./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2666218736 <...> Warning: Permanently added '10.128.1.4' (ED25519) to the list of known hosts. execve("./syz-executor2666218736", ["./syz-executor2666218736"], 0x7ffe1918ff70 /* 10 vars */) = 0 brk(NULL) = 0x555557306000 brk(0x555557306d00) = 0x555557306d00 arch_prctl(ARCH_SET_FS, 0x555557306380) = 0 set_tid_address(0x555557306650) = 354 set_robust_list(0x555557306660, 24) = 0 rseq(0x555557306ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2666218736", 4096) = 28 getrandom("\x27\x66\x7a\xeb\x27\x9f\x58\x66", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557306d00 brk(0x555557327d00) = 0x555557327d00 brk(0x555557328000) = 0x555557328000 mprotect(0x7f665d903000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6655452000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7f6655452000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 20.823373][ T23] audit: type=1400 audit(1703539297.549:66): avc: denied { execmem } for pid=354 comm="syz-executor266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.847080][ T23] audit: type=1400 audit(1703539297.579:67): avc: denied { read write } for pid=354 comm="syz-executor266" name="loop0" dev="devtmpfs" ino=9325 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file1", 0777) = 0 [ 20.871658][ T23] audit: type=1400 audit(1703539297.579:68): avc: denied { open } for pid=354 comm="syz-executor266" path="/dev/loop0" dev="devtmpfs" ino=9325 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.895979][ T23] audit: type=1400 audit(1703539297.609:69): avc: denied { ioctl } for pid=354 comm="syz-executor266" path="/dev/loop0" dev="devtmpfs" ino=9325 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.921796][ T23] audit: type=1400 audit(1703539297.639:70): avc: denied { mounton } for pid=354 comm="syz-executor266" path="/root/file1" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 20.949833][ T354] EXT4-fs (loop0): 1 orphan inode deleted [ 20.955351][ T354] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 creat("./bus", 000) = 4 mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 ftruncate(6, 10231) = 0 write(6, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65184) = 65184 writev(5, [{iov_base="\x5b\xd7\xd7\x1d\xcf\xcf\xbb\x0c\xfc\x4f\xe8\x45\x30\x6b\xf4\xf9\xe0\x43\xc0\xa3\x73\x58\x4c\x5a\x54\x09\x6d\xe4\xda\xdb\x6d\x77\x7e\xc8\x49\x3c\x8d\x2a\xe9\x23\x91\x49\x4a\xe7\x57\x81\xfd\x91\xca\x69\xbb\x6d\xf6\xae\x84\xf0\xb6\x38\x06\x9c\xaa\x06\xf7\xee\x03\x4a\x6c\xb5\x49\xac\x4a\xf6\x52\x48\x98\xb2\x2b\x4f\x05\xbe\x0d\x81\xf8\xff\x76\xb7\x89\x94\x4e\x6c\xe8\x1a\x90\xb0\xb2\x7f\xdc\x24\x7f\xba"..., iov_len=2561}], 1) = 2561 exit_group(0) = ? [ 20.964311][ T23] audit: type=1400 audit(1703539297.699:71): avc: denied { mount } for pid=354 comm="syz-executor266" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 20.964339][ T354] ext4 filesystem being mounted at /root/file1 supports timestamps until 2038 (0x7fffffff) [ 21.001678][ T23] audit: type=1400 audit(1703539297.729:72): avc: denied { write } for pid=354 comm="syz-executor266" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.006846][ T354] ------------[ cut here ]------------ [ 21.023675][ T23] audit: type=1400 audit(1703539297.729:73): avc: denied { add_name } for pid=354 comm="syz-executor266" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.028552][ T354] kernel BUG at fs/ext4/ext4.h:2984! [ 21.028672][ T354] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 21.049507][ T23] audit: type=1400 audit(1703539297.729:74): avc: denied { create } for pid=354 comm="syz-executor266" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 21.054164][ T354] CPU: 1 PID: 354 Comm: syz-executor266 Not tainted 5.4.259-syzkaller-00009-gc0585bc7c835 #0 [ 21.060272][ T23] audit: type=1400 audit(1703539297.729:75): avc: denied { write open } for pid=354 comm="syz-executor266" path="/root/file1/bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 21.080633][ T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 21.080649][ T354] RIP: 0010:ext4_mb_load_buddy_gfp+0xf29/0xf40 [ 21.080657][ T354] Code: ff e8 db b5 c9 ff e9 0a f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 52 f3 ff ff e8 e1 b5 c9 ff e9 48 f3 ff ff e8 a7 e4 99 ff <0f> 0b e8 a0 e4 99 ff 0f 0b e8 99 e4 99 ff 0f 0b e8 92 e4 99 ff 0f [ 21.080667][ T354] RSP: 0018:ffff8881dc6bfa48 EFLAGS: 00010293 [ 21.154925][ T354] RAX: ffffffff81ca5ff9 RBX: 0000000000000001 RCX: ffff8881dc54cec0 [ 21.162730][ T354] RDX: 0000000000000000 RSI: 000000001e1b3070 RDI: 0000000000000001 [ 21.170544][ T354] RBP: ffff8881dc75e000 R08: ffffffff81ca51a2 R09: ffffed103d1784ee [ 21.178355][ T354] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1103b8eb07e [ 21.186166][ T354] R13: dffffc0000000000 R14: 000000001e1b3070 R15: ffff8881dc7583f0 [ 21.193989][ T354] FS: 0000555557306380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 21.202745][ T354] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.209256][ T354] CR2: 00007f665d8d7e48 CR3: 0000000005e0e000 CR4: 00000000003406a0 [ 21.217068][ T354] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.224874][ T354] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.232685][ T354] Call Trace: [ 21.235823][ T354] ? __die+0xb4/0x100 [ 21.239634][ T354] ? die+0x26/0x50 [ 21.243192][ T354] ? do_trap+0x1e7/0x340 [ 21.247286][ T354] ? ext4_mb_load_buddy_gfp+0xf29/0xf40 [ 21.252656][ T354] ? ext4_mb_load_buddy_gfp+0xf29/0xf40 [ 21.258036][ T354] ? do_invalid_op+0xfb/0x110 [ 21.262550][ T354] ? ext4_mb_load_buddy_gfp+0xf29/0xf40 [ 21.267933][ T354] ? invalid_op+0x1e/0x30 [ 21.272096][ T354] ? ext4_mb_load_buddy_gfp+0xd2/0xf40 [ 21.277478][ T354] ? ext4_mb_load_buddy_gfp+0xf29/0xf40 [ 21.282867][ T354] ? ext4_mb_load_buddy_gfp+0xf29/0xf40 [ 21.288255][ T354] ? ext4_mb_load_buddy_gfp+0xf29/0xf40 [ 21.293622][ T354] ? __kasan_slab_free+0x233/0x270 [ 21.298568][ T354] ? locks_remove_posix+0x660/0x660 [ 21.303608][ T354] ? ext4_get_group_number+0xad/0x190 [ 21.308821][ T354] ext4_discard_preallocations+0x603/0xb90 [ 21.314453][ T354] ? ext4_exit_mballoc+0xf0/0xf0 [ 21.319231][ T354] ? __fsnotify_parent+0x310/0x310 [ 21.324174][ T354] ext4_release_file+0x165/0x300 [ 21.328949][ T354] ? ext4_file_open+0x5e0/0x5e0 [ 21.333634][ T354] __fput+0x262/0x680 [ 21.337454][ T354] task_work_run+0x140/0x170 [ 21.341881][ T354] do_exit+0xcaf/0x2bc0 [ 21.345871][ T354] ? put_task_struct+0x80/0x80 [ 21.350472][ T354] ? syscall_trace_enter+0x650/0x940 [ 21.355593][ T354] do_group_exit+0x138/0x300 [ 21.360031][ T354] __x64_sys_exit_group+0x3b/0x40 [ 21.364886][ T354] do_syscall_64+0xca/0x1c0 [ 21.369220][ T354] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 21.374943][ T354] Modules linked in: [ 21.378793][ T354] ---[ end trace 613c185ccd07fe3c ]--- [ 21.384070][ T354] RIP: 0010:ext4_mb_load_buddy_gfp+0xf29/0xf40 [ 21.390228][ T354] Code: ff e8 db b5 c9 ff e9 0a f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 52 f3 ff ff e8 e1 b5 c9 ff e9 48 f3 ff ff e8 a7 e4 99 ff <0f> 0b e8 a0 e4 99 ff 0f 0b e8 99 e4 99 ff 0f 0b e8 92 e4 99 ff 0f [ 21.409867][ T354] RSP: 0018:ffff8881dc6bfa48 EFLAGS: 00010293 [ 21.415707][ T354] RAX: ffffffff81ca5ff9 RBX: 0000000000000001 RCX: ffff8881dc54cec0 [ 21.423574][ T354] RDX: 0000000000000000 RSI: 000000001e1b3070 RDI: 0000000000000001 [ 21.431356][ T354] RBP: ffff8881dc75e000 R08: ffffffff81ca51a2 R09: ffffed103d1784ee [ 21.439251][ T354] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1103b8eb07e [ 21.446949][ T354] R13: dffffc0000000000 R14: 000000001e1b3070 R15: ffff8881dc7583f0 [ 21.454801][ T354] FS: 0000555557306380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 21.463538][ T354] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.469968][ T354] CR2: 00007f665d8d7e48 CR3: 0000000005e0e000 CR4: 00000000003406a0 [ 21.477769][ T354] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.485602][ T354] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.493399][ T354] Kernel panic - not syncing: Fatal exception [ 21.499433][ T354] Kernel Offset: disabled [ 21.503559][ T354] Rebooting in 86400 seconds..