./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1635946455 <...> [ 3.120347][ T84] acpid (84) used greatest stack depth: 23344 bytes left [ 3.294271][ T99] udevd[99]: starting version 3.2.11 [ 3.347448][ T100] udevd[100]: starting eudev-3.2.11 [ 6.901402][ T104] udevd (104) used greatest stack depth: 22608 bytes left [ 10.100958][ T30] kauditd_printk_skb: 50 callbacks suppressed [ 10.100967][ T30] audit: type=1400 audit(1687060174.071:61): avc: denied { transition } for pid=220 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 10.106538][ T30] audit: type=1400 audit(1687060174.071:62): avc: denied { noatsecure } for pid=220 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 10.110006][ T30] audit: type=1400 audit(1687060174.071:63): avc: denied { write } for pid=220 comm="sh" path="pipe:[12259]" dev="pipefs" ino=12259 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 10.113268][ T30] audit: type=1400 audit(1687060174.071:64): avc: denied { rlimitinh } for pid=220 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 10.116390][ T30] audit: type=1400 audit(1687060174.071:65): avc: denied { siginh } for pid=220 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.147' (ECDSA) to the list of known hosts. execve("./syz-executor1635946455", ["./syz-executor1635946455"], 0x7ffc0267c7f0 /* 10 vars */) = 0 brk(NULL) = 0x555555e47000 brk(0x555555e47c40) = 0x555555e47c40 arch_prctl(ARCH_SET_FS, 0x555555e47300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1635946455", 4096) = 28 brk(0x555555e68c40) = 0x555555e68c40 brk(0x555555e69000) = 0x555555e69000 mprotect(0x7fd8461bc000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 291 mkdir("./syzkaller.9FxZfd", 0700) = 0 chmod("./syzkaller.9FxZfd", 0777) = 0 chdir("./syzkaller.9FxZfd") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e475d0) = 293 ./strace-static-x86_64: Process 293 attached [pid 293] chdir("./0") = 0 [pid 293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 293] setpgid(0, 0) = 0 [pid 293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 293] write(3, "1000", 4) = 4 [pid 293] close(3) = 0 [pid 293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 293] memfd_create("syzkaller", 0) = 3 [pid 293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd83dd00000 [pid 293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 293] munmap(0x7fd83dd00000, 262144) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 293] close(3) = 0 [pid 293] mkdir("./file1", 0777) = 0 [ 18.806092][ T30] audit: type=1400 audit(1687060182.771:66): avc: denied { execmem } for pid=291 comm="syz-executor163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 18.808927][ T30] audit: type=1400 audit(1687060182.771:67): avc: denied { read write } for pid=291 comm="syz-executor163" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 18.812417][ T30] audit: type=1400 audit(1687060182.771:68): avc: denied { open } for pid=291 comm="syz-executor163" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 18.815865][ T30] audit: type=1400 audit(1687060182.771:69): avc: denied { ioctl } for pid=291 comm="syz-executor163" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 18.823448][ T293] loop0: detected capacity change from 0 to 512 [ 18.825589][ T30] audit: type=1400 audit(1687060182.791:70): avc: denied { mounton } for pid=293 comm="syz-executor163" path="/root/syzkaller.9FxZfd/0/file1" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 18.840363][ T293] EXT4-fs (loop0): 1 orphan inode deleted [pid 293] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 293] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 293] chdir("./file1") = 0 [pid 293] ioctl(4, LOOP_CLR_FD) = 0 [pid 293] close(4) = 0 [pid 293] creat("./bus", 000) = 4 [pid 293] open("./file1", O_RDONLY|O_NOCTTY|O_NOATIME) = 5 [pid 293] sendfile(4, 5, NULL, 128512) = 128512 [pid 293] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 293] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 293] write(-1, "#! ./file0 /dev/loop (\n", 23) = -1 EBADF (Bad file descriptor) [ 18.845889][ T293] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 18.856970][ T30] audit: type=1400 audit(1687060182.821:71): avc: denied { mount } for pid=293 comm="syz-executor163" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 18.857380][ T293] ext4 filesystem being mounted at /root/syzkaller.9FxZfd/0/file1 supports timestamps until 2038 (0x7fffffff) [pid 293] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 22455190) = 262144 [pid 293] creat("./bus", 000) = 7 [pid 293] lseek(7, 512, SEEK_SET) = 512 [pid 293] open("./bus", O_RDONLY) = 8 [pid 293] sendfile(7, 8, NULL, 128512) = 128512 [pid 293] exit_group(0) = ? [pid 293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=293, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e48620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 18.891775][ T30] audit: type=1400 audit(1687060182.861:72): avc: denied { write } for pid=293 comm="syz-executor163" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 18.913721][ T293] syz-executor163 (293) used greatest stack depth: 21408 bytes left [ 18.918121][ T30] audit: type=1400 audit(1687060182.861:73): avc: denied { add_name } for pid=293 comm="syz-executor163" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 18.942107][ T30] audit: type=1400 audit(1687060182.861:74): avc: denied { create } for pid=293 comm="syz-executor163" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 18.962218][ T30] audit: type=1400 audit(1687060182.861:75): avc: denied { write open } for pid=293 comm="syz-executor163" path="/root/syzkaller.9FxZfd/0/file1/bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 18.962676][ T8] ------------[ cut here ]------------ [ 18.992178][ T8] kernel BUG at fs/ext4/inode.c:2431! [ 18.997377][ T8] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 19.003271][ T8] CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted 5.15.106-syzkaller-00266-g36f4f6fb72d5 #0 [ 19.012906][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 19.022800][ T8] Workqueue: writeback wb_workfn (flush-7:0) [ 19.028614][ T8] RIP: 0010:ext4_writepages+0x3f4b/0x4000 [ 19.034167][ T8] Code: 00 74 08 48 89 df e8 a4 ef c9 ff 48 8b 3b 48 8b 74 24 48 48 8b 54 24 28 44 89 e9 45 89 f8 e8 ac 42 08 00 eb 58 e8 75 95 88 ff <0f> 0b e8 6e 95 88 ff eb 3b e8 67 95 88 ff eb 72 e8 60 95 88 ff 31 [ 19.053613][ T8] RSP: 0018:ffffc90000087000 EFLAGS: 00010293 [ 19.059516][ T8] RAX: ffffffff81e745ab RBX: dffffc0000000000 RCX: ffff888100258000 [ 19.067328][ T8] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 19.075146][ T8] RBP: ffffc90000087410 R08: ffffffff81e71f6b R09: ffffed1021235c8f [ 19.082945][ T8] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 19.090756][ T8] R13: ffffc900000872e0 R14: 0000000000000000 R15: 0000000000000000 [ 19.098587][ T8] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 19.107333][ T8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 19.113844][ T8] CR2: 00007ffd3b405ff8 CR3: 000000010c532000 CR4: 00000000003506a0 [ 19.121655][ T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 19.129463][ T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 19.137277][ T8] Call Trace: [ 19.140408][ T8] [ 19.143182][ T8] ? ext4_readpage+0x230/0x230 [ 19.147775][ T8] ? __kasan_check_read+0x11/0x20 [ 19.152636][ T8] ? task_woken_rt+0x6d/0x240 [ 19.157151][ T8] ? sched_clock_cpu+0x18/0x3b0 [ 19.161840][ T8] ? ext4_readpage+0x230/0x230 [ 19.166437][ T8] do_writepages+0x40e/0x670 [ 19.170864][ T8] ? __writepage+0x130/0x130 [ 19.175291][ T8] __writeback_single_inode+0xdf/0xa70 [ 19.181111][ T8] writeback_sb_inodes+0xb2e/0x1910 [ 19.186143][ T8] ? queue_io+0x520/0x520 [ 19.190304][ T8] ? __writeback_inodes_wb+0x3f0/0x3f0 [ 19.195599][ T8] ? queue_io+0x3d0/0x520 [ 19.200381][ T8] wb_writeback+0x3b9/0x9e0 [ 19.204714][ T8] ? inode_cgwb_move_to_attached+0x3c0/0x3c0 [ 19.210530][ T8] ? set_worker_desc+0x158/0x1c0 [ 19.215302][ T8] ? _raw_spin_trylock_bh+0x190/0x190 [ 19.220509][ T8] ? __kasan_check_write+0x14/0x20 [ 19.225455][ T8] wb_workfn+0x3d9/0x1110 [ 19.229644][ T8] ? inode_wait_for_writeback+0x280/0x280 [ 19.235183][ T8] ? sched_clock+0x9/0x10 [ 19.239342][ T8] ? _raw_spin_unlock+0x4d/0x70 [ 19.244029][ T8] ? finish_task_switch+0x167/0x7b0 [ 19.249172][ T8] ? __kasan_check_read+0x11/0x20 [ 19.254036][ T8] ? read_word_at_a_time+0x12/0x20 [ 19.258957][ T8] ? strscpy+0x9c/0x260 [ 19.262949][ T8] process_one_work+0x6bb/0xc10 [ 19.267638][ T8] worker_thread+0xad5/0x12a0 [ 19.272162][ T8] kthread+0x421/0x510 [ 19.276054][ T8] ? worker_clr_flags+0x180/0x180 [ 19.280916][ T8] ? kthread_blkcg+0xd0/0xd0 [ 19.285341][ T8] ret_from_fork+0x1f/0x30 [ 19.289595][ T8] [ 19.292456][ T8] Modules linked in: [ 19.296270][ T8] ---[ end trace 4462fb66fc7678b6 ]--- [ 19.301546][ T8] RIP: 0010:ext4_writepages+0x3f4b/0x4000 [ 19.307040][ T8] Code: 00 74 08 48 89 df e8 a4 ef c9 ff 48 8b 3b 48 8b 74 24 48 48 8b 54 24 28 44 89 e9 45 89 f8 e8 ac 42 08 00 eb 58 e8 75 95 88 ff <0f> 0b e8 6e 95 88 ff eb 3b e8 67 95 88 ff eb 72 e8 60 95 88 ff 31 [ 19.326536][ T8] RSP: 0018:ffffc90000087000 EFLAGS: 00010293 [ 19.332397][ T8] RAX: ffffffff81e745ab RBX: dffffc0000000000 RCX: ffff888100258000 [ 19.340223][ T8] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 19.348013][ T8] RBP: ffffc90000087410 R08: ffffffff81e71f6b R09: ffffed1021235c8f [ 19.355842][ T8] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 19.363639][ T8] R13: ffffc900000872e0 R14: 0000000000000000 R15: 0000000000000000 [ 19.371543][ T8] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 19.380277][ T8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 19.386626][ T8] CR2: 00007ffd3b405ff8 CR3: 000000010c567000 CR4: 00000000003506a0 [ 19.394505][ T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 19.402277][ T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 19.410089][ T8] Kernel panic - not syncing: Fatal exception [ 19.416146][ T8] Kernel Offset: disabled [ 19.420264][ T8] Rebooting in 86400 seconds..