./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1778007701

<...>

syzkaller
syzkaller login: [   45.046124][   T26] kauditd_printk_skb: 42 callbacks suppressed
[   45.046136][   T26] audit: type=1400 audit(1687827274.182:77): avc:  denied  { transition } for  pid=4842 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   45.074617][   T26] audit: type=1400 audit(1687827274.202:78): avc:  denied  { noatsecure } for  pid=4842 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   45.095433][   T26] audit: type=1400 audit(1687827274.222:79): avc:  denied  { write } for  pid=4842 comm="sh" path="pipe:[29950]" dev="pipefs" ino=29950 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   45.118469][   T26] audit: type=1400 audit(1687827274.222:80): avc:  denied  { rlimitinh } for  pid=4842 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   45.137798][   T26] audit: type=1400 audit(1687827274.222:81): avc:  denied  { siginh } for  pid=4842 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   46.180725][   T26] audit: type=1400 audit(1687827275.322:82): avc:  denied  { read } for  pid=4429 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
Warning: Permanently added '10.128.1.117' (ECDSA) to the list of known hosts.
execve("./syz-executor1778007701", ["./syz-executor1778007701"], 0x7fff2b3d6d00 /* 10 vars */) = 0
brk(NULL)                               = 0x5555568e6000
brk(0x5555568e6d00)                     = 0x5555568e6d00
arch_prctl(ARCH_SET_FS, 0x5555568e63c0) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1778007701", 4096) = 28
brk(0x555556907d00)                     = 0x555556907d00
brk(0x555556908000)                     = 0x555556908000
mprotect(0x7f7de74f2000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
[   61.303316][   T26] audit: type=1400 audit(1687827290.442:83): avc:  denied  { write } for  pid=4989 comm="strace-static-x" path="pipe:[29382]" dev="pipefs" ino=29382 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   61.332094][   T26] audit: type=1400 audit(1687827290.472:84): avc:  denied  { execmem } for  pid=4992 comm="syz-executor177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f7de7443c30, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f7de7443f50}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f7de7443c30, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f7de7443f50}, NULL, 8) = 0
mkdir("./file0", 0777)                  = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xffffffff81000000} ---
pipe2([3, 4], 0)                        = 0
write(4, "\x15\x00\x00\x00\x65\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 21) = 21
dup(4)                                  = 5
mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,") = -1 EREMOTEIO (Remote I/O error)
write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = 24
write(5, "\x4c\x01\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 311) = 311
[   61.351363][ T4992] ------------[ cut here ]------------
[   61.357174][ T4992] WARNING: CPU: 1 PID: 4992 at mm/page_alloc.c:4744 __alloc_pages+0x3a2/0x4a0
[   61.360806][   T26] audit: type=1400 audit(1687827290.482:85): avc:  denied  { mounton } for  pid=4992 comm="syz-executor177" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   61.366282][ T4992] Modules linked in:
[   61.392840][ T4992] CPU: 1 PID: 4992 Comm: syz-executor177 Not tainted 6.4.0-syzkaller-00082-gc0a572d9d32f #0
[   61.402979][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   61.413069][ T4992] RIP: 0010:__alloc_pages+0x3a2/0x4a0
[   61.418664][ T4992] Code: ff ff 00 0f 84 33 fe ff ff 80 ce 01 e9 2b fe ff ff 83 fe 0a 0f 86 3e fd ff ff 80 3d 8d 8c 99 0c 00 75 09 c6 05 84 8c 99 0c 01 <0f> 0b 45 31 f6 e9 8d fe ff ff e8 df 08 a2 ff 84 c0 0f 85 80 fe ff
[   61.438392][ T4992] RSP: 0018:ffffc9000337fac0 EFLAGS: 00010246
[   61.444455][ T4992] RAX: 0000000000000000 RBX: 1ffff9200066ff59 RCX: 0000000000000000
[   61.452470][ T4992] RDX: 0000000000000000 RSI: 0000000000000014 RDI: 0000000000000000
[   61.460483][ T4992] RBP: 0000000000040d40 R08: 0000000000000007 R09: 0000000000000000
[   61.468498][ T4992] R10: 0000000100000000 R11: ffffffff8a20008b R12: 0000000000000014
[   61.476488][ T4992] R13: 0000000000000000 R14: 0000000000040d40 R15: 0000000000000000
[   61.484544][ T4992] FS:  00005555568e63c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   61.493553][ T4992] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   61.500213][ T4992] CR2: 000000000066c7e0 CR3: 0000000074edc000 CR4: 00000000003506e0
[   61.508363][ T4992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   61.516336][ T4992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   61.524395][ T4992] Call Trace:
[   61.527701][ T4992]  <TASK>
[   61.530689][ T4992]  ? __warn+0xe6/0x390
[   61.534786][ T4992]  ? __alloc_pages+0x3a2/0x4a0
[   61.539608][ T4992]  ? report_bug+0x2da/0x500
[   61.544138][ T4992]  ? handle_bug+0x3c/0x70
[   61.548516][ T4992]  ? exc_invalid_op+0x18/0x50
[   61.553213][ T4992]  ? asm_exc_invalid_op+0x1a/0x20
[   61.558289][ T4992]  ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   61.564420][ T4992]  ? __alloc_pages+0x3a2/0x4a0
[   61.569251][ T4992]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[   61.576043][ T4992]  ? p9_client_clunk+0xc0/0x140
[   61.580993][ T4992]  ? v9fs_fid_lookup+0xf40/0xf40
[   61.585966][ T4992]  ? __phys_addr+0xc8/0x140
[   61.590533][ T4992]  __kmalloc_large_node+0x94/0x1d0
[   61.595679][ T4992]  ? v9fs_fid_get_acl+0x78/0x120
[   61.600677][ T4992]  __kmalloc+0x104/0x190
[   61.604953][ T4992]  v9fs_fid_get_acl+0x78/0x120
[   61.609773][ T4992]  v9fs_get_acl+0x3b2/0x5f0
[   61.614312][ T4992]  v9fs_mount+0x63a/0xc90
[   61.618706][ T4992]  ? v9fs_statfs+0x4d0/0x4d0
[   61.623327][ T4992]  ? cap_capable+0x1dc/0x240
[   61.627936][ T4992]  ? v9fs_statfs+0x4d0/0x4d0
[   61.632597][ T4992]  legacy_get_tree+0x109/0x220
[   61.637397][ T4992]  vfs_get_tree+0x8d/0x350
[   61.641916][ T4992]  path_mount+0x136e/0x1e70
[   61.646460][ T4992]  ? putname+0x102/0x140
[   61.650764][ T4992]  ? lockdep_hardirqs_on+0x7d/0x100
[   61.655999][ T4992]  ? finish_automount+0xa30/0xa30
[   61.661089][ T4992]  ? putname+0x102/0x140
[   61.665385][ T4992]  __x64_sys_mount+0x283/0x300
[   61.670233][ T4992]  ? copy_mnt_ns+0xb30/0xb30
[   61.674853][ T4992]  ? lockdep_hardirqs_on+0x7d/0x100
[   61.680141][ T4992]  ? _raw_spin_unlock_irq+0x2e/0x50
[   61.685393][ T4992]  ? ptrace_notify+0xfe/0x140
[   61.690140][ T4992]  do_syscall_64+0x39/0xb0
[   61.694602][ T4992]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   61.700576][ T4992] RIP: 0033:0x7f7de7485999
[   61.705032][ T4992] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   61.724715][ T4992] RSP: 002b:00007ffdcf21f608 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   61.733192][ T4992] RAX: ffffffffffffffda RBX: 00007ffdcf21f618 RCX: 00007f7de7485999
[   61.741208][ T4992] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000
[   61.749224][ T4992] RBP: 00007ffdcf21f610 R08: 00000000200003c0 R09: 00007f7de7443c30
[   61.757191][ T4992] R10: 0000000002004812 R11: 0000000000000246 R12: 0000000000000000
[   61.765208][ T4992] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   61.773347][ T4992]  </TASK>
[   61.776403][ T4992] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   61.783787][ T4992] CPU: 1 PID: 4992 Comm: syz-executor177 Not tainted 6.4.0-syzkaller-00082-gc0a572d9d32f #0
[   61.793876][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   61.803966][ T4992] Call Trace:
[   61.807336][ T4992]  <TASK>
[   61.810308][ T4992]  dump_stack_lvl+0xd9/0x150
[   61.814909][ T4992]  panic+0x686/0x730
[   61.818806][ T4992]  ? panic_smp_self_stop+0xa0/0xa0
[   61.823926][ T4992]  ? show_trace_log_lvl+0x284/0x390
[   61.829141][ T4992]  ? __alloc_pages+0x3a2/0x4a0
[   61.833920][ T4992]  check_panic_on_warn+0xb1/0xc0
[   61.838864][ T4992]  __warn+0xf2/0x390
[   61.842758][ T4992]  ? __alloc_pages+0x3a2/0x4a0
[   61.847523][ T4992]  report_bug+0x2da/0x500
[   61.851873][ T4992]  handle_bug+0x3c/0x70
[   61.856036][ T4992]  exc_invalid_op+0x18/0x50
[   61.860544][ T4992]  asm_exc_invalid_op+0x1a/0x20
[   61.865396][ T4992] RIP: 0010:__alloc_pages+0x3a2/0x4a0
[   61.870870][ T4992] Code: ff ff 00 0f 84 33 fe ff ff 80 ce 01 e9 2b fe ff ff 83 fe 0a 0f 86 3e fd ff ff 80 3d 8d 8c 99 0c 00 75 09 c6 05 84 8c 99 0c 01 <0f> 0b 45 31 f6 e9 8d fe ff ff e8 df 08 a2 ff 84 c0 0f 85 80 fe ff
[   61.890482][ T4992] RSP: 0018:ffffc9000337fac0 EFLAGS: 00010246
[   61.896549][ T4992] RAX: 0000000000000000 RBX: 1ffff9200066ff59 RCX: 0000000000000000
[   61.904786][ T4992] RDX: 0000000000000000 RSI: 0000000000000014 RDI: 0000000000000000
[   61.912751][ T4992] RBP: 0000000000040d40 R08: 0000000000000007 R09: 0000000000000000
[   61.920716][ T4992] R10: 0000000100000000 R11: ffffffff8a20008b R12: 0000000000000014
[   61.928688][ T4992] R13: 0000000000000000 R14: 0000000000040d40 R15: 0000000000000000
[   61.936675][ T4992]  ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   61.942766][ T4992]  ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[   61.949539][ T4992]  ? p9_client_clunk+0xc0/0x140
[   61.954389][ T4992]  ? v9fs_fid_lookup+0xf40/0xf40
[   61.959328][ T4992]  ? __phys_addr+0xc8/0x140
[   61.963831][ T4992]  __kmalloc_large_node+0x94/0x1d0
[   61.968941][ T4992]  ? v9fs_fid_get_acl+0x78/0x120
[   61.973879][ T4992]  __kmalloc+0x104/0x190
[   61.978129][ T4992]  v9fs_fid_get_acl+0x78/0x120
[   61.982909][ T4992]  v9fs_get_acl+0x3b2/0x5f0
[   61.987409][ T4992]  v9fs_mount+0x63a/0xc90
[   61.991736][ T4992]  ? v9fs_statfs+0x4d0/0x4d0
[   61.996349][ T4992]  ? cap_capable+0x1dc/0x240
[   62.000953][ T4992]  ? v9fs_statfs+0x4d0/0x4d0
[   62.005538][ T4992]  legacy_get_tree+0x109/0x220
[   62.010309][ T4992]  vfs_get_tree+0x8d/0x350
[   62.014733][ T4992]  path_mount+0x136e/0x1e70
[   62.019236][ T4992]  ? putname+0x102/0x140
[   62.023479][ T4992]  ? lockdep_hardirqs_on+0x7d/0x100
[   62.028679][ T4992]  ? finish_automount+0xa30/0xa30
[   62.033705][ T4992]  ? putname+0x102/0x140
[   62.037942][ T4992]  __x64_sys_mount+0x283/0x300
[   62.042710][ T4992]  ? copy_mnt_ns+0xb30/0xb30
[   62.047319][ T4992]  ? lockdep_hardirqs_on+0x7d/0x100
[   62.052538][ T4992]  ? _raw_spin_unlock_irq+0x2e/0x50
[   62.057737][ T4992]  ? ptrace_notify+0xfe/0x140
[   62.062412][ T4992]  do_syscall_64+0x39/0xb0
[   62.066829][ T4992]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   62.072726][ T4992] RIP: 0033:0x7f7de7485999
[   62.077240][ T4992] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   62.096866][ T4992] RSP: 002b:00007ffdcf21f608 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   62.105366][ T4992] RAX: ffffffffffffffda RBX: 00007ffdcf21f618 RCX: 00007f7de7485999
[   62.113338][ T4992] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000
[   62.121412][ T4992] RBP: 00007ffdcf21f610 R08: 00000000200003c0 R09: 00007f7de7443c30
[   62.129386][ T4992] R10: 0000000002004812 R11: 0000000000000246 R12: 0000000000000000
[   62.137357][ T4992] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   62.145328][ T4992]  </TASK>
[   62.148596][ T4992] Kernel Offset: disabled
[   62.153013][ T4992] Rebooting in 86400 seconds..