./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2122006201 <...> [ 5.352874][ T162] udevd[162]: starting eudev-3.2.11 [ 5.355991][ T161] udevd (161) used greatest stack depth: 23128 bytes left [ 7.044735][ T140] rcS (140) used greatest stack depth: 23000 bytes left [ 16.235161][ T23] kauditd_printk_skb: 50 callbacks suppressed [ 16.235169][ T23] audit: type=1400 audit(1683248811.720:61): avc: denied { transition } for pid=289 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.240321][ T23] audit: type=1400 audit(1683248811.720:62): avc: denied { noatsecure } for pid=289 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.246382][ T23] audit: type=1400 audit(1683248811.730:63): avc: denied { write } for pid=289 comm="sh" path="pipe:[10512]" dev="pipefs" ino=10512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 16.253192][ T23] audit: type=1400 audit(1683248811.730:64): avc: denied { rlimitinh } for pid=289 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.267844][ T23] audit: type=1400 audit(1683248811.730:65): avc: denied { siginh } for pid=289 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 18.502404][ T290] sshd (290) used greatest stack depth: 22168 bytes left Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts. execve("./syz-executor2122006201", ["./syz-executor2122006201"], 0x7fffb1012520 /* 10 vars */) = 0 brk(NULL) = 0x5555569b3000 brk(0x5555569b3c40) = 0x5555569b3c40 arch_prctl(ARCH_SET_FS, 0x5555569b3300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2122006201", 4096) = 28 brk(0x5555569d4c40) = 0x5555569d4c40 brk(0x5555569d5000) = 0x5555569d5000 mprotect(0x7fec5896d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569b35d0) = 360 [ 26.220134][ T23] audit: type=1400 audit(1683248821.700:66): avc: denied { execmem } for pid=359 comm="syz-executor212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 26.240982][ T23] audit: type=1400 audit(1683248821.730:67): avc: denied { read write } for pid=359 comm="syz-executor212" name="loop0" dev="devtmpfs" ino=1149 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 ./strace-static-x86_64: Process 360 attached [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] memfd_create("syzkaller", 0) = 3 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fec504b2000 [pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 360] munmap(0x7fec504b2000, 1048576) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 360] close(3) = 0 [pid 360] mkdir("./bus", 0777) = 0 [ 26.265104][ T23] audit: type=1400 audit(1683248821.730:68): avc: denied { open } for pid=359 comm="syz-executor212" path="/dev/loop0" dev="devtmpfs" ino=1149 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 26.289243][ T23] audit: type=1400 audit(1683248821.750:69): avc: denied { ioctl } for pid=359 comm="syz-executor212" path="/dev/loop0" dev="devtmpfs" ino=1149 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 26.314945][ T23] audit: type=1400 audit(1683248821.770:70): avc: denied { mounton } for pid=360 comm="syz-executor212" path="/root/bus" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 26.341878][ T360] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 360] mount("/dev/loop0", "./bus", "ext4", MS_NOEXEC|MS_DIRSYNC|MS_RELATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 360] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 360] chdir("./bus") = 0 [pid 360] ioctl(4, LOOP_CLR_FD) = 0 [pid 360] close(4) = 0 [pid 360] chdir("./file0") = 0 [pid 360] openat(AT_FDCWD, "./bus", O_RDONLY|O_CREAT, 000) = 4 [pid 360] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME) = 5 [pid 360] writev(5, [{iov_base="\x3d\xf8\x7a\xdc\xd3\x23\xaa\xe8\x9c\xf0\x0a\xe1\xe9\x25\x77\x89\x55\x03\x18\x79\x23\xe4\x7c\xc0\x7d\xf6\xf0\xaa\x44\x82\x16\xf1\x51\x93\xf4\x5e\xf1\x89\xef\x6a\x4e\xf7\x3e\x0f\x02\xcd\x53\x57\x7e\xcd\x73\x88\xf7\x15\xe9\xe1\xe6\x60\x27\x20\x5a\xf7\x48\x81\xf1\xeb\x1b\xb9\xe5\xf8\x31\xf8\x6e\x52\x32\xfb\x5d\x16\x9c\x39\x1b\x7e\x47\x7a\xbf\x08\xe6\x27\x20\x10\x2f\x57\xf0\xf5\x92\xcd\x60\x38\xf8\x34"..., iov_len=180}, {iov_base="\x15\xe1\x62\x13\xf8\x62\x07\x2c\xd6\xf2\x8b\x79\x05\x83\xf4\x7a\x9e\xee\xe3\x71\x75\xbf\x8b\xcf\x74\x13\xb9\x76\xcf\x48\x7e\x5d\xaa\x30\x01\x52\xe4\x43\x61\x33\xec\xd3\x50\x7b\xb4\x51\x53\x67\x50\x2a\x21\x90\xb9\x04\xbf\xf5\x05\xf3\x12\xf1\xe6\x63\x10\xbe\x22\x09\x1e\x30\x89\x7c\x5d\xef\x53\xe6\x57\x92\x92\xf9\xd6\x7d\x39\x1d\x44\xdb\x36\x2c\x9d\x3b\xc9\x76\x9a\xa5\xd1\xd6\x9d\xe1\xfd\x08\x9c\xeb"..., iov_len=129}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], 5) = 309 [ 26.350921][ T23] audit: type=1400 audit(1683248821.840:71): avc: denied { mount } for pid=360 comm="syz-executor212" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 26.370324][ T360] ext4 filesystem being mounted at /root/bus supports timestamps until 2038 (0x7fffffff) [ 26.391965][ T23] audit: type=1400 audit(1683248821.880:72): avc: denied { write } for pid=360 comm="syz-executor212" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 26.414054][ T23] audit: type=1400 audit(1683248821.880:73): avc: denied { add_name } for pid=360 comm="syz-executor212" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 26.434791][ T23] audit: type=1400 audit(1683248821.880:74): avc: denied { create } for pid=360 comm="syz-executor212" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 360] sendfile(5, 4, NULL, 131071) = 131071 [pid 360] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 360] openat(AT_FDCWD, "./bus", O_RDONLY) = 6 [pid 360] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME) = 7 [pid 360] write(7, "t", 1) = 1 [pid 360] sendfile(7, 6, NULL, 131071) = 131071 [pid 360] exit_group(0) = ? [ 26.455068][ T23] audit: type=1400 audit(1683248821.880:75): avc: denied { read open } for pid=360 comm="syz-executor212" path="/root/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 26.522935][ T360] ------------[ cut here ]------------ [ 26.528217][ T360] kernel BUG at fs/ext4/ext4.h:2981! [ 26.533530][ T360] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 26.539408][ T360] CPU: 1 PID: 360 Comm: syz-executor212 Not tainted 5.4.233-syzkaller-00022-gcf4e000017b8 #0 [ 26.549370][ T360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 26.559275][ T360] RIP: 0010:ext4_mb_load_buddy_gfp+0xf29/0xf40 [ 26.565259][ T360] Code: ff e8 db c4 c9 ff e9 0a f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 52 f3 ff ff e8 e1 c4 c9 ff e9 48 f3 ff ff e8 77 0c 9a ff <0f> 0b e8 70 0c 9a ff 0f 0b e8 69 0c 9a ff 0f 0b e8 62 0c 9a ff 0f [ 26.584699][ T360] RSP: 0018:ffff8881dc3b7a48 EFLAGS: 00010293 [ 26.590601][ T360] RAX: ffffffff81ca11c9 RBX: 0000000000000001 RCX: ffff8881ddee8fc0 [ 26.598412][ T360] RDX: 0000000000000000 RSI: 00000000fffff171 RDI: 0000000000000001 [ 26.606225][ T360] RBP: ffff8881db810000 R08: ffffffff81ca0372 R09: ffffed103d17d7c0 [ 26.614040][ T360] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1103b702c7e [ 26.621847][ T360] R13: dffffc0000000000 R14: 00000000fffff171 R15: ffff8881db8163f0 [ 26.629659][ T360] FS: 00005555569b3300(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 26.638423][ T360] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.644842][ T360] CR2: 00007fec58942618 CR3: 00000001dc25c000 CR4: 00000000003406a0 [ 26.652659][ T360] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.660467][ T360] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.668359][ T360] Call Trace: [ 26.671498][ T360] ? locks_remove_posix+0x660/0x660 [ 26.676537][ T360] ? ext4_get_group_number+0xdd/0x190 [ 26.681747][ T360] ext4_discard_preallocations+0x603/0xb90 [ 26.687380][ T360] ? debug_smp_processor_id+0x20/0x20 [ 26.692585][ T360] ? ext4_exit_mballoc+0xf0/0xf0 [ 26.697357][ T360] ? __fsnotify_parent+0x310/0x310 [ 26.702455][ T360] ext4_release_file+0x165/0x300 [ 26.707223][ T360] ? ext4_file_open+0x5e0/0x5e0 [ 26.712023][ T360] __fput+0x262/0x680 [ 26.715807][ T360] task_work_run+0x140/0x170 [ 26.720237][ T360] do_exit+0xcaf/0x2bc0 [ 26.724226][ T360] ? put_task_struct+0x80/0x80 [ 26.728832][ T360] ? syscall_trace_enter+0x650/0x940 [ 26.733948][ T360] do_group_exit+0x138/0x300 [ 26.738372][ T360] __x64_sys_exit_group+0x3b/0x40 [ 26.743231][ T360] do_syscall_64+0xca/0x1c0 [ 26.747573][ T360] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 26.753295][ T360] Modules linked in: [ 26.757258][ T360] ---[ end trace d3e9f5cb5aab7520 ]--- [ 26.762636][ T360] RIP: 0010:ext4_mb_load_buddy_gfp+0xf29/0xf40 [ 26.768544][ T360] Code: ff e8 db c4 c9 ff e9 0a f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 52 f3 ff ff e8 e1 c4 c9 ff e9 48 f3 ff ff e8 77 0c 9a ff <0f> 0b e8 70 0c 9a ff 0f 0b e8 69 0c 9a ff 0f 0b e8 62 0c 9a ff 0f [ 26.787992][ T360] RSP: 0018:ffff8881dc3b7a48 EFLAGS: 00010293 [ 26.793895][ T360] RAX: ffffffff81ca11c9 RBX: 0000000000000001 RCX: ffff8881ddee8fc0 [ 26.801682][ T360] RDX: 0000000000000000 RSI: 00000000fffff171 RDI: 0000000000000001 [ 26.809479][ T360] RBP: ffff8881db810000 R08: ffffffff81ca0372 R09: ffffed103d17d7c0 [ 26.817318][ T360] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1103b702c7e [ 26.825385][ T360] R13: dffffc0000000000 R14: 00000000fffff171 R15: ffff8881db8163f0 [ 26.833676][ T360] FS: 00005555569b3300(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 26.842806][ T360] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.849263][ T360] CR2: 00007fec58942618 CR3: 00000001dc244000 CR4: 00000000003406a0 [ 26.857327][ T360] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.865119][ T360] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.873341][ T360] Kernel panic - not syncing: Fatal exception [ 26.879554][ T360] Kernel Offset: disabled [ 26.883769][ T360] Rebooting in 86400 seconds..