./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1290273542 <...> Warning: Permanently added '10.128.0.61' (ED25519) to the list of known hosts. execve("./syz-executor1290273542", ["./syz-executor1290273542"], 0x7ffe1fed6540 /* 10 vars */) = 0 brk(NULL) = 0x555575b7a000 brk(0x555575b7ad00) = 0x555575b7ad00 arch_prctl(ARCH_SET_FS, 0x555575b7a380) = 0 set_tid_address(0x555575b7a650) = 358 set_robust_list(0x555575b7a660, 24) = 0 rseq(0x555575b7aca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1290273542", 4096) = 28 getrandom("\xff\xed\xae\x6e\x23\xba\x66\xed", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555575b7ad00 brk(0x555575b9bd00) = 0x555575b9bd00 brk(0x555575b9c000) = 0x555575b9c000 mprotect(0x7f4abfc13000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555575b7a650) = 359 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555575b7a650) = 360 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555575b7a650) = 361 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555575b7a650) = 362 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555575b7a650) = 363 ./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x555575b7a660, 24) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 362] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 362] close(3) = 0 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x555575b7a660, 24) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 362] <... clone resumed>, child_tidptr=0x555575b7a650) = 364 [pid 360] <... openat resumed>) = 3 [pid 360] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 360] close(3) = 0 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555575b7a650) = 365 ./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x555575b7a660, 24) = 0 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 364] setpgid(0, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "1000", 4) = 4 [pid 364] close(3) = 0 [pid 364] write(1, "executing program\n", 18executing program ./strace-static-x86_64: Process 365 attached ) = 18 ./strace-static-x86_64: Process 363 attached ./strace-static-x86_64: Process 361 attached ./strace-static-x86_64: Process 359 attached [pid 363] set_robust_list(0x555575b7a660, 24 [pid 361] set_robust_list(0x555575b7a660, 24 [pid 359] set_robust_list(0x555575b7a660, 24 [pid 363] <... set_robust_list resumed>) = 0 [pid 361] <... set_robust_list resumed>) = 0 [pid 359] <... set_robust_list resumed>) = 0 [pid 361] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 363] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 361] ioctl(3, LOOP_CLR_FD [pid 359] <... openat resumed>) = 3 [pid 363] <... openat resumed>) = 3 [pid 361] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] ioctl(3, LOOP_CLR_FD [pid 363] ioctl(3, LOOP_CLR_FD [pid 361] close(3 [pid 359] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 363] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 361] <... close resumed>) = 0 [pid 359] close(3 [pid 363] close(3 [pid 361] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] <... close resumed>) = 0 [pid 365] set_robust_list(0x555575b7a660, 24 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 363] <... close resumed>) = 0 [pid 361] <... clone resumed>, child_tidptr=0x555575b7a650) = 367 [pid 363] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] <... clone resumed>, child_tidptr=0x555575b7a650) = 368 [pid 365] <... set_robust_list resumed>) = 0 [pid 363] <... clone resumed>, child_tidptr=0x555575b7a650) = 369 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 364] memfd_create("syzkaller", 0) = 3 [pid 365] <... prctl resumed>) = 0 [pid 365] setpgid(0, 0) = 0 [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4ab7760000 [pid 364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 [pid 365] write(1, "executing program\n", 18executing program ) = 18 [pid 365] memfd_create("syzkaller", 0) = 3 [pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4ab7760000 [pid 365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 364] <... write resumed>) = 262144 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x555575b7a660, 24) = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0 [pid 365] <... write resumed>) = 262144 [pid 367] <... setpgid resumed>) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [ 24.633857][ T23] audit: type=1400 audit(1745527854.040:66): avc: denied { execmem } for pid=358 comm="syz-executor129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 367] close(3) = 0 [pid 364] munmap(0x7f4ab7760000, 138412032) = 0 [pid 367] write(1, "executing program\n", 18executing program ) = 18 [pid 367] memfd_create("syzkaller", 0) = 3 [pid 364] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 364] ioctl(4, LOOP_SET_FD, 3 [pid 367] <... mmap resumed>) = 0x7f4ab7760000 [pid 365] munmap(0x7f4ab7760000, 138412032) = 0 [pid 365] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 367] munmap(0x7f4ab7760000, 138412032) = 0 [pid 367] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x555575b7a660, 24) = 0 ./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x555575b7a660, 24) = 0 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 executing program [pid 369] <... prctl resumed>) = 0 [pid 369] setpgid(0, 0 [pid 364] <... ioctl resumed>) = 0 [pid 369] <... setpgid resumed>) = 0 [pid 364] close(3) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 364] close(4 [pid 369] <... openat resumed>) = 3 [pid 369] write(3, "1000", 4 [pid 364] <... close resumed>) = 0 [pid 369] <... write resumed>) = 4 [pid 369] close(3 [pid 364] mkdir("./bus", 0777 [pid 369] <... close resumed>) = 0 [pid 369] write(1, "executing program\n", 18) = 18 [pid 369] memfd_create("syzkaller", 0) = 3 [pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4ab7760000 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4 [pid 369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 368] <... write resumed>) = 4 [pid 368] close(3) = 0 [pid 369] <... write resumed>) = 262144 [pid 369] munmap(0x7f4ab7760000, 138412032) = 0 [pid 369] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 368] write(1, "executing program\n", 18executing program ) = 18 [pid 368] memfd_create("syzkaller", 0) = 3 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4ab7760000 [pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 368] munmap(0x7f4ab7760000, 138412032) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 364] <... mkdir resumed>) = 0 [ 24.671398][ T23] audit: type=1400 audit(1745527854.050:67): avc: denied { read write } for pid=362 comm="syz-executor129" name="loop3" dev="devtmpfs" ino=9412 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 364] mount("/dev/loop3", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "quota,oldalloc,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000000080,block_validity,j"... [pid 367] <... openat resumed>) = 4 [pid 365] <... openat resumed>) = 4 [pid 367] ioctl(4, LOOP_SET_FD, 3 [pid 365] ioctl(4, LOOP_SET_FD, 3 [pid 367] <... ioctl resumed>) = 0 [pid 367] close(3) = 0 [ 24.712553][ T23] audit: type=1400 audit(1745527854.050:68): avc: denied { open } for pid=362 comm="syz-executor129" path="/dev/loop3" dev="devtmpfs" ino=9412 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.737094][ T23] audit: type=1400 audit(1745527854.050:69): avc: denied { ioctl } for pid=362 comm="syz-executor129" path="/dev/loop3" dev="devtmpfs" ino=9412 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.751973][ T364] EXT4-fs (loop3): Ignoring removed oldalloc option [pid 367] close(4) = 0 [pid 369] <... openat resumed>) = 4 [pid 368] <... openat resumed>) = 4 [pid 368] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 368] close(3) = 0 [pid 368] close(4 [pid 369] ioctl(4, LOOP_SET_FD, 3 [pid 367] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 24.762882][ T23] audit: type=1400 audit(1745527854.120:70): avc: denied { mounton } for pid=364 comm="syz-executor129" path="/root/bus" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 24.769683][ T364] EXT4-fs: Warning: mounting with data=journal disables delayed allocation and O_DIRECT support! [ 24.801712][ T364] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 24.811838][ T364] EXT4-fs (loop3): Unsupported blocksize for fs encryption [pid 367] mount("/dev/loop2", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "quota,oldalloc,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000000080,block_validity,j"... [pid 368] <... close resumed>) = 0 [pid 368] mkdir("./bus", 0777 [pid 365] <... ioctl resumed>) = 0 [pid 368] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 365] close(3 [pid 368] mount("/dev/loop0", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "quota,oldalloc,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000000080,block_validity,j"... [pid 365] <... close resumed>) = 0 [pid 365] close(4 [pid 369] <... ioctl resumed>) = 0 [pid 369] close(3) = 0 [pid 369] close(4 [pid 365] <... close resumed>) = 0 [pid 365] mkdir("./bus", 0777) = -1 EEXIST (File exists) [pid 365] mount("/dev/loop1", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "quota,oldalloc,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000000080,block_validity,j"... [pid 369] <... close resumed>) = 0 [pid 369] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 24.890388][ T368] EXT4-fs (loop0): Ignoring removed oldalloc option [ 24.901372][ T365] EXT4-fs (loop1): Ignoring removed oldalloc option [ 24.901378][ T368] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 24.901564][ T368] EXT4-fs (loop0): Unsupported blocksize for fs encryption [ 24.907930][ T365] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [pid 369] mount("/dev/loop4", "./bus", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "quota,oldalloc,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000000080,block_validity,j"... [pid 368] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 364] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 364] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 24.926590][ T369] EXT4-fs (loop4): Ignoring removed oldalloc option [ 24.949549][ T367] EXT4-fs (loop2): Ignoring removed oldalloc option [ 24.959815][ T369] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 24.960500][ T367] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 24.971352][ T369] EXT4-fs (loop4): Unsupported blocksize for fs encryption [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 24.979682][ T367] EXT4-fs (loop2): Unsupported blocksize for fs encryption [ 24.993967][ T365] EXT4-fs (loop1): Unsupported blocksize for fs encryption [pid 368] ioctl(3, LOOP_CLR_FD [pid 364] <... openat resumed>) = 3 [pid 364] ioctl(3, LOOP_CLR_FD [pid 369] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 369] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 365] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 365] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 365] ioctl(3, LOOP_CLR_FD [pid 368] <... ioctl resumed>) = 0 [pid 368] close(3) = 0 [pid 367] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 368] memfd_create("syzkaller", 0 [pid 367] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 368] <... memfd_create resumed>) = 3 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4ab7760000 [pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 368] munmap(0x7f4ab7760000, 138412032) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 369] <... openat resumed>) = 3 [pid 369] ioctl(3, LOOP_CLR_FD [pid 368] <... openat resumed>) = 4 [pid 367] <... openat resumed>) = 3 [pid 368] ioctl(4, LOOP_SET_FD, 3 [pid 367] ioctl(3, LOOP_CLR_FD [pid 364] <... ioctl resumed>) = 0 [pid 364] close(3) = 0 [pid 364] memfd_create("syzkaller", 0) = 3 [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4ab7760000 [pid 364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 364] munmap(0x7f4ab7760000, 138412032) = 0 [pid 364] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 368] <... ioctl resumed>) = 0 [pid 365] <... ioctl resumed>) = 0 [pid 368] close(3) = 0 [pid 368] close(4) = 0 [pid 368] mkdir("./file1", 0777) = 0 [pid 368] mount("/dev/loop0", "./file1", "ext4", MS_NODIRATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 369] <... ioctl resumed>) = 0 [pid 364] <... openat resumed>) = 4 [pid 369] close(3 [pid 364] ioctl(4, LOOP_SET_FD, 3 [pid 369] <... close resumed>) = 0 [pid 369] memfd_create("syzkaller", 0) = 3 [pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4ab7760000 [pid 365] close(3 [pid 364] <... ioctl resumed>) = 0 [pid 364] close(3) = 0 [pid 364] close(4 [pid 369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 369] munmap(0x7f4ab7760000, 138412032) = 0 [pid 369] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 368] <... mount resumed>) = 0 [pid 368] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 368] chdir("./file1") = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 369] <... openat resumed>) = 4 [pid 364] <... close resumed>) = 0 [pid 369] ioctl(4, LOOP_SET_FD, 3 [pid 364] mkdir("./file1", 0777) = -1 EEXIST (File exists) [ 25.287301][ T368] EXT4-fs (loop0): 1 orphan inode deleted [ 25.293010][ T368] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.302126][ T368] ext4 filesystem being mounted at /root/file1 supports timestamps until (%ptR?) (0x7fffffff) [ 25.302180][ T23] audit: type=1400 audit(1745527854.710:71): avc: denied { mount } for pid=368 comm="syz-executor129" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 364] mount("/dev/loop3", "./file1", "ext4", MS_NODIRATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 368] <... openat resumed>) = 4 [pid 367] <... ioctl resumed>) = 0 [pid 365] <... close resumed>) = 0 [pid 368] ioctl(4, LOOP_CLR_FD [pid 367] close(3 [pid 365] memfd_create("syzkaller", 0 [pid 368] <... ioctl resumed>) = 0 [pid 367] <... close resumed>) = 0 [pid 365] <... memfd_create resumed>) = 3 [pid 368] close(4 [pid 367] memfd_create("syzkaller", 0 [pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 369] <... ioctl resumed>) = 0 [pid 368] <... close resumed>) = 0 [pid 367] <... memfd_create resumed>) = 3 [pid 365] <... mmap resumed>) = 0x7f4ab7760000 [pid 368] openat(AT_FDCWD, "/dev/loop3", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|FASYNC, 000 [pid 367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 25.345333][ T23] audit: type=1400 audit(1745527854.750:72): avc: denied { mounton } for pid=364 comm="syz-executor129" path="/root/file1" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 368] <... openat resumed>) = 4 [pid 367] <... mmap resumed>) = 0x7f4ab7760000 [pid 365] <... write resumed>) = 262144 [pid 368] ioctl(4, BLKDISCARD, [0, 0] [pid 367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 365] munmap(0x7f4ab7760000, 138412032 [pid 369] close(3 [pid 368] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 367] <... write resumed>) = 262144 [pid 365] <... munmap resumed>) = 0 [pid 369] <... close resumed>) = 0 [pid 368] exit_group(0 [pid 367] munmap(0x7f4ab7760000, 138412032 [pid 365] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 369] close(4 [pid 368] <... exit_group resumed>) = ? [pid 367] <... munmap resumed>) = 0 [pid 365] <... openat resumed>) = 4 [pid 367] openat(AT_FDCWD, "/dev/loop2", O_RDWR [ 25.421436][ T364] ------------[ cut here ]------------ [ 25.426714][ T364] kernel BUG at fs/buffer.c:3027! [ 25.431937][ T364] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 25.437829][ T364] CPU: 1 PID: 364 Comm: syz-executor129 Not tainted 5.4.290-syzkaller-00001-g986c38813dff #0 [ 25.448052][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 25.458579][ T364] RIP: 0010:submit_bh_wbc+0x897/0x8c0 [ 25.463808][ T364] Code: 4d b8 80 e1 07 80 c1 03 38 c1 0f 8c fe fd ff ff 48 8b 7d b8 e8 6a 6d ea ff e9 f0 fd ff ff e8 10 cd b9 ff 0f 0b e8 09 cd b9 ff <0f> 0b e8 02 cd b9 ff 0f 0b e8 fb cc b9 ff 0f 0b e8 f4 cc b9 ff 0f [ 25.483242][ T364] RSP: 0018:ffff8881ee75f6a8 EFLAGS: 00010293 [ 25.489110][ T364] RAX: ffffffff81abcdc7 RBX: 0000000000000000 RCX: ffff8881f0d16e40 [ 25.496910][ T364] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 25.504742][ T364] RBP: ffff8881ee75f748 R08: ffffffff81abc5d3 R09: ffffed103b95ee16 [ 25.512541][ T364] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 25.520364][ T364] R13: 0000000000000000 R14: ffff8881dcaf70a8 R15: dffffc0000000000 [ 25.528165][ T364] FS: 0000555575b7a380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 25.536924][ T364] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.543346][ T364] CR2: 00007f4abfbe7468 CR3: 00000001ef079000 CR4: 00000000003406a0 [ 25.551158][ T364] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.559144][ T364] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.566954][ T364] Call Trace: [ 25.570090][ T364] ? __die+0xbc/0x100 [ 25.573898][ T364] ? die+0x2a/0x50 [ 25.577457][ T364] ? do_trap+0x1a4/0x310 [ 25.581538][ T364] ? do_invalid_op+0x105/0x120 [ 25.586135][ T364] ? submit_bh_wbc+0x897/0x8c0 [ 25.590732][ T364] ? submit_bh_wbc+0x897/0x8c0 [ 25.595338][ T364] ? invalid_op+0x1e/0x30 [ 25.599502][ T364] ? submit_bh_wbc+0xa3/0x8c0 [ 25.604010][ T364] ? submit_bh_wbc+0x897/0x8c0 [ 25.608613][ T364] ? submit_bh_wbc+0x897/0x8c0 [ 25.613214][ T364] ? submit_bh_wbc+0x897/0x8c0 [ 25.617820][ T364] ? try_to_del_timer_sync+0x150/0x150 [ 25.623108][ T364] ? schedule+0x147/0x1c0 [ 25.627278][ T364] submit_bh+0x28/0x40 [ 25.631188][ T364] read_mmp_block+0x1a2/0x8a0 [ 25.635705][ T364] ? run_local_timers+0x160/0x160 [ 25.640563][ T364] ? ext4_multi_mount_protect+0xa50/0xa50 [ 25.646210][ T364] ? prandom_u32+0x236/0x270 [ 25.650627][ T364] ext4_multi_mount_protect+0x5e1/0xa50 [ 25.656037][ T364] ? __dump_mmp_msg+0xa0/0xa0 [ 25.660541][ T364] ? __kasan_check_write+0x14/0x20 [ 25.665472][ T364] ext4_fill_super+0x5cf7/0x8d90 [ 25.670254][ T364] ? ext4_mount+0x40/0x40 [ 25.674411][ T364] ? memcpy+0x49/0x60 [ 25.678222][ T364] ? vscnprintf+0x80/0x80 [ 25.682394][ T364] ? sb_set_blocksize+0xa8/0xf0 [ 25.687080][ T364] mount_bdev+0x273/0x380 [ 25.691249][ T364] ? ext4_mount+0x40/0x40 [ 25.695407][ T364] ext4_mount+0x34/0x40 [ 25.699401][ T364] legacy_get_tree+0xee/0x190 [ 25.703915][ T364] ? ext4_lazyinit_thread+0xc70/0xc70 [ 25.709128][ T364] vfs_get_tree+0x88/0x290 [ 25.713376][ T364] do_new_mount+0x292/0x570 [ 25.717799][ T364] ? cap_capable+0x1ce/0x270 [ 25.722229][ T364] ? do_move_mount_old+0x160/0x160 [ 25.727169][ T364] ? security_capable+0x87/0xb0 [ 25.731870][ T364] ? ns_capable+0x89/0xe0 [ 25.736044][ T364] do_mount+0x688/0xe10 [ 25.740019][ T364] ? copy_mount_options+0x5f/0x330 [ 25.744974][ T364] ? copy_mount_string+0x30/0x30 [ 25.749738][ T364] ? copy_mount_options+0x2bf/0x330 [ 25.754774][ T364] ksys_mount+0xcc/0x100 [ 25.758858][ T364] __x64_sys_mount+0xbf/0xd0 [ 25.763285][ T364] do_syscall_64+0xd8/0x170 [ 25.767627][ T364] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 25.773385][ T364] RIP: 0033:0x7f4abfba059a [ 25.777612][ T364] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 25.797128][ T364] RSP: 002b:00007ffd7c838b08 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 25.805516][ T364] RAX: ffffffffffffffda RBX: 00007ffd7c838b60 RCX: 00007f4abfba059a [ 25.813515][ T364] RDX: 0000200000000100 RSI: 0000200000000200 RDI: 00007ffd7c838b60 [pid 365] ioctl(4, LOOP_SET_FD, 3 [pid 369] <... close resumed>) = 0 [pid 368] +++ exited with 0 +++ [pid 367] <... openat resumed>) = 4 [pid 369] mkdir("./file1", 0777) = -1 EEXIST (File exists) [ 25.821460][ T364] RBP: 0000200000000200 R08: 00007ffd7c838ba0 R09: 000000000000050d [ 25.829264][ T364] R10: 0000000003000800 R11: 0000000000000206 R12: 0000200000000100 [ 25.837290][ T364] R13: 00007ffd7c838ba0 R14: 0000000000000513 R15: 00002000000006c0 [ 25.845179][ T364] Modules linked in: [ 25.849030][ T364] ---[ end trace 7be708b168a7fab0 ]--- [ 25.854472][ T364] RIP: 0010:submit_bh_wbc+0x897/0x8c0 [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 369] mount("/dev/loop4", "./file1", "ext4", MS_NODIRATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 367] ioctl(4, LOOP_SET_FD, 3 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 365] <... ioctl resumed>) = 0 [pid 365] close(3) = 0 [pid 367] <... ioctl resumed>) = 0 [pid 365] close(4 [pid 359] <... openat resumed>) = 3 [pid 359] ioctl(3, LOOP_CLR_FD [pid 367] close(3) = 0 [ 25.861618][ T364] Code: 4d b8 80 e1 07 80 c1 03 38 c1 0f 8c fe fd ff ff 48 8b 7d b8 e8 6a 6d ea ff e9 f0 fd ff ff e8 10 cd b9 ff 0f 0b e8 09 cd b9 ff <0f> 0b e8 02 cd b9 ff 0f 0b e8 fb cc b9 ff 0f 0b e8 f4 cc b9 ff 0f [ 25.881471][ T364] RSP: 0018:ffff8881ee75f6a8 EFLAGS: 00010293 [ 25.890377][ T364] RAX: ffffffff81abcdc7 RBX: 0000000000000000 RCX: ffff8881f0d16e40 [ 25.898221][ T364] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 25.906340][ T364] RBP: ffff8881ee75f748 R08: ffffffff81abc5d3 R09: ffffed103b95ee16 [ 25.914170][ T364] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 25.922136][ T364] R13: 0000000000000000 R14: ffff8881dcaf70a8 R15: dffffc0000000000 [ 25.930825][ T364] FS: 0000555575b7a380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 25.939600][ T364] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.946004][ T364] CR2: 00007f4abfbe7468 CR3: 00000001ef079000 CR4: 00000000003406a0 [ 25.953827][ T364] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.961616][ T364] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.969499][ T364] Kernel panic - not syncing: Fatal exception [ 25.975582][ T364] Kernel Offset: disabled [ 25.979714][ T364] Rebooting in 86400 seconds..