./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1605807495 <...> syzkaller syzkaller login: [ 16.507394][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 16.507400][ T23] audit: type=1400 audit(1672604430.540:71): avc: denied { transition } for pid=353 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.512974][ T23] audit: type=1400 audit(1672604430.540:72): avc: denied { write } for pid=353 comm="sh" path="pipe:[311]" dev="pipefs" ino=311 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 17.206622][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #88!!! [ 17.256547][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 17.266051][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 17.496552][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #88!!! [ 17.796563][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! Warning: Permanently added '10.128.0.216' (ECDSA) to the list of known hosts. execve("./syz-executor1605807495", ["./syz-executor1605807495"], 0x7fff257d3fb0 /* 10 vars */) = 0 brk(NULL) = 0x555556deb000 brk(0x555556debc40) = 0x555556debc40 arch_prctl(ARCH_SET_FS, 0x555556deb300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1605807495", 4096) = 28 brk(0x555556e0cc40) = 0x555556e0cc40 brk(0x555556e0d000) = 0x555556e0d000 mprotect(0x7fc451efb000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc449a42000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7fc449a42000, 262144) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file1", 0777) = 0 [ 24.598649][ T23] audit: type=1400 audit(1672604438.630:73): avc: denied { execmem } for pid=371 comm="syz-executor160" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 24.618280][ T23] audit: type=1400 audit(1672604438.630:74): avc: denied { read write } for pid=371 comm="syz-executor160" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.618305][ T371] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 24.642519][ T23] audit: type=1400 audit(1672604438.630:75): avc: denied { open } for pid=371 comm="syz-executor160" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.652884][ T371] EXT4-fs (loop0): 1 truncate cleaned up mount("/dev/loop0", "./file1", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "debug_want_extra_isize=0x0000000000000080,quota,auto_da_alloc=0x0000000000000800,max_batch_time=0x00"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 24.674866][ T23] audit: type=1400 audit(1672604438.630:76): avc: denied { ioctl } for pid=371 comm="syz-executor160" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.680686][ T371] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug_want_extra_isize=0x0000000000000080,quota,auto_da_alloc=0x0000000000000800,max_batch_time=0x0000000000000008,noload,usrjquota=,,errors=continue [ 24.706226][ T23] audit: type=1400 audit(1672604438.630:77): avc: denied { mounton } for pid=371 comm="syz-executor160" path="/root/file1" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 24.747687][ T371] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 24.749420][ T23] audit: type=1400 audit(1672604438.760:78): avc: denied { mount } for pid=371 comm="syz-executor160" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 24.760872][ T371] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 24.760883][ T371] CPU: 0 PID: 371 Comm: syz-executor160 Not tainted 5.10.160-syzkaller-01321-g003c389455eb #0 [ 24.760888][ T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 24.760903][ T371] RIP: 0010:ext4_xattr_set_entry+0x4a7/0x3820 [ 24.760912][ T371] Code: 00 00 48 89 d8 48 c1 e8 03 48 89 84 24 28 01 00 00 42 80 3c 20 00 74 08 48 89 df e8 63 79 ba ff 4c 8b 33 4c 89 f0 48 c1 e8 03 <42> 8a 04 20 84 c0 0f 85 8f 2d 00 00 4c 89 f8 48 2b 44 24 18 48 89 [ 24.760917][ T371] RSP: 0018:ffffc9000021ef60 EFLAGS: 00010246 [ 24.783497][ T23] audit: type=1400 audit(1672604438.780:79): avc: denied { write } for pid=371 comm="syz-executor160" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 24.791147][ T371] RAX: 0000000000000000 RBX: ffffc9000021f360 RCX: ffff8881178e8000 [ 24.791152][ T371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001c [ 24.791158][ T371] RBP: ffffc9000021f1f8 R08: ffffffff81eca8b9 R09: ffffed1023655242 [ 24.791164][ T371] R10: ffffed1023655242 R11: 1ffff11023655241 R12: dffffc0000000000 [ 24.791170][ T371] R13: 1ffff92000043e66 R14: 0000000000000000 R15: 0000000000000000 [ 24.791185][ T371] FS: 0000555556deb300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 24.801747][ T23] audit: type=1400 audit(1672604438.780:80): avc: denied { add_name } for pid=371 comm="syz-executor160" name="cgroup.controllers" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 24.811421][ T371] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.811428][ T371] CR2: 0000557ef4e221e8 CR3: 000000011de2c000 CR4: 00000000003506b0 [ 24.811437][ T371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.811449][ T371] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.817748][ T23] audit: type=1400 audit(1672604438.780:81): avc: denied { create } for pid=371 comm="syz-executor160" name="cgroup.controllers" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 24.837091][ T371] Call Trace: [ 24.837111][ T371] ? errseq_check+0x40/0x70 [ 24.837124][ T371] ? ext4_xattr_ibody_inline_set+0x380/0x380 [ 24.837140][ T371] ? __ext4_journal_ensure_credits+0x460/0x460 [ 25.008894][ T371] ? __kasan_check_write+0x14/0x20 [ 25.013984][ T371] ? _raw_spin_lock_irqsave+0xf8/0x210 [ 25.019675][ T371] ? ext4_reserve_inode_write+0x2d2/0x380 [ 25.025362][ T371] ? __kasan_check_write+0x14/0x20 [ 25.030456][ T371] ext4_xattr_ibody_set+0x7c/0x2a0 [ 25.036762][ T371] ext4_xattr_set_handle+0xc5d/0x15a0 [ 25.042200][ T371] ? ext4_xattr_set_entry+0x3820/0x3820 [ 25.047723][ T371] ? selinux_inode_free_security+0x200/0x200 [ 25.053685][ T371] ext4_initxattrs+0xb2/0x120 [ 25.058338][ T371] security_inode_init_security+0x26c/0x3c0 [ 25.064202][ T371] ? ext4_init_security+0x40/0x40 [ 25.069212][ T371] ? security_dentry_create_files_as+0xd0/0xd0 [ 25.075339][ T371] ? __ext4_set_acl+0x5f0/0x5f0 [ 25.080249][ T371] ? prandom_u32+0x24c/0x290 [ 25.084812][ T371] ext4_init_security+0x34/0x40 [ 25.089632][ T371] __ext4_new_inode+0x3648/0x4530 [ 25.094625][ T371] ? ext4_mark_inode_used+0xc00/0xc00 [ 25.099967][ T371] ? d_splice_alias+0x12e/0x3b0 [ 25.104787][ T371] ? dquot_initialize+0x20/0x20 [ 25.109613][ T371] ? ext4_lookup+0x597/0xb20 [ 25.114172][ T371] ? ext4_add_entry+0x12e0/0x12e0 [ 25.119167][ T371] ext4_create+0x266/0x540 [ 25.123553][ T371] ? ext4_lookup+0xb20/0xb20 [ 25.128116][ T371] ? selinux_inode_create+0x22/0x30 [ 25.133282][ T371] ? security_inode_create+0xf1/0x130 [ 25.138667][ T371] ? ext4_lookup+0xb20/0xb20 [ 25.143237][ T371] path_openat+0x1362/0x2fd0 [ 25.147799][ T371] ? do_filp_open+0x440/0x440 [ 25.152461][ T371] do_filp_open+0x200/0x440 [ 25.156980][ T371] ? vfs_tmpfile+0x280/0x280 [ 25.161557][ T371] ? get_unused_fd_flags+0x95/0xa0 [ 25.166658][ T371] do_sys_openat2+0x13b/0x470 [ 25.171326][ T371] ? ptrace_stop+0x6ff/0x9f0 [ 25.175900][ T371] ? do_sys_open+0x220/0x220 [ 25.180470][ T371] ? _raw_spin_unlock_irq+0x4e/0x70 [ 25.185644][ T371] ? ptrace_notify+0x248/0x340 [ 25.190380][ T371] __x64_sys_openat+0x243/0x290 [ 25.195202][ T371] ? __ia32_sys_open+0x270/0x270 [ 25.200141][ T371] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 25.206158][ T371] do_syscall_64+0x34/0x70 [ 25.210547][ T371] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 25.216413][ T371] RIP: 0033:0x7fc451e8eb69 [ 25.220973][ T371] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 25.240548][ T371] RSP: 002b:00007ffec8b187a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 25.248931][ T371] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc451e8eb69 [ 25.256875][ T371] RDX: 000000000000275a RSI: 00000000200001c0 RDI: 00000000ffffff9c [ 25.264820][ T371] RBP: 00007fc451e4e170 R08: 00007ffec8b186a0 R09: 0000000000000000 [ 25.272772][ T371] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc451e4e200 [ 25.280714][ T371] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.288657][ T371] Modules linked in: [ 25.292851][ T371] ---[ end trace d9a38d6a18a69e61 ]--- [ 25.298340][ T371] RIP: 0010:ext4_xattr_set_entry+0x4a7/0x3820 [ 25.304404][ T371] Code: 00 00 48 89 d8 48 c1 e8 03 48 89 84 24 28 01 00 00 42 80 3c 20 00 74 08 48 89 df e8 63 79 ba ff 4c 8b 33 4c 89 f0 48 c1 e8 03 <42> 8a 04 20 84 c0 0f 85 8f 2d 00 00 4c 89 f8 48 2b 44 24 18 48 89 [ 25.324621][ T371] RSP: 0018:ffffc9000021ef60 EFLAGS: 00010246 [ 25.330696][ T371] RAX: 0000000000000000 RBX: ffffc9000021f360 RCX: ffff8881178e8000 [ 25.338662][ T371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001c [ 25.346641][ T371] RBP: ffffc9000021f1f8 R08: ffffffff81eca8b9 R09: ffffed1023655242 [ 25.354585][ T371] R10: ffffed1023655242 R11: 1ffff11023655241 R12: dffffc0000000000 [ 25.362558][ T371] R13: 1ffff92000043e66 R14: 0000000000000000 R15: 0000000000000000 [ 25.370536][ T371] FS: 0000555556deb300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 25.379459][ T371] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.386022][ T371] CR2: 0000557ef4e221e8 CR3: 000000011de2c000 CR4: 00000000003506b0 [ 25.393995][ T371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.402312][ T371] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.410287][ T371] Kernel panic - not syncing: Fatal exception [ 25.416490][ T371] Kernel Offset: disabled [ 25.420798][ T371] Rebooting in 86400 seconds..