./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2358621777 <...> Warning: Permanently added '10.128.1.147' (ECDSA) to the list of known hosts. execve("./syz-executor2358621777", ["./syz-executor2358621777"], 0x7fffb3df7360 /* 10 vars */) = 0 brk(NULL) = 0x555555bf6000 brk(0x555555bf6c40) = 0x555555bf6c40 arch_prctl(ARCH_SET_FS, 0x555555bf6300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2358621777", 4096) = 28 brk(0x555555c17c40) = 0x555555c17c40 brk(0x555555c18000) = 0x555555c18000 mprotect(0x7fc664b75000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 open(".", O_RDONLY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 82.457550][ T26] audit: type=1400 audit(1684344860.876:83): avc: denied { write } for pid=4992 comm="strace-static-x" path="pipe:[29221]" dev="pipefs" ino=29221 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 82.486421][ T26] audit: type=1400 audit(1684344860.906:84): avc: denied { execmem } for pid=4995 comm="syz-executor235" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 memfd_create("syzkaller", 0) = 4 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc65c6bc000 write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8192) = 8192 munmap(0x7fc65c6bc000, 8192) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 ioctl(5, LOOP_SET_FD, 4) = 0 close(4) = 0 [ 82.489346][ T4995] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4995 'syz-executor235' [ 82.518785][ T26] audit: type=1400 audit(1684344860.936:85): avc: denied { read write } for pid=4995 comm="syz-executor235" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 82.521874][ T4995] loop0: detected capacity change from 0 to 16 mkdir("./file1", 0777) = 0 [ 82.543786][ T26] audit: type=1400 audit(1684344860.936:86): avc: denied { open } for pid=4995 comm="syz-executor235" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 82.574396][ T26] audit: type=1400 audit(1684344860.936:87): avc: denied { ioctl } for pid=4995 comm="syz-executor235" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 82.582707][ T4995] erofs: (device loop0): EXPERIMENTAL compressed fragments feature in use. Use at your own risk! [ 82.600459][ T26] audit: type=1400 audit(1684344860.996:88): avc: denied { mounton } for pid=4995 comm="syz-executor235" path="/root/file1" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 82.612346][ T4995] erofs: (device loop0): EXPERIMENTAL global deduplication feature in use. Use at your own risk! [ 82.633748][ T26] audit: type=1400 audit(1684344861.036:89): avc: denied { append } for pid=4427 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 82.645712][ T4995] general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN [ 82.678089][ T4995] KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf] [ 82.686511][ T4995] CPU: 0 PID: 4995 Comm: syz-executor235 Not tainted 6.4.0-rc2-syzkaller #0 [ 82.695199][ T4995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 82.705266][ T4995] RIP: 0010:erofs_bread+0x56/0x6d0 [ 82.710428][ T4995] Code: 48 c1 ea 03 80 3c 02 00 0f 85 15 06 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 8d bc 24 ca 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 82 05 00 00 [ 82.730054][ T4995] RSP: 0018:ffffc900034b7980 EFLAGS: 00010202 [ 82.736140][ T4995] RAX: dffffc0000000000 RBX: ffffc900034b7af8 RCX: 0000000000000000 [ 82.744123][ T4995] RDX: 0000000000000019 RSI: ffffffff83c1ea5f RDI: 00000000000000ca [ 82.752109][ T4995] RBP: 0000000000000000 R08: 0000000000000001 R09: 000000000000003f [ 82.760091][ T4995] R10: 000000000000000c R11: ffffffff81d50f12 R12: 0000000000000000 [ 82.768077][ T4995] R13: 0000000000000001 R14: ffff888019bd4000 R15: ffff888019bd4000 [ 82.776078][ T4995] FS: 0000555555bf6300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 82.785028][ T4995] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 82.791627][ T4995] CR2: 00007fc664ae0ca0 CR3: 0000000020cc6000 CR4: 00000000003506f0 [ 82.799616][ T4995] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 82.807607][ T4995] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 82.815593][ T4995] Call Trace: [ 82.818883][ T4995] [ 82.821826][ T4995] erofs_read_metadata+0xbb/0x490 [ 82.826905][ T4995] ? erofs_xattr_prefixes_init+0x1c2/0x590 [ 82.832765][ T4995] ? rcu_is_watching+0x12/0xb0 [ 82.837581][ T4995] ? __kmalloc+0xf2/0x190 [ 82.841936][ T4995] erofs_xattr_prefixes_init+0x3b1/0x590 [ 82.847620][ T4995] ? erofs_xattr_prefixes_cleanup+0x230/0x230 [ 82.853738][ T4995] ? preempt_schedule_common+0x45/0xb0 [ 82.859236][ T4995] ? preempt_schedule_thunk+0x1a/0x20 [ 82.864648][ T4995] ? _raw_spin_unlock+0x3a/0x40 [ 82.869529][ T4995] ? new_inode+0x1f6/0x280 [ 82.873979][ T4995] erofs_fc_fill_super+0x1734/0x2a80 [ 82.879387][ T4995] ? erofs_read_metadata+0x490/0x490 [ 82.884715][ T4995] ? snprintf+0xbf/0x100 [ 82.888987][ T4995] ? set_blocksize+0x2d8/0x370 [ 82.893800][ T4995] get_tree_bdev+0x44a/0x770 [ 82.898424][ T4995] ? erofs_read_metadata+0x490/0x490 [ 82.903746][ T4995] vfs_get_tree+0x8d/0x350 [ 82.908190][ T4995] path_mount+0x134b/0x1e40 [ 82.912722][ T4995] ? putname+0x102/0x140 [ 82.916993][ T4995] ? lockdep_hardirqs_on+0x7d/0x100 [ 82.922217][ T4995] ? finish_automount+0x9b0/0x9b0 [ 82.927276][ T4995] ? putname+0x102/0x140 [ 82.931545][ T4995] __x64_sys_mount+0x283/0x300 [ 82.936339][ T4995] ? copy_mnt_ns+0xb30/0xb30 [ 82.940963][ T4995] ? lockdep_hardirqs_on+0x7d/0x100 [ 82.946188][ T4995] ? _raw_spin_unlock_irq+0x2e/0x50 [ 82.951418][ T4995] ? ptrace_notify+0xfe/0x140 [ 82.956119][ T4995] do_syscall_64+0x39/0xb0 [ 82.960571][ T4995] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.966500][ T4995] RIP: 0033:0x7fc664b09e5a [ 82.970928][ T4995] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 82.990555][ T4995] RSP: 002b:00007ffd1310be98 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 82.998990][ T4995] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fc664b09e5a [ 83.006977][ T4995] RDX: 0000000020000180 RSI: 0000000020000140 RDI: 00007ffd1310bea0 [ 83.014962][ T4995] RBP: 00007ffd1310bea0 R08: 00007ffd1310bee0 R09: 00000000000001d4 [ 83.022948][ T4995] R10: 0000000001000801 R11: 0000000000000286 R12: 0000000000000005 [ 83.030960][ T4995] R13: 0000555555bf62c0 R14: 00007ffd1310bee0 R15: 0000000000000000 [ 83.038966][ T4995] [ 83.042019][ T4995] Modules linked in: [ 83.046030][ T26] audit: type=1400 audit(1684344861.036:90): avc: denied { open } for pid=4427 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 83.051130][ T4995] ---[ end trace 0000000000000000 ]--- [ 83.068478][ T26] audit: type=1400 audit(1684344861.036:91): avc: denied { getattr } for pid=4427 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 83.073880][ T4995] RIP: 0010:erofs_bread+0x56/0x6d0 [ 83.101722][ T4995] Code: 48 c1 ea 03 80 3c 02 00 0f 85 15 06 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 8d bc 24 ca 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 82 05 00 00 [ 83.121434][ T4995] RSP: 0018:ffffc900034b7980 EFLAGS: 00010202 [ 83.127742][ T4995] RAX: dffffc0000000000 RBX: ffffc900034b7af8 RCX: 0000000000000000 [ 83.135831][ T4995] RDX: 0000000000000019 RSI: ffffffff83c1ea5f RDI: 00000000000000ca [ 83.143849][ T4995] RBP: 0000000000000000 R08: 0000000000000001 R09: 000000000000003f [ 83.151883][ T4995] R10: 000000000000000c R11: ffffffff81d50f12 R12: 0000000000000000 [ 83.159927][ T4995] R13: 0000000000000001 R14: ffff888019bd4000 R15: ffff888019bd4000 [ 83.167952][ T4995] FS: 0000555555bf6300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 83.176935][ T4995] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 83.183525][ T4995] CR2: 00007fb0e8fdab10 CR3: 0000000020cc6000 CR4: 00000000003506e0 [ 83.191545][ T4995] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 83.199569][ T4995] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 83.207784][ T4995] Kernel panic - not syncing: Fatal exception [ 83.213957][ T4995] Kernel Offset: disabled [ 83.218291][ T4995] Rebooting in 86400 seconds..