./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1664392005 <...> DUID 00:04:5e:0c:a2:1f:75:5d:71:31:20:b7:6a:78:b2:8c:4a:f5 forked to background, child pid 191 Starting sshd: OK syzkaller syzkaller login: [ 13.620187][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 13.620195][ T23] audit: type=1400 audit(1664729209.970:71): avc: denied { transition } for pid=264 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.627535][ T23] audit: type=1400 audit(1664729209.970:72): avc: denied { write } for pid=264 comm="sh" path="pipe:[10542]" dev="pipefs" ino=10542 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts. execve("./syz-executor1664392005", ["./syz-executor1664392005"], 0x7ffeb4ef5200 /* 10 vars */) = 0 brk(NULL) = 0x5555555b0000 brk(0x5555555b0c40) = 0x5555555b0c40 arch_prctl(ARCH_SET_FS, 0x5555555b0300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1664392005", 4096) = 28 brk(0x5555555d1c40) = 0x5555555d1c40 brk(0x5555555d2000) = 0x5555555d2000 mprotect(0x7fbd84557000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 ftruncate(3, 262144) = 0 pwrite64(3, "\x20\x00\x00\x00\x00\x01\x00\x00\x0c\xe2\xff\x8b\x06\x00\x00\x00\x0f\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x20\x00\x00\x20\x00\x00\x00\x74\x1f\x17\x63\x74\x1f\x1f\x63\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\xee\xff\x73\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x00", 89, 1024) = 89 pwrite64(3, "\x03\x00\x00\x00\x13\x00\x00\x00\x23\x00\x00\x00\xce\x00\x0f", 15, 2048) = 15 pwrite64(3, "\xff\xff\xff\xff\xfc\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 1024, 3072) = 1024 pwrite64(3, "\xff\xff", 2, 19456) = 2 pwrite64(3, "\xed\x41\x00\x00\x00\x04\x00\x00\x73\x1f\x1f\x63\x74\x1f\x1f\x63\x74\x1f\x1f\x63\x00\x00\x00\x00\x00\x00\x04\x00\x02", 29, 35968) = 29 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 mkdir("./file0", 0777) = 0 [ 21.525043][ T23] audit: type=1400 audit(1664729217.880:73): avc: denied { execmem } for pid=303 comm="syz-executor166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.544503][ T23] audit: type=1400 audit(1664729217.880:74): avc: denied { read write } for pid=303 comm="syz-executor166" name="loop0" dev="devtmpfs" ino=9271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.569299][ T23] audit: type=1400 audit(1664729217.880:75): avc: denied { open } for pid=303 comm="syz-executor166" path="/dev/loop0" dev="devtmpfs" ino=9271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.594029][ T23] audit: type=1400 audit(1664729217.880:76): avc: denied { ioctl } for pid=303 comm="syz-executor166" path="/dev/loop0" dev="devtmpfs" ino=9271 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 close(3) = 0 openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [ 21.607858][ T303] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 21.619786][ T23] audit: type=1400 audit(1664729217.930:77): avc: denied { mounton } for pid=303 comm="syz-executor166" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 21.648243][ T303] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:864: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 21.651336][ T23] audit: type=1400 audit(1664729217.990:78): avc: denied { mount } for pid=303 comm="syz-executor166" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 21.667068][ T303] ------------[ cut here ]------------ [ 21.687518][ T23] audit: type=1400 audit(1664729217.990:79): avc: denied { write } for pid=303 comm="syz-executor166" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.692752][ T303] kernel BUG at fs/ext4/ext4.h:2980! [ 21.714728][ T23] audit: type=1400 audit(1664729217.990:80): avc: denied { add_name } for pid=303 comm="syz-executor166" name="cgroup.controllers" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.720104][ T303] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 21.741941][ T23] audit: type=1400 audit(1664729217.990:81): avc: denied { create } for pid=303 comm="syz-executor166" name="cgroup.controllers" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 21.747810][ T303] CPU: 0 PID: 303 Comm: syz-executor166 Not tainted 5.4.210-syzkaller-00033-g3ee2a37108c8 #0 [ 21.747814][ T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 21.747838][ T303] RIP: 0010:ext4_mb_load_buddy_gfp+0xea8/0xec0 [ 21.747850][ T303] Code: ff e8 0c c4 cf ff e9 6f f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c bc f3 ff ff e8 12 c4 cf ff e9 b2 f3 ff ff e8 98 51 a3 ff <0f> 0b e8 91 51 a3 ff 0f 0b e8 8a 51 a3 ff 0f 0b e8 83 51 a3 ff 0f [ 21.769552][ T23] audit: type=1400 audit(1664729218.020:82): avc: denied { read append open } for pid=303 comm="syz-executor166" path="/root/file0/cgroup.controllers" dev="loop0" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 21.779447][ T303] RSP: 0018:ffff8881ddce77d0 EFLAGS: 00010293 [ 21.779454][ T303] RAX: ffffffff81bd4748 RBX: 0000000000000001 RCX: ffff8881e3150fc0 [ 21.779457][ T303] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 21.779461][ T303] RBP: ffff8881e3167000 R08: ffffffff81bd3972 R09: ffff8881ddce78c0 [ 21.779466][ T303] R10: ffffed103bb9cf1f R11: 1ffff1103bb9cf18 R12: ffff8881e31603f0 [ 21.779475][ T303] R13: 0000000000000001 R14: dffffc0000000000 R15: 1ffff1103c62c07e [ 21.886498][ T303] FS: 00005555555b0300(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 21.895399][ T303] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.901959][ T303] CR2: 00007ffcc8eb7a08 CR3: 00000001de112000 CR4: 00000000003406f0 [ 21.909904][ T303] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.917844][ T303] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.925790][ T303] Call Trace: [ 21.929067][ T303] ? ext4_getfsmap_dev_compare+0x80/0x80 [ 21.934675][ T303] ext4_mballoc_query_range+0x61/0x3d0 [ 21.940133][ T303] ? ext4_getfsmap_dev_compare+0x80/0x80 [ 21.945737][ T303] ext4_getfsmap_datadev+0x1aaa/0x26c0 [ 21.951167][ T303] ? ext4_getfsmap+0xf90/0xf90 [ 21.955899][ T303] ext4_getfsmap+0xc20/0xf90 [ 21.960458][ T303] ? trace_ext4_getfsmap_high_key+0x160/0x160 [ 21.966494][ T303] ? ext4_getfsmap+0xf90/0xf90 [ 21.971224][ T303] ? trace_ext4_getfsmap_high_key+0x15/0x160 [ 21.977172][ T303] ext4_ioctl+0x2c20/0x34a0 [ 21.981644][ T303] ? avc_has_extended_perms+0x966/0xf10 [ 21.987160][ T303] ? asan.module_dtor+0x20/0x20 [ 21.991979][ T303] do_vfs_ioctl+0x6d1/0x15b0 [ 21.996537][ T303] __x64_sys_ioctl+0xd4/0x110 [ 22.001182][ T303] do_syscall_64+0xcb/0x1c0 [ 22.005656][ T303] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.011527][ T303] RIP: 0033:0x7fbd844eaf99 [ 22.015943][ T303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 22.035522][ T303] RSP: 002b:00007ffe6398cb18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 22.043899][ T303] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbd844eaf99 [ 22.051935][ T303] RDX: 0000000020000200 RSI: 00000000c0c0583b RDI: 0000000000000003 [ 22.059876][ T303] RBP: 00007fbd844aa760 R08: 0000000000000000 R09: 0000000000000000 [ 22.067815][ T303] R10: 00005555555b02c0 R11: 0000000000000246 R12: 00007fbd844aa7f0 [ 22.075757][ T303] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 22.083696][ T303] Modules linked in: [ 22.087860][ T303] ---[ end trace ef040057134673b3 ]--- [ 22.093305][ T303] RIP: 0010:ext4_mb_load_buddy_gfp+0xea8/0xec0 [ 22.099673][ T303] Code: ff e8 0c c4 cf ff e9 6f f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c bc f3 ff ff e8 12 c4 cf ff e9 b2 f3 ff ff e8 98 51 a3 ff <0f> 0b e8 91 51 a3 ff 0f 0b e8 8a 51 a3 ff 0f 0b e8 83 51 a3 ff 0f [ 22.119304][ T303] RSP: 0018:ffff8881ddce77d0 EFLAGS: 00010293 [ 22.125456][ T303] RAX: ffffffff81bd4748 RBX: 0000000000000001 RCX: ffff8881e3150fc0 [ 22.133399][ T303] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 22.141374][ T303] RBP: ffff8881e3167000 R08: ffffffff81bd3972 R09: ffff8881ddce78c0 [ 22.149347][ T303] R10: ffffed103bb9cf1f R11: 1ffff1103bb9cf18 R12: ffff8881e31603f0 [ 22.157309][ T303] R13: 0000000000000001 R14: dffffc0000000000 R15: 1ffff1103c62c07e [ 22.165283][ T303] FS: 00005555555b0300(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 22.174187][ T303] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.180765][ T303] CR2: 00007ffcc8eb7a08 CR3: 00000001de112000 CR4: 00000000003406f0 [ 22.188833][ T303] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.196797][ T303] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.204767][ T303] Kernel panic - not syncing: Fatal exception [ 22.210982][ T303] Kernel Offset: disabled [ 22.215284][ T303] Rebooting in 86400 seconds..