./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3067439367 <...> d { noatsecure } for pid=216 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 10.739425][ T24] audit: type=1400 audit(1713098696.889:63): avc: denied { write } for pid=216 comm="sh" path="pipe:[13693]" dev="pipefs" ino=13693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 10.744189][ T24] audit: type=1400 audit(1713098696.889:64): avc: denied { rlimitinh } for pid=216 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 10.749083][ T24] audit: type=1400 audit(1713098696.889:65): avc: denied { siginh } for pid=216 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.86' (ED25519) to the list of known hosts. execve("./syz-executor3067439367", ["./syz-executor3067439367"], 0x7ffcc2938020 /* 10 vars */) = 0 brk(NULL) = 0x5555574ef000 brk(0x5555574efd00) = 0x5555574efd00 arch_prctl(ARCH_SET_FS, 0x5555574ef380) = 0 set_tid_address(0x5555574ef650) = 285 set_robust_list(0x5555574ef660, 24) = 0 rseq(0x5555574efca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3067439367", 4096) = 28 getrandom("\xff\x25\x3f\x93\x2e\x34\x43\x74", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555574efd00 brk(0x555557510d00) = 0x555557510d00 brk(0x555557511000) = 0x555557511000 mprotect(0x7fb5979e9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.hFMcC4", 0700) = 0 chmod("./syzkaller.hFMcC4", 0777) = 0 chdir("./syzkaller.hFMcC4") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ef650) = 287 ./strace-static-x86_64: Process 287 attached [pid 287] set_robust_list(0x5555574ef660, 24) = 0 [pid 287] chdir("./0") = 0 [pid 287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 287] setpgid(0, 0) = 0 [pid 287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 287] write(3, "1000", 4) = 4 [pid 287] close(3) = 0 [pid 287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 287] memfd_create("syzkaller", 0) = 3 [pid 287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb58f535000 [pid 287] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 287] munmap(0x7fb58f535000, 138412032) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 287] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 287] close(3) = 0 [pid 287] close(4) = 0 [pid 287] mkdir("./file0", 0777) = 0 [ 19.128774][ T24] audit: type=1400 audit(1713098705.289:66): avc: denied { execmem } for pid=285 comm="syz-executor306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.133602][ T24] audit: type=1400 audit(1713098705.289:67): avc: denied { read write } for pid=285 comm="syz-executor306" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 19.139428][ T24] audit: type=1400 audit(1713098705.289:68): avc: denied { open } for pid=285 comm="syz-executor306" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 19.145799][ T24] audit: type=1400 audit(1713098705.289:69): avc: denied { ioctl } for pid=285 comm="syz-executor306" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 19.164735][ T287] ====================================================== [ 19.164735][ T287] WARNING: the mand mount option is being deprecated and [ 19.164735][ T287] will be removed in v5.15! [ 19.164735][ T287] ====================================================== [ 19.190824][ T24] audit: type=1400 audit(1713098705.329:70): avc: denied { mounton } for pid=287 comm="syz-executor306" path="/root/syzkaller.hFMcC4/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 287] mount("/dev/loop0", "./file0", "exfat", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_BORN, "iocharset=ascii,discard,dmask=00000000000000000000007,uid=0x0000000000000000,dmask=00000000000000000"...) = 0 [pid 287] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 287] chdir("./file0") = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 287] ioctl(4, LOOP_CLR_FD) = 0 [pid 287] close(4) = 0 [pid 287] creat("./bus", 000) = 4 [pid 287] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 287] exit_group(0) = ? [pid 287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=287, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555574f06f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|000, st_size=61440, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 19.252618][ T287] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 19.265641][ T24] audit: type=1400 audit(1713098705.429:71): avc: denied { mount } for pid=287 comm="syz-executor306" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=61440, ...}, AT_EMPTY_PATH) = 0 [ 19.288556][ T24] audit: type=1400 audit(1713098705.459:72): avc: denied { write } for pid=287 comm="syz-executor306" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 19.311067][ T24] audit: type=1400 audit(1713098705.459:73): avc: denied { add_name } for pid=287 comm="syz-executor306" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 19.332246][ T24] audit: type=1400 audit(1713098705.459:74): avc: denied { create } for pid=287 comm="syz-executor306" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 19.353560][ T24] audit: type=1400 audit(1713098705.459:75): avc: denied { associate } for pid=287 comm="syz-executor306" name="bus" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 244.500097][ T26] INFO: task kworker/u4:1:9 blocked for more than 122 seconds. [ 244.507455][ T26] Not tainted 5.10.209-syzkaller-00002-g4e1bc8d8e8ae #0 [ 244.515301][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 244.523911][ T26] task:kworker/u4:1 state:D stack: 0 pid: 9 ppid: 2 flags:0x00004000 [ 244.533040][ T26] Workqueue: writeback wb_workfn (flush-7:0) [ 244.538823][ T26] Call Trace: [ 244.542173][ T26] __schedule+0xbe6/0x1330 [ 244.546390][ T26] ? __sched_text_start+0x8/0x8 [ 244.551383][ T26] ? __mutex_add_waiter+0x1b5/0x310 [ 244.556530][ T26] ? wq_worker_sleeping+0x63/0x200 [ 244.561600][ T26] schedule+0x13d/0x1d0 [ 244.565557][ T26] schedule_preempt_disabled+0x13/0x20 [ 244.570993][ T26] __mutex_lock+0x7b8/0xf20 [ 244.575295][ T26] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 244.582081][ T26] ? attempt_merge+0x6aa/0xbc0 [ 244.586669][ T26] ? blk_mq_sched_dispatch_requests+0x160/0x160 [ 244.592907][ T26] ? memset+0x35/0x40 [ 244.596688][ T26] __mutex_lock_slowpath+0xe/0x10 [ 244.601696][ T26] mutex_lock+0xd6/0x110 [ 244.605734][ T26] ? mutex_trylock+0xa0/0xa0 [ 244.610306][ T26] ? __kasan_check_write+0x14/0x20 [ 244.615350][ T26] ? _raw_spin_lock+0xa4/0x1b0 [ 244.619901][ T26] ? _raw_spin_trylock_bh+0x190/0x190 [ 244.625380][ T26] exfat_write_inode+0x70/0x130 [ 244.630065][ T26] __writeback_single_inode+0x4fa/0xac0 [ 244.635554][ T26] writeback_sb_inodes+0x99c/0x16b0 [ 244.640700][ T26] ? queue_io+0x520/0x520 [ 244.644749][ T26] ? __kasan_check_write+0x14/0x20 [ 244.649693][ T26] ? down_read_trylock+0x179/0x1d0 [ 244.655011][ T26] ? queue_io+0x3d3/0x520 [ 244.659137][ T26] wb_writeback+0x4b7/0xc60 [ 244.663633][ T26] ? wb_io_lists_depopulated+0x180/0x180 [ 244.669070][ T26] ? set_worker_desc+0x158/0x1c0 [ 244.673980][ T26] ? update_load_avg+0x541/0x1690 [ 244.678804][ T26] ? __kasan_check_write+0x14/0x20 [ 244.684047][ T26] ? cpumask_next+0x23/0x30 [ 244.688368][ T26] wb_workfn+0xb3d/0x1110 [ 244.692769][ T26] ? inode_wait_for_writeback+0x280/0x280 [ 244.698364][ T26] ? __switch_to_asm+0x34/0x60 [ 244.703256][ T26] ? __kasan_check_read+0x11/0x20 [ 244.708098][ T26] ? read_word_at_a_time+0x12/0x20 [ 244.713203][ T26] ? strscpy+0x9c/0x260 [ 244.717245][ T26] process_one_work+0x6dc/0xbd0 [ 244.722082][ T26] worker_thread+0xaea/0x1510 [ 244.726649][ T26] kthread+0x34b/0x3d0 [ 244.730689][ T26] ? worker_clr_flags+0x180/0x180 [ 244.735519][ T26] ? kthread_blkcg+0xd0/0xd0 [ 244.739950][ T26] ret_from_fork+0x1f/0x30 [ 244.744413][ T26] NMI backtrace for cpu 1 [ 244.748541][ T26] CPU: 1 PID: 26 Comm: khungtaskd Not tainted 5.10.209-syzkaller-00002-g4e1bc8d8e8ae #0 [ 244.758103][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 244.767983][ T26] Call Trace: [ 244.771200][ T26] dump_stack_lvl+0x1e2/0x24b [ 244.775621][ T26] ? panic+0x80b/0x80b [ 244.779524][ T26] ? bfq_pos_tree_add_move+0x43b/0x43b [ 244.784864][ T26] ? rcu_read_unlock_special+0xd8/0x4c0 [ 244.790230][ T26] ? sched_show_task+0x363/0x540 [ 244.794972][ T26] ? __rcu_read_unlock+0x90/0x90 [ 244.799977][ T26] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 244.805849][ T26] dump_stack+0x15/0x17 [ 244.809843][ T26] nmi_trigger_cpumask_backtrace+0x2b5/0x300 [ 244.815652][ T26] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 244.821565][ T26] arch_trigger_cpumask_backtrace+0x10/0x20 [ 244.827349][ T26] watchdog+0xe5d/0xfd0 [ 244.831275][ T26] ? hungtask_pm_notify+0x50/0x50 [ 244.836171][ T26] ? __kasan_check_read+0x11/0x20 [ 244.840997][ T26] ? __kthread_parkme+0xb9/0x1c0 [ 244.845777][ T26] kthread+0x34b/0x3d0 [ 244.849792][ T26] ? hungtask_pm_notify+0x50/0x50 [ 244.854654][ T26] ? kthread_blkcg+0xd0/0xd0 [ 244.859075][ T26] ret_from_fork+0x1f/0x30 [ 244.863589][ T26] Sending NMI from CPU 1 to CPUs 0: [ 244.869328][ C0] NMI backtrace for cpu 0 [ 244.869335][ C0] CPU: 0 PID: 285 Comm: syz-executor306 Not tainted 5.10.209-syzkaller-00002-g4e1bc8d8e8ae #0 [ 244.869341][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 244.869345][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x5c/0x60 [ 244.869355][ C0] Code: b8 0a 00 00 83 fa 02 75 21 48 8b 91 c0 0a 00 00 48 8b 32 48 8d 7e 01 8b 89 bc 0a 00 00 48 39 cf 73 08 48 89 44 f2 08 48 89 3a <5d> c3 66 90 55 48 89 e5 4c 8b 45 08 65 48 8b 15 20 c5 97 7e 65 8b [ 244.869359][ C0] RSP: 0018:ffffc90000af7428 EFLAGS: 00000293 [ 244.869367][ C0] RAX: ffffffff8191ed3a RBX: ffffea0004443cc8 RCX: ffff88811e6262c0 [ 244.869371][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 244.869376][ C0] RBP: ffffc90000af7428 R08: ffffffff8191ed2c R09: ffffed10239160ca [ 244.869380][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000000540e0 [ 244.869384][ C0] R13: ffff88811c8b05f8 R14: dffffc0000000000 R15: ffffea0004764c80 [ 244.869389][ C0] FS: 00005555574ef380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 244.869393][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 244.869397][ C0] CR2: 00005589a6a04910 CR3: 000000011e864000 CR4: 00000000003506b0 [ 244.869402][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 244.869406][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 244.869409][ C0] Call Trace: [ 244.869411][ C0] [ 244.869413][ C0] ? show_regs+0x58/0x60 [ 244.869417][ C0] ? nmi_cpu_backtrace+0x133/0x160 [ 244.869420][ C0] ? __sanitizer_cov_trace_pc+0x5c/0x60 [ 244.869423][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 244.869426][ C0] ? nmi_handle+0xa8/0x280 [ 244.869430][ C0] ? __sanitizer_cov_trace_pc+0x5c/0x60 [ 244.869433][ C0] ? default_do_nmi+0x69/0x160 [ 244.869436][ C0] ? exc_nmi+0xaf/0x120 [ 244.869439][ C0] ? end_repeat_nmi+0x16/0x31 [ 244.869442][ C0] ? mark_page_accessed+0x4c/0x900 [ 244.869445][ C0] ? mark_page_accessed+0x5a/0x900 [ 244.869448][ C0] ? __sanitizer_cov_trace_pc+0x5c/0x60 [ 244.869451][ C0] ? __sanitizer_cov_trace_pc+0x5c/0x60 [ 244.869455][ C0] ? __sanitizer_cov_trace_pc+0x5c/0x60 [ 244.869457][ C0] [ 244.869460][ C0] mark_page_accessed+0x5a/0x900 [ 244.869463][ C0] __find_get_block+0xdce/0x1320 [ 244.869466][ C0] ? kasan_check_range+0x3a/0x2a0 [ 244.869470][ C0] ? write_boundary_block+0x150/0x150 [ 244.869478][ C0] ? __find_get_block+0xdce/0x1320 [ 244.869481][ C0] __getblk_gfp+0x30/0x7e0 [ 244.869484][ C0] ? exfat_free_dentry_set+0x2c0/0x2c0 [ 244.869488][ C0] __bread_gfp+0x2f/0x340 [ 244.869491][ C0] exfat_get_dentry+0x2d9/0x6d0 [ 244.869494][ C0] ? sysvec_apic_timer_interrupt+0xcb/0xe0 [ 244.869498][ C0] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 244.869501][ C0] ? exfat_init_dir_entry+0xab0/0xab0 [ 244.869504][ C0] ? __kasan_check_write+0x14/0x20 [ 244.869507][ C0] ? exfat_ent_get+0x270/0x400 [ 244.869510][ C0] exfat_iterate+0xbee/0x3080 [ 244.869513][ C0] ? exfat_check_dir_empty+0x520/0x520 [ 244.869517][ C0] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 244.869520][ C0] ? switch_mm_irqs_off+0x71b/0x9a0 [ 244.869523][ C0] ? __switch_to_asm+0x34/0x60 [ 244.869526][ C0] ? __fsnotify_parent+0x6c0/0x6c0 [ 244.869529][ C0] ? __schedule+0xbee/0x1330 [ 244.869532][ C0] ? __kasan_check_write+0x14/0x20 [ 244.869535][ C0] ? security_file_permission+0x86/0xb0 [ 244.869538][ C0] iterate_dir+0x265/0x580 [ 244.869541][ C0] __se_sys_getdents64+0x1c1/0x460 [ 244.869545][ C0] ? __x64_sys_getdents64+0x90/0x90 [ 244.869547][ C0] ? filldir+0x680/0x680 [ 244.869551][ C0] ? debug_smp_processor_id+0x17/0x20 [ 244.869554][ C0] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 244.869556][ C0] ? irqentry_exit_to_user_mode+0x4d/0x80 [ 244.869559][ C0] __x64_sys_getdents64+0x7b/0x90 [ 244.869561][ C0] do_syscall_64+0x34/0x70 [ 244.869564][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 244.869566][ C0] RIP: 0033:0x7fb59799c0a3 [ 244.869574][ C0] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 a2 48 fb ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 [ 244.869576][ C0] RSP: 002b:00007ffec2ae95c8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 244.869582][ C0] RAX: ffffffffffffffda RBX: 00005555574f8730 RCX: 00007fb59799c0a3 [ 244.869586][ C0] RDX: 0000000000008000 RSI: 00005555574f8730 RDI: 0000000000000004 [ 244.869589][ C0] RBP: 00005555574f8704 R08: 0000000000000000 R09: 0000000000000000 [ 244.869592][ C0] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb8 [ 244.869596][ C0] R13: 0000000000000010 R14: 00005555574f8700 R15: 00007ffec2aeb840