./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4004089065 <...> syzkaller syzkaller login: [ 43.052537][ T26] kauditd_printk_skb: 42 callbacks suppressed [ 43.052549][ T26] audit: type=1400 audit(1686707654.105:77): avc: denied { transition } for pid=4839 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.082007][ T26] audit: type=1400 audit(1686707654.105:78): avc: denied { noatsecure } for pid=4839 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.105366][ T26] audit: type=1400 audit(1686707654.135:79): avc: denied { write } for pid=4839 comm="sh" path="pipe:[29887]" dev="pipefs" ino=29887 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 43.128326][ T26] audit: type=1400 audit(1686707654.135:80): avc: denied { rlimitinh } for pid=4839 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.153611][ T26] audit: type=1400 audit(1686707654.135:81): avc: denied { siginh } for pid=4839 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 44.079394][ T26] audit: type=1400 audit(1686707655.125:82): avc: denied { read } for pid=4427 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 Warning: Permanently added '10.128.1.118' (ECDSA) to the list of known hosts. execve("./syz-executor4004089065", ["./syz-executor4004089065"], 0x7ffe05c12670 /* 10 vars */) = 0 brk(NULL) = 0x55555649c000 brk(0x55555649cc40) = 0x55555649cc40 arch_prctl(ARCH_SET_FS, 0x55555649c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor4004089065", 4096) = 28 brk(0x5555564bdc40) = 0x5555564bdc40 brk(0x5555564be000) = 0x5555564be000 mprotect(0x7f42bd5c2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 [ 72.396491][ T26] audit: type=1400 audit(1686707683.445:83): avc: denied { write } for pid=4988 comm="strace-static-x" path="pipe:[29453]" dev="pipefs" ino=29453 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 72.421848][ T26] audit: type=1400 audit(1686707683.475:84): avc: denied { execmem } for pid=4991 comm="syz-executor400" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f42b5108000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f42b5108000, 524288) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 72.422829][ T4991] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4991 'syz-executor400' [ 72.459648][ T26] audit: type=1400 audit(1686707683.505:85): avc: denied { read write } for pid=4991 comm="syz-executor400" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 72.462263][ T4991] loop0: detected capacity change from 0 to 1024 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "hfsplus", 0, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 openat(AT_FDCWD, "memory.events", O_WRONLY|O_CREAT|O_EXCL|O_TRUNC|O_APPEND|FASYNC|0x20, 000) = 4 [ 72.484760][ T26] audit: type=1400 audit(1686707683.505:86): avc: denied { open } for pid=4991 comm="syz-executor400" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 72.515356][ T26] audit: type=1400 audit(1686707683.505:87): avc: denied { ioctl } for pid=4991 comm="syz-executor400" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 72.546636][ T4991] ------------[ cut here ]------------ [ 72.547829][ T26] audit: type=1400 audit(1686707683.535:88): avc: denied { mounton } for pid=4991 comm="syz-executor400" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 72.552446][ T4991] kernel BUG at fs/hfsplus/xattr.c:175! [ 72.580845][ T26] audit: type=1400 audit(1686707683.535:89): avc: denied { mount } for pid=4991 comm="syz-executor400" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 72.591675][ T4991] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 72.609071][ T4991] CPU: 1 PID: 4991 Comm: syz-executor400 Not tainted 6.4.0-rc6-syzkaller-00026-gfb054096aea0 #0 [ 72.619507][ T4991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 72.629674][ T4991] RIP: 0010:__hfsplus_setxattr+0x1b32/0x1e70 [ 72.635664][ T4991] Code: 89 ef e8 11 8c 85 ff e9 b9 f2 ff ff e8 c7 8c 85 ff e9 76 f2 ff ff 48 8b 7c 24 28 e8 f8 8b 85 ff e9 c9 f2 ff ff e8 0e b8 33 ff <0f> 0b 48 8b 7c 24 38 e8 02 8c 85 ff e9 b4 ee ff ff e8 f8 b7 33 ff [ 72.655263][ T4991] RSP: 0018:ffffc900034575e0 EFLAGS: 00010293 [ 72.661317][ T4991] RAX: 0000000000000000 RBX: ffff88802ab9a000 RCX: 0000000000000000 [ 72.669272][ T4991] RDX: ffff88807b13a200 RSI: ffffffff824fafa2 RDI: 0000000000000007 [ 72.677234][ T4991] RBP: ffff8880297a0fb0 R08: 0000000000000007 R09: 0000000000000000 [ 72.685200][ T4991] R10: 0000000000010000 R11: 0000000000000005 R12: 0000000000000000 [ 72.693189][ T4991] R13: ffffc900034576a8 R14: ffff88802c079000 R15: ffff8880297a0f40 [ 72.701164][ T4991] FS: 000055555649c300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 72.710096][ T4991] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.716696][ T4991] CR2: 0000560342c2ea28 CR3: 000000007cbfe000 CR4: 00000000003506e0 [ 72.724675][ T4991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.732647][ T4991] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.740616][ T4991] Call Trace: [ 72.743890][ T4991] [ 72.746815][ T4991] ? die+0x32/0x90 [ 72.750546][ T4991] ? do_trap+0x1b2/0x3f0 [ 72.754791][ T4991] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 72.760188][ T4991] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 72.765576][ T4991] ? do_error_trap+0xb1/0x170 [ 72.770264][ T4991] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 72.775638][ T4991] ? handle_invalid_op+0x2c/0x30 [ 72.780580][ T4991] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 72.785955][ T4991] ? exc_invalid_op+0x2f/0x50 [ 72.790650][ T4991] ? asm_exc_invalid_op+0x1a/0x20 [ 72.795684][ T4991] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 72.801058][ T4991] ? __hfsplus_setxattr+0x1b32/0x1e70 [ 72.806436][ T4991] ? __stack_depot_save+0x23b/0x510 [ 72.811649][ T4991] ? lock_downgrade+0x690/0x690 [ 72.816506][ T4991] ? copy_name+0xa0/0xa0 [ 72.820749][ T4991] ? lockdep_hardirqs_on+0x7d/0x100 [ 72.825951][ T4991] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 72.831769][ T4991] ? __stack_depot_save+0x23b/0x510 [ 72.837244][ T4991] ? print_usage_bug.part.0+0x660/0x660 [ 72.842803][ T4991] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 72.848790][ T4991] ? kasan_save_stack+0x32/0x40 [ 72.853641][ T4991] ? kasan_save_stack+0x22/0x40 [ 72.858489][ T4991] ? kasan_set_track+0x25/0x30 [ 72.863254][ T4991] ? __kasan_kmalloc+0xa3/0xb0 [ 72.868013][ T4991] ? hfsplus_setxattr+0x61/0x120 [ 72.872952][ T4991] ? __vfs_setxattr+0x173/0x1e0 [ 72.877811][ T4991] ? __vfs_setxattr_noperm+0x129/0x5f0 [ 72.883270][ T4991] ? __vfs_setxattr_locked+0x1d3/0x260 [ 72.888727][ T4991] ? vfs_setxattr+0x143/0x340 [ 72.893922][ T4991] ? do_setxattr+0x147/0x190 [ 72.898511][ T4991] ? setxattr+0x146/0x160 [ 72.902839][ T4991] ? __x64_sys_fsetxattr+0x245/0x300 [ 72.908125][ T4991] ? do_syscall_64+0x39/0xb0 [ 72.912717][ T4991] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 72.918801][ T4991] ? find_held_lock+0x2d/0x110 [ 72.923568][ T4991] ? mark_held_locks+0x9f/0xe0 [ 72.928354][ T4991] ? asm_common_interrupt+0x26/0x40 [ 72.933563][ T4991] ? lockdep_hardirqs_on+0x7d/0x100 [ 72.938767][ T4991] ? asm_common_interrupt+0x26/0x40 [ 72.943982][ T4991] ? __kmem_cache_alloc_node+0x170/0x3f0 [ 72.949720][ T4991] hfsplus_setxattr+0xce/0x120 [ 72.954490][ T4991] ? hfsplus_init_security+0x40/0x40 [ 72.959795][ T4991] __vfs_setxattr+0x173/0x1e0 [ 72.964483][ T4991] ? __vfs_removexattr+0x1c0/0x1c0 [ 72.969605][ T4991] ? cap_capable+0xfa/0x240 [ 72.974128][ T4991] __vfs_setxattr_noperm+0x129/0x5f0 [ 72.979414][ T4991] __vfs_setxattr_locked+0x1d3/0x260 [ 72.984705][ T4991] vfs_setxattr+0x143/0x340 [ 72.989213][ T4991] ? __vfs_setxattr_locked+0x260/0x260 [ 72.994670][ T4991] ? __check_object_size+0xac/0x730 [ 72.999878][ T4991] do_setxattr+0x147/0x190 [ 73.004294][ T4991] setxattr+0x146/0x160 [ 73.008448][ T4991] ? do_setxattr+0x190/0x190 [ 73.013127][ T4991] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 73.019115][ T4991] ? spin_bug+0x1c0/0x1c0 [ 73.023451][ T4991] ? lock_sync+0x190/0x190 [ 73.027874][ T4991] __x64_sys_fsetxattr+0x245/0x300 [ 73.032990][ T4991] do_syscall_64+0x39/0xb0 [ 73.037407][ T4991] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.043310][ T4991] RIP: 0033:0x7f42bd554819 [ 73.047724][ T4991] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 73.067334][ T4991] RSP: 002b:00007ffc47437188 EFLAGS: 00000246 ORIG_RAX: 00000000000000be [ 73.075754][ T4991] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f42bd554819 [ 73.083726][ T4991] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 73.091696][ T4991] RBP: 00007f42bd5140b0 R08: 0000000000000003 R09: 0000000000000000 [ 73.099667][ T4991] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f42bd514140 [ 73.107643][ T4991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 73.115614][ T4991] [ 73.118626][ T4991] Modules linked in: [ 73.124015][ T4991] ---[ end trace 0000000000000000 ]--- [ 73.124429][ T26] audit: type=1400 audit(1686707684.175:90): avc: denied { append } for pid=4427 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 73.129667][ T4991] RIP: 0010:__hfsplus_setxattr+0x1b32/0x1e70 [ 73.151758][ T26] audit: type=1400 audit(1686707684.175:91): avc: denied { open } for pid=4427 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 73.180267][ T26] audit: type=1400 audit(1686707684.175:92): avc: denied { getattr } for pid=4427 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 73.185225][ T4991] Code: 89 ef e8 11 8c 85 ff e9 b9 f2 ff ff e8 c7 8c 85 ff e9 76 f2 ff ff 48 8b 7c 24 28 e8 f8 8b 85 ff e9 c9 f2 ff ff e8 0e b8 33 ff <0f> 0b 48 8b 7c 24 38 e8 02 8c 85 ff e9 b4 ee ff ff e8 f8 b7 33 ff [ 73.222746][ T4991] RSP: 0018:ffffc900034575e0 EFLAGS: 00010293 [ 73.228828][ T4991] RAX: 0000000000000000 RBX: ffff88802ab9a000 RCX: 0000000000000000 [ 73.237009][ T4991] RDX: ffff88807b13a200 RSI: ffffffff824fafa2 RDI: 0000000000000007 [ 73.245117][ T4991] RBP: ffff8880297a0fb0 R08: 0000000000000007 R09: 0000000000000000 [ 73.253218][ T4991] R10: 0000000000010000 R11: 0000000000000005 R12: 0000000000000000 [ 73.261307][ T4991] R13: ffffc900034576a8 R14: ffff88802c079000 R15: ffff8880297a0f40 [ 73.269285][ T4991] FS: 000055555649c300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 73.278358][ T4991] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.285075][ T4991] CR2: 0000560342bef0b0 CR3: 000000007cbfe000 CR4: 00000000003506f0 [ 73.293173][ T4991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.301194][ T4991] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.309173][ T4991] Kernel panic - not syncing: Fatal exception [ 73.315408][ T4991] Kernel Offset: disabled [ 73.319721][ T4991] Rebooting in 86400 seconds..