./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2597441137
<...>
syzkaller
syzkaller login: [ 61.817229][ T26] kauditd_printk_skb: 42 callbacks suppressed
[ 61.817244][ T26] audit: type=1400 audit(1686776150.884:77): avc: denied { transition } for pid=4844 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 61.845696][ T26] audit: type=1400 audit(1686776150.894:78): avc: denied { noatsecure } for pid=4844 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 61.864791][ T26] audit: type=1400 audit(1686776150.914:79): avc: denied { write } for pid=4844 comm="sh" path="pipe:[29833]" dev="pipefs" ino=29833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 61.887412][ T26] audit: type=1400 audit(1686776150.914:80): avc: denied { rlimitinh } for pid=4844 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 61.906269][ T26] audit: type=1400 audit(1686776150.914:81): avc: denied { siginh } for pid=4844 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 63.111557][ T26] audit: type=1400 audit(1686776152.174:82): avc: denied { read } for pid=4428 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
Warning: Permanently added '10.128.1.74' (ECDSA) to the list of known hosts.
execve("./syz-executor2597441137", ["./syz-executor2597441137"], 0x7fffcc4b7320 /* 10 vars */) = 0
brk(NULL) = 0x555555e1f000
brk(0x555555e1fc40) = 0x555555e1fc40
arch_prctl(ARCH_SET_FS, 0x555555e1f300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2597441137", 4096) = 28
brk(0x555555e40c40) = 0x555555e40c40
brk(0x555555e41000) = 0x555555e41000
mprotect(0x7f59c8d54000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
[ 80.666918][ T26] audit: type=1400 audit(1686776169.734:83): avc: denied { write } for pid=4991 comm="strace-static-x" path="pipe:[29938]" dev="pipefs" ino=29938 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 80.697504][ T26] audit: type=1400 audit(1686776169.764:84): avc: denied { execmem } for pid=4994 comm="syz-executor259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f59c0896000
[ 80.697837][ T4994] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4994 'syz-executor259'
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
munmap(0x7f59c0896000, 16777216) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./bus", 0777) = 0
[ 80.895610][ T26] audit: type=1400 audit(1686776169.964:85): avc: denied { read write } for pid=4994 comm="syz-executor259" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 80.898375][ T4994] loop0: detected capacity change from 0 to 32768
[ 80.920390][ T26] audit: type=1400 audit(1686776169.964:86): avc: denied { open } for pid=4994 comm="syz-executor259" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 80.937526][ T4994] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor259 (4994)
[ 80.951006][ T26] audit: type=1400 audit(1686776169.964:87): avc: denied { ioctl } for pid=4994 comm="syz-executor259" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 80.989512][ T26] audit: type=1400 audit(1686776169.994:88): avc: denied { mounton } for pid=4994 comm="syz-executor259" path="/root/bus" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 81.012484][ T26] audit: type=1400 audit(1686776170.004:89): avc: denied { append } for pid=4428 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 81.034947][ T26] audit: type=1400 audit(1686776170.004:90): avc: denied { open } for pid=4428 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 81.049877][ T4994] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 81.065138][ T26] audit: type=1400 audit(1686776170.004:91): avc: denied { getattr } for pid=4428 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 81.067292][ T4994] BTRFS info (device loop0): doing ref verification
[ 81.095490][ T4994] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 81.106338][ T4994] BTRFS info (device loop0): force zlib compression, level 3
[ 81.113770][ T4994] BTRFS info (device loop0): allowing degraded mounts
[ 81.120533][ T4994] BTRFS info (device loop0): using free space tree
mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0
openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
chdir("./bus") = 0
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
open("./file0", O_RDONLY) = 4
[ 81.143378][ T4994] BTRFS info (device loop0): auto enabling async discard
[ 81.156720][ T26] audit: type=1400 audit(1686776170.224:92): avc: denied { mount } for pid=4994 comm="syz-executor259" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 81.213536][ T4994] BTRFS info (device loop0): balance: start -susage=7,stripes=0..23665
[ 81.226992][ T4994] ------------[ cut here ]------------
[ 81.232770][ T4994] BTRFS: Transaction aborted (error -28)
[ 81.239349][ T4994] WARNING: CPU: 1 PID: 4994 at fs/btrfs/block-group.c:2610 btrfs_create_pending_block_groups+0xe1f/0x1110
[ 81.250809][ T4994] Modules linked in:
[ 81.254831][ T4994] CPU: 1 PID: 4994 Comm: syz-executor259 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 81.265318][ T4994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 81.275508][ T4994] RIP: 0010:btrfs_create_pending_block_groups+0xe1f/0x1110
[ 81.282824][ T4994] Code: 00 48 c7 c6 60 2e 97 8a 48 8b 78 50 e8 6a 0b 03 00 e9 51 fc ff ff e8 60 f4 fa fd 44 89 e6 48 c7 c7 00 2e 97 8a e8 41 af c2 fd <0f> 0b bd 01 00 00 00 e9 a5 fd ff ff e8 40 f4 fa fd 89 de 48 c7 c7
[ 81.302554][ T4994] RSP: 0018:ffffc900033e7720 EFLAGS: 00010286
[ 81.308671][ T4994] RAX: 0000000000000000 RBX: 00000000ffffff01 RCX: 0000000000000000
[ 81.316778][ T4994] RDX: ffff88807c7281c0 RSI: ffffffff814b2427 RDI: 0000000000000001
[ 81.324837][ T4994] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[ 81.332927][ T4994] R10: 0000000000000001 R11: 0000000000000001 R12: 00000000ffffffe4
[ 81.340941][ T4994] R13: ffff88807dc64050 R14: dffffc0000000000 R15: ffff88807dc64058
[ 81.349017][ T4994] FS: 0000555555e1f300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 81.358060][ T4994] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 81.364790][ T4994] CR2: 0000000020002280 CR3: 000000007e162000 CR4: 00000000003506e0
[ 81.372851][ T4994] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 81.380886][ T4994] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 81.388957][ T4994] Call Trace:
[ 81.392328][ T4994]
[ 81.395295][ T4994] ? __warn+0xe6/0x390
[ 81.399420][ T4994] ? btrfs_create_pending_block_groups+0xe1f/0x1110
[ 81.406208][ T4994] ? report_bug+0x2da/0x500
[ 81.410801][ T4994] ? handle_bug+0x3c/0x70
[ 81.415220][ T4994] ? exc_invalid_op+0x18/0x50
[ 81.419938][ T4994] ? asm_exc_invalid_op+0x1a/0x20
[ 81.425143][ T4994] ? __warn_printk+0x187/0x310
[ 81.429963][ T4994] ? btrfs_create_pending_block_groups+0xe1f/0x1110
[ 81.436625][ T4994] ? btrfs_inc_block_group_ro+0x46c/0x610
[ 81.442417][ T4994] ? lock_downgrade+0x690/0x690
[ 81.447286][ T4994] ? btrfs_read_block_groups+0x1900/0x1900
[ 81.453159][ T4994] ? btrfs_block_rsv_add+0xba/0xd0
[ 81.458307][ T4994] ? __mutex_unlock_slowpath+0x157/0x5e0
[ 81.464016][ T4994] ? do_raw_spin_unlock+0x175/0x230
[ 81.469279][ T4994] ? btrfs_trans_release_metadata+0x172/0x220
[ 81.475449][ T4994] __btrfs_end_transaction+0xf9/0x920
[ 81.480887][ T4994] btrfs_inc_block_group_ro+0x474/0x610
[ 81.486501][ T4994] btrfs_relocate_block_group+0x21a/0xe50
[ 81.492315][ T4994] btrfs_relocate_chunk+0x14a/0x440
[ 81.497527][ T4994] btrfs_balance+0x1e8f/0x40f0
[ 81.502365][ T4994] ? find_held_lock+0x2d/0x110
[ 81.507188][ T4994] ? btrfs_relocate_chunk+0x440/0x440
[ 81.512628][ T4994] ? __kmem_cache_alloc_node+0x170/0x3f0
[ 81.518361][ T4994] btrfs_ioctl+0x12a6/0x5b30
[ 81.523013][ T4994] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 81.528876][ T4994] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 81.535381][ T4994] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 81.541322][ T4994] ? do_vfs_ioctl+0x132/0x1670
[ 81.546150][ T4994] ? vfs_fileattr_set+0xc40/0xc40
[ 81.551210][ T4994] ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[ 81.557773][ T4994] ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[ 81.564357][ T4994] ? selinux_bprm_creds_for_exec+0xb20/0xb20
[ 81.570371][ T4994] ? find_held_lock+0x2d/0x110
[ 81.575253][ T4994] ? do_one_initcall+0x172/0x540
[ 81.580240][ T4994] ? lock_downgrade+0x690/0x690
[ 81.585185][ T4994] ? selinux_file_ioctl+0xba/0x280
[ 81.590331][ T4994] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 81.596821][ T4994] __x64_sys_ioctl+0x197/0x210
[ 81.601629][ T4994] do_syscall_64+0x39/0xb0
[ 81.606120][ T4994] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.612213][ T4994] RIP: 0033:0x7f59c8ce2bc9
[ 81.616654][ T4994] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 81.636345][ T4994] RSP: 002b:00007ffc537882e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 81.644892][ T4994] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f59c8ce2bc9
[ 81.652945][ T4994] RDX: 0000000020002280 RSI: 00000000c4009420 RDI: 0000000000000004
[ 81.660948][ T4994] RBP: 00007f59c8ca2460 R08: 0000000000000000 R09: 0000000000000000
[ 81.668971][ T4994] R10: 00000000000050e9 R11: 0000000000000246 R12: 00007f59c8ca24f0
[ 81.676989][ T4994] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 81.685014][ T4994]
[ 81.688057][ T4994] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 81.695331][ T4994] CPU: 1 PID: 4994 Comm: syz-executor259 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 81.705830][ T4994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 81.715897][ T4994] Call Trace:
[ 81.719197][ T4994]
[ 81.722127][ T4994] dump_stack_lvl+0xd9/0x150
[ 81.726726][ T4994] panic+0x686/0x730
[ 81.730641][ T4994] ? panic_smp_self_stop+0xa0/0xa0
[ 81.735783][ T4994] ? show_trace_log_lvl+0x284/0x390
[ 81.741011][ T4994] ? btrfs_create_pending_block_groups+0xe1f/0x1110
[ 81.747630][ T4994] check_panic_on_warn+0xb1/0xc0
[ 81.752598][ T4994] __warn+0xf2/0x390
[ 81.756505][ T4994] ? btrfs_create_pending_block_groups+0xe1f/0x1110
[ 81.763110][ T4994] report_bug+0x2da/0x500
[ 81.767477][ T4994] handle_bug+0x3c/0x70
[ 81.771668][ T4994] exc_invalid_op+0x18/0x50
[ 81.776226][ T4994] asm_exc_invalid_op+0x1a/0x20
[ 81.781134][ T4994] RIP: 0010:btrfs_create_pending_block_groups+0xe1f/0x1110
[ 81.788470][ T4994] Code: 00 48 c7 c6 60 2e 97 8a 48 8b 78 50 e8 6a 0b 03 00 e9 51 fc ff ff e8 60 f4 fa fd 44 89 e6 48 c7 c7 00 2e 97 8a e8 41 af c2 fd <0f> 0b bd 01 00 00 00 e9 a5 fd ff ff e8 40 f4 fa fd 89 de 48 c7 c7
[ 81.808120][ T4994] RSP: 0018:ffffc900033e7720 EFLAGS: 00010286
[ 81.814218][ T4994] RAX: 0000000000000000 RBX: 00000000ffffff01 RCX: 0000000000000000
[ 81.822209][ T4994] RDX: ffff88807c7281c0 RSI: ffffffff814b2427 RDI: 0000000000000001
[ 81.830200][ T4994] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[ 81.838274][ T4994] R10: 0000000000000001 R11: 0000000000000001 R12: 00000000ffffffe4
[ 81.846263][ T4994] R13: ffff88807dc64050 R14: dffffc0000000000 R15: ffff88807dc64058
[ 81.854258][ T4994] ? __warn_printk+0x187/0x310
[ 81.859061][ T4994] ? btrfs_inc_block_group_ro+0x46c/0x610
[ 81.864810][ T4994] ? lock_downgrade+0x690/0x690
[ 81.869693][ T4994] ? btrfs_read_block_groups+0x1900/0x1900
[ 81.875526][ T4994] ? btrfs_block_rsv_add+0xba/0xd0
[ 81.880676][ T4994] ? __mutex_unlock_slowpath+0x157/0x5e0
[ 81.886340][ T4994] ? do_raw_spin_unlock+0x175/0x230
[ 81.891589][ T4994] ? btrfs_trans_release_metadata+0x172/0x220
[ 81.897692][ T4994] __btrfs_end_transaction+0xf9/0x920
[ 81.903103][ T4994] btrfs_inc_block_group_ro+0x474/0x610
[ 81.908683][ T4994] btrfs_relocate_block_group+0x21a/0xe50
[ 81.914441][ T4994] btrfs_relocate_chunk+0x14a/0x440
[ 81.919675][ T4994] btrfs_balance+0x1e8f/0x40f0
[ 81.924467][ T4994] ? find_held_lock+0x2d/0x110
[ 81.929255][ T4994] ? btrfs_relocate_chunk+0x440/0x440
[ 81.934649][ T4994] ? __kmem_cache_alloc_node+0x170/0x3f0
[ 81.940307][ T4994] btrfs_ioctl+0x12a6/0x5b30
[ 81.944925][ T4994] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 81.950764][ T4994] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 81.957205][ T4994] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 81.963124][ T4994] ? do_vfs_ioctl+0x132/0x1670
[ 81.967908][ T4994] ? vfs_fileattr_set+0xc40/0xc40
[ 81.972953][ T4994] ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[ 81.979476][ T4994] ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[ 81.985999][ T4994] ? selinux_bprm_creds_for_exec+0xb20/0xb20
[ 81.992004][ T4994] ? find_held_lock+0x2d/0x110
[ 81.996793][ T4994] ? do_one_initcall+0x172/0x540
[ 82.001764][ T4994] ? lock_downgrade+0x690/0x690
[ 82.006654][ T4994] ? selinux_file_ioctl+0xba/0x280
[ 82.011789][ T4994] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 82.018238][ T4994] __x64_sys_ioctl+0x197/0x210
[ 82.023016][ T4994] do_syscall_64+0x39/0xb0
[ 82.027448][ T4994] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 82.033376][ T4994] RIP: 0033:0x7f59c8ce2bc9
[ 82.037811][ T4994] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 82.057441][ T4994] RSP: 002b:00007ffc537882e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 82.065880][ T4994] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f59c8ce2bc9
[ 82.073871][ T4994] RDX: 0000000020002280 RSI: 00000000c4009420 RDI: 0000000000000004
[ 82.081860][ T4994] RBP: 00007f59c8ca2460 R08: 0000000000000000 R09: 0000000000000000
[ 82.089844][ T4994] R10: 00000000000050e9 R11: 0000000000000246 R12: 00007f59c8ca24f0
[ 82.097830][ T4994] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 82.105821][ T4994]
[ 82.109153][ T4994] Kernel Offset: disabled
[ 82.113597][ T4994] Rebooting in 86400 seconds..