./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1969628788 <...> forked to background, child pid 192 no interfaces have a carrier Starting sshd: OK syzkaller syzkaller login: [ 14.917906][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 14.917911][ T23] audit: type=1400 audit(1669457174.440:71): avc: denied { transition } for pid=265 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.924392][ T23] audit: type=1400 audit(1669457174.450:72): avc: denied { write } for pid=265 comm="sh" path="pipe:[1783]" dev="pipefs" ino=1783 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. execve("./syz-executor1969628788", ["./syz-executor1969628788"], 0x7ffd10c84ce0 /* 10 vars */) = 0 brk(NULL) = 0x55555600e000 brk(0x55555600ec40) = 0x55555600ec40 arch_prctl(ARCH_SET_FS, 0x55555600e300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1969628788", 4096) = 28 brk(0x55555602fc40) = 0x55555602fc40 brk(0x555556030000) = 0x555556030000 mprotect(0x7f0dc71f1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0dbed36000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 munmap(0x7f0dbed36000, 1048576) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 31.415011][ T23] audit: type=1400 audit(1669457190.940:73): avc: denied { execmem } for pid=304 comm="syz-executor196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 31.441529][ T23] audit: type=1400 audit(1669457190.970:74): avc: denied { read write } for pid=304 comm="syz-executor196" name="loop0" dev="devtmpfs" ino=1155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 31.466473][ T23] audit: type=1400 audit(1669457190.970:75): avc: denied { open } for pid=304 comm="syz-executor196" path="/dev/loop0" dev="devtmpfs" ino=1155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 4 open("./bus", O_RDONLY) = 5 open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6 openat(AT_FDCWD, "/proc/self/exe", O_RDONLY) = 7 [ 31.490917][ T23] audit: type=1400 audit(1669457190.970:76): avc: denied { ioctl } for pid=304 comm="syz-executor196" path="/dev/loop0" dev="devtmpfs" ino=1155 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 31.503122][ T304] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 31.516577][ T23] audit: type=1400 audit(1669457190.970:77): avc: denied { mounton } for pid=304 comm="syz-executor196" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 sendfile(6, 7, NULL, 2147484416) = 786432 ftruncate(4, 6) = 0 [ 31.548287][ T23] audit: type=1400 audit(1669457191.060:78): avc: denied { mount } for pid=304 comm="syz-executor196" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 31.548766][ T304] ------------[ cut here ]------------ [ 31.570549][ T23] audit: type=1400 audit(1669457191.060:79): avc: denied { write } for pid=304 comm="syz-executor196" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 31.575513][ T304] kernel BUG at fs/ext4/inode.c:2837! [ 31.575894][ T304] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 31.597470][ T23] audit: type=1400 audit(1669457191.060:80): avc: denied { add_name } for pid=304 comm="syz-executor196" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 31.602734][ T304] CPU: 1 PID: 304 Comm: syz-executor196 Not tainted 5.4.210-syzkaller-00006-gc80a5b2e7f63 #0 [ 31.602738][ T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 31.602768][ T304] RIP: 0010:ext4_writepages+0x3a2b/0x3a50 [ 31.602782][ T304] Code: 94 c3 40 0f 94 c6 31 ff e8 f2 9f a0 ff 84 db 75 2e e8 59 9d a0 ff 48 bb 00 00 00 00 00 fc ff df e9 a9 f6 ff ff e8 45 9d a0 ff <0f> 0b e8 3e 9d a0 ff 0f 0b e8 37 9d a0 ff e8 62 a5 3b ff eb a3 e8 [ 31.608823][ T23] audit: type=1400 audit(1669457191.060:81): avc: denied { create } for pid=304 comm="syz-executor196" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 31.629425][ T304] RSP: 0018:ffff8881dd9f6ec0 EFLAGS: 00010293 [ 31.629432][ T304] RAX: ffffffff81c4a22b RBX: 0000010000000000 RCX: ffff8881ddeb8000 [ 31.629436][ T304] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 31.629440][ T304] RBP: ffff8881dd9f7290 R08: ffffffff81c470f7 R09: ffffed103cb9cb3a [ 31.629445][ T304] R10: ffffed103cb9cb3a R11: 1ffff1103cb9cb39 R12: ffff8881e5ce5a78 [ 31.629454][ T304] R13: ffff8881dd9f7400 R14: 0000010410000000 R15: 0000000000000001 [ 31.639596][ T23] audit: type=1400 audit(1669457191.060:82): avc: denied { read write open } for pid=304 comm="syz-executor196" path="/root/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 31.649614][ T304] FS: 000055555600e300(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 31.649619][ T304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.649623][ T304] CR2: 00000000004571f0 CR3: 00000001e1415000 CR4: 00000000003406e0 [ 31.649633][ T304] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.796092][ T304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.804047][ T304] Call Trace: [ 31.807309][ T304] ? _raw_spin_lock+0xa3/0x1b0 [ 31.812038][ T304] ? _raw_spin_trylock_bh+0x190/0x190 [ 31.817378][ T304] ? ext4_mark_iloc_dirty+0x24af/0x3440 [ 31.822894][ T304] ? ext4_readpage+0x2c0/0x2c0 [ 31.827625][ T304] ? balance_dirty_pages+0x22a6/0x25a0 [ 31.833060][ T304] ? ext4_readpage+0x2c0/0x2c0 [ 31.837791][ T304] do_writepages+0x13a/0x280 [ 31.842362][ T304] ? debug_smp_processor_id+0x20/0x20 [ 31.847699][ T304] ? __writepage+0x110/0x110 [ 31.852269][ T304] ? balance_dirty_pages_ratelimited+0x396/0x520 [ 31.858584][ T304] ? ext4_da_write_begin+0xf80/0xf80 [ 31.863938][ T304] file_write_and_wait_range+0x33f/0x410 [ 31.869545][ T304] ? __filemap_set_wb_err+0x160/0x160 [ 31.874887][ T304] ? grab_cache_page_write_begin+0x90/0x90 [ 31.880665][ T304] ? file_remove_privs+0x640/0x640 [ 31.885745][ T304] __generic_file_fsync+0x6e/0x190 [ 31.890824][ T304] ext4_sync_file+0x266/0xc70 [ 31.895555][ T304] ext4_file_write_iter+0xa05/0x10e0 [ 31.900806][ T304] ? ext4_file_read_iter+0x140/0x140 [ 31.906060][ T304] ? __kasan_kmalloc+0x1a5/0x1e0 [ 31.910977][ T304] ? do_splice_direct+0x2a0/0x3f0 [ 31.916057][ T304] ? __kasan_kmalloc+0x131/0x1e0 [ 31.920962][ T304] ? iter_file_splice_write+0x2b0/0x10f0 [ 31.926560][ T304] ? do_splice_direct+0x2a0/0x3f0 [ 31.931563][ T304] ? do_sendfile+0x8f2/0xf10 [ 31.936136][ T304] ? __x64_sys_sendfile64+0x1ce/0x230 [ 31.941475][ T304] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 31.947505][ T304] do_iter_readv_writev+0x529/0x740 [ 31.952671][ T304] ? vfs_dedupe_file_range+0x860/0x860 [ 31.958095][ T304] ? security_file_permission+0x140/0x330 [ 31.963781][ T304] do_iter_write+0x16f/0x570 [ 31.968341][ T304] iter_file_splice_write+0x887/0x10f0 [ 31.973770][ T304] ? splice_from_pipe+0x220/0x220 [ 31.978760][ T304] ? direct_splice_actor+0x25/0x120 [ 31.984013][ T304] splice_direct_to_actor+0x4c4/0xb20 [ 31.989700][ T304] ? _raw_spin_unlock_irq+0x4a/0x60 [ 31.994866][ T304] ? do_splice_direct+0x3f0/0x3f0 [ 31.999854][ T304] ? pipe_to_sendpage+0x300/0x300 [ 32.004847][ T304] ? security_file_permission+0x140/0x330 [ 32.010534][ T304] do_splice_direct+0x2a0/0x3f0 [ 32.015351][ T304] ? splice_direct_to_actor+0xb20/0xb20 [ 32.020865][ T304] do_sendfile+0x8f2/0xf10 [ 32.025254][ T304] ? compat_writev+0x3c0/0x3c0 [ 32.029986][ T304] ? syscall_trace_enter+0x652/0x940 [ 32.035241][ T304] __x64_sys_sendfile64+0x1ce/0x230 [ 32.040418][ T304] ? __ia32_sys_sendfile+0x240/0x240 [ 32.045689][ T304] do_syscall_64+0xcb/0x1c0 [ 32.050179][ T304] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 32.056041][ T304] RIP: 0033:0x7f0dc71828d9 [ 32.060423][ T304] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 32.080265][ T304] RSP: 002b:00007fffff14e388 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 32.088641][ T304] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0dc71828d9 [ 32.096579][ T304] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 32.104525][ T304] RBP: 00007f0dc7142170 R08: 0000000000000000 R09: 0000000000000000 [ 32.112478][ T304] R10: 0001000000201005 R11: 0000000000000246 R12: 00007f0dc7142200 [ 32.120466][ T304] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 32.128611][ T304] Modules linked in: [ 32.132675][ T304] ---[ end trace c91e53e050a6874b ]--- [ 32.138127][ T304] RIP: 0010:ext4_writepages+0x3a2b/0x3a50 [ 32.144505][ T304] Code: 94 c3 40 0f 94 c6 31 ff e8 f2 9f a0 ff 84 db 75 2e e8 59 9d a0 ff 48 bb 00 00 00 00 00 fc ff df e9 a9 f6 ff ff e8 45 9d a0 ff <0f> 0b e8 3e 9d a0 ff 0f 0b e8 37 9d a0 ff e8 62 a5 3b ff eb a3 e8 [ 32.164861][ T304] RSP: 0018:ffff8881dd9f6ec0 EFLAGS: 00010293 [ 32.171038][ T304] RAX: ffffffff81c4a22b RBX: 0000010000000000 RCX: ffff8881ddeb8000 [ 32.179028][ T304] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 32.187035][ T304] RBP: ffff8881dd9f7290 R08: ffffffff81c470f7 R09: ffffed103cb9cb3a [ 32.195417][ T304] R10: ffffed103cb9cb3a R11: 1ffff1103cb9cb39 R12: ffff8881e5ce5a78 [ 32.203396][ T304] R13: ffff8881dd9f7400 R14: 0000010410000000 R15: 0000000000000001 [ 32.211413][ T304] FS: 000055555600e300(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 32.220330][ T304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.226971][ T304] CR2: 00000000004571f0 CR3: 00000001e1415000 CR4: 00000000003406e0 [ 32.235065][ T304] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.243067][ T304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.251027][ T304] Kernel panic - not syncing: Fatal exception [ 32.257293][ T304] Kernel Offset: disabled [ 32.261601][ T304] Rebooting in 86400 seconds..