./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2138172433
<...>
[ 35.937483][ T3209] 8021q: adding VLAN 0 to HW filter on device bond0
[ 35.971187][ T3209] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
syzkaller login: [ 44.860255][ T26] kauditd_printk_skb: 37 callbacks suppressed
[ 44.860266][ T26] audit: type=1400 audit(1669517968.998:73): avc: denied { transition } for pid=3419 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 44.890991][ T26] audit: type=1400 audit(1669517969.028:74): avc: denied { write } for pid=3419 comm="sh" path="pipe:[1840]" dev="pipefs" ino=1840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
Warning: Permanently added '10.128.0.142' (ECDSA) to the list of known hosts.
execve("./syz-executor2138172433", ["./syz-executor2138172433"], 0x7ffc28b8b860 /* 10 vars */) = 0
brk(NULL) = 0x55555691e000
brk(0x55555691ec40) = 0x55555691ec40
arch_prctl(ARCH_SET_FS, 0x55555691e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2138172433", 4096) = 28
brk(0x55555693fc40) = 0x55555693fc40
brk(0x555556940000) = 0x555556940000
mprotect(0x7f2e7b8d8000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2e73400000
[ 55.130986][ T26] audit: type=1400 audit(1669517979.268:75): avc: denied { execmem } for pid=3633 comm="syz-executor213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
munmap(0x7f2e73400000, 16777216) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
[ 55.279026][ T26] audit: type=1400 audit(1669517979.418:76): avc: denied { read write } for pid=3633 comm="syz-executor213" name="loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 55.281482][ T3633] loop0: detected capacity change from 0 to 32768
[ 55.303997][ T26] audit: type=1400 audit(1669517979.418:77): avc: denied { open } for pid=3633 comm="syz-executor213" path="/dev/loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 55.319079][ T3633] BTRFS: device fsid 5ac8a51e-da3a-4998-8e66-e1df06b87bc8 devid 1 transid 8 /dev/loop0 scanned by syz-executor213 (3633)
[ 55.334789][ T26] audit: type=1400 audit(1669517979.418:78): avc: denied { ioctl } for pid=3633 comm="syz-executor213" path="/dev/loop0" dev="devtmpfs" ino=647 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 55.372998][ T26] audit: type=1400 audit(1669517979.448:79): avc: denied { mounton } for pid=3633 comm="syz-executor213" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 55.402259][ T3633] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 55.411858][ T3633] BTRFS info (device loop0): using free space tree
mount("/dev/loop0", "./file0", "btrfs", 0, "noflushoncommit,rescan_uuid_tree,noacl,noautodefrag,datacow,") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
ioctl(3, BTRFS_IOC_SUBVOL_SETFLAGS, BTRFS_SUBVOL_RDONLY) = 0
[ 55.431030][ T3633] BTRFS info (device loop0): enabling ssd optimizations
[ 55.440028][ T3633] BTRFS info (device loop0): checking UUID tree
[ 55.449758][ T26] audit: type=1400 audit(1669517979.588:80): avc: denied { mount } for pid=3633 comm="syz-executor213" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 55.489023][ T3633] ------------[ cut here ]------------
[ 55.494786][ T3633] WARNING: CPU: 0 PID: 3633 at fs/read_write.c:504 __kernel_write_iter+0x5a8/0x730
[ 55.504217][ T3633] Modules linked in:
[ 55.508836][ T3633] CPU: 1 PID: 3633 Comm: syz-executor213 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0
[ 55.519986][ T3633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 55.530693][ T3633] RIP: 0010:__kernel_write_iter+0x5a8/0x730
[ 55.537021][ T3633] Code: 8c e8 ec 23 c8 07 31 ff 89 c3 89 c6 e8 a1 e2 a5 ff 85 db 0f 85 c0 d9 cf 07 49 c7 c6 ea ff ff ff e9 11 ff ff ff e8 d8 e5 a5 ff <0f> 0b 49 c7 c6 f7 ff ff ff e9 fe fe ff ff e8 c5 e5 a5 ff 4c 89 ea
[ 55.557045][ T3633] RSP: 0018:ffffc900035776f0 EFLAGS: 00010293
[ 55.563157][ T3633] RAX: 0000000000000000 RBX: 00000000000a801d RCX: 0000000000000000
[ 55.571612][ T3633] RDX: ffff88807287e280 RSI: ffffffff81d955e8 RDI: 0000000000000005
[ 55.580002][ T3633] RBP: 1ffff920006aeee0 R08: 0000000000000005 R09: 0000000000000000
[ 55.588350][ T3633] R10: 0000000000000000 R11: 0000000000000005 R12: ffff88802181a080
[ 55.596747][ T3633] R13: ffff88802181a0fc R14: 0000000000000000 R15: ffff88801f90d408
[ 55.605190][ T3633] FS: 000055555691e300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[ 55.614172][ T3633] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.621535][ T3633] CR2: 00007fa21e2ea250 CR3: 0000000072766000 CR4: 00000000003506e0
[ 55.629902][ T3633] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 55.638285][ T3633] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 55.646615][ T3633] Call Trace:
[ 55.649931][ T3633]
[ 55.652891][ T3633] ? vfs_read+0x930/0x930
[ 55.657908][ T3633] ? avc_policy_seqno+0xd/0x70
[ 55.662828][ T3633] ? selinux_file_permission+0x3a/0x520
[ 55.671297][ T3633] ? security_file_permission+0xaf/0xd0
[ 55.677062][ T3633] kernel_write+0x1c1/0x630
[ 55.681609][ T3633] ? btrfs_drop_inode+0x170/0x170
[ 55.687178][ T3633] ? __kernel_write+0x110/0x110
[ 55.692048][ T3633] btrfs_ioctl_send+0x21ae/0x64e0
[ 55.697445][ T3633] ? changed_cb+0x35e0/0x35e0
[ 55.702128][ T3633] ? __might_fault+0xd9/0x180
[ 55.706955][ T3633] ? lock_downgrade+0x6e0/0x6e0
[ 55.711839][ T3633] ? _copy_from_user+0xfd/0x170
[ 55.716762][ T3633] _btrfs_ioctl_send+0x231/0x2e0
[ 55.721719][ T3633] ? exclop_start_or_cancel_reloc+0x230/0x230
[ 55.727889][ T3633] ? tomoyo_path_number_perm+0x234/0x550
[ 55.733556][ T3633] ? lock_downgrade+0x6e0/0x6e0
[ 55.738493][ T3633] ? __kmem_cache_free+0x182/0x3b0
[ 55.743642][ T3633] ? tomoyo_path_number_perm+0x41b/0x550
[ 55.749330][ T3633] ? __phys_addr+0xc8/0x140
[ 55.753858][ T3633] btrfs_ioctl+0x302c/0x5e20
[ 55.758497][ T3633] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 55.764321][ T3633] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 55.770782][ T3633] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 55.776717][ T3633] ? do_vfs_ioctl+0x132/0x1600
[ 55.781484][ T3633] ? vfs_fileattr_set+0xbe0/0xbe0
[ 55.786548][ T3633] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x400
[ 55.793076][ T3633] ? ioctl_has_perm.constprop.0.isra.0+0x2a4/0x400
[ 55.799620][ T3633] ? selinux_inode_getsecctx+0xa0/0xa0
[ 55.805172][ T3633] ? find_held_lock+0x2d/0x110
[ 55.809939][ T3633] ? name_to_dev_t+0x12/0x990
[ 55.814658][ T3633] ? lock_downgrade+0x6e0/0x6e0
[ 55.819541][ T3633] ? selinux_file_ioctl+0xb5/0x280
[ 55.824716][ T3633] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 55.831151][ T3633] __x64_sys_ioctl+0x197/0x210
[ 55.835971][ T3633] do_syscall_64+0x39/0xb0
[ 55.840417][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.846401][ T3633] RIP: 0033:0x7f2e7b866b49
[ 55.850838][ T3633] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.870598][ T3633] RSP: 002b:00007ffd3fe5b4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 55.879074][ T3633] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2e7b866b49
[ 55.887080][ T3633] RDX: 00000000200003c0 RSI: 0000000040489426 RDI: 0000000000000003
[ 55.895089][ T3633] RBP: 00007f2e7b826410 R08: 0000000000000000 R09: 0000000000000000
[ 55.903144][ T3633] R10: 00000000000051af R11: 0000000000000246 R12: 00007f2e7b8264a0
[ 55.911149][ T3633] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 55.919185][ T3633]
[ 55.922199][ T3633] Kernel panic - not syncing: panic_on_warn set ...
[ 55.928770][ T3633] CPU: 0 PID: 3633 Comm: syz-executor213 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0
[ 55.939173][ T3633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 55.949218][ T3633] Call Trace:
[ 55.952491][ T3633]
[ 55.955414][ T3633] dump_stack_lvl+0xd1/0x138
[ 55.960014][ T3633] panic+0x2cc/0x626
[ 55.963901][ T3633] ? panic_print_sys_info.part.0+0x110/0x110
[ 55.969889][ T3633] ? __warn.cold+0x24b/0x350
[ 55.974480][ T3633] ? __kernel_write_iter+0x5a8/0x730
[ 55.979796][ T3633] __warn.cold+0x25c/0x350
[ 55.984228][ T3633] ? __kernel_write_iter+0x5a8/0x730
[ 55.989551][ T3633] report_bug+0x1c0/0x210
[ 55.993909][ T3633] handle_bug+0x3c/0x70
[ 55.998079][ T3633] exc_invalid_op+0x18/0x50
[ 56.002593][ T3633] asm_exc_invalid_op+0x1a/0x20
[ 56.007470][ T3633] RIP: 0010:__kernel_write_iter+0x5a8/0x730
[ 56.013393][ T3633] Code: 8c e8 ec 23 c8 07 31 ff 89 c3 89 c6 e8 a1 e2 a5 ff 85 db 0f 85 c0 d9 cf 07 49 c7 c6 ea ff ff ff e9 11 ff ff ff e8 d8 e5 a5 ff <0f> 0b 49 c7 c6 f7 ff ff ff e9 fe fe ff ff e8 c5 e5 a5 ff 4c 89 ea
[ 56.033017][ T3633] RSP: 0018:ffffc900035776f0 EFLAGS: 00010293
[ 56.039104][ T3633] RAX: 0000000000000000 RBX: 00000000000a801d RCX: 0000000000000000
[ 56.047084][ T3633] RDX: ffff88807287e280 RSI: ffffffff81d955e8 RDI: 0000000000000005
[ 56.055071][ T3633] RBP: 1ffff920006aeee0 R08: 0000000000000005 R09: 0000000000000000
[ 56.063052][ T3633] R10: 0000000000000000 R11: 0000000000000005 R12: ffff88802181a080
[ 56.071033][ T3633] R13: ffff88802181a0fc R14: 0000000000000000 R15: ffff88801f90d408
[ 56.079105][ T3633] ? __kernel_write_iter+0x5a8/0x730
[ 56.084426][ T3633] ? vfs_read+0x930/0x930
[ 56.088783][ T3633] ? avc_policy_seqno+0xd/0x70
[ 56.093569][ T3633] ? selinux_file_permission+0x3a/0x520
[ 56.099152][ T3633] ? security_file_permission+0xaf/0xd0
[ 56.104713][ T3633] kernel_write+0x1c1/0x630
[ 56.109243][ T3633] ? btrfs_drop_inode+0x170/0x170
[ 56.114284][ T3633] ? __kernel_write+0x110/0x110
[ 56.119168][ T3633] btrfs_ioctl_send+0x21ae/0x64e0
[ 56.124216][ T3633] ? changed_cb+0x35e0/0x35e0
[ 56.128912][ T3633] ? __might_fault+0xd9/0x180
[ 56.133607][ T3633] ? lock_downgrade+0x6e0/0x6e0
[ 56.138582][ T3633] ? _copy_from_user+0xfd/0x170
[ 56.143460][ T3633] _btrfs_ioctl_send+0x231/0x2e0
[ 56.148412][ T3633] ? exclop_start_or_cancel_reloc+0x230/0x230
[ 56.154503][ T3633] ? tomoyo_path_number_perm+0x234/0x550
[ 56.160154][ T3633] ? lock_downgrade+0x6e0/0x6e0
[ 56.165027][ T3633] ? __kmem_cache_free+0x182/0x3b0
[ 56.170167][ T3633] ? tomoyo_path_number_perm+0x41b/0x550
[ 56.175817][ T3633] ? __phys_addr+0xc8/0x140
[ 56.180344][ T3633] btrfs_ioctl+0x302c/0x5e20
[ 56.184952][ T3633] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 56.190778][ T3633] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 56.197210][ T3633] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 56.203122][ T3633] ? do_vfs_ioctl+0x132/0x1600
[ 56.207926][ T3633] ? vfs_fileattr_set+0xbe0/0xbe0
[ 56.212982][ T3633] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x400
[ 56.219503][ T3633] ? ioctl_has_perm.constprop.0.isra.0+0x2a4/0x400
[ 56.226049][ T3633] ? selinux_inode_getsecctx+0xa0/0xa0
[ 56.231527][ T3633] ? find_held_lock+0x2d/0x110
[ 56.236312][ T3633] ? name_to_dev_t+0x12/0x990
[ 56.241018][ T3633] ? lock_downgrade+0x6e0/0x6e0
[ 56.245892][ T3633] ? selinux_file_ioctl+0xb5/0x280
[ 56.251023][ T3633] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 56.257463][ T3633] __x64_sys_ioctl+0x197/0x210
[ 56.262256][ T3633] do_syscall_64+0x39/0xb0
[ 56.266703][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.272622][ T3633] RIP: 0033:0x7f2e7b866b49
[ 56.277045][ T3633] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 56.296670][ T3633] RSP: 002b:00007ffd3fe5b4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 56.305113][ T3633] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2e7b866b49
[ 56.313117][ T3633] RDX: 00000000200003c0 RSI: 0000000040489426 RDI: 0000000000000003
[ 56.321110][ T3633] RBP: 00007f2e7b826410 R08: 0000000000000000 R09: 0000000000000000
[ 56.329092][ T3633] R10: 00000000000051af R11: 0000000000000246 R12: 00007f2e7b8264a0
[ 56.337087][ T3633] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 56.345090][ T3633]
[ 56.348270][ T3633] Kernel Offset: disabled
[ 56.352652][ T3633] Rebooting in 86400 seconds..