./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2879593027 <...> Warning: Permanently added '10.128.1.31' (ED25519) to the list of known hosts. execve("./syz-executor2879593027", ["./syz-executor2879593027"], 0x7fff03548f30 /* 10 vars */) = 0 brk(NULL) = 0x55555d048000 brk(0x55555d048d00) = 0x55555d048d00 arch_prctl(ARCH_SET_FS, 0x55555d048380) = 0 set_tid_address(0x55555d048650) = 295 set_robust_list(0x55555d048660, 24) = 0 rseq(0x55555d048ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2879593027", 4096) = 28 getrandom("\x6d\x24\x5d\x51\xfa\x95\x18\xc9", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555d048d00 brk(0x55555d069d00) = 0x55555d069d00 brk(0x55555d06a000) = 0x55555d06a000 mprotect(0x7f34352c1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0executing program ) = 0x21000000 write(1, "executing program\n", 18) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f342ce0f000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7f342ce0f000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 23.471968][ T30] audit: type=1400 audit(1734232543.510:66): avc: denied { execmem } for pid=295 comm="syz-executor287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.495207][ T30] audit: type=1400 audit(1734232543.540:67): avc: denied { read write } for pid=295 comm="syz-executor287" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 [ 23.519744][ T30] audit: type=1400 audit(1734232543.540:68): avc: denied { open } for pid=295 comm="syz-executor287" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.520284][ T295] loop0: detected capacity change from 0 to 512 [ 23.544572][ T30] audit: type=1400 audit(1734232543.560:69): avc: denied { ioctl } for pid=295 comm="syz-executor287" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 close(4) = 0 mkdir("./file1", 0777) = 0 [ 23.649359][ T295] ======================================================= [ 23.649359][ T295] WARNING: The mand mount option has been deprecated and [ 23.649359][ T295] and is ignored by this kernel. Remove the mand [ 23.649359][ T295] option from the mount to silence this warning. [ 23.649359][ T295] ======================================================= [ 23.649452][ T30] audit: type=1400 audit(1734232543.690:70): avc: denied { mounton } for pid=295 comm="syz-executor287" path="/root/file1" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 23.790198][ T295] EXT4-fs (loop0): 1 orphan inode deleted [ 23.795741][ T295] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,errors=continue,. Quota mode: writeback. [ 23.817441][ T30] audit: type=1400 audit(1734232543.850:71): avc: denied { mount } for pid=295 comm="syz-executor287" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 mount("/dev/loop0", "./file1", "ext4", MS_MANDLOCK|MS_LAZYTIME, "errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 creat("./bus", 000) = 4 mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 memfd_create("syzkaller", 0) = 6 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f342ce0f000 write(6, "\xeb\x58\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x08\x20\x00\x02\x00\x00\x80\x00\xf8\x00\x00\x10\x00\x69\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x01\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3d\x32\x00\x80\x00\x29\x30\x76\xf2\x8a\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x33\x32\x20\x20\x20\x0e\x1f\xbe\x77\x7c\xac\x22\xc0\x74\x0b"..., 65536) = 65536 munmap(0x7f342ce0f000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) ioctl(7, LOOP_CLR_FD) = 0 ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) close(7) = 0 close(6) = 0 mkdir(0x20000f00, 0777) = -1 EEXIST (File exists) [ 23.817467][ T295] ext4 filesystem being mounted at /root/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 23.852096][ T30] audit: type=1400 audit(1734232543.890:72): avc: denied { write } for pid=295 comm="syz-executor287" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.873771][ T30] audit: type=1400 audit(1734232543.890:73): avc: denied { add_name } for pid=295 comm="syz-executor287" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.889761][ T295] ================================================================================ [ 23.894540][ T30] audit: type=1400 audit(1734232543.890:74): avc: denied { create } for pid=295 comm="syz-executor287" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 23.903865][ T295] UBSAN: shift-out-of-bounds in fs/ext4/super.c:2494:15 [ 23.923516][ T30] audit: type=1400 audit(1734232543.890:75): avc: denied { write open } for pid=295 comm="syz-executor287" path="/root/file1/bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 23.930604][ T295] shift exponent 1724006178 is too large for 32-bit type 'int' [ 23.960633][ T295] CPU: 1 PID: 295 Comm: syz-executor287 Not tainted 5.15.173-syzkaller-00123-g6f0de8f8a165 #0 [ 23.970649][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 23.980553][ T295] Call Trace: [ 23.983663][ T295] [ 23.986438][ T295] dump_stack_lvl+0x151/0x1c0 [ 23.990959][ T295] ? io_uring_drop_tctx_refs+0x190/0x190 [ 23.996422][ T295] dump_stack+0x15/0x20 [ 24.000422][ T295] __ubsan_handle_shift_out_of_bounds+0x3bf/0x420 [ 24.006666][ T295] parse_options+0x2c9d/0x2d20 [ 24.011263][ T295] ? ext4_superblock_csum_verify+0x420/0x420 [ 24.017078][ T295] ? memcpy+0x56/0x70 [ 24.020897][ T295] ext4_remount+0x8ff/0x2cf0 [ 24.025320][ T295] ? alloc_fs_context+0x674/0x830 [ 24.030182][ T295] ? avc_has_perm_noaudit+0x348/0x430 [ 24.035393][ T295] ? ext4_statfs+0xe00/0xe00 [ 24.039817][ T295] ? shrink_dcache_sb+0x144/0x190 [ 24.044676][ T295] ? dentry_lru_isolate+0x330/0x330 [ 24.049708][ T295] ? ext4_statfs+0xe00/0xe00 [ 24.054253][ T295] legacy_reconfigure+0xfa/0x110 [ 24.059019][ T295] reconfigure_super+0x436/0x860 [ 24.063791][ T295] path_mount+0xcc3/0x1070 [ 24.068062][ T295] __se_sys_mount+0x2c4/0x3b0 [ 24.072690][ T295] ? __x64_sys_mount+0xd0/0xd0 [ 24.077299][ T295] ? __kasan_check_write+0x14/0x20 [ 24.082235][ T295] __x64_sys_mount+0xbf/0xd0 [ 24.086660][ T295] x64_sys_call+0x49d/0x9a0 [ 24.091525][ T295] do_syscall_64+0x3b/0xb0 [ 24.095770][ T295] ? clear_bhb_loop+0x35/0x90 [ 24.100286][ T295] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 24.106012][ T295] RIP: 0033:0x7f343524e07a [ 24.110271][ T295] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 24.129709][ T295] RSP: 002b:00007fff7fbf3248 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 24.137954][ T295] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f343524e07a [ 24.145765][ T295] RDX: 0000000020000f40 RSI: 0000000020000f00 RDI: 0000000000000000 [ 24.153577][ T295] RBP: 0000000020000f00 R08: 00007fff7fbf32e0 R09: 0000000000000000 [ 24.161390][ T295] R10: 0000000001a4a438 R11: 0000000000000286 R12: 0000000020000f40 [ 24.169202][ T295] R13: 00007fff7fbf32e0 R14: 0000000000000000 R15: 00000000200008c0 [ 24.177032][ T295] [ 24.179974][ T295] ================================================================================ mount(NULL, 0x20000f00, 0x20000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0 openat(AT_FDCWD, 0x20000f00, O_RDONLY|O_DIRECTORY) = 6 chdir(0x20000f00) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 24.189248][ T295] EXT4-fs (l