./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1300658287 <...> Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts. execve("./syz-executor1300658287", ["./syz-executor1300658287"], 0x7ffd534f6250 /* 10 vars */) = 0 brk(NULL) = 0x555556671000 brk(0x555556671c40) = 0x555556671c40 arch_prctl(ARCH_SET_FS, 0x555556671300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1300658287", 4096) = 28 brk(0x555556692c40) = 0x555556692c40 brk(0x555556693000) = 0x555556693000 mprotect(0x7f7f5c0bc000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 ftruncate(3, 262144) = 0 pwrite64(3, "\x20\x00\x00\x00\x40\x00\x00\x00\x03\x00\x00\x00\x30\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x00\x80\x00\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdc\xf4\x65\x5f\xdc\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x02\x00\x00\x28\x02\x00\x00\x02\x84", 98, 1024) = 98 pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x30\x00\x0f", 15, 4096) = 15 pwrite64(3, "\xff\xff\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xdb\xf4\x65\x5f\xdc\xf4\x65\x5f\xdc\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x08", 29, 16896) = 29 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 mkdir("./file0", 0777) = 0 [ 23.165858][ T23] audit: type=1400 audit(1666103064.640:73): avc: denied { execmem } for pid=304 comm="syz-executor130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.185361][ T23] audit: type=1400 audit(1666103064.640:74): avc: denied { read write } for pid=304 comm="syz-executor130" name="loop0" dev="devtmpfs" ino=1686 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 close(3) = 0 chdir("./file0") = 0 open("./file0", O_WRONLY|O_CREAT|O_EXCL|O_DIRECT|0x4, 000) = 3 open("./file0", O_RDONLY) = 4 write(3, "\x3b\x27\xa4\xb4\x6e\xe9\x2b\x4a\x59\x07\x3c\x36\x9a\x5e\x19\xf9\xdb\x15\x3c\x4f\xdb\xc7\x6a\xa2\xa4\xbb\x9f\x3e\x5e\x1a\xa1\x97\xa9\xe9\x7d\x10\x16\xc0\x18\x13\x79\x2e\x50\xc2\x69\x2c\x17\x5a\xad\x71\x5d\x11\x0a\x89\x29\x49\xcc\xc6\xe2\xe5\x4c\x2d\x5c\x8f\x0b\x79\x32\xb6\x97\x97\xf2\x17\x16\x8b\x0c\x1f\xeb\x12\x8a\xe3\x4f\x0d\xaf\x48\x7a\x70\xb5\xc1\x17\xac\xd4\x37\x25\xfe\x17\x99\x36\x34\xf1\x69"..., 1536) = 1536 sendfile(3, 4, NULL, 57347) = 56832 open("./file0", O_RDWR|O_CREAT|O_SYNC|O_NOATIME, 000) = 6 [ 23.191733][ T304] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.210137][ T23] audit: type=1400 audit(1666103064.640:75): avc: denied { open } for pid=304 comm="syz-executor130" path="/dev/loop0" dev="devtmpfs" ino=1686 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.243004][ T23] audit: type=1400 audit(1666103064.640:76): avc: denied { ioctl } for pid=304 comm="syz-executor130" path="/dev/loop0" dev="devtmpfs" ino=1686 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.248775][ T304] ------------[ cut here ]------------ [ 23.269097][ T23] audit: type=1400 audit(1666103064.640:77): avc: denied { mounton } for pid=304 comm="syz-executor130" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 23.274039][ T304] kernel BUG at fs/ext4/inode.c:2837! [ 23.296979][ T23] audit: type=1400 audit(1666103064.690:78): avc: denied { mount } for pid=304 comm="syz-executor130" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 23.302222][ T304] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 23.324055][ T23] audit: type=1400 audit(1666103064.710:79): avc: denied { write } for pid=304 comm="syz-executor130" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.329891][ T304] CPU: 1 PID: 304 Comm: syz-executor130 Not tainted 5.4.210-syzkaller-00004-gff63a5f5cdf6 #0 [ 23.329894][ T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 23.329921][ T304] RIP: 0010:ext4_writepages+0x356c/0x3590 [ 23.329934][ T304] Code: 94 c3 40 0f 94 c6 31 ff e8 b1 27 a5 ff 84 db 75 2e e8 18 25 a5 ff 49 bf 00 00 00 00 00 fc ff df e9 3d cd ff ff e8 04 25 a5 ff <0f> 0b e8 fd 24 a5 ff 0f 0b e8 f6 24 a5 ff e8 31 ce 44 ff eb 9e e8 [ 23.352185][ T23] audit: type=1400 audit(1666103064.710:80): avc: denied { add_name } for pid=304 comm="syz-executor130" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.361906][ T304] RSP: 0018:ffff8881dd787890 EFLAGS: 00010293 [ 23.361913][ T304] RAX: ffffffff81bb73dc RBX: 0000018410000000 RCX: ffff8881e11abf00 [ 23.361917][ T304] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 23.361921][ T304] RBP: 0000010000000000 R08: ffffffff81bb46d4 R09: ffffed103cc8780b [ 23.361925][ T304] R10: ffffed103cc8780b R11: 1ffff1103cc8780a R12: ffff8881e643c100 [ 23.361942][ T304] R13: ffff8881dd7e0000 R14: 0000000000000001 R15: dffffc0000000000 [ 23.372361][ T23] audit: type=1400 audit(1666103064.710:81): avc: denied { create } for pid=304 comm="syz-executor130" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 23.377654][ T304] FS: 0000555556671300(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 23.377659][ T304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.377663][ T304] CR2: 00000000004571f0 CR3: 00000001dd794000 CR4: 00000000003406e0 [ 23.377675][ T304] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.397531][ T23] audit: type=1400 audit(1666103064.710:82): avc: denied { write open } for pid=304 comm="syz-executor130" path="/root/file0/file0" dev="loop0" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 23.418040][ T304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.418043][ T304] Call Trace: [ 23.418061][ T304] ? __ext4_handle_dirty_metadata+0x27d/0x620 [ 23.418074][ T304] ? balance_dirty_pages+0x20bb/0x2380 [ 23.561723][ T304] ? ext4_readpage+0x2c0/0x2c0 [ 23.566459][ T304] do_writepages+0xda/0x1f0 [ 23.570935][ T304] file_write_and_wait_range+0x2cd/0x360 [ 23.576559][ T304] __generic_file_fsync+0x6e/0x190 [ 23.581640][ T304] ext4_sync_file+0x266/0xc70 [ 23.586284][ T304] ext4_file_write_iter+0x963/0x1040 [ 23.591551][ T304] ? iov_iter_init+0x83/0x160 [ 23.596209][ T304] __vfs_write+0x4f9/0x6a0 [ 23.600612][ T304] vfs_write+0x210/0x4f0 [ 23.604843][ T304] ksys_write+0x158/0x260 [ 23.609159][ T304] do_syscall_64+0xcb/0x1c0 [ 23.613642][ T304] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.620577][ T304] RIP: 0033:0x7f7f5c04eef9 [ 23.624963][ T304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 23.644535][ T304] RSP: 002b:00007ffd14199828 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 23.652914][ T304] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f7f5c04eef9 [ 23.660855][ T304] RDX: 0000000000000088 RSI: 0000000020000440 RDI: 0000000000000006 [ 23.668792][ T304] RBP: 00007f7f5c00e6f0 R08: 0000000000000000 R09: 0000000000000000 [ 23.676729][ T304] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f5c00e780 [ 23.684848][ T304] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 23.692873][ T304] Modules linked in: [ 23.697252][ T304] ---[ end trace 98765d3cbabf3d33 ]--- [ 23.702715][ T304] RIP: 0010:ext4_writepages+0x356c/0x3590 [ 23.708677][ T304] Code: 94 c3 40 0f 94 c6 31 ff e8 b1 27 a5 ff 84 db 75 2e e8 18 25 a5 ff 49 bf 00 00 00 00 00 fc ff df e9 3d cd ff ff e8 04 25 a5 ff <0f> 0b e8 fd 24 a5 ff 0f 0b e8 f6 24 a5 ff e8 31 ce 44 ff eb 9e e8 [ 23.728291][ T304] RSP: 0018:ffff8881dd787890 EFLAGS: 00010293 [ 23.734334][ T304] RAX: ffffffff81bb73dc RBX: 0000018410000000 RCX: ffff8881e11abf00 [ 23.742302][ T304] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 23.750280][ T304] RBP: 0000010000000000 R08: ffffffff81bb46d4 R09: ffffed103cc8780b [ 23.758250][ T304] R10: ffffed103cc8780b R11: 1ffff1103cc8780a R12: ffff8881e643c100 [ 23.766213][ T304] R13: ffff8881dd7e0000 R14: 0000000000000001 R15: dffffc0000000000 [ 23.774156][ T304] FS: 0000555556671300(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 23.783188][ T304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.789762][ T304] CR2: 00000000004571f0 CR3: 00000001dd794000 CR4: 00000000003406e0 [ 23.797726][ T304] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.805684][ T304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.813632][ T304] Kernel panic - not syncing: Fatal exception [ 23.819821][ T304] Kernel Offset: disabled [ 23.824297][ T304] Rebooting in 86400 seconds..