./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2020153176

<...>
[    2.874257][   T30] audit: type=1400 audit(1672040933.359:8): avc:  denied  { create } for  pid=164 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[    2.877828][   T30] audit: type=1400 audit(1672040933.359:9): avc:  denied  { append open } for  pid=164 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[    2.880772][   T30] audit: type=1400 audit(1672040933.359:10): avc:  denied  { getattr } for  pid=164 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[    3.124767][  T181] udevd[181]: starting version 3.2.10
[    3.153359][  T182] udevd[182]: starting eudev-3.2.10
[    3.155338][  T181] udevd (181) used greatest stack depth: 22976 bytes left
[   12.657745][   T30] kauditd_printk_skb: 49 callbacks suppressed
[   12.657754][   T30] audit: type=1400 audit(1672040943.159:60): avc:  denied  { transition } for  pid=319 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   12.662867][   T30] audit: type=1400 audit(1672040943.159:61): avc:  denied  { write } for  pid=319 comm="sh" path="pipe:[12364]" dev="pipefs" ino=12364 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
[   13.215032][  T320] sshd (320) used greatest stack depth: 22592 bytes left
Warning: Permanently added '10.128.1.17' (ECDSA) to the list of known hosts.
execve("./syz-executor2020153176", ["./syz-executor2020153176"], 0x7ffda5439b60 /* 10 vars */) = 0
brk(NULL)                               = 0x555555edf000
brk(0x555555edfc40)                     = 0x555555edfc40
arch_prctl(ARCH_SET_FS, 0x555555edf300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2020153176", 4096) = 28
brk(0x555555f00c40)                     = 0x555555f00c40
brk(0x555555f01000)                     = 0x555555f01000
mprotect(0x7fad58774000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fad502ba000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
munmap(0x7fad502ba000, 1048576)         = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
[   19.767437][   T30] audit: type=1400 audit(1672040950.269:62): avc:  denied  { execmem } for  pid=407 comm="syz-executor202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   19.780261][  T407] loop0: detected capacity change from 0 to 2048
[   19.787745][   T30] audit: type=1400 audit(1672040950.279:63): avc:  denied  { read write } for  pid=407 comm="syz-executor202" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   19.816813][   T30] audit: type=1400 audit(1672040950.279:64): avc:  denied  { open } for  pid=407 comm="syz-executor202" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   19.840794][   T30] audit: type=1400 audit(1672040950.279:65): avc:  denied  { ioctl } for  pid=407 comm="syz-executor202" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
creat("./file1", 000)                   = 4
[   19.848398][  T407] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   19.866562][   T30] audit: type=1400 audit(1672040950.289:66): avc:  denied  { mounton } for  pid=407 comm="syz-executor202" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   19.897511][  T407] ==================================================================
[   19.899629][   T30] audit: type=1400 audit(1672040950.369:67): avc:  denied  { mount } for  pid=407 comm="syz-executor202" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   19.906982][  T407] BUG: KASAN: use-after-free in ext4_find_extent+0x697/0xd80
[   19.907005][  T407] Read of size 4 at addr ffff88810979e268 by task syz-executor202/407
[   19.907017][  T407] 
[   19.907021][  T407] CPU: 1 PID: 407 Comm: syz-executor202 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[   19.928931][   T30] audit: type=1400 audit(1672040950.369:68): avc:  denied  { write } for  pid=407 comm="syz-executor202" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   19.935793][  T407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   19.943958][   T30] audit: type=1400 audit(1672040950.369:69): avc:  denied  { add_name } for  pid=407 comm="syz-executor202" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   19.945945][  T407] Call Trace:
[   19.945951][  T407]  <TASK>
[   19.956151][   T30] audit: type=1400 audit(1672040950.369:70): avc:  denied  { create } for  pid=407 comm="syz-executor202" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   19.977539][  T407]  dump_stack_lvl+0x151/0x1b7
[   19.977574][  T407]  ? bfq_pos_tree_add_move+0x43e/0x43e
[   19.977588][  T407]  ? __wake_up_klogd+0xd9/0x110
[   19.987708][   T30] audit: type=1400 audit(1672040950.369:71): avc:  denied  { write } for  pid=407 comm="syz-executor202" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   20.008088][  T407]  ? panic+0x727/0x727
[   20.008108][  T407]  print_address_description+0x87/0x3d0
[   20.008123][  T407]  kasan_report+0x1a6/0x1f0
[   20.008137][  T407]  ? __kasan_kmalloc+0x9/0x10
[   20.008151][  T407]  ? ext4_find_extent+0x697/0xd80
[   20.008166][  T407]  ? ext4_find_extent+0x697/0xd80
[   20.098703][  T407]  __asan_report_load4_noabort+0x14/0x20
[   20.104166][  T407]  ext4_find_extent+0x697/0xd80
[   20.108855][  T407]  ext4_clu_mapped+0xbb/0x950
[   20.113364][  T407]  ? ext4_es_lookup_extent+0x3c5/0x9d0
[   20.118661][  T407]  ext4_da_get_block_prep+0xa16/0x1410
[   20.123953][  T407]  ? ext4_da_release_space+0x480/0x480
[   20.129249][  T407]  ? alloc_page_buffers+0x354/0x3a0
[   20.134283][  T407]  ? _raw_spin_unlock+0x4d/0x70
[   20.138977][  T407]  ? __kasan_check_read+0x11/0x20
[   20.143828][  T407]  ? create_page_buffers+0x18e/0x210
[   20.148950][  T407]  __block_write_begin_int+0x6ae/0x17a0
[   20.154333][  T407]  ? ext4_da_release_space+0x480/0x480
[   20.159627][  T407]  ? page_zero_new_buffers+0x420/0x420
[   20.164919][  T407]  ? __kasan_check_write+0x14/0x20
[   20.169877][  T407]  ? ext4_readpage_inline+0x660/0x660
[   20.175073][  T407]  ? ext4_da_release_space+0x480/0x480
[   20.180373][  T407]  __block_write_begin+0x30/0x40
[   20.185144][  T407]  ext4_da_write_inline_data_begin+0x4ff/0xc70
[   20.191137][  T407]  ? ext4_journalled_write_inline_data+0x630/0x630
[   20.197466][  T407]  ? __brelse+0x5a/0xa0
[   20.201459][  T407]  ? ext4_xattr_ibody_get+0x636/0xb20
[   20.206667][  T407]  ext4_da_write_begin+0x533/0xbf0
[   20.211617][  T407]  ? cpumask_next_wrap+0x123/0x140
[   20.216560][  T407]  ? ext4_set_page_dirty+0x1a0/0x1a0
[   20.221683][  T407]  ? ext4_xattr_security_get+0x32/0x40
[   20.226984][  T407]  ? ext4_initxattrs+0x120/0x120
[   20.231750][  T407]  ? __vfs_getxattr+0x41d/0x450
[   20.236436][  T407]  ? fault_in_readable+0x1db/0x2e0
[   20.241385][  T407]  ? fault_in_safe_writeable+0x240/0x240
[   20.246852][  T407]  ? current_time+0x1c4/0x310
[   20.251364][  T407]  ? fault_in_iov_iter_readable+0x1bb/0x210
[   20.257092][  T407]  generic_perform_write+0x2cd/0x5d0
[   20.262216][  T407]  ? grab_cache_page_write_begin+0xa0/0xa0
[   20.267855][  T407]  ? down_write+0xdd/0x140
[   20.272107][  T407]  ? down_read_killable+0x250/0x250
[   20.277140][  T407]  ? generic_write_checks+0x3d8/0x490
[   20.282349][  T407]  ext4_buffered_write_iter+0x49b/0x630
[   20.287730][  T407]  ext4_file_write_iter+0x448/0x1cc0
[   20.292852][  T407]  ? __kasan_check_read+0x11/0x20
[   20.297713][  T407]  ? compat_start_thread+0x20/0x20
[   20.302661][  T407]  ? switch_mm_irqs_off+0x57f/0x860
[   20.307691][  T407]  ? avc_policy_seqno+0x1b/0x70
[   20.312376][  T407]  ? selinux_file_permission+0x2ae/0x520
[   20.317848][  T407]  ? ext4_file_read_iter+0x4b0/0x4b0
[   20.322967][  T407]  ? iov_iter_init+0x53/0x180
[   20.327481][  T407]  vfs_write+0xc8d/0x1050
[   20.331645][  T407]  ? __kasan_check_write+0x14/0x20
[   20.336594][  T407]  ? file_end_write+0x1b0/0x1b0
[   20.341281][  T407]  ? _raw_spin_unlock_irq+0x4e/0x70
[   20.346313][  T407]  ? ptrace_stop+0x6eb/0xa30
[   20.350747][  T407]  ? __kasan_check_read+0x11/0x20
[   20.355607][  T407]  ? __fdget_pos+0x27e/0x310
[   20.360028][  T407]  ksys_write+0x198/0x2c0
[   20.364192][  T407]  ? do_notify_parent+0xa60/0xa60
[   20.369257][  T407]  ? __ia32_sys_read+0x90/0x90
[   20.373851][  T407]  ? __x64_sys_creat+0x11f/0x160
[   20.378625][  T407]  ? __x64_compat_sys_openat+0x290/0x290
[   20.384092][  T407]  __x64_sys_write+0x7b/0x90
[   20.388530][  T407]  do_syscall_64+0x44/0xd0
[   20.392774][  T407]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   20.398501][  T407] RIP: 0033:0x7fad587067b9
[   20.402752][  T407] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   20.422195][  T407] RSP: 002b:00007fff754e6698 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   20.430542][  T407] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fad587067b9
[   20.438349][  T407] RDX: 00000000175d9003 RSI: 0000000020000200 RDI: 0000000000000004
[   20.446161][  T407] RBP: 00007fad586c6050 R08: 0000000000000000 R09: 0000000000000000
[   20.453973][  T407] R10: 000000000000079f R11: 0000000000000246 R12: 00007fad586c60e0
[   20.461789][  T407] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   20.469601][  T407]  </TASK>
[   20.472461][  T407] 
[   20.474630][  T407] The buggy address belongs to the page:
[   20.480102][  T407] page:ffffea000425e780 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10979e
[   20.490168][  T407] flags: 0x4000000000000000(zone=1)
[   20.495212][  T407] raw: 4000000000000000 ffffea000425e788 ffffea000425e788 0000000000000000
[   20.503627][  T407] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   20.512043][  T407] page dumped because: kasan: bad access detected
[   20.518292][  T407] page_owner info is not present (never set?)
[   20.524192][  T407] 
[   20.526362][  T407] Memory state around the buggy address:
[   20.531831][  T407]  ffff88810979e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.539727][  T407]  ffff88810979e180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.547627][  T407] >ffff88810979e200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.555521][  T407]                                                           ^
[   20.562814][  T407]  ffff88810979e280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683) = -1 EUCLEAN (Structure needs cleaning)
exit_group(0)                           = ?
+++ exited with 0 +++
[   20.