./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3740775420 <...> [ 61.346005][ T26] audit: type=1400 audit(1687844414.289:80): avc: denied { rlimitinh } for pid=4847 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 61.365822][ T26] audit: type=1400 audit(1687844414.289:81): avc: denied { siginh } for pid=4847 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 62.049090][ T26] audit: type=1400 audit(1687844415.049:82): avc: denied { read } for pid=4429 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 Warning: Permanently added '10.128.1.38' (ECDSA) to the list of known hosts. execve("./syz-executor3740775420", ["./syz-executor3740775420"], 0x7ffeebea9760 /* 10 vars */) = 0 brk(NULL) = 0x5555564c1000 brk(0x5555564c1c40) = 0x5555564c1c40 arch_prctl(ARCH_SET_FS, 0x5555564c1300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3740775420", 4096) = 28 brk(0x5555564e2c40) = 0x5555564e2c40 brk(0x5555564e3000) = 0x5555564e3000 mprotect(0x7fe757b86000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 [ 80.973428][ T26] audit: type=1400 audit(1687844433.979:83): avc: denied { write } for pid=4994 comm="strace-static-x" path="pipe:[29248]" dev="pipefs" ino=29248 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 81.000618][ T26] audit: type=1400 audit(1687844434.009:84): avc: denied { append } for pid=4429 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 81.004868][ T4997] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4997 'syz-executor374' [ 81.022830][ T26] audit: type=1400 audit(1687844434.009:85): avc: denied { open } for pid=4429 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe74f6cc000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7fe74f6cc000, 524288) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 81.022886][ T26] audit: type=1400 audit(1687844434.009:86): avc: denied { getattr } for pid=4429 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 81.022943][ T26] audit: type=1400 audit(1687844434.009:87): avc: denied { execmem } for pid=4997 comm="syz-executor374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "hfsplus", 0, "\x74\x79\x70\x65\x3d\xc5\x0c\xb8\xcf\x2c\x67\x69\x64\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x2c\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x6e\x6c\x73\x3d\x64\x65\x66\x61\x75\x6c\x74\x2c") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 81.107369][ T26] audit: type=1400 audit(1687844434.109:88): avc: denied { read write } for pid=4997 comm="syz-executor374" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 81.112127][ T4997] loop0: detected capacity change from 0 to 1024 [ 81.131890][ T26] audit: type=1400 audit(1687844434.109:89): avc: denied { open } for pid=4997 comm="syz-executor374" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 81.162742][ T26] audit: type=1400 audit(1687844434.109:90): avc: denied { ioctl } for pid=4997 comm="syz-executor374" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 81.170712][ T4997] ------------[ cut here ]------------ [ 81.194211][ T4997] kernel BUG at fs/hfsplus/xattr.c:175! [ 81.200096][ T4997] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 81.206295][ T4997] CPU: 0 PID: 4997 Comm: syz-executor374 Not tainted 6.4.0-syzkaller-00082-gc0a572d9d32f #0 [ 81.208652][ T26] audit: type=1400 audit(1687844434.139:91): avc: denied { mounton } for pid=4997 comm="syz-executor374" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 81.216373][ T4997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 81.216391][ T4997] RIP: 0010:__hfsplus_setxattr+0x1b32/0x1e70 [ 81.255740][ T4997] Code: 89 ef e8 71 75 85 ff e9 b9 f2 ff ff e8 27 76 85 ff e9 76 f2 ff ff 48 8b 7c 24 28 e8 58 75 85 ff e9 c9 f2 ff ff e8 9e 99 33 ff <0f> 0b 48 8b 7c 24 38 e8 62 75 85 ff e9 b4 ee ff ff e8 88 99 33 ff [ 81.275371][ T4997] RSP: 0018:ffffc900033af540 EFLAGS: 00010293 [ 81.281454][ T4997] RAX: 0000000000000000 RBX: ffff88801738c000 RCX: 0000000000000000 [ 81.289439][ T4997] RDX: ffff88807af4e140 RSI: ffffffff824fd2d2 RDI: 0000000000000007 [ 81.297424][ T4997] RBP: ffff88802c00afb0 R08: 0000000000000007 R09: 0000000000000000 [ 81.305871][ T4997] R10: 0000000000010000 R11: 0000000000000005 R12: 0000000000000000 [ 81.313907][ T4997] R13: ffffc900033af608 R14: ffff88801a27a000 R15: ffff88802c00af40 [ 81.321905][ T4997] FS: 00005555564c1300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 81.330859][ T4997] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.337473][ T4997] CR2: 00007fe757af0cf0 CR3: 00000000751f8000 CR4: 00000000003506f0 [ 81.345497][ T4997] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.353487][ T4997] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.361475][ T4997] Call Trace: [ 81.364766][ T4997] [ 81.367708][ T4997] ? die+0x32/0x90 [ 81.371469][ T4997] ? do_trap+0x1b2/0x3f0 [ 81.375737][ T4997] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 81.381137][ T4997] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 81.386533][ T4997] ? do_error_trap+0xb1/0x170 [ 81.391257][ T4997] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 81.396915][ T4997] ? handle_invalid_op+0x2c/0x30 [ 81.401883][ T4997] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 81.407276][ T4997] ? exc_invalid_op+0x2f/0x50 [ 81.412028][ T4997] ? asm_exc_invalid_op+0x1a/0x20 [ 81.417073][ T4997] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 81.422469][ T4997] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 81.427875][ T4997] ? __stack_depot_save+0x23b/0x510 [ 81.433108][ T4997] ? lock_downgrade+0x690/0x690 [ 81.437993][ T4997] ? copy_name+0xa0/0xa0 [ 81.442259][ T4997] ? lockdep_hardirqs_on+0x7d/0x100 [ 81.447487][ T4997] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 81.453335][ T4997] ? __stack_depot_save+0x23b/0x510 [ 81.458571][ T4997] ? kasan_save_stack+0x32/0x40 [ 81.463446][ T4997] ? kasan_save_stack+0x22/0x40 [ 81.468314][ T4997] ? kasan_set_track+0x25/0x30 [ 81.473114][ T4997] ? __kasan_kmalloc+0xa3/0xb0 [ 81.477923][ T4997] ? hfsplus_setxattr+0x61/0x120 [ 81.482900][ T4997] ? __vfs_setxattr+0x173/0x1e0 [ 81.487779][ T4997] ? __vfs_setxattr_noperm+0x129/0x5f0 [ 81.493263][ T4997] ? __vfs_setxattr_locked+0x1d3/0x260 [ 81.498741][ T4997] ? vfs_setxattr+0x143/0x340 [ 81.503449][ T4997] ? do_setxattr+0x147/0x190 [ 81.508144][ T4997] ? setxattr+0x146/0x160 [ 81.512503][ T4997] ? path_setxattr+0x197/0x1c0 [ 81.517296][ T4997] ? __x64_sys_lsetxattr+0xc1/0x160 [ 81.522518][ T4997] ? do_syscall_64+0x39/0xb0 [ 81.527154][ T4997] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.533264][ T4997] ? find_held_lock+0x2d/0x110 [ 81.538054][ T4997] ? __kmem_cache_alloc_node+0x43/0x3f0 [ 81.543639][ T4997] ? mark_held_locks+0x9f/0xe0 [ 81.548434][ T4997] ? __kmem_cache_alloc_node+0x170/0x3f0 [ 81.554110][ T4997] hfsplus_setxattr+0xce/0x120 [ 81.558902][ T4997] ? hfsplus_init_security+0x40/0x40 [ 81.564210][ T4997] __vfs_setxattr+0x173/0x1e0 [ 81.568911][ T4997] ? __vfs_removexattr+0x1c0/0x1c0 [ 81.574061][ T4997] ? cap_capable+0x15a/0x240 [ 81.578690][ T4997] __vfs_setxattr_noperm+0x129/0x5f0 [ 81.583997][ T4997] __vfs_setxattr_locked+0x1d3/0x260 [ 81.589305][ T4997] vfs_setxattr+0x143/0x340 [ 81.593826][ T4997] ? __vfs_setxattr_locked+0x260/0x260 [ 81.599311][ T4997] ? __check_object_size+0xac/0x730 [ 81.604547][ T4997] do_setxattr+0x147/0x190 [ 81.608998][ T4997] setxattr+0x146/0x160 [ 81.613188][ T4997] ? do_setxattr+0x190/0x190 [ 81.617905][ T4997] ? lockdep_hardirqs_on+0x7d/0x100 [ 81.623232][ T4997] ? find_held_lock+0x2d/0x110 [ 81.628027][ T4997] ? __mnt_want_write+0x3f/0x2e0 [ 81.632999][ T4997] ? lock_downgrade+0x690/0x690 [ 81.637876][ T4997] ? lock_sync+0x190/0x190 [ 81.642321][ T4997] ? __mnt_want_write+0x1fe/0x2e0 [ 81.647378][ T4997] path_setxattr+0x197/0x1c0 [ 81.651997][ T4997] ? setxattr+0x160/0x160 [ 81.656440][ T4997] ? lockdep_hardirqs_on+0x7d/0x100 [ 81.661690][ T4997] __x64_sys_lsetxattr+0xc1/0x160 [ 81.666744][ T4997] do_syscall_64+0x39/0xb0 [ 81.671222][ T4997] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.677165][ T4997] RIP: 0033:0x7fe757b18b09 [ 81.681600][ T4997] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 81.701230][ T4997] RSP: 002b:00007ffd4cba2f08 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 81.709751][ T4997] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fe757b18b09 [ 81.717826][ T4997] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000020000000 [ 81.725816][ T4997] RBP: 00007fe757ad8110 R08: 0000000000000003 R09: 0000000000000000 [ 81.733802][ T4997] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe757ad81a0 [ 81.741895][ T4997] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 81.749896][ T4997] [ 81.752957][ T4997] Modules linked in: [ 81.765925][ T4997] ---[ end trace 0000000000000000 ]--- [ 81.771486][ T4997] RIP: 0010:__hfsplus_setxattr+0x1b32/0x1e70 [ 81.774824][ T26] audit: type=1400 audit(1687844434.139:92): avc: denied { mount } for pid=4997 comm="syz-executor374" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 81.777972][ T4997] Code: 89 ef e8 71 75 85 ff e9 b9 f2 ff ff e8 27 76 85 ff e9 76 f2 ff ff 48 8b 7c 24 28 e8 58 75 85 ff e9 c9 f2 ff ff e8 9e 99 33 ff <0f> 0b 48 8b 7c 24 38 e8 62 75 85 ff e9 b4 ee ff ff e8 88 99 33 ff [ 81.819968][ T4997] RSP: 0018:ffffc900033af540 EFLAGS: 00010293 [ 81.826255][ T4997] RAX: 0000000000000000 RBX: ffff88801738c000 RCX: 0000000000000000 [ 81.834766][ T4997] RDX: ffff88807af4e140 RSI: ffffffff824fd2d2 RDI: 0000000000000007 [ 81.842958][ T4997] RBP: ffff88802c00afb0 R08: 0000000000000007 R09: 0000000000000000 [ 81.851107][ T4997] R10: 0000000000010000 R11: 0000000000000005 R12: 0000000000000000 [ 81.859089][ T4997] R13: ffffc900033af608 R14: ffff88801a27a000 R15: ffff88802c00af40 [ 81.867160][ T4997] FS: 00005555564c1300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 81.876259][ T4997] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.882890][ T4997] CR2: 000055739ecf53b8 CR3: 00000000751f8000 CR4: 00000000003506f0 [ 81.890919][ T4997] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.898920][ T4997] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.907343][ T4997] Kernel panic - not syncing: Fatal exception [ 81.913623][ T4997] Kernel Offset: disabled [ 81.917957][ T4997] Rebooting in 86400 seconds..