./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3588968909 <...> syzkaller syzkaller login: [ 79.264560][ T27] audit: type=1400 audit(1702103482.758:77): avc: denied { transition } for pid=4903 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 79.304211][ T27] audit: type=1400 audit(1702103482.768:78): avc: denied { noatsecure } for pid=4903 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 79.324305][ T27] audit: type=1400 audit(1702103482.808:79): avc: denied { write } for pid=4903 comm="sh" path="pipe:[3334]" dev="pipefs" ino=3334 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 79.347500][ T27] audit: type=1400 audit(1702103482.808:80): avc: denied { rlimitinh } for pid=4903 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 79.369613][ T27] audit: type=1400 audit(1702103482.808:81): avc: denied { siginh } for pid=4903 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 80.538361][ T27] audit: type=1400 audit(1702103484.048:82): avc: denied { read } for pid=4493 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 97.364640][ T8] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.43' (ED25519) to the list of known hosts. execve("./syz-executor3588968909", ["./syz-executor3588968909"], 0x7fff5ab41720 /* 10 vars */) = 0 brk(NULL) = 0x555555bb9000 brk(0x555555bb9d00) = 0x555555bb9d00 arch_prctl(ARCH_SET_FS, 0x555555bb9380) = 0 set_tid_address(0x555555bb9650) = 5062 set_robust_list(0x555555bb9660, 24) = 0 rseq(0x555555bb9ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3588968909", 4096) = 28 getrandom("\x36\x4c\x45\x8f\x7b\x42\xee\x05", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555bb9d00 brk(0x555555bdad00) = 0x555555bdad00 brk(0x555555bdb000) = 0x555555bdb000 mprotect(0x7fb4430d2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 100.096119][ T27] audit: type=1400 audit(1702103503.608:83): avc: denied { execmem } for pid=5062 comm="syz-executor358" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 100.119068][ T27] audit: type=1400 audit(1702103503.628:84): avc: denied { read write } for pid=5062 comm="syz-executor358" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555bb9650) = 5063 ./strace-static-x86_64: Process 5063 attached [pid 5063] set_robust_list(0x555555bb9660, 24) = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5063] memfd_create("syzkaller", 0) = 3 [pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb43ac02000 [ 100.143540][ T27] audit: type=1400 audit(1702103503.628:85): avc: denied { open } for pid=5062 comm="syz-executor358" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 100.168669][ T27] audit: type=1400 audit(1702103503.628:86): avc: denied { ioctl } for pid=5062 comm="syz-executor358" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5063] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x04\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x40\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5063] munmap(0x7fb43ac02000, 138412032) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5063] close(3) = 0 [pid 5063] mkdir("./file0", 0777) = 0 [ 100.296001][ T5063] loop0: detected capacity change from 0 to 4096 [ 100.324173][ T27] audit: type=1400 audit(1702103503.828:87): avc: denied { mounton } for pid=5063 comm="syz-executor358" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 100.348165][ T5063] ------------[ cut here ]------------ [ 100.353740][ T5063] kernel BUG at fs/ntfs/aops.c:185! [ 100.359112][ T5063] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 100.365203][ T5063] CPU: 0 PID: 5063 Comm: syz-executor358 Not tainted 6.7.0-rc4-syzkaller-00358-gf2e8a57ee903 #0 [ 100.375766][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 100.385871][ T5063] RIP: 0010:ntfs_read_folio+0x1ea2/0x2430 [ 100.391627][ T5063] Code: 10 48 8b 98 30 fd ff ff 48 c1 eb 03 83 e3 01 89 de e8 82 af d0 fe 84 db 44 0f b6 4c 24 10 0f 85 15 f1 ff ff e8 3f b4 d0 fe 90 <0f> 0b e8 37 b4 d0 fe 48 8b 44 24 38 48 8d b8 70 fd ff ff e8 06 13 [ 100.411256][ T5063] RSP: 0018:ffffc900033ff660 EFLAGS: 00010293 [ 100.417342][ T5063] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff82b5cc0e [ 100.425433][ T5063] RDX: ffff88801ff04000 RSI: ffffffff82b5cc21 RDI: 0000000000000001 [ 100.433420][ T5063] RBP: ffffea0001c76c40 R08: 0000000000000001 R09: 0000000000000001 [ 100.441405][ T5063] R10: 0000000000000000 R11: ffffffff81d116f0 R12: dffffc0000000000 [ 100.449419][ T5063] R13: fffff9400038ed89 R14: ffffea0001c76c58 R15: ffffea0001c76c60 [ 100.457406][ T5063] FS: 0000555555bb9380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 100.466352][ T5063] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 100.472953][ T5063] CR2: 00007f84247f1b10 CR3: 000000001fe30000 CR4: 00000000003506f0 [ 100.480971][ T5063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 100.488953][ T5063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 100.496940][ T5063] Call Trace: [ 100.500228][ T5063] [ 100.503170][ T5063] ? show_regs+0x8f/0xa0 [ 100.507437][ T5063] ? die+0x36/0xa0 [ 100.511225][ T5063] ? do_trap+0x22b/0x420 [ 100.515587][ T5063] ? ntfs_read_folio+0x1ea2/0x2430 [ 100.520720][ T5063] ? ntfs_read_folio+0x1ea2/0x2430 [ 100.525958][ T5063] ? do_error_trap+0xf4/0x230 [ 100.530682][ T5063] ? ntfs_read_folio+0x1ea2/0x2430 [ 100.535810][ T5063] ? handle_invalid_op+0x34/0x40 [ 100.540791][ T5063] ? ntfs_read_folio+0x1ea2/0x2430 [ 100.545919][ T5063] ? exc_invalid_op+0x2e/0x40 [ 100.550619][ T5063] ? asm_exc_invalid_op+0x1a/0x20 [ 100.555700][ T5063] ? post_alloc_hook+0x2d0/0x350 [ 100.560665][ T5063] ? ntfs_read_folio+0x1e8e/0x2430 [ 100.565802][ T5063] ? ntfs_read_folio+0x1ea1/0x2430 [ 100.570932][ T5063] ? ntfs_read_folio+0x1ea2/0x2430 [ 100.576092][ T5063] ? rcu_is_watching+0x12/0xb0 [ 100.580879][ T5063] ? reacquire_held_locks+0x4c0/0x4c0 [ 100.586331][ T5063] ? ntfs_end_buffer_async_read+0x18e0/0x18e0 [ 100.592422][ T5063] ? folio_add_lru+0x451/0x7f0 [ 100.597213][ T5063] ? ntfs_end_buffer_async_read+0x18e0/0x18e0 [ 100.603301][ T5063] filemap_read_folio+0xe9/0x2c0 [ 100.609053][ T5063] ? __folio_lock_killable+0x20/0x20 [ 100.614367][ T5063] ? __filemap_get_folio+0x2b0/0xaa0 [ 100.619691][ T5063] do_read_cache_folio+0x205/0x540 [ 100.624905][ T5063] ? ntfs_end_buffer_async_read+0x18e0/0x18e0 [ 100.630995][ T5063] read_cache_page+0x5b/0x160 [ 100.635791][ T5063] map_mft_record+0x1dd/0x730 [ 100.640694][ T5063] ntfs_read_locked_inode+0x19b/0x5860 [ 100.646179][ T5063] ? ntfs_attr_reinit_search_ctx+0x3c0/0x3c0 [ 100.652178][ T5063] ntfs_read_inode_mount+0xef9/0x2730 [ 100.657586][ T5063] ntfs_fill_super+0x185c/0x9100 [ 100.662553][ T5063] ? up_write+0x510/0x510 [ 100.666904][ T5063] ? parse_options+0x1db0/0x1db0 [ 100.671905][ T5063] ? lock_sync+0x190/0x190 [ 100.676355][ T5063] ? parse_options+0x1db0/0x1db0 [ 100.681324][ T5063] ? preempt_count_sub+0x160/0x160 [ 100.686502][ T5063] ? sb_set_blocksize+0xf6/0x120 [ 100.691470][ T5063] ? parse_options+0x1db0/0x1db0 [ 100.696616][ T5063] mount_bdev+0x1f3/0x2e0 [ 100.700978][ T5063] ? sget+0x640/0x640 [ 100.705026][ T5063] ? selinux_sb_eat_lsm_opts+0x594/0x700 [ 100.710693][ T5063] ? cap_capable+0x1d8/0x240 [ 100.715318][ T5063] ? ntfs_rl_punch_nolock+0x15d0/0x15d0 [ 100.720907][ T5063] legacy_get_tree+0x109/0x220 [ 100.725713][ T5063] vfs_get_tree+0x8c/0x370 [ 100.730161][ T5063] path_mount+0x1492/0x1ed0 [ 100.734698][ T5063] ? lockdep_hardirqs_on+0x7d/0x110 [ 100.739980][ T5063] ? finish_automount+0xa40/0xa40 [ 100.745070][ T5063] ? putname+0x12e/0x170 [ 100.749340][ T5063] __x64_sys_mount+0x293/0x310 [ 100.754173][ T5063] ? copy_mnt_ns+0xb60/0xb60 [ 100.758790][ T5063] ? syscall_trace_enter.constprop.0+0xaf/0x1e0 [ 100.765060][ T5063] do_syscall_64+0x40/0x110 [ 100.769608][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 100.775540][ T5063] RIP: 0033:0x7fb443041dea [ 100.779968][ T5063] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 100.799613][ T5063] RSP: 002b:00007ffd1198f908 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 100.808252][ T5063] RAX: ffffffffffffffda RBX: 00007ffd1198f920 RCX: 00007fb443041dea [ 100.816247][ T5063] RDX: 0000000020000000 RSI: 000000002001e740 RDI: 00007ffd1198f920 [ 100.824263][ T5063] RBP: 0000000000000004 R08: 00007ffd1198f960 R09: 000000000001e718 [ 100.832252][ T5063] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 100.840343][ T5063] R13: 00007ffd1198f960 R14: 0000000000000003 R15: 0000000000200000 [ 100.848348][ T5063] [ 100.851384][ T5063] Modules linked in: [ 100.855871][ T5063] ---[ end trace 0000000000000000 ]--- [ 100.861369][ T5063] RIP: 0010:ntfs_read_folio+0x1ea2/0x2430 [ 100.864210][ T27] audit: type=1400 audit(1702103504.368:88): avc: denied { append } for pid=4493 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 100.873189][ T5063] Code: 10 48 8b 98 30 fd ff ff 48 c1 eb 03 83 e3 01 89 de e8 82 af d0 fe 84 db 44 0f b6 4c 24 10 0f 85 15 f1 ff ff e8 3f b4 d0 fe 90 <0f> 0b e8 37 b4 d0 fe 48 8b 44 24 38 48 8d b8 70 fd ff ff e8 06 13 [ 100.909127][ T5063] RSP: 0018:ffffc900033ff660 EFLAGS: 00010293 [ 100.915349][ T5063] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff82b5cc0e [ 100.923650][ T27] audit: type=1400 audit(1702103504.368:89): avc: denied { open } for pid=4493 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 100.923821][ T5063] RDX: ffff88801ff04000 RSI: ffffffff82b5cc21 RDI: 0000000000000001 [ 100.946664][ T27] audit: type=1400 audit(1702103504.368:90): avc: denied { getattr } for pid=4493 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 100.954498][ T5063] RBP: ffffea0001c76c40 R08: 0000000000000001 R09: 0000000000000001 [ 100.984793][ T5063] R10: 0000000000000000 R11: ffffffff81d116f0 R12: dffffc0000000000 [ 100.992803][ T5063] R13: fffff9400038ed89 R14: ffffea0001c76c58 R15: ffffea0001c76c60 [ 101.000841][ T5063] FS: 0000555555bb9380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 101.009857][ T5063] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 101.016511][ T5063] CR2: 00007f84247f1b10 CR3: 000000001fe30000 CR4: 00000000003506f0 [ 101.024543][ T5063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 101.032566][ T5063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 101.040631][ T5063] Kernel panic - not syncing: Fatal exception [ 101.047055][ T5063] Kernel Offset: disabled [ 101.051392][ T5063] Rebooting in 86400 seconds..