./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1956418246
<...>
syzkaller
syzkaller login: [ 43.325185][ T26] kauditd_printk_skb: 42 callbacks suppressed
[ 43.325196][ T26] audit: type=1400 audit(1686418086.684:77): avc: denied { transition } for pid=4840 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 43.354721][ T26] audit: type=1400 audit(1686418086.694:78): avc: denied { noatsecure } for pid=4840 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 43.374347][ T26] audit: type=1400 audit(1686418086.714:79): avc: denied { write } for pid=4840 comm="sh" path="pipe:[29436]" dev="pipefs" ino=29436 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 43.397074][ T26] audit: type=1400 audit(1686418086.714:80): avc: denied { rlimitinh } for pid=4840 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 43.423911][ T26] audit: type=1400 audit(1686418086.714:81): avc: denied { siginh } for pid=4840 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 44.228379][ T26] audit: type=1400 audit(1686418087.584:82): avc: denied { read } for pid=4428 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
Warning: Permanently added '10.128.0.174' (ECDSA) to the list of known hosts.
execve("./syz-executor1956418246", ["./syz-executor1956418246"], 0x7ffc81e83930 /* 10 vars */) = 0
brk(NULL) = 0x555555687000
brk(0x555555687c40) = 0x555555687c40
arch_prctl(ARCH_SET_FS, 0x555555687300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1956418246", 4096) = 28
brk(0x5555556a8c40) = 0x5555556a8c40
brk(0x5555556a9000) = 0x5555556a9000
mprotect(0x7f187380a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
userfaultfd(UFFD_USER_MODE_ONLY|O_CLOEXEC) = 3
ioctl(3, UFFDIO_API, {api=0xaa, features=0 => features=UFFD_FEATURE_PAGEFAULT_FLAG_WP|UFFD_FEATURE_EVENT_FORK|UFFD_FEATURE_EVENT_REMAP|UFFD_FEATURE_EVENT_REMOVE|UFFD_FEATURE_MISSING_HUGETLBFS|UFFD_FEATURE_MISSING_SHMEM|UFFD_FEATURE_EVENT_UNMAP|UFFD_FEATURE_SIGBUS|UFFD_FEATURE_THREAD_ID|UFFD_FEATURE_MINOR_HUGETLBFS|UFFD_FEATURE_MINOR_SHMEM|UFFD_FEATURE_EXACT_ADDRESS, ioctls=1<<_UFFDIO_REGISTER|1<<_UFFDIO_UNREGISTER|1<<_UFFDIO_API}) = 0
[ 58.466844][ T26] audit: type=1400 audit(1686418101.824:83): avc: denied { write } for pid=4988 comm="strace-static-x" path="pipe:[29529]" dev="pipefs" ino=29529 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 58.494924][ T26] audit: type=1400 audit(1686418101.854:84): avc: denied { execmem } for pid=4991 comm="syz-executor195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 58.499830][ T4991] ------------[ cut here ]------------
[ 58.514738][ T26] audit: type=1400 audit(1686418101.854:85): avc: denied { create } for pid=4991 comm="syz-executor195" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 58.520220][ T4991] WARNING: CPU: 0 PID: 4991 at mm/mmap.c:965 vma_merge+0x334/0x2070
[ 58.543026][ T26] audit: type=1400 audit(1686418101.854:86): avc: denied { ioctl } for pid=4991 comm="syz-executor195" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=29531 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 58.550126][ T4991] Modules linked in:
[ 58.550143][ T4991] CPU: 0 PID: 4991 Comm: syz-executor195 Not tainted 6.4.0-rc5-syzkaller-00245-g64569520920a #0
[ 58.590719][ T4991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 58.600946][ T4991] RIP: 0010:vma_merge+0x334/0x2070
[ 58.606222][ T4991] Code: 80 3c 02 00 0f 85 26 18 00 00 48 8b 04 24 4c 89 f6 4c 8b 38 4c 89 ff e8 7a b7 bf ff 4d 39 f7 0f 84 fa 0a 00 00 e8 ac bb bf ff <0f> 0b e8 a5 bb bf ff 48 89 de 4c 89 f7 e8 5a b7 bf ff 49 39 de 0f
[ 58.626066][ T4991] RSP: 0018:ffffc90003327b20 EFLAGS: 00010293
[ 58.632146][ T4991] RAX: 0000000000000000 RBX: 0000000020ce2000 RCX: 0000000000000000
[ 58.640151][ T4991] RDX: ffff888018ec0180 RSI: ffffffff81c3ac04 RDI: 0000000000000006
[ 58.648162][ T4991] RBP: ffff888073e46e00 R08: 0000000000000006 R09: 0000000020000000
[ 58.656548][ T4991] R10: 00000000200e2000 R11: 0000000000000001 R12: 0000000000000000
[ 58.657631][ T26] audit: type=1400 audit(1686418102.014:87): avc: denied { append } for pid=4428 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 58.664554][ T4991] R13: 0000000000000000 R14: 00000000200e2000 R15: 0000000020000000
[ 58.664573][ T4991] FS: 0000555555687300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 58.691596][ T26] audit: type=1400 audit(1686418102.014:88): avc: denied { open } for pid=4428 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 58.699215][ T4991] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 58.699239][ T4991] CR2: 00007f4dbe1f1b10 CR3: 0000000021f1b000 CR4: 00000000003506f0
[ 58.708824][ T26] audit: type=1400 audit(1686418102.014:89): avc: denied { getattr } for pid=4428 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 58.730561][ T4991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 58.730582][ T4991] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 58.730597][ T4991] Call Trace:
[ 58.730606][ T4991]
[ 58.730615][ T4991] ? __warn+0xe6/0x390
[ 58.794198][ T4991] ? vma_merge+0x334/0x2070
[ 58.798692][ T4991] ? report_bug+0x2da/0x500
[ 58.803198][ T4991] ? handle_bug+0x3c/0x70
[ 58.807562][ T4991] ? exc_invalid_op+0x18/0x50
[ 58.812225][ T4991] ? asm_exc_invalid_op+0x1a/0x20
[ 58.817312][ T4991] ? vma_merge+0x334/0x2070
[ 58.821826][ T4991] ? vma_merge+0x334/0x2070
[ 58.826357][ T4991] ? vma_shrink+0x5c0/0x5c0
[ 58.830872][ T4991] userfaultfd_ioctl+0x3a78/0x43e0
[ 58.836043][ T4991] ? userfaultfd_release+0x7b0/0x7b0
[ 58.841442][ T4991] ? vfs_fileattr_set+0xc40/0xc40
[ 58.846500][ T4991] ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[ 58.853103][ T4991] ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[ 58.859635][ T4991] ? selinux_bprm_creds_for_exec+0xb20/0xb20
[ 58.865649][ T4991] ? find_held_lock+0x2d/0x110
[ 58.870413][ T4991] ? do_one_initcall+0x170/0x540
[ 58.875378][ T4991] ? lock_downgrade+0x690/0x690
[ 58.880245][ T4991] ? selinux_file_ioctl+0xba/0x280
[ 58.885386][ T4991] ? userfaultfd_release+0x7b0/0x7b0
[ 58.890683][ T4991] __x64_sys_ioctl+0x197/0x210
[ 58.895486][ T4991] do_syscall_64+0x39/0xb0
[ 58.899913][ T4991] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.905848][ T4991] RIP: 0033:0x7f187379db49
[ 58.910273][ T4991] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.929942][ T4991] RSP: 002b:00007fffe11bde58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 58.938399][ T4991] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f187379db49
[ 58.946421][ T4991] RDX: 0000000020000000 RSI: 00000000c020aa00 RDI: 0000000000000003
[ 58.954449][ T4991] RBP: 00007f1873761cf0 R08: 0000000000000000 R09: 0000000000000000
[ 58.962439][ T4991] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1873761d80
[ 58.970457][ T4991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 58.978504][ T4991]
[ 58.981542][ T4991] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 58.988813][ T4991] CPU: 0 PID: 4991 Comm: syz-executor195 Not tainted 6.4.0-rc5-syzkaller-00245-g64569520920a #0
[ 58.999227][ T4991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 59.009267][ T4991] Call Trace:
[ 59.012534][ T4991]
[ 59.015470][ T4991] dump_stack_lvl+0xd9/0x150
[ 59.020049][ T4991] panic+0x686/0x730
[ 59.023937][ T4991] ? panic_smp_self_stop+0xa0/0xa0
[ 59.029037][ T4991] ? show_trace_log_lvl+0x284/0x390
[ 59.034244][ T4991] ? vma_merge+0x334/0x2070
[ 59.038732][ T4991] check_panic_on_warn+0xb1/0xc0
[ 59.043658][ T4991] __warn+0xf2/0x390
[ 59.047546][ T4991] ? vma_merge+0x334/0x2070
[ 59.052038][ T4991] report_bug+0x2da/0x500
[ 59.056389][ T4991] handle_bug+0x3c/0x70
[ 59.060532][ T4991] exc_invalid_op+0x18/0x50
[ 59.065072][ T4991] asm_exc_invalid_op+0x1a/0x20
[ 59.069937][ T4991] RIP: 0010:vma_merge+0x334/0x2070
[ 59.075052][ T4991] Code: 80 3c 02 00 0f 85 26 18 00 00 48 8b 04 24 4c 89 f6 4c 8b 38 4c 89 ff e8 7a b7 bf ff 4d 39 f7 0f 84 fa 0a 00 00 e8 ac bb bf ff <0f> 0b e8 a5 bb bf ff 48 89 de 4c 89 f7 e8 5a b7 bf ff 49 39 de 0f
[ 59.094663][ T4991] RSP: 0018:ffffc90003327b20 EFLAGS: 00010293
[ 59.100733][ T4991] RAX: 0000000000000000 RBX: 0000000020ce2000 RCX: 0000000000000000
[ 59.108712][ T4991] RDX: ffff888018ec0180 RSI: ffffffff81c3ac04 RDI: 0000000000000006
[ 59.116687][ T4991] RBP: ffff888073e46e00 R08: 0000000000000006 R09: 0000000020000000
[ 59.124664][ T4991] R10: 00000000200e2000 R11: 0000000000000001 R12: 0000000000000000
[ 59.132636][ T4991] R13: 0000000000000000 R14: 00000000200e2000 R15: 0000000020000000
[ 59.140608][ T4991] ? vma_merge+0x334/0x2070
[ 59.145119][ T4991] ? vma_shrink+0x5c0/0x5c0
[ 59.149624][ T4991] userfaultfd_ioctl+0x3a78/0x43e0
[ 59.154743][ T4991] ? userfaultfd_release+0x7b0/0x7b0
[ 59.160129][ T4991] ? vfs_fileattr_set+0xc40/0xc40
[ 59.165155][ T4991] ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[ 59.171663][ T4991] ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[ 59.178171][ T4991] ? selinux_bprm_creds_for_exec+0xb20/0xb20
[ 59.184245][ T4991] ? find_held_lock+0x2d/0x110
[ 59.189013][ T4991] ? do_one_initcall+0x170/0x540
[ 59.193959][ T4991] ? lock_downgrade+0x690/0x690
[ 59.198818][ T4991] ? selinux_file_ioctl+0xba/0x280
[ 59.203929][ T4991] ? userfaultfd_release+0x7b0/0x7b0
[ 59.209224][ T4991] __x64_sys_ioctl+0x197/0x210
[ 59.213994][ T4991] do_syscall_64+0x39/0xb0
[ 59.218411][ T4991] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.224327][ T4991] RIP: 0033:0x7f187379db49
[ 59.228741][ T4991] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.248359][ T4991] RSP: 002b:00007fffe11bde58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 59.256780][ T4991] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f187379db49
[ 59.264769][ T4991] RDX: 0000000020000000 RSI: 00000000c020aa00 RDI: 0000000000000003
[ 59.272739][ T4991] RBP: 00007f1873761cf0 R08: 0000000000000000 R09: 0000000000000000
[ 59.280713][ T4991] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1873761d80
[ 59.288947][ T4991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 59.296919][ T4991]
[ 59.299988][ T4991] Kernel Offset: disabled
[ 59.304468][ T4991] Rebooting in 86400 seconds..