./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1952720216

<...>
DUID 00:04:09:6b:2c:1f:84:4f:7a:8d:37:08:76:1c:6a:95:68:4c
forked to background, child pid 192
Starting sshd: OK

syzkaller
syzkaller login: [   17.202183][   T22] kauditd_printk_skb: 60 callbacks suppressed
[   17.202190][   T22] audit: type=1400 audit(1656901974.499:71): avc:  denied  { transition } for  pid=286 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   17.211150][   T22] audit: type=1400 audit(1656901974.499:72): avc:  denied  { write } for  pid=286 comm="sh" path="pipe:[9889]" dev="pipefs" ino=9889 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
Warning: Permanently added '10.128.1.26' (ECDSA) to the list of known hosts.
execve("./syz-executor1952720216", ["./syz-executor1952720216"], 0x7ffdf98a9840 /* 10 vars */) = 0
brk(NULL)                               = 0x5555562d9000
brk(0x5555562d9c40)                     = 0x5555562d9c40
arch_prctl(ARCH_SET_FS, 0x5555562d9300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1952720216", 4096) = 28
brk(0x5555562fac40)                     = 0x5555562fac40
brk(0x5555562fb000)                     = 0x5555562fb000
mprotect(0x7fdf6e3fa000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x28\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x00\x00\x00\x08\x00\x03\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=40}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor)
sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor)
sendmsg(-1, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor)
memfd_create("syzkaller", 0)            = 3
ftruncate(3, 539650)                    = 0
pwrite64(3, "\x20\x00\x00\x00\x01\x02\x00\x00\x19\x00\x00\x00\x60\x01\x00\x00\x0f\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x02\x00\x00\x20\x00\x00\x20\x00\x00\x00\xdd\xf4\x65\x5f\xdd\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xdd\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x08\x00\x00\x00\xd2\x42\x00\x00"..., 102, 1024) = 102
pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x68\x56\xd4\x9a\x00\xcc\x43\x71\xbd\x6a\x7c\x89\x3f\x28\x00\x45\x01\x00\x40", 31, 1248) = 31
pwrite64(3, "\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65201, 1600) = 65201
pwrite64(3, "\x14\x00\x00\x00\x04\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65475, 2048) = 65475
pwrite64(3, "\xed\x41\x00\x00\x00\x04\x00\x00\xdd\xf4\x65\x5f\xdd\xf4\x65\x5f\xdd\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x20", 29, 5376) = 29
pwrite64(3, "\x80\x81\x00\x00\x00\x7f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x00\x00\x00\x08\x00\x03\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 64571, 5632) = 64571
pwrite64(3, NULL, 0, 0)                 = 0
pwrite64(3, NULL, 0, 0)                 = 0
pwrite64(3, NULL, 0, 0)                 = 0
pwrite64(3, NULL, 0, 0)                 = 0
pwrite64(3, NULL, 0, 0)                 = 0
pwrite64(3, NULL, 0, 0)                 = 0
pwrite64(3, NULL, 0, 0)                 = 0
pwrite64(3, NULL, 0, 0)                 = 0
pwrite64(3, NULL, 0, 0)                 = 0
pwrite64(3, NULL, 0, 0)                 = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
mkdir("./file0", 0777)                  = 0
[   24.490428][   T22] audit: type=1400 audit(1656901981.779:73): avc:  denied  { execmem } for  pid=304 comm="syz-executor195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   24.499338][  T304] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (14603!=0)
[   24.512770][   T22] audit: type=1400 audit(1656901981.789:74): avc:  denied  { read write } for  pid=304 comm="syz-executor195" name="loop0" dev="devtmpfs" ino=9365 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   24.520993][  T304] EXT4-fs (loop0): orphan cleanup on readonly fs
[   24.545705][   T22] audit: type=1400 audit(1656901981.789:75): avc:  denied  { open } for  pid=304 comm="syz-executor195" path="/dev/loop0" dev="devtmpfs" ino=9365 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   24.553951][  T304] EXT4-fs error (device loop0): ext4_free_blocks:4859: comm syz-executor195: Freeing blocks in system zone - Block = 16, count = 16
[   24.574664][   T22] audit: type=1400 audit(1656901981.789:76): avc:  denied  { ioctl } for  pid=304 comm="syz-executor195" path="/dev/loop0" dev="devtmpfs" ino=9365 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   24.587590][  T304] EXT4-fs (loop0): Remounting filesystem read-only
[   24.613157][   T22] audit: type=1400 audit(1656901981.789:77): avc:  denied  { mounton } for  pid=304 comm="syz-executor195" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   24.619509][  T304] ------------[ cut here ]------------
[   24.647489][  T304] kernel BUG at fs/ext4/ext4.h:2982!
[   24.652921][  T304] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   24.658964][  T304] CPU: 1 PID: 304 Comm: syz-executor195 Not tainted 5.4.190-syzkaller-00060-g148e4ba7f4fc #0
[   24.669076][  T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   24.679161][  T304] RIP: 0010:ext4_free_blocks+0x2181/0x22c0
[   24.684946][  T304] Code: 29 04 0f 92 c3 40 0f 92 c6 31 ff e8 09 e8 a2 ff 84 db 75 1f e8 70 e5 a2 ff e9 27 01 00 00 e8 66 e5 a2 ff 0f 0b e8 5f e5 a2 ff <0f> 0b e8 58 e5 a2 ff 0f 0b 65 ff 05 7b 25 45 7e 48 c7 c0 f8 37 e5
[   24.704521][  T304] RSP: 0018:ffff8881dd99f560 EFLAGS: 00010293
[   24.710743][  T304] RAX: ffffffff81bd6801 RBX: ffff8881dda92000 RCX: ffff8881e16d8fc0
[   24.718682][  T304] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000001
[   24.726624][  T304] RBP: 0000000000000001 R08: ffffffff81bd4c79 R09: ffff8881dd99f668
[   24.734565][  T304] R10: ffffed103bb33ed4 R11: 1ffff1103bb33ecd R12: 0000000000000010
[   24.742519][  T304] R13: 0000000000000000 R14: ffff8881dda92040 R15: 00000000ffffffff
[   24.750484][  T304] FS:  00005555562d9300(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   24.759383][  T304] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   24.765937][  T304] CR2: 0000555902246ab0 CR3: 00000001dd9a3000 CR4: 00000000003406e0
[   24.773881][  T304] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   24.781826][  T304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   24.789765][  T304] Call Trace:
[   24.793031][  T304]  ? __mod_timer+0xb90/0x1a40
[   24.797679][  T304]  ext4_clear_blocks+0x8ce/0xcc0
[   24.804673][  T304]  ext4_ind_truncate+0x7fb/0xf90
[   24.809579][  T304]  ext4_truncate+0x992/0x1150
[   24.814250][  T304]  ext4_evict_inode+0x117b/0x1930
[   24.819252][  T304]  ? ext4_truncate_restart_trans+0xe0/0xe0
[   24.825034][  T304]  evict+0x29b/0x6a0
[   24.828909][  T304]  ext4_enable_quotas+0x281/0x8a0
[   24.833921][  T304]  ext4_orphan_cleanup+0x2d5/0xcd0
[   24.839017][  T304]  ext4_fill_super+0x80e7/0x88c0
[   24.843930][  T304]  mount_bdev+0x22d/0x340
[   24.848231][  T304]  ? ext4_mount+0x40/0x40
[   24.852528][  T304]  legacy_get_tree+0xde/0x170
[   24.857173][  T304]  ? ext4_lazyinit_thread+0xcc0/0xcc0
[   24.862513][  T304]  vfs_get_tree+0x85/0x260
[   24.866900][  T304]  do_new_mount+0x23a/0x500
[   24.871382][  T304]  do_mount+0x5e2/0xcd0
[   24.875514][  T304]  ksys_mount+0xc2/0xf0
[   24.879639][  T304]  __x64_sys_mount+0xb1/0xc0
[   24.884214][  T304]  do_syscall_64+0xcb/0x1c0
[   24.888687][  T304]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   24.894550][  T304] RIP: 0033:0x7fdf6e38f4da
[   24.898953][  T304] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   24.918523][  T304] RSP: 002b:00007ffda0603018 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[   24.926987][  T304] RAX: ffffffffffffffda RBX: 00007ffda0603070 RCX: 00007fdf6e38f4da
[   24.935109][  T304] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007ffda0603030
[   24.943049][  T304] RBP: 00007ffda0603030 R08: 00007ffda0603070 R09: 0000000800000015
[   24.950993][  T304] R10: 0000000000000081 R11: 0000000000000202 R12: 0000000000000004
[   24.958933][  T304] R13: 0000000000000003 R14: 0000000000000003 R15: 0000000000000010
[   24.966880][  T304] Modules linked in:
[   24.970793][  T304] ---[ end trace 6c85bdead229b6b3 ]---
[   24.976239][  T304] RIP: 0010:ext4_free_blocks+0x2181/0x22c0
[   24.982085][  T304] Code: 29 04 0f 92 c3 40 0f 92 c6 31 ff e8 09 e8 a2 ff 84 db 75 1f e8 70 e5 a2 ff e9 27 01 00 00 e8 66 e5 a2 ff 0f 0b e8 5f e5 a2 ff <0f> 0b e8 58 e5 a2 ff 0f 0b 65 ff 05 7b 25 45 7e 48 c7 c0 f8 37 e5
[   25.001690][  T304] RSP: 0018:ffff8881dd99f560 EFLAGS: 00010293
[   25.007945][  T304] RAX: ffffffff81bd6801 RBX: ffff8881dda92000 RCX: ffff8881e16d8fc0
[   25.015927][  T304] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000001
[   25.023950][  T304] RBP: 0000000000000001 R08: ffffffff81bd4c79 R09: ffff8881dd99f668
[   25.032116][  T304] R10: ffffed103bb33ed4 R11: 1ffff1103bb33ecd R12: 0000000000000010
[   25.040069][  T304] R13: 0000000000000000 R14: ffff8881dda92040 R15: 00000000ffffffff
[   25.048185][  T304] FS:  00005555562d9300(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   25.057327][  T304] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.063912][  T304] CR2: 0000555902246ab0 CR3: 00000001dd9a3000 CR4: 00000000003406e0
[   25.071889][  T304] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   25.079831][  T304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   25.087793][  T304] Kernel panic - not syncing: Fatal exception
[   25.094079][  T304] Kernel Offset: disabled
[   25.098391][  T304] Rebooting in 86400 seconds..