./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor748611399

<...>
[    2.681401][   T30] audit: type=1400 audit(1680330497.150:8): avc:  denied  { create } for  pid=80 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[    2.684832][   T30] audit: type=1400 audit(1680330497.150:9): avc:  denied  { append open } for  pid=80 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[    2.688038][   T30] audit: type=1400 audit(1680330497.150:10): avc:  denied  { getattr } for  pid=80 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[    2.727700][   T82] acpid (82) used greatest stack depth: 23344 bytes left
[    2.961065][   T97] udevd[97]: starting version 3.2.10
[    2.986858][   T98] udevd[98]: starting eudev-3.2.10
[    4.205881][  T189] sshd (189) used greatest stack depth: 22288 bytes left
[   10.366913][   T30] kauditd_printk_skb: 49 callbacks suppressed
[   10.366922][   T30] audit: type=1400 audit(1680330504.850:60): avc:  denied  { transition } for  pid=232 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   10.372111][   T30] audit: type=1400 audit(1680330504.850:61): avc:  denied  { write } for  pid=232 comm="sh" path="pipe:[931]" dev="pipefs" ino=931 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts.
execve("./syz-executor748611399", ["./syz-executor748611399"], 0x7fff15696f60 /* 10 vars */) = 0
brk(NULL)                               = 0x555556d9a000
brk(0x555556d9ad00)                     = 0x555556d9ad00
arch_prctl(ARCH_SET_FS, 0x555556d9a3c0) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor748611399", 4096) = 27
brk(0x555556dbbd00)                     = 0x555556dbbd00
brk(0x555556dbc000)                     = 0x555556dbc000
mprotect(0x7f909ee70000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 321
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2)                       = 2
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7)                  = 7
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "321", 3)                      = 3
close(3)                                = 0
mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24
close(3)                                = 0
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f909edbe5e0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f909edbfc10}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f909edbe5e0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f909edbfc10}, NULL, 8) = 0
getpid()                                = 321
mkdir("./syzkaller.U0GPjt", 0700)       = 0
chmod("./syzkaller.U0GPjt", 0777)       = 0
chdir("./syzkaller.U0GPjt")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d9a690) = 322
./strace-static-x86_64: Process 322 attached
[   18.146473][   T30] audit: type=1400 audit(1680330512.630:62): avc:  denied  { execmem } for  pid=321 comm="syz-executor748" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   18.149389][   T30] audit: type=1400 audit(1680330512.630:63): avc:  denied  { integrity } for  pid=321 comm="syz-executor748" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1
[   18.163800][   T30] audit: type=1400 audit(1680330512.640:64): avc:  denied  { mounton } for  pid=321 comm="syz-executor748" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   18.169421][   T30] audit: type=1400 audit(1680330512.650:65): avc:  denied  { mount } for  pid=321 comm="syz-executor748" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[pid   322] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   322] setsid()                    = 1
[pid   322] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   322] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   322] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   322] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   322] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   322] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   322] unshare(CLONE_NEWNS)        = 0
[pid   322] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   322] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   322] unshare(CLONE_NEWCGROUP)    = 0
[pid   322] unshare(CLONE_NEWUTS)       = 0
[pid   322] unshare(CLONE_SYSVSEM)      = 0
[pid   322] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   322] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   322] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   322] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   322] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   322] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   322] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   322] getpid()                    = 1
[pid   322] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   322] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   322] unshare(CLONE_NEWNET)       = 0
[pid   322] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   322] write(3, "0 65535", 7)      = 7
[pid   322] close(3)                    = 0
[pid   322] mkdir("/dev/binderfs", 0777) = 0
[pid   322] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   322] memfd_create("syzkaller", 0) = 3
[pid   322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f90969b4000
[   18.193931][   T30] audit: type=1400 audit(1680330512.670:66): avc:  denied  { mounton } for  pid=322 comm="syz-executor748" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   18.217987][   T30] audit: type=1400 audit(1680330512.700:67): avc:  denied  { mount } for  pid=322 comm="syz-executor748" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[pid   322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   322] munmap(0x7f90969b4000, 1048576) = 0
[pid   322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   322] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   322] close(3)                    = 0
[pid   322] mkdir("./bus", 0777)        = 0
[   18.240462][   T30] audit: type=1400 audit(1680330512.700:68): avc:  denied  { mounton } for  pid=322 comm="syz-executor748" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   18.254799][  T322] loop0: detected capacity change from 0 to 2048
[   18.265072][   T30] audit: type=1400 audit(1680330512.720:69): avc:  denied  { mounton } for  pid=322 comm="syz-executor748" path="/dev/binderfs" dev="devtmpfs" ino=358 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   18.290578][   T30] audit: type=1400 audit(1680330512.720:70): avc:  denied  { mount } for  pid=322 comm="syz-executor748" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   18.312918][   T30] audit: type=1400 audit(1680330512.730:71): avc:  denied  { read write } for  pid=322 comm="syz-executor748" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   18.314083][  T322] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[pid   322] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue") = 0
[pid   322] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid   322] chdir("./bus")              = 0
[pid   322] ioctl(4, LOOP_CLR_FD)       = 0
[pid   322] close(4)                    = 0
[pid   322] chdir("./file0")            = 0
[pid   322] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4
[pid   322] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   322] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5
[pid   322] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid   322] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 196608
[pid   322] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED, 6, 0) = 0x20000000
[pid   322] preadv(6, 0x200015c0, 5, 0) = 196480
[pid   322] write(5, 0x200000c0, 34136651) = 192512
[pid   322] write(5, 0x200000c0, 34136651) = 192512
[pid   322] write(5, 0x200000c0, 34136651) = 192512
[pid   322] write(5, 0x200000c0, 34136651) = 192512
[pid   322] write(5, 0x200000c0, 34136651) = 192512
[pid   322] write(5, 0x200000c0, 34136651) = 86016
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   322] exit_group(1)               = ?
[   18.347276][  T322] ext4 filesystem being mounted at /root/syzkaller.U0GPjt/bus supports timestamps until 2038 (0x7fffffff)
[   18.387913][   T10] EXT4-fs error (device loop0): __ext4_get_inode_loc:4347: comm kworker/u4:1: Invalid inode table block 0 in block_group 0
[   18.400799][   T10] ==================================================================
[   18.408666][   T10] BUG: KASAN: use-after-free in ext4_find_extent+0xbab/0xdb0
[   18.415998][   T10] Read of size 4 at addr ffff88811e57e058 by task kworker/u4:1/10
[   18.423634][   T10] 
[   18.425809][   T10] CPU: 1 PID: 10 Comm: kworker/u4:1 Not tainted 5.15.98-syzkaller-00348-g7364b7abbafb #0
[   18.435440][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   18.445335][   T10] Workqueue: writeback wb_workfn (flush-7:0)
[   18.451148][   T10] Call Trace:
[   18.454272][   T10]  <TASK>
[   18.457049][   T10]  dump_stack_lvl+0x151/0x1b7
[   18.461564][   T10]  ? io_uring_drop_tctx_refs+0x190/0x190
[   18.467028][   T10]  ? __wake_up_klogd+0xd5/0x110
[   18.471721][   T10]  ? panic+0x751/0x751
[   18.475621][   T10]  print_address_description+0x87/0x3b0
[   18.481002][   T10]  kasan_report+0x179/0x1c0
[   18.485344][   T10]  ? __read_extent_tree_block+0x1e0/0x7b0
[   18.490897][   T10]  ? ext4_find_extent+0xbab/0xdb0
[   18.495760][   T10]  ? ext4_find_extent+0xbab/0xdb0
[   18.500616][   T10]  __asan_report_load4_noabort+0x14/0x20
[   18.506087][   T10]  ext4_find_extent+0xbab/0xdb0
[   18.510782][   T10]  ext4_ext_map_blocks+0x254/0x7250
[   18.515815][   T10]  ? __kasan_check_write+0x14/0x20
[   18.520850][   T10]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   18.526147][   T10]  ? ret_from_fork+0x1f/0x30
[   18.530572][   T10]  ? free_unref_page_commit+0x480/0x480
[   18.535950][   T10]  ? stack_trace_snprint+0xf0/0xf0
[   18.540900][   T10]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   18.546539][   T10]  ? __stack_depot_save+0x40d/0x470
[   18.551573][   T10]  ? ext4_ext_release+0x10/0x10
[   18.556259][   T10]  ? __kasan_slab_alloc+0xc3/0xe0
[   18.561120][   T10]  ? __kasan_slab_alloc+0xb1/0xe0
[   18.565980][   T10]  ? slab_post_alloc_hook+0x53/0x2c0
[   18.571448][   T10]  ? kmem_cache_alloc+0xf5/0x200
[   18.576224][   T10]  ? ext4_alloc_io_end_vec+0x2a/0x170
[   18.581430][   T10]  ? ext4_writepages+0x13b6/0x4010
[   18.586375][   T10]  ? do_writepages+0x40e/0x670
[   18.590978][   T10]  ? __writeback_single_inode+0xdf/0xa70
[   18.596445][   T10]  ? writeback_sb_inodes+0xb2e/0x1910
[   18.601652][   T10]  ? wb_writeback+0x3b9/0x9e0
[   18.606165][   T10]  ? wb_workfn+0x3d9/0x1110
[   18.610503][   T10]  ? process_one_work+0x6bb/0xc10
[   18.615370][   T10]  ? worker_thread+0xad5/0x12a0
[   18.620050][   T10]  ? kthread+0x421/0x510
[   18.624130][   T10]  ? ret_from_fork+0x1f/0x30
[   18.628560][   T10]  ? _raw_read_unlock+0x25/0x40
[   18.633241][   T10]  ? ext4_es_lookup_extent+0x33b/0x940
[   18.638537][   T10]  ext4_map_blocks+0xaa7/0x1e30
[   18.643336][   T10]  ? ext4_issue_zeroout+0x250/0x250
[   18.648364][   T10]  ? ext4_inode_journal_mode+0x1a5/0x470
[   18.653833][   T10]  ext4_writepages+0x162a/0x4010
[   18.658608][   T10]  ? __kasan_check_read+0x11/0x20
[   18.663467][   T10]  ? ext4_readpage+0x230/0x230
[   18.668065][   T10]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   18.673707][   T10]  ? ext4_itable_unused_set+0x100/0x100
[   18.679179][   T10]  ? ext4_readpage+0x230/0x230
[   18.683776][   T10]  do_writepages+0x40e/0x670
[   18.688224][   T10]  ? __writepage+0x130/0x130
[   18.692628][   T10]  ? __kasan_check_write+0x14/0x20
[   18.697574][   T10]  ? _raw_spin_lock+0xa4/0x1b0
[   18.702176][   T10]  ? _raw_spin_trylock_bh+0x190/0x190
[   18.707382][   T10]  ? __kasan_check_write+0x14/0x20
[   18.712423][   T10]  __writeback_single_inode+0xdf/0xa70
[   18.717711][   T10]  writeback_sb_inodes+0xb2e/0x1910
[   18.722749][   T10]  ? queue_io+0x520/0x520
[   18.726911][   T10]  ? __writeback_inodes_wb+0x3f0/0x3f0
[   18.732205][   T10]  ? queue_io+0x3d0/0x520
[   18.736371][   T10]  wb_writeback+0x3b9/0x9e0
[   18.740711][   T10]  ? inode_cgwb_move_to_attached+0x3c0/0x3c0
[   18.746523][   T10]  ? set_worker_desc+0x158/0x1c0
[   18.751299][   T10]  ? __update_load_avg_cfs_rq+0xb1/0x2f0
[   18.756771][   T10]  ? __kasan_check_write+0x14/0x20
[   18.761714][   T10]  wb_workfn+0x3d9/0x1110
[   18.765883][   T10]  ? inode_wait_for_writeback+0x280/0x280
[   18.771435][   T10]  ? sched_clock+0x9/0x10
[   18.775599][   T10]  ? _raw_spin_unlock+0x4d/0x70
[   18.780286][   T10]  ? finish_task_switch+0x167/0x7b0
[   18.785322][   T10]  ? __kasan_check_read+0x11/0x20
[   18.790180][   T10]  ? read_word_at_a_time+0x12/0x20
[   18.795127][   T10]  ? strscpy+0x9c/0x260
[   18.799130][   T10]  process_one_work+0x6bb/0xc10
[   18.803809][   T10]  worker_thread+0xad5/0x12a0
[   18.808347][   T10]  kthread+0x421/0x510
[   18.812295][   T10]  ? worker_clr_flags+0x180/0x180
[   18.817087][   T10]  ? kthread_blkcg+0xd0/0xd0
[   18.821514][   T10]  ret_from_fork+0x1f/0x30
[   18.825909][   T10]  </TASK>
[   18.828776][   T10] 
[   18.830940][   T10] The buggy address belongs to the page:
[   18.836410][   T10] page:ffffea0004795f80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11e57e
[   18.846471][   T10] flags: 0x4000000000000000(zone=1)
[   18.851520][   T10] raw: 4000000000000000 ffffea0004795fc8 ffffea00043663c8 0000000000000000
[   18.860025][   T10] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   18.868437][   T10] page dumped because: kasan: bad access detected
[   18.874770][   T10] page_owner tracks the page as freed
[   18.879975][   T10] page last allocated via order 0, migratetype Movable, gfp_mask 0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), pid 322, ts 18363426224, free_ts 18363519432
[   18.895249][   T10]  post_alloc_hook+0x1a3/0x1b0
[   18.899846][   T10]  get_page_from_freelist+0x2c14/0x2cf0
[   18.905235][   T10]  __alloc_pages+0x386/0x7b0
[   18.909653][   T10]  pagecache_get_page+0xb18/0xeb0
[   18.914514][   T10]  grab_cache_page_write_begin+0x5d/0xa0
[   18.919982][   T10]  ext4_write_begin+0x29d/0x13d0
[   18.924756][   T10]  ext4_da_write_begin+0x4a2/0xc30
[   18.929711][   T10]  generic_perform_write+0x2bc/0x5a0
[   18.934825][   T10]  ext4_buffered_write_iter+0x49c/0x630
[   18.940212][   T10]  ext4_file_write_iter+0x443/0x1cc0
[   18.945326][   T10]  vfs_write+0xd8a/0x1160
[   18.949491][   T10]  ksys_write+0x199/0x2c0
[   18.953658][   T10]  __x64_sys_write+0x7b/0x90
[   18.958086][   T10]  do_syscall_64+0x3d/0xb0
[   18.962338][   T10]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   18.968067][   T10] page last free stack trace:
[   18.972578][   T10]  free_unref_page_prepare+0x7c8/0x7d0
[   18.977872][   T10]  free_unref_page+0xac/0x2c0
[   18.982384][   T10]  __put_page+0xb0/0xe0
[   18.986377][   T10]  ext4_write_begin+0xfb2/0x13d0
[   18.991155][   T10]  ext4_da_write_begin+0x4a2/0xc30
[   18.996099][   T10]  generic_perform_write+0x2bc/0x5a0
[   19.001218][   T10]  ext4_buffered_write_iter+0x49c/0x630
[   19.006598][   T10]  ext4_file_write_iter+0x443/0x1cc0
[   19.011724][   T10]  vfs_write+0xd8a/0x1160
[   19.015887][   T10]  ksys_write+0x199/0x2c0
[   19.020053][   T10]  __x64_sys_write+0x7b/0x90
[   19.024477][   T10]  do_syscall_64+0x3d/0xb0
[   19.028732][   T10]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   19.034461][   T10] 
[   19.036629][   T10] Memory state around the buggy address:
[   19.042101][   T10]  ffff88811e57df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.050000][   T10]  ffff88811e57df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.057896][   T10] >ffff88811e57e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.065798][   T10]                                                     ^
[   19.072570][   T10]  ffff88811e57e080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.080465][   T10]  ffff88811e57e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.088765][   T10] ==================================================================
[   19.096661][   T10] Disabling lock debugging due to kernel taint
[   19.103229][   T10] ------------[ cut here ]------------
[   19.108513][   T10] kernel BUG at fs/ext4/inode.c:2431!
[   19.113716][   T10] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   19.119609][   T10] CPU: 1 PID: 10 Comm: kworker/u4:1 Tainted: G    B             5.15.98-syzkaller-00348-g7364b7abbafb #0
[   19.130626][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   19.140519][   T10] Workqueue: writeback wb_workfn (flush-7:0)
[   19.146337][   T10] RIP: 0010:ext4_writepages+0x3f45/0x4010
[   19.151887][   T10] Code: 00 74 08 48 89 df e8 0a f8 c9 ff 48 8b 3b 48 8b 74 24 48 48 8b 54 24 28 44 89 e9 45 89 f8 e8 82 42 08 00 eb 60 e8 3b c5 88 ff <0f> 0b e8 34 c5 88 ff eb 3b e8 2d c5 88 ff eb 7a e8 26 c5 88 ff 31
[   19.171330][   T10] RSP: 0018:ffffc900000a7000 EFLAGS: 00010293
[   19.177231][   T10] RAX: ffffffff81e69aa5 RBX: dffffc0000000000 RCX: ffff8881002593c0
[   19.185041][   T10] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   19.192853][   T10] RBP: ffffc900000a7410 R08: ffffffff81e6746d R09: ffffed102203e024
[   19.200667][   T10] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[   19.208475][   T10] R13: ffffc900000a72e0 R14: 0000000000000000 R15: 0000000000000000
[   19.216285][   T10] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   19.225061][   T10] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   19.231475][   T10] CR2: 00007f909ee45508 CR3: 000000000660f000 CR4: 00000000003506a0
[   19.239294][   T10] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   19.247099][   T10] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   19.254913][   T10] Call Trace:
[   19.258034][   T10]  <TASK>
[   19.260814][   T10]  ? __kasan_check_read+0x11/0x20
[   19.265675][   T10]  ? ext4_readpage+0x230/0x230
[   19.270275][   T10]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   19.275911][   T10]  ? ext4_itable_unused_set+0x100/0x100
[   19.281298][   T10]  ? ext4_readpage+0x230/0x230
[   19.285898][   T10]  do_writepages+0x40e/0x670
[   19.290322][   T10]  ? __writepage+0x130/0x130
[   19.294749][   T10]  ? __kasan_check_write+0x14/0x20
[   19.299703][   T10]  ? _raw_spin_lock+0xa4/0x1b0
[   19.304293][   T10]  ? _raw_spin_trylock_bh+0x190/0x190
[   19.309500][   T10]  ? __kasan_check_write+0x14/0x20
[   19.314450][   T10]  __writeback_single_inode+0xdf/0xa70
[   19.319743][   T10]  writeback_sb_inodes+0xb2e/0x1910
[   19.324782][   T10]  ? queue_io+0x520/0x520
[   19.328942][   T10]  ? __writeback_inodes_wb+0x3f0/0x3f0
[   19.334237][   T10]  ? queue_io+0x3d0/0x520
[   19.338401][   T10]  wb_writeback+0x3b9/0x9e0
[   19.342746][   T10]  ? inode_cgwb_move_to_attached+0x3c0/0x3c0
[   19.348558][   T10]  ? set_worker_desc+0x158/0x1c0
[   19.353328][   T10]  ? __update_load_avg_cfs_rq+0xb1/0x2f0
[   19.358798][   T10]  ? __kasan_check_write+0x14/0x20
[   19.363748][   T10]  wb_workfn+0x3d9/0x1110
[   19.367912][   T10]  ? inode_wait_for_writeback+0x280/0x280
[   19.373464][   T10]  ? sched_clock+0x9/0x10
[   19.377639][   T10]  ? _raw_spin_unlock+0x4d/0x70
[   19.382316][   T10]  ? finish_task_switch+0x167/0x7b0
[   19.387352][   T10]  ? __kasan_check_read+0x11/0x20
[   19.392212][   T10]  ? read_word_at_a_time+0x12/0x20
[   19.397160][   T10]  ? strscpy+0x9c/0x260
[   19.401159][   T10]  process_one_work+0x6bb/0xc10
[   19.405840][   T10]  worker_thread+0xad5/0x12a0
[   19.410351][   T10]  kthread+0x421/0x510
[   19.414257][   T10]  ? worker_clr_flags+0x180/0x180
[   19.419118][   T10]  ? kthread_blkcg+0xd0/0xd0
[   19.423542][   T10]  ret_from_fork+0x1f/0x30
[   19.427802][   T10]  </TASK>
[   19.430661][   T10] Modules linked in:
[   19.434707][   T10] ---[ end trace b68c083357dd2f44 ]---
[   19.440008][   T10] RIP: 0010:ext4_writepages+0x3f45/0x4010
[   19.445572][   T10] Code: 00 74 08 48 89 df e8 0a f8 c9 ff 48 8b 3b 48 8b 74 24 48 48 8b 54 24 28 44 89 e9 45 89 f8 e8 82 42 08 00 eb 60 e8 3b c5 88 ff <0f> 0b e8 34 c5 88 ff eb 3b e8 2d c5 88 ff eb 7a e8 26 c5 88 ff 31
[   19.465132][   T10] RSP: 0018:ffffc900000a7000 EFLAGS: 00010293
[   19.471008][   T10] RAX: ffffffff81e69aa5 RBX: dffffc0000000000 RCX: ffff8881002593c0
[   19.478802][   T10] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   19.486625][   T10] RBP: ffffc900000a7410 R08: ffffffff81e6746d R09: ffffed102203e024
[   19.494406][   T10] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[   19.502249][   T10] R13: ffffc900000a72e0 R14: 0000000000000000 R15: 0000000000000000
[   19.510044][   T10] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   19.518797][   T10] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   19.525194][   T10] CR2: 00007f909ee45508 CR3: 000000010b8f2000 CR4: 00000000003506a0
[   19.533224][   T10] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   19.541020][   T10] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   19.548833][   T10] Kernel panic - not syncing: Fatal exception
[   19.554871][   T10] Kernel Offset: disabled
[   19.558993][   T10] Rebooting in 86400 seconds..