./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1150610681 <...> Warning: Permanently added '10.128.0.144' (ECDSA) to the list of known hosts. execve("./syz-executor1150610681", ["./syz-executor1150610681"], 0x7ffc5d663020 /* 10 vars */) = 0 brk(NULL) = 0x555556ceb000 brk(0x555556cebd00) = 0x555556cebd00 arch_prctl(ARCH_SET_FS, 0x555556ceb3c0) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1150610681", 4096) = 28 brk(0x555556d0cd00) = 0x555556d0cd00 brk(0x555556d0d000) = 0x555556d0d000 mprotect(0x7fcb6d0f2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fcb6d043bd0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fcb6d043ec0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fcb6d043bd0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fcb6d043ec0}, NULL, 8) = 0 mkdir("./file0", 0777) = 0 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- pipe2([3, 4], 0) = 0 write(4, "\x15\x00\x00\x00\x65\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 21) = 21 dup(4) = 5 mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,") = -1 EREMOTEIO (Remote I/O error) write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = 24 write(5, "\xb0\x00\x00\x00\x08\x00\x00\x6b\x2e\x7f\xb3\xd8\xc3\xe6\xa4\xfb\xab\x53\xd2\x3f\xd1\x1d\x10\xa4\x70\xfa\x38\x47\xd6\x27\x3c\x54\xc4\x84\x03\x64\x04\x71\x56\xd3\xc3\x66\xb3\x9b\x34\x12\x7a\xdc\x03\x15\x7c\x6b\x1c\x80\xa1\xc9\x68\x94\x76\x38\x2b\xbc\xe1\x8d\x8e\xd0\x22\xa5\x0f\x2c\x26\x2c\xad\xa3\x02\x7d\xda\x95\xe4\x36\xe4\x75\x3a\xea\xfb\xd2\xe5\x45\xd0\x1d\x8b\x5a\x77\x67\x11\x92\x5b\xcc\xb6\xe1"..., 176) = 176 write(5, "\x4c\x01\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 311) = 311 [ 25.133579][ T22] audit: type=1400 audit(1654637589.500:73): avc: denied { execmem } for pid=304 comm="syz-executor115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 25.158220][ T22] audit: type=1400 audit(1654637589.520:74): avc: denied { mounton } for pid=304 comm="syz-executor115" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000004,fscache,") = 0 open("./file0/file0/../file0", O_ACCMODE|O_EXCL|O_NOCTTY|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|O_DIRECTORY) = -1 ENOENT (No such file or directory) [ 25.188145][ T22] audit: type=1400 audit(1654637589.550:75): avc: denied { mount } for pid=304 comm="syz-executor115" name="/" dev="9p" ino=5132127137084480979 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 25.201371][ T304] kasan: CONFIG_KASAN_INLINE enabled [ 25.212382][ T22] audit: type=1400 audit(1654637589.570:76): avc: denied { execute } for pid=304 comm="syz-executor115" dev="9p" ino=5132127137084480979 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.217209][ T304] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 25.239709][ T22] audit: type=1400 audit(1654637589.570:77): avc: denied { write } for pid=304 comm="syz-executor115" dev="9p" ino=5132127137084480979 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.247743][ T304] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 25.276942][ T304] CPU: 1 PID: 304 Comm: syz-executor115 Not tainted 5.4.190-syzkaller-00008-gff81cbffa822 #0 [ 25.287057][ T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.297098][ T304] RIP: 0010:chrdev_open+0x6e/0x5b0 [ 25.302185][ T304] Code: 00 4c 89 f3 48 c1 eb 03 42 80 3c 23 00 74 08 4c 89 f7 e8 95 40 fb ff 4d 8b 2e 4d 85 ed 74 40 49 8d 5d 60 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 73 40 fb ff 48 8b 1b 48 85 db 0f [ 25.321761][ T304] RSP: 0018:ffff8881de767a60 EFLAGS: 00010206 [ 25.327796][ T304] RAX: 000000000000000c RBX: 0000000000000062 RCX: 0000000000000001 [ 25.335738][ T304] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8881de767a24 [ 25.343699][ T304] RBP: ffffffff81916690 R08: dffffc0000000000 R09: ffffed103bcecf45 [ 25.351642][ T304] R10: ffffed103bcecf45 R11: 1ffff1103bcecf44 R12: dffffc0000000000 [ 25.359581][ T304] R13: 0000000000000002 R14: ffff8881e632ed30 R15: ffff8881e632eae8 [ 25.367522][ T304] FS: 0000555556ceb3c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 25.376421][ T304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.382973][ T304] CR2: 000055678e872698 CR3: 00000001e0cd6000 CR4: 00000000003406e0 [ 25.391000][ T304] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.398943][ T304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.406885][ T304] Call Trace: [ 25.410147][ T304] ? cd_forget+0x150/0x150 [ 25.414532][ T304] do_dentry_open+0x7e3/0xef0 [ 25.419181][ T304] path_openat+0x1464/0x3710 [ 25.423752][ T304] ? __kasan_kmalloc+0x131/0x1e0 [ 25.428656][ T304] ? getname_flags+0xb8/0x4e0 [ 25.433306][ T304] do_filp_open+0x19a/0x3a0 [ 25.437779][ T304] do_sys_open+0x2e3/0x700 [ 25.442172][ T304] do_syscall_64+0xcb/0x1c0 [ 25.446657][ T304] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 25.452520][ T304] RIP: 0033:0x7fcb6d085909 [ 25.456905][ T304] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 25.476477][ T304] RSP: 002b:00007ffc6a81f528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 25.484859][ T304] RAX: ffffffffffffffda RBX: 00007ffc6a81f538 RCX: 00007fcb6d085909 [ 25.492816][ T304] RDX: 0000000000000034 RSI: 0000000000080082 RDI: 0000000020000040 [ 25.500763][ T304] RBP: 00007ffc6a81f530 R08: 00007fcb6d043bd0 R09: 00007fcb6d043bd0 [ 25.508701][ T304] R10: 00007fcb6d043bd0 R11: 0000000000000246 R12: 0000000000000000 [ 25.516640][ T304] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.524597][ T304] Modules linked in: [ 25.528583][ T304] ---[ end trace 82f5342df019752f ]--- [ 25.534052][ T304] RIP: 0010:chrdev_open+0x6e/0x5b0 [ 25.539197][ T304] Code: 00 4c 89 f3 48 c1 eb 03 42 80 3c 23 00 74 08 4c 89 f7 e8 95 40 fb ff 4d 8b 2e 4d 85 ed 74 40 49 8d 5d 60 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 73 40 fb ff 48 8b 1b 48 85 db 0f [ 25.558820][ T304] RSP: 0018:ffff8881de767a60 EFLAGS: 00010206 [ 25.564891][ T304] RAX: 000000000000000c RBX: 0000000000000062 RCX: 0000000000000001 [ 25.572874][ T304] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8881de767a24 [ 25.580864][ T304] RBP: ffffffff81916690 R08: dffffc0000000000 R09: ffffed103bcecf45 [ 25.588833][ T304] R10: ffffed103bcecf45 R11: 1ffff1103bcecf44 R12: dffffc0000000000 [ 25.596981][ T304] R13: 0000000000000002 R14: ffff8881e632ed30 R15: ffff8881e632eae8 [ 25.604956][ T304] FS: 0000555556ceb3c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 25.613882][ T304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.620470][ T304] CR2: 000055678e872698 CR3: 00000001e0cd6000 CR4: 00000000003406e0 [ 25.628521][ T304] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.636522][ T304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.644854][ T304] Kernel panic - not syncing: Fatal exception [ 25.651060][ T304] Kernel Offset: disabled [ 25.655370][ T304] Rebooting in 86400 seconds..