./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3180045656 <...> syzkaller syzkaller login: [ 6.353334][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 10.819769][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 10.819779][ T23] audit: type=1400 audit(1669491079.269:71): avc: denied { transition } for pid=290 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 10.824334][ T23] audit: type=1400 audit(1669491079.269:72): avc: denied { write } for pid=290 comm="sh" path="pipe:[9050]" dev="pipefs" ino=9050 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 11.253050][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 11.923689][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 12.083017][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! Warning: Permanently added '10.128.1.31' (ECDSA) to the list of known hosts. execve("./syz-executor3180045656", ["./syz-executor3180045656"], 0x7ffd65a02b90 /* 10 vars */) = 0 brk(NULL) = 0x555555811000 brk(0x555555811c40) = 0x555555811c40 arch_prctl(ARCH_SET_FS, 0x555555811300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3180045656", 4096) = 28 brk(0x555555832c40) = 0x555555832c40 brk(0x555555833000) = 0x555555833000 mprotect(0x7f58f0be9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f58e8730000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7f58e8730000, 262144) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 23.183069][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #88!!! [ 23.184456][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 23.188087][ T23] audit: type=1400 audit(1669491091.639:73): avc: denied { execmem } for pid=371 comm="syz-executor318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.192359][ T23] audit: type=1400 audit(1669491091.639:74): avc: denied { read write } for pid=371 comm="syz-executor318" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.195933][ T371] EXT4-fs (loop0): Mount option "nouser_xattr" will be removed by 3.5 [ 23.195933][ T371] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 23.195933][ T371] [ 23.197545][ T23] audit: type=1400 audit(1669491091.639:75): avc: denied { open } for pid=371 comm="syz-executor318" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.198628][ T371] EXT4-fs (loop0): Ignoring removed nobh option [ 23.201891][ T23] audit: type=1400 audit(1669491091.639:76): avc: denied { ioctl } for pid=371 comm="syz-executor318" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.202739][ T371] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 23.220029][ T23] audit: type=1400 audit(1669491091.649:77): avc: denied { mounton } for pid=371 comm="syz-executor318" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 23.230037][ T371] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 23.263364][ T371] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2179: inode #15: comm syz-executor318: corrupted in-inode xattr mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS, "nouser_xattr,acl,debug_want_extra_isize=0x0000000000000080,lazytime,nobh,quota,,errors=continue") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 23.275905][ T371] EXT4-fs error (device loop0): ext4_orphan_get:1395: comm syz-executor318: couldn't read orphan inode 15 (err -117) [ 23.288398][ T371] EXT4-fs (loop0): mounted filesystem without journal. Opts: nouser_xattr,acl,debug_want_extra_isize=0x0000000000000080,lazytime,nobh,quota,,errors=continue [ 23.304310][ T23] audit: type=1400 audit(1669491091.769:78): avc: denied { mount } for pid=371 comm="syz-executor318" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 23.327823][ T371] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 23.332644][ T23] audit: type=1400 audit(1669491091.789:79): avc: denied { write } for pid=371 comm="syz-executor318" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.339534][ T371] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 23.339545][ T371] CPU: 1 PID: 371 Comm: syz-executor318 Not tainted 5.10.153-syzkaller-00570-g673a7341bdab #0 [ 23.339549][ T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 23.339573][ T371] RIP: 0010:ext4_xattr_set_entry+0x4a7/0x3820 [ 23.339582][ T371] Code: 00 00 48 89 d8 48 c1 e8 03 48 89 84 24 28 01 00 00 42 80 3c 20 00 74 08 48 89 df e8 a3 82 ba ff 4c 8b 33 4c 89 f0 48 c1 e8 03 <42> 8a 04 20 84 c0 0f 85 8f 2d 00 00 4c 89 f8 48 2b 44 24 18 48 89 [ 23.339596][ T371] RSP: 0018:ffffc9000097f3a0 EFLAGS: 00010246 [ 23.361690][ T23] audit: type=1400 audit(1669491091.789:80): avc: denied { add_name } for pid=371 comm="syz-executor318" name=E91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.369727][ T371] [ 23.369735][ T371] RAX: 0000000000000000 RBX: ffffc9000097f7a0 RCX: ffff8881067e8000 [ 23.369741][ T371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001c [ 23.369747][ T371] RBP: ffffc9000097f638 R08: ffffffff81ec8439 R09: ffffed10234cc8e7 [ 23.369753][ T371] R10: ffffed10234cc8e7 R11: 1ffff110234cc8e6 R12: dffffc0000000000 [ 23.369766][ T371] R13: 1ffff9200012feee R14: 0000000000000000 R15: 0000000000000000 [ 23.380170][ T23] audit: type=1400 audit(1669491091.789:81): avc: denied { create } for pid=371 comm="syz-executor318" name=E91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 23.390001][ T371] FS: 0000555555811300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 23.390008][ T371] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.390022][ T371] CR2: 00007ffd1254e000 CR3: 000000011e022000 CR4: 00000000003506a0 [ 23.530574][ T371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.538515][ T371] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.546455][ T371] Call Trace: [ 23.549719][ T371] ? errseq_check+0x40/0x70 [ 23.554192][ T371] ? ext4_xattr_ibody_inline_set+0x380/0x380 [ 23.560142][ T371] ? __ext4_journal_ensure_credits+0x460/0x460 [ 23.566264][ T371] ? __kasan_check_write+0x14/0x20 [ 23.571345][ T371] ? _raw_spin_lock_irqsave+0xf8/0x210 [ 23.576772][ T371] ? ext4_reserve_inode_write+0x2d2/0x380 [ 23.582460][ T371] ? __kasan_check_write+0x14/0x20 [ 23.587545][ T371] ext4_xattr_ibody_set+0x7c/0x2a0 [ 23.592625][ T371] ext4_xattr_set_handle+0xc5d/0x15a0 [ 23.597966][ T371] ? ext4_xattr_set_entry+0x3820/0x3820 [ 23.603481][ T371] ? selinux_inode_free_security+0x200/0x200 [ 23.609429][ T371] ext4_initxattrs+0xb2/0x120 [ 23.614073][ T371] security_inode_init_security+0x26c/0x3c0 [ 23.619935][ T371] ? ext4_init_security+0x40/0x40 [ 23.624926][ T371] ? security_dentry_create_files_as+0xd0/0xd0 [ 23.631079][ T371] ? __ext4_set_acl+0x5f0/0x5f0 [ 23.635898][ T371] ? prandom_u32+0x24c/0x290 [ 23.640458][ T371] ext4_init_security+0x34/0x40 [ 23.645279][ T371] __ext4_new_inode+0x3648/0x4530 [ 23.650271][ T371] ? ext4_mark_inode_used+0xc00/0xc00 [ 23.656914][ T371] ? dquot_initialize+0x20/0x20 [ 23.663470][ T371] ? may_create+0x641/0x8b0 [ 23.667945][ T371] ext4_create+0x266/0x540 [ 23.672330][ T371] ? ext4_lookup+0xb20/0xb20 [ 23.676888][ T371] ? security_inode_create+0xf1/0x130 [ 23.682228][ T371] vfs_create+0x378/0x500 [ 23.686630][ T371] do_mknodat+0x323/0x430 [ 23.690929][ T371] ? may_open+0x3f0/0x3f0 [ 23.695229][ T371] __x64_sys_mknodat+0x9b/0xb0 [ 23.699963][ T371] do_syscall_64+0x34/0x70 [ 23.704350][ T371] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 23.710212][ T371] RIP: 0033:0x7f58f0b7c7f9 [ 23.714598][ T371] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 23.734175][ T371] RSP: 002b:00007ffd1254da18 EFLAGS: 00000246 ORIG_RAX: 0000000000000103 [ 23.742577][ T371] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f58f0b7c7f9 [ 23.750529][ T371] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 00000000ffffff9c [ 23.758472][ T371] RBP: 00007f58f0b3c090 R08: 0000000000000421 R09: 0000000000000000 [ 23.766431][ T371] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f58f0b3c120 [ 23.774373][ T371] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 23.782315][ T371] Modules linked in: [ 23.786296][ T371] ---[ end trace 41fd6200ce5814ea ]--- [ 23.791754][ T371] RIP: 0010:ext4_xattr_set_entry+0x4a7/0x3820 [ 23.797817][ T371] Code: 00 00 48 89 d8 48 c1 e8 03 48 89 84 24 28 01 00 00 42 80 3c 20 00 74 08 48 89 df e8 a3 82 ba ff 4c 8b 33 4c 89 f0 48 c1 e8 03 <42> 8a 04 20 84 c0 0f 85 8f 2d 00 00 4c 89 f8 48 2b 44 24 18 48 89 [ 23.817456][ T371] RSP: 0018:ffffc9000097f3a0 EFLAGS: 00010246 [ 23.823532][ T371] RAX: 0000000000000000 RBX: ffffc9000097f7a0 RCX: ffff8881067e8000 [ 23.831920][ T371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001c [ 23.839901][ T371] RBP: ffffc9000097f638 R08: ffffffff81ec8439 R09: ffffed10234cc8e7 [ 23.847879][ T371] R10: ffffed10234cc8e7 R11: 1ffff110234cc8e6 R12: dffffc0000000000 [ 23.855853][ T371] R13: 1ffff9200012feee R14: 0000000000000000 R15: 0000000000000000 [ 23.863825][ T371] FS: 0000555555811300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 23.874489][ T371] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.881058][ T371] CR2: 00007ffd1254e000 CR3: 000000011e022000 CR4: 00000000003506a0 [ 23.889071][ T371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.898598][ T371] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.906616][ T371] Kernel panic - not syncing: Fatal exception [ 23.912855][ T371] Kernel Offset: disabled [ 23.917160][ T371] Rebooting in 86400 seconds..