./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1720264764
<...>
d { noatsecure } for pid=220 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 14.437427][ T24] audit: type=1400 audit(1699337070.809:63): avc: denied { write } for pid=220 comm="sh" path="pipe:[927]" dev="pipefs" ino=927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 14.441491][ T24] audit: type=1400 audit(1699337070.809:64): avc: denied { rlimitinh } for pid=220 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 14.444045][ T24] audit: type=1400 audit(1699337070.809:65): avc: denied { siginh } for pid=220 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.1.169' (ED25519) to the list of known hosts.
execve("./syz-executor1720264764", ["./syz-executor1720264764"], 0x7ffd0eb32040 /* 10 vars */) = 0
brk(NULL) = 0x55555676d000
brk(0x55555676dd40) = 0x55555676dd40
arch_prctl(ARCH_SET_FS, 0x55555676d3c0) = 0
set_tid_address(0x55555676d690) = 288
set_robust_list(0x55555676d6a0, 24) = 0
rseq(0x55555676dce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1720264764", 4096) = 28
getrandom("\x05\xcb\xa7\xed\x67\x95\xd6\x72", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555676dd40
brk(0x55555678ed40) = 0x55555678ed40
brk(0x55555678f000) = 0x55555678f000
mprotect(0x7f9be6bb8000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
futex(0x7f9be6bbe3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f9be6b574e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9be6b48b60}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9be6ad3000
mprotect(0x7f9be6ad4000, 131072, PROT_READ|PROT_WRITE) = 0
rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9be6af3990, parent_tid=0x7f9be6af3990, exit_signal=0, stack=0x7f9be6ad3000, stack_size=0x20300, tls=0x7f9be6af36c0} => {parent_tid=[289]}, 88) = 289
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
futex(0x7f9be6bbe3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0
futex(0x7f9be6bbe3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 289 attached
<unfinished ...>
[pid 289] set_robust_list(0x7f9be6af39a0, 24) = 0
[pid 289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 289] mkdir("./file0", 000) = 0
[pid 289] futex(0x7f9be6bbe3ec, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 288] <... futex resumed>) = 0
[pid 288] futex(0x7f9be6bbe3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 288] futex(0x7f9be6bbe3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 289] <... futex resumed>) = 1
[pid 289] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000) = 3
[pid 289] futex(0x7f9be6bbe3ec, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 288] <... futex resumed>) = 0
[pid 288] futex(0x7f9be6bbe3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 288] futex(0x7f9be6bbe3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 289] <... futex resumed>) = 1
[pid 289] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"...) = 0
[pid 289] futex(0x7f9be6bbe3ec, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 288] <... futex resumed>) = 0
[pid 288] futex(0x7f9be6bbe3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 288] futex(0x7f9be6bbe3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 289] <... futex resumed>) = 1
[pid 289] read(3, "\x38\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x20\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x83", 8224) = 56
[pid 289] futex(0x7f9be6bbe3ec, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 288] <... futex resumed>) = 0
[pid 288] futex(0x7f9be6bbe3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 288] futex(0x7f9be6bbe3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 289] <... futex resumed>) = 1
[pid 289] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x00\x00\x90\xa3\xee\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80) = 80
[pid 289] futex(0x7f9be6bbe3ec, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 288] <... futex resumed>) = 0
[pid 288] futex(0x7f9be6bbe3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 288] futex(0x7f9be6bbe3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 289] <... futex resumed>) = 1
[ 22.762409][ T24] audit: type=1400 audit(1699337079.139:66): avc: denied { execmem } for pid=288 comm="syz-executor172" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 22.781772][ T24] audit: type=1400 audit(1699337079.139:67): avc: denied { read write } for pid=288 comm="syz-executor172" name="fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[pid 289] read(3, <unfinished ...>
[pid 288] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 288] futex(0x7f9be6bbe3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid 288] futex(0x7f9be6bbe3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid 288] futex(0x7f9be6bbe3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9be6ab2000
[pid 288] mprotect(0x7f9be6ab3000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9be6ad2990, parent_tid=0x7f9be6ad2990, exit_signal=0, stack=0x7f9be6ab2000, stack_size=0x20300, tls=0x7f9be6ad26c0} => {parent_tid=[291]}, 88) = 291
[pid 288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 288] futex(0x7f9be6bbe3f8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 288] futex(0x7f9be6bbe3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 291 attached
<unfinished ...>
[pid 291] set_robust_list(0x7f9be6ad29a0, 24) = 0
[pid 291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 291] write(-1, "\xa8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 168) = -1 EBADF (Bad file descriptor)
[pid 291] futex(0x7f9be6bbe3fc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 288] <... futex resumed>) = 0
[pid 288] futex(0x7f9be6bbe3f8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 288] futex(0x7f9be6bbe3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 291] <... futex resumed>) = 1
[pid 291] creat("./file0/file0", 000 <unfinished ...>
[pid 289] <... read resumed>"\x2e\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x23\x01\x00\x00\x00\x00\x00\x00\x66\x69\x6c\x65\x30\x00", 8192) = 46
[pid 289] write(3, "\xa8\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 168) = 168
[pid 289] futex(0x7f9be6bbe3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0
[ 22.805158][ T24] audit: type=1400 audit(1699337079.139:68): avc: denied { open } for pid=288 comm="syz-executor172" path="/dev/fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[ 22.821532][ T291] general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] PREEMPT SMP KASAN
[ 22.828960][ T24] audit: type=1400 audit(1699337079.139:69): avc: denied { mounton } for pid=288 comm="syz-executor172" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 22.840009][ T291] KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f]
[ 22.840021][ T291] CPU: 0 PID: 291 Comm: syz-executor172 Not tainted 5.10.199-syzkaller-00307-gd30b996835c0 #0
[ 22.840026][ T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 22.840054][ T291] RIP: 0010:fuse_atomic_open+0x27f/0x34e0
[ 22.840071][ T291] Code: e0 40 4c 8b 64 24 20 75 07 e8 dd c7 6c ff eb 37 48 8b 44 24 60 48 8d 58 30 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 73 38 aa ff 48 83 3b 00 0f 84 a9 00
[ 22.862902][ T24] audit: type=1400 audit(1699337079.149:70): avc: denied { mount } for pid=288 comm="syz-executor172" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 22.870897][ T291] RSP: 0018:ffffc90000b57300 EFLAGS: 00010206
[ 22.870908][ T291] RAX: 0000000000000009 RBX: 0000000000000048 RCX: dffffc0000000000
[ 22.870913][ T291] RDX: ffff88811eb20000 RSI: 0000000000000040 RDI: 0000000000000000
[ 22.870918][ T291] RBP: ffffc90000b57930 R08: ffffffff81fddba2 R09: 0000000000000003
[ 22.870924][ T291] R10: fffff5200016ace8 R11: dffffc0000000001 R12: ffff88811c8f8928
[ 22.870939][ T291] R13: ffff88811ea58800 R14: 1ffff9200016ae78 R15: 0000000000000018
[ 22.983595][ T291] FS: 00007f9be6ad26c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 22.992340][ T291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 22.998763][ T291] CR2: 00007f9be6ad2d58 CR3: 00000001184f2000 CR4: 00000000003506b0
[ 23.006584][ T291] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 23.014381][ T291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 23.022193][ T291] Call Trace:
[ 23.025326][ T291] ? __die_body+0x62/0xb0
[ 23.029495][ T291] ? die_addr+0x9f/0xd0
[ 23.033482][ T291] ? exc_general_protection+0x3ff/0x490
[ 23.038869][ T291] ? asm_exc_general_protection+0x1e/0x30
[ 23.044419][ T291] ? fuse_atomic_open+0x252/0x34e0
[ 23.049365][ T291] ? fuse_atomic_open+0x27f/0x34e0
[ 23.054310][ T291] ? fuse_rename2+0x4aa0/0x4aa0
[ 23.059003][ T291] ? avc_alloc_node+0x7e/0x360
[ 23.063602][ T291] ? __kasan_check_write+0x14/0x20
[ 23.068546][ T291] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 23.073839][ T291] ? _raw_spin_lock+0x1b0/0x1b0
[ 23.078528][ T291] ? avc_xperms_populate+0x4c7/0x590
[ 23.083646][ T291] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 23.089294][ T291] ? avc_compute_av+0x4cc/0x690
[ 23.093974][ T291] ? avc_has_perm+0x275/0x400
[ 23.098491][ T291] ? avc_has_perm_noaudit+0x240/0x240
[ 23.103697][ T291] ? avc_has_perm_noaudit+0x158/0x240
[ 23.108907][ T291] ? security_transition_sid+0x7d/0x90
[ 23.114198][ T291] ? may_create+0x65a/0x900
[ 23.118542][ T291] ? show_sid+0x250/0x250
[ 23.122705][ T291] ? d_hash_and_lookup+0x1e0/0x1e0
[ 23.127654][ T291] ? from_kgid+0x1a3/0x730
[ 23.131906][ T291] ? selinux_inode_create+0x22/0x30
[ 23.136938][ T291] ? security_inode_create+0xbc/0x100
[ 23.142145][ T291] ? fuse_rename2+0x4aa0/0x4aa0
[ 23.146832][ T291] path_openat+0xff0/0x3000
[ 23.151177][ T291] ? do_filp_open+0x460/0x460
[ 23.155688][ T291] do_filp_open+0x21c/0x460
[ 23.160030][ T291] ? vfs_tmpfile+0x2b0/0x2b0
[ 23.164453][ T291] ? get_unused_fd_flags+0x94/0xa0
[ 23.169403][ T291] do_sys_openat2+0x13f/0x6f0
[ 23.173915][ T291] ? ptrace_stop+0x6dc/0xa30
[ 23.178339][ T291] ? do_sys_open+0x220/0x220
[ 23.182767][ T291] ? ptrace_notify+0x24c/0x350
[ 23.187366][ T291] ? do_notify_parent+0xa10/0xa10
[ 23.192226][ T291] __x64_sys_creat+0x11f/0x160
[ 23.196828][ T291] ? __x32_compat_sys_openat+0x290/0x290
[ 23.202315][ T291] ? syscall_enter_from_user_mode+0x57/0x1a0
[ 23.208110][ T291] do_syscall_64+0x34/0x70
[ 23.212362][ T291] entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 23.218100][ T291] RIP: 0033:0x7f9be6b31639
[ 23.222346][ T291] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 23.241809][ T291] RSP: 002b:00007f9be6ad2218 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 23.250029][ T291] RAX: ffffffffffffffda RBX: 00007f9be6bbe3f8 RCX: 00007f9be6b31639
[pid 289] futex(0x7f9be6bbe3e8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 288] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[ 23.257842][ T291] RDX: 00007f9be6b31639 RSI: 0000000000000000 RDI: 0000000020000100
[ 23.265654][ T291] RBP: 00007f9be6bbe3f0 R08: 0000000000000000 R09: 0000000000000000
[ 23.273462][ T291] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9be6b8b024
[ 23.281278][ T291] R13: 000000000000006e R14: 0030656c69662f30 R15: 2f30656c69662f2e
[ 23.289085][ T291] Modules linked in:
[ 23.293321][ T291] ---[ end trace 43dd884af1d563ad ]---
[ 23.298721][ T291] RIP: 0010:fuse_atomic_open+0x27f/0x34e0
[ 23.304251][ T291] Code: e0 40 4c 8b 64 24 20 75 07 e8 dd c7 6c ff eb 37 48 8b 44 24 60 48 8d 58 30 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 73 38 aa ff 48 83 3b 00 0f 84 a9 00
[ 23.324189][ T291] RSP: 0018:ffffc90000b57300 EFLAGS: 00010206
[ 23.330196][ T291] RAX: 0000000000000009 RBX: 0000000000000048 RCX: dffffc0000000000
[ 23.338005][ T291] RDX: ffff88811eb20000 RSI: 0000000000000040 RDI: 0000000000000000
[ 23.345899][ T291] RBP: ffffc90000b57930 R08: ffffffff81fddba2 R09: 0000000000000003
[ 23.353587][ T291] R10: fffff5200016ace8 R11: dffffc0000000001 R12: ffff88811c8f8928
[pid 288] exit_group(0) = ?
[pid 289] <... futex resumed>) = ?
[pid 289] +++ exited with 0 +++
[ 23.361544][ T291] R13: ffff88811ea58800 R14: 1ffff9200016ae78 R15: 0000000000000018
[ 23.369423][ T291] FS: 00007f9be6ad26c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 23.378514][ T291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 23.384895][ T291] CR2: 000000000061ba0c CR3: 00000001184f2000 CR4: 00000000003506a0
[ 23.392895][ T291] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 23.400782][ T291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 23.408581][ T291] Kernel panic - not syncing: Fatal exception
[ 23.414557][ T291] Kernel Offset: disabled
[ 23.418686][ T291] Rebooting in 86400 seconds..