./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor521669065 <...> Warning: Permanently added '10.128.1.48' (ECDSA) to the list of known hosts. execve("./syz-executor521669065", ["./syz-executor521669065"], 0x7ffed7bcb9d0 /* 10 vars */) = 0 brk(NULL) = 0x5555558f6000 brk(0x5555558f6c40) = 0x5555558f6c40 arch_prctl(ARCH_SET_FS, 0x5555558f6300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555558f65d0) = 371 set_robust_list(0x5555558f65e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f415ac81280, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f415ac81950}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f415ac81320, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f415ac81950}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor521669065", 4096) = 27 brk(0x555555917c40) = 0x555555917c40 brk(0x555555918000) = 0x555555918000 mprotect(0x7f415ad43000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 371 mkdir("./syzkaller.bqbf0g", 0700) = 0 chmod("./syzkaller.bqbf0g", 0777) = 0 chdir("./syzkaller.bqbf0g") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558f65d0) = 372 ./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x5555558f65e0, 24) = 0 [pid 372] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 372] setsid() = 1 [pid 372] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 372] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 372] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 372] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 372] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 372] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 372] unshare(CLONE_NEWNS) = 0 [pid 372] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 372] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 372] unshare(CLONE_NEWCGROUP) = 0 [pid 372] unshare(CLONE_NEWUTS) = 0 [pid 372] unshare(CLONE_SYSVSEM) = 0 [pid 372] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 372] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 372] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 372] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 372] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 372] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 372] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 372] getpid() = 1 [pid 372] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 373] set_robust_list(0x7f415ac709e0, 24) = 0 [pid 373] memfd_create("syzkaller", 0) = 3 [pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4152850000 [ 20.139564][ T23] audit: type=1400 audit(1678688662.190:73): avc: denied { execmem } for pid=371 comm="syz-executor521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.147662][ T23] audit: type=1400 audit(1678688662.200:74): avc: denied { mounton } for pid=372 comm="syz-executor521" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 20.157489][ T23] audit: type=1400 audit(1678688662.200:75): avc: denied { mount } for pid=372 comm="syz-executor521" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [pid 373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 373] munmap(0x7f4152850000, 1048576) = 0 [pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 373] close(3) = 0 [pid 373] mkdir("./file0", 0777) = 0 [ 20.176699][ T23] audit: type=1400 audit(1678688662.210:76): avc: denied { mounton } for pid=372 comm="syz-executor521" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 20.198581][ T23] audit: type=1400 audit(1678688662.230:77): avc: denied { mounton } for pid=372 comm="syz-executor521" path="/dev/binderfs" dev="devtmpfs" ino=363 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [pid 373] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 373] chdir("./file0") = 0 [pid 373] ioctl(4, LOOP_CLR_FD) = 0 [pid 373] close(4) = 0 [pid 373] futex(0x7f415ad497ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] futex(0x7f415ad497a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 372] <... futex resumed>) = 0 [pid 372] futex(0x7f415ad497a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 372] futex(0x7f415ad497ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... futex resumed>) = 0 [pid 373] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 373] futex(0x7f415ad497ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... futex resumed>) = 0 [pid 372] futex(0x7f415ad497a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7f415ad497ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... futex resumed>) = 1 [pid 373] pwritev(4, [{iov_base="\xef", iov_len=1}], 1, 0) = 1 [pid 373] futex(0x7f415ad497ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... futex resumed>) = 0 [pid 372] futex(0x7f415ad497a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7f415ad497ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... futex resumed>) = 1 [pid 373] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 373] futex(0x7f415ad497ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... futex resumed>) = 0 [pid 372] futex(0x7f415ad497a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7f415ad497bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415292f000 [pid 372] mprotect(0x7f4152930000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 372] clone(child_stack=0x7f415294f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3], tls=0x7f415294f700, child_tidptr=0x7f415294f9d0) = 3 [pid 372] futex(0x7f415ad497b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 20.221729][ T23] audit: type=1400 audit(1678688662.230:78): avc: denied { mount } for pid=372 comm="syz-executor521" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 20.223443][ T373] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 20.244449][ T23] audit: type=1400 audit(1678688662.250:79): avc: denied { read write } for pid=372 comm="syz-executor521" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 372] futex(0x7f415ad497bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... futex resumed>) = 1 ./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x7f415294f9e0, 24) = 0 [pid 373] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000040} --- [pid 378] sendmsg(4, 0x20000180, MSG_DONTWAIT|MSG_EOR) = -1 ENOTSOCK (Socket operation on non-socket) [pid 373] sendfile(-1, -1, 0x20000040, 0 [pid 378] futex(0x7f415ad497bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... sendfile resumed>) = -1 EBADF (Bad file descriptor) [pid 372] <... futex resumed>) = 0 [pid 373] futex(0x7f415ad497ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] <... futex resumed>) = 1 [pid 373] <... futex resumed>) = 0 [pid 378] futex(0x7f415ad497b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f415ad497a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 372] exit_group(1) = ? [pid 378] <... futex resumed>) = ? [pid 378] +++ exited with 1 +++ [pid 373] <... futex resumed>) = ? [ 20.275627][ T373] EXT4-fs error (device loop0): ext4_mb_generate_buddy:805: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 20.277312][ T23] audit: type=1400 audit(1678688662.250:80): avc: denied { open } for pid=372 comm="syz-executor521" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.316832][ T23] audit: type=1400 audit(1678688662.250:81): avc: denied { ioctl } for pid=372 comm="syz-executor521" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.317447][ T9] ------------[ cut here ]------------ [ 20.342655][ T23] audit: type=1400 audit(1678688662.250:82): avc: denied { mounton } for pid=372 comm="syz-executor521" path="/root/syzkaller.bqbf0g/file0" dev="sda1" ino=1139 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 20.348224][ T9] kernel BUG at fs/ext4/inode.c:2767! [ 20.377706][ T9] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 20.383781][ T9] CPU: 0 PID: 9 Comm: kworker/u4:1 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 20.393576][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 20.403621][ T9] Workqueue: writeback wb_workfn (flush-7:0) [ 20.409590][ T9] RIP: 0010:ext4_writepages+0x36f6/0x3710 [ 20.415312][ T9] Code: c6 31 ff e8 8c 07 90 ff 84 db 75 2c e8 73 04 90 ff 48 bb 00 00 00 00 00 fc ff df 4c 8b 64 24 40 e9 28 f7 ff ff e8 5a 04 90 ff <0f> 0b e8 53 04 90 ff e8 ed 64 23 ff eb a0 e8 47 04 90 ff e8 e1 64 [ 20.434907][ T9] RSP: 0018:ffffc900000970c0 EFLAGS: 00010293 [ 20.440965][ T9] RAX: ffffffff81dd1d56 RBX: 0000008000000000 RCX: ffff8881002393c0 [ 20.448935][ T9] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 20.456916][ T9] RBP: ffffc900000974b0 R08: ffffffff81dced3a R09: ffffed1021d693bc [ 20.464872][ T9] R10: ffffed1021d693bc R11: 1ffff11021d693bb R12: ffff8881019df000 [ 20.472832][ T9] R13: ffffc90000097380 R14: 0000008410000000 R15: ffffc90000097830 [ 20.480784][ T9] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 20.489699][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.496274][ T9] CR2: 00007f415ad15448 CR3: 000000010c5ab000 CR4: 00000000003506b0 [ 20.504236][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.512219][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.520177][ T9] Call Trace: [ 20.523467][ T9] ? unwind_next_frame+0x3b0/0x6b0 [ 20.528573][ T9] ? stack_trace_save+0x1f0/0x1f0 [ 20.533605][ T9] ? ext4_readpage+0x220/0x220 [ 20.538369][ T9] ? arch_stack_walk+0x112/0x140 [ 20.543296][ T9] ? ret_from_fork+0x1f/0x30 [ 20.547874][ T9] ? stack_trace_save+0x12d/0x1f0 [ 20.552974][ T9] ? debug_smp_processor_id+0x17/0x20 [ 20.558355][ T9] ? ext4_readpage+0x220/0x220 [ 20.563107][ T9] do_writepages+0x13a/0x280 [ 20.567684][ T9] ? __writepage+0x130/0x130 [ 20.572259][ T9] ? __kasan_check_write+0x14/0x20 [ 20.577355][ T9] ? _raw_spin_lock+0xa3/0x1b0 [ 20.582108][ T9] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 20.587486][ T9] ? __kasan_check_write+0x14/0x20 [ 20.592604][ T9] __writeback_single_inode+0xb8/0x6e0 [ 20.598049][ T9] writeback_sb_inodes+0x999/0x1700 [ 20.603238][ T9] ? __kasan_check_write+0x14/0x20 [ 20.608339][ T9] ? move_expired_inodes+0x804/0x860 [ 20.613626][ T9] ? queue_io+0x500/0x500 [ 20.617955][ T9] ? writeback_sb_inodes+0x1700/0x1700 [ 20.623404][ T9] ? queue_io+0x3c7/0x500 [ 20.627814][ T9] ? worker_thread+0xb27/0x1550 [ 20.632650][ T9] ? kthread+0x349/0x3d0 [ 20.636881][ T9] ? ret_from_fork+0x1f/0x30 [ 20.641466][ T9] wb_writeback+0x42f/0xc20 [ 20.645965][ T9] ? wb_io_lists_depopulated+0x180/0x180 [ 20.651594][ T9] ? widen_string+0x41/0x3a0 [ 20.656176][ T9] ? __kasan_check_write+0x14/0x20 [ 20.661311][ T9] wb_do_writeback+0x222/0xbd0 [ 20.666060][ T9] ? wb_workfn+0x3f0/0x3f0 [ 20.670466][ T9] ? compat_start_thread+0x80/0x80 [ 20.675571][ T9] ? set_worker_desc+0x158/0x1c0 [ 20.680492][ T9] ? work_busy+0x250/0x250 [ 20.684893][ T9] ? finish_task_switch+0x130/0x580 [ 20.690235][ T9] ? __switch_to_asm+0x34/0x60 [ 20.695002][ T9] ? kthread_data+0x52/0xc0 [ 20.699503][ T9] wb_workfn+0xf8/0x3f0 [ 20.703659][ T9] process_one_work+0x726/0xc10 [ 20.708666][ T9] worker_thread+0xb27/0x1550 [ 20.713366][ T9] kthread+0x349/0x3d0 [ 20.717446][ T9] ? worker_clr_flags+0x180/0x180 [ 20.722463][ T9] ? kthread_blkcg+0xd0/0xd0 [ 20.727058][ T9] ret_from_fork+0x1f/0x30 [ 20.731466][ T9] Modules linked in: [ 20.735541][ T9] ---[ end trace 4ddd76932a365c50 ]--- [ 20.741111][ T9] RIP: 0010:ext4_writepages+0x36f6/0x3710 [ 20.746825][ T9] Code: c6 31 ff e8 8c 07 90 ff 84 db 75 2c e8 73 04 90 ff 48 bb 00 00 00 00 00 fc ff df 4c 8b 64 24 40 e9 28 f7 ff ff e8 5a 04 90 ff <0f> 0b e8 53 04 90 ff e8 ed 64 23 ff eb a0 e8 47 04 90 ff e8 e1 64 [ 20.766614][ T9] RSP: 0018:ffffc900000970c0 EFLAGS: 00010293 [ 20.772795][ T9] RAX: ffffffff81dd1d56 RBX: 0000008000000000 RCX: ffff8881002393c0 [ 20.781192][ T9] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 20.789153][ T9] RBP: ffffc900000974b0 R08: ffffffff81dced3a R09: ffffed1021d693bc [ 20.797238][ T9] R10: ffffed1021d693bc R11: 1ffff11021d693bb R12: ffff8881019df000 [ 20.806003][ T9] R13: ffffc90000097380 R14: 0000008410000000 R15: ffffc90000097830 [ 20.814029][ T9] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 20.823025][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.829604][ T9] CR2: 00007f415ad15448 CR3: 000000010c3f6000 CR4: 00000000003506b0 [ 20.837626][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.845690][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.853959][ T9] Kernel panic - not syncing: Fatal exception [ 20.860245][ T9] Kernel Offset: disabled [ 20.864564][ T9] Rebooting in 86400 seconds..