./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor968734906 <...> [ 3.271721][ T24] audit: type=1400 audit(1683243805.400:9): avc: denied { append open } for pid=74 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.275196][ T24] audit: type=1400 audit(1683243805.400:10): avc: denied { getattr } for pid=74 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.516169][ T91] udevd[91]: starting version 3.2.11 [ 3.575220][ T92] udevd[92]: starting eudev-3.2.11 [ 14.445559][ T24] kauditd_printk_skb: 50 callbacks suppressed [ 14.445569][ T24] audit: type=1400 audit(1683243816.600:61): avc: denied { transition } for pid=218 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.449626][ T24] audit: type=1400 audit(1683243816.600:62): avc: denied { noatsecure } for pid=218 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.454292][ T24] audit: type=1400 audit(1683243816.610:63): avc: denied { write } for pid=218 comm="sh" path="pipe:[12965]" dev="pipefs" ino=12965 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 14.461006][ T24] audit: type=1400 audit(1683243816.610:64): avc: denied { rlimitinh } for pid=218 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.469821][ T24] audit: type=1400 audit(1683243816.610:65): avc: denied { siginh } for pid=218 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.20' (ECDSA) to the list of known hosts. execve("./syz-executor968734906", ["./syz-executor968734906"], 0x7ffed83670a0 /* 10 vars */) = 0 brk(NULL) = 0x555555ee9000 brk(0x555555ee9c40) = 0x555555ee9c40 arch_prctl(ARCH_SET_FS, 0x555555ee9300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor968734906", 4096) = 27 brk(0x555555f0ac40) = 0x555555f0ac40 brk(0x555555f0b000) = 0x555555f0b000 mprotect(0x7fabd03a3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fabc7ee9000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 munmap(0x7fabc7ee9000, 1048576) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./bus", 0777) = 0 [ 23.894026][ T24] audit: type=1400 audit(1683243826.050:66): avc: denied { execmem } for pid=289 comm="syz-executor968" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.913647][ T24] audit: type=1400 audit(1683243826.060:67): avc: denied { read write } for pid=289 comm="syz-executor968" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 mount("/dev/loop0", "./bus", "ext4", MS_NOEXEC|MS_DIRSYNC|MS_RELATIME|MS_LAZYTIME, ",errors=continue") = 0 openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 chdir("./bus") = 0 ioctl(4, LOOP_CLR_FD) = 0 [ 23.920067][ T289] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.937937][ T24] audit: type=1400 audit(1683243826.060:68): avc: denied { open } for pid=289 comm="syz-executor968" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.946663][ T289] ext4 filesystem being mounted at /root/bus supports timestamps until 2038 (0x7fffffff) close(4) = 0 chdir("./file0") = 0 openat(AT_FDCWD, "./bus", O_RDONLY|O_CREAT, 000) = 4 openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME) = 5 writev(5, [{iov_base="\x3d\xf8\x7a\xdc\xd3\x23\xaa\xe8\x9c\xf0\x0a\xe1\xe9\x25\x77\x89\x55\x03\x18\x79\x23\xe4\x7c\xc0\x7d\xf6\xf0\xaa\x44\x82\x16\xf1\x51\x93\xf4\x5e\xf1\x89\xef\x6a\x4e\xf7\x3e\x0f\x02\xcd\x53\x57\x7e\xcd\x73\x88\xf7\x15\xe9\xe1\xe6\x60\x27\x20\x5a\xf7\x48\x81\xf1\xeb\x1b\xb9\xe5\xf8\x31\xf8\x6e\x52\x32\xfb\x5d\x16\x9c\x39\x1b\x7e\x47\x7a\xbf\x08\xe6\x27\x20\x10\x2f\x57\xf0\xf5\x92\xcd\x60\x38\xf8\x34"..., iov_len=180}, {iov_base="\x15\xe1\x62\x13\xf8\x62\x07\x2c\xd6\xf2\x8b\x79\x05\x83\xf4\x7a\x9e\xee\xe3\x71\x75\xbf\x8b\xcf\x74\x13\xb9\x76\xcf\x48\x7e\x5d\xaa\x30\x01\x52\xe4\x43\x61\x33\xec\xd3\x50\x7b\xb4\x51\x53\x67\x50\x2a\x21\x90\xb9\x04\xbf\xf5\x05\xf3\x12\xf1\xe6\x63\x10\xbe\x22\x09\x1e\x30\x89\x7c\x5d\xef\x53\xe6\x57\x92\x92\xf9\xd6\x7d\x39\x1d\x44\xdb\x36\x2c\x9d\x3b\xc9\x76\x9a\xa5\xd1\xd6\x9d\xe1\xfd\x08\x9c\xeb"..., iov_len=129}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], 5) = 309 [ 23.970788][ T24] audit: type=1400 audit(1683243826.060:69): avc: denied { ioctl } for pid=289 comm="syz-executor968" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.005722][ T24] audit: type=1400 audit(1683243826.060:70): avc: denied { mounton } for pid=289 comm="syz-executor968" path="/root/bus" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 24.028310][ T24] audit: type=1400 audit(1683243826.100:71): avc: denied { mount } for pid=289 comm="syz-executor968" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 24.053608][ T24] audit: type=1400 audit(1683243826.160:72): avc: denied { write } for pid=289 comm="syz-executor968" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 sendfile(5, 4, NULL, 131071) = 131071 mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 openat(AT_FDCWD, "./bus", O_RDONLY) = 6 openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME) = 7 write(7, "t", 1) = 1 sendfile(7, 6, NULL, 131071) = 131071 exit_group(0) = ? [ 24.075969][ T24] audit: type=1400 audit(1683243826.160:73): avc: denied { add_name } for pid=289 comm="syz-executor968" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 24.097026][ T24] audit: type=1400 audit(1683243826.160:74): avc: denied { create } for pid=289 comm="syz-executor968" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 24.117348][ T289] ------------[ cut here ]------------ [ 24.122118][ T24] audit: type=1400 audit(1683243826.160:75): avc: denied { read open } for pid=289 comm="syz-executor968" path="/root/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 24.122747][ T289] kernel BUG at fs/ext4/ext4.h:3247! [ 24.151280][ T289] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 24.157171][ T289] CPU: 0 PID: 289 Comm: syz-executor968 Not tainted 5.10.177-syzkaller #0 [ 24.165496][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 24.175416][ T289] RIP: 0010:ext4_mb_load_buddy_gfp+0xf5d/0x1020 [ 24.181470][ T289] Code: ff e8 47 3c c8 ff e9 f0 f2 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 52 f3 ff ff e8 4d 3c c8 ff e9 48 f3 ff ff e8 83 2e 8b ff <0f> 0b e9 62 00 00 00 e8 77 2e 8b ff e9 ef fb ff ff e9 65 00 00 00 [ 24.200921][ T289] RSP: 0018:ffffc90000b17a30 EFLAGS: 00010293 [ 24.206810][ T289] RAX: ffffffff81df3e6d RBX: 00000000fffff171 RCX: ffff88811d9e13c0 [ 24.214621][ T289] RDX: 0000000000000000 RSI: 00000000fffff171 RDI: 0000000000000001 [ 24.222443][ T289] RBP: ffffc90000b17ab0 R08: ffffffff81df2ffc R09: ffffed1021faf090 [ 24.230255][ T289] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 24.238063][ T289] R13: ffff88811e694000 R14: 1ffff11023cd2679 R15: ffff88811e6933c8 [ 24.245875][ T289] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 24.254657][ T289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.261057][ T289] CR2: 00007fabd0378a08 CR3: 000000000660f000 CR4: 00000000003506b0 [ 24.268874][ T289] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.276686][ T289] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.284492][ T289] Call Trace: [ 24.287627][ T289] ? _raw_spin_trylock_bh+0x190/0x190 [ 24.292836][ T289] ext4_discard_preallocations+0x79c/0xef0 [ 24.298479][ T289] ? mb_test_and_clear_bits+0x240/0x240 [ 24.303857][ T289] ext4_release_file+0x16e/0x310 [ 24.308628][ T289] ? ext4_file_open+0x660/0x660 [ 24.313312][ T289] __fput+0x309/0x760 [ 24.317132][ T289] ____fput+0x15/0x20 [ 24.320954][ T289] task_work_run+0x129/0x190 [ 24.325378][ T289] do_exit+0xc83/0x2a50 [ 24.329454][ T289] ? put_task_struct+0x80/0x80 [ 24.334055][ T289] ? _raw_spin_unlock_irq+0x4e/0x70 [ 24.339115][ T289] ? ptrace_notify+0x24c/0x350 [ 24.343690][ T289] ? do_notify_parent+0xa10/0xa10 [ 24.348551][ T289] ? debug_smp_processor_id+0x17/0x20 [ 24.353756][ T289] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 24.359657][ T289] do_group_exit+0x141/0x310 [ 24.364088][ T289] __x64_sys_exit_group+0x3f/0x40 [ 24.368942][ T289] do_syscall_64+0x34/0x70 [ 24.373202][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 24.378943][ T289] RIP: 0033:0x7fabd0334819 [ 24.383175][ T289] Code: Unable to access opcode bytes at RIP 0x7fabd03347ef. [ 24.390382][ T289] RSP: 002b:00007ffd0d85bef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 24.398631][ T289] RAX: ffffffffffffffda RBX: 00007fabd03a9370 RCX: 00007fabd0334819 [ 24.406541][ T289] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 24.414344][ T289] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 24.422240][ T289] R10: 000000000001ffff R11: 0000000000000246 R12: 00007fabd03a9370 [ 24.430065][ T289] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 24.437873][ T289] Modules linked in: [ 24.441699][ T289] ---[ end trace b578b9d4114da835 ]--- [ 24.446949][ T289] RIP: 0010:ext4_mb_load_buddy_gfp+0xf5d/0x1020 [ 24.452980][ T289] Code: ff e8 47 3c c8 ff e9 f0 f2 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 52 f3 ff ff e8 4d 3c c8 ff e9 48 f3 ff ff e8 83 2e 8b ff <0f> 0b e9 62 00 00 00 e8 77 2e 8b ff e9 ef fb ff ff e9 65 00 00 00 [ 24.472548][ T289] RSP: 0018:ffffc90000b17a30 EFLAGS: 00010293 [ 24.478453][ T289] RAX: ffffffff81df3e6d RBX: 00000000fffff171 RCX: ffff88811d9e13c0 [ 24.486253][ T289] RDX: 0000000000000000 RSI: 00000000fffff171 RDI: 0000000000000001 [ 24.494061][ T289] RBP: ffffc90000b17ab0 R08: ffffffff81df2ffc R09: ffffed1021faf090 [ 24.501855][ T289] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 24.509708][ T289] R13: ffff88811e694000 R14: 1ffff11023cd2679 R15: ffff88811e6933c8 [ 24.517691][ T289] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 24.526539][ T289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.533008][ T289] CR2: 00007fabd0378a08 CR3: 000000000660f000 CR4: 00000000003506b0 [ 24.540868][ T289] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.548657][ T289] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.556491][ T289] Kernel panic - not syncing: Fatal exception [ 24.562392][ T289] Kernel Offset: disabled [ 24.566499][ T289] Rebooting in 86400 seconds..