./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3282555841 <...> [ 4.164221][ T98] udevd[98]: starting version 3.2.11 [ 4.243155][ T99] udevd[99]: starting eudev-3.2.11 [ 5.672339][ T151] cmp (151) used greatest stack depth: 22960 bytes left [ 11.414138][ T28] kauditd_printk_skb: 50 callbacks suppressed [ 11.414150][ T28] audit: type=1400 audit(1686788262.368:61): avc: denied { transition } for pid=219 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.419908][ T28] audit: type=1400 audit(1686788262.368:62): avc: denied { noatsecure } for pid=219 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.425041][ T28] audit: type=1400 audit(1686788262.378:63): avc: denied { write } for pid=219 comm="sh" path="pipe:[13666]" dev="pipefs" ino=13666 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 11.430842][ T28] audit: type=1400 audit(1686788262.378:64): avc: denied { rlimitinh } for pid=219 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.435095][ T28] audit: type=1400 audit(1686788262.378:65): avc: denied { siginh } for pid=219 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.044654][ T220] sshd (220) used greatest stack depth: 22928 bytes left Warning: Permanently added '10.128.0.68' (ECDSA) to the list of known hosts. execve("./syz-executor3282555841", ["./syz-executor3282555841"], 0x7ffc3806d550 /* 10 vars */) = 0 brk(NULL) = 0x5555573a0000 brk(0x5555573a0c40) = 0x5555573a0c40 arch_prctl(ARCH_SET_FS, 0x5555573a0300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3282555841", 4096) = 28 brk(0x5555573c1c40) = 0x5555573c1c40 brk(0x5555573c2000) = 0x5555573c2000 mprotect(0x7f5e64c94000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5e5c7db000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 munmap(0x7f5e5c7db000, 65536) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./mnt", 0777) = 0 [ 20.610056][ T28] audit: type=1400 audit(1686788271.568:66): avc: denied { execmem } for pid=290 comm="syz-executor328" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.618094][ T290] loop0: detected capacity change from 0 to 128 [ 20.629571][ T28] audit: type=1400 audit(1686788271.578:67): avc: denied { read write } for pid=290 comm="syz-executor328" name="loop0" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.659846][ T28] audit: type=1400 audit(1686788271.578:68): avc: denied { open } for pid=290 comm="syz-executor328" path="/dev/loop0" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.684016][ T290] EXT4-fs: Ignoring removed bh option [ 20.684182][ T28] audit: type=1400 audit(1686788271.578:69): avc: denied { ioctl } for pid=290 comm="syz-executor328" path="/dev/loop0" dev="devtmpfs" ino=113 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.690463][ T290] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 20.714600][ T28] audit: type=1400 audit(1686788271.598:70): avc: denied { mounton } for pid=290 comm="syz-executor328" path="/root/mnt" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 20.714634][ T28] audit: type=1400 audit(1686788271.618:71): avc: denied { module_request } for pid=290 comm="syz-executor328" kmod="crypto-hmac(sha512)" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 20.770425][ T290] EXT4-fs (loop0): Test dummy encryption mode enabled [ 20.778612][ T290] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 20.787177][ T28] audit: type=1400 audit(1686788271.748:72): avc: denied { mount } for pid=290 comm="syz-executor328" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 mount("/dev/loop0", "./mnt", "ext4", MS_SYNCHRONOUS, "test_dummy_encryption,stripe=0x0000000000000005,min_batch_time=0x0000000000000005,bh,dioread_nolock,"...) = 0 openat(AT_FDCWD, "./mnt", O_RDONLY|O_DIRECTORY) = 3 chdir("./mnt") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 fallocate(4, 0, 0, 7) = 0 openat(AT_FDCWD, "blkio.bfq.sectors", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 36864 open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 6 open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 7 ftruncate(7, 33587195) = 0 [ 20.795611][ T290] ext4 filesystem being mounted at /root/mnt supports timestamps until 2038 (0x7fffffff) [ 20.820620][ T28] audit: type=1400 audit(1686788271.778:73): avc: denied { write } for pid=290 comm="syz-executor328" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 20.834527][ T290] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 20.842512][ T28] audit: type=1400 audit(1686788271.778:74): avc: denied { add_name } for pid=290 comm="syz-executor328" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 20.860788][ T290] ------------[ cut here ]------------ [ 20.869910][ T28] audit: type=1400 audit(1686788271.778:75): avc: denied { create } for pid=290 comm="syz-executor328" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 20.875116][ T290] kernel BUG at fs/buffer.c:2717! [ 20.900089][ T290] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 20.905933][ T290] CPU: 1 PID: 290 Comm: syz-executor328 Not tainted 6.1.25-syzkaller-00068-g60662882b7bd #0 [ 20.915834][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 20.925719][ T290] RIP: 0010:submit_bh_wbc+0x4e2/0x4f0 [ 20.930926][ T290] Code: d4 4b e7 ff e9 b0 fe ff ff e8 9a 63 a1 ff 0f 0b e8 93 63 a1 ff 0f 0b e8 8c 63 a1 ff 0f 0b e8 85 63 a1 ff 0f 0b e8 7e 63 a1 ff <0f> 0b e8 77 63 a1 ff 0f 0b 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 [ 20.950367][ T290] RSP: 0018:ffffc90000d16e10 EFLAGS: 00010293 [ 20.956269][ T290] RAX: ffffffff81d26032 RBX: 0000000000000800 RCX: ffff888109485100 [ 20.964076][ T290] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000000000000000 [ 20.971892][ T290] RBP: ffffc90000d16e60 R08: ffffffff81d25cb0 R09: ffffed1023e27201 [ 20.979702][ T290] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000814 [ 20.987513][ T290] R13: 1ffff11023e27200 R14: ffff88811f139000 R15: 0000000000000000 [ 20.995325][ T290] FS: 00005555573a0300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 21.004091][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.010518][ T290] CR2: 00000000004571f0 CR3: 000000012232b000 CR4: 00000000003506a0 [ 21.018330][ T290] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.026136][ T290] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.033949][ T290] Call Trace: [ 21.037073][ T290] [ 21.039853][ T290] submit_bh+0x1d/0x30 [ 21.043754][ T290] ? __wait_on_buffer+0x80/0x80 [ 21.048441][ T290] ext4_read_bh+0x1b2/0x250 [ 21.052782][ T290] ext4_read_bh_lock+0x99/0xb0 [ 21.057383][ T290] ext4_block_zero_page_range+0x5d2/0x9f0 [ 21.062942][ T290] ext4_truncate+0x89b/0xfb0 [ 21.067365][ T290] ? _ext4_get_block+0x660/0x660 [ 21.072136][ T290] ? __ext4_mark_inode_dirty+0x7d0/0x7d0 [ 21.077609][ T290] ext4_write_begin+0xa76/0xfb0 [ 21.082442][ T290] ? ext4_readahead+0x110/0x110 [ 21.087227][ T290] ? __set_page_owner_handle+0x38a/0x3d0 [ 21.092700][ T290] ext4_da_write_begin+0x2ff/0x920 [ 21.097640][ T290] ? file_remove_privs+0x20/0x20 [ 21.102422][ T290] ? ext4_dirty_folio+0xf0/0xf0 [ 21.107103][ T290] ? current_time+0x1d1/0x2f0 [ 21.111622][ T290] generic_perform_write+0x2f9/0x5c0 [ 21.116739][ T290] ? generic_file_direct_write+0x6b0/0x6b0 [ 21.122377][ T290] ? generic_write_checks_count+0x490/0x490 [ 21.128102][ T290] ? arch_stack_walk+0xf3/0x140 [ 21.132821][ T290] ext4_buffered_write_iter+0x360/0x640 [ 21.138175][ T290] ext4_file_write_iter+0x194/0x1cf0 [ 21.143292][ T290] ? __stack_depot_save+0x36/0x480 [ 21.148250][ T290] ? kasan_set_track+0x60/0x70 [ 21.152840][ T290] ? kasan_set_track+0x4b/0x70 [ 21.157436][ T290] ? kasan_save_alloc_info+0x1f/0x30 [ 21.162556][ T290] ? __kasan_kmalloc+0x9c/0xb0 [ 21.167158][ T290] ? __kmalloc+0xb4/0x1e0 [ 21.171325][ T290] ? iter_file_splice_write+0x278/0xf90 [ 21.176711][ T290] ? direct_splice_actor+0xff/0x130 [ 21.181739][ T290] ? splice_direct_to_actor+0x4b4/0xbb0 [ 21.187121][ T290] ? do_splice_direct+0x27f/0x3c0 [ 21.191980][ T290] ? avc_policy_seqno+0x1b/0x70 [ 21.196668][ T290] ? ext4_file_read_iter+0x470/0x470 [ 21.201790][ T290] ? fsnotify_perm+0x6a/0x5d0 [ 21.206307][ T290] do_iter_write+0x6e6/0xc50 [ 21.210732][ T290] ? vfs_iter_write+0xa0/0xa0 [ 21.215246][ T290] ? __kasan_check_read+0x11/0x20 [ 21.220101][ T290] ? splice_from_pipe_next+0x5e9/0x640 [ 21.225398][ T290] vfs_iter_write+0x7c/0xa0 [ 21.229735][ T290] iter_file_splice_write+0x7f8/0xf90 [ 21.234943][ T290] ? generic_file_read_iter+0xad/0x4e0 [ 21.240242][ T290] ? splice_from_pipe+0x230/0x230 [ 21.245100][ T290] ? splice_shrink_spd+0xb0/0xb0 [ 21.249871][ T290] ? __kasan_check_read+0x11/0x20 [ 21.254730][ T290] ? fsnotify_perm+0x470/0x5d0 [ 21.259336][ T290] ? splice_from_pipe+0x230/0x230 [ 21.264190][ T290] direct_splice_actor+0xff/0x130 [ 21.269053][ T290] splice_direct_to_actor+0x4b4/0xbb0 [ 21.274262][ T290] ? do_splice_direct+0x3c0/0x3c0 [ 21.279122][ T290] ? pipe_to_sendpage+0x340/0x340 [ 21.283981][ T290] ? rw_verify_area+0xa7/0x1c0 [ 21.288581][ T290] do_splice_direct+0x27f/0x3c0 [ 21.293267][ T290] ? splice_direct_to_actor+0xbb0/0xbb0 [ 21.298648][ T290] ? fsnotify_perm+0x6a/0x5d0 [ 21.303162][ T290] ? security_file_permission+0x86/0xb0 [ 21.308546][ T290] do_sendfile+0x616/0xfe0 [ 21.312799][ T290] ? do_preadv+0x350/0x350 [ 21.317049][ T290] ? ptrace_notify+0x249/0x350 [ 21.321652][ T290] __x64_sys_sendfile64+0x1ce/0x230 [ 21.326684][ T290] ? __ia32_sys_sendfile+0x240/0x240 [ 21.331807][ T290] ? syscall_enter_from_user_mode+0x6a/0x190 [ 21.337618][ T290] do_syscall_64+0x3d/0xb0 [ 21.341873][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 21.347599][ T290] RIP: 0033:0x7f5e64c27ca9 [ 21.351853][ T290] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 21.371292][ T290] RSP: 002b:00007ffdd9c17028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 21.379538][ T290] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5e64c27ca9 [ 21.387348][ T290] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 21.395163][ T290] RBP: 00007f5e64be72b0 R08: 0000000000000000 R09: 0000000000000000 [ 21.402972][ T290] R10: 0001000000201005 R11: 0000000000000246 R12: 00007f5e64be7340 [ 21.410783][ T290] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 21.418599][ T290] [ 21.421457][ T290] Modules linked in: [ 21.425589][ T290] ---[ end trace 0000000000000000 ]--- [ 21.430866][ T290] RIP: 0010:submit_bh_wbc+0x4e2/0x4f0 [ 21.436093][ T290] Code: d4 4b e7 ff e9 b0 fe ff ff e8 9a 63 a1 ff 0f 0b e8 93 63 a1 ff 0f 0b e8 8c 63 a1 ff 0f 0b e8 85 63 a1 ff 0f 0b e8 7e 63 a1 ff <0f> 0b e8 77 63 a1 ff 0f 0b 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 [ 21.455535][ T290] RSP: 0018:ffffc90000d16e10 EFLAGS: 00010293 [ 21.461407][ T290] RAX: ffffffff81d26032 RBX: 0000000000000800 RCX: ffff888109485100 [ 21.469247][ T290] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000000000000000 [ 21.477043][ T290] RBP: ffffc90000d16e60 R08: ffffffff81d25cb0 R09: ffffed1023e27201 [ 21.484839][ T290] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000814 [ 21.492688][ T290] R13: 1ffff11023e27200 R14: ffff88811f139000 R15: 0000000000000000 [ 21.500480][ T290] FS: 00005555573a0300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 21.509255][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.515678][ T290] CR2: 00000000004571f0 CR3: 000000012232b000 CR4: 00000000003506a0 [ 21.523464][ T290] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.531300][ T290] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.539108][ T290] Kernel panic - not syncing: Fatal exception [ 21.545308][ T290] Kernel Offset: disabled [ 21.549432][ T290] Rebooting in 86400 seconds..