./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3390243558 <...> [ 3.278661][ T98] udevd[98]: starting version 3.2.11 [ 3.318133][ T99] udevd[99]: starting eudev-3.2.11 [ 3.320116][ T98] udevd (98) used greatest stack depth: 23312 bytes left [ 4.480975][ T179] ssh-keygen (179) used greatest stack depth: 22480 bytes left [ 11.387441][ T28] kauditd_printk_skb: 50 callbacks suppressed [ 11.387450][ T28] audit: type=1400 audit(1686789943.340:61): avc: denied { transition } for pid=222 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.397572][ T28] audit: type=1400 audit(1686789943.340:62): avc: denied { noatsecure } for pid=222 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.402014][ T28] audit: type=1400 audit(1686789943.340:63): avc: denied { write } for pid=222 comm="sh" path="pipe:[13692]" dev="pipefs" ino=13692 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 11.407570][ T28] audit: type=1400 audit(1686789943.340:64): avc: denied { rlimitinh } for pid=222 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.410136][ T28] audit: type=1400 audit(1686789943.340:65): avc: denied { siginh } for pid=222 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.52' (ECDSA) to the list of known hosts. execve("./syz-executor3390243558", ["./syz-executor3390243558"], 0x7ffe625f9b00 /* 10 vars */) = 0 brk(NULL) = 0x555555e36000 brk(0x555555e36c40) = 0x555555e36c40 arch_prctl(ARCH_SET_FS, 0x555555e36300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3390243558", 4096) = 28 brk(0x555555e57c40) = 0x555555e57c40 brk(0x555555e58000) = 0x555555e58000 mprotect(0x7f5ccdd79000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5cc58c0000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 munmap(0x7f5cc58c0000, 65536) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./mnt", 0777) = 0 [ 19.786443][ T28] audit: type=1400 audit(1686789951.730:66): avc: denied { execmem } for pid=291 comm="syz-executor339" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.790824][ T291] loop0: detected capacity change from 0 to 128 [ 19.791059][ T28] audit: type=1400 audit(1686789951.740:67): avc: denied { read write } for pid=291 comm="syz-executor339" name="loop0" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 19.796558][ T28] audit: type=1400 audit(1686789951.740:68): avc: denied { open } for pid=291 comm="syz-executor339" path="/dev/loop0" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 19.797210][ T291] EXT4-fs: Ignoring removed bh option [ 19.800817][ T28] audit: type=1400 audit(1686789951.740:69): avc: denied { ioctl } for pid=291 comm="syz-executor339" path="/dev/loop0" dev="devtmpfs" ino=113 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 19.802600][ T291] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 19.805428][ T28] audit: type=1400 audit(1686789951.740:70): avc: denied { mounton } for pid=291 comm="syz-executor339" path="/root/mnt" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 19.807251][ T291] EXT4-fs (loop0): Test dummy encryption mode enabled mount("/dev/loop0", "./mnt", "ext4", MS_SYNCHRONOUS, "test_dummy_encryption,stripe=0x0000000000000005,min_batch_time=0x0000000000000005,bh,dioread_nolock,"...) = 0 openat(AT_FDCWD, "./mnt", O_RDONLY|O_DIRECTORY) = 3 chdir("./mnt") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 19.829743][ T28] audit: type=1400 audit(1686789951.740:71): avc: denied { module_request } for pid=291 comm="syz-executor339" kmod="crypto-hmac(sha512)" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 19.837897][ T291] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 fallocate(4, 0, 0, 7) = 0 openat(AT_FDCWD, "blkio.bfq.sectors", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 36864 open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 6 open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 7 ftruncate(7, 33587195) = 0 [ 19.868112][ T28] audit: type=1400 audit(1686789951.820:72): avc: denied { mount } for pid=291 comm="syz-executor339" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 19.868122][ T291] ext4 filesystem being mounted at /root/mnt supports timestamps until 2038 (0x7fffffff) [ 19.881965][ T291] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 19.889979][ T28] audit: type=1400 audit(1686789951.820:73): avc: denied { write } for pid=291 comm="syz-executor339" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 19.907983][ T291] ------------[ cut here ]------------ [ 19.929137][ T28] audit: type=1400 audit(1686789951.820:74): avc: denied { add_name } for pid=291 comm="syz-executor339" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 19.934137][ T291] kernel BUG at fs/buffer.c:2717! [ 19.954834][ T28] audit: type=1400 audit(1686789951.820:75): avc: denied { create } for pid=291 comm="syz-executor339" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 19.979946][ T291] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 19.985824][ T291] CPU: 0 PID: 291 Comm: syz-executor339 Not tainted 6.1.25-syzkaller-00068-g60662882b7bd #0 [ 19.995721][ T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 20.005623][ T291] RIP: 0010:submit_bh_wbc+0x4e2/0x4f0 [ 20.010820][ T291] Code: d4 4b e7 ff e9 b0 fe ff ff e8 9a 63 a1 ff 0f 0b e8 93 63 a1 ff 0f 0b e8 8c 63 a1 ff 0f 0b e8 85 63 a1 ff 0f 0b e8 7e 63 a1 ff <0f> 0b e8 77 63 a1 ff 0f 0b 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 [ 20.030265][ T291] RSP: 0018:ffffc90000e46e10 EFLAGS: 00010293 [ 20.036160][ T291] RAX: ffffffff81d26032 RBX: 0000000000000800 RCX: ffff88811add9440 [ 20.043974][ T291] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000000000000000 [ 20.051792][ T291] RBP: ffffc90000e46e60 R08: ffffffff81d25cb0 R09: ffffed1023c40e01 [ 20.059594][ T291] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000814 [ 20.067412][ T291] R13: 1ffff11023c40e00 R14: ffff88811e207000 R15: 0000000000000000 [ 20.075218][ T291] FS: 0000555555e36300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 20.083985][ T291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.090409][ T291] CR2: 00000000004571f0 CR3: 000000011f55e000 CR4: 00000000003506b0 [ 20.098220][ T291] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.106027][ T291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.113843][ T291] Call Trace: [ 20.116965][ T291] [ 20.119745][ T291] submit_bh+0x1d/0x30 [ 20.123650][ T291] ? __wait_on_buffer+0x80/0x80 [ 20.128595][ T291] ext4_read_bh+0x1b2/0x250 [ 20.133021][ T291] ext4_read_bh_lock+0x99/0xb0 [ 20.137626][ T291] ext4_block_zero_page_range+0x5d2/0x9f0 [ 20.143176][ T291] ext4_truncate+0x89b/0xfb0 [ 20.147601][ T291] ? _ext4_get_block+0x660/0x660 [ 20.152376][ T291] ? __ext4_mark_inode_dirty+0x7d0/0x7d0 [ 20.157844][ T291] ext4_write_begin+0xa76/0xfb0 [ 20.162531][ T291] ? ext4_readahead+0x110/0x110 [ 20.167216][ T291] ? readahead_gfp_mask+0x190/0x190 [ 20.172250][ T291] ext4_da_write_begin+0x2ff/0x920 [ 20.177199][ T291] ? file_remove_privs+0x20/0x20 [ 20.181974][ T291] ? ext4_dirty_folio+0xf0/0xf0 [ 20.186660][ T291] ? current_time+0x1d1/0x2f0 [ 20.191180][ T291] generic_perform_write+0x2f9/0x5c0 [ 20.196293][ T291] ? generic_file_direct_write+0x6b0/0x6b0 [ 20.201935][ T291] ? generic_write_checks_count+0x490/0x490 [ 20.207661][ T291] ? arch_stack_walk+0xf3/0x140 [ 20.212347][ T291] ext4_buffered_write_iter+0x360/0x640 [ 20.217730][ T291] ext4_file_write_iter+0x194/0x1cf0 [ 20.222849][ T291] ? __stack_depot_save+0x36/0x480 [ 20.227797][ T291] ? kasan_set_track+0x60/0x70 [ 20.232396][ T291] ? kasan_set_track+0x4b/0x70 [ 20.236995][ T291] ? kasan_save_alloc_info+0x1f/0x30 [ 20.242124][ T291] ? __kasan_kmalloc+0x9c/0xb0 [ 20.246716][ T291] ? __kmalloc+0xb4/0x1e0 [ 20.250883][ T291] ? iter_file_splice_write+0x278/0xf90 [ 20.256264][ T291] ? direct_splice_actor+0xff/0x130 [ 20.261296][ T291] ? splice_direct_to_actor+0x4b4/0xbb0 [ 20.266677][ T291] ? do_splice_direct+0x27f/0x3c0 [ 20.271541][ T291] ? avc_policy_seqno+0x1b/0x70 [ 20.276225][ T291] ? ext4_file_read_iter+0x470/0x470 [ 20.281346][ T291] ? fsnotify_perm+0x6a/0x5d0 [ 20.285862][ T291] do_iter_write+0x6e6/0xc50 [ 20.290290][ T291] ? vfs_iter_write+0xa0/0xa0 [ 20.294803][ T291] ? __kasan_check_read+0x11/0x20 [ 20.299659][ T291] ? splice_from_pipe_next+0x5e9/0x640 [ 20.304956][ T291] vfs_iter_write+0x7c/0xa0 [ 20.309293][ T291] iter_file_splice_write+0x7f8/0xf90 [ 20.314521][ T291] ? generic_file_read_iter+0xad/0x4e0 [ 20.319798][ T291] ? splice_from_pipe+0x230/0x230 [ 20.324657][ T291] ? splice_shrink_spd+0xb0/0xb0 [ 20.329521][ T291] ? __kasan_check_read+0x11/0x20 [ 20.334383][ T291] ? fsnotify_perm+0x470/0x5d0 [ 20.338978][ T291] ? splice_from_pipe+0x230/0x230 [ 20.343838][ T291] direct_splice_actor+0xff/0x130 [ 20.348699][ T291] splice_direct_to_actor+0x4b4/0xbb0 [ 20.353906][ T291] ? do_splice_direct+0x3c0/0x3c0 [ 20.358853][ T291] ? pipe_to_sendpage+0x340/0x340 [ 20.363714][ T291] ? rw_verify_area+0xa7/0x1c0 [ 20.368314][ T291] do_splice_direct+0x27f/0x3c0 [ 20.373021][ T291] ? splice_direct_to_actor+0xbb0/0xbb0 [ 20.378383][ T291] ? fsnotify_perm+0x6a/0x5d0 [ 20.382980][ T291] ? security_file_permission+0x86/0xb0 [ 20.388362][ T291] do_sendfile+0x616/0xfe0 [ 20.392613][ T291] ? do_preadv+0x350/0x350 [ 20.396866][ T291] ? ptrace_notify+0x249/0x350 [ 20.401466][ T291] __x64_sys_sendfile64+0x1ce/0x230 [ 20.406503][ T291] ? __ia32_sys_sendfile+0x240/0x240 [ 20.411624][ T291] ? syscall_enter_from_user_mode+0x6a/0x190 [ 20.417440][ T291] do_syscall_64+0x3d/0xb0 [ 20.421690][ T291] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 20.427416][ T291] RIP: 0033:0x7f5ccdd0cca9 [ 20.431669][ T291] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 20.451111][ T291] RSP: 002b:00007fffd8346ff8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 20.459354][ T291] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ccdd0cca9 [ 20.467165][ T291] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 20.474976][ T291] RBP: 00007f5ccdccc2b0 R08: 0000000000000000 R09: 0000000000000000 [ 20.482793][ T291] R10: 0001000000201005 R11: 0000000000000246 R12: 00007f5ccdccc340 [ 20.490600][ T291] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 20.498416][ T291] [ 20.501275][ T291] Modules linked in: [ 20.505119][ T291] ---[ end trace 0000000000000000 ]--- [ 20.510408][ T291] RIP: 0010:submit_bh_wbc+0x4e2/0x4f0 [ 20.515510][ T291] Code: d4 4b e7 ff e9 b0 fe ff ff e8 9a 63 a1 ff 0f 0b e8 93 63 a1 ff 0f 0b e8 8c 63 a1 ff 0f 0b e8 85 63 a1 ff 0f 0b e8 7e 63 a1 ff <0f> 0b e8 77 63 a1 ff 0f 0b 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 [ 20.534982][ T291] RSP: 0018:ffffc90000e46e10 EFLAGS: 00010293 [ 20.540868][ T291] RAX: ffffffff81d26032 RBX: 0000000000000800 RCX: ffff88811add9440 [ 20.548695][ T291] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000000000000000 [ 20.556475][ T291] RBP: ffffc90000e46e60 R08: ffffffff81d25cb0 R09: ffffed1023c40e01 [ 20.564319][ T291] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000814 [ 20.572111][ T291] R13: 1ffff11023c40e00 R14: ffff88811e207000 R15: 0000000000000000 [ 20.579931][ T291] FS: 0000555555e36300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 20.588691][ T291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.595095][ T291] CR2: 00000000004571f0 CR3: 000000011f55e000 CR4: 00000000003506b0 [ 20.602932][ T291] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.610734][ T291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.618560][ T291] Kernel panic - not syncing: Fatal exception [ 20.624503][ T291] Kernel Offset: disabled [ 20.628598][ T291] Rebooting in 86400 seconds..