./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4003250932 <...> Warning: Permanently added '10.128.0.162' (ECDSA) to the list of known hosts. execve("./syz-executor4003250932", ["./syz-executor4003250932"], 0x7ffd82eb1710 /* 10 vars */) = 0 brk(NULL) = 0x55555659c000 brk(0x55555659cc40) = 0x55555659cc40 arch_prctl(ARCH_SET_FS, 0x55555659c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor4003250932", 4096) = 28 brk(0x5555565bdc40) = 0x5555565bdc40 brk(0x5555565be000) = 0x5555565be000 mprotect(0x7f0ee4d4b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0edc892000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7f0edc892000, 262144) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file1", 0777) = 0 [ 22.523133][ T24] audit: type=1400 audit(1684529986.270:66): avc: denied { execmem } for pid=285 comm="syz-executor400" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.529105][ T24] audit: type=1400 audit(1684529986.270:67): avc: denied { read write } for pid=285 comm="syz-executor400" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.530227][ T285] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 22.534647][ T24] audit: type=1400 audit(1684529986.270:68): avc: denied { open } for pid=285 comm="syz-executor400" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.545895][ T285] EXT4-fs (loop0): 1 truncate cleaned up mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,errors=continue,debug_want_extra_isize=0x0000000000000040,di"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 setxattr("./file1", "trusted.overlay.opaque", NULL, 0, 0) = 0 setxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4117, 0) = 0 [ 22.547942][ T24] audit: type=1400 audit(1684529986.270:69): avc: denied { ioctl } for pid=285 comm="syz-executor400" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.553533][ T285] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,errors=continue,debug_want_extra_isize=0x0000000000000040,dioread_nolock,max_batch_time=0x0000000000000008,nombcache,,errors=continue [ 22.578930][ T24] audit: type=1400 audit(1684529986.270:70): avc: denied { mounton } for pid=285 comm="syz-executor400" path="/root/file1" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.610139][ T285] ------------[ cut here ]------------ [ 22.624341][ T24] audit: type=1400 audit(1684529986.350:71): avc: denied { mount } for pid=285 comm="syz-executor400" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 22.628887][ T285] kernel BUG at mm/slub.c:4184! [ 22.651919][ T24] audit: type=1400 audit(1684529986.350:72): avc: denied { setattr } for pid=285 comm="syz-executor400" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.655399][ T285] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 22.677426][ T24] audit: type=1400 audit(1684529986.350:73): avc: denied { write } for pid=285 comm="syz-executor400" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.682949][ T285] CPU: 0 PID: 285 Comm: syz-executor400 Not tainted 5.10.178-syzkaller-00127-g43c801dc3325 #0 [ 22.682956][ T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 22.682983][ T285] RIP: 0010:kfree+0x269/0x270 [ 22.683003][ T285] Code: 08 4c 89 ee 48 89 da e8 d5 64 f2 ff 65 ff 0d 7a 74 5b 7e 0f 85 d2 fd ff ff e8 bf 85 59 ff e9 c8 fd ff ff e8 a9 c0 02 03 0f 0b <0f> 0b 0f 1f 44 00 00 55 48 89 e5 53 48 83 ec 18 89 f2 65 48 8b 04 [ 22.704993][ T24] audit: type=1400 audit(1684529986.350:74): avc: denied { remove_name } for pid=285 comm="syz-executor400" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.714622][ T285] RSP: 0018:ffffc9000094f780 EFLAGS: 00010246 [ 22.714637][ T285] RAX: ffffea00047a4288 RBX: ffff88811e90b5a4 RCX: ffffea00047a42c0 [ 22.714645][ T285] RDX: 0000000000000000 RSI: 0000000000000012 RDI: ffff88811e90b5a4 [ 22.714661][ T285] RBP: ffffc9000094f7d8 R08: ffffffff81ed6e69 R09: 0000000000000003 [ 22.724933][ T24] audit: type=1400 audit(1684529986.350:75): avc: denied { unlink } for pid=285 comm="syz-executor400" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 22.729041][ T285] R10: fffff52000129e70 R11: dffffc0000000001 R12: 0000000000000000 [ 22.830666][ T285] R13: ffffffff8197a405 R14: 0000000000000000 R15: ffffea00047a42c0 [ 22.838566][ T285] FS: 000055555659c300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 22.847338][ T285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.853750][ T285] CR2: 0000000020001000 CR3: 000000011e88e000 CR4: 00000000003506b0 [ 22.861693][ T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.869477][ T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.877381][ T285] Call Trace: [ 22.880512][ T285] ? kfree+0xc3/0x270 [ 22.884330][ T285] kvfree+0x35/0x40 [ 22.887976][ T285] ext4_expand_extra_isize_ea+0x1124/0x1e60 [ 22.893705][ T285] ? ext4_xattr_set+0x3d0/0x3d0 [ 22.898387][ T285] ? dquot_initialize_needed+0x13d/0x370 [ 22.903856][ T285] __ext4_expand_extra_isize+0x303/0x3f0 [ 22.909409][ T285] __ext4_mark_inode_dirty+0x4a7/0x7b0 [ 22.914705][ T285] ? sb_end_intwrite+0x110/0x110 [ 22.919478][ T285] ? current_time+0x1af/0x2f0 [ 22.923989][ T285] ? atime_needs_update+0x5a0/0x5a0 [ 22.929023][ T285] ? __ext4_unlink+0x6f0/0xac0 [ 22.933628][ T285] ? memcpy+0x56/0x70 [ 22.937442][ T285] __ext4_unlink+0x8b5/0xac0 [ 22.941869][ T285] ? ext4_orphan_del+0x7c0/0x7c0 [ 22.946650][ T285] ? down_write+0xd7/0x150 [ 22.950895][ T285] ? down_read_killable+0x220/0x220 [ 22.955928][ T285] ? may_delete+0x533/0x760 [ 22.960290][ T285] ext4_unlink+0x142/0x3f0 [ 22.964522][ T285] vfs_unlink+0x23b/0x510 [ 22.968689][ T285] do_unlinkat+0x430/0x8b0 [ 22.972940][ T285] ? fsnotify_link_count+0x90/0x90 [ 22.977886][ T285] ? __check_object_size+0x2e6/0x3c0 [ 22.983007][ T285] ? strncpy_from_user+0x18e/0x2d0 [ 22.987953][ T285] ? getname_flags+0x1fd/0x520 [ 22.992563][ T285] __x64_sys_unlinkat+0xcd/0xf0 [ 22.997279][ T285] do_syscall_64+0x34/0x70 [ 23.001500][ T285] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 23.007222][ T285] RIP: 0033:0x7f0ee4cdec19 [ 23.011475][ T285] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 23.031175][ T285] RSP: 002b:00007ffe1f7cb298 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 23.039429][ T285] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f0ee4cdec19 [ 23.047249][ T285] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 23.055045][ T285] RBP: 00007f0ee4c9e250 R08: 0000000000000000 R09: 0000000000000000 [ 23.063036][ T285] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0ee4c9e2e0 [ 23.070925][ T285] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 23.078734][ T285] Modules linked in: [ 23.082618][ T285] ---[ end trace c2a122856e959fed ]--- [ 23.087902][ T285] RIP: 0010:kfree+0x269/0x270 [ 23.092448][ T285] Code: 08 4c 89 ee 48 89 da e8 d5 64 f2 ff 65 ff 0d 7a 74 5b 7e 0f 85 d2 fd ff ff e8 bf 85 59 ff e9 c8 fd ff ff e8 a9 c0 02 03 0f 0b <0f> 0b 0f 1f 44 00 00 55 48 89 e5 53 48 83 ec 18 89 f2 65 48 8b 04 [ 23.112226][ T285] RSP: 0018:ffffc9000094f780 EFLAGS: 00010246 [ 23.118120][ T285] RAX: ffffea00047a4288 RBX: ffff88811e90b5a4 RCX: ffffea00047a42c0 [ 23.125998][ T285] RDX: 0000000000000000 RSI: 0000000000000012 RDI: ffff88811e90b5a4 [ 23.133926][ T285] RBP: ffffc9000094f7d8 R08: ffffffff81ed6e69 R09: 0000000000000003 [ 23.141746][ T285] R10: fffff52000129e70 R11: dffffc0000000001 R12: 0000000000000000 [ 23.149530][ T285] R13: ffffffff8197a405 R14: 0000000000000000 R15: ffffea00047a42c0 [ 23.157380][ T285] FS: 000055555659c300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.166125][ T285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.172586][ T285] CR2: 0000000020001000 CR3: 000000011e88e000 CR4: 00000000003506b0 [ 23.180349][ T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.188202][ T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.196022][ T285] Kernel panic - not syncing: Fatal exception [ 23.202167][ T285] Kernel Offset: disabled [ 23.206300][ T285] Rebooting in 86400 seconds..