./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2373521592 <...> Warning: Permanently added '10.128.0.100' (ED25519) to the list of known hosts. execve("./syz-executor2373521592", ["./syz-executor2373521592"], 0x7ffc73b149a0 /* 10 vars */) = 0 brk(NULL) = 0x555557b7a000 brk(0x555557b7ad00) = 0x555557b7ad00 arch_prctl(ARCH_SET_FS, 0x555557b7a380) = 0 set_tid_address(0x555557b7a650) = 294 set_robust_list(0x555557b7a660, 24) = 0 rseq(0x555557b7aca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2373521592", 4096) = 28 getrandom("\x4b\xa8\x80\x05\xaa\x51\x56\x68", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557b7ad00 brk(0x555557b9bd00) = 0x555557b9bd00 brk(0x555557b9c000) = 0x555557b9c000 mprotect(0x7f1311532000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 write(1, "executing program\n", 18executing program ) = 18 mkdir("./file0", 000) = 0 mkdirat(AT_FDCWD, "./file1", 000) = 0 mkdir("./bus", 0222) = 0 mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on,") = 0 mount("./bus", "./bus", "incremental-fs", 0, NULL) = 0 open("./file0", O_RDONLY) = 3 mknodat(3, "./file1", 000) = 0 chdir("./bus") = 0 link("./file1", "./bus") = 0 [ 22.901516][ T30] audit: type=1400 audit(1736089219.169:66): avc: denied { execmem } for pid=294 comm="syz-executor237" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.920760][ T30] audit: type=1400 audit(1736089219.179:67): avc: denied { mounton } for pid=294 comm="syz-executor237" path="/root/bus" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.925365][ T294] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN [ 22.943398][ T30] audit: type=1400 audit(1736089219.179:68): avc: denied { unlink } for pid=294 comm="syz-executor237" name="#1" dev="sda1" ino=1932 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1 [ 22.954543][ T294] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 22.954560][ T294] CPU: 0 PID: 294 Comm: syz-executor237 Not tainted 5.15.173-syzkaller-00213-gaf461d0249a8 #0 [ 22.954579][ T294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 22.954599][ T294] RIP: 0010:security_inode_getattr+0x47/0x130 [ 22.977212][ T30] audit: type=1400 audit(1736089219.179:69): avc: denied { mount } for pid=294 comm="syz-executor237" name="/" dev="overlay" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 22.984961][ T294] Code: 38 ff 49 8d 5f 08 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 57 62 7a ff 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 3a 62 7a ff 48 8b 1b 48 83 c3 0c [ 22.984980][ T294] RSP: 0018:ffffc90000946ed0 EFLAGS: 00010206 [ 22.984999][ T294] RAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff88810cc2bb40 [ 22.995370][ T30] audit: type=1400 audit(1736089219.189:70): avc: denied { mount } for pid=294 comm="syz-executor237" name="/" dev="incremental-fs" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 23.004925][ T294] RDX: 0000000000000000 RSI: ffffc90000947400 RDI: ffffc900009473f0 [ 23.004942][ T294] RBP: ffffc90000946ef8 R08: dffffc0000000000 R09: ffffc900009473f0 [ 23.004956][ T294] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000947400 [ 23.011172][ T30] audit: type=1400 audit(1736089219.189:71): avc: denied { write } for pid=294 comm="syz-executor237" name="/" dev="incremental-fs" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.032873][ T294] R13: dffffc0000000000 R14: ffffc900009473f0 R15: ffffc900009473f0 [ 23.032892][ T294] FS: 0000555557b7a380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.032910][ T294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.052686][ T30] audit: type=1400 audit(1736089219.189:72): avc: denied { add_name } for pid=294 comm="syz-executor237" name="file1" dev="incremental-fs" ino=1933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.058214][ T294] CR2: 0000000020001600 CR3: 000000010ce98000 CR4: 00000000003506b0 [ 23.058233][ T294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.066320][ T30] audit: type=1400 audit(1736089219.189:73): avc: denied { link } for pid=294 comm="syz-executor237" name="file1" dev="incremental-fs" ino=1933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 23.089467][ T294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.089486][ T294] Call Trace: [ 23.089491][ T294] [ 23.089499][ T294] ? __die_body+0x62/0xb0 [ 23.097504][ T30] audit: type=1400 audit(1736089219.189:74): avc: denied { write } for pid=294 comm="syz-executor237" name="bus" dev="incremental-fs" ino=1933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 23.105084][ T294] ? die_addr+0x9f/0xd0 [ 23.105109][ T294] ? exc_general_protection+0x311/0x4b0 [ 23.113468][ T30] audit: type=1400 audit(1736089219.189:75): avc: denied { open } for pid=294 comm="syz-executor237" path="/root/bus/bus" dev="incremental-fs" ino=1933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 23.135642][ T294] ? asm_exc_general_protection+0x27/0x30 [ 23.135673][ T294] ? security_inode_getattr+0x47/0x130 [ 23.305959][ T294] vfs_getattr+0x2a/0x320 [ 23.310120][ T294] ovl_copy_up_flags+0x629/0x2d30 [ 23.314978][ T294] ? kasan_set_free_info+0x23/0x40 [ 23.319932][ T294] ? ovl_maybe_copy_up+0x190/0x190 [ 23.324869][ T294] ? stack_trace_save+0x1c0/0x1c0 [ 23.329731][ T294] ? __kernel_text_address+0x9b/0x110 [ 23.334961][ T294] ? unwind_get_return_address+0x4d/0x90 [ 23.340424][ T294] ? __kasan_check_write+0x14/0x20 [ 23.345355][ T294] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 23.350650][ T294] ? _raw_spin_lock+0x1b0/0x1b0 [ 23.355337][ T294] ? stack_trace_save+0x113/0x1c0 [ 23.360197][ T294] ? avc_has_perm_noaudit+0x348/0x430 [ 23.365406][ T294] ? memcpy+0x56/0x70 [ 23.369224][ T294] ? avc_has_perm_noaudit+0x2dd/0x430 [ 23.374429][ T294] ? __stack_depot_save+0x40d/0x470 [ 23.379481][ T294] ? avc_denied+0x1b0/0x1b0 [ 23.383805][ T294] ? alloc_empty_file+0x95/0x180 [ 23.388688][ T294] ? mnt_want_write+0x1ff/0x2d0 [ 23.393448][ T294] ovl_maybe_copy_up+0x15a/0x190 [ 23.398221][ T294] ovl_open+0xad/0x210 [ 23.402125][ T294] ? ovl_mmap+0x450/0x450 [ 23.406293][ T294] do_dentry_open+0x81c/0xfd0 [ 23.410807][ T294] dentry_open+0xb8/0x100 [ 23.414970][ T294] file_open+0x2a7/0x650 [ 23.419051][ T294] ? incfs_file_mmap+0x120/0x120 [ 23.423850][ T294] ? fsnotify_perm+0x269/0x5b0 [ 23.428424][ T294] ? incfs_file_mmap+0x120/0x120 [ 23.433196][ T294] do_dentry_open+0x81c/0xfd0 [ 23.437721][ T294] vfs_open+0x73/0x80 [ 23.441540][ T294] path_openat+0x26f0/0x2f40 [ 23.445973][ T294] ? kmem_cache_alloc+0xf5/0x250 [ 23.450737][ T294] ? do_filp_open+0x460/0x460 [ 23.455253][ T294] do_filp_open+0x21c/0x460 [ 23.459583][ T294] ? vfs_tmpfile+0x2c0/0x2c0 [ 23.464017][ T294] do_sys_openat2+0x13f/0x820 [ 23.468527][ T294] ? ptrace_stop+0x6eb/0xa90 [ 23.472952][ T294] ? do_sys_open+0x220/0x220 [ 23.477464][ T294] ? _raw_spin_unlock_irq+0x4e/0x70 [ 23.482499][ T294] ? ptrace_notify+0x24c/0x350 [ 23.487116][ T294] __x64_sys_creat+0x11f/0x160 [ 23.491701][ T294] ? __x64_compat_sys_openat+0x290/0x290 [ 23.497168][ T294] x64_sys_call+0x27b/0x9a0 [ 23.501513][ T294] do_syscall_64+0x3b/0xb0 [ 23.505756][ T294] ? clear_bhb_loop+0x35/0x90 [ 23.510280][ T294] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 23.516000][ T294] RIP: 0033:0x7f13114bf569 [ 23.520256][ T294] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 23.539782][ T294] RSP: 002b:00007ffda0ee6978 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 23.548032][ T294] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f13114bf569 [ 23.555835][ T294] RDX: 0000000000000073 RSI: 0000000000000000 RDI: 0000000020000100 [ 23.563847][ T294] RBP: 00007f1311532610 R08: 00007ffda0ee6b48 R09: 00007ffda0ee6b48 [ 23.571765][ T294] R10: 00007ffda0ee6b48 R11: 0000000000000246 R12: 0000000000000001 [ 23.579556][ T294] R13: 00007ffda0ee6b38 R14: 0000000000000001 R15: 0000000000000001 [ 23.587371][ T294] [ 23.590231][ T294] Modules linked in: [ 23.594236][ T294] ---[ end trace ff9bc4b99aa5f423 ]--- [ 23.599564][ T294] RIP: 0010:security_inode_getattr+0x47/0x130 [ 23.605509][ T294] Code: 38 ff 49 8d 5f 08 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 57 62 7a ff 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 3a 62 7a ff 48 8b 1b 48 83 c3 0c [ 23.625154][ T294] RSP: 0018:ffffc90000946ed0 EFLAGS: 00010206 [ 23.631112][ T294] RAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff88810cc2bb40 [ 23.639174][ T294] RDX: 0000000000000000 RSI: ffffc90000947400 RDI: ffffc900009473f0 [ 23.646917][ T294] RBP: ffffc90000946ef8 R08: dffffc0000000000 R09: ffffc900009473f0 [ 23.654841][ T294] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000947400 [ 23.662713][ T294] R13: dffffc0000000000 R14: ffffc900009473f0 R15: ffffc900009473f0 [ 23.670485][ T294] FS: 0000555557b7a380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.679401][ T294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.685736][ T294] CR2: 0000000020001600 CR3: 000000010ce98000 CR4: 00000000003506b0 [ 23.693724][ T294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.701569][ T294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.709524][ T294] Kernel panic - not syncing: Fatal exception [ 23.715669][ T294] Kernel Offset: disabled [ 23.720007][ T294] Rebooting in 86400 seconds..