./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3550699550 <...> Warning: Permanently added '10.128.1.2' (ED25519) to the list of known hosts. execve("./syz-executor3550699550", ["./syz-executor3550699550"], 0x7ffeb09e0b10 /* 10 vars */) = 0 brk(NULL) = 0x5555572b1000 brk(0x5555572b1d00) = 0x5555572b1d00 arch_prctl(ARCH_SET_FS, 0x5555572b1380) = 0 set_tid_address(0x5555572b1650) = 293 set_robust_list(0x5555572b1660, 24) = 0 rseq(0x5555572b1ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3550699550", 4096) = 28 getrandom("\x73\x69\x0c\xe0\x7c\x68\xa3\xd9", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555572b1d00 brk(0x5555572d2d00) = 0x5555572d2d00 brk(0x5555572d3000) = 0x5555572d3000 mprotect(0x7f433c814000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4334362000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7f4334362000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 [ 20.479060][ T30] audit: type=1400 audit(1720362527.178:66): avc: denied { execmem } for pid=293 comm="syz-executor355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.486552][ T30] audit: type=1400 audit(1720362527.188:67): avc: denied { read write } for pid=293 comm="syz-executor355" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.489699][ T30] audit: type=1400 audit(1720362527.188:68): avc: denied { open } for pid=293 comm="syz-executor355" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.493232][ T30] audit: type=1400 audit(1720362527.188:69): avc: denied { ioctl } for pid=293 comm="syz-executor355" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.493495][ T293] loop0: detected capacity change from 0 to 512 close(4) = 0 mkdir("./file1", 0777) = 0 [ 20.546829][ T293] ======================================================= [ 20.546829][ T293] WARNING: The mand mount option has been deprecated and [ 20.546829][ T293] and is ignored by this kernel. Remove the mand [ 20.546829][ T293] option from the mount to silence this warning. [ 20.546829][ T293] ======================================================= [ 20.546866][ T30] audit: type=1400 audit(1720362527.248:70): avc: denied { mounton } for pid=293 comm="syz-executor355" path="/root/file1" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 20.627879][ T293] EXT4-fs (loop0): 1 orphan inode deleted mount("/dev/loop0", "./file1", "ext4", MS_MANDLOCK|MS_LAZYTIME, "errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 creat("./bus", 000) = 4 [ 20.633412][ T293] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,errors=continue,. Quota mode: writeback. [ 20.654937][ T30] audit: type=1400 audit(1720362527.358:71): avc: denied { mount } for pid=293 comm="syz-executor355" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 20.654951][ T293] ext4 filesystem being mounted at /root/file1 supports timestamps until 2038 (0x7fffffff) mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 memfd_create("syzkaller", 0) = 6 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4334362000 write(6, "\xeb\x58\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x08\x20\x00\x02\x00\x00\x80\x00\xf8\x00\x00\x10\x00\x69\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x01\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3d\x32\x00\x80\x00\x29\x30\x76\xf2\x8a\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x33\x32\x20\x20\x20\x0e\x1f\xbe\x77\x7c\xac\x22\xc0\x74\x0b"..., 65536) = 65536 munmap(0x7f4334362000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) ioctl(7, LOOP_CLR_FD) = 0 ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) close(7) = 0 close(6) = 0 mkdir(0x20000f00, 0777) = -1 EEXIST (File exists) [ 20.688312][ T30] audit: type=1400 audit(1720362527.388:72): avc: denied { write } for pid=293 comm="syz-executor355" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 20.709974][ T30] audit: type=1400 audit(1720362527.388:73): avc: denied { add_name } for pid=293 comm="syz-executor355" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 20.711523][ T293] ================================================================================ [ 20.730452][ T30] audit: type=1400 audit(1720362527.388:74): avc: denied { create } for pid=293 comm="syz-executor355" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 20.759650][ T293] UBSAN: shift-out-of-bounds in fs/ext4/super.c:2493:15 [ 20.766565][ T293] shift exponent 1724006178 is too large for 32-bit type 'int' [ 20.766889][ T30] audit: type=1400 audit(1720362527.388:75): avc: denied { write open } for pid=293 comm="syz-executor355" path="/root/file1/bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 20.773864][ T293] CPU: 1 PID: 293 Comm: syz-executor355 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 20.807016][ T293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 20.816921][ T293] Call Trace: [ 20.820037][ T293] [ 20.822813][ T293] dump_stack_lvl+0x151/0x1b7 [ 20.827326][ T293] ? io_uring_drop_tctx_refs+0x190/0x190 [ 20.832794][ T293] dump_stack+0x15/0x17 [ 20.836786][ T293] __ubsan_handle_shift_out_of_bounds+0x3bf/0x420 [ 20.843037][ T293] parse_options+0x2c9d/0x2d20 [ 20.847639][ T293] ? ext4_superblock_csum_verify+0x420/0x420 [ 20.853452][ T293] ? memcpy+0x56/0x70 [ 20.857272][ T293] ext4_remount+0x8ff/0x2cf0 [ 20.861697][ T293] ? alloc_fs_context+0x674/0x830 [ 20.866556][ T293] ? avc_has_perm_noaudit+0x348/0x430 [ 20.871767][ T293] ? ext4_statfs+0xe00/0xe00 [ 20.876192][ T293] ? shrink_dcache_sb+0x144/0x190 [ 20.881052][ T293] ? dentry_lru_isolate+0x330/0x330 [ 20.886085][ T293] ? ext4_statfs+0xe00/0xe00 [ 20.890521][ T293] legacy_reconfigure+0xfa/0x110 [ 20.895284][ T293] reconfigure_super+0x436/0x860 [ 20.900146][ T293] path_mount+0xcc3/0x1070 [ 20.904398][ T293] __se_sys_mount+0x2c4/0x3b0 [ 20.908947][ T293] ? __x64_sys_mount+0xd0/0xd0 [ 20.913513][ T293] ? __kasan_check_read+0x11/0x20 [ 20.918381][ T293] __x64_sys_mount+0xbf/0xd0 [ 20.922798][ T293] do_syscall_64+0x3d/0xb0 [ 20.927049][ T293] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 20.932785][ T293] RIP: 0033:0x7f433c7a107a [ 20.937031][ T293] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 20.956472][ T293] RSP: 002b:00007fff59dc91b8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 20.964805][ T293] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f433c7a107a [ 20.972615][ T293] RDX: 0000000020000f40 RSI: 0000000020000f00 RDI: 0000000000000000 [ 20.980426][ T293] RBP: 0000000020000f00 R08: 00007fff59dc9250 R09: 0000000000000000 [ 20.988240][ T293] R10: 0000000001a4a438 R11: 0000000000000286 R12: 0000000020000f40 mount(NULL, 0x20000f00, 0x20000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0 openat(AT_FDCWD, 0x20000f00, O_RDONLY|O_DIRECTORY) = 6 chdir(0x20000f00) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 20.996049][ T293] R13: 00007fff59dc9250 R14: 0000000000000000 R15: 00000000200008c0 [ 21.003867][ T293] [ 21.006865][ T293] ================================================================================ [ 21.016131][ T293] EXT4-fs (loop0): re-mounted. Opts: . Quota mode: none. [ 21.022970][ T293] ext4 filesystem being remounted at /root/file1 supports timestamps until 2038 (0x7fffffff) [ 25.635718][ T8] EXT4-fs error (device loop0): __ext4_get_inode_loc:4340: comm kworker/u4:0: Invalid inode table block 34 in block_group 0