./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1553565567 <...> Warning: Permanently added '10.128.0.173' (ED25519) to the list of known hosts. execve("./syz-executor1553565567", ["./syz-executor1553565567"], 0x7ffc2fa044f0 /* 10 vars */) = 0 brk(NULL) = 0x555592d56000 brk(0x555592d56d00) = 0x555592d56d00 arch_prctl(ARCH_SET_FS, 0x555592d56380) = 0 set_tid_address(0x555592d56650) = 282 set_robust_list(0x555592d56660, 24) = 0 rseq(0x555592d56ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1553565567", 4096) = 28 getrandom("\x6b\x90\x01\x5f\x74\x5d\xbd\x88", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555592d56d00 brk(0x555592d77d00) = 0x555592d77d00 brk(0x555592d78000) = 0x555592d78000 mprotect(0x7f2340a9f000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f23385ef000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f23385ef000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 [ 40.411483][ T24] audit: type=1400 audit(1750146781.020:64): avc: denied { execmem } for pid=282 comm="syz-executor155" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 40.439773][ T24] audit: type=1400 audit(1750146781.050:65): avc: denied { read write } for pid=282 comm="syz-executor155" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 40.464248][ T24] audit: type=1400 audit(1750146781.050:66): avc: denied { open } for pid=282 comm="syz-executor155" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 close(4) = 0 mkdir("./file1", 0777) = 0 [ 40.488631][ T24] audit: type=1400 audit(1750146781.050:67): avc: denied { ioctl } for pid=282 comm="syz-executor155" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 40.516785][ T282] ====================================================== [ 40.516785][ T282] WARNING: the mand mount option is being deprecated and [ 40.516785][ T282] will be removed in v5.15! [ 40.516785][ T282] ====================================================== [ 40.516820][ T24] audit: type=1400 audit(1750146781.130:68): avc: denied { mounton } for pid=282 comm="syz-executor155" path="/root/file1" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 40.645516][ T282] EXT4-fs (loop0): Ignoring removed nobh option [ 40.651922][ T282] EXT4-fs (loop0): Ignoring removed bh option [ 40.658246][ T282] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 openat(AT_FDCWD, "./file1", O_RDWR) = 4 pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 061) = 5 [ 40.680993][ T282] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 40.705860][ T24] audit: type=1400 audit(1750146781.320:69): avc: denied { mount } for pid=282 comm="syz-executor155" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 truncate("./file1", 5) = 0 openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6 [ 40.739129][ T282] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor155: Allocating blocks 497-513 which overlap fs metadata [ 40.741362][ T24] audit: type=1400 audit(1750146781.320:70): avc: denied { read write } for pid=282 comm="syz-executor155" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 40.777333][ T24] audit: type=1400 audit(1750146781.320:71): avc: denied { open } for pid=282 comm="syz-executor155" path="/root/file1/file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 40.780705][ T282] ------------[ cut here ]------------ [ 40.806875][ T282] kernel BUG at fs/ext4/extents.c:1014! [ 40.813095][ T282] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 40.819208][ T282] CPU: 0 PID: 282 Comm: syz-executor155 Not tainted 5.10.238-syzkaller-00282-gd76d4cd0623a #0 [ 40.829466][ T282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 40.839586][ T282] RIP: 0010:ext4_ext_insert_index+0x52d/0x530 [ 40.845688][ T282] Code: 4c 89 fa e9 ca fd ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c dd fd ff ff 4c 89 f7 e8 ad a2 d3 ff e9 d0 fd ff ff e8 83 b2 99 ff <0f> 0b 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec c0 00 00 [ 40.865425][ T282] RSP: 0018:ffffc90000b26b20 EFLAGS: 00010293 [ 40.871548][ T282] RAX: ffffffff81c9e18d RBX: ffff888120a18424 RCX: ffff88811d443b40 [ 40.879585][ T282] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 40.887726][ T282] RBP: ffffc90000b26b90 R08: dffffc0000000000 R09: ffffed1024282b3c [ 40.895772][ T282] R10: ffffed1024282b3c R11: 1ffff11024282b3b R12: 0000000000000000 [ 40.903821][ T282] R13: 00000000000000cb R14: 00000000fffffffe R15: 0000000000000054 [ 40.911856][ T282] FS: 0000555592d56380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 40.920855][ T282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.927500][ T282] CR2: 000020000002c0bf CR3: 000000011daa7000 CR4: 00000000003506b0 [ 40.935535][ T282] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.943572][ T282] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.951596][ T282] Call Trace: [ 40.954960][ T282] ext4_ext_insert_extent+0x38c3/0x4530 [ 40.960582][ T282] ? ext4_ext_next_allocated_block+0x2e0/0x2e0 [ 40.966810][ T282] ? get_implied_cluster_alloc+0x526/0x940 [ 40.972691][ T282] ext4_ext_map_blocks+0x148c/0x5d40 [ 40.978056][ T282] ? _raw_write_trylock+0x140/0x140 [ 40.983318][ T282] ? _raw_write_unlock+0x2b/0x60 [ 40.988418][ T282] ? ext4_ext_release+0x10/0x10 [ 40.993346][ T282] ? ext4_fc_track_template+0xb5/0x600 [ 40.998870][ T282] ? ext4_fc_track_range+0x250/0x250 [ 41.004294][ T282] ? ext4_es_lookup_extent+0x32d/0x8c0 [ 41.009819][ T282] ext4_map_blocks+0x978/0x1bc0 [ 41.014739][ T282] ? __kasan_slab_alloc+0xbd/0xf0 [ 41.019827][ T282] ? slab_post_alloc_hook+0x5d/0x2f0 [ 41.025178][ T282] ? kmem_cache_alloc+0x165/0x2e0 [ 41.030277][ T282] ? ext4_issue_zeroout+0x1a0/0x1a0 [ 41.035644][ T282] _ext4_get_block+0x1bb/0x4b0 [ 41.040504][ T282] ? ext4_get_block+0x50/0x50 [ 41.045249][ T282] ? slab_post_alloc_hook+0x7d/0x2f0 [ 41.050614][ T282] ext4_get_block_unwritten+0x2a/0x40 [ 41.056059][ T282] ext4_block_write_begin+0x567/0x1330 [ 41.061588][ T282] ? alloc_page_buffers+0x3aa/0x4a0 [ 41.066846][ T282] ? _ext4_get_block+0x4b0/0x4b0 [ 41.071935][ T282] ? ext4_print_free_blocks+0x2c0/0x2c0 [ 41.077554][ T282] ? __kasan_check_read+0x11/0x20 [ 41.082654][ T282] ? ext4_inode_journal_mode+0x19a/0x480 [ 41.088381][ T282] ext4_write_begin+0x651/0x1550 [ 41.093402][ T282] ? unwind_get_return_address+0x4d/0x90 [ 41.099097][ T282] ? ext4_readahead+0x110/0x110 [ 41.104009][ T282] ? ext4_get_group_desc+0x25f/0x2b0 [ 41.109806][ T282] ? __kasan_check_read+0x11/0x20 [ 41.114904][ T282] ? mark_buffer_dirty+0x1cc/0x330 [ 41.120085][ T282] ? __ext4_handle_dirty_metadata+0x2eb/0x7f0 [ 41.126223][ T282] ? __kasan_check_write+0x14/0x20 [ 41.131409][ T282] ext4_da_write_begin+0x455/0xe80 [ 41.136608][ T282] ? ext4_set_page_dirty+0x1a0/0x1a0 [ 41.141973][ T282] ? down_read_killable+0xe0/0xe0 [ 41.147077][ T282] ? __ext4_journal_stop+0x36/0x1a0 [ 41.152345][ T282] ? ext4_write_end+0xa00/0xed0 [ 41.157275][ T282] ? iov_iter_advance+0x1f7/0x750 [ 41.162381][ T282] generic_perform_write+0x2be/0x510 [ 41.167745][ T282] ? grab_cache_page_write_begin+0xb0/0xb0 [ 41.173623][ T282] ? down_write+0xac/0x110 [ 41.178101][ T282] ? down_read_killable+0xe0/0xe0 [ 41.183189][ T282] ? __switch_to+0x50f/0xfc0 [ 41.187843][ T282] ? generic_write_checks+0x3d4/0x480 [ 41.193284][ T282] ext4_buffered_write_iter+0x4b8/0x640 [ 41.198913][ T282] ext4_file_write_iter+0x536/0x1980 [ 41.204268][ T282] ? _raw_spin_unlock_irq+0x4e/0x70 [ 41.209560][ T282] ? finish_task_switch+0x12e/0x5a0 [ 41.214925][ T282] ? avc_policy_seqno+0x1b/0x70 [ 41.219845][ T282] ? selinux_file_permission+0x2a5/0x510 [ 41.225609][ T282] ? ext4_file_read_iter+0x530/0x530 [ 41.230986][ T282] ? security_file_permission+0x83/0xa0 [ 41.236615][ T282] ? iov_iter_init+0x3f/0x120 [ 41.241382][ T282] vfs_write+0x725/0xd60 [ 41.245703][ T282] ? kernel_write+0x3c0/0x3c0 [ 41.250457][ T282] ? ptrace_stop+0x69f/0x9c0 [ 41.255126][ T282] ? ptrace_notify+0x1c4/0x250 [ 41.259959][ T282] ? __kasan_check_read+0x11/0x20 [ 41.265050][ T282] ? __fdget+0x15b/0x230 [ 41.269652][ T282] __x64_sys_pwrite64+0x191/0x220 [ 41.274919][ T282] ? ksys_pwrite64+0x1b0/0x1b0 [ 41.279786][ T282] ? syscall_trace_enter+0x4b/0x170 [ 41.285065][ T282] do_syscall_64+0x31/0x40 [ 41.289565][ T282] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 41.295529][ T282] RIP: 0033:0x7f2340a2cbf9 [ 41.300094][ T282] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 41.319951][ T282] RSP: 002b:00007ffc758e7ed8 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 41.328430][ T282] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f2340a2cbf9 [ 41.336485][ T282] RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000006 [ 41.344815][ T282] RBP: 0000200000000040 R08: 0000000000000000 R09: 0000000000000000 [ 41.352962][ T282] R10: 0000000000009000 R11: 0000000000000246 R12: 0031656c69662f2e [ 41.361043][ T282] R13: 5f646165726f6964 R14: 65726f6e67693d72 R15: 00007f2340a7505e [ 41.369384][ T282] Modules linked in: [ 41.374275][ T282] ---[ end trace 52dd77d2decb3d46 ]--- [ 41.379847][ T282] RIP: 0010:ext4_ext_insert_index+0x52d/0x530 [ 41.385979][ T282] Code: 4c 89 fa e9 ca fd ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c dd fd ff ff 4c 89 f7 e8 ad a2 d3 ff e9 d0 fd ff ff e8 83 b2 99 ff <0f> 0b 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec c0 00 00 [ 41.406002][ T282] RSP: 0018:ffffc90000b26b20 EFLAGS: 00010293 [ 41.412596][ T282] RAX: ffffffff81c9e18d RBX: ffff888120a18424 RCX: ffff88811d443b40 [ 41.420772][ T282] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 41.428858][ T282] RBP: ffffc90000b26b90 R08: dffffc0000000000 R09: ffffed1024282b3c [ 41.436907][ T282] R10: ffffed1024282b3c R11: 1ffff11024282b3b R12: 0000000000000000 [ 41.444962][ T282] R13: 00000000000000cb R14: 00000000fffffffe R15: 0000000000000054 [ 41.453026][ T282] FS: 0000555592d56380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 41.462081][ T282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.468781][ T282] CR2: 000020000002c0bf CR3: 000000011daa7000 CR4: 00000000003506b0 [ 41.476789][ T282] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.484851][ T282] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.492894][ T282] Kernel panic - not syncing: Fatal exception [ 41.499265][ T282] Kernel Offset: disabled [ 41.503639][ T282] Rebooting in 86400 seconds..