./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3850286780 <...> syzkaller syzkaller login: [ 43.363178][ T26] kauditd_printk_skb: 42 callbacks suppressed [ 43.363194][ T26] audit: type=1400 audit(1686641349.508:77): avc: denied { transition } for pid=4840 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.391511][ T26] audit: type=1400 audit(1686641349.508:78): avc: denied { noatsecure } for pid=4840 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.412010][ T26] audit: type=1400 audit(1686641349.548:79): avc: denied { write } for pid=4840 comm="sh" path="pipe:[29821]" dev="pipefs" ino=29821 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 43.435485][ T26] audit: type=1400 audit(1686641349.568:80): avc: denied { rlimitinh } for pid=4840 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.454586][ T26] audit: type=1400 audit(1686641349.568:81): avc: denied { siginh } for pid=4840 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.858807][ T26] audit: type=1400 audit(1686641350.008:82): avc: denied { read } for pid=4427 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 Warning: Permanently added '10.128.1.123' (ECDSA) to the list of known hosts. execve("./syz-executor3850286780", ["./syz-executor3850286780"], 0x7ffeb35f5590 /* 10 vars */) = 0 brk(NULL) = 0x555557111000 brk(0x555557111c40) = 0x555557111c40 arch_prctl(ARCH_SET_FS, 0x555557111300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3850286780", 4096) = 28 brk(0x555557132c40) = 0x555557132c40 brk(0x555557133000) = 0x555557133000 mprotect(0x7f6f7b251000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 [ 64.897983][ T26] audit: type=1400 audit(1686641371.048:83): avc: denied { write } for pid=4987 comm="strace-static-x" path="pipe:[29556]" dev="pipefs" ino=29556 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 64.918029][ T4990] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4990 'syz-executor385' memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6f72d98000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f6f72d98000, 524288) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file1", 0777) = 0 [ 64.922190][ T26] audit: type=1400 audit(1686641371.068:84): avc: denied { execmem } for pid=4990 comm="syz-executor385" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 64.942645][ T4990] loop0: detected capacity change from 0 to 1024 [ 64.950927][ T26] audit: type=1400 audit(1686641371.088:85): avc: denied { read write } for pid=4990 comm="syz-executor385" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 64.962144][ T4990] ======================================================= [ 64.962144][ T4990] WARNING: The mand mount option has been deprecated and [ 64.962144][ T4990] and is ignored by this kernel. Remove the mand [ 64.962144][ T4990] option from the mount to silence this warning. [ 64.962144][ T4990] ======================================================= [ 64.981865][ T26] audit: type=1400 audit(1686641371.088:86): avc: denied { open } for pid=4990 comm="syz-executor385" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 mount("/dev/loop0", "./file1", "hfsplus", MS_MANDLOCK|MS_DIRSYNC|MS_REC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "") = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 65.041140][ T26] audit: type=1400 audit(1686641371.088:87): avc: denied { ioctl } for pid=4990 comm="syz-executor385" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 65.053735][ T4990] ------------[ cut here ]------------ [ 65.072393][ T4990] kernel BUG at fs/hfsplus/xattr.c:175! [ 65.078504][ T4990] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 65.084332][ T26] audit: type=1400 audit(1686641371.108:88): avc: denied { append } for pid=4427 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 65.084585][ T4990] CPU: 1 PID: 4990 Comm: syz-executor385 Not tainted 6.4.0-rc6-syzkaller-00006-gfd37b884003c #0 [ 65.106781][ T26] audit: type=1400 audit(1686641371.108:89): avc: denied { open } for pid=4427 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 65.117088][ T4990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 65.117102][ T4990] RIP: 0010:__hfsplus_setxattr+0x1b32/0x1e70 [ 65.139418][ T26] audit: type=1400 audit(1686641371.108:90): avc: denied { getattr } for pid=4427 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 65.149415][ T4990] Code: 89 ef e8 01 8d 85 ff e9 b9 f2 ff ff e8 b7 8d 85 ff e9 76 f2 ff ff 48 8b 7c 24 28 e8 e8 8c 85 ff e9 c9 f2 ff ff e8 be b9 33 ff <0f> 0b 48 8b 7c 24 38 e8 f2 8c 85 ff e9 b4 ee ff ff e8 a8 b9 33 ff [ 65.149437][ T4990] RSP: 0018:ffffc90003307540 EFLAGS: 00010293 [ 65.155462][ T26] audit: type=1400 audit(1686641371.108:91): avc: denied { mounton } for pid=4990 comm="syz-executor385" path="/root/file1" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 65.177912][ T4990] [ 65.177917][ T4990] RAX: 0000000000000000 RBX: ffff888019bdc000 RCX: 0000000000000000 [ 65.177932][ T4990] RDX: ffff888019f42000 RSI: ffffffff824fadf2 RDI: 0000000000000007 [ 65.204341][ T26] audit: type=1400 audit(1686641371.198:92): avc: denied { mount } for pid=4990 comm="syz-executor385" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 65.226359][ T4990] RBP: ffff888018b48fb0 R08: 0000000000000007 R09: 0000000000000000 [ 65.226375][ T4990] R10: 0000000000010000 R11: 1ffffffff219cf3f R12: 0000000000000000 [ 65.226388][ T4990] R13: ffffc90003307608 R14: ffff88802b20f000 R15: ffff888018b48f40 [ 65.226403][ T4990] FS: 0000555557111300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 65.299742][ T4990] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 65.306315][ T4990] CR2: 00007ffefd13b000 CR3: 000000002368d000 CR4: 00000000003506e0 [ 65.314272][ T4990] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 65.322224][ T4990] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 65.330180][ T4990] Call Trace: [ 65.333455][ T4990] [ 65.336372][ T4990] ? die+0x32/0x90 [ 65.340086][ T4990] ? do_trap+0x1b2/0x3f0 [ 65.344312][ T4990] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 65.349667][ T4990] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 65.355022][ T4990] ? do_error_trap+0xb1/0x170 [ 65.359697][ T4990] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 65.365063][ T4990] ? handle_invalid_op+0x2c/0x30 [ 65.369986][ T4990] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 65.375343][ T4990] ? exc_invalid_op+0x2f/0x50 [ 65.380012][ T4990] ? asm_exc_invalid_op+0x1a/0x20 [ 65.385033][ T4990] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 65.390392][ T4990] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 65.395748][ T4990] ? __stack_depot_save+0x23b/0x510 [ 65.401020][ T4990] ? lock_downgrade+0x690/0x690 [ 65.405856][ T4990] ? copy_name+0xa0/0xa0 [ 65.410088][ T4990] ? lockdep_hardirqs_on+0x7d/0x100 [ 65.415273][ T4990] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 65.421070][ T4990] ? __stack_depot_save+0x23b/0x510 [ 65.426255][ T4990] ? kasan_save_stack+0x32/0x40 [ 65.431085][ T4990] ? kasan_save_stack+0x22/0x40 [ 65.435925][ T4990] ? kasan_set_track+0x25/0x30 [ 65.440668][ T4990] ? __kasan_kmalloc+0xa3/0xb0 [ 65.445413][ T4990] ? hfsplus_setxattr+0x61/0x120 [ 65.450331][ T4990] ? __vfs_setxattr+0x173/0x1e0 [ 65.455171][ T4990] ? __vfs_setxattr_noperm+0x129/0x5f0 [ 65.460611][ T4990] ? __vfs_setxattr_locked+0x1d3/0x260 [ 65.466055][ T4990] ? vfs_setxattr+0x143/0x340 [ 65.470713][ T4990] ? do_setxattr+0x147/0x190 [ 65.475283][ T4990] ? setxattr+0x146/0x160 [ 65.479591][ T4990] ? path_setxattr+0x197/0x1c0 [ 65.484357][ T4990] ? __x64_sys_setxattr+0xc4/0x160 [ 65.489468][ T4990] ? do_syscall_64+0x39/0xb0 [ 65.494052][ T4990] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.500115][ T4990] ? exc_int3+0xf/0x80 [ 65.504173][ T4990] ? asm_exc_int3+0x39/0x40 [ 65.508664][ T4990] ? mark_held_locks+0x9f/0xe0 [ 65.513414][ T4990] ? __kmem_cache_alloc_node+0x170/0x3f0 [ 65.519030][ T4990] hfsplus_setxattr+0xce/0x120 [ 65.523778][ T4990] ? hfsplus_listxattr+0xbe0/0xbe0 [ 65.528874][ T4990] __vfs_setxattr+0x173/0x1e0 [ 65.533540][ T4990] ? __vfs_removexattr+0x1c0/0x1c0 [ 65.538646][ T4990] ? security_inode_permission+0xba/0xf0 [ 65.544266][ T4990] __vfs_setxattr_noperm+0x129/0x5f0 [ 65.549535][ T4990] __vfs_setxattr_locked+0x1d3/0x260 [ 65.554801][ T4990] vfs_setxattr+0x143/0x340 [ 65.559284][ T4990] ? __vfs_setxattr_locked+0x260/0x260 [ 65.564724][ T4990] ? __check_object_size+0xac/0x730 [ 65.569906][ T4990] do_setxattr+0x147/0x190 [ 65.574303][ T4990] setxattr+0x146/0x160 [ 65.578440][ T4990] ? do_setxattr+0x190/0x190 [ 65.583011][ T4990] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 65.588981][ T4990] ? find_held_lock+0x2d/0x110 [ 65.593728][ T4990] ? __mnt_want_write+0x3f/0x2e0 [ 65.598649][ T4990] ? lock_downgrade+0x690/0x690 [ 65.603484][ T4990] ? lock_sync+0x190/0x190 [ 65.607883][ T4990] ? __mnt_want_write+0x1fe/0x2e0 [ 65.612908][ T4990] path_setxattr+0x197/0x1c0 [ 65.617479][ T4990] ? setxattr+0x160/0x160 [ 65.621790][ T4990] ? lockdep_hardirqs_on+0x7d/0x100 [ 65.626972][ T4990] __x64_sys_setxattr+0xc4/0x160 [ 65.631894][ T4990] do_syscall_64+0x39/0xb0 [ 65.636295][ T4990] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.642179][ T4990] RIP: 0033:0x7f6f7b1e47a9 [ 65.646574][ T4990] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 65.666161][ T4990] RSP: 002b:00007ffefd13a668 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 65.674561][ T4990] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f6f7b1e47a9 [ 65.682516][ T4990] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000020000080 [ 65.690467][ T4990] RBP: 00007f6f7b1a4040 R08: 0000000000000000 R09: 0000000000000000 [ 65.698421][ T4990] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6f7b1a40d0 [ 65.706374][ T4990] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 65.714333][ T4990] [ 65.717333][ T4990] Modules linked in: [ 65.723099][ T4990] ---[ end trace 0000000000000000 ]--- [ 65.728723][ T4990] RIP: 0010:__hfsplus_setxattr+0x1b32/0x1e70 [ 65.734747][ T4990] Code: 89 ef e8 01 8d 85 ff e9 b9 f2 ff ff e8 b7 8d 85 ff e9 76 f2 ff ff 48 8b 7c 24 28 e8 e8 8c 85 ff e9 c9 f2 ff ff e8 be b9 33 ff <0f> 0b 48 8b 7c 24 38 e8 f2 8c 85 ff e9 b4 ee ff ff e8 a8 b9 33 ff [ 65.754478][ T4990] RSP: 0018:ffffc90003307540 EFLAGS: 00010293 [ 65.760551][ T4990] RAX: 0000000000000000 RBX: ffff888019bdc000 RCX: 0000000000000000 [ 65.768546][ T4990] RDX: ffff888019f42000 RSI: ffffffff824fadf2 RDI: 0000000000000007 [ 65.776539][ T4990] RBP: ffff888018b48fb0 R08: 0000000000000007 R09: 0000000000000000 [ 65.784530][ T4990] R10: 0000000000010000 R11: 1ffffffff219cf3f R12: 0000000000000000 [ 65.792511][ T4990] R13: ffffc90003307608 R14: ffff88802b20f000 R15: ffff888018b48f40 [ 65.800593][ T4990] FS: 0000555557111300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 65.809557][ T4990] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 65.816162][ T4990] CR2: 00007ffefd13b000 CR3: 000000002368d000 CR4: 00000000003506e0 [ 65.824165][ T4990] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 65.832127][ T4990] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 65.840145][ T4990] Kernel panic - not syncing: Fatal exception [ 65.846364][ T4990] Kernel Offset: disabled [ 65.850679][ T4990] Rebooting in 86400 seconds..