./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4087789647 <...> Warning: Permanently added '10.128.0.190' (ED25519) to the list of known hosts. execve("./syz-executor4087789647", ["./syz-executor4087789647"], 0x7ffdff4432e0 /* 10 vars */) = 0 brk(NULL) = 0x555556b7a000 brk(0x555556b7ad00) = 0x555556b7ad00 arch_prctl(ARCH_SET_FS, 0x555556b7a380) = 0 set_tid_address(0x555556b7a650) = 366 set_robust_list(0x555556b7a660, 24) = 0 rseq(0x555556b7aca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4087789647", 4096) = 28 getrandom("\xdc\xee\xa8\xb8\xe4\xcf\x59\x28", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556b7ad00 brk(0x555556b9bd00) = 0x555556b9bd00 brk(0x555556b9c000) = 0x555556b9c000 mprotect(0x7fccf46f9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x20\x00\x00\x00\x12\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=32}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor) memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fccec249000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7fccec249000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 [ 33.571805][ T23] audit: type=1400 audit(1712461991.190:66): avc: denied { execmem } for pid=366 comm="syz-executor408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 33.595355][ T23] audit: type=1400 audit(1712461991.210:67): avc: denied { read write } for pid=366 comm="syz-executor408" name="loop0" dev="devtmpfs" ino=9326 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 close(4) = 0 mkdir("./file0", 0777) = 0 [ 33.619635][ T23] audit: type=1400 audit(1712461991.210:68): avc: denied { open } for pid=366 comm="syz-executor408" path="/dev/loop0" dev="devtmpfs" ino=9326 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 33.643960][ T23] audit: type=1400 audit(1712461991.210:69): avc: denied { ioctl } for pid=366 comm="syz-executor408" path="/dev/loop0" dev="devtmpfs" ino=9326 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 33.688760][ T23] audit: type=1400 audit(1712461991.300:70): avc: denied { mounton } for pid=366 comm="syz-executor408" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME, 000) = 4 mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [ 33.730349][ T366] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 33.740120][ T23] audit: type=1400 audit(1712461991.360:71): avc: denied { mount } for pid=366 comm="syz-executor408" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 33.740138][ T366] ext4 filesystem being mounted at /root/file0 supports timestamps until 2038 (0x7fffffff) write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [ 33.781414][ T23] audit: type=1400 audit(1712461991.390:72): avc: denied { write } for pid=366 comm="syz-executor408" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 33.788823][ T366] EXT4-fs error (device loop0): ext4_xattr_block_get:544: inode #18: comm syz-executor408: corrupted xattr block 20 [ 33.803119][ T23] audit: type=1400 audit(1712461991.390:73): avc: denied { add_name } for pid=366 comm="syz-executor408" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 33.838105][ T366] EXT4-fs error (device loop0): __ext4_get_inode_loc:4710: comm syz-executor408: Invalid inode table block 0 in block_group 0 [ 33.838532][ T23] audit: type=1400 audit(1712461991.390:74): avc: denied { create } for pid=366 comm="syz-executor408" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 33.851230][ T366] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6099: Corrupt filesystem [ 33.871598][ T23] audit: type=1400 audit(1712461991.400:75): avc: denied { read write open } for pid=366 comm="syz-executor408" path="/root/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 33.905164][ T366] ------------[ cut here ]------------ [ 33.910421][ T366] kernel BUG at fs/ext4/ext4.h:2984! [ 33.915759][ T366] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 33.921623][ T366] CPU: 0 PID: 366 Comm: syz-executor408 Not tainted 5.4.268-syzkaller-00012-gd0d34dcb02cc #0 [ 33.931684][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 33.941587][ T366] RIP: 0010:ext4_mb_find_by_goal+0xc10/0xc50 [ 33.947401][ T366] Code: fc ff ff 89 d1 80 e1 07 80 c1 03 38 c1 0f 8c 0d fc ff ff 48 89 d7 e8 0f 85 c8 ff 48 8b 54 24 30 e9 fb fb ff ff e8 20 b1 98 ff <0f> 0b e8 49 69 6f ff e8 14 b1 98 ff 0f 0b e8 0d b1 98 ff 0f 0b e8 [ 33.967273][ T366] RSP: 0018:ffff8881dc78e8e0 EFLAGS: 00010293 [ 33.973295][ T366] RAX: ffffffff81cb9600 RBX: 0000000000000001 RCX: ffff8881dd2b1f80 [ 33.981187][ T366] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 33.989008][ T366] RBP: ffff8881dc78e9f0 R08: ffffffff81cb8b29 R09: ffffed103d19cd33 [ 33.997069][ T366] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 34.005516][ T366] R13: ffff8881dc6a83f0 R14: 1ffff1103b8f1d2c R15: 1ffff1103b8d507e [ 34.014257][ T366] FS: 0000555556b7a380(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 34.023022][ T366] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.029444][ T366] CR2: 000000002004007f CR3: 00000001dc627000 CR4: 00000000003406b0 [ 34.037343][ T366] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.045413][ T366] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.053245][ T366] Call Trace: [ 34.056363][ T366] ? __die+0xb4/0x100 [ 34.060470][ T366] ? die+0x26/0x50 [ 34.064017][ T366] ? do_trap+0x1e7/0x340 [ 34.068214][ T366] ? ext4_mb_find_by_goal+0xc10/0xc50 [ 34.073420][ T366] ? ext4_mb_find_by_goal+0xc10/0xc50 [ 34.078630][ T366] ? do_invalid_op+0xfb/0x110 [ 34.083143][ T366] ? ext4_mb_find_by_goal+0xc10/0xc50 [ 34.088352][ T366] ? invalid_op+0x1e/0x30 [ 34.092518][ T366] ? ext4_mb_find_by_goal+0x139/0xc50 [ 34.097722][ T366] ? ext4_mb_find_by_goal+0xc10/0xc50 [ 34.102941][ T366] ? ext4_mb_find_by_goal+0xc10/0xc50 [ 34.108689][ T366] ? ext4_mb_new_blocks+0x29f/0x2d10 [ 34.113721][ T366] ? ext4_map_blocks+0xa2f/0x1ba0 [ 34.118589][ T366] ? ext4_write_begin+0x5ba/0x1900 [ 34.123536][ T366] ? ext4_mb_use_inode_pa+0x4b0/0x4b0 [ 34.128741][ T366] ? ext4_file_write_iter+0x499/0x10e0 [ 34.134043][ T366] ? __vfs_write+0x5d3/0x750 [ 34.138468][ T366] ? vfs_write+0x206/0x4e0 [ 34.142709][ T366] ? ksys_write+0x199/0x2c0 [ 34.147049][ T366] ? do_syscall_64+0xca/0x1c0 [ 34.151568][ T366] ext4_mb_regular_allocator+0x229/0x10d0 [ 34.157239][ T366] ? ext4_mb_initialize_context+0x7bf/0xb80 [ 34.162963][ T366] ? ext4_mb_normalize_request+0x27a/0x1250 [ 34.168806][ T366] ? ext4_mb_normalize_request+0x1250/0x1250 [ 34.174625][ T366] ext4_mb_new_blocks+0x59a/0x2d10 [ 34.179567][ T366] ? memset+0x1f/0x40 [ 34.183389][ T366] ? ext4_ext_check_overlap+0x180/0x5b0 [ 34.188786][ T366] ? ext4_inode_to_goal_block+0x265/0x360 [ 34.194522][ T366] ext4_ext_map_blocks+0x1e70/0x7450 [ 34.199638][ T366] ? __unwind_start+0x708/0x890 [ 34.204339][ T366] ? prep_new_page+0x18f/0x370 [ 34.209097][ T366] ? deref_stack_reg+0x1f0/0x1f0 [ 34.213830][ T366] ? vfs_write+0x206/0x4e0 [ 34.218075][ T366] ? ext4_ext_release+0x10/0x10 [ 34.222762][ T366] ? check_preemption_disabled+0x9f/0x320 [ 34.228319][ T366] ? stack_trace_save+0x1c0/0x1c0 [ 34.233268][ T366] ? debug_smp_processor_id+0x20/0x20 [ 34.238473][ T366] ? arch_stack_walk+0x111/0x140 [ 34.243247][ T366] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 34.249147][ T366] ? _raw_read_unlock+0x21/0x40 [ 34.253833][ T366] ? ext4_es_lookup_extent+0x559/0x9d0 [ 34.259215][ T366] ext4_map_blocks+0xa2f/0x1ba0 [ 34.263904][ T366] ? ext4_issue_zeroout+0x150/0x150 [ 34.268952][ T366] ? ext4_write_begin+0x419/0x1900 [ 34.273971][ T366] ? vfs_write+0x206/0x4e0 [ 34.278243][ T366] ? ksys_write+0x199/0x2c0 [ 34.282563][ T366] ? do_syscall_64+0xca/0x1c0 [ 34.287076][ T366] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 34.292992][ T366] _ext4_get_block+0x21b/0x610 [ 34.297577][ T366] ? ext4_get_block+0x40/0x40 [ 34.302097][ T366] ? check_preemption_disabled+0x9f/0x320 [ 34.307660][ T366] ? debug_smp_processor_id+0x20/0x20 [ 34.312861][ T366] ext4_block_write_begin+0x68a/0x1390 [ 34.318156][ T366] ? _raw_spin_trylock_bh+0x190/0x190 [ 34.323359][ T366] ? ext4_es_is_delayed+0x40/0x40 [ 34.328218][ T366] ? trace_android_fs_datawrite_start+0x200/0x200 [ 34.334467][ T366] ? ext4_should_dioread_nolock+0x94/0x500 [ 34.340123][ T366] ext4_write_begin+0x5ba/0x1900 [ 34.344886][ T366] ? ext4_readpages+0x110/0x110 [ 34.349570][ T366] ? ext4_handle_error+0x213/0x3d0 [ 34.354512][ T366] ? __ext4_error_inode+0x302/0x630 [ 34.359550][ T366] ? ext4_handle_error+0x3d0/0x3d0 [ 34.364492][ T366] ? ext4_xattr_ibody_get+0xf4/0x720 [ 34.369617][ T366] ext4_da_write_begin+0x4a3/0xfe0 [ 34.374652][ T366] ? down_write_trylock+0x130/0x130 [ 34.379687][ T366] ? ext4_set_page_dirty+0x190/0x190 [ 34.385222][ T366] ? ext4_initxattrs+0x110/0x110 [ 34.390804][ T366] ? __vfs_getxattr+0x600/0x6d0 [ 34.396337][ T366] ? iov_iter_fault_in_readable+0x313/0x4c0 [ 34.403139][ T366] ? asan.module_dtor+0x20/0x20 [ 34.408947][ T366] ? ktime_get_coarse_real_ts64+0xcc/0xe0 [ 34.415294][ T366] generic_perform_write+0x2c7/0x560 [ 34.421276][ T366] ? grab_cache_page_write_begin+0x90/0x90 [ 34.428136][ T366] ? file_remove_privs+0x640/0x640 [ 34.433865][ T366] ? debug_smp_processor_id+0x20/0x20 [ 34.440036][ T366] ? down_write_trylock+0xd7/0x130 [ 34.445848][ T366] __generic_file_write_iter+0x224/0x530 [ 34.452191][ T366] ext4_file_write_iter+0x499/0x10e0 [ 34.458174][ T366] ? ext4_file_read_iter+0x140/0x140 [ 34.464256][ T366] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 34.470065][ T366] ? _raw_spin_lock_irqsave+0x210/0x210 [ 34.476574][ T366] ? cgroup_update_frozen+0x157/0xab0 [ 34.482826][ T366] ? cgroup_update_frozen+0x157/0xab0 [ 34.488945][ T366] ? cgroup_leave_frozen+0x13c/0x290 [ 34.494809][ T366] ? iov_iter_init+0x82/0x160 [ 34.500017][ T366] __vfs_write+0x5d3/0x750 [ 34.505145][ T366] ? __kernel_write+0x350/0x350 [ 34.510613][ T366] ? check_preemption_disabled+0x9f/0x320 [ 34.517233][ T366] ? debug_smp_processor_id+0x20/0x20 [ 34.523308][ T366] ? selinux_file_permission+0x2be/0x530 [ 34.529843][ T366] vfs_write+0x206/0x4e0 [ 34.534769][ T366] ksys_write+0x199/0x2c0 [ 34.540179][ T366] ? do_syscall_64+0x1c0/0x1c0 [ 34.545798][ T366] ? __ia32_sys_read+0x80/0x80 [ 34.551538][ T366] do_syscall_64+0xca/0x1c0 [ 34.555865][ T366] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 34.561593][ T366] Modules linked in: [ 34.565647][ T366] ---[ end trace b9cfabf4af726e7f ]--- [ 34.570938][ T366] RIP: 0010:ext4_mb_find_by_goal+0xc10/0xc50 [ 34.576730][ T366] Code: fc ff ff 89 d1 80 e1 07 80 c1 03 38 c1 0f 8c 0d fc ff ff 48 89 d7 e8 0f 85 c8 ff 48 8b 54 24 30 e9 fb fb ff ff e8 20 b1 98 ff <0f> 0b e8 49 69 6f ff e8 14 b1 98 ff 0f 0b e8 0d b1 98 ff 0f 0b e8 [ 34.596183][ T366] RSP: 0018:ffff8881dc78e8e0 EFLAGS: 00010293 [ 34.602095][ T366] RAX: ffffffff81cb9600 RBX: 0000000000000001 RCX: ffff8881dd2b1f80 [ 34.609888][ T366] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 34.617715][ T366] RBP: ffff8881dc78e9f0 R08: ffffffff81cb8b29 R09: ffffed103d19cd33 [ 34.625494][ T366] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 34.633338][ T366] R13: ffff8881dc6a83f0 R14: 1ffff1103b8f1d2c R15: 1ffff1103b8d507e [ 34.641309][ T366] FS: 0000555556b7a380(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 34.650168][ T366] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.656600][ T366] CR2: 000000002004007f CR3: 00000001dc627000 CR4: 00000000003406b0 [ 34.664422][ T366] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.672203][ T366] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.680115][ T366] Kernel panic - not syncing: Fatal exception [ 34.686681][ T366] Kernel Offset: disabled [ 34.690977][ T366] Rebooting in 86400 seconds..