./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor597753719 <...> [ 12.999342][ T23] audit: type=1400 audit(1688716314.749:63): avc: denied { write } for pid=286 comm="sh" path="pipe:[550]" dev="pipefs" ino=550 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 13.004052][ T23] audit: type=1400 audit(1688716314.749:64): avc: denied { rlimitinh } for pid=286 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.006872][ T23] audit: type=1400 audit(1688716314.749:65): avc: denied { siginh } for pid=286 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.69' (ECDSA) to the list of known hosts. execve("./syz-executor597753719", ["./syz-executor597753719"], 0x7ffd20cc5b90 /* 10 vars */) = 0 brk(NULL) = 0x555556729000 brk(0x555556729c40) = 0x555556729c40 arch_prctl(ARCH_SET_FS, 0x555556729300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor597753719", 4096) = 27 brk(0x55555674ac40) = 0x55555674ac40 brk(0x55555674b000) = 0x55555674b000 mprotect(0x7f61c185c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f61b93a3000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7f61b93a3000, 262144) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 22.430926][ T23] audit: type=1400 audit(1688716324.179:66): avc: denied { execmem } for pid=356 comm="syz-executor597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.435376][ T23] audit: type=1400 audit(1688716324.189:67): avc: denied { read write } for pid=356 comm="syz-executor597" name="loop0" dev="devtmpfs" ino=9318 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.439075][ T23] audit: type=1400 audit(1688716324.189:68): avc: denied { open } for pid=356 comm="syz-executor597" path="/dev/loop0" dev="devtmpfs" ino=9318 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.442456][ T23] audit: type=1400 audit(1688716324.189:69): avc: denied { ioctl } for pid=356 comm="syz-executor597" path="/dev/loop0" dev="devtmpfs" ino=9318 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.446012][ T23] audit: type=1400 audit(1688716324.189:70): avc: denied { mounton } for pid=356 comm="syz-executor597" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.453346][ T356] ------------[ cut here ]------------ [ 22.458598][ T356] kernel BUG at fs/ext4/extents_status.c:202! [ 22.464686][ T356] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 22.470583][ T356] CPU: 1 PID: 356 Comm: syz-executor597 Not tainted 5.4.242-syzkaller-00020-g6d5c2c1877e5 #0 [ 22.480562][ T356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 22.490895][ T356] RIP: 0010:ext4_es_cache_extent+0x4c0/0x640 [ 22.496706][ T356] Code: d0 ff e9 fe fe ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 78 fe ff ff 4c 89 f7 e8 ca e0 d0 ff e9 6b fe ff ff e8 a0 26 a1 ff <0f> 0b 4c 89 7c 24 18 65 8b 1d fa 2c 3f 7e 89 d8 c1 e8 06 48 8d 3c [ 22.516147][ T356] RSP: 0018:ffff8881dc14ee00 EFLAGS: 00010293 [ 22.522047][ T356] RAX: ffffffff81c30420 RBX: 0000000000000000 RCX: ffff8881dc141f80 [ 22.529944][ T356] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 22.537755][ T356] RBP: ffff8881dc14ef08 R08: ffffffff81c3018e R09: 0000000000000003 [ 22.545569][ T356] R10: ffffffffffffffff R11: dffffc0000000001 R12: 1ffff1103d3998ea [ 22.553378][ T356] R13: dffffc0000000000 R14: ffff8881e9ccc754 R15: 0000000000000001 [ 22.561286][ T356] FS: 0000555556729300(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 22.570047][ T356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.576558][ T356] CR2: 0000555d940fffd8 CR3: 00000001dc0cc000 CR4: 00000000003406a0 [ 22.584391][ T356] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.592173][ T356] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.599983][ T356] Call Trace: [ 22.603122][ T356] ? __es_shrink+0x860/0x860 [ 22.607537][ T356] ext4_find_extent+0x4e1/0xda0 [ 22.612233][ T356] ext4_ext_map_blocks+0x289/0x7450 [ 22.617346][ T356] ? __unwind_start+0x708/0x890 [ 22.622031][ T356] ? deref_stack_reg+0x1f0/0x1f0 [ 22.626805][ T356] ? deref_stack_reg+0x1f0/0x1f0 [ 22.631579][ T356] ? ext4_ext_release+0x10/0x10 [ 22.636266][ T356] ? stack_trace_save+0x1c0/0x1c0 [ 22.641126][ T356] ? arch_stack_walk+0x111/0x140 [ 22.645924][ T356] ? check_preemption_disabled+0x9f/0x320 [ 22.651461][ T356] ? check_preemption_disabled+0x9f/0x320 [ 22.657031][ T356] ? debug_smp_processor_id+0x20/0x20 [ 22.662230][ T356] ? __down_read+0xf0/0x210 [ 22.666572][ T356] ? _raw_read_unlock+0x21/0x40 [ 22.671342][ T356] ? ext4_es_lookup_extent+0x54f/0x9c0 [ 22.676641][ T356] ext4_map_blocks+0x3b1/0x1c40 [ 22.681473][ T356] ? do_mount+0x688/0xe10 [ 22.685571][ T356] ? ksys_mount+0xc2/0xf0 [ 22.689827][ T356] ? __x64_sys_mount+0xb1/0xc0 [ 22.694423][ T356] ? ext4_issue_zeroout+0x150/0x150 [ 22.699451][ T356] ? __getblk_gfp+0x3a/0x720 [ 22.703988][ T356] ext4_getblk+0x112/0x540 [ 22.708232][ T356] ? ext4_data_block_valid+0xdd/0x2f0 [ 22.713451][ T356] ? __ext4_ext_check+0xb72/0x1480 [ 22.718474][ T356] ? ext4_get_block_trans+0x5b0/0x5b0 [ 22.723687][ T356] ext4_bread+0x89/0x390 [ 22.727768][ T356] ? lock_buffer+0x70/0x70 [ 22.732020][ T356] ? from_kgid_munged+0x7a0/0x7a0 [ 22.736872][ T356] ? _raw_spin_unlock+0x49/0x60 [ 22.741657][ T356] ext4_quota_read+0x180/0x280 [ 22.746249][ T356] v2_check_quota_file+0xf7/0x490 [ 22.751634][ T356] ? _raw_spin_lock+0xa4/0x1b0 [ 22.756234][ T356] ? asan.module_dtor+0x20/0x20 [ 22.760920][ T356] ? _raw_spin_lock+0xa4/0x1b0 [ 22.765520][ T356] ? _raw_spin_trylock_bh+0x190/0x190 [ 22.770735][ T356] dquot_load_quota_sb+0x6af/0xc00 [ 22.775679][ T356] vfs_load_quota_inode+0x3cf/0x660 [ 22.780755][ T356] ext4_enable_quotas+0x5a8/0x940 [ 22.785571][ T356] ? ext4_fill_flex_info+0x5e0/0x5e0 [ 22.790776][ T356] ? proc_create+0x230/0x230 [ 22.795206][ T356] ? ext4_fill_flex_info+0x53b/0x5e0 [ 22.801181][ T356] ? ext4_register_sysfs+0x1d9/0x210 [ 22.806302][ T356] ext4_fill_super+0x84d4/0x8d70 [ 22.811080][ T356] ? ext4_mount+0x40/0x40 [ 22.815363][ T356] ? vscnprintf+0x80/0x80 [ 22.819521][ T356] mount_bdev+0x22e/0x340 [ 22.823699][ T356] ? ext4_mount+0x40/0x40 [ 22.828027][ T356] legacy_get_tree+0xdf/0x170 [ 22.832535][ T356] ? ext4_lazyinit_thread+0xc60/0xc60 [ 22.837739][ T356] vfs_get_tree+0x85/0x260 [ 22.841992][ T356] do_new_mount+0x292/0x570 [ 22.846335][ T356] ? do_move_mount_old+0x160/0x160 [ 22.851280][ T356] ? security_capable+0x86/0xb0 [ 22.855965][ T356] do_mount+0x688/0xe10 [ 22.859957][ T356] ? copy_mount_string+0x30/0x30 [ 22.864732][ T356] ? copy_mount_options+0x2d0/0x300 [ 22.870467][ T356] ksys_mount+0xc2/0xf0 [ 22.874459][ T356] __x64_sys_mount+0xb1/0xc0 [ 22.879141][ T356] do_syscall_64+0xca/0x1c0 [ 22.883484][ T356] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 22.889216][ T356] Modules linked in: [ 22.893061][ T356] ---[ end trace db034c7eddf68f95 ]--- [ 22.898267][ T356] RIP: 0010:ext4_es_cache_extent+0x4c0/0x640 [ 22.904092][ T356] Code: d0 ff e9 fe fe ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 78 fe ff ff 4c 89 f7 e8 ca e0 d0 ff e9 6b fe ff ff e8 a0 26 a1 ff <0f> 0b 4c 89 7c 24 18 65 8b 1d fa 2c 3f 7e 89 d8 c1 e8 06 48 8d 3c [ 22.923777][ T356] RSP: 0018:ffff8881dc14ee00 EFLAGS: 00010293 [ 22.929649][ T356] RAX: ffffffff81c30420 RBX: 0000000000000000 RCX: ffff8881dc141f80 [ 22.937581][ T356] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 22.945396][ T356] RBP: ffff8881dc14ef08 R08: ffffffff81c3018e R09: 0000000000000003 [ 22.953195][ T356] R10: ffffffffffffffff R11: dffffc0000000001 R12: 1ffff1103d3998ea [ 22.960982][ T356] R13: dffffc0000000000 R14: ffff8881e9ccc754 R15: 0000000000000001 [ 22.968822][ T356] FS: 0000555556729300(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 22.977585][ T356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.984002][ T356] CR2: 0000555d940fffd8 CR3: 00000001dc0cc000 CR4: 00000000003406a0 [ 22.991819][ T356] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.999603][ T356] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.007437][ T356] Kernel panic - not syncing: Fatal exception [ 23.013489][ T356] Kernel Offset: disabled [ 23.017610][ T356] Rebooting in 86400 seconds..