./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4018263365 <...> Warning: Permanently added '10.128.0.139' (ED25519) to the list of known hosts. execve("./syz-executor4018263365", ["./syz-executor4018263365"], 0x7fff4ad816e0 /* 10 vars */) = 0 brk(NULL) = 0x555557345000 brk(0x555557345e00) = 0x555557345e00 arch_prctl(ARCH_SET_FS, 0x555557345480) = 0 set_tid_address(0x555557345750) = 290 set_robust_list(0x555557345760, 24) = 0 rseq(0x555557345da0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4018263365", 4096) = 28 getrandom("\x0a\x31\x56\x46\xaa\xd0\x4a\xbf", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557345e00 brk(0x555557366e00) = 0x555557366e00 brk(0x555557367000) = 0x555557367000 mprotect(0x7fe7759f2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fe775948a50, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fe775951130}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fe775948a50, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fe775951130}, NULL, 8) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557345750) = 292 ./strace-static-x86_64: Process 292 attached [pid 292] set_robust_list(0x555557345760, 24) = 0 [pid 292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 292] setpgid(0, 0) = 0 [pid 292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 292] write(3, "1000", 4) = 4 [pid 292] close(3) = 0 [pid 292] memfd_create("syzkaller", 0) = 3 [pid 292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe76d53f000 [pid 292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 292] munmap(0x7fe76d53f000, 262144) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 292] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 292] close(3) = 0 [pid 292] mkdir("./file0", 0777) = 0 [ 25.280734][ T24] audit: type=1400 audit(1691875447.370:66): avc: denied { execmem } for pid=290 comm="syz-executor401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 25.300047][ T24] audit: type=1400 audit(1691875447.380:67): avc: denied { read write } for pid=290 comm="syz-executor401" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 292] mount("/dev/loop0", "./file0", "ext2", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_POSIXACL|MS_RELATIME, "\xff\xff\xff\xff\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65") = -1 EINVAL (Invalid argument) [pid 292] ioctl(4, LOOP_CLR_FD) = 0 [pid 292] close(4) = 0 [pid 292] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 292] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 25.320010][ T292] EXT4-fs (loop0): Unrecognized mount option "ÿÿÿÿ" or missing value [ 25.324054][ T24] audit: type=1400 audit(1691875447.380:68): avc: denied { open } for pid=290 comm="syz-executor401" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.335256][ T292] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 25.356108][ T24] audit: type=1400 audit(1691875447.380:69): avc: denied { ioctl } for pid=290 comm="syz-executor401" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.369863][ T292] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended [ 25.390294][ T24] audit: type=1400 audit(1691875447.410:70): avc: denied { mounton } for pid=292 comm="syz-executor401" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 25.400052][ T292] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1047: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 25.435893][ T292] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm syz-executor401: bg 0: block 46: invalid block bitmap [ 25.449138][ T292] Kernel panic - not syncing: EXT4-fs (device loop0): panic forced after error [ 25.457875][ T292] CPU: 0 PID: 292 Comm: syz-executor401 Not tainted 5.10.187-syzkaller-00057-g8a427269c016 #0 [ 25.467938][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 25.477914][ T292] Call Trace: [ 25.481065][ T292] dump_stack_lvl+0x1e2/0x24b [ 25.485558][ T292] ? panic+0x22b/0x80b [ 25.489461][ T292] ? bfq_pos_tree_add_move+0x43b/0x43b [ 25.494756][ T292] dump_stack+0x15/0x17 [ 25.498750][ T292] panic+0x2cf/0x80b [ 25.502481][ T292] ? submit_bh_wbc+0x61f/0x700 [ 25.507081][ T292] ? ext4_handle_error+0x24f/0x310 [ 25.512028][ T292] ? fb_is_primary_device+0xd4/0xd4 [ 25.517062][ T292] ? __kasan_check_read+0x11/0x20 [ 25.521924][ T292] ? __kasan_check_read+0x11/0x20 [ 25.526785][ T292] ext4_handle_error+0x30e/0x310 [ 25.531556][ T292] __ext4_error+0x203/0x420 [ 25.535900][ T292] ? ext4_itable_unused_set+0x100/0x100 [ 25.541280][ T292] ? ext4_block_bitmap_csum_verify+0x1c7/0x570 [ 25.547266][ T292] ? ext4_inode_bitmap_csum_set+0x4e0/0x4e0 [ 25.552996][ T292] ? out_of_line_wait_on_bit+0x1ab/0x230 [ 25.558464][ T292] ext4_validate_block_bitmap+0xe5b/0x1010 [ 25.564105][ T292] ext4_wait_block_bitmap+0x1ac/0x1d0 [ 25.569314][ T292] ext4_read_block_bitmap+0x41/0x80 [ 25.574346][ T292] ext4_free_blocks+0xdcb/0x27a0 [ 25.579124][ T292] ? mount_bdev+0x262/0x370 [ 25.583463][ T292] ? ext4_mount+0x34/0x40 [ 25.587638][ T292] ? legacy_get_tree+0xf1/0x190 [ 25.592321][ T292] ? __ext4_ext_check+0x94e/0x1110 [ 25.597266][ T292] ? ext4_mb_discard_preallocations_should_retry+0x8a0/0x8a0 [ 25.604484][ T292] ? __ext4_journal_ensure_credits+0x2f/0x470 [ 25.610380][ T292] ? ext4_ext_check_inode+0x80/0x80 [ 25.615406][ T292] ? ext4_inode_journal_mode+0x1a5/0x470 [ 25.620873][ T292] ext4_ext_remove_space+0x260f/0x4e10 [ 25.626173][ T292] ? ext4_da_release_space+0x1a5/0x430 [ 25.631572][ T292] ? ext4_ext_index_trans_blocks+0x120/0x120 [ 25.637360][ T292] ? ext4_es_remove_extent+0x1ac/0x380 [ 25.642654][ T292] ? ext4_es_lookup_extent+0x940/0x940 [ 25.647954][ T292] ext4_ext_truncate+0x17f/0x200 [ 25.652724][ T292] ext4_truncate+0xb19/0x1220 [ 25.657243][ T292] ? down_write+0xd7/0x150 [ 25.661486][ T292] ? __ext4_mark_inode_dirty+0x7b0/0x7b0 [ 25.666956][ T292] ? ext4_orphan_get+0x237/0x630 [ 25.671733][ T292] ext4_orphan_cleanup+0x8e4/0xd50 [ 25.676682][ T292] ext4_fill_super+0x89a5/0x9280 [ 25.681494][ T292] ? ext4_mount+0x40/0x40 [ 25.685616][ T292] ? vscnprintf+0x80/0x80 [ 25.689788][ T292] ? sb_set_blocksize+0xa8/0xf0 [ 25.694472][ T292] mount_bdev+0x262/0x370 [ 25.698633][ T292] ? ext4_mount+0x40/0x40 [ 25.702800][ T292] ext4_mount+0x34/0x40 [ 25.706794][ T292] legacy_get_tree+0xf1/0x190 [ 25.711310][ T292] ? ext4_chksum+0x210/0x210 [ 25.715734][ T292] vfs_get_tree+0x88/0x290 [ 25.719989][ T292] do_new_mount+0x28b/0xad0 [ 25.724326][ T292] ? do_move_mount_old+0x160/0x160 [ 25.729272][ T292] ? security_capable+0x87/0xb0 [ 25.733960][ T292] ? ns_capable+0x89/0xe0 [ 25.738126][ T292] path_mount+0x56f/0xcb0 [ 25.742304][ T292] __se_sys_mount+0x2c4/0x3b0 [ 25.746805][ T292] ? __x64_sys_mount+0xd0/0xd0 [ 25.751408][ T292] ? debug_smp_processor_id+0x17/0x20 [ 25.756612][ T292] ? irqentry_exit_to_user_mode+0x2f/0x80 [ 25.762168][ T292] __x64_sys_mount+0xbf/0xd0 [ 25.766594][ T292] do_syscall_64+0x34/0x70 [ 25.770846][ T292] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 25.776574][ T292] RIP: 0033:0x7fe77597e1d9 [ 25.780828][ T292] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 25.800278][ T292] RSP: 002b:00007ffcdc0092f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 25.808510][ T292] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe77597e1d9 [ 25.816322][ T292] RDX: 00000000200001c0 RSI: 00000000200006c0 RDI: 0000000020000640 [ 25.824221][ T292] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffcdc009330 [ 25.832032][ T292] R10: 000000003f000000 R11: 0000000000000246 R12: 00007ffcdc009330 [ 25.839843][ T292] R13: 00007ffcdc0095b8 R14: 431bde82d7b634db R15: 00007fe7759c703b [ 25.847960][ T292] Kernel Offset: disabled [ 25.852089][ T292] Rebooting in 86400 seconds..