./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2923044569
<...>
syzkaller
syzkaller login: [ 41.983953][ T26] kauditd_printk_skb: 42 callbacks suppressed
[ 41.983969][ T26] audit: type=1400 audit(1686912575.267:77): avc: denied { transition } for pid=4833 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 42.012529][ T26] audit: type=1400 audit(1686912575.267:78): avc: denied { noatsecure } for pid=4833 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 42.034969][ T26] audit: type=1400 audit(1686912575.317:79): avc: denied { write } for pid=4833 comm="sh" path="pipe:[29216]" dev="pipefs" ino=29216 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 42.060136][ T26] audit: type=1400 audit(1686912575.317:80): avc: denied { rlimitinh } for pid=4833 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 42.079876][ T26] audit: type=1400 audit(1686912575.317:81): avc: denied { siginh } for pid=4833 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 43.054774][ T26] audit: type=1400 audit(1686912576.337:82): avc: denied { read } for pid=4428 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
Warning: Permanently added '10.128.1.164' (ECDSA) to the list of known hosts.
execve("./syz-executor2923044569", ["./syz-executor2923044569"], 0x7ffde8c66c30 /* 10 vars */) = 0
brk(NULL) = 0x555556c05000
brk(0x555556c05c40) = 0x555556c05c40
arch_prctl(ARCH_SET_FS, 0x555556c05300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2923044569", 4096) = 28
brk(0x555556c26c40) = 0x555556c26c40
brk(0x555556c27000) = 0x555556c27000
mprotect(0x7f848de85000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
[ 57.859587][ T26] audit: type=1400 audit(1686912591.137:83): avc: denied { write } for pid=4987 comm="strace-static-x" path="pipe:[30115]" dev="pipefs" ino=30115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 57.884160][ T26] audit: type=1400 audit(1686912591.167:84): avc: denied { execmem } for pid=4990 comm="syz-executor292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84859c7000
[ 57.886100][ T4990] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4990 'syz-executor292'
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
munmap(0x7f84859c7000, 16777216) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 58.053145][ T26] audit: type=1400 audit(1686912591.337:85): avc: denied { read write } for pid=4990 comm="syz-executor292" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 58.057946][ T4990] loop0: detected capacity change from 0 to 32768
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
[ 58.077935][ T26] audit: type=1400 audit(1686912591.337:86): avc: denied { open } for pid=4990 comm="syz-executor292" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 58.108370][ T26] audit: type=1400 audit(1686912591.337:87): avc: denied { ioctl } for pid=4990 comm="syz-executor292" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 58.117437][ T4990] BTRFS: device fsid 5ac8a51e-da3a-4998-8e66-e1df06b87bc8 devid 1 transid 8 /dev/loop0 scanned by syz-executor292 (4990)
[ 58.134891][ T26] audit: type=1400 audit(1686912591.397:88): avc: denied { mounton } for pid=4990 comm="syz-executor292" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 58.175762][ T4990] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 58.185199][ T4990] BTRFS info (device loop0): using free space tree
mount("/dev/loop0", "./file0", "btrfs", 0, "noflushoncommit,rescan_uuid_tree,noacl,noautodefrag,datacow,") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
ioctl(3, BTRFS_IOC_SUBVOL_SETFLAGS, BTRFS_SUBVOL_RDONLY) = 0
[ 58.204481][ T4990] BTRFS info (device loop0): enabling ssd optimizations
[ 58.211545][ T4990] BTRFS info (device loop0): auto enabling async discard
[ 58.221278][ T4990] BTRFS info (device loop0): checking UUID tree
[ 58.231038][ T26] audit: type=1400 audit(1686912591.507:89): avc: denied { mount } for pid=4990 comm="syz-executor292" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 58.266462][ T4990] ------------[ cut here ]------------
[ 58.272039][ T4990] WARNING: CPU: 1 PID: 4990 at fs/read_write.c:504 __kernel_write_iter+0x5f9/0x7a0
[ 58.281404][ T4990] Modules linked in:
[ 58.285319][ T4990] CPU: 1 PID: 4990 Comm: syz-executor292 Not tainted 6.4.0-rc6-syzkaller-00049-g62d8779610bb #0
[ 58.295843][ T4990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 58.306005][ T4990] RIP: 0010:__kernel_write_iter+0x5f9/0x7a0
[ 58.311983][ T4990] Code: 05 00 00 4c 89 e2 48 c7 c6 40 96 5b 8a 48 c7 c7 e0 95 5b 8a e8 98 38 83 ff 49 c7 c6 ea ff ff ff e9 c0 fe ff ff e8 d7 54 9f ff <0f> 0b 49 c7 c6 f7 ff ff ff e9 ad fe ff ff e8 c4 54 9f ff 4c 89 ea
[ 58.331693][ T4990] RSP: 0018:ffffc9000339f6c0 EFLAGS: 00010293
[ 58.337799][ T4990] RAX: 0000000000000000 RBX: 00000000000a801d RCX: 0000000000000000
[ 58.346822][ T4990] RDX: ffff88807d69a000 RSI: ffffffff81e412d9 RDI: 0000000000000005
[ 58.354897][ T4990] RBP: 1ffff92000673eda R08: 0000000000000005 R09: 0000000000000000
[ 58.362978][ T4990] R10: 0000000000000000 R11: 0000000000000005 R12: ffff888019be7280
[ 58.371032][ T4990] R13: ffff888019be72fc R14: 0000000000000000 R15: ffff88801776b808
[ 58.379035][ T4990] FS: 0000555556c05300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 58.388076][ T4990] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 58.394755][ T4990] CR2: 00007ffde8c64ec0 CR3: 0000000029c48000 CR4: 00000000003506e0
[ 58.402810][ T4990] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 58.410804][ T4990] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 58.418898][ T4990] Call Trace:
[ 58.422228][ T4990]
[ 58.425190][ T4990] ? __warn+0xe6/0x390
[ 58.429296][ T4990] ? __kernel_write_iter+0x5f9/0x7a0
[ 58.434704][ T4990] ? report_bug+0x2da/0x500
[ 58.439353][ T4990] ? handle_bug+0x3c/0x70
[ 58.443808][ T4990] ? exc_invalid_op+0x18/0x50
[ 58.448513][ T4990] ? asm_exc_invalid_op+0x1a/0x20
[ 58.453655][ T4990] ? __kernel_write_iter+0x5f9/0x7a0
[ 58.458988][ T4990] ? __kernel_write_iter+0x5f9/0x7a0
[ 58.464429][ T4990] ? vfs_read+0x8a0/0x8a0
[ 58.468786][ T4990] ? avc_policy_seqno+0x9/0x10
[ 58.473629][ T4990] ? selinux_file_permission+0x96/0x520
[ 58.479204][ T4990] ? security_file_permission+0xaf/0xd0
[ 58.484789][ T4990] kernel_write+0x1c1/0x670
[ 58.489303][ T4990] ? btrfs_destroy_cachep+0x30/0x30
[ 58.494553][ T4990] ? __kernel_write+0x110/0x110
[ 58.499416][ T4990] btrfs_ioctl_send+0x2317/0x67b0
[ 58.504497][ T4990] ? changed_cb+0x3530/0x3530
[ 58.509234][ T4990] ? __might_fault+0xe2/0x190
[ 58.513978][ T4990] ? lock_downgrade+0x690/0x690
[ 58.518945][ T4990] ? _copy_from_user+0x5c/0xf0
[ 58.523790][ T4990] _btrfs_ioctl_send+0x100/0x2d0
[ 58.528745][ T4990] ? exclop_start_or_cancel_reloc+0x230/0x230
[ 58.534874][ T4990] ? avc_ss_reset+0x140/0x140
[ 58.539566][ T4990] ? tomoyo_path_number_perm+0x245/0x570
[ 58.545262][ T4990] ? lock_downgrade+0x690/0x690
[ 58.550127][ T4990] ? __kmem_cache_free+0x182/0x2c0
[ 58.555289][ T4990] ? tomoyo_path_number_perm+0x43b/0x570
[ 58.560976][ T4990] btrfs_ioctl+0x3c0f/0x5b30
[ 58.565607][ T4990] ? tomoyo_path_number_perm+0x166/0x570
[ 58.571290][ T4990] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 58.577115][ T4990] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 58.583582][ T4990] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 58.589489][ T4990] ? do_vfs_ioctl+0x132/0x1670
[ 58.594306][ T4990] ? vfs_fileattr_set+0xc40/0xc40
[ 58.599337][ T4990] ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[ 58.605873][ T4990] ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[ 58.612420][ T4990] ? selinux_bprm_creds_for_exec+0xb20/0xb20
[ 58.618393][ T4990] ? find_held_lock+0x2d/0x110
[ 58.623250][ T4990] ? name_to_dev_t+0x62/0x9e0
[ 58.627952][ T4990] ? lock_downgrade+0x690/0x690
[ 58.632892][ T4990] ? selinux_file_ioctl+0xba/0x280
[ 58.638013][ T4990] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 58.644485][ T4990] __x64_sys_ioctl+0x197/0x210
[ 58.649261][ T4990] do_syscall_64+0x39/0xb0
[ 58.653745][ T4990] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.659658][ T4990] RIP: 0033:0x7f848de13b69
[ 58.664109][ T4990] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.683769][ T4990] RSP: 002b:00007ffed4fde9d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 58.692223][ T4990] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f848de13b69
[ 58.700204][ T4990] RDX: 00000000200003c0 RSI: 0000000040489426 RDI: 0000000000000003
[ 58.708273][ T4990] RBP: 00007f848ddd3430 R08: 0000000000000000 R09: 0000000000000000
[ 58.716292][ T4990] R10: 00000000000051af R11: 0000000000000246 R12: 00007f848ddd34c0
[ 58.724429][ T4990] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 58.725664][ T26] audit: type=1400 audit(1686912592.007:90): avc: denied { append } for pid=4428 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 58.732451][ T4990]
[ 58.732466][ T4990] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 58.732475][ T4990] CPU: 1 PID: 4990 Comm: syz-executor292 Not tainted 6.4.0-rc6-syzkaller-00049-g62d8779610bb #0
[ 58.732499][ T4990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 58.732511][ T4990] Call Trace:
[ 58.732517][ T4990]
[ 58.732524][ T4990] dump_stack_lvl+0xd9/0x150
[ 58.732553][ T4990] panic+0x686/0x730
[ 58.732582][ T4990] ? panic_smp_self_stop+0xa0/0xa0
[ 58.732611][ T4990] ? show_trace_log_lvl+0x284/0x390
[ 58.732646][ T4990] ? __kernel_write_iter+0x5f9/0x7a0
[ 58.732673][ T4990] check_panic_on_warn+0xb1/0xc0
[ 58.732702][ T4990] __warn+0xf2/0x390
[ 58.732729][ T4990] ? __kernel_write_iter+0x5f9/0x7a0
[ 58.732753][ T4990] report_bug+0x2da/0x500
[ 58.732786][ T4990] handle_bug+0x3c/0x70
[ 58.732807][ T4990] exc_invalid_op+0x18/0x50
[ 58.732828][ T4990] asm_exc_invalid_op+0x1a/0x20
[ 58.732860][ T4990] RIP: 0010:__kernel_write_iter+0x5f9/0x7a0
[ 58.732887][ T4990] Code: 05 00 00 4c 89 e2 48 c7 c6 40 96 5b 8a 48 c7 c7 e0 95 5b 8a e8 98 38 83 ff 49 c7 c6 ea ff ff ff e9 c0 fe ff ff e8 d7 54 9f ff <0f> 0b 49 c7 c6 f7 ff ff ff e9 ad fe ff ff e8 c4 54 9f ff 4c 89 ea
[ 58.732908][ T4990] RSP: 0018:ffffc9000339f6c0 EFLAGS: 00010293
[ 58.732927][ T4990] RAX: 0000000000000000 RBX: 00000000000a801d RCX: 0000000000000000
[ 58.732942][ T4990] RDX: ffff88807d69a000 RSI: ffffffff81e412d9 RDI: 0000000000000005
[ 58.732957][ T4990] RBP: 1ffff92000673eda R08: 0000000000000005 R09: 0000000000000000
[ 58.732971][ T4990] R10: 0000000000000000 R11: 0000000000000005 R12: ffff888019be7280
[ 58.732985][ T4990] R13: ffff888019be72fc R14: 0000000000000000 R15: ffff88801776b808
[ 58.733001][ T4990] ? __kernel_write_iter+0x5f9/0x7a0
[ 58.733027][ T4990] ? vfs_read+0x8a0/0x8a0
[ 58.733049][ T4990] ? avc_policy_seqno+0x9/0x10
[ 58.733073][ T4990] ? selinux_file_permission+0x96/0x520
[ 58.733095][ T4990] ? security_file_permission+0xaf/0xd0
[ 58.733125][ T4990] kernel_write+0x1c1/0x670
[ 58.733149][ T4990] ? btrfs_destroy_cachep+0x30/0x30
[ 58.733178][ T4990] ? __kernel_write+0x110/0x110
[ 58.733204][ T4990] btrfs_ioctl_send+0x2317/0x67b0
[ 58.733243][ T4990] ? changed_cb+0x3530/0x3530
[ 58.733271][ T4990] ? __might_fault+0xe2/0x190
[ 58.733297][ T4990] ? lock_downgrade+0x690/0x690
[ 58.733327][ T4990] ? _copy_from_user+0x5c/0xf0
[ 58.733358][ T4990] _btrfs_ioctl_send+0x100/0x2d0
[ 58.733384][ T4990] ? exclop_start_or_cancel_reloc+0x230/0x230
[ 58.733412][ T4990] ? avc_ss_reset+0x140/0x140
[ 58.733433][ T4990] ? tomoyo_path_number_perm+0x245/0x570
[ 58.733467][ T4990] ? lock_downgrade+0x690/0x690
[ 58.733493][ T4990] ? __kmem_cache_free+0x182/0x2c0
[ 58.733514][ T4990] ? tomoyo_path_number_perm+0x43b/0x570
[ 58.733547][ T4990] btrfs_ioctl+0x3c0f/0x5b30
[ 58.733579][ T4990] ? tomoyo_path_number_perm+0x166/0x570
[ 58.733612][ T4990] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 58.733644][ T4990] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 58.733673][ T4990] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 58.733703][ T4990] ? do_vfs_ioctl+0x132/0x1670
[ 58.733724][ T4990] ? vfs_fileattr_set+0xc40/0xc40
[ 58.733745][ T4990] ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[ 58.733768][ T4990] ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[ 58.733792][ T4990] ? selinux_bprm_creds_for_exec+0xb20/0xb20
[ 58.733815][ T4990] ? find_held_lock+0x2d/0x110
[ 58.733840][ T4990] ? name_to_dev_t+0x62/0x9e0
[ 58.733870][ T4990] ? lock_downgrade+0x690/0x690
[ 58.733897][ T4990] ? selinux_file_ioctl+0xba/0x280
[ 58.733918][ T4990] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 58.733947][ T4990] __x64_sys_ioctl+0x197/0x210
[ 58.733969][ T4990] do_syscall_64+0x39/0xb0
[ 58.733989][ T4990] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.734022][ T4990] RIP: 0033:0x7f848de13b69
[ 58.734039][ T4990] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.734059][ T4990] RSP: 002b:00007ffed4fde9d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 58.734080][ T4990] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f848de13b69
[ 58.734095][ T4990] RDX: 00000000200003c0 RSI: 0000000040489426 RDI: 0000000000000003
[ 58.734110][ T4990] RBP: 00007f848ddd3430 R08: 0000000000000000 R09: 0000000000000000
[ 58.734124][ T4990] R10: 00000000000051af R11: 0000000000000246 R12: 00007f848ddd34c0
[ 58.734138][ T4990] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 58.734154][ T4990]
[ 58.754529][ T4990] Kernel Offset: disabled
[ 59.199390][ T4990] Rebooting in 86400 seconds..