./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3599742280 <...> Warning: Permanently added '10.128.1.19' (ECDSA) to the list of known hosts. execve("./syz-executor3599742280", ["./syz-executor3599742280"], 0x7ffefc573150 /* 10 vars */) = 0 brk(NULL) = 0x555556b1f000 brk(0x555556b1fc40) = 0x555556b1fc40 arch_prctl(ARCH_SET_FS, 0x555556b1f300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556b1f5d0) = 304 set_robust_list(0x555556b1f5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f2e481b9350, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f2e481b9a20}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f2e481b93f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2e481b9a20}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3599742280", 4096) = 28 brk(0x555556b40c40) = 0x555556b40c40 brk(0x555556b41000) = 0x555556b41000 mprotect(0x7f2e4827b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f2e482814cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e48189000 mprotect(0x7f2e4818a000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7f2e481a93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[305], tls=0x7f2e481a9700, child_tidptr=0x7f2e481a99d0) = 305 futex(0x7f2e482814c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 futex(0x7f2e482814cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x7f2e481a99e0, 24) = 0 [pid 305] mkdir("./file0", 000) = 0 [pid 305] futex(0x7f2e482814cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7f2e482814c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f2e482814cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000) = 3 [pid 305] futex(0x7f2e482814cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7f2e482814c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f2e482814cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000002000040000,user_id=00000000000000000000,group_id=0000000"...) = 0 [pid 305] futex(0x7f2e482814cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7f2e482814c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f2e482814cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] read(3, "\x38\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x83", 8224) = 56 [pid 305] futex(0x7f2e482814cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7f2e482814c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f2e482814cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x26\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80) = 80 [pid 305] futex(0x7f2e482814cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7f2e482814c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f2e482814cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [ 22.603344][ T22] audit: type=1400 audit(1671984682.230:73): avc: denied { execmem } for pid=304 comm="syz-executor359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.622871][ T22] audit: type=1400 audit(1671984682.230:74): avc: denied { read write } for pid=304 comm="syz-executor359" name="fuse" dev="devtmpfs" ino=9244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [pid 305] read(3, [pid 304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 304] futex(0x7f2e482814cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 304] futex(0x7f2e482814dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e48168000 [pid 304] mprotect(0x7f2e48169000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 304] clone(child_stack=0x7f2e481883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[307], tls=0x7f2e48188700, child_tidptr=0x7f2e481889d0) = 307 [pid 304] futex(0x7f2e482814d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f2e482814dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x7f2e481889e0, 24) = 0 [pid 307] openat(AT_FDCWD, "./file0/file0", O_RDONLY [pid 305] <... read resumed>"\x2e\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x33\x01\x00\x00\x00\x00\x00\x00\x66\x69\x6c\x65\x30\x00", 8192) = 46 [pid 305] write(3, "\x90\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 305] futex(0x7f2e482814cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.646662][ T22] audit: type=1400 audit(1671984682.230:75): avc: denied { open } for pid=304 comm="syz-executor359" path="/dev/fuse" dev="devtmpfs" ino=9244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 22.670618][ T22] audit: type=1400 audit(1671984682.230:76): avc: denied { mounton } for pid=304 comm="syz-executor359" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 305] futex(0x7f2e482814c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 304] futex(0x7f2e482814c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 305] <... futex resumed>) = 0 [pid 304] futex(0x7f2e482814cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] read(3, "\x28\x00\x00\x00\xe0\x07\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x33\x01\x00\x00\x00\x00\x00\x00", 8224) = 40 [pid 305] futex(0x7f2e482814cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 305] <... futex resumed>) = 1 [pid 304] futex(0x7f2e482814c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] futex(0x7f2e482814c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] <... futex resumed>) = 0 [pid 305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 22.693491][ T22] audit: type=1400 audit(1671984682.240:77): avc: denied { mount } for pid=304 comm="syz-executor359" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 22.715739][ T22] audit: type=1400 audit(1671984682.290:78): avc: denied { read } for pid=304 comm="syz-executor359" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 22.720483][ T305] BUG: unable to handle page fault for address: ffffed105b9865ff [pid 304] futex(0x7f2e482814cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 22.738106][ T22] audit: type=1400 audit(1671984682.290:79): avc: denied { open } for pid=304 comm="syz-executor359" path="/root/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 22.745564][ T305] #PF: supervisor read access in kernel mode [ 22.745569][ T305] #PF: error_code(0x0000) - not-present page [ 22.745572][ T305] PGD 23fff3067 P4D 23fff3067 PUD 23fff1067 PMD 0 [ 22.745587][ T305] Oops: 0000 [#1] PREEMPT SMP KASAN [ 22.745601][ T305] CPU: 1 PID: 305 Comm: syz-executor359 Not tainted 5.4.219-syzkaller-00012-ga8aad8851131 #0 [ 22.802358][ T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 22.812400][ T305] RIP: 0010:fuse_dev_do_write+0x285b/0x4ed0 [ 22.818256][ T305] Code: 7c 24 50 49 83 c4 48 4c 89 e0 48 c1 e8 03 8a 04 18 84 c0 0f 85 e3 21 00 00 45 8b 24 24 41 ff cc 4d 01 fc 4c 89 e0 48 c1 e8 03 <8a> 04 18 84 c0 0f 85 e5 21 00 00 41 c6 04 24 00 41 80 7c 1d 00 00 [ 22.837826][ T305] RSP: 0018:ffff8881dd3d77e0 EFLAGS: 00010a07 [ 22.843862][ T305] RAX: 1ffff1105b9865ff RBX: dffffc0000000000 RCX: ffff8881dd0a2f40 [ 22.851803][ T305] RDX: 0000000000000000 RSI: 00000000000007e0 RDI: ffff8881dcc9fd50 [ 22.859741][ T305] RBP: ffff8881dd3d7b30 R08: ffffffff81dc56ba R09: fffff94000fb083f [ 22.867679][ T305] R10: fffff94000fb083f R11: 1ffffd4000fb083e R12: ffff8882dcc32fff [ 22.875618][ T305] R13: 1ffff1103c486aba R14: ffff8881e24355d0 R15: ffff8881dcc33000 [ 22.883560][ T305] FS: 00007f2e481a9700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 22.892462][ T305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.899017][ T305] CR2: ffffed105b9865ff CR3: 00000001dd343000 CR4: 00000000003406e0 [ 22.906957][ T305] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.914899][ T305] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.922836][ T305] Call Trace: [ 22.926098][ T305] ? ttwu_do_wakeup+0x16f/0x480 [ 22.930916][ T305] ? check_preemption_disabled+0x9e/0x330 [ 22.936600][ T305] ? try_to_wake_up+0xa2f/0x1190 [ 22.941504][ T305] ? debug_smp_processor_id+0x20/0x20 [ 22.946847][ T305] ? put_page+0xa0/0xa0 [ 22.950972][ T305] ? check_preemption_disabled+0x9e/0x330 [ 22.956658][ T305] ? debug_smp_processor_id+0x20/0x20 [ 22.961997][ T305] ? rcu_preempt_deferred_qs+0xa3/0x2a0 [ 22.967508][ T305] ? check_preemption_disabled+0x9e/0x330 [ 22.973196][ T305] ? rcu_softirq_qs+0x90/0x90 [ 22.977839][ T305] ? debug_smp_processor_id+0x20/0x20 [ 22.983184][ T305] ? cpuacct_charge+0xe5/0x160 [ 22.987921][ T305] ? check_preemption_disabled+0x9e/0x330 [ 22.993608][ T305] ? check_preemption_disabled+0x9e/0x330 [ 22.999297][ T305] ? debug_smp_processor_id+0x20/0x20 [ 23.004634][ T305] ? switch_mm_irqs_off+0x338/0x960 [ 23.009798][ T305] ? debug_smp_processor_id+0x20/0x20 [ 23.015133][ T305] ? switch_mm+0x100/0x100 [ 23.019515][ T305] ? _raw_spin_unlock_irq+0x4a/0x60 [ 23.024681][ T305] ? finish_task_switch+0x130/0x560 [ 23.029844][ T305] fuse_dev_write+0x15a/0x1e0 [ 23.034488][ T305] ? fuse_dev_read+0x220/0x220 [ 23.039219][ T305] ? cgroup_update_frozen+0x139/0x360 [ 23.044557][ T305] ? cgroup_leave_frozen+0x13b/0x290 [ 23.049807][ T305] ? iov_iter_init+0x83/0x160 [ 23.054451][ T305] __vfs_write+0x5e3/0x780 [ 23.058836][ T305] ? __kernel_write+0x340/0x340 [ 23.063653][ T305] ? selinux_file_permission+0x2c2/0x530 [ 23.069252][ T305] ? security_file_permission+0x140/0x330 [ 23.074951][ T305] vfs_write+0x210/0x4f0 [ 23.079182][ T305] ksys_write+0x198/0x2c0 [ 23.083491][ T305] ? do_syscall_64+0x1c0/0x1c0 [ 23.088224][ T305] ? __ia32_sys_read+0x80/0x80 [ 23.092956][ T305] do_syscall_64+0xcb/0x1c0 [ 23.097428][ T305] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 23.103284][ T305] Modules linked in: [ 23.107169][ T305] CR2: ffffed105b9865ff [ 23.111288][ T305] ---[ end trace 81fa6a46b75af09a ]--- [ 23.116715][ T305] RIP: 0010:fuse_dev_do_write+0x285b/0x4ed0 [ 23.122574][ T305] Code: 7c 24 50 49 83 c4 48 4c 89 e0 48 c1 e8 03 8a 04 18 84 c0 0f 85 e3 21 00 00 45 8b 24 24 41 ff cc 4d 01 fc 4c 89 e0 48 c1 e8 03 <8a> 04 18 84 c0 0f 85 e5 21 00 00 41 c6 04 24 00 41 80 7c 1d 00 00 [ 23.142147][ T305] RSP: 0018:ffff8881dd3d77e0 EFLAGS: 00010a07 [ 23.148179][ T305] RAX: 1ffff1105b9865ff RBX: dffffc0000000000 RCX: ffff8881dd0a2f40 [ 23.156119][ T305] RDX: 0000000000000000 RSI: 00000000000007e0 RDI: ffff8881dcc9fd50 [ 23.164056][ T305] RBP: ffff8881dd3d7b30 R08: ffffffff81dc56ba R09: fffff94000fb083f [ 23.171992][ T305] R10: fffff94000fb083f R11: 1ffffd4000fb083e R12: ffff8882dcc32fff [ 23.179932][ T305] R13: 1ffff1103c486aba R14: ffff8881e24355d0 R15: ffff8881dcc33000 [ 23.187873][ T305] FS: 00007f2e481a9700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 23.196766][ T305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.203327][ T305] CR2: ffffed105b9865ff CR3: 00000001dd343000 CR4: 00000000003406e0 [ 23.211293][ T305] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.219241][ T305] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.227186][ T305] Kernel panic - not syncing: Fatal exception [ 23.233397][ T305] Kernel Offset: disabled [ 23.237694][ T305] Rebooting in 86400 seconds..