./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor108347617 <...> [ 5.006641][ T23] audit: type=1400 audit(1689048421.589:9): avc: denied { append open } for pid=144 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=920 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 5.009795][ T23] audit: type=1400 audit(1689048421.589:10): avc: denied { getattr } for pid=144 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=920 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 5.408420][ T161] udevd[161]: starting version 3.2.11 [ 5.475634][ T162] udevd[162]: starting eudev-3.2.11 [ 16.618809][ T23] kauditd_printk_skb: 50 callbacks suppressed [ 16.618815][ T23] audit: type=1400 audit(1689048433.219:61): avc: denied { transition } for pid=289 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.623284][ T23] audit: type=1400 audit(1689048433.229:62): avc: denied { noatsecure } for pid=289 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.625837][ T23] audit: type=1400 audit(1689048433.229:63): avc: denied { write } for pid=289 comm="sh" path="pipe:[10593]" dev="pipefs" ino=10593 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 16.628760][ T23] audit: type=1400 audit(1689048433.229:64): avc: denied { rlimitinh } for pid=289 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.631267][ T23] audit: type=1400 audit(1689048433.229:65): avc: denied { siginh } for pid=289 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.249' (ECDSA) to the list of known hosts. execve("./syz-executor108347617", ["./syz-executor108347617"], 0x7ffe6cd60fc0 /* 10 vars */) = 0 brk(NULL) = 0x555556ae4000 brk(0x555556ae4c40) = 0x555556ae4c40 arch_prctl(ARCH_SET_FS, 0x555556ae4300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor108347617", 4096) = 27 brk(0x555556b05c40) = 0x555556b05c40 brk(0x555556b06000) = 0x555556b06000 mprotect(0x7fcb308f7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb2843e000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7fcb2843e000, 262144) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file1", 0777) = 0 [ 25.079776][ T23] audit: type=1400 audit(1689048441.679:66): avc: denied { execmem } for pid=358 comm="syz-executor108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 25.099385][ T23] audit: type=1400 audit(1689048441.689:67): avc: denied { read write } for pid=358 comm="syz-executor108" name="loop0" dev="devtmpfs" ino=9280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.123695][ T23] audit: type=1400 audit(1689048441.689:68): avc: denied { open } for pid=358 comm="syz-executor108" path="/dev/loop0" dev="devtmpfs" ino=9280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.147763][ T23] audit: type=1400 audit(1689048441.689:69): avc: denied { ioctl } for pid=358 comm="syz-executor108" path="/dev/loop0" dev="devtmpfs" ino=9280 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.155605][ T358] EXT4-fs (loop0): 1 orphan inode deleted [ 25.173407][ T23] audit: type=1400 audit(1689048441.699:70): avc: denied { mounton } for pid=358 comm="syz-executor108" path="/root/file1" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 25.178812][ T358] EXT4-fs (loop0): mounted filesystem without journal. Opts: discard,noquota,dioread_lock,grpquota,auto_da_alloc,grpjquota=,quota,init_itable=0x000000000000c202,usrquota,,errors=continue mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, "discard,noquota,dioread_lock,grpquota,auto_da_alloc,grpjquota=,quota,init_itable=0x000000000000c202,"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 mount("/dev/loop0", "./bus", NULL, MS_SYNCHRONOUS|MS_BIND, NULL) = 0 open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 openat(AT_FDCWD, ".", O_RDONLY) = 6 [ 25.219545][ T23] audit: type=1400 audit(1689048441.819:71): avc: denied { mount } for pid=358 comm="syz-executor108" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 25.219559][ T358] ext4 filesystem being mounted at /root/file1 supports timestamps until 2038 (0x7fffffff) [ 25.254057][ T23] audit: type=1400 audit(1689048441.859:72): avc: denied { write } for pid=358 comm="syz-executor108" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.263921][ T358] ------------[ cut here ]------------ [ 25.275937][ T23] audit: type=1400 audit(1689048441.859:73): avc: denied { add_name } for pid=358 comm="syz-executor108" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.280930][ T358] kernel BUG at fs/ext4/ext4.h:2981! [ 25.281026][ T358] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 25.301780][ T23] audit: type=1400 audit(1689048441.859:74): avc: denied { create } for pid=358 comm="syz-executor108" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 25.306537][ T358] CPU: 0 PID: 358 Comm: syz-executor108 Not tainted 5.4.242-syzkaller-00020-g6d5c2c1877e5 #0 [ 25.306541][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 25.306556][ T358] RIP: 0010:ext4_trim_fs+0x19b2/0x19c0 [ 25.306569][ T358] Code: cf c8 ff e9 44 ec ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 33 fd ff ff 48 89 df e8 28 d0 c8 ff e9 26 fd ff ff e8 8e 15 99 ff <0f> 0b e8 77 d6 6f ff e8 82 15 99 ff 0f 0b 55 41 57 41 56 41 55 41 [ 25.312649][ T23] audit: type=1400 audit(1689048441.859:75): avc: denied { read write open } for pid=358 comm="syz-executor108" path="/root/file1/bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 25.332483][ T358] RSP: 0018:ffff8881dcbe7520 EFLAGS: 00010293 [ 25.332491][ T358] RAX: ffffffff81cb1532 RBX: 0000000000000001 RCX: ffff8881e2d43f00 [ 25.332495][ T358] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 25.332506][ T358] RBP: ffff8881dcbe7770 R08: ffffffff81cb02a8 R09: fffff94000ee00ff [ 25.429950][ T358] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 25.437760][ T358] R13: 0000000000000001 R14: ffff8881dc042000 R15: ffff8881dc0463f0 [ 25.445659][ T358] FS: 0000555556ae4300(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 25.454424][ T358] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.460865][ T358] CR2: 00000000200401bf CR3: 00000001e16b7000 CR4: 00000000003406b0 [ 25.468664][ T358] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.476470][ T358] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.484278][ T358] Call Trace: [ 25.487414][ T358] ? avc_denied+0x1d0/0x1d0 [ 25.491749][ T358] ? ext4_group_add_blocks+0xde0/0xde0 [ 25.497047][ T358] ? update_load_avg+0x40f/0x1210 [ 25.501900][ T358] ? cap_capable+0x1b1/0x250 [ 25.506329][ T358] ? check_preemption_disabled+0x9f/0x320 [ 25.511880][ T358] ext4_ioctl+0x2168/0x3fd0 [ 25.516222][ T358] ? check_preempt_wakeup+0x4f6/0x9f0 [ 25.521426][ T358] ? asan.module_dtor+0x20/0x20 [ 25.526115][ T358] ? ttwu_do_wakeup+0x161/0x480 [ 25.530805][ T358] ? check_preemption_disabled+0x9f/0x320 [ 25.536354][ T358] ? try_to_wake_up+0x7c5/0x14f0 [ 25.541129][ T358] ? debug_smp_processor_id+0x20/0x20 [ 25.546338][ T358] ? check_preemption_disabled+0x9f/0x320 [ 25.551892][ T358] ? avc_has_extended_perms+0xb03/0x1120 [ 25.557362][ T358] ? avc_flush+0x1f0/0x1f0 [ 25.561631][ T358] ? finish_task_switch+0x130/0x590 [ 25.566649][ T358] ? _raw_spin_lock_irqsave+0x210/0x210 [ 25.572031][ T358] ? ptrace_stop+0x6ee/0xa30 [ 25.576458][ T358] ? asan.module_dtor+0x20/0x20 [ 25.581156][ T358] do_vfs_ioctl+0x742/0x1720 [ 25.585567][ T358] ? ioctl_preallocate+0x250/0x250 [ 25.590520][ T358] ? check_preemption_disabled+0x153/0x320 [ 25.596244][ T358] ? syscall_trace_enter+0x650/0x940 [ 25.601363][ T358] ? do_syscall_64+0x1c0/0x1c0 [ 25.605962][ T358] ? switch_fpu_return+0x1d4/0x410 [ 25.610910][ T358] ? security_file_ioctl+0x7d/0xa0 [ 25.615859][ T358] __x64_sys_ioctl+0xd4/0x110 [ 25.620377][ T358] do_syscall_64+0xca/0x1c0 [ 25.624726][ T358] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 25.630438][ T358] Modules linked in: [ 25.634369][ T358] ---[ end trace c269d52e08e596c0 ]--- [ 25.639638][ T358] RIP: 0010:ext4_trim_fs+0x19b2/0x19c0 [ 25.644944][ T358] Code: cf c8 ff e9 44 ec ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 33 fd ff ff 48 89 df e8 28 d0 c8 ff e9 26 fd ff ff e8 8e 15 99 ff <0f> 0b e8 77 d6 6f ff e8 82 15 99 ff 0f 0b 55 41 57 41 56 41 55 41 [ 25.664476][ T358] RSP: 0018:ffff8881dcbe7520 EFLAGS: 00010293 [ 25.670248][ T358] RAX: ffffffff81cb1532 RBX: 0000000000000001 RCX: ffff8881e2d43f00 [ 25.678086][ T358] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 25.685888][ T358] RBP: ffff8881dcbe7770 R08: ffffffff81cb02a8 R09: fffff94000ee00ff [ 25.693707][ T358] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 25.701496][ T358] R13: 0000000000000001 R14: ffff8881dc042000 R15: ffff8881dc0463f0 [ 25.709595][ T358] FS: 0000555556ae4300(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 25.718349][ T358] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.724782][ T358] CR2: 00000000200401bf CR3: 00000001e16b7000 CR4: 00000000003406b0 [ 25.732569][ T358] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.740414][ T358] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.748218][ T358] Kernel panic - not syncing: Fatal exception [ 25.754253][ T358] Kernel Offset: disabled [ 25.758376][ T358] Rebooting in 86400 seconds..