./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1979316697 <...> Warning: Permanently added '10.128.1.10' (ED25519) to the list of known hosts. execve("./syz-executor1979316697", ["./syz-executor1979316697"], 0x7fff286abea0 /* 10 vars */) = 0 brk(NULL) = 0x555581a52000 brk(0x555581a52d00) = 0x555581a52d00 arch_prctl(ARCH_SET_FS, 0x555581a52380) = 0 set_tid_address(0x555581a52650) = 5815 set_robust_list(0x555581a52660, 24) = 0 rseq(0x555581a52ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1979316697", 4096) = 28 getrandom("\x94\x1d\x4c\xa8\x6f\x85\x46\xa7", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555581a52d00 brk(0x555581a73d00) = 0x555581a73d00 brk(0x555581a74000) = 0x555581a74000 mprotect(0x7fe9448e8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581a52650) = 5816 ./strace-static-x86_64: Process 5816 attached [pid 5816] set_robust_list(0x555581a52660, 24) = 0 [pid 5816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5816] setpgid(0, 0) = 0 [pid 5816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5816] write(3, "1000", 4) = 4 [pid 5816] close(3) = 0 [pid 5816] write(1, "executing program\n", 18executing program ) = 18 [pid 5816] creat("./file0", 000) = 3 [pid 5816] pipe2([4, 5], 0) = 0 [pid 5816] write(5, "\x15\x00\x00\x00\x65\xff\xff\x04\x80\x00\x00\x08\x00\x39\x50\x32\x30\x30\x30\x00\x00", 21) = 21 [pid 5816] dup(5) = 6 [pid 5816] write(6, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = 24 [ 59.807884][ T29] audit: type=1400 audit(1734995080.429:88): avc: denied { execmem } for pid=5815 comm="syz-executor197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 5816] write(6, "\x4c\x01\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 311) = 311 [pid 5816] mount(NULL, "./file0", "9p", MS_NOATIME|MS_POSIXACL, "trans=fd,rfdno=0x0000000000000004,wfdno=0x0000000000000006") = 0 [pid 5816] chmod("./file0", 000) = 0 [ 59.868874][ T29] audit: type=1400 audit(1734995080.489:89): avc: denied { mounton } for pid=5816 comm="syz-executor197" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=file permissive=1 [ 59.893147][ T29] audit: type=1400 audit(1734995080.489:90): avc: denied { mount } for pid=5816 comm="syz-executor197" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [pid 5816] open("./file0", O_WRONLY) = 7 [pid 5816] openat(AT_FDCWD, "blkio.bfq.io_wait_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 8 [pid 5816] ftruncate(8, 33554441) = 0 [pid 5816] sendfile(7, 8, NULL, 2147479552) = 1 [pid 5816] utimes(NULL, NULL) = -1 EFAULT (Bad address) [pid 5816] exit_group(0) = ? [pid 5816] +++ exited with 0 +++ [ 59.915791][ T29] audit: type=1400 audit(1734995080.519:91): avc: denied { setattr } for pid=5816 comm="syz-executor197" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 59.939595][ T29] audit: type=1400 audit(1734995080.519:92): avc: denied { write } for pid=5816 comm="syz-executor197" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5816, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5818 attached , child_tidptr=0x555581a52650) = 5818 [pid 5818] set_robust_list(0x555581a52660, 24) = 0 [pid 5818] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5818] setpgid(0, 0) = 0 [pid 5818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5818] write(3, "1000", 4) = 4 [pid 5818] close(3) = 0 executing program [pid 5818] write(1, "executing program\n", 18) = 18 [pid 5818] creat("./file0", 000) = -1 EIO (Input/output error) [pid 5818] pipe2([3, 4], 0) = 0 [pid 5818] write(4, "\x15\x00\x00\x00\x65\xff\xff\x04\x80\x00\x00\x08\x00\x39\x50\x32\x30\x30\x30\x00\x00", 21) = 21 [pid 5818] dup(4) = 5 [ 59.960616][ T29] audit: type=1400 audit(1734995080.519:93): avc: denied { open } for pid=5816 comm="syz-executor197" path="/root/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [pid 5818] write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = 24 [pid 5818] write(5, "\x4c\x01\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 311) = 311 [pid 5818] mount(NULL, "./file0", "9p", MS_NOATIME|MS_POSIXACL, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005") = 0 [pid 5818] chmod("./file0", 000) = 0 [pid 5818] open("./file0", O_WRONLY) = 6 [ 60.041119][ T29] audit: type=1400 audit(1734995080.669:94): avc: denied { mounton } for pid=5818 comm="syz-executor197" path="/root/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [pid 5818] openat(AT_FDCWD, "blkio.bfq.io_wait_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5818] ftruncate(7, 33554441) = 0 [ 60.332311][ T5818] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 60.345057][ T5818] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 60.353440][ T5818] CPU: 1 UID: 0 PID: 5818 Comm: syz-executor197 Not tainted 6.13.0-rc4-syzkaller #0 [ 60.362775][ T5818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 60.372800][ T5818] RIP: 0010:iter_file_splice_write+0xa2d/0x10b0 [ 60.379038][ T5818] Code: 00 48 89 fa 48 c1 ea 03 80 3c 1a 00 0f 85 b1 04 00 00 4d 8b 65 10 49 c7 45 10 00 00 00 00 49 8d 7c 24 08 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 0f 85 1a 05 00 00 49 8b 54 24 08 4c 89 ee 4c 89 ff 83 [ 60.399137][ T5818] RSP: 0018:ffffc9000449f938 EFLAGS: 00010202 [ 60.405174][ T5818] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff821e9ad1 [ 60.413127][ T5818] RDX: 0000000000000001 RSI: ffffffff821e9995 RDI: 0000000000000008 [ 60.421069][ T5818] RBP: 0000000000000010 R08: 0000000000000006 R09: 0000000000000000 [ 60.429013][ T5818] R10: 7ffffffffffeffff R11: 0000000000000002 R12: 0000000000000000 [ 60.436956][ T5818] R13: ffff888030203800 R14: 7ffffffffffeffff R15: ffff888078c2d800 [ 60.444898][ T5818] FS: 0000555581a52380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 60.453801][ T5818] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.460357][ T5818] CR2: 00007fe9448a7e00 CR3: 0000000031220000 CR4: 00000000003526f0 [ 60.468301][ T5818] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.476252][ T5818] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.484194][ T5818] Call Trace: [ 60.487457][ T5818] [ 60.490360][ T5818] ? die_addr+0x3b/0xa0 [ 60.494490][ T5818] ? exc_general_protection+0x155/0x230 [ 60.500020][ T5818] ? asm_exc_general_protection+0x26/0x30 [ 60.505717][ T5818] ? iter_file_splice_write+0xb31/0x10b0 [ 60.511329][ T5818] ? iter_file_splice_write+0x9f5/0x10b0 [ 60.516930][ T5818] ? iter_file_splice_write+0xa2d/0x10b0 [ 60.522532][ T5818] ? iter_file_splice_write+0x9f5/0x10b0 [ 60.528136][ T5818] ? __pfx_iter_file_splice_write+0x10/0x10 [ 60.534009][ T5818] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 60.539614][ T5818] ? splice_direct_to_actor+0x346/0xa40 [ 60.545147][ T5818] ? __pfx_iter_file_splice_write+0x10/0x10 [ 60.551011][ T5818] direct_splice_actor+0x18f/0x6c0 [ 60.556091][ T5818] splice_direct_to_actor+0x346/0xa40 [ 60.562047][ T5818] ? __pfx_direct_splice_actor+0x10/0x10 [ 60.567651][ T5818] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 60.573521][ T5818] ? __pfx___might_resched+0x10/0x10 [ 60.578787][ T5818] do_splice_direct+0x178/0x250 [ 60.583613][ T5818] ? __pfx_do_splice_direct+0x10/0x10 [ 60.588963][ T5818] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 60.594829][ T5818] do_sendfile+0xaed/0xe30 [ 60.599231][ T5818] ? __pfx_do_sendfile+0x10/0x10 [ 60.604137][ T5818] ? __pfx_lock_release+0x10/0x10 [ 60.609132][ T5818] __x64_sys_sendfile64+0x1da/0x220 [ 60.614302][ T5818] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 60.619993][ T5818] ? _raw_spin_unlock_irq+0x2e/0x50 [ 60.625163][ T5818] ? ptrace_notify+0xf1/0x130 [ 60.629812][ T5818] do_syscall_64+0xcd/0x250 [ 60.634289][ T5818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.640156][ T5818] RIP: 0033:0x7fe944874ef9 [ 60.644541][ T5818] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.664118][ T5818] RSP: 002b:00007ffe63291668 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 60.672507][ T5818] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fe944874ef9 [ 60.680450][ T5818] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 60.688404][ T5818] RBP: 00007fe9448be04e R08: 0000000000000006 R09: 0000000000000006 [ 60.696344][ T5818] R10: 000000007ffff000 R11: 0000000000000246 R12: 00007ffe6329167c [ 60.704287][ T5818] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 60.712231][ T5818] [ 60.715232][ T5818] Modules linked in: [ 60.719183][ T5818] ---[ end trace 0000000000000000 ]--- [ 60.724847][ T5818] RIP: 0010:iter_file_splice_write+0xa2d/0x10b0 [ 60.731126][ T5818] Code: 00 48 89 fa 48 c1 ea 03 80 3c 1a 00 0f 85 b1 04 00 00 4d 8b 65 10 49 c7 45 10 00 00 00 00 49 8d 7c 24 08 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 0f 85 1a 05 00 00 49 8b 54 24 08 4c 89 ee 4c 89 ff 83 [ 60.750802][ T5818] RSP: 0018:ffffc9000449f938 EFLAGS: 00010202 [ 60.756860][ T5818] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff821e9ad1 [ 60.764835][ T5818] RDX: 0000000000000001 RSI: ffffffff821e9995 RDI: 0000000000000008 [ 60.772808][ T5818] RBP: 0000000000000010 R08: 0000000000000006 R09: 0000000000000000 [ 60.780773][ T5818] R10: 7ffffffffffeffff R11: 0000000000000002 R12: 0000000000000000 [ 60.788731][ T5818] R13: ffff888030203800 R14: 7ffffffffffeffff R15: ffff888078c2d800 [ 60.796703][ T5818] FS: 0000555581a52380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 60.805634][ T5818] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.812234][ T5818] CR2: 0000555f1942e058 CR3: 0000000031220000 CR4: 00000000003526f0 [ 60.820215][ T5818] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.828166][ T5818] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.836152][ T5818] Kernel panic - not syncing: Fatal exception [ 60.842383][ T5818] Kernel Offset: disabled [ 60.846678][ T5818] Rebooting in 86400 seconds..