./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3380544922 <...> Warning: Permanently added '10.128.0.204' (ED25519) to the list of known hosts. execve("./syz-executor3380544922", ["./syz-executor3380544922"], 0x7ffd7d3f6480 /* 10 vars */) = 0 brk(NULL) = 0x5555630cf000 brk(0x5555630cfe00) = 0x5555630cfe00 arch_prctl(ARCH_SET_FS, 0x5555630cf480) = 0 set_tid_address(0x5555630cf750) = 288 set_robust_list(0x5555630cf760, 24) = 0 rseq(0x5555630cfda0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3380544922", 4096) = 28 getrandom("\x6a\x04\x88\xd6\x4d\x3b\x06\xcb", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555630cfe00 brk(0x5555630f0e00) = 0x5555630f0e00 brk(0x5555630f1000) = 0x5555630f1000 mprotect(0x7f151a3ed000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f151a347bf0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f151a34efe0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f151a347bf0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f151a34efe0}, NULL, 8) = 0 write(1, "executing program\n", 18executing program ) = 18 mkdirat(AT_FDCWD, "./file0", 000) = 0 mount("./file0", "./file0", "incremental-fs", 0, NULL) = 0 openat(-1, ".pending_reads", O_RDONLY) = -1 EBADF (Bad file descriptor) mkdir("./file0", 0777) = -1 EEXIST (File exists) mount(NULL, "./file0", 0x200000000000, MS_REMOUNT, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 mprotect(0x200000000000, 16384, PROT_READ) = 0 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x200000000040} --- --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x200000000000} --- [ 30.475893][ T30] audit: type=1400 audit(1753894253.460:64): avc: denied { execmem } for pid=288 comm="syz-executor338" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 30.496539][ T30] audit: type=1400 audit(1753894253.480:65): avc: denied { mounton } for pid=288 comm="syz-executor338" path="/root/file0" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 30.504918][ T288] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN [ 30.519960][ T30] audit: type=1400 audit(1753894253.480:66): avc: denied { mount } for pid=288 comm="syz-executor338" name="/" dev="incremental-fs" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 30.530932][ T288] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 30.530947][ T288] CPU: 0 PID: 288 Comm: syz-executor338 Not tainted 5.15.189-syzkaller-00091-gf32b52534f1d #0 [ 30.530962][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 30.530969][ T288] RIP: 0010:dir_rename_wrap+0x167/0x6a0 [ 30.555538][ T30] audit: type=1400 audit(1753894253.480:67): avc: denied { remount } for pid=288 comm="syz-executor338" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 30.562885][ T288] Code: 89 e7 e8 fc 44 a5 ff 4d 8b 34 24 eb 08 e8 11 ca 66 ff 45 31 f6 49 83 c6 08 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 f7 e8 cb 44 a5 ff 4d 8b 36 4d 85 f6 0f 84 [ 30.573405][ T30] audit: type=1400 audit(1753894253.480:68): avc: denied { write } for pid=288 comm="syz-executor338" name="/" dev="incremental-fs" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 30.583196][ T288] RSP: 0018:ffffc900009e7a40 EFLAGS: 00010202 [ 30.583213][ T288] RAX: 0000000000000001 RBX: ffff888121532860 RCX: dffffc0000000000 [ 30.583223][ T288] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 30.583231][ T288] RBP: ffffc900009e7b70 R08: dffffc0000000000 R09: fffff5200013cf39 [ 30.583242][ T288] R10: fffff5200013cf39 R11: 1ffff9200013cf38 R12: ffff888120d84078 [ 30.589119][ T30] audit: type=1400 audit(1753894253.480:69): avc: denied { remove_name } for pid=288 comm="syz-executor338" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 30.609216][ T288] R13: 1ffff9200013cf54 R14: 0000000000000008 R15: ffff888121532800 [ 30.609237][ T288] FS: 00005555630cf480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 30.609250][ T288] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.609261][ T288] CR2: 0000200000000000 CR3: 0000000124854000 CR4: 00000000003506b0 [ 30.609274][ T288] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.609282][ T288] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.609292][ T288] Call Trace: [ 30.609297][ T288] [ 30.609304][ T288] ? rwsem_write_trylock+0x130/0x300 [ 30.773201][ T288] ? dir_rmdir+0x310/0x310 [ 30.777710][ T288] ? down_write+0x15/0x30 [ 30.782023][ T288] ? try_break_deleg+0x7c/0x130 [ 30.786853][ T288] ? dir_rmdir+0x310/0x310 [ 30.791254][ T288] vfs_rename+0xbb6/0x10d0 [ 30.795674][ T288] ? __ia32_sys_link+0x90/0x90 [ 30.800427][ T288] ? d_alloc+0x199/0x1d0 [ 30.804695][ T288] ? lookup_one_qstr_excl+0x122/0x250 [ 30.810045][ T288] do_renameat2+0x7ed/0xf60 [ 30.814708][ T288] ? fsnotify_move+0x450/0x450 [ 30.819465][ T288] ? getname_flags+0x206/0x500 [ 30.824223][ T288] __x64_sys_rename+0x86/0x90 [ 30.828885][ T288] x64_sys_call+0x680/0x9a0 [ 30.833400][ T288] do_syscall_64+0x4c/0xa0 [ 30.837797][ T288] ? clear_bhb_loop+0x50/0xa0 [ 30.842539][ T288] ? clear_bhb_loop+0x50/0xa0 [ 30.847474][ T288] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.853347][ T288] RIP: 0033:0x7f151a37ac49 [ 30.857741][ T288] Code: 48 83 c4 28 c3 e8 67 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 30.877431][ T288] RSP: 002b:00007ffd30c09d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 30.885824][ T288] RAX: ffffffffffffffda RBX: 0073646165725f67 RCX: 00007f151a37ac49 [ 30.893777][ T288] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000200000000040 [ 30.901729][ T288] RBP: 00007ffd30c09d48 R08: 00007ffd30c09d48 R09: 00007f151a347bf0 [ 30.909834][ T288] R10: 00007ffd30c09d40 R11: 0000000000000246 R12: 0000000000000000 [ 30.917807][ T288] R13: 00007ffd30c09fa8 R14: 0000000000000001 R15: 0000000000000001 [ 30.925890][ T288] [ 30.928985][ T288] Modules linked in: [ 30.933212][ T288] ---[ end trace ab98c4e68a86fa72 ]--- [ 30.934043][ T30] audit: type=1400 audit(1753894253.480:70): avc: denied { rename } for pid=288 comm="syz-executor338" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 30.938935][ T288] RIP: 0010:dir_rename_wrap+0x167/0x6a0 [ 30.963457][ T30] audit: type=1400 audit(1753894253.480:71): avc: denied { add_name } for pid=288 comm="syz-executor338" name="fuse" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 30.968951][ T288] Code: 89 e7 e8 fc 44 a5 ff 4d 8b 34 24 eb 08 e8 11 ca 66 ff 45 31 f6 49 83 c6 08 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 f7 e8 cb 44 a5 ff 4d 8b 36 4d 85 f6 0f 84 [ 30.989877][ T30] audit: type=1400 audit(1753894253.540:72): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 31.009462][ T288] RSP: 0018:ffffc900009e7a40 EFLAGS: 00010202 [ 31.031034][ T30] audit: type=1400 audit(1753894253.540:73): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 31.037115][ T288] RAX: 0000000000000001 RBX: ffff888121532860 RCX: dffffc0000000000 [ 31.066353][ T288] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 31.074338][ T288] RBP: ffffc900009e7b70 R08: dffffc0000000000 R09: fffff5200013cf39 [ 31.082300][ T288] R10: fffff5200013cf39 R11: 1ffff9200013cf38 R12: ffff888120d84078 [ 31.090453][ T288] R13: 1ffff9200013cf54 R14: 0000000000000008 R15: ffff888121532800 [ 31.098586][ T288] FS: 00005555630cf480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 31.107543][ T288] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.114228][ T288] CR2: 000055ac2918d388 CR3: 0000000124854000 CR4: 00000000003506a0 [ 31.122539][ T288] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.130558][ T288] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.138568][ T288] Kernel panic - not syncing: Fatal exception [ 31.144892][ T288] Kernel Offset: disabled [ 31.149196][ T288] Rebooting in 86400 seconds..