./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor989279600 <...> Warning: Permanently added '10.128.1.181' (ED25519) to the list of known hosts. execve("./syz-executor989279600", ["./syz-executor989279600"], 0x7ffd1589b060 /* 10 vars */) = 0 brk(NULL) = 0x5555570e1000 brk(0x5555570e1e00) = 0x5555570e1e00 arch_prctl(ARCH_SET_FS, 0x5555570e1480) = 0 set_tid_address(0x5555570e1750) = 357 set_robust_list(0x5555570e1760, 24) = 0 rseq(0x5555570e1da0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor989279600", 4096) = 27 getrandom("\x71\x5b\x15\x5a\xaa\x9e\xa7\x42", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555570e1e00 brk(0x555557102e00) = 0x555557102e00 brk(0x555557103000) = 0x555557103000 mprotect(0x7f471b4cd000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f471b4270a0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f471b42e3f0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f471b4270a0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f471b42e3f0}, NULL, 8) = 0 mkdir("./file0", 000) = 0 openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 3 mkdir("./file2", 0777) = 0 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- mount(NULL, "./file0", "overlay", 0, "workdir=./file0,lowerdir=.,upperdir=./file2,metacopy=on,,") = 0 [ 26.441362][ T23] audit: type=1400 audit(1711490023.390:66): avc: denied { execmem } for pid=357 comm="syz-executor989" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 mount("./file0", "./file0", "incremental-fs", 0, NULL) = 0 openat(AT_FDCWD, "./file0", O_RDONLY) = 4 linkat(4, "./file1", 4, "./file3", 0) = 0 [ 26.485889][ T23] audit: type=1400 audit(1711490023.430:67): avc: denied { mounton } for pid=357 comm="syz-executor989" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 26.507901][ T357] kasan: CONFIG_KASAN_INLINE enabled [ 26.509419][ T23] audit: type=1400 audit(1711490023.430:68): avc: denied { mount } for pid=357 comm="syz-executor989" name="/" dev="overlay" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 26.514042][ T357] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 26.536543][ T23] audit: type=1400 audit(1711490023.450:69): avc: denied { mount } for pid=357 comm="syz-executor989" name="/" dev="incremental-fs" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 26.543987][ T357] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 26.567698][ T23] audit: type=1400 audit(1711490023.450:70): avc: denied { write } for pid=357 comm="syz-executor989" name="/" dev="incremental-fs" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 26.574057][ T357] CPU: 0 PID: 357 Comm: syz-executor989 Not tainted 5.4.265-syzkaller-00009-g43a5ead9254d #0 [ 26.574063][ T357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 26.574079][ T357] RIP: 0010:security_inode_getattr+0x42/0x120 [ 26.574096][ T357] Code: 5c ff 49 8d 5f 08 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 cc fd 8b ff 48 8b 2b 48 83 c5 30 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 ef e8 af fd 8b ff 48 8b 6d 00 48 83 c5 [ 26.597428][ T23] audit: type=1400 audit(1711490023.450:71): avc: denied { add_name } for pid=357 comm="syz-executor989" name="file1" dev="incremental-fs" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 26.606888][ T357] RSP: 0018:ffff8881db8cef58 EFLAGS: 00010206 [ 26.606899][ T357] RAX: 0000000000000006 RBX: ffff8881db8cf3f8 RCX: ffff8881dc1a8fc0 [ 26.606906][ T357] RDX: 0000000000000000 RSI: ffff8881db8cf400 RDI: ffff8881db8cf3f0 [ 26.606913][ T357] RBP: 0000000000000030 R08: dffffc0000000000 R09: ffff8881db8cf3f0 [ 26.606920][ T357] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 26.606926][ T357] R13: ffff8881db8cf3f0 R14: 0000000000000000 R15: ffff8881db8cf3f0 [ 26.606944][ T357] FS: 00005555570e1480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 26.617535][ T23] audit: type=1400 audit(1711490023.450:72): avc: denied { link } for pid=357 comm="syz-executor989" name="file1" dev="incremental-fs" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 26.622712][ T357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.622720][ T357] CR2: 0000000020000040 CR3: 00000001dc36a000 CR4: 00000000003406b0 [ 26.622729][ T357] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.622735][ T357] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.622738][ T357] Call Trace: [ 26.622757][ T357] ? __die+0xb4/0x100 [ 26.622780][ T357] ? die+0x26/0x50 [ 26.642970][ T23] audit: type=1400 audit(1711490023.450:73): avc: denied { read write } for pid=357 comm="syz-executor989" name="file3" dev="incremental-fs" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 26.665488][ T357] ? do_general_protection+0x266/0x3c0 [ 26.665500][ T357] ? deref_stack_reg+0x15c/0x1f0 [ 26.665510][ T357] ? do_trap+0x340/0x340 [ 26.665520][ T357] ? get_reg+0x220/0x220 [ 26.665536][ T357] ? get_reg+0x220/0x220 [ 26.828950][ T357] ? __unwind_start+0x708/0x890 [ 26.833650][ T357] ? general_protection+0x28/0x30 [ 26.838596][ T357] ? security_inode_getattr+0x42/0x120 [ 26.843889][ T357] ? security_inode_getattr+0x1a/0x120 [ 26.849168][ T357] vfs_getattr+0x27/0x700 [ 26.853335][ T357] ? memset+0x1f/0x40 [ 26.857170][ T357] ovl_copy_up_flags+0x5b2/0x29f0 [ 26.862048][ T357] ? __kasan_slab_free+0x233/0x270 [ 26.866965][ T357] ? selinux_file_open+0x4fb/0x6c0 [ 26.872037][ T357] ? security_file_open+0x61/0x2b0 [ 26.876976][ T357] ? ovl_set_origin+0xf0/0xf0 [ 26.881587][ T357] ? deref_stack_reg+0x1f0/0x1f0 [ 26.886374][ T357] ? deref_stack_reg+0x1f0/0x1f0 [ 26.891175][ T357] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 26.897040][ T357] ? stack_trace_save+0x1c0/0x1c0 [ 26.901918][ T357] ? avc_has_perm_noaudit+0x2f1/0x3d0 [ 26.907212][ T357] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 26.913187][ T357] ? avc_denied+0x1d0/0x1d0 [ 26.917603][ T357] ? stack_trace_save+0x118/0x1c0 [ 26.922483][ T357] ? preempt_count_add+0x8f/0x180 [ 26.927410][ T357] ? __mnt_want_write+0x1e6/0x260 [ 26.932291][ T357] ovl_maybe_copy_up+0x14e/0x180 [ 26.937376][ T357] ovl_open+0xa3/0x320 [ 26.941278][ T357] ? security_file_open+0x1e2/0x2b0 [ 26.946322][ T357] ? ovl_mmap+0x510/0x510 [ 26.950778][ T357] do_dentry_open+0x964/0x1130 [ 26.955414][ T357] ? debug_smp_processor_id+0x20/0x20 [ 26.960573][ T357] ? finish_open+0xd0/0xd0 [ 26.964826][ T357] dentry_open+0xb1/0xf0 [ 26.969042][ T357] file_open+0x2ab/0x620 [ 26.973624][ T357] ? incfs_file_mmap+0x120/0x120 [ 26.979604][ T357] ? security_file_open+0x1e2/0x2b0 [ 26.984570][ T357] ? incfs_file_mmap+0x120/0x120 [ 26.989416][ T357] do_dentry_open+0x964/0x1130 [ 26.994031][ T357] ? finish_open+0xd0/0xd0 [ 26.998277][ T357] ? memcpy+0x38/0x50 [ 27.002092][ T357] path_openat+0x2992/0x3480 [ 27.006544][ T357] ? debug_smp_processor_id+0x20/0x20 [ 27.011742][ T357] ? do_filp_open+0x450/0x450 [ 27.016250][ T357] ? do_sys_open+0x357/0x810 [ 27.020745][ T357] ? do_syscall_64+0xca/0x1c0 [ 27.025258][ T357] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 27.031165][ T357] do_filp_open+0x20b/0x450 [ 27.035501][ T357] ? vfs_tmpfile+0x280/0x280 [ 27.039943][ T357] ? _raw_spin_unlock+0x49/0x60 [ 27.044616][ T357] ? __alloc_fd+0x4c1/0x560 [ 27.048951][ T357] do_sys_open+0x39c/0x810 [ 27.053209][ T357] ? file_open_root+0x490/0x490 [ 27.057895][ T357] ? switch_fpu_return+0x1d4/0x410 [ 27.062844][ T357] do_syscall_64+0xca/0x1c0 [ 27.067178][ T357] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 27.072904][ T357] Modules linked in: [ 27.076952][ T23] audit: type=1400 audit(1711490023.450:74): avc: denied { open } for pid=357 comm="syz-executor989" path="/root/file0/file3" dev="incremental-fs" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 27.101119][ T357] ---[ end trace 6d8a3904c6a322b6 ]--- [ 27.106377][ T357] RIP: 0010:security_inode_getattr+0x42/0x120 [ 27.112280][ T357] Code: 5c ff 49 8d 5f 08 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 cc fd 8b ff 48 8b 2b 48 83 c5 30 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 ef e8 af fd 8b ff 48 8b 6d 00 48 83 c5 [ 27.131719][ T357] RSP: 0018:ffff8881db8cef58 EFLAGS: 00010206 [ 27.137611][ T357] RAX: 0000000000000006 RBX: ffff8881db8cf3f8 RCX: ffff8881dc1a8fc0 [ 27.145433][ T357] RDX: 0000000000000000 RSI: ffff8881db8cf400 RDI: ffff8881db8cf3f0 [ 27.153232][ T357] RBP: 0000000000000030 R08: dffffc0000000000 R09: ffff8881db8cf3f0 [ 27.161108][ T357] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 27.168953][ T357] R13: ffff8881db8cf3f0 R14: 0000000000000000 R15: ffff8881db8cf3f0 [ 27.176751][ T357] FS: 00005555570e1480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 27.185562][ T357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.191954][ T357] CR2: 0000000020000040 CR3: 00000001dc36a000 CR4: 00000000003406b0 [ 27.199770][ T357] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.207738][ T357] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.215565][ T357] Kernel panic - not syncing: Fatal exception [ 27.221849][ T357] Kernel Offset: disabled [ 27.225972][ T357] Rebooting in 86400 seconds..