./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4281612025 <...> Warning: Permanently added '10.128.0.89' (ECDSA) to the list of known hosts. execve("./syz-executor4281612025", ["./syz-executor4281612025"], 0x7fff6ebe1030 /* 10 vars */) = 0 brk(NULL) = 0x555556c18000 brk(0x555556c18d40) = 0x555556c18d40 arch_prctl(ARCH_SET_FS, 0x555556c18400) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556c186d0) = 304 set_robust_list(0x555556c186e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fbe99a08400, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fbe99a07950}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fbe99a084a0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbe99a07950}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4281612025", 4096) = 28 brk(0x555556c39d40) = 0x555556c39d40 brk(0x555556c3a000) = 0x555556c3a000 mprotect(0x7fbe99ac9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fbe99a022b0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fbe99a07950}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fbe99a022b0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fbe99a07950}, NULL, 8) = 0 futex(0x7fbe99acf6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbe999d7000 mprotect(0x7fbe999d8000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7fbe999f72f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 305 attached , parent_tid=[305], tls=0x7fbe999f7700, child_tidptr=0x7fbe999f79d0) = 305 [pid 304] futex(0x7fbe99acf6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fbe99acf6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 305] set_robust_list(0x7fbe999f79e0, 24) = 0 [pid 305] memfd_create("syzkaller", 0) = 3 [pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbe915d7000 [pid 305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 305] munmap(0x7fbe915d7000, 1048576) = 0 [ 22.403573][ T23] audit: type=1400 audit(1669510181.070:73): avc: denied { execmem } for pid=304 comm="syz-executor428" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 305] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 305] close(3) = 0 [pid 305] mkdir("./file0", 0777) = 0 [ 22.433308][ T23] audit: type=1400 audit(1669510181.100:74): avc: denied { read write } for pid=304 comm="syz-executor428" name="loop0" dev="devtmpfs" ino=1649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.457704][ T23] audit: type=1400 audit(1669510181.130:75): avc: denied { open } for pid=304 comm="syz-executor428" path="/dev/loop0" dev="devtmpfs" ino=1649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 305] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 305] chdir("./file0") = 0 [pid 305] ioctl(4, LOOP_CLR_FD) = 0 [pid 305] close(4) = 0 [pid 305] futex(0x7fbe99acf6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7fbe99acf6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fbe99acf6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 305] futex(0x7fbe99acf6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7fbe99acf6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fbe99acf6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] write(4, "#! ./bus\n", 9) = 9 [pid 305] futex(0x7fbe99acf6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7fbe99acf6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fbe99acf6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [ 22.482484][ T23] audit: type=1400 audit(1669510181.130:76): avc: denied { ioctl } for pid=304 comm="syz-executor428" path="/dev/loop0" dev="devtmpfs" ino=1649 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.508128][ T23] audit: type=1400 audit(1669510181.130:77): avc: denied { mounton } for pid=304 comm="syz-executor428" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.519077][ T305] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 305] open("./bus", O_RDWR) = 5 [pid 305] futex(0x7fbe99acf6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7fbe99acf6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fbe99acf6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7fbe99acf6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fbe99acf6fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbe916b6000 [pid 304] mprotect(0x7fbe916b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 304] clone(child_stack=0x7fbe916d62f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[310], tls=0x7fbe916d6700, child_tidptr=0x7fbe916d69d0) = 310 [pid 304] futex(0x7fbe99acf6f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fbe99acf6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 ./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x7fbe916d69e0, 24) = 0 [pid 310] openat(4, 0x20000040, O_WRONLY|O_CREAT|O_APPEND|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|__O_TMPFILE, 0213) = -1 EINVAL (Invalid argument) [pid 310] futex(0x7fbe99acf6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 310] <... futex resumed>) = 1 [pid 310] futex(0x7fbe99acf6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f82} --- [ 22.540011][ T23] audit: type=1400 audit(1669510181.210:78): avc: denied { mount } for pid=304 comm="syz-executor428" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 22.546374][ T305] EXT4-fs error (device loop0): ext4_mb_generate_buddy:747: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.567335][ T23] audit: type=1400 audit(1669510181.210:79): avc: denied { write } for pid=304 comm="syz-executor428" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.577962][ T305] ------------[ cut here ]------------ [ 22.598818][ T23] audit: type=1400 audit(1669510181.210:80): avc: denied { add_name } for pid=304 comm="syz-executor428" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.603551][ T305] kernel BUG at fs/ext4/inode.c:2837! [ 22.624449][ T23] audit: type=1400 audit(1669510181.210:81): avc: denied { create } for pid=304 comm="syz-executor428" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.629890][ T305] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 22.650017][ T23] audit: type=1400 audit(1669510181.210:82): avc: denied { read write open } for pid=304 comm="syz-executor428" path="/root/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.655758][ T305] CPU: 1 PID: 305 Comm: syz-executor428 Not tainted 5.4.210-syzkaller-00006-gc80a5b2e7f63 #0 [ 22.689531][ T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 22.699576][ T305] RIP: 0010:ext4_writepages+0x3a2b/0x3a50 [ 22.705262][ T305] Code: 94 c3 40 0f 94 c6 31 ff e8 f2 9f a0 ff 84 db 75 2e e8 59 9d a0 ff 48 bb 00 00 00 00 00 fc ff df e9 a9 f6 ff ff e8 45 9d a0 ff <0f> 0b e8 3e 9d a0 ff 0f 0b e8 37 9d a0 ff e8 62 a5 3b ff eb a3 e8 [ 22.724838][ T305] RSP: 0018:ffff8881dc817460 EFLAGS: 00010293 [ 22.730872][ T305] RAX: ffffffff81c4a22b RBX: 0000010000000000 RCX: ffff8881dc808fc0 [ 22.738817][ T305] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 22.746762][ T305] RBP: ffff8881dc817830 R08: ffffffff81c470f7 R09: ffffed103cc9b480 [ 22.754705][ T305] R10: ffffed103cc9b480 R11: 1ffff1103cc9b47f R12: ffff8881e64da4a8 [ 22.762647][ T305] R13: ffff8881dc8179a0 R14: 0000010410000000 R15: 0000000000000001 [ 22.770589][ T305] FS: 00007fbe999f7700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 22.779489][ T305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.786043][ T305] CR2: 000000002000004e CR3: 00000001dd0b5000 CR4: 00000000003406e0 [ 22.793988][ T305] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.801933][ T305] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.809875][ T305] Call Trace: [ 22.813140][ T305] ? __ext4_handle_dirty_metadata+0x27d/0x620 [ 22.819177][ T305] ? ext4_mark_iloc_dirty+0x24af/0x3440 [ 22.824696][ T305] ? ext4_chunk_trans_blocks+0x2a0/0x2a0 [ 22.830296][ T305] ? ext4_readpage+0x2c0/0x2c0 [ 22.835029][ T305] ? ext4_reserve_inode_write+0x19c/0x220 [ 22.840721][ T305] ? ext4_mark_inode_dirty+0x4ca/0x780 [ 22.846148][ T305] ? ext4_blocks_for_truncate+0x220/0x220 [ 22.851838][ T305] ? __ext4_journal_start_sb+0x290/0x440 [ 22.857555][ T305] ? iov_iter_advance+0x263/0xb20 [ 22.862550][ T305] ? ext4_readpage+0x2c0/0x2c0 [ 22.867281][ T305] do_writepages+0x13a/0x280 [ 22.871844][ T305] ? debug_smp_processor_id+0x20/0x20 [ 22.877199][ T305] ? __writepage+0x110/0x110 [ 22.881761][ T305] ? balance_dirty_pages_ratelimited+0x363/0x520 [ 22.888122][ T305] ? ext4_da_write_begin+0xf80/0xf80 [ 22.893381][ T305] file_write_and_wait_range+0x33f/0x410 [ 22.898987][ T305] ? __filemap_set_wb_err+0x160/0x160 [ 22.904339][ T305] ? grab_cache_page_write_begin+0x90/0x90 [ 22.910116][ T305] ? file_remove_privs+0x640/0x640 [ 22.915201][ T305] __generic_file_fsync+0x6e/0x190 [ 22.920284][ T305] ext4_sync_file+0x266/0xc70 [ 22.924937][ T305] ext4_file_write_iter+0xa05/0x10e0 [ 22.930202][ T305] ? ext4_file_read_iter+0x140/0x140 [ 22.935461][ T305] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 22.940555][ T305] ? _raw_spin_lock_irqsave+0x210/0x210 [ 22.946164][ T305] ? cgroup_update_frozen+0x139/0x360 [ 22.951505][ T305] ? cgroup_update_frozen+0x139/0x360 [ 22.956846][ T305] ? cgroup_leave_frozen+0x13b/0x290 [ 22.962100][ T305] ? iov_iter_init+0x83/0x160 [ 22.966751][ T305] __vfs_write+0x5e3/0x780 [ 22.971150][ T305] ? __kernel_write+0x340/0x340 [ 22.975982][ T305] ? check_preemption_disabled+0x9e/0x330 [ 22.981672][ T305] ? debug_smp_processor_id+0x20/0x20 [ 22.987033][ T305] ? selinux_file_permission+0x2c2/0x530 [ 22.992641][ T305] vfs_write+0x210/0x4f0 [ 22.996866][ T305] ksys_write+0x198/0x2c0 [ 23.001167][ T305] ? do_syscall_64+0x1c0/0x1c0 [ 23.005906][ T305] ? __ia32_sys_read+0x80/0x80 [ 23.010648][ T305] do_syscall_64+0xcb/0x1c0 [ 23.015125][ T305] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.020990][ T305] RIP: 0033:0x7fbe99a4a889 [ 23.025380][ T305] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 23.045098][ T305] RSP: 002b:00007fbe999f7208 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 23.053484][ T305] RAX: ffffffffffffffda RBX: 00007fbe99acf6e8 RCX: 00007fbe99a4a889 [ 23.061429][ T305] RDX: 0000000000000009 RSI: 0000000020000f80 RDI: 0000000000000004 [ 23.069376][ T305] RBP: 00007fbe99acf6e0 R08: 00007fbe99acf6e0 R09: 0000000000000000 [ 23.077320][ T305] R10: 00007fbe999f7210 R11: 0000000000000246 R12: 00007fbe99acf6ec [ 23.085264][ T305] R13: 00007fffe225896f R14: 00007fbe999f7300 R15: 0000000000022000 [ 23.093296][ T305] Modules linked in: [ 23.097328][ T305] ---[ end trace 1c1495f6c912e55b ]--- [ 23.102841][ T305] RIP: 0010:ext4_writepages+0x3a2b/0x3a50 [ 23.108817][ T305] Code: 94 c3 40 0f 94 c6 31 ff e8 f2 9f a0 ff 84 db 75 2e e8 59 9d a0 ff 48 bb 00 00 00 00 00 fc ff df e9 a9 f6 ff ff e8 45 9d a0 ff <0f> 0b e8 3e 9d a0 ff 0f 0b e8 37 9d a0 ff e8 62 a5 3b ff eb a3 e8 [ 23.128464][ T305] RSP: 0018:ffff8881dc817460 EFLAGS: 00010293 [ 23.134509][ T305] RAX: ffffffff81c4a22b RBX: 0000010000000000 RCX: ffff8881dc808fc0 [ 23.142483][ T305] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 23.150458][ T305] RBP: ffff8881dc817830 R08: ffffffff81c470f7 R09: ffffed103cc9b480 [ 23.158430][ T305] R10: ffffed103cc9b480 R11: 1ffff1103cc9b47f R12: ffff8881e64da4a8 [ 23.166381][ T305] R13: ffff8881dc8179a0 R14: 0000010410000000 R15: 0000000000000001 [ 23.174354][ T305] FS: 00007fbe999f7700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 23.183273][ T305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.189849][ T305] CR2: 000000002000004e CR3: 00000001dd0b5000 CR4: 00000000003406e0 [ 23.197818][ T305] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.205761][ T305] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.213725][ T305] Kernel panic - not syncing: Fatal exception [ 23.219841][ T305] Kernel Offset: disabled [ 23.224147][ T305] Rebooting in 86400 seconds..