./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2176333607
<...>
syzkaller
syzkaller login: [ 44.019866][ T26] kauditd_printk_skb: 42 callbacks suppressed
[ 44.019882][ T26] audit: type=1400 audit(1688272406.899:77): avc: denied { transition } for pid=4839 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 44.048755][ T26] audit: type=1400 audit(1688272406.899:78): avc: denied { noatsecure } for pid=4839 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 44.068492][ T26] audit: type=1400 audit(1688272406.909:79): avc: denied { write } for pid=4839 comm="sh" path="pipe:[30088]" dev="pipefs" ino=30088 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 44.091259][ T26] audit: type=1400 audit(1688272406.909:80): avc: denied { rlimitinh } for pid=4839 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 44.110604][ T26] audit: type=1400 audit(1688272406.909:81): avc: denied { siginh } for pid=4839 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 45.366091][ T26] audit: type=1400 audit(1688272408.249:82): avc: denied { read } for pid=4427 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts.
execve("./syz-executor2176333607", ["./syz-executor2176333607"], 0x7fff53f7ee50 /* 10 vars */) = 0
brk(NULL) = 0x555556ee2000
brk(0x555556ee2c40) = 0x555556ee2c40
arch_prctl(ARCH_SET_FS, 0x555556ee2300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2176333607", 4096) = 28
brk(0x555556f03c40) = 0x555556f03c40
brk(0x555556f04000) = 0x555556f04000
mprotect(0x7fefc5fd6000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
[ 59.961093][ T26] audit: type=1400 audit(1688272422.849:83): avc: denied { write } for pid=4987 comm="strace-static-x" path="pipe:[29498]" dev="pipefs" ino=29498 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefbdb11000
[ 60.003245][ T26] audit: type=1400 audit(1688272422.889:84): avc: denied { execmem } for pid=4990 comm="syz-executor217" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 60.003563][ T4990] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4990 'syz-executor217'
write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x0b\x40"..., 33554432) = 33554432
munmap(0x7fefbdb11000, 33554432) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
[ 60.309597][ T26] audit: type=1400 audit(1688272423.189:85): avc: denied { read write } for pid=4990 comm="syz-executor217" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 60.312155][ T4990] loop0: detected capacity change from 0 to 65536
[ 60.334559][ T26] audit: type=1400 audit(1688272423.189:86): avc: denied { open } for pid=4990 comm="syz-executor217" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 60.356183][ T4990] XFS (loop0): Deprecated V4 format (crc=0) will not be supported after September 2030.
[ 60.364879][ T26] audit: type=1400 audit(1688272423.199:87): avc: denied { ioctl } for pid=4990 comm="syz-executor217" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 60.376161][ T4990] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[ 60.400442][ T26] audit: type=1400 audit(1688272423.229:88): avc: denied { mounton } for pid=4990 comm="syz-executor217" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 60.431696][ T26] audit: type=1400 audit(1688272423.229:89): avc: denied { append } for pid=4427 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 60.454640][ T26] audit: type=1400 audit(1688272423.229:90): avc: denied { open } for pid=4427 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 60.472808][ T4990] XFS (loop0): Ending clean mount
[ 60.477434][ T26] audit: type=1400 audit(1688272423.229:91): avc: denied { getattr } for pid=4427 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
mount("/dev/loop0", "./file0", "xfs", 0, ",nouuid") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0") = 0
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
[ 60.484139][ T4990] xfs filesystem being mounted at /root/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 60.504707][ T26] audit: type=1400 audit(1688272423.369:92): avc: denied { mount } for pid=4990 comm="syz-executor217" name="/" dev="loop0" ino=32 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 60.539647][ T4990] ================================================================================
[ 60.549360][ T4990] UBSAN: array-index-out-of-bounds in fs/xfs/libxfs/xfs_attr_leaf.c:1560:3
[ 60.558546][ T4990] index 7 is out of range for type '__u8 [1]'
[ 60.564901][ T4990] CPU: 0 PID: 4990 Comm: syz-executor217 Not tainted 6.4.0-syzkaller-10062-gf8566aa4f176 #0
[ 60.574985][ T4990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 60.585041][ T4990] Call Trace:
[ 60.588316][ T4990]
[ 60.591246][ T4990] dump_stack_lvl+0x136/0x150
[ 60.595932][ T4990] __ubsan_handle_out_of_bounds+0xd5/0x140
[ 60.601753][ T4990] xfs_attr3_leaf_add_work+0x1528/0x1730
[ 60.607398][ T4990] xfs_attr3_leaf_add+0x750/0x880
[ 60.612434][ T4990] ? xfs_attr3_leaf_to_node+0xb40/0xb40
[ 60.617992][ T4990] ? xlog_grant_push_ail+0x2a/0xd0
[ 60.623107][ T4990] ? xfs_trans_dup+0x370/0x730
[ 60.627886][ T4990] ? __xfs_trans_commit+0x4d5/0xe20
[ 60.633102][ T4990] ? xfs_trans_buf_set_type+0x1f/0xa0
[ 60.638506][ T4990] xfs_attr_leaf_try_add+0x1b7/0x660
[ 60.643812][ T4990] ? xfs_attr_node_addname_find_attr+0x650/0x650
[ 60.650163][ T4990] ? rcu_is_watching+0x12/0xb0
[ 60.654956][ T4990] ? xfs_trans_add_item+0x283/0x310
[ 60.660185][ T4990] xfs_attr_set_iter+0x16c4/0x2f90
[ 60.665313][ T4990] ? xfs_init_attr_trans+0x3d0/0x3d0
[ 60.670609][ T4990] ? xfs_defer_trans_roll+0xdc/0x580
[ 60.675915][ T4990] ? xfs_defer_trans_abort+0x590/0x590
[ 60.681400][ T4990] xfs_xattri_finish_update+0x3c/0x140
[ 60.686889][ T4990] xfs_attr_finish_item+0x6d/0x280
[ 60.692028][ T4990] ? xfs_attri_item_relog+0x460/0x460
[ 60.697427][ T4990] xfs_defer_finish_noroll+0x93b/0x1ee0
[ 60.703006][ T4990] ? xfs_defer_cancel+0x220/0x220
[ 60.708043][ T4990] ? ktime_get_coarse_real_ts64+0x1bb/0x200
[ 60.713949][ T4990] ? xfs_inode_item_push+0x350/0x350
[ 60.719248][ T4990] ? xfs_trans_run_precommits+0x18a/0x210
[ 60.724984][ T4990] __xfs_trans_commit+0x566/0xe20
[ 60.730028][ T4990] ? xfs_trans_free_items+0x340/0x340
[ 60.735419][ T4990] xfs_attr_set+0x12e5/0x2220
[ 60.740102][ T4990] ? xfs_attr_set_iter+0x2f90/0x2f90
[ 60.745394][ T4990] ? security_sid_to_context_core+0x357/0x630
[ 60.751473][ T4990] ? sidtab_sid2str_get+0x22e/0x700
[ 60.756688][ T4990] xfs_initxattrs+0x147/0x1f0
[ 60.761365][ T4990] ? xfs_truncate_page+0xd0/0xd0
[ 60.766324][ T4990] security_inode_init_security+0x1c8/0x370
[ 60.772247][ T4990] ? xfs_truncate_page+0xd0/0xd0
[ 60.777188][ T4990] ? inode_free_by_rcu+0x20/0x20
[ 60.782141][ T4990] ? posix_acl_create.part.0+0x2b3/0x4e0
[ 60.787784][ T4990] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 60.793699][ T4990] xfs_generic_create+0x2bc/0x790
[ 60.798732][ T4990] ? xfs_setup_iops+0x430/0x430
[ 60.803592][ T4990] ? xfs_vn_link+0x1f0/0x1f0
[ 60.808195][ T4990] ? xfs_vn_mkdir+0x40/0x40
[ 60.812715][ T4990] lookup_open.isra.0+0x1050/0x1400
[ 60.817933][ T4990] ? link_path_walk.part.0+0xd60/0xd60
[ 60.823409][ T4990] ? rwsem_down_write_slowpath+0x1220/0x1220
[ 60.829410][ T4990] ? __mnt_want_write+0x1fe/0x2e0
[ 60.834443][ T4990] path_openat+0x969/0x2710
[ 60.838957][ T4990] ? path_lookupat+0x840/0x840
[ 60.843731][ T4990] ? find_held_lock+0x2d/0x110
[ 60.848502][ T4990] do_filp_open+0x1ba/0x410
[ 60.853015][ T4990] ? may_open_dev+0xf0/0xf0
[ 60.857528][ T4990] ? find_held_lock+0x2d/0x110
[ 60.862299][ T4990] ? do_raw_spin_lock+0x124/0x2b0
[ 60.867338][ T4990] ? spin_bug+0x1c0/0x1c0
[ 60.871683][ T4990] ? _raw_spin_unlock+0x28/0x40
[ 60.876538][ T4990] ? alloc_fd+0x2e4/0x750
[ 60.880884][ T4990] do_sys_openat2+0x160/0x1c0
[ 60.885574][ T4990] ? build_open_flags+0x720/0x720
[ 60.890615][ T4990] ? ptrace_notify+0xfe/0x140
[ 60.895322][ T4990] ? lock_downgrade+0x690/0x690
[ 60.900181][ T4990] __x64_sys_openat+0x143/0x1f0
[ 60.905046][ T4990] ? __ia32_sys_open+0x1c0/0x1c0
[ 60.910002][ T4990] ? _raw_spin_unlock_irq+0x23/0x50
[ 60.915204][ T4990] ? lockdep_hardirqs_on+0x7d/0x100
[ 60.920415][ T4990] ? _raw_spin_unlock_irq+0x2e/0x50
[ 60.925618][ T4990] ? ptrace_notify+0xfe/0x140
[ 60.930320][ T4990] do_syscall_64+0x39/0xb0
[ 60.934746][ T4990] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.940651][ T4990] RIP: 0033:0x7fefc5f5d7a9
[ 60.945066][ T4990] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.964677][ T4990] RSP: 002b:00007fff817ac9c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 60.973094][ T4990] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fefc5f5d7a9
[ 60.981065][ T4990] RDX: 0000000000141842 RSI: 0000000020000380 RDI: 00000000ffffff9c
[ 60.989037][ T4990] RBP: 00007fefc5f1d040 R08: 000000000000bb73 R09: 0000000000000000
[ 60.997006][ T4990] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fefc5f1d0d0
[ 61.004978][ T4990] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 61.012952][ T4990]
[ 61.020602][ T4990] ================================================================================
[ 61.029919][ T4990] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[ 61.037112][ T4990] CPU: 0 PID: 4990 Comm: syz-executor217 Not tainted 6.4.0-syzkaller-10062-gf8566aa4f176 #0
[ 61.047175][ T4990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 61.057230][ T4990] Call Trace:
[ 61.060505][ T4990]
[ 61.063436][ T4990] dump_stack_lvl+0xd9/0x150
[ 61.068034][ T4990] panic+0x686/0x730
[ 61.071935][ T4990] ? panic_smp_self_stop+0xa0/0xa0
[ 61.077053][ T4990] ? syslog_print_all+0x3a0/0x3a0
[ 61.082089][ T4990] check_panic_on_warn+0xb1/0xc0
[ 61.087033][ T4990] __ubsan_handle_out_of_bounds+0xfd/0x140
[ 61.092851][ T4990] xfs_attr3_leaf_add_work+0x1528/0x1730
[ 61.098497][ T4990] xfs_attr3_leaf_add+0x750/0x880
[ 61.103530][ T4990] ? xfs_attr3_leaf_to_node+0xb40/0xb40
[ 61.109086][ T4990] ? xlog_grant_push_ail+0x2a/0xd0
[ 61.114205][ T4990] ? xfs_trans_dup+0x370/0x730
[ 61.118987][ T4990] ? __xfs_trans_commit+0x4d5/0xe20
[ 61.124204][ T4990] ? xfs_trans_buf_set_type+0x1f/0xa0
[ 61.129597][ T4990] xfs_attr_leaf_try_add+0x1b7/0x660
[ 61.134897][ T4990] ? xfs_attr_node_addname_find_attr+0x650/0x650
[ 61.141234][ T4990] ? rcu_is_watching+0x12/0xb0
[ 61.146012][ T4990] ? xfs_trans_add_item+0x283/0x310
[ 61.151230][ T4990] xfs_attr_set_iter+0x16c4/0x2f90
[ 61.156348][ T4990] ? xfs_init_attr_trans+0x3d0/0x3d0
[ 61.161643][ T4990] ? xfs_defer_trans_roll+0xdc/0x580
[ 61.166939][ T4990] ? xfs_defer_trans_abort+0x590/0x590
[ 61.172413][ T4990] xfs_xattri_finish_update+0x3c/0x140
[ 61.177887][ T4990] xfs_attr_finish_item+0x6d/0x280
[ 61.183015][ T4990] ? xfs_attri_item_relog+0x460/0x460
[ 61.188401][ T4990] xfs_defer_finish_noroll+0x93b/0x1ee0
[ 61.193961][ T4990] ? xfs_defer_cancel+0x220/0x220
[ 61.198998][ T4990] ? ktime_get_coarse_real_ts64+0x1bb/0x200
[ 61.204902][ T4990] ? xfs_inode_item_push+0x350/0x350
[ 61.210202][ T4990] ? xfs_trans_run_precommits+0x18a/0x210
[ 61.215942][ T4990] __xfs_trans_commit+0x566/0xe20
[ 61.220988][ T4990] ? xfs_trans_free_items+0x340/0x340
[ 61.226382][ T4990] xfs_attr_set+0x12e5/0x2220
[ 61.231066][ T4990] ? xfs_attr_set_iter+0x2f90/0x2f90
[ 61.236361][ T4990] ? security_sid_to_context_core+0x357/0x630
[ 61.242439][ T4990] ? sidtab_sid2str_get+0x22e/0x700
[ 61.247657][ T4990] xfs_initxattrs+0x147/0x1f0
[ 61.252335][ T4990] ? xfs_truncate_page+0xd0/0xd0
[ 61.257276][ T4990] security_inode_init_security+0x1c8/0x370
[ 61.263184][ T4990] ? xfs_truncate_page+0xd0/0xd0
[ 61.268122][ T4990] ? inode_free_by_rcu+0x20/0x20
[ 61.273077][ T4990] ? posix_acl_create.part.0+0x2b3/0x4e0
[ 61.278720][ T4990] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 61.284627][ T4990] xfs_generic_create+0x2bc/0x790
[ 61.289655][ T4990] ? xfs_setup_iops+0x430/0x430
[ 61.294509][ T4990] ? xfs_vn_link+0x1f0/0x1f0
[ 61.299100][ T4990] ? xfs_vn_mkdir+0x40/0x40
[ 61.303611][ T4990] lookup_open.isra.0+0x1050/0x1400
[ 61.308821][ T4990] ? link_path_walk.part.0+0xd60/0xd60
[ 61.314294][ T4990] ? rwsem_down_write_slowpath+0x1220/0x1220
[ 61.320295][ T4990] ? __mnt_want_write+0x1fe/0x2e0
[ 61.325328][ T4990] path_openat+0x969/0x2710
[ 61.329841][ T4990] ? path_lookupat+0x840/0x840
[ 61.334618][ T4990] ? find_held_lock+0x2d/0x110
[ 61.339387][ T4990] do_filp_open+0x1ba/0x410
[ 61.343900][ T4990] ? may_open_dev+0xf0/0xf0
[ 61.348414][ T4990] ? find_held_lock+0x2d/0x110
[ 61.353185][ T4990] ? do_raw_spin_lock+0x124/0x2b0
[ 61.358219][ T4990] ? spin_bug+0x1c0/0x1c0
[ 61.362557][ T4990] ? _raw_spin_unlock+0x28/0x40
[ 61.367414][ T4990] ? alloc_fd+0x2e4/0x750
[ 61.371758][ T4990] do_sys_openat2+0x160/0x1c0
[ 61.376451][ T4990] ? build_open_flags+0x720/0x720
[ 61.381491][ T4990] ? ptrace_notify+0xfe/0x140
[ 61.386184][ T4990] ? lock_downgrade+0x690/0x690
[ 61.391046][ T4990] __x64_sys_openat+0x143/0x1f0
[ 61.395910][ T4990] ? __ia32_sys_open+0x1c0/0x1c0
[ 61.400861][ T4990] ? _raw_spin_unlock_irq+0x23/0x50
[ 61.406064][ T4990] ? lockdep_hardirqs_on+0x7d/0x100
[ 61.411276][ T4990] ? _raw_spin_unlock_irq+0x2e/0x50
[ 61.416476][ T4990] ? ptrace_notify+0xfe/0x140
[ 61.421169][ T4990] do_syscall_64+0x39/0xb0
[ 61.425596][ T4990] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.431497][ T4990] RIP: 0033:0x7fefc5f5d7a9
[ 61.435911][ T4990] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.455520][ T4990] RSP: 002b:00007fff817ac9c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 61.463937][ T4990] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fefc5f5d7a9
[ 61.471912][ T4990] RDX: 0000000000141842 RSI: 0000000020000380 RDI: 00000000ffffff9c
[ 61.479882][ T4990] RBP: 00007fefc5f1d040 R08: 000000000000bb73 R09: 0000000000000000
[ 61.487852][ T4990] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fefc5f1d0d0
[ 61.495824][ T4990] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 61.503798][ T4990]
[ 61.507011][ T4990] Kernel Offset: disabled
[ 61.511391][ T4990] Rebooting in 86400 seconds..