./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1156101397 <...> Warning: Permanently added '10.128.0.187' (ED25519) to the list of known hosts. execve("./syz-executor1156101397", ["./syz-executor1156101397"], 0x7fffc502fe50 /* 10 vars */) = 0 brk(NULL) = 0x55557041d000 brk(0x55557041dd00) = 0x55557041dd00 arch_prctl(ARCH_SET_FS, 0x55557041d380) = 0 set_tid_address(0x55557041d650) = 5069 set_robust_list(0x55557041d660, 24) = 0 rseq(0x55557041dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1156101397", 4096) = 28 getrandom("\xc5\x7d\x81\xd9\x99\x4a\x2f\x6a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557041dd00 brk(0x55557043ed00) = 0x55557043ed00 brk(0x55557043f000) = 0x55557043f000 mprotect(0x7fd94f307000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./file1", 000) = 0 [ 103.469855][ T28] audit: type=1400 audit(1711696593.385:87): avc: denied { execmem } for pid=5069 comm="syz-executor115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 mount(NULL, "./file1", "tmpfs", 0, "usrquota") = 0 chdir("./file1") = 0 openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [ 103.517723][ T28] audit: type=1400 audit(1711696593.435:88): avc: denied { mounton } for pid=5069 comm="syz-executor115" path="/root/file1" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 103.540696][ T28] audit: type=1400 audit(1711696593.435:89): avc: denied { mount } for pid=5069 comm="syz-executor115" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 103.548557][ T5069] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 103.575383][ T5069] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 103.583828][ T5069] CPU: 1 PID: 5069 Comm: syz-executor115 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 103.594004][ T5069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 103.604086][ T5069] RIP: 0010:shmem_get_next_id+0x94/0x4b0 [ 103.609785][ T5069] Code: 48 8d 7b 40 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 11 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 40 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 e5 03 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 [ 103.629602][ T5069] RSP: 0018:ffffc90003b6fad8 EFLAGS: 00010246 [ 103.635698][ T5069] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90003b6fbac [ 103.643691][ T5069] RDX: 0000000000000000 RSI: ffffffff81cd6d9d RDI: ffff888029dc22d8 [ 103.651687][ T5069] RBP: ffff888029dc2000 R08: 0000000000000005 R09: 00000000ffffffff [ 103.659692][ T5069] R10: 0000000000000000 R11: 0000000000000001 R12: ffffc90003b6fc38 [ 103.667685][ T5069] R13: ffffc90003b6fba8 R14: ffffc90003b6fba8 R15: ffff888029dc2040 [ 103.675681][ T5069] FS: 000055557041d380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 103.684643][ T5069] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 103.691263][ T5069] CR2: 0000000020001000 CR3: 0000000028d72000 CR4: 00000000003506f0 [ 103.699253][ T5069] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 103.707253][ T5069] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 103.715239][ T5069] Call Trace: [ 103.718527][ T5069] [ 103.721480][ T5069] ? show_regs+0x8c/0xa0 [ 103.725744][ T5069] ? die_addr+0x4f/0xd0 [ 103.729917][ T5069] ? exc_general_protection+0x155/0x230 [ 103.735497][ T5069] ? asm_exc_general_protection+0x26/0x30 [ 103.741263][ T5069] ? shmem_get_next_id+0x1d/0x4b0 [ 103.746315][ T5069] ? shmem_get_next_id+0x94/0x4b0 [ 103.751364][ T5069] ? shmem_get_next_id+0x1d/0x4b0 [ 103.756406][ T5069] ? from_kqid+0xfa/0x1d0 [ 103.760759][ T5069] ? __pfx_from_kqid+0x10/0x10 [ 103.765545][ T5069] ? __pfx_shmem_get_next_id+0x10/0x10 [ 103.771029][ T5069] dquot_get_next_dqblk+0x74/0x180 [ 103.776177][ T5069] quota_getnextquota+0x26d/0x470 [ 103.781230][ T5069] ? __pfx_quota_getnextquota+0x10/0x10 [ 103.786812][ T5069] ? selinux_quotactl+0x18b/0x300 [ 103.791871][ T5069] ? security_quotactl+0x98/0xd0 [ 103.796839][ T5069] do_quotactl+0x3d1/0x13e0 [ 103.801367][ T5069] ? __pfx_do_quotactl+0x10/0x10 [ 103.806328][ T5069] ? rwsem_read_trylock+0x12d/0x250 [ 103.811550][ T5069] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 103.817117][ T5069] ? __pfx_lock_release+0x10/0x10 [ 103.822177][ T5069] ? __pfx___might_resched+0x10/0x10 [ 103.827488][ T5069] ? down_read+0xc9/0x330 [ 103.831851][ T5069] ? __pfx_down_read+0x10/0x10 [ 103.836650][ T5069] ? mnt_get_write_access+0x20c/0x300 [ 103.842057][ T5069] __x64_sys_quotactl_fd+0x2e6/0x510 [ 103.847373][ T5069] do_syscall_64+0xd2/0x260 [ 103.851925][ T5069] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 103.857862][ T5069] RIP: 0033:0x7fd94f294329 [ 103.862293][ T5069] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 103.881918][ T5069] RSP: 002b:00007ffdbfd87458 EFLAGS: 00000246 ORIG_RAX: 00000000000001bb [ 103.890352][ T5069] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fd94f294329 [ 103.898358][ T5069] RDX: 0000000000000000 RSI: ffffffff80000901 RDI: 0000000000000003 [ 103.906343][ T5069] RBP: 00007fd94f307610 R08: 0000000000000000 R09: 00007ffdbfd87628 [ 103.914333][ T5069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.922322][ T5069] R13: 00007ffdbfd87618 R14: 0000000000000001 R15: 0000000000000001 [ 103.930315][ T5069] [ 103.933356][ T5069] Modules linked in: [ 103.938133][ T5069] ---[ end trace 0000000000000000 ]--- [ 103.946790][ T5069] RIP: 0010:shmem_get_next_id+0x94/0x4b0 [ 103.952802][ T5069] Code: 48 8d 7b 40 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 11 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 40 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 e5 03 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 [ 103.972692][ T5069] RSP: 0018:ffffc90003b6fad8 EFLAGS: 00010246 [ 103.978839][ T5069] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90003b6fbac [ 103.987092][ T5069] RDX: 0000000000000000 RSI: ffffffff81cd6d9d RDI: ffff888029dc22d8 [ 103.995153][ T5069] RBP: ffff888029dc2000 R08: 0000000000000005 R09: 00000000ffffffff [ 104.003340][ T5069] R10: 0000000000000000 R11: 0000000000000001 R12: ffffc90003b6fc38 [ 104.011588][ T5069] R13: ffffc90003b6fba8 R14: ffffc90003b6fba8 R15: ffff888029dc2040 [ 104.019764][ T5069] FS: 000055557041d380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 104.028753][ T5069] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.035409][ T5069] CR2: 000055a8317c33c8 CR3: 0000000028d72000 CR4: 00000000003506f0 [ 104.043469][ T5069] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 104.051528][ T5069] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 104.059535][ T5069] Kernel panic - not syncing: Fatal exception [ 104.065686][ T5069] Kernel Offset: disabled [ 104.070043][ T5069] Rebooting in 86400 seconds..