] ? slab_post_alloc_hook+0x5d/0x2f0 [ 28.002365][ T282] ? kmem_cache_alloc+0x165/0x2e0 [ 28.007384][ T282] ? ext4_issue_zeroout+0x1a0/0x1a0 [ 28.012567][ T282] _ext4_get_block+0x1bb/0x4b0 [ 28.017350][ T282] ? ext4_get_block+0x50/0x50 [ 28.022035][ T282] ? slab_post_alloc_hook+0x7d/0x2f0 [ 28.027328][ T282] ext4_get_block_unwritten+0x2a/0x40 [ 28.032686][ T282] ext4_block_write_begin+0x567/0x1330 [ 28.038135][ T282] ? alloc_page_buffers+0x3aa/0x4a0 [ 28.043318][ T282] ? _ext4_get_block+0x4b0/0x4b0 [ 28.048236][ T282] ? ext4_print_free_blocks+0x2c0/0x2c0 [ 28.053767][ T282] ? __kasan_check_read+0x11/0x20 [ 28.058780][ T282] ? ext4_inode_journal_mode+0x19a/0x480 [ 28.064398][ T282] ext4_write_begin+0x651/0x1550 [ 28.069349][ T282] ? unwind_get_return_address+0x4d/0x90 [ 28.074970][ T282] ? ext4_readahead+0x110/0x110 [ 28.079821][ T282] ? ext4_get_group_desc+0x25f/0x2b0 [ 28.085106][ T282] ? __kasan_check_read+0x11/0x20 [ 28.090124][ T282] ? mark_buffer_dirty+0x1cc/0x330 [ 28.095227][ T282] ? __ext4_handle_dirty_metadata+0x2eb/0x7f0 [ 28.101282][ T282] ? __kasan_check_write+0x14/0x20 [ 28.106394][ T282] ext4_da_write_begin+0x455/0xe80 [ 28.111516][ T282] ? ext4_set_page_dirty+0x1a0/0x1a0 [ 28.116794][ T282] ? down_read_killable+0xe0/0xe0 [ 28.121810][ T282] ? __ext4_journal_stop+0x36/0x1a0 [ 28.126994][ T282] ? ext4_write_end+0xa00/0xed0 [ 28.131837][ T282] ? iov_iter_advance+0x1f7/0x750 [ 28.136847][ T282] generic_perform_write+0x2be/0x510 [ 28.142115][ T282] ? preempt_count_add+0x90/0x1b0 [ 28.147121][ T282] ? grab_cache_page_write_begin+0xb0/0xb0 [ 28.152922][ T282] ? down_write+0xac/0x110 [ 28.157336][ T282] ? down_read_killable+0xe0/0xe0 [ 28.162355][ T282] ? __switch_to+0x50f/0xfc0 [ 28.166931][ T282] ? generic_write_checks+0x3d4/0x480 [ 28.172285][ T282] ext4_buffered_write_iter+0x4b8/0x640 [ 28.177813][ T282] ext4_file_write_iter+0x536/0x1980 [ 28.183084][ T282] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.188261][ T282] ? finish_task_switch+0x12e/0x5a0 [ 28.193452][ T282] ? avc_policy_seqno+0x1b/0x70 [ 28.198294][ T282] ? selinux_file_permission+0x2a5/0x510 [ 28.203908][ T282] ? ext4_file_read_iter+0x530/0x530 [ 28.209170][ T282] ? security_file_permission+0x83/0xa0 [ 28.214699][ T282] ? iov_iter_init+0x3f/0x120 [ 28.219359][ T282] vfs_write+0x725/0xd60 [ 28.223585][ T282] ? kernel_write+0x3c0/0x3c0 [ 28.228256][ T282] ? ptrace_stop+0x69f/0x9c0 [ 28.232836][ T282] ? ptrace_notify+0x1c4/0x250 [ 28.237617][ T282] ? __kasan_check_read+0x11/0x20 [ 28.242624][ T282] ? __fdget+0x15b/0x230 [ 28.246852][ T282] __x64_sys_pwrite64+0x191/0x220 [ 28.251857][ T282] ? ksys_pwrite64+0x1b0/0x1b0 [ 28.256619][ T282] ? syscall_trace_enter+0x4b/0x170 [ 28.261803][ T282] do_syscall_64+0x31/0x40 [ 28.266208][ T282] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.272100][ T282] RIP: 0033:0x7f0f0f810bf9 [ 28.276509][ T282] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 28.296114][ T282] RSP: 002b:00007fff90cd4ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 28.304510][ T282] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f0f0f810bf9 [ 28.312471][ T282] RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000006 [ 28.320427][ T282] RBP: 0000200000000040 R08: 0000000000000000 R09: 0000000000000000 [ 28.328382][ T282] R10: 0000000000009000 R11: 0000000000000246 R12: 0031656c69662f2e [ 28.336337][ T282] R13: 5f646165726f6964 R14: 65726f6e67693d72 R15: 00007f0f0f85905e [ 28.344300][ T282] Modules linked in: [ 28.348376][ T282] ---[ end trace de70c56b2d3d047f ]--- [ 28.353865][ T282] RIP: 0010:ext4_ext_insert_index+0x52d/0x530 [ 28.359928][ T282] Code: 4c 89 fa e9 ca fd ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c dd fd ff ff 4c 89 f7 e8 ad a2 d3 ff e9 d0 fd ff ff e8 83 b2 99 ff <0f> 0b 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec c0 00 00 [ 28.379604][ T282] RSP: 0018:ffffc90000b46b20 EFLAGS: 00010293 [ 28.385696][ T282] RAX: ffffffff81c9e18d RBX: ffff888113c64424 RCX: ffff8881055b62c0 [ 28.393681][ T282] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 28.401661][ T282] RBP: ffffc90000b46b90 R08: dffffc0000000000 R09: ffffed10241853ba [ 28.409677][ T282] R10: ffffed10241853ba R11: 1ffff110241853b9 R12: 0000000000000000 [ 28.417664][ T282] R13: 00000000000000cb R14: 00000000fffffffe R15: 0000000000000054 [ 28.425648][ T282] FS: 00005555631ae380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 28.434588][ T282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.441153][ T282] CR2: 00005615520a1eb8 CR3: 00000001065ae000 CR4: 00000000003506b0 [ 28.449139][ T282] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.457125][ T282] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.465116][ T282] Kernel panic - not syncing: Fatal exception [ 28.466283][ T24] audit: type=1400 audit(1750101660.670:72): avc: denied { read } for pid=77 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 28.493002][ T282] Kernel Offset: disabled [ 28.497320][ T282] Rebooting in 86400 seconds..