./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1408411103 <...> Warning: Permanently added '10.128.0.212' (ED25519) to the list of known hosts. execve("./syz-executor1408411103", ["./syz-executor1408411103"], 0x7fff4b8353c0 /* 10 vars */) = 0 brk(NULL) = 0x555574a08000 brk(0x555574a08d40) = 0x555574a08d40 arch_prctl(ARCH_SET_FS, 0x555574a083c0) = 0 set_tid_address(0x555574a08690) = 282 set_robust_list(0x555574a086a0, 24) = 0 rseq(0x555574a08ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1408411103", 4096) = 28 getrandom("\x2e\x0c\x7d\x5c\xb3\x32\x75\xc3", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555574a08d40 brk(0x555574a29d40) = 0x555574a29d40 brk(0x555574a2a000) = 0x555574a2a000 mprotect(0x7f496b9e9000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 executing program write(1, "executing program\n", 18) = 18 futex(0x7f496b9ef3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f496b988360, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f496b9799e0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f496b904000 mprotect(0x7f496b905000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f496b924990, parent_tid=0x7f496b924990, exit_signal=0, stack=0x7f496b904000, stack_size=0x20300, tls=0x7f496b9246c0}./strace-static-x86_64: Process 283 attached [pid 283] set_robust_list(0x7f496b9249a0, 24) = 0 [pid 283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 283] futex(0x7f496b9ef3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 282] <... clone3 resumed> => {parent_tid=[283]}, 88) = 283 [pid 282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 282] futex(0x7f496b9ef3e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 283] <... futex resumed>) = 0 [pid 283] mkdir("./file0", 000 [pid 282] futex(0x7f496b9ef3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] <... mkdir resumed>) = 0 [pid 283] futex(0x7f496b9ef3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 282] <... futex resumed>) = 0 [pid 283] <... futex resumed>) = 1 [pid 282] futex(0x7f496b9ef3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 282] futex(0x7f496b9ef3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000) = 3 [ 23.385390][ T24] audit: type=1400 audit(1755716507.990:64): avc: denied { execmem } for pid=282 comm="syz-executor140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.412247][ T24] audit: type=1400 audit(1755716508.020:65): avc: denied { read write } for pid=282 comm="syz-executor140" name="fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [pid 283] futex(0x7f496b9ef3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 282] <... futex resumed>) = 0 [pid 283] <... futex resumed>) = 1 [pid 282] futex(0x7f496b9ef3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] mount(NULL, "./file0", "fuse", 0, "fd=00000000000000000000003,rootmode=0000000000000000040000,user_id=00000000000000000000,group_id=000"... [pid 282] futex(0x7f496b9ef3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] <... mount resumed>) = 0 [pid 283] futex(0x7f496b9ef3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 282] <... futex resumed>) = 0 [pid 283] <... futex resumed>) = 1 [pid 282] futex(0x7f496b9ef3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 282] futex(0x7f496b9ef3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] read(3, "\x38\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x20\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x83", 8224) = 56 [pid 283] futex(0x7f496b9ef3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 282] <... futex resumed>) = 0 [pid 283] <... futex resumed>) = 1 [pid 282] futex(0x7f496b9ef3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 282] futex(0x7f496b9ef3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 23.436025][ T24] audit: type=1400 audit(1755716508.020:66): avc: denied { open } for pid=282 comm="syz-executor140" path="/dev/fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 23.460993][ T24] audit: type=1400 audit(1755716508.070:67): avc: denied { mounton } for pid=282 comm="syz-executor140" path="/root/file0" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 283] read(3, [pid 282] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 282] futex(0x7f496b9ef3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 282] futex(0x7f496b9ef3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 282] futex(0x7f496b9ef3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 282] futex(0x7f496b9ef3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f496b8e3000 [pid 282] mprotect(0x7f496b8e4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 282] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f496b903990, parent_tid=0x7f496b903990, exit_signal=0, stack=0x7f496b8e3000, stack_size=0x20300, tls=0x7f496b9036c0} => {parent_tid=[285]}, 88) = 285 ./strace-static-x86_64: Process 285 attached [pid 282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 282] futex(0x7f496b9ef3f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 282] futex(0x7f496b9ef3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] set_robust_list(0x7f496b9039a0, 24) = 0 [pid 285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 285] write(3, "\x18\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00", 24) = 24 [pid 285] futex(0x7f496b9ef3fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 282] <... futex resumed>) = 0 [pid 282] futex(0x7f496b9ef3f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 282] futex(0x7f496b9ef3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... futex resumed>) = 1 [pid 285] lstat("./file0/file0", [pid 283] <... read resumed>"\x2e\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x01\x00\x00\x00\x00\x00\x00\x66\x69\x6c\x65\x30\x00", 8192) = 46 [pid 283] write(3, "\x90\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x7b\xa0\x00\x00\x00\x00\x00\x00\xb4\x06\x00\x00\x04\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\xf0\xff\xff\xff\xff\xff\xff\x06\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00"..., 144) = 144 [pid 283] futex(0x7f496b9ef3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 23.483781][ T24] audit: type=1400 audit(1755716508.070:68): avc: denied { mount } for pid=282 comm="syz-executor140" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 23.518836][ T285] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN [ 23.530589][ T285] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 23.539000][ T285] CPU: 0 PID: 285 Comm: syz-executor140 Not tainted 5.10.240-syzkaller #0 [ 23.547478][ T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 23.557550][ T285] RIP: 0010:step_into+0x122/0xcf0 [ 23.562561][ T285] Code: c6 44 24 5f 00 43 0f b6 44 25 00 84 c0 48 8b 54 24 08 0f 85 51 0a 00 00 44 8b 32 4c 8b bc 24 88 00 00 00 4c 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 56 0a 00 00 45 8b 3f 44 89 fe 81 e6 00 [ 23.582240][ T285] RSP: 0018:ffffc90000b17820 EFLAGS: 00010202 [ 23.588296][ T285] RAX: 0000000000000001 RBX: ffffc90000b17a40 RCX: ffff8881055c62c0 [ 23.596254][ T285] RDX: ffffc90000b17a78 RSI: 0000000000000000 RDI: 0000000000000000 [ 23.604217][ T285] RBP: ffffc90000b17908 R08: 0000000000000000 R09: ffffed102430b525 [ 23.612177][ T285] R10: ffffed102430b525 R11: 1ffff1102430b524 R12: dffffc0000000000 [ 23.620152][ T285] R13: 1ffff92000162f4f R14: 0000000000000000 R15: 0000000000000008 [ 23.628131][ T285] FS: 00007f496b9036c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.637059][ T285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.643868][ T285] CR2: 000000000045c6a0 CR3: 00000001081ba000 CR4: 00000000003506b0 [ 23.652120][ T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.660085][ T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.668045][ T285] Call Trace: [ 23.671328][ T285] ? lookup_fast+0x2fa/0x700 [ 23.676001][ T285] ? set_root+0x3f0/0x3f0 [ 23.680339][ T285] ? __kasan_check_write+0x14/0x20 [ 23.685461][ T285] ? up_read+0x12/0x50 [ 23.689543][ T285] walk_component+0x26a/0x460 [ 23.694215][ T285] path_lookupat+0x180/0x490 [ 23.698818][ T285] filename_lookup+0x1d5/0x600 [ 23.703573][ T285] ? hashlen_string+0x120/0x120 [ 23.708416][ T285] ? getname_flags+0x206/0x500 [ 23.713248][ T285] user_path_at_empty+0x43/0x50 [ 23.718093][ T285] vfs_statx+0xff/0x520 [ 23.722238][ T285] ? vfs_fstatat+0x40/0x40 [ 23.726641][ T285] ? _raw_spin_lock_irq+0x8f/0xe0 [ 23.731651][ T285] ? __kasan_check_write+0x14/0x20 [ 23.736767][ T285] __se_sys_newlstat+0xb8/0x320 [ 23.741614][ T285] ? __x64_sys_newlstat+0x70/0x70 [ 23.746628][ T285] ? cgroup_leave_frozen+0x166/0x2b0 [ 23.751896][ T285] ? ptrace_stop+0x51e/0x9c0 [ 23.756478][ T285] ? ptrace_stop+0x69f/0x9c0 [ 23.761059][ T285] ? _raw_spin_unlock_irq+0x4e/0x70 [ 23.766269][ T285] ? fpu__clear_all+0x20/0x20 [ 23.770936][ T285] ? fpu__clear_all+0x20/0x20 [ 23.775618][ T285] __x64_sys_newlstat+0x5b/0x70 [ 23.780459][ T285] do_syscall_64+0x31/0x40 [ 23.784877][ T285] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.790905][ T285] RIP: 0033:0x7f496b9624b9 [ 23.795329][ T285] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 23.815092][ T285] RSP: 002b:00007f496b903218 EFLAGS: 00000246 ORIG_RAX: 0000000000000006 [ 23.823621][ T285] RAX: ffffffffffffffda RBX: 00007f496b9ef3f8 RCX: 00007f496b9624b9 [pid 283] futex(0x7f496b9ef3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 282] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 23.831592][ T285] RDX: 00007f496b9624b9 RSI: 0000000000000000 RDI: 0000200000000180 [ 23.839553][ T285] RBP: 00007f496b9ef3f0 R08: 0000000000000000 R09: 0000000000000000 [ 23.847512][ T285] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f496b9bc02c [ 23.855675][ T285] R13: 0000200000002140 R14: 0000200000000180 R15: 00007ffcf2ac6558 [ 23.863736][ T285] Modules linked in: [ 23.868685][ T285] ---[ end trace ad97e9dc4707d156 ]--- [ 23.869505][ T24] audit: type=1400 audit(1755716508.480:69): avc: denied { read } for pid=76 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 23.874750][ T285] RIP: 0010:step_into+0x122/0xcf0 [ 23.896112][ T24] audit: type=1400 audit(1755716508.480:70): avc: denied { search } for pid=76 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 23.922306][ T285] Code: c6 44 24 5f 00 43 0f b6 44 25 00 84 c0 48 8b 54 24 08 0f 85 51 0a 00 00 44 8b 32 4c 8b bc 24 88 00 00 00 4c 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 56 0a 00 00 45 8b 3f 44 89 fe 81 e6 00 [ 23.922325][ T285] RSP: 0018:ffffc90000b17820 EFLAGS: 00010202 [ 23.942403][ T24] audit: type=1400 audit(1755716508.480:71): avc: denied { write } for pid=76 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 23.948525][ T285] [ 23.969970][ T24] audit: type=1400 audit(1755716508.480:72): avc: denied { add_name } for pid=76 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 23.972386][ T285] RAX: 0000000000000001 RBX: ffffc90000b17a40 RCX: ffff8881055c62c0 [ 23.992955][ T24] audit: type=1400 audit(1755716508.480:73): avc: denied { create } for pid=76 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 24.001243][ T285] RDX: ffffc90000b17a78 RSI: 0000000000000000 RDI: 0000000000000000 [ 24.029545][ T285] RBP: ffffc90000b17908 R08: 0000000000000000 R09: ffffed102430b525 [ 24.037547][ T285] R10: ffffed102430b525 R11: 1ffff1102430b524 R12: dffffc0000000000 [ 24.045664][ T285] R13: 1ffff92000162f4f R14: 0000000000000000 R15: 0000000000000008 [ 24.053667][ T285] FS: 00007f496b9036c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 24.062641][ T285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.069277][ T285] CR2: 0000559cca48beb8 CR3: 00000001081ba000 CR4: 00000000003506a0 [ 24.077564][ T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.085626][ T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.093726][ T285] Kernel panic - not syncing: Fatal exception [ 24.100147][ T285] Kernel Offset: disabled [ 24.104480][ T285] Rebooting in 86400 seconds..