./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3988826815 <...> Warning: Permanently added '10.128.0.142' (ED25519) to the list of known hosts. execve("./syz-executor3988826815", ["./syz-executor3988826815"], 0x7ffda0cfbdf0 /* 10 vars */) = 0 brk(NULL) = 0x55555d91a000 brk(0x55555d91ad00) = 0x55555d91ad00 arch_prctl(ARCH_SET_FS, 0x55555d91a380) = 0 set_tid_address(0x55555d91a650) = 282 set_robust_list(0x55555d91a660, 24) = 0 rseq(0x55555d91aca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3988826815", 4096) = 28 getrandom("\x97\xe5\x53\x27\xc1\x51\x46\x1c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555d91ad00 brk(0x55555d93bd00) = 0x55555d93bd00 brk(0x55555d93c000) = 0x55555d93c000 mprotect(0x7f88bd5ca000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f88b511a000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f88b511a000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 [ 27.719190][ T24] audit: type=1400 audit(1750142020.660:64): avc: denied { execmem } for pid=282 comm="syz-executor398" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 27.742669][ T24] audit: type=1400 audit(1750142020.680:65): avc: denied { read write } for pid=282 comm="syz-executor398" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 27.775025][ T24] audit: type=1400 audit(1750142020.680:66): avc: denied { open } for pid=282 comm="syz-executor398" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 close(4) = 0 mkdir("./file1", 0777) = 0 [ 27.800600][ T24] audit: type=1400 audit(1750142020.680:67): avc: denied { ioctl } for pid=282 comm="syz-executor398" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 27.837275][ T282] ====================================================== [ 27.837275][ T282] WARNING: the mand mount option is being deprecated and [ 27.837275][ T282] will be removed in v5.15! [ 27.837275][ T282] ====================================================== [ 27.837307][ T24] audit: type=1400 audit(1750142020.780:68): avc: denied { mounton } for pid=282 comm="syz-executor398" path="/root/file1" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 27.939128][ T282] EXT4-fs (loop0): Ignoring removed nobh option [ 27.946151][ T282] EXT4-fs (loop0): Ignoring removed bh option [ 27.953277][ T282] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 openat(AT_FDCWD, "./file1", O_RDWR) = 4 pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 061) = 5 [ 27.977400][ T282] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 28.005487][ T24] audit: type=1400 audit(1750142020.940:69): avc: denied { mount } for pid=282 comm="syz-executor398" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 truncate("./file1", 5) = 0 openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6 [ 28.020129][ T282] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor398: Allocating blocks 497-513 which overlap fs metadata [ 28.031803][ T24] audit: type=1400 audit(1750142020.950:70): avc: denied { read write } for pid=282 comm="syz-executor398" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 28.053345][ T282] ------------[ cut here ]------------ [ 28.070670][ T24] audit: type=1400 audit(1750142020.950:71): avc: denied { open } for pid=282 comm="syz-executor398" path="/root/file1/file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 28.077011][ T282] kernel BUG at fs/ext4/extents.c:1014! [ 28.108852][ T282] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 28.115910][ T282] CPU: 0 PID: 282 Comm: syz-executor398 Not tainted 5.10.238-syzkaller-00282-gd76d4cd0623a #0 [ 28.126879][ T282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 28.137401][ T282] RIP: 0010:ext4_ext_insert_index+0x52d/0x530 [ 28.144684][ T282] Code: 4c 89 fa e9 ca fd ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c dd fd ff ff 4c 89 f7 e8 ad a2 d3 ff e9 d0 fd ff ff e8 83 b2 99 ff <0f> 0b 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec c0 00 00 [ 28.165797][ T282] RSP: 0018:ffffc90000b96b20 EFLAGS: 00010293 [ 28.172590][ T282] RAX: ffffffff81c9e18d RBX: ffff888120acd424 RCX: ffff8881065fe2c0 [ 28.180783][ T282] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 28.189285][ T282] RBP: ffffc90000b96b90 R08: dffffc0000000000 R09: ffffed10242869e4 [ 28.197775][ T282] R10: ffffed10242869e4 R11: 1ffff110242869e3 R12: 0000000000000000 [ 28.206676][ T282] R13: 00000000000000cb R14: 00000000fffffffe R15: 0000000000000054 [ 28.215116][ T282] FS: 000055555d91a380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 28.224389][ T282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.231628][ T282] CR2: 000020000002c0bf CR3: 0000000105f82000 CR4: 00000000003506b0 [ 28.239982][ T282] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.248807][ T282] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.257274][ T282] Call Trace: [ 28.261171][ T282] ext4_ext_insert_extent+0x38c3/0x4530 [ 28.268164][ T282] ? ext4_ext_next_allocated_block+0x2e0/0x2e0 [ 28.276037][ T282] ? get_implied_cluster_alloc+0x526/0x940 [ 28.282277][ T282] ext4_ext_map_blocks+0x148c/0x5d40 [ 28.287879][ T282] ? _raw_write_trylock+0x140/0x140 [ 28.293256][ T282] ? _raw_write_unlock+0x2b/0x60 [ 28.298563][ T282] ? ext4_ext_release+0x10/0x10 [ 28.304248][ T282] ? ext4_fc_track_template+0xb5/0x600 [ 28.309818][ T282] ? ext4_fc_track_range+0x250/0x250 [ 28.316252][ T282] ? ext4_es_lookup_extent+0x32d/0x8c0 [ 28.321926][ T282] ext4_map_blocks+0x978/0x1bc0 [ 28.326912][ T282] ? __kasan_slab_alloc+0xbd/0xf0 [ 28.333074][ T282] ? slab_post_alloc_hook+0x5d/0x2f0 [ 28.338882][ T282] ? kmem_cache_alloc+0x165/0x2e0 [ 28.344025][ T282] ? ext4_issue_zeroout+0x1a0/0x1a0 [ 28.350451][ T282] _ext4_get_block+0x1bb/0x4b0 [ 28.355294][ T282] ? ext4_get_block+0x50/0x50 [ 28.360217][ T282] ? slab_post_alloc_hook+0x7d/0x2f0 [ 28.365677][ T282] ext4_get_block_unwritten+0x2a/0x40 [ 28.371474][ T282] ext4_block_write_begin+0x567/0x1330 [ 28.377113][ T282] ? alloc_page_buffers+0x3aa/0x4a0 [ 28.382565][ T282] ? _ext4_get_block+0x4b0/0x4b0 [ 28.387927][ T282] ? ext4_print_free_blocks+0x2c0/0x2c0 [ 28.393768][ T282] ? __kasan_check_read+0x11/0x20 [ 28.399185][ T282] ? ext4_inode_journal_mode+0x19a/0x480 [ 28.406383][ T282] ext4_write_begin+0x651/0x1550 [ 28.412155][ T282] ? unwind_get_return_address+0x4d/0x90 [ 28.418352][ T282] ? ext4_readahead+0x110/0x110 [ 28.423705][ T282] ? ext4_get_group_desc+0x25f/0x2b0 [ 28.429406][ T282] ? __kasan_check_read+0x11/0x20 [ 28.435133][ T282] ? mark_buffer_dirty+0x1cc/0x330 [ 28.440632][ T282] ? __ext4_handle_dirty_metadata+0x2eb/0x7f0 [ 28.447137][ T282] ? __kasan_check_write+0x14/0x20 [ 28.452722][ T282] ext4_da_write_begin+0x455/0xe80 [ 28.458375][ T282] ? ext4_set_page_dirty+0x1a0/0x1a0 [ 28.464317][ T282] ? down_read_killable+0xe0/0xe0 [ 28.469370][ T282] ? __ext4_journal_stop+0x36/0x1a0 [ 28.475123][ T282] ? ext4_write_end+0xa00/0xed0 [ 28.479970][ T282] ? iov_iter_advance+0x1f7/0x750 [ 28.485165][ T282] generic_perform_write+0x2be/0x510 [ 28.490450][ T282] ? grab_cache_page_write_begin+0xb0/0xb0 [ 28.496532][ T282] ? down_write+0xac/0x110 [ 28.501128][ T282] ? down_read_killable+0xe0/0xe0 [ 28.506410][ T282] ? __switch_to+0x50f/0xfc0 [ 28.511098][ T282] ? generic_write_checks+0x3d4/0x480 [ 28.516928][ T282] ext4_buffered_write_iter+0x4b8/0x640 [ 28.522753][ T282] ext4_file_write_iter+0x536/0x1980 [ 28.528311][ T282] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.533644][ T282] ? finish_task_switch+0x12e/0x5a0 [ 28.539204][ T282] ? avc_policy_seqno+0x1b/0x70 [ 28.544400][ T282] ? selinux_file_permission+0x2a5/0x510 [ 28.550341][ T282] ? ext4_file_read_iter+0x530/0x530 [ 28.556094][ T282] ? security_file_permission+0x83/0xa0 [ 28.561890][ T282] ? iov_iter_init+0x3f/0x120 [ 28.566738][ T282] vfs_write+0x725/0xd60 [ 28.571161][ T282] ? kernel_write+0x3c0/0x3c0 [ 28.575856][ T282] ? ptrace_stop+0x69f/0x9c0 [ 28.580576][ T282] ? ptrace_notify+0x1c4/0x250 [ 28.585578][ T282] ? __kasan_check_read+0x11/0x20 [ 28.590940][ T282] ? __fdget+0x15b/0x230 [ 28.596066][ T282] __x64_sys_pwrite64+0x191/0x220 [ 28.601587][ T282] ? ksys_pwrite64+0x1b0/0x1b0 [ 28.606487][ T282] ? syscall_trace_enter+0x4b/0x170 [ 28.612713][ T282] do_syscall_64+0x31/0x40 [ 28.617823][ T282] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.624169][ T282] RIP: 0033:0x7f88bd557bf9 [ 28.628844][ T282] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 28.650778][ T282] RSP: 002b:00007ffd60170b98 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 28.660062][ T282] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f88bd557bf9 [ 28.668572][ T282] RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000006 [ 28.677429][ T282] RBP: 0000200000000040 R08: 0000000000000000 R09: 0000000000000000 [ 28.686180][ T282] R10: 0000000000009000 R11: 0000000000000246 R12: 0031656c69662f2e [ 28.694430][ T282] R13: 5f646165726f6964 R14: 65726f6e67693d72 R15: 00007f88bd5a005e [ 28.702588][ T282] Modules linked in: [ 28.706951][ T282] ---[ end trace 13168a2ec7dca526 ]--- [ 28.712614][ T282] RIP: 0010:ext4_ext_insert_index+0x52d/0x530 [ 28.719770][ T282] Code: 4c 89 fa e9 ca fd ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c dd fd ff ff 4c 89 f7 e8 ad a2 d3 ff e9 d0 fd ff ff e8 83 b2 99 ff <0f> 0b 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec c0 00 00 [ 28.742019][ T282] RSP: 0018:ffffc90000b96b20 EFLAGS: 00010293 [ 28.749188][ T282] RAX: ffffffff81c9e18d RBX: ffff888120acd424 RCX: ffff8881065fe2c0 [ 28.759331][ T282] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 28.769567][ T282] RBP: ffffc90000b96b90 R08: dffffc0000000000 R09: ffffed10242869e4 [ 28.777748][ T282] R10: ffffed10242869e4 R11: 1ffff110242869e3 R12: 0000000000000000 [ 28.786606][ T282] R13: 00000000000000cb R14: 00000000fffffffe R15: 0000000000000054 [ 28.795102][ T282] FS: 000055555d91a380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 28.804340][ T282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.813159][ T282] CR2: 000020000002c0bf CR3: 0000000105f82000 CR4: 00000000003506b0 [ 28.822178][ T282] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.830285][ T282] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.838499][ T282] Kernel panic - not syncing: Fatal exception [ 28.839535][ T24] audit: type=1400 audit(1750142021.790:72): avc: denied { read } for pid=77 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 28.867205][ T282] Kernel Offset: disabled [ 28.871551][ T282] Rebooting in 86400 seconds..