./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3946404556

<...>
[    5.124337][  T161] udevd[161]: starting version 3.2.11
[    5.187855][  T162] udevd[162]: starting eudev-3.2.11
[    6.278851][  T194] ip (194) used greatest stack depth: 22232 bytes left
[    9.015279][  T168] udevd (168) used greatest stack depth: 21880 bytes left
[   14.004041][   T23] kauditd_printk_skb: 50 callbacks suppressed
[   14.004065][   T23] audit: type=1400 audit(1687778574.510:61): avc:  denied  { transition } for  pid=287 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   14.015740][   T23] audit: type=1400 audit(1687778574.520:62): avc:  denied  { noatsecure } for  pid=287 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   14.019448][   T23] audit: type=1400 audit(1687778574.520:63): avc:  denied  { write } for  pid=287 comm="sh" path="pipe:[10582]" dev="pipefs" ino=10582 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   14.028837][   T23] audit: type=1400 audit(1687778574.520:64): avc:  denied  { rlimitinh } for  pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   14.047581][   T23] audit: type=1400 audit(1687778574.520:65): avc:  denied  { siginh } for  pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.114' (ECDSA) to the list of known hosts.
execve("./syz-executor3946404556", ["./syz-executor3946404556"], 0x7ffd7e283e00 /* 10 vars */) = 0
brk(NULL)                               = 0x555557276000
brk(0x555557276c40)                     = 0x555557276c40
arch_prctl(ARCH_SET_FS, 0x555557276300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3946404556", 4096) = 28
brk(0x555557297c40)                     = 0x555557297c40
brk(0x555557298000)                     = 0x555557298000
mprotect(0x7f8dbddbe000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572765d0) = 359
./strace-static-x86_64: Process 359 attached
[pid   359] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   359] setsid()                    = 1
[pid   359] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   359] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   359] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   359] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   359] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   359] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   359] unshare(CLONE_NEWNS)        = 0
[pid   359] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   359] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   359] unshare(CLONE_NEWCGROUP)    = 0
[pid   359] unshare(CLONE_NEWUTS)       = 0
[pid   359] unshare(CLONE_SYSVSEM)      = 0
[pid   359] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   359] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   359] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   359] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   359] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   359] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   359] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   359] getpid()                    = 1
[pid   359] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ, inheritable=0}) = 0
[pid   359] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ, inheritable=0}) = 0
[pid   359] unshare(CLONE_NEWNET)       = 0
[pid   359] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "0 65535", 7)      = 7
[pid   359] close(3)                    = 0
[pid   359] mkdir("/dev/binderfs", 0777) = 0
[pid   359] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   359] symlink("/dev/binderfs", "./binderfs") = 0
[pid   359] memfd_create("syzkaller", 0) = 3
[   25.209037][   T23] audit: type=1400 audit(1687778585.720:66): avc:  denied  { execmem } for  pid=358 comm="syz-executor394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   25.229403][   T23] audit: type=1400 audit(1687778585.720:67): avc:  denied  { mounton } for  pid=359 comm="syz-executor394" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[pid   359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8db5902000
[pid   359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   359] munmap(0x7f8db5902000, 1048576) = 0
[pid   359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   359] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   359] close(3)                    = 0
[pid   359] mkdir("./file0", 0777)      = 0
[   25.253704][   T23] audit: type=1400 audit(1687778585.720:68): avc:  denied  { mount } for  pid=359 comm="syz-executor394" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   25.276929][   T23] audit: type=1400 audit(1687778585.720:69): avc:  denied  { mounton } for  pid=359 comm="syz-executor394" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[pid   359] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   359] chdir("./file0")            = 0
[pid   359] ioctl(4, LOOP_CLR_FD)       = 0
[   25.298870][   T23] audit: type=1400 audit(1687778585.770:70): avc:  denied  { mounton } for  pid=359 comm="syz-executor394" path="/dev/binderfs" dev="devtmpfs" ino=10015 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   25.321953][   T23] audit: type=1400 audit(1687778585.770:71): avc:  denied  { mount } for  pid=359 comm="syz-executor394" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   25.330726][  T359] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   359] close(4)                    = 0
[pid   359] creat("./bus", 000)         = 4
[pid   359] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   359] creat("./bus", 000)         = 5
[pid   359] fallocate(5, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 8453392) = 0
[pid   359] exit_group(1)               = ?
[   25.344527][   T23] audit: type=1400 audit(1687778585.770:72): avc:  denied  { read write } for  pid=359 comm="syz-executor394" name="loop0" dev="devtmpfs" ino=9282 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   25.368744][    C1] blk_update_request: I/O error, dev loop0, sector 0 op 0x9:(WRITE_ZEROES) flags 0x1000800 phys_seg 0 prio class 0
[   25.378158][   T23] audit: type=1400 audit(1687778585.770:73): avc:  denied  { open } for  pid=359 comm="syz-executor394" path="/dev/loop0" dev="devtmpfs" ino=9282 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   25.413038][   T23] audit: type=1400 audit(1687778585.770:74): avc:  denied  { ioctl } for  pid=359 comm="syz-executor394" path="/dev/loop0" dev="devtmpfs" ino=9282 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   25.438574][   T23] audit: type=1400 audit(1687778585.790:75): avc:  denied  { mounton } for  pid=359 comm="syz-executor394" path="/root/file0" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   25.461476][  T362] ------------[ cut here ]------------
[   25.466735][  T362] kernel BUG at fs/buffer.c:3027!
[   25.472686][  T362] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   25.478557][  T362] CPU: 1 PID: 362 Comm: kmmpd-loop0 Not tainted 5.4.242-syzkaller-00015-gf5af01b60cfa #0
[   25.488184][  T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   25.498089][  T362] RIP: 0010:submit_bh_wbc+0x831/0x850
[   25.503379][  T362] Code: 10 80 e1 07 80 c1 03 38 c1 0f 8c 14 fe ff ff 48 8b 7c 24 10 e8 f0 a4 ea ff e9 05 fe ff ff e8 c6 ea ba ff 0f 0b e8 bf ea ba ff <0f> 0b e8 b8 ea ba ff 0f 0b e8 b1 ea ba ff 0f 0b e8 aa ea ba ff 0f
[   25.522820][  T362] RSP: 0018:ffff8881dbe97bf0 EFLAGS: 00010293
[   25.528715][  T362] RAX: ffffffff81a93f21 RBX: 0000000000000000 RCX: ffff8881dcb6de80
[   25.536525][  T362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   25.544341][  T362] RBP: 0000000000003800 R08: ffffffff81a93794 R09: ffffed103b8839ba
[   25.552163][  T362] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[   25.560207][  T362] R13: ffff8881dc41cdc8 R14: 0000000000000001 R15: 0000000000000000
[   25.568004][  T362] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   25.576768][  T362] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.583190][  T362] CR2: 000055fab11f8038 CR3: 00000001ee3ad000 CR4: 00000000003406a0
[   25.591001][  T362] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   25.598815][  T362] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   25.606622][  T362] Call Trace:
[   25.609757][  T362]  ? debug_smp_processor_id+0x20/0x20
[   25.614972][  T362]  submit_bh+0x21/0x30
[   25.618880][  T362]  write_mmp_block+0x3ff/0x5b0
[   25.623471][  T362]  ? console_conditional_schedule+0x10/0x10
[   25.629196][  T362]  ? read_mmp_block+0x8a0/0x8a0
[   25.633907][  T362]  kmmpd+0x7de/0xa10
[   25.637621][  T362]  ? write_mmp_block+0x5b0/0x5b0
[   25.642394][  T362]  ? __wake_up_locked+0xb7/0x110
[   25.647335][  T362]  ? __kthread_parkme+0xb0/0x1b0
[   25.652107][  T362]  kthread+0x2da/0x360
[   25.656018][  T362]  ? write_mmp_block+0x5b0/0x5b0
[   25.660793][  T362]  ? kthread_blkcg+0xd0/0xd0
[   25.665214][  T362]  ret_from_fork+0x1f/0x30
[   25.669459][  T362] Modules linked in:
[   25.674719][  T362] ---[ end trace caf4ed5521bc4de0 ]---
[   25.680013][  T362] RIP: 0010:submit_bh_wbc+0x831/0x850
[   25.685183][  T362] Code: 10 80 e1 07 80 c1 03 38 c1 0f 8c 14 fe ff ff 48 8b 7c 24 10 e8 f0 a4 ea ff e9 05 fe ff ff e8 c6 ea ba ff 0f 0b e8 bf ea ba ff <0f> 0b e8 b8 ea ba ff 0f 0b e8 b1 ea ba ff 0f 0b e8 aa ea ba ff 0f
[   25.704735][  T362] RSP: 0018:ffff8881dbe97bf0 EFLAGS: 00010293
[   25.710577][  T362] RAX: ffffffff81a93f21 RBX: 0000000000000000 RCX: ffff8881dcb6de80
[   25.718399][  T362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   25.726175][  T362] RBP: 0000000000003800 R08: ffffffff81a93794 R09: ffffed103b8839ba
[   25.734019][  T362] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[   25.741826][  T362] R13: ffff8881dc41cdc8 R14: 0000000000000001 R15: 0000000000000000
[   25.749629][  T362] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   25.758472][  T362] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.764953][  T362] CR2: 000055fab11f8038 CR3: 00000001ee3ad000 CR4: 00000000003406a0
[   25.772805][  T362] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   25.780601][  T362] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   25.788416][  T362] Kernel panic - not syncing: Fatal exception
[   25.794611][  T362] Kernel Offset: disabled
[   25.798742][  T362] Rebooting in 86400 seconds..