./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2468708216 <...> Warning: Permanently added '10.128.1.66' (ECDSA) to the list of known hosts. execve("./syz-executor2468708216", ["./syz-executor2468708216"], 0x7ffdfcb2c570 /* 10 vars */) = 0 brk(NULL) = 0x555556761000 brk(0x555556761c40) = 0x555556761c40 arch_prctl(ARCH_SET_FS, 0x555556761300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2468708216", 4096) = 28 brk(0x555556782c40) = 0x555556782c40 brk(0x555556783000) = 0x555556783000 mprotect(0x7f5df423b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 ftruncate(3, 135266304) = 0 pwrite64(3, "\xe2\xe1\xf5\xe0\x95\x21\xe9\x3c\x02\x00\x00\x00\x0c\x00\x24", 15, 1024) = 15 pwrite64(3, "\x03\x00\x45\x31\x95\x44\x1e\x5a\x35\x5a", 10, 1152) = 10 pwrite64(3, "\xce\x37\x0d\x67\x73\x43\x27\x2d\x1c\x00\xb9\xf2\xf3\x04\x91\xb1\x6d\x13\xf8\x79\x7c\x5c\xc0\xc2\xff\xb5\x42\x87\xa7\x56\xd5\xcd\x99\x94\x2e\x8b\x32\x23\x6d", 39, 4096) = 39 pwrite64(3, "\xa8\x30\x3f\xe7\x90\x1a\xd2\x04\x51\xc7\xd5\x51\xec\x7a\x37\x3f\xcb\x1b\x06\x7a\x57\x27\x45\x62\x3d\x82\x00\xd6\x02\x92\x89\x0b\xd9\x69\xa6\xf0\x29\x57\x83\x51\x4e\x5e\xfc\x8d\xaa\x95\xbd\x91\x23\x0f\xdf\xaa\xd4\x02\x48\x10\x64\x62\x5f\x1f\xf8\x10\x8a\x09\x35\xaa\x40\x34\x12\x5d\xaa\xd0\xf9\x85\x72\xd5\x98\xe2\x24\x04\x63\xad\x34\x02\xe3\x57\x7b\xdd\xa3\xb1\xc3\x67\x5c\x0d\x5f\x29\xbe\x00\x66\xa2"..., 287, 51549) = 287 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "erofs", 0, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 close(3) = 0 [ 26.144463][ T23] audit: type=1400 audit(1667360269.669:73): avc: denied { execmem } for pid=304 comm="syz-executor246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 26.151664][ T304] erofs: (device loop0): mounted with opts: , root inode @ nid 36. [ 26.169678][ T23] audit: type=1400 audit(1667360269.679:74): avc: denied { read write } for pid=304 comm="syz-executor246" name="loop0" dev="devtmpfs" ino=9277 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 26.173793][ T304] attempt to access beyond end of device [ 26.173793][ T304] loop0: rw=0, want=2201354232, limit=264192 [ 26.196566][ T23] audit: type=1400 audit(1667360269.679:75): avc: denied { open } for pid=304 comm="syz-executor246" path="/dev/loop0" dev="devtmpfs" ino=9277 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 26.207903][ T304] BUG: unable to handle page fault for address: ffffed113ba9decb [ 26.231810][ T23] audit: type=1400 audit(1667360269.679:76): avc: denied { ioctl } for pid=304 comm="syz-executor246" path="/dev/loop0" dev="devtmpfs" ino=9277 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 26.239175][ T304] #PF: supervisor read access in kernel mode [ 26.239179][ T304] #PF: error_code(0x0000) - not-present page [ 26.239183][ T304] PGD 23fff3067 P4D 23fff3067 PUD 0 [ 26.239195][ T304] Oops: 0000 [#1] PREEMPT SMP KASAN [ 26.239208][ T304] CPU: 1 PID: 304 Comm: syz-executor246 Not tainted 5.4.210-syzkaller-00024-gbe0138c13b5d #0 [ 26.265159][ T23] audit: type=1400 audit(1667360269.679:77): avc: denied { mounton } for pid=304 comm="syz-executor246" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 26.270817][ T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [ 26.270846][ T304] RIP: 0010:z_erofs_vle_unzip_all+0x6c5/0x1b50 [ 26.270855][ T304] Code: 20 84 c0 0f 85 10 03 00 00 8b 03 c1 f8 02 89 c0 48 8b 4c 24 48 4c 8d 24 c1 4d 89 e6 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <41> 80 3c 06 00 74 08 4c 89 e7 e8 8c 1d 98 ff 4d 8b 2c 24 4d 85 ed [ 26.270859][ T304] RSP: 0018:ffff8881dd4ef560 EFLAGS: 00010a02 [ 26.276958][ T23] audit: type=1400 audit(1667360269.709:78): avc: denied { mount } for pid=304 comm="syz-executor246" name="/" dev="loop0" ino=36 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 26.282059][ T304] RAX: dffffc0000000000 RBX: ffffea00077ef2e8 RCX: ffff8881dd4ef660 [ 26.282063][ T304] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffea00077ef2e8 [ 26.282068][ T304] RBP: ffff8881dd4ef9a0 R08: dffffc0000000000 R09: fffff94000efde5e [ 26.282071][ T304] R10: fffff94000efde5e R11: 1ffffd4000efde5d R12: ffff8889dd4ef658 [ 26.282081][ T304] R13: ffffea00077ef2c0 R14: 1ffff1113ba9decb R15: 0000000000000000 [ 26.423872][ T304] FS: 0000555556761300(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 26.432767][ T304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.439317][ T304] CR2: ffffed113ba9decb CR3: 00000001ddbc9000 CR4: 00000000003406e0 [ 26.447259][ T304] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.455197][ T304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.463133][ T304] Call Trace: [ 26.466407][ T304] z_erofs_submit_and_unzip+0x134c/0x1400 [ 26.472091][ T304] ? z_erofs_submit_and_unzip+0x511/0x1400 [ 26.477866][ T304] z_erofs_vle_normalaccess_readpage+0x24f/0x540 [ 26.484166][ T304] do_read_cache_page+0x58d/0xa30 [ 26.489163][ T304] erofs_namei+0x138/0xfd0 [ 26.493544][ T304] ? d_set_d_op+0xfd/0x390 [ 26.497930][ T304] erofs_lookup+0xe8/0x350 [ 26.502319][ T304] ? _raw_spin_unlock+0x49/0x60 [ 26.507136][ T304] __lookup_hash+0x115/0x240 [ 26.511695][ T304] filename_create+0x193/0x6b0 [ 26.516424][ T304] do_mknodat+0x10f/0x3b0 [ 26.520721][ T304] ? __fpregs_load_activate+0x163/0x310 [ 26.526230][ T304] do_syscall_64+0xcb/0x1c0 [ 26.530701][ T304] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 26.536556][ T304] RIP: 0033:0x7f5df41cee19 [ 26.540938][ T304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 26.560507][ T304] RSP: 002b:00007ffdc77c6308 EFLAGS: 00000246 ORIG_RAX: 0000000000000103 [ 26.568898][ T304] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5df41cee19 [ 26.576837][ T304] RDX: 0000000000000004 RSI: 0000000020000080 RDI: 0000000000000005 [ 26.584774][ T304] RBP: 00007f5df418e610 R08: 00005555567612c0 R09: 0000000000000000 [ 26.592710][ T304] R10: 0000000000000700 R11: 0000000000000246 R12: 00007f5df418e6a0 [ 26.600646][ T304] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 26.608583][ T304] Modules linked in: [ 26.612445][ T304] CR2: ffffed113ba9decb [ 26.616563][ T304] ---[ end trace 6f641d94771428eb ]--- [ 26.621992][ T304] RIP: 0010:z_erofs_vle_unzip_all+0x6c5/0x1b50 [ 26.628110][ T304] Code: 20 84 c0 0f 85 10 03 00 00 8b 03 c1 f8 02 89 c0 48 8b 4c 24 48 4c 8d 24 c1 4d 89 e6 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <41> 80 3c 06 00 74 08 4c 89 e7 e8 8c 1d 98 ff 4d 8b 2c 24 4d 85 ed [ 26.647677][ T304] RSP: 0018:ffff8881dd4ef560 EFLAGS: 00010a02 [ 26.653705][ T304] RAX: dffffc0000000000 RBX: ffffea00077ef2e8 RCX: ffff8881dd4ef660 [ 26.661641][ T304] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffea00077ef2e8 [ 26.669578][ T304] RBP: ffff8881dd4ef9a0 R08: dffffc0000000000 R09: fffff94000efde5e [ 26.677519][ T304] R10: fffff94000efde5e R11: 1ffffd4000efde5d R12: ffff8889dd4ef658 [ 26.685456][ T304] R13: ffffea00077ef2c0 R14: 1ffff1113ba9decb R15: 0000000000000000 [ 26.693396][ T304] FS: 0000555556761300(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 26.702286][ T304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.708832][ T304] CR2: ffffed113ba9decb CR3: 00000001ddbc9000 CR4: 00000000003406e0 [ 26.716775][ T304] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.724715][ T304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.732653][ T304] Kernel panic - not syncing: Fatal exception [ 26.738954][ T304] Kernel Offset: disabled [ 26.743250][ T304] Rebooting in 86400 seconds..