./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor270715227 <...> Warning: Permanently added '10.128.1.31' (ED25519) to the list of known hosts. execve("./syz-executor270715227", ["./syz-executor270715227"], 0x7ffd48bd7800 /* 10 vars */) = 0 brk(NULL) = 0x555555a44000 brk(0x555555a44d00) = 0x555555a44d00 arch_prctl(ARCH_SET_FS, 0x555555a44380) = 0 set_tid_address(0x555555a44650) = 286 set_robust_list(0x555555a44660, 24) = 0 rseq(0x555555a44ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor270715227", 4096) = 27 getrandom("\x5d\x95\x3a\x50\x09\x2a\xd1\xaf", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555a44d00 brk(0x555555a65d00) = 0x555555a65d00 brk(0x555555a66000) = 0x555555a66000 mprotect(0x7f2b88f95000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdirat(AT_FDCWD, "./file0", 000) = 0 mount(NULL, "./file0", "tmpfs", 0, NULL) = 0 mkdir("./file0/file0", 000) = 0 mount("./file0", "./file0", "incremental-fs", 0, NULL) = 0 chdir("./file0/../file0") = 0 open(".", O_RDONLY) = 3 [ 20.904189][ T24] audit: type=1400 audit(1711536631.259:66): avc: denied { execmem } for pid=286 comm="syz-executor270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.908259][ T286] incfs: ino conflict with backing FS 1 [ 20.923491][ T24] audit: type=1400 audit(1711536631.259:67): avc: denied { mounton } for pid=286 comm="syz-executor270" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 mkdirat(3, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 renameat2(3, "./file0", 3, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", RENAME_EXCHANGE) = 0 [ 20.931059][ T286] incfs: ino conflict with backing FS 5 [ 20.951551][ T24] audit: type=1400 audit(1711536631.259:68): avc: denied { mount } for pid=286 comm="syz-executor270" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 20.957445][ T286] incfs: ino conflict with backing FS 2 [ 20.978759][ T24] audit: type=1400 audit(1711536631.259:69): avc: denied { mounton } for pid=286 comm="syz-executor270" path="/root/file0" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 20.984928][ T286] ------------[ cut here ]------------ [ 21.006710][ T24] audit: type=1400 audit(1711536631.289:70): avc: denied { mount } for pid=286 comm="syz-executor270" name="/" dev="incremental-fs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 21.012002][ T286] WARNING: CPU: 1 PID: 286 at fs/inode.c:304 drop_nlink+0xc1/0x110 [ 21.035157][ T24] audit: type=1400 audit(1711536631.289:71): avc: denied { write } for pid=286 comm="syz-executor270" name="/" dev="incremental-fs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.042844][ T286] Modules linked in: [ 21.065235][ T24] audit: type=1400 audit(1711536631.289:72): avc: denied { add_name } for pid=286 comm="syz-executor270" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.068946][ T286] CPU: 1 PID: 286 Comm: syz-executor270 Not tainted 5.10.209-syzkaller-00001-ge7daca75b4c3 #0 [ 21.102311][ T24] audit: type=1400 audit(1711536631.289:73): avc: denied { create } for pid=286 comm="syz-executor270" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 21.112371][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 21.145174][ T24] audit: type=1400 audit(1711536631.289:74): avc: denied { associate } for pid=286 comm="syz-executor270" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 21.155001][ T286] RIP: 0010:drop_nlink+0xc1/0x110 [ 21.189291][ T24] audit: type=1400 audit(1711536631.339:75): avc: denied { remove_name } for pid=286 comm="syz-executor270" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 dev="incremental-fs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.229951][ T286] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 c7 df f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 af 64 b3 ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 21.249483][ T286] RSP: 0018:ffffc90000bd78b8 EFLAGS: 00010293 [ 21.255361][ T286] RAX: ffffffff81b74341 RBX: 0000000000000000 RCX: ffff88811e4b13c0 [ 21.263271][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 21.271009][ T286] RBP: ffffc90000bd78e0 R08: ffffffff81b742c4 R09: 000000006603f9f7 [ 21.278877][ T286] R10: 000000001443fbf2 R11: 000000006603f9f7 R12: dffffc0000000000 [ 21.286645][ T286] R13: 1ffff11023cfc8fd R14: ffff88811e7e47a0 R15: ffff88811e7e47e8 [ 21.294416][ T286] FS: 0000555555a44380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 21.303347][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.309758][ T286] CR2: 0000000020004b30 CR3: 000000011e700000 CR4: 00000000003506a0 [ 21.317665][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.325421][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.333283][ T286] Call Trace: [ 21.336370][ T286] ? show_regs+0x58/0x60 [ 21.340424][ T286] ? __warn+0x160/0x2f0 [ 21.344421][ T286] ? drop_nlink+0xc1/0x110 [ 21.348716][ T286] ? report_bug+0x3d9/0x5b0 [ 21.353018][ T286] ? drop_nlink+0xc1/0x110 [ 21.357299][ T286] ? handle_bug+0x41/0x70 [ 21.361436][ T286] ? exc_invalid_op+0x1b/0x50 [ 21.365941][ T286] ? asm_exc_invalid_op+0x12/0x20 [ 21.370868][ T286] ? drop_nlink+0x44/0x110 [ 21.375062][ T286] ? drop_nlink+0xc1/0x110 [ 21.380160][ T286] ? drop_nlink+0xc1/0x110 [ 21.384351][ T286] ? drop_nlink+0xc1/0x110 [ 21.388641][ T286] shmem_unlink+0x22b/0x280 [ 21.392946][ T286] shmem_rename2+0x12c/0x5b0 [ 21.397436][ T286] vfs_rename+0x90e/0xda0 [ 21.401639][ T286] ? __ia32_sys_link+0x70/0x70 [ 21.406271][ T286] ? lockref_get_not_zero+0xce/0x1a0 [ 21.411472][ T286] ? lock_rename+0xe8/0x1a0 [ 21.415793][ T286] dir_rename_wrap+0x345/0x570 [ 21.420452][ T286] vfs_rename+0x90e/0xda0 [ 21.424565][ T286] ? mntput+0x5d/0xc0 [ 21.428608][ T286] ? __ia32_sys_link+0x70/0x70 [ 21.433344][ T286] ? __lookup_hash+0x1cf/0x290 [ 21.437969][ T286] ? lock_rename+0xe8/0x1a0 [ 21.442272][ T286] do_renameat2+0x88d/0x1130 [ 21.446822][ T286] ? fsnotify_move+0x290/0x290 [ 21.451386][ T286] __x64_sys_renameat2+0xdd/0xf0 [ 21.456195][ T286] do_syscall_64+0x34/0x70 [ 21.460779][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 21.466552][ T286] RIP: 0033:0x7f2b88f22529 [ 21.470745][ T286] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 21.490329][ T286] RSP: 002b:00007ffeae180528 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 21.498534][ T286] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f2b88f22529 [ 21.506338][ T286] RDX: 00000000ffffff9c RSI: 0000000020004b00 RDI: 0000000000000003 [ 21.514128][ T286] RBP: 00007f2b88f95610 R08: 0000000000000000 R09: 00007ffeae1806f8 [ 21.521970][ T286] R10: 0000000020000100 R11: 0000000000000246 R12: 0000000000000001 [ 21.529782][ T286] R13: 00007ffeae1806e8 R14: 0000000000000001 R15: 0000000000000001 [ 21.537591][ T286] ---[ end trace c35cd741cfec422e ]--- [ 21.542893][ T286] list_del corruption. prev->next should be ffff88811c8e55e0, but was ffff88811c8e5910 [ 21.552586][ T286] ------------[ cut here ]------------ [ 21.557868][ T286] kernel BUG at lib/list_debug.c:61! [ 21.562973][ T286] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 21.568872][ T286] CPU: 1 PID: 286 Comm: syz-executor270 Tainted: G W 5.10.209-syzkaller-00001-ge7daca75b4c3 #0 [ 21.580321][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 21.590239][ T286] RIP: 0010:__list_del_entry_valid+0x10c/0x120 [ 21.596211][ T286] Code: 4c 89 f6 e8 e5 cc 54 02 0f 0b 48 c7 c7 40 0e 60 85 4c 89 f6 e8 d4 cc 54 02 0f 0b 48 c7 c7 a0 0e 60 85 4c 89 f6 e8 c3 cc 54 02 <0f> 0b 48 c7 c7 00 0f 60 85 4c 89 f6 e8 b2 cc 54 02 0f 0b cc 55 48 [ 21.615738][ T286] RSP: 0018:ffffc90000bd7aa0 EFLAGS: 00010246 [ 21.621638][ T286] RAX: 0000000000000054 RBX: ffff88811c8e5910 RCX: 14ebe5f559437900 [ 21.629531][ T286] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 21.638214][ T286] RBP: ffffc90000bd7ac0 R08: ffffffff81521d98 R09: fffff5200017ae6d [ 21.646024][ T286] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 21.653852][ T286] R13: ffff88811c8e55a8 R14: ffff88811c8e55e0 R15: ffff88811c8e5d50 [ 21.661663][ T286] FS: 0000555555a44380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 21.670590][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.677100][ T286] CR2: 0000000020004b30 CR3: 000000011e700000 CR4: 00000000003506a0 [ 21.684924][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.692720][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.700530][ T286] Call Trace: [ 21.703663][ T286] ? __die_body+0x62/0xb0 [ 21.707822][ T286] ? die+0x88/0xb0 [ 21.711379][ T286] ? do_trap+0x1a4/0x310 [ 21.715460][ T286] ? __list_del_entry_valid+0x10c/0x120 [ 21.720844][ T286] ? handle_invalid_op+0x95/0xc0 [ 21.725614][ T286] ? __list_del_entry_valid+0x10c/0x120 [ 21.730995][ T286] ? exc_invalid_op+0x32/0x50 [ 21.735527][ T286] ? asm_exc_invalid_op+0x12/0x20 [ 21.740383][ T286] ? wake_up_klogd+0xb8/0xf0 [ 21.744818][ T286] ? __list_del_entry_valid+0x10c/0x120 [ 21.751064][ T286] __dentry_kill+0x250/0x650 [ 21.755745][ T286] dentry_kill+0xc0/0x2a0 [ 21.759940][ T286] dput+0x160/0x310 [ 21.763555][ T286] path_put+0x39/0x60 [ 21.767470][ T286] ? dentry_revalidate+0x350/0x350 [ 21.772426][ T286] dentry_release+0x52/0xb0 [ 21.776840][ T286] ? dentry_revalidate+0x350/0x350 [ 21.781800][ T286] __dentry_kill+0x4ad/0x650 [ 21.786294][ T286] dentry_kill+0xc0/0x2a0 [ 21.790631][ T286] dput+0x160/0x310 [ 21.794383][ T286] do_renameat2+0x9ae/0x1130 [ 21.799140][ T286] ? fsnotify_move+0x290/0x290 [ 21.803847][ T286] __x64_sys_renameat2+0xdd/0xf0 [ 21.808610][ T286] do_syscall_64+0x34/0x70 [ 21.812859][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 21.818590][ T286] RIP: 0033:0x7f2b88f22529 [ 21.822850][ T286] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 21.842277][ T286] RSP: 002b:00007ffeae180528 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 21.850603][ T286] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f2b88f22529 [ 21.858501][ T286] RDX: 00000000ffffff9c RSI: 0000000020004b00 RDI: 0000000000000003 [ 21.866314][ T286] RBP: 00007f2b88f95610 R08: 0000000000000000 R09: 00007ffeae1806f8 [ 21.874125][ T286] R10: 0000000020000100 R11: 0000000000000246 R12: 0000000000000001 [ 21.881934][ T286] R13: 00007ffeae1806e8 R14: 0000000000000001 R15: 0000000000000001 [ 21.889749][ T286] Modules linked in: [ 21.893552][ T286] ---[ end trace c35cd741cfec422f ]--- [ 21.898813][ T286] RIP: 0010:__list_del_entry_valid+0x10c/0x120 [ 21.904771][ T286] Code: 4c 89 f6 e8 e5 cc 54 02 0f 0b 48 c7 c7 40 0e 60 85 4c 89 f6 e8 d4 cc 54 02 0f 0b 48 c7 c7 a0 0e 60 85 4c 89 f6 e8 c3 cc 54 02 <0f> 0b 48 c7 c7 00 0f 60 85 4c 89 f6 e8 b2 cc 54 02 0f 0b cc 55 48 [ 21.924253][ T286] RSP: 0018:ffffc90000bd7aa0 EFLAGS: 00010246 [ 21.930143][ T286] RAX: 0000000000000054 RBX: ffff88811c8e5910 RCX: 14ebe5f559437900 [ 21.937959][ T286] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 21.945762][ T286] RBP: ffffc90000bd7ac0 R08: ffffffff81521d98 R09: fffff5200017ae6d [ 21.953584][ T286] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 21.961365][ T286] R13: ffff88811c8e55a8 R14: ffff88811c8e55e0 R15: ffff88811c8e5d50 [ 21.969414][ T286] FS: 0000555555a44380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 21.978134][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.984523][ T286] CR2: 0000000020004b30 CR3: 000000011e700000 CR4: 00000000003506a0 [ 21.992457][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.000254][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.008084][ T286] Kernel panic - not syncing: Fatal exception [ 22.014394][ T286] Kernel Offset: disabled [ 22.018533][ T286] Rebooting in 86400 seconds..