./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1870632946 <...> syzkaller syzkaller login: [ 61.574364][ T26] kauditd_printk_skb: 42 callbacks suppressed [ 61.574378][ T26] audit: type=1400 audit(1686706117.288:77): avc: denied { transition } for pid=4843 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 61.608472][ T26] audit: type=1400 audit(1686706117.318:78): avc: denied { noatsecure } for pid=4843 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 61.637125][ T26] audit: type=1400 audit(1686706117.328:79): avc: denied { write } for pid=4843 comm="sh" path="pipe:[29955]" dev="pipefs" ino=29955 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 61.659721][ T26] audit: type=1400 audit(1686706117.328:80): avc: denied { rlimitinh } for pid=4843 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 61.681825][ T26] audit: type=1400 audit(1686706117.328:81): avc: denied { siginh } for pid=4843 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 62.344562][ T26] audit: type=1400 audit(1686706118.058:82): avc: denied { read } for pid=4428 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 Warning: Permanently added '10.128.0.131' (ECDSA) to the list of known hosts. execve("./syz-executor1870632946", ["./syz-executor1870632946"], 0x7ffce81a3ed0 /* 10 vars */) = 0 brk(NULL) = 0x55555589e000 brk(0x55555589ec40) = 0x55555589ec40 arch_prctl(ARCH_SET_FS, 0x55555589e300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1870632946", 4096) = 28 brk(0x5555558bfc40) = 0x5555558bfc40 brk(0x5555558c0000) = 0x5555558c0000 mprotect(0x7f490b8ab000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 [ 80.749948][ T26] audit: type=1400 audit(1686706136.458:83): avc: denied { write } for pid=4992 comm="strace-static-x" path="pipe:[30059]" dev="pipefs" ino=30059 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 80.775755][ T4995] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4995 'syz-executor187' memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f49033f2000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 munmap(0x7f49033f2000, 32768) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 80.776320][ T26] audit: type=1400 audit(1686706136.488:84): avc: denied { execmem } for pid=4995 comm="syz-executor187" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 80.792528][ T4995] loop0: detected capacity change from 0 to 64 [ 80.805871][ T26] audit: type=1400 audit(1686706136.498:85): avc: denied { read write } for pid=4995 comm="syz-executor187" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 80.823158][ T4995] general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN [ 80.835727][ T26] audit: type=1400 audit(1686706136.498:86): avc: denied { open } for pid=4995 comm="syz-executor187" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 80.846752][ T4995] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 80.846773][ T4995] CPU: 0 PID: 4995 Comm: syz-executor187 Not tainted 6.4.0-rc6-syzkaller-00026-gfb054096aea0 #0 [ 80.846805][ T4995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 80.871419][ T26] audit: type=1400 audit(1686706136.498:87): avc: denied { ioctl } for pid=4995 comm="syz-executor187" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 80.879307][ T4995] RIP: 0010:hfs_find_init+0x74/0x240 [ 80.890090][ T26] audit: type=1400 audit(1686706136.528:88): avc: denied { mounton } for pid=4995 comm="syz-executor187" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 80.899782][ T4995] Code: c1 ea 03 80 3c 02 00 0f 85 bc 01 00 00 4c 8d 6b 40 48 c7 45 18 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 6b 01 00 00 8b 43 40 be c0 0c [ 80.899813][ T4995] RSP: 0018:ffffc90003467530 EFLAGS: 00010202 [ 80.899838][ T4995] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 80.899856][ T4995] RDX: 0000000000000008 RSI: ffffffff824fda75 RDI: ffffc900034675b0 [ 80.899874][ T4995] RBP: ffffc90003467598 R08: 0000000000000004 R09: 0000000000000004 [ 80.899891][ T4995] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000004 [ 80.899908][ T4995] R13: 0000000000000040 R14: ffff88802128150a R15: ffffc90003467598 [ 81.019203][ T4995] FS: 000055555589e300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 81.028157][ T4995] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.034756][ T4995] CR2: 00007ffe4986a000 CR3: 0000000020ad6000 CR4: 00000000003506f0 [ 81.042747][ T4995] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.050765][ T4995] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.058760][ T4995] Call Trace: [ 81.062049][ T4995] [ 81.064991][ T4995] ? die_addr+0x3c/0xa0 [ 81.069182][ T4995] ? exc_general_protection+0x129/0x230 [ 81.074760][ T4995] ? asm_exc_general_protection+0x26/0x30 [ 81.080514][ T4995] ? hfs_find_init+0x15/0x240 [ 81.085217][ T4995] ? hfs_find_init+0x74/0x240 [ 81.089918][ T4995] hfs_ext_read_extent+0x18d/0xa20 [ 81.095061][ T4995] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 81.100635][ T4995] ? find_held_lock+0x2d/0x110 [ 81.105422][ T4995] ? hfs_free_extents+0x2e0/0x2e0 [ 81.110484][ T4995] ? folio_create_buffers+0x10b/0x160 [ 81.115883][ T4995] ? lock_downgrade+0x690/0x690 [ 81.120764][ T4995] hfs_get_block+0x48d/0x820 [ 81.125384][ T4995] block_read_full_folio+0x41d/0xab0 [ 81.130779][ T4995] ? hfs_extend_file+0xae0/0xae0 [ 81.135741][ T4995] ? decrypt_bh+0x390/0x390 [ 81.140266][ T4995] ? folio_flags.constprop.0+0x53/0x150 [ 81.145828][ T4995] ? folio_add_lru+0x47f/0x7c0 [ 81.150606][ T4995] ? hfs_bmap+0x30/0x30 [ 81.154785][ T4995] filemap_read_folio+0xdb/0x2c0 [ 81.159744][ T4995] ? __folio_lock_killable+0x20/0x20 [ 81.165048][ T4995] ? __filemap_get_folio+0x1f8/0x990 [ 81.170356][ T4995] do_read_cache_folio+0x1f2/0x510 [ 81.175492][ T4995] ? hfs_bmap+0x30/0x30 [ 81.179679][ T4995] read_cache_page+0x5d/0x160 [ 81.184384][ T4995] hfs_btree_open+0x66f/0x1090 [ 81.189176][ T4995] hfs_mdb_get+0x15fe/0x20c0 [ 81.193798][ T4995] ? hfs_mdb_put+0x380/0x380 [ 81.198435][ T4995] ? do_raw_spin_lock+0x124/0x2b0 [ 81.203501][ T4995] ? spin_bug+0x1c0/0x1c0 [ 81.207857][ T4995] ? lockdep_init_map_type+0x21e/0x810 [ 81.213346][ T4995] ? lockdep_init_map_type+0x21e/0x810 [ 81.218834][ T4995] ? __raw_spin_lock_init+0x3a/0x110 [ 81.224152][ T4995] hfs_fill_super+0xe7f/0x1480 [ 81.228952][ T4995] ? hfs_remount+0x2c0/0x2c0 [ 81.233572][ T4995] ? vsnprintf+0x4df/0x1710 [ 81.238107][ T4995] ? pointer+0xc50/0xc50 [ 81.242382][ T4995] ? snprintf+0xbf/0x100 [ 81.246654][ T4995] ? vsprintf+0x30/0x30 [ 81.250841][ T4995] ? wait_for_completion_io_timeout+0x20/0x20 [ 81.256938][ T4995] ? set_blocksize+0x2d8/0x370 [ 81.261740][ T4995] mount_bdev+0x358/0x420 [ 81.266103][ T4995] ? hfs_remount+0x2c0/0x2c0 [ 81.270729][ T4995] ? hfs_statfs+0x4b0/0x4b0 [ 81.275267][ T4995] legacy_get_tree+0x109/0x220 [ 81.280080][ T4995] vfs_get_tree+0x8d/0x350 [ 81.284526][ T4995] path_mount+0x134b/0x1e40 [ 81.289061][ T4995] ? putname+0x102/0x140 [ 81.293327][ T4995] ? lockdep_hardirqs_on+0x7d/0x100 [ 81.298563][ T4995] ? finish_automount+0x9b0/0x9b0 [ 81.303621][ T4995] ? putname+0x102/0x140 [ 81.307891][ T4995] __x64_sys_mount+0x283/0x300 [ 81.312690][ T4995] ? copy_mnt_ns+0xb30/0xb30 [ 81.317331][ T4995] ? lockdep_hardirqs_on+0x7d/0x100 [ 81.322565][ T4995] ? _raw_spin_unlock_irq+0x2e/0x50 [ 81.327809][ T4995] ? ptrace_notify+0xfe/0x140 [ 81.332516][ T4995] do_syscall_64+0x39/0xb0 [ 81.336954][ T4995] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.342886][ T4995] RIP: 0033:0x7f490b83fb8a [ 81.347342][ T4995] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 81.366974][ T4995] RSP: 002b:00007ffe49869158 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 81.375444][ T4995] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f490b83fb8a [ 81.383433][ T4995] RDX: 0000000020000240 RSI: 0000000020000280 RDI: 00007ffe49869160 [ 81.391425][ T4995] RBP: 00007ffe49869160 R08: 00007ffe498691a0 R09: 0000000000000258 [ 81.399412][ T4995] R10: 0000000000000003 R11: 0000000000000286 R12: 0000000000000004 [ 81.407400][ T4995] R13: 000055555589e2c0 R14: 00007ffe498691a0 R15: 0000000000000000 [ 81.415398][ T4995] [ 81.418429][ T4995] Modules linked in: [ 81.424973][ T4995] ---[ end trace 0000000000000000 ]--- [ 81.425394][ T26] audit: type=1400 audit(1686706137.138:89): avc: denied { append } for pid=4428 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 81.430555][ T4995] RIP: 0010:hfs_find_init+0x74/0x240 [ 81.452605][ T26] audit: type=1400 audit(1686706137.138:90): avc: denied { open } for pid=4428 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 81.461780][ T4995] Code: c1 ea 03 80 3c 02 00 0f 85 bc 01 00 00 4c 8d 6b 40 48 c7 45 18 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 6b 01 00 00 8b 43 40 be c0 0c [ 81.480266][ T26] audit: type=1400 audit(1686706137.138:91): avc: denied { getattr } for pid=4428 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 81.500229][ T4995] RSP: 0018:ffffc90003467530 EFLAGS: 00010202 [ 81.528826][ T4995] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 81.536920][ T4995] RDX: 0000000000000008 RSI: ffffffff824fda75 RDI: ffffc900034675b0 [ 81.544944][ T4995] RBP: ffffc90003467598 R08: 0000000000000004 R09: 0000000000000004 [ 81.553121][ T4995] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000004 [ 81.561099][ T4995] R13: 0000000000000040 R14: ffff88802128150a R15: ffffc90003467598 [ 81.569182][ T4995] FS: 000055555589e300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 81.578179][ T4995] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.584806][ T4995] CR2: 00007ffe4986a000 CR3: 0000000020ad6000 CR4: 00000000003506f0 [ 81.592844][ T4995] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.600827][ T4995] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.608839][ T4995] Kernel panic - not syncing: Fatal exception [ 81.615167][ T4995] Kernel Offset: disabled [ 81.619499][ T4995] Rebooting in 86400 seconds..