./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1449772793 <...> Warning: Permanently added '10.128.0.198' (ECDSA) to the list of known hosts. execve("./syz-executor1449772793", ["./syz-executor1449772793"], 0x7fff33c06b80 /* 10 vars */) = 0 brk(NULL) = 0x555555deb000 brk(0x555555debd00) = 0x555555debd00 arch_prctl(ARCH_SET_FS, 0x555555deb3c0) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1449772793", 4096) = 28 brk(0x555555e0cd00) = 0x555555e0cd00 brk(0x555555e0d000) = 0x555555e0d000 mprotect(0x7fb59bed7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fb59be26f60, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fb59be27da0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fb59be26f60, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fb59be27da0}, NULL, 8) = 0 getpid() = 371 mkdir("./syzkaller.reI6Ie", 0700) = 0 chmod("./syzkaller.reI6Ie", 0777) = 0 chdir("./syzkaller.reI6Ie") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555deb690) = 373 ./strace-static-x86_64: Process 373 attached [pid 373] chdir("./0") = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 373] setpgid(0, 0) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 373] mkdir("./file0", 0777) = 0 [pid 373] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 373] mount("./file0", "./file0", NULL, MS_BIND|MS_MOVE|MS_REC|MS_SILENT, NULL) = 0 [pid 373] mkdir("./file0", 0777) = -1 EEXIST (File exists) [ 20.046933][ T24] audit: type=1400 audit(1662648240.530:73): avc: denied { execmem } for pid=371 comm="syz-executor144" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.051886][ T24] audit: type=1400 audit(1662648240.540:74): avc: denied { read write } for pid=371 comm="syz-executor144" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.055433][ T24] audit: type=1400 audit(1662648240.540:75): avc: denied { open } for pid=371 comm="syz-executor144" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.059022][ T24] audit: type=1400 audit(1662648240.540:76): avc: denied { ioctl } for pid=371 comm="syz-executor144" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.065204][ T24] audit: type=1400 audit(1662648240.550:77): avc: denied { mounton } for pid=373 comm="syz-executor144" path="/root/syzkaller.reI6Ie/0/file0" dev="sda1" ino=1141 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 373] mount(NULL, "./file0", 0x20000100, MS_REMOUNT|MS_NODIRATIME|MS_SILENT|MS_I_VERSION, "debug_want_extra_isize=0x000000000000007a,,errors=continue") = 0 [pid 373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 373] exit_group(0) = ? [pid 373] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555dec6e0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555df4720 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555df4720 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555555dec6e0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 [ 20.077823][ T24] audit: type=1400 audit(1662648240.570:78): avc: denied { remount } for pid=373 comm="syz-executor144" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 20.079323][ T373] EXT4-fs (sda1): re-mounted. Opts: debug_want_extra_isize=0x000000000000007a,,errors=continue [ 20.112898][ T24] audit: type=1400 audit(1662648240.600:79): avc: denied { unmount } for pid=371 comm="syz-executor144" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 20.118964][ T371] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 20.144327][ T371] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 20.152729][ T371] CPU: 1 PID: 371 Comm: syz-executor144 Not tainted 5.10.140-syzkaller-00825-g59390358870a #0 [ 20.162941][ T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 20.172975][ T371] RIP: 0010:ext4_xattr_set_entry+0x4ad/0x37e0 [ 20.179011][ T371] Code: 00 00 48 89 d8 48 c1 e8 03 48 89 84 24 28 01 00 00 42 80 3c 20 00 74 08 48 89 df e8 1d 97 ba ff 4c 8b 33 4c 89 f0 48 c1 e8 03 <42> 8a 04 20 84 c0 0f 85 46 2d 00 00 4c 89 f8 48 2b 44 24 18 48 89 [ 20.198585][ T371] RSP: 0018:ffffc90000b873c0 EFLAGS: 00010246 [ 20.204657][ T371] RAX: 0000000000000000 RBX: ffffc90000b877c0 RCX: ffff8881067a8000 [ 20.212598][ T371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001c [ 20.220558][ T371] RBP: ffffc90000b87658 R08: ffffffff81ec6059 R09: ffffed1021d6c76d [ 20.228501][ T371] R10: ffffed1021d6c76d R11: 1ffff11021d6c76c R12: dffffc0000000000 [ 20.236454][ T371] R13: 1ffff92000170ef2 R14: 0000000000000000 R15: 0000000000000000 [ 20.244397][ T371] FS: 0000555555deb3c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 20.253294][ T371] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.259846][ T371] CR2: 0000555555dfc728 CR3: 000000011e012000 CR4: 00000000003506a0 [ 20.267800][ T371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.276150][ T371] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.284101][ T371] Call Trace: [ 20.287369][ T371] ? jbd2_journal_get_write_access+0x2ab/0x2d0 [ 20.293607][ T371] ? ext4_xattr_ibody_inline_set+0x380/0x380 [ 20.299565][ T371] ? __ext4_journal_ensure_credits+0x460/0x460 [ 20.305700][ T371] ? __kasan_check_write+0x14/0x20 [ 20.310787][ T371] ? _raw_spin_lock_irqsave+0xf8/0x210 [ 20.316218][ T371] ? ext4_reserve_inode_write+0x2d2/0x380 [ 20.321914][ T371] ? __kasan_check_write+0x14/0x20 [ 20.327005][ T371] ext4_xattr_ibody_set+0x7c/0x2a0 [ 20.332093][ T371] ext4_xattr_set_handle+0xc5d/0x15a0 [ 20.337441][ T371] ? ext4_xattr_set_entry+0x37e0/0x37e0 [ 20.342962][ T371] ? selinux_inode_free_security+0x200/0x200 [ 20.348908][ T371] ext4_initxattrs+0xb2/0x120 [ 20.353571][ T371] security_inode_init_security+0x26c/0x3c0 [ 20.359448][ T371] ? ext4_init_security+0x40/0x40 [ 20.364442][ T371] ? security_dentry_create_files_as+0xd0/0xd0 [ 20.370567][ T371] ? __ext4_set_acl+0x5f0/0x5f0 [ 20.375386][ T371] ? ext4_has_metadata_csum+0x1f0/0x1f0 [ 20.380902][ T371] ext4_init_security+0x34/0x40 [ 20.385731][ T371] __ext4_new_inode+0x3648/0x4530 [ 20.390742][ T371] ? ext4_mark_inode_used+0xc00/0xc00 [ 20.396087][ T371] ? dquot_initialize+0x20/0x20 [ 20.400928][ T371] ? may_create+0x641/0x8b0 [ 20.405407][ T371] ext4_mkdir+0x3b3/0xbb0 [ 20.409711][ T371] ? ext4_symlink+0xf50/0xf50 [ 20.414366][ T371] ? selinux_inode_mkdir+0x22/0x30 [ 20.419479][ T371] ? security_inode_mkdir+0xf1/0x130 [ 20.424738][ T371] vfs_mkdir+0x435/0x610 [ 20.428953][ T371] do_mkdirat+0x1b6/0x2d0 [ 20.433266][ T371] ? do_mknodat+0x430/0x430 [ 20.437762][ T371] __x64_sys_mkdir+0x60/0x70 [ 20.442325][ T371] do_syscall_64+0x34/0x70 [ 20.446718][ T371] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 20.452614][ T371] RIP: 0033:0x7fb59be693d7 [ 20.457004][ T371] Code: 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 20.476581][ T371] RSP: 002b:00007ffc053936d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 20.484963][ T371] RAX: ffffffffffffffda RBX: 0000000000004e46 RCX: 00007fb59be693d7 [ 20.492905][ T371] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00007ffc05393710 [ 20.500930][ T371] RBP: 0000000000000175 R08: 0000000000000000 R09: 0000000000000003 [ 20.508870][ T371] R10: 00007ffc05393477 R11: 0000000000000206 R12: 00007ffc053936fc [ 20.516826][ T371] R13: 00007ffc05393730 R14: 00007ffc05393710 R15: 0000000000000001 [ 20.524779][ T371] Modules linked in: [ 20.528753][ T371] ---[ end trace 58fa3ede2a53b241 ]--- [ 20.534211][ T371] RIP: 0010:ext4_xattr_set_entry+0x4ad/0x37e0 [ 20.540299][ T371] Code: 00 00 48 89 d8 48 c1 e8 03 48 89 84 24 28 01 00 00 42 80 3c 20 00 74 08 48 89 df e8 1d 97 ba ff 4c 8b 33 4c 89 f0 48 c1 e8 03 <42> 8a 04 20 84 c0 0f 85 46 2d 00 00 4c 89 f8 48 2b 44 24 18 48 89 [ 20.559966][ T371] RSP: 0018:ffffc90000b873c0 EFLAGS: 00010246 [ 20.566015][ T371] RAX: 0000000000000000 RBX: ffffc90000b877c0 RCX: ffff8881067a8000 [ 20.573988][ T371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001c [ 20.581955][ T371] RBP: ffffc90000b87658 R08: ffffffff81ec6059 R09: ffffed1021d6c76d [ 20.589927][ T371] R10: ffffed1021d6c76d R11: 1ffff11021d6c76c R12: dffffc0000000000 [ 20.597890][ T371] R13: 1ffff92000170ef2 R14: 0000000000000000 R15: 0000000000000000 [ 20.605833][ T371] FS: 0000555555deb3c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 20.614758][ T371] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.621328][ T371] CR2: 0000555555dfc728 CR3: 000000011e012000 CR4: 00000000003506a0 [ 20.629292][ T371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.637273][ T371] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.645222][ T371] Kernel panic - not syncing: Fatal exception [ 20.651450][ T371] Kernel Offset: disabled [ 20.655757][ T371] Rebooting in 86400 seconds..