./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor238490521 <...> Warning: Permanently added '10.128.0.183' (ED25519) to the list of known hosts. execve("./syz-executor238490521", ["./syz-executor238490521"], 0x7ffffd51a290 /* 10 vars */) = 0 brk(NULL) = 0x555556b23000 brk(0x555556b23d00) = 0x555556b23d00 arch_prctl(ARCH_SET_FS, 0x555556b23380) = 0 set_tid_address(0x555556b23650) = 5053 set_robust_list(0x555556b23660, 24) = 0 rseq(0x555556b23ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor238490521", 4096) = 27 getrandom("\x43\xe7\x39\xfd\x49\x4d\x9d\x92", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556b23d00 brk(0x555556b44d00) = 0x555556b44d00 brk(0x555556b45000) = 0x555556b45000 mprotect(0x7f2329627000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 78.606715][ T28] audit: type=1400 audit(1705772275.957:86): avc: denied { execmem } for pid=5053 comm="syz-executor238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 78.626807][ T28] audit: type=1400 audit(1705772275.957:87): avc: denied { read write } for pid=5053 comm="syz-executor238" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5054 attached , child_tidptr=0x555556b23650) = 5054 [pid 5054] set_robust_list(0x555556b23660, 24) = 0 [pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] setpgid(0, 0) = 0 [pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5054] write(3, "1000", 4) = 4 [pid 5054] close(3) = 0 [pid 5054] memfd_create("syzkaller", 0) = 3 [pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2321000000 [ 78.652191][ T28] audit: type=1400 audit(1705772275.957:88): avc: denied { open } for pid=5053 comm="syz-executor238" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 78.677676][ T28] audit: type=1400 audit(1705772275.987:89): avc: denied { ioctl } for pid=5053 comm="syz-executor238" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5054] munmap(0x7f2321000000, 138412032) = 0 [pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5054] close(3) = 0 [pid 5054] close(4) = 0 [pid 5054] mkdir("./file0", 0777) = 0 [ 78.919696][ T5054] loop0: detected capacity change from 0 to 32768 [pid 5054] mount("/dev/loop0", "./file0", "jfs", MS_DIRSYNC|MS_REC|MS_POSIXACL, "") = 0 [pid 5054] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5054] chdir("./file0") = 0 [ 78.964771][ T28] audit: type=1400 audit(1705772276.307:90): avc: denied { mounton } for pid=5054 comm="syz-executor238" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 78.996803][ T28] audit: type=1400 audit(1705772276.347:91): avc: denied { mount } for pid=5054 comm="syz-executor238" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 79.030935][ T28] audit: type=1400 audit(1705772276.377:92): avc: denied { write } for pid=5054 comm="syz-executor238" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 79.050508][ T5054] ERROR: (device loop0): xtTruncate: XT_GETPAGE: xtree page corrupt [ 79.050508][ T5054] [ 79.053164][ T28] audit: type=1400 audit(1705772276.377:93): avc: denied { add_name } for pid=5054 comm="syz-executor238" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 79.084975][ T5054] ERROR: (device loop0): remounting filesystem as read-only [ 79.085219][ T28] audit: type=1400 audit(1705772276.377:94): avc: denied { create } for pid=5054 comm="syz-executor238" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 79.092533][ T5054] BUG at fs/jfs/jfs_txnmgr.c:528 assert(tblk->next == 0) [ 79.113443][ T28] audit: type=1400 audit(1705772276.377:95): avc: denied { read write } for pid=5054 comm="syz-executor238" name="file2" dev="loop0" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 79.120289][ T5054] ------------[ cut here ]------------ [ 79.148215][ T5054] kernel BUG at fs/jfs/jfs_txnmgr.c:528! [ 79.153870][ T5054] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 79.159941][ T5054] CPU: 0 PID: 5054 Comm: syz-executor238 Not tainted 6.7.0-syzkaller-12824-g9d64bf433c53 #0 [ 79.169998][ T5054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 79.180045][ T5054] RIP: 0010:txEnd+0x583/0x5a0 [ 79.184732][ T5054] Code: e9 59 fb ff ff e8 1d 54 87 fe 48 c7 c1 00 71 0b 8b ba 10 02 00 00 48 c7 c6 80 6b 0b 8b 48 c7 c7 c0 6b 0b 8b e8 2e 17 6a fe 90 <0f> 0b 48 89 ef e8 f3 b7 de fe e9 40 fd ff ff e8 c9 b7 de fe e9 2e [ 79.204351][ T5054] RSP: 0018:ffffc900030ff818 EFLAGS: 00010282 [ 79.210437][ T5054] RAX: 0000000000000036 RBX: ffffc90002641110 RCX: ffffffff8169e3f9 [ 79.218405][ T5054] RDX: 0000000000000000 RSI: ffffffff816a68c2 RDI: 0000000000000005 [ 79.226372][ T5054] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 79.234345][ T5054] R10: 0000000000000001 R11: 0000000000000039 R12: ffff888020beb000 [ 79.242314][ T5054] R13: 0000000000000001 R14: ffffffff8d73fa40 R15: ffffc90002641112 [ 79.250285][ T5054] FS: 0000555556b23380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 79.259220][ T5054] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.265807][ T5054] CR2: 00007f3afa795ed8 CR3: 000000002b779000 CR4: 00000000003506f0 [ 79.273778][ T5054] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.281752][ T5054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.289718][ T5054] Call Trace: [ 79.292990][ T5054] [ 79.295915][ T5054] ? show_regs+0x8f/0xa0 [ 79.300165][ T5054] ? die+0x36/0xa0 [ 79.303882][ T5054] ? do_trap+0x22b/0x420 [ 79.308128][ T5054] ? txEnd+0x583/0x5a0 [ 79.312199][ T5054] ? txEnd+0x583/0x5a0 [ 79.316265][ T5054] ? do_error_trap+0xf4/0x230 [ 79.320945][ T5054] ? txEnd+0x583/0x5a0 [ 79.325011][ T5054] ? handle_invalid_op+0x34/0x40 [ 79.329949][ T5054] ? txEnd+0x583/0x5a0 [ 79.334013][ T5054] ? exc_invalid_op+0x2e/0x40 [ 79.338693][ T5054] ? asm_exc_invalid_op+0x1a/0x20 [ 79.343722][ T5054] ? __wake_up_klogd.part.0+0x99/0xf0 [ 79.349102][ T5054] ? vprintk+0x82/0x90 [ 79.353163][ T5054] ? txEnd+0x583/0x5a0 [ 79.357230][ T5054] ? txEnd+0x582/0x5a0 [ 79.361298][ T5054] jfs_truncate_nolock+0x1f5/0x2f0 [ 79.366418][ T5054] ? jfs_dirty_inode+0x260/0x260 [ 79.371358][ T5054] ? preempt_count_sub+0x160/0x160 [ 79.376468][ T5054] ? block_truncate_page+0x534/0x740 [ 79.381755][ T5054] jfs_truncate+0xeb/0x170 [ 79.386173][ T5054] jfs_setattr+0x2ca/0x760 [ 79.390592][ T5054] ? jfs_open+0x410/0x410 [ 79.394921][ T5054] notify_change+0x742/0x11c0 [ 79.399601][ T5054] do_truncate+0x15c/0x220 [ 79.404021][ T5054] ? file_open_root+0x450/0x450 [ 79.408875][ T5054] path_openat+0x24b6/0x2990 [ 79.413472][ T5054] ? path_lookupat+0x770/0x770 [ 79.418233][ T5054] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 79.424219][ T5054] ? find_held_lock+0x2d/0x110 [ 79.428983][ T5054] do_filp_open+0x1de/0x430 [ 79.433486][ T5054] ? may_open_dev+0xf0/0xf0 [ 79.437995][ T5054] ? _raw_spin_unlock+0x28/0x40 [ 79.442846][ T5054] ? alloc_fd+0x2da/0x6c0 [ 79.447181][ T5054] do_sys_openat2+0x176/0x1e0 [ 79.451877][ T5054] ? build_open_flags+0x690/0x690 [ 79.456914][ T5054] ? ptrace_notify+0xf4/0x130 [ 79.461588][ T5054] ? reacquire_held_locks+0x4c0/0x4c0 [ 79.466966][ T5054] __x64_sys_open+0x154/0x1e0 [ 79.471650][ T5054] ? do_sys_open+0x160/0x160 [ 79.476246][ T5054] ? _raw_spin_unlock_irq+0x2e/0x50 [ 79.481448][ T5054] ? ptrace_notify+0xf4/0x130 [ 79.486128][ T5054] do_syscall_64+0xd3/0x250 [ 79.490638][ T5054] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 79.496536][ T5054] RIP: 0033:0x7f23295aea59 [ 79.500951][ T5054] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 79.520559][ T5054] RSP: 002b:00007ffd2b987868 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 79.528972][ T5054] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f23295aea59 [ 79.536946][ T5054] RDX: 0000000000000000 RSI: 000000000014527e RDI: 0000000020000040 [ 79.544921][ T5054] RBP: 00007f23296275f0 R08: 0000000000005dea R09: 0000555556b244c0 [ 79.552894][ T5054] R10: 00007ffd2b987730 R11: 0000000000000246 R12: 00007ffd2b987890 [ 79.560871][ T5054] R13: 00007ffd2b987ab8 R14: 431bde82d7b634db R15: 00007f23295f703b [ 79.568844][ T5054] [ 79.571854][ T5054] Modules linked in: [ 79.576273][ T5054] ---[ end trace 0000000000000000 ]--- [ 79.581737][ T5054] RIP: 0010:txEnd+0x583/0x5a0 [ 79.586784][ T5054] Code: e9 59 fb ff ff e8 1d 54 87 fe 48 c7 c1 00 71 0b 8b ba 10 02 00 00 48 c7 c6 80 6b 0b 8b 48 c7 c7 c0 6b 0b 8b e8 2e 17 6a fe 90 <0f> 0b 48 89 ef e8 f3 b7 de fe e9 40 fd ff ff e8 c9 b7 de fe e9 2e [ 79.606428][ T5054] RSP: 0018:ffffc900030ff818 EFLAGS: 00010282 [ 79.612481][ T5054] RAX: 0000000000000036 RBX: ffffc90002641110 RCX: ffffffff8169e3f9 [ 79.620465][ T5054] RDX: 0000000000000000 RSI: ffffffff816a68c2 RDI: 0000000000000005 [ 79.628472][ T5054] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 79.636451][ T5054] R10: 0000000000000001 R11: 0000000000000039 R12: ffff888020beb000 [ 79.644424][ T5054] R13: 0000000000000001 R14: ffffffff8d73fa40 R15: ffffc90002641112 [ 79.652412][ T5054] FS: 0000555556b23380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 79.661390][ T5054] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.668011][ T5054] CR2: 00007f3afa795ed8 CR3: 000000002b779000 CR4: 00000000003506f0 [ 79.675997][ T5054] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.683969][ T5054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.691975][ T5054] Kernel panic - not syncing: Fatal exception [ 79.698201][ T5054] Kernel Offset: disabled [ 79.702507][ T5054] Rebooting in 86400 seconds..