./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor619804610 <...> Warning: Permanently added '10.128.1.59' (ED25519) to the list of known hosts. execve("./syz-executor619804610", ["./syz-executor619804610"], 0x7ffc14b0f900 /* 10 vars */) = 0 brk(NULL) = 0x555588f9c000 brk(0x555588f9cd00) = 0x555588f9cd00 arch_prctl(ARCH_SET_FS, 0x555588f9c380) = 0 set_tid_address(0x555588f9c650) = 295 set_robust_list(0x555588f9c660, 24) = 0 rseq(0x555588f9cca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor619804610", 4096) = 27 getrandom("\xf4\xe8\xfd\x1d\x35\x1c\xc4\x84", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555588f9cd00 brk(0x555588fbdd00) = 0x555588fbdd00 brk(0x555588fbe000) = 0x555588fbe000 mprotect(0x7fd30306b000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 executing program mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 write(1, "executing program\n", 18) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2fabb9000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 munmap(0x7fd2fabb9000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file0", 0777) = 0 [ 24.296840][ T28] audit: type=1400 audit(1741513953.787:66): avc: denied { execmem } for pid=295 comm="syz-executor619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 24.307437][ T295] loop0: detected capacity change from 0 to 2048 [ 24.316716][ T28] audit: type=1400 audit(1741513953.787:67): avc: denied { read write } for pid=295 comm="syz-executor619" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.329675][ T295] EXT4-fs: Ignoring removed nobh option [ 24.353424][ T28] audit: type=1400 audit(1741513953.787:68): avc: denied { open } for pid=295 comm="syz-executor619" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION, "quota,bsdgroups,nobh,mb_optimize_scan=0x0000000000000001,abort,,errors=continue") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_CLR_FD) = 0 [ 24.377436][ T28] audit: type=1400 audit(1741513953.787:69): avc: denied { ioctl } for pid=295 comm="syz-executor619" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.379358][ T295] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 24.403014][ T28] audit: type=1400 audit(1741513953.827:70): avc: denied { mounton } for pid=295 comm="syz-executor619" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 24.412105][ T295] ext4 filesystem being mounted at /root/file0 supports timestamps until 2038-01-19 (0x7fffffff) close(4) = 0 chdir("./file0") = 0 memfd_create("syzkaller", 0) = 4 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2fabb9000 write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7fd2fabb9000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) ioctl(5, LOOP_CLR_FD) = 0 ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) close(5) = 0 close(4) = 0 memfd_create("syzkaller", 0) = 4 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2fabb9000 write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7fd2fabb9000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) ioctl(5, LOOP_CLR_FD) = 0 ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) close(5) = 0 close(4) = 0 ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=536879104, userspace_addr=0x400000000000}) = -1 EBADF (Bad file descriptor) [ 24.434457][ T28] audit: type=1400 audit(1741513953.917:71): avc: denied { mount } for pid=295 comm="syz-executor619" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 mount("/dev/loop0", "./bus", NULL, MS_BIND|MS_RELATIME, NULL) = 0 creat("./bus", 000) = 5 io_setup(514, [0x7fd302fb0000]) = 0 io_submit(0x7fd302fb0000, 8, [{aio_data=0x25, aio_key=3875733507, aio_lio_opcode=IOCB_CMD_PWRITE, aio_fildes=5, aio_buf="\x2e\x2f\x62\x75\x73\x00\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6e\x6f\x64\x65\x6c\x61\x6c\x6c\x6f\x63\x2c\x67\x72\x70\x69\x64\x2c\x61\x75\x74\x6f\x5f\x64\x61\x5f\x61\x6c\x6c\x6f\x63\x2c\x00\x00\x00\x00\x00"..., aio_nbytes=90112, aio_offset=0, aio_resfd=0xffffffff}, 0xac7979badddbc933, 0x4692f67f6fbc5a68, 0xdc3c4907e911a6f4, 0x9d1ade978bd9dfa4, 0x9dcff7af50b89a9a, 0xce67a5e2f67fbb7f, 0x1e989c989c9d1f9d]) = 1 openat(AT_FDCWD, ".", O_RDONLY) = 6 [ 24.476857][ T28] audit: type=1400 audit(1741513953.967:72): avc: denied { write } for pid=295 comm="syz-executor619" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 24.485301][ T295] ------------[ cut here ]------------ [ 24.499514][ T28] audit: type=1400 audit(1741513953.977:73): avc: denied { add_name } for pid=295 comm="syz-executor619" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 24.504469][ T295] kernel BUG at fs/ext4/mballoc.c:1933! [ 24.525315][ T28] audit: type=1400 audit(1741513953.977:74): avc: denied { create } for pid=295 comm="syz-executor619" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 24.530396][ T295] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 24.550770][ T28] audit: type=1400 audit(1741513953.977:75): avc: denied { read write open } for pid=295 comm="syz-executor619" path="/root/file0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 24.556420][ T295] CPU: 0 PID: 295 Comm: syz-executor619 Not tainted 6.1.128-syzkaller-00002-g44db4837f75e #0 [ 24.590440][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 24.600341][ T295] RIP: 0010:mb_mark_used+0x1607/0x1620 [ 24.605886][ T295] Code: 0f 0b e8 5c 27 7c ff 0f 0b e8 55 27 7c ff 0f 0b e8 4e 27 7c ff 0f 0b e8 47 27 7c ff 0f 0b e8 40 27 7c ff 0f 0b e8 39 27 7c ff <0f> 0b e8 32 27 7c ff 0f 0b e8 2b 27 7c ff 0f 0b 66 0f 1f 84 00 00 [ 24.625329][ T295] RSP: 0018:ffffc90000e57488 EFLAGS: 00010293 [ 24.631228][ T295] RAX: ffffffff81f96da7 RBX: 0000000000008000 RCX: ffff888110e2bcc0 [ 24.639040][ T295] RDX: 0000000000000000 RSI: ffffffff80000000 RDI: 0000000000008000 [ 24.646851][ T295] RBP: ffffc90000e57550 R08: ffffffff81f9588c R09: ffffed1021365a01 [ 24.654662][ T295] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888109b28000 [ 24.662565][ T295] R13: ffffffff80000000 R14: 000000007ffffff4 R15: ffffc90000e57660 [ 24.670378][ T295] FS: 0000555588f9c380(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 24.679146][ T295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.685565][ T295] CR2: 0000400000015000 CR3: 00000001108e9000 CR4: 00000000003506b0 [ 24.693389][ T295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.701187][ T295] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.709085][ T295] Call Trace: [ 24.712209][ T295] [ 24.714987][ T295] ? __die_body+0x62/0xb0 [ 24.719155][ T295] ? die+0x88/0xb0 [ 24.722712][ T295] ? do_trap+0x103/0x330 [ 24.726794][ T295] ? mb_mark_used+0x1607/0x1620 [ 24.731827][ T295] ? handle_invalid_op+0x95/0xc0 [ 24.736599][ T295] ? mb_mark_used+0x1607/0x1620 [ 24.741289][ T295] ? exc_invalid_op+0x32/0x50 [ 24.745804][ T295] ? asm_exc_invalid_op+0x1b/0x20 [ 24.750756][ T295] ? mb_mark_used+0xec/0x1620 [ 24.755260][ T295] ? mb_mark_used+0x1607/0x1620 [ 24.759946][ T295] ? mb_mark_used+0x1607/0x1620 [ 24.764633][ T295] ? mb_mark_used+0x1607/0x1620 [ 24.769319][ T295] ? __filemap_get_folio+0x95e/0xae0 [ 24.774439][ T295] ? cpudl_cleanup+0x40/0x40 [ 24.778871][ T295] ext4_try_to_trim_range+0x6a6/0x1180 [ 24.784172][ T295] ? mb_update_avg_fragment_size+0x600/0x600 [ 24.789983][ T295] ext4_trim_fs+0xd51/0x1650 [ 24.794407][ T295] ? mb_free_blocks+0x1350/0x1350 [ 24.799260][ T295] ? enqueue_task+0x195/0x1420 [ 24.803871][ T295] ? __kasan_check_write+0x14/0x20 [ 24.808891][ T295] ext4_ioctl+0x2720/0x5900 [ 24.813242][ T295] ? memcpy+0x56/0x70 [ 24.817052][ T295] ? avc_has_extended_perms+0xad7/0x10f0 [ 24.822521][ T295] ? ext4_fileattr_set+0x16e0/0x16e0 [ 24.827638][ T295] ? avc_flush+0x290/0x290 [ 24.831890][ T295] ? __this_cpu_preempt_check+0x13/0x20 [ 24.837276][ T295] ? do_vfs_ioctl+0xba7/0x29a0 [ 24.841875][ T295] ? __x64_compat_sys_ioctl+0x90/0x90 [ 24.847082][ T295] ? ioctl_has_perm+0x1f8/0x560 [ 24.851771][ T295] ? ioctl_has_perm+0x3f0/0x560 [ 24.856540][ T295] ? has_cap_mac_admin+0x3c0/0x3c0 [ 24.861489][ T295] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 24.866448][ T295] ? _raw_spin_lock_irqsave+0x210/0x210 [ 24.871818][ T295] ? cgroup_update_frozen+0x15f/0x980 [ 24.877202][ T295] ? selinux_file_ioctl+0x3cc/0x540 [ 24.882231][ T295] ? selinux_file_alloc_security+0x120/0x120 [ 24.888066][ T295] ? _raw_spin_unlock_irq+0x4d/0x70 [ 24.893082][ T295] ? ptrace_notify+0x249/0x350 [ 24.897686][ T295] ? security_file_ioctl+0x84/0xb0 [ 24.902630][ T295] ? ext4_fileattr_set+0x16e0/0x16e0 [ 24.907747][ T295] __se_sys_ioctl+0x114/0x190 [ 24.912301][ T295] __x64_sys_ioctl+0x7b/0x90 [ 24.916805][ T295] x64_sys_call+0x98/0x9a0 [ 24.921057][ T295] do_syscall_64+0x3b/0xb0 [ 24.925311][ T295] ? clear_bhb_loop+0x55/0xb0 [ 24.929824][ T295] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 24.935605][ T295] RIP: 0033:0x7fd302ff6ef9 [ 24.939797][ T295] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 24.959240][ T295] RSP: 002b:00007ffd3ed70518 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 24.967479][ T295] RAX: ffffffffffffffda RBX: 00004000000001c0 RCX: 00007fd302ff6ef9 [ 24.975296][ T295] RDX: 0000400000000b40 RSI: 00000000c0185879 RDI: 0000000000000006 [ 24.983155][ T295] RBP: 0000000000000073 R08: 00007fd303070260 R09: 00007fd303070260 [ 24.990910][ T295] R10: 00007fd303070260 R11: 0000000000000246 R12: 0000000000000073 [ 24.998731][ T295] R13: 00004000000004c0 R14: 0000000000000001 R15: 0000000000000001 [ 25.006807][ T295] [ 25.009659][ T295] Modules linked in: [ 25.013470][ T295] ---[ end trace 0000000000000000 ]--- [ 25.018696][ T295] RIP: 0010:mb_mark_used+0x1607/0x1620 [ 25.024015][ T295] Code: 0f 0b e8 5c 27 7c ff 0f 0b e8 55 27 7c ff 0f 0b e8 4e 27 7c ff 0f 0b e8 47 27 7c ff 0f 0b e8 40 27 7c ff 0f 0b e8 39 27 7c ff <0f> 0b e8 32 27 7c ff 0f 0b e8 2b 27 7c ff 0f 0b 66 0f 1f 84 00 00 [ 25.043455][ T295] RSP: 0018:ffffc90000e57488 EFLAGS: 00010293 [ 25.049351][ T295] RAX: ffffffff81f96da7 RBX: 0000000000008000 RCX: ffff888110e2bcc0 [ 25.057167][ T295] RDX: 0000000000000000 RSI: ffffffff80000000 RDI: 0000000000008000 [ 25.064978][ T295] RBP: ffffc90000e57550 R08: ffffffff81f9588c R09: ffffed1021365a01 [ 25.072795][ T295] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888109b28000 [ 25.080598][ T295] R13: ffffffff80000000 R14: 000000007ffffff4 R15: ffffc90000e57660 [ 25.088378][ T295] FS: 0000555588f9c380(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 25.097177][ T295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.103590][ T295] CR2: 0000400000015000 CR3: 00000001108e9000 CR4: 00000000003506b0 [ 25.111404][ T295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.119191][ T295] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.127038][ T295] Kernel panic - not syncing: Fatal exception [ 25.133183][ T295] Kernel Offset: disabled [ 25.137316][ T295] Rebooting in 86400 seconds..