./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2601116719 <...> [ 3.302550][ T24] audit: type=1400 audit(1684531030.380:9): avc: denied { append open } for pid=75 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.305852][ T24] audit: type=1400 audit(1684531030.380:10): avc: denied { getattr } for pid=75 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.596217][ T92] udevd[92]: starting version 3.2.11 [ 3.628304][ T93] udevd[93]: starting eudev-3.2.11 [ 11.107626][ T24] kauditd_printk_skb: 50 callbacks suppressed [ 11.107635][ T24] audit: type=1400 audit(1684531038.210:61): avc: denied { transition } for pid=217 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.113673][ T24] audit: type=1400 audit(1684531038.210:62): avc: denied { noatsecure } for pid=217 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.119369][ T24] audit: type=1400 audit(1684531038.220:63): avc: denied { write } for pid=217 comm="sh" path="pipe:[13709]" dev="pipefs" ino=13709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 11.126184][ T24] audit: type=1400 audit(1684531038.220:64): avc: denied { rlimitinh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.129545][ T24] audit: type=1400 audit(1684531038.220:65): avc: denied { siginh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.123' (ECDSA) to the list of known hosts. execve("./syz-executor2601116719", ["./syz-executor2601116719"], 0x7ffc02c45c10 /* 10 vars */) = 0 brk(NULL) = 0x5555565cf000 brk(0x5555565cfc40) = 0x5555565cfc40 arch_prctl(ARCH_SET_FS, 0x5555565cf300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2601116719", 4096) = 28 brk(0x5555565f0c40) = 0x5555565f0c40 brk(0x5555565f1000) = 0x5555565f1000 mprotect(0x7f1273736000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f126b27d000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7f126b27d000, 262144) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file1", 0777) = 0 [ 20.124475][ T24] audit: type=1400 audit(1684531047.230:66): avc: denied { execmem } for pid=286 comm="syz-executor260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.130623][ T24] audit: type=1400 audit(1684531047.230:67): avc: denied { read write } for pid=286 comm="syz-executor260" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.134417][ T286] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 20.140834][ T24] audit: type=1400 audit(1684531047.230:68): avc: denied { open } for pid=286 comm="syz-executor260" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.147345][ T286] EXT4-fs (loop0): 1 truncate cleaned up [ 20.157067][ T24] audit: type=1400 audit(1684531047.230:69): avc: denied { ioctl } for pid=286 comm="syz-executor260" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.173473][ T286] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,errors=continue,debug_want_extra_isize=0x0000000000000040,dioread_nolock,max_batch_time=0x0000000000000008,nombcache,,errors=continue mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,errors=continue,debug_want_extra_isize=0x0000000000000040,di"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 setxattr("./file1", "trusted.overlay.opaque", NULL, 0, 0) = 0 setxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4117, 0) = 0 [ 20.187898][ T24] audit: type=1400 audit(1684531047.240:70): avc: denied { mounton } for pid=286 comm="syz-executor260" path="/root/file1" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 20.216315][ T286] ------------[ cut here ]------------ [ 20.236390][ T24] audit: type=1400 audit(1684531047.310:71): avc: denied { mount } for pid=286 comm="syz-executor260" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 20.237862][ T286] kernel BUG at mm/slub.c:4184! [ 20.259461][ T24] audit: type=1400 audit(1684531047.310:72): avc: denied { setattr } for pid=286 comm="syz-executor260" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 20.259478][ T24] audit: type=1400 audit(1684531047.310:73): avc: denied { write } for pid=286 comm="syz-executor260" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 20.259504][ T24] audit: type=1400 audit(1684531047.310:74): avc: denied { remove_name } for pid=286 comm="syz-executor260" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 20.264874][ T286] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 20.286086][ T24] audit: type=1400 audit(1684531047.310:75): avc: denied { unlink } for pid=286 comm="syz-executor260" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 20.307634][ T286] CPU: 0 PID: 286 Comm: syz-executor260 Not tainted 5.10.178-syzkaller-00127-g43c801dc3325 #0 [ 20.307641][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 20.307667][ T286] RIP: 0010:kfree+0x269/0x270 [ 20.307687][ T286] Code: 08 4c 89 ee 48 89 da e8 d5 64 f2 ff 65 ff 0d 7a 74 5b 7e 0f 85 d2 fd ff ff e8 bf 85 59 ff e9 c8 fd ff ff e8 a9 c0 02 03 0f 0b <0f> 0b 0f 1f 44 00 00 55 48 89 e5 53 48 83 ec 18 89 f2 65 48 8b 04 [ 20.402798][ T286] RSP: 0018:ffffc9000094f780 EFLAGS: 00010246 [ 20.408697][ T286] RAX: ffffea00046ff408 RBX: ffff88810da785a4 RCX: ffffea0004369e00 [ 20.416508][ T286] RDX: 0000000000000000 RSI: 0000000000000012 RDI: ffff88810da785a4 [ 20.424325][ T286] RBP: ffffc9000094f7d8 R08: ffffffff81ed6e69 R09: 0000000000000003 [ 20.432124][ T286] R10: fffff52000129e70 R11: dffffc0000000001 R12: 0000000000000000 [ 20.439937][ T286] R13: ffffffff8197a405 R14: 0000000000000000 R15: ffffea0004369e00 [ 20.447753][ T286] FS: 00005555565cf300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 20.456522][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.462938][ T286] CR2: 0000000020001000 CR3: 000000011eb9c000 CR4: 00000000003506b0 [ 20.470926][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.478736][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.486541][ T286] Call Trace: [ 20.489679][ T286] ? kfree+0xc3/0x270 [ 20.493505][ T286] kvfree+0x35/0x40 [ 20.497140][ T286] ext4_expand_extra_isize_ea+0x1124/0x1e60 [ 20.502871][ T286] ? ext4_xattr_set+0x3d0/0x3d0 [ 20.507551][ T286] ? dquot_initialize_needed+0x13d/0x370 [ 20.513022][ T286] __ext4_expand_extra_isize+0x303/0x3f0 [ 20.518491][ T286] __ext4_mark_inode_dirty+0x4a7/0x7b0 [ 20.523781][ T286] ? sb_end_intwrite+0x110/0x110 [ 20.528555][ T286] ? current_time+0x1af/0x2f0 [ 20.533210][ T286] ? atime_needs_update+0x5a0/0x5a0 [ 20.538244][ T286] ? __ext4_unlink+0x6f0/0xac0 [ 20.542840][ T286] ? memcpy+0x56/0x70 [ 20.546660][ T286] __ext4_unlink+0x8b5/0xac0 [ 20.551106][ T286] ? ext4_orphan_del+0x7c0/0x7c0 [ 20.555974][ T286] ? down_write+0xd7/0x150 [ 20.560214][ T286] ? down_read_killable+0x220/0x220 [ 20.565257][ T286] ? may_delete+0x533/0x760 [ 20.569596][ T286] ext4_unlink+0x142/0x3f0 [ 20.573847][ T286] vfs_unlink+0x23b/0x510 [ 20.578019][ T286] do_unlinkat+0x430/0x8b0 [ 20.582259][ T286] ? fsnotify_link_count+0x90/0x90 [ 20.587206][ T286] ? __check_object_size+0x2e6/0x3c0 [ 20.592329][ T286] ? strncpy_from_user+0x18e/0x2d0 [ 20.597275][ T286] ? getname_flags+0x1fd/0x520 [ 20.601872][ T286] __x64_sys_unlinkat+0xcd/0xf0 [ 20.606572][ T286] do_syscall_64+0x34/0x70 [ 20.610816][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 20.616549][ T286] RIP: 0033:0x7f12736c9c19 [ 20.620797][ T286] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 20.640233][ T286] RSP: 002b:00007ffc84aca198 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 20.648479][ T286] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f12736c9c19 [ 20.656289][ T286] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 20.664098][ T286] RBP: 00007f1273689250 R08: 0000000000000000 R09: 0000000000000000 [ 20.672098][ T286] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f12736892e0 [ 20.679931][ T286] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 20.687717][ T286] Modules linked in: [ 20.691569][ T286] ---[ end trace 65ee02ff428f446b ]--- [ 20.696768][ T286] RIP: 0010:kfree+0x269/0x270 [ 20.701276][ T286] Code: 08 4c 89 ee 48 89 da e8 d5 64 f2 ff 65 ff 0d 7a 74 5b 7e 0f 85 d2 fd ff ff e8 bf 85 59 ff e9 c8 fd ff ff e8 a9 c0 02 03 0f 0b <0f> 0b 0f 1f 44 00 00 55 48 89 e5 53 48 83 ec 18 89 f2 65 48 8b 04 [ 20.720756][ T286] RSP: 0018:ffffc9000094f780 EFLAGS: 00010246 [ 20.726625][ T286] RAX: ffffea00046ff408 RBX: ffff88810da785a4 RCX: ffffea0004369e00 [ 20.734585][ T286] RDX: 0000000000000000 RSI: 0000000000000012 RDI: ffff88810da785a4 [ 20.742331][ T286] RBP: ffffc9000094f7d8 R08: ffffffff81ed6e69 R09: 0000000000000003 [ 20.750221][ T286] R10: fffff52000129e70 R11: dffffc0000000001 R12: 0000000000000000 [ 20.757969][ T286] R13: ffffffff8197a405 R14: 0000000000000000 R15: ffffea0004369e00 [ 20.765790][ T286] FS: 00005555565cf300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 20.774629][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.781026][ T286] CR2: 0000000020001000 CR3: 000000011eb9c000 CR4: 00000000003506b0 [ 20.788873][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.796678][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.804494][ T286] Kernel panic - not syncing: Fatal exception [ 20.810561][ T286] Kernel Offset: disabled [ 20.814689][ T286] Rebooting in 86400 seconds..