./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor879144654 <...> [ 2.742278][ T31] audit: type=1400 audit(1665934080.190:10): avc: denied { getattr } for pid=164 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 2.747471][ T166] acpid (166) used greatest stack depth: 24200 bytes left [ 2.843990][ T181] udevd[181]: starting version 3.2.10 [ 2.867112][ T182] udevd[182]: starting eudev-3.2.10 [ 2.868951][ T181] udevd (181) used greatest stack depth: 22976 bytes left [ 11.847307][ T31] kauditd_printk_skb: 49 callbacks suppressed [ 11.847316][ T31] audit: type=1400 audit(1665934089.310:60): avc: denied { transition } for pid=323 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.852727][ T31] audit: type=1400 audit(1665934089.310:61): avc: denied { write } for pid=323 comm="sh" path="pipe:[12406]" dev="pipefs" ino=12406 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 12.816227][ T327] scp (327) used greatest stack depth: 22368 bytes left [ 13.416625][ T332] sshd (332) used greatest stack depth: 22352 bytes left Warning: Permanently added '10.128.0.97' (ECDSA) to the list of known hosts. execve("./syz-executor879144654", ["./syz-executor879144654"], 0x7ffebe428c60 /* 10 vars */) = 0 brk(NULL) = 0x555555d6b000 brk(0x555555d6bc40) = 0x555555d6bc40 arch_prctl(ARCH_SET_FS, 0x555555d6b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor879144654", 4096) = 27 brk(0x555555d8cc40) = 0x555555d8cc40 brk(0x555555d8d000) = 0x555555d8d000 mprotect(0x7f0aecc2f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./file0", 000) = 0 creat("./file0/file0", 0135741) = 3 mount("./file0", "./file0", "incremental-fs", 0, NULL) = 0 [ 19.105871][ T31] audit: type=1400 audit(1665934096.560:62): avc: denied { execmem } for pid=412 comm="syz-executor879" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.110401][ T412] ------------[ cut here ]------------ [ 19.125359][ T31] audit: type=1400 audit(1665934096.570:63): avc: denied { mounton } for pid=412 comm="syz-executor879" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 19.130365][ T412] kernel BUG at fs/attr.c:377! [ 19.153238][ T31] audit: type=1400 audit(1665934096.570:64): avc: denied { mount } for pid=412 comm="syz-executor879" name="/" dev="incremental-fs" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 19.157469][ T412] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 19.180982][ T31] audit: type=1400 audit(1665934096.570:65): avc: denied { setattr } for pid=412 comm="syz-executor879" name="file0" dev="incremental-fs" ino=1139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 19.186563][ T412] CPU: 0 PID: 412 Comm: syz-executor879 Not tainted 5.15.73-syzkaller-04348-g44b8b2ac1d96 #0 [ 19.219807][ T412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 19.229790][ T412] RIP: 0010:notify_change+0x103e/0x1040 [ 19.235168][ T412] Code: f0 ff e9 61 fa ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 79 f5 ff ff 4c 89 e7 e8 2c 12 f0 ff e9 6c f5 ff ff e8 92 c5 ad ff <0f> 0b 55 48 89 e5 41 57 41 56 41 55 41 54 53 50 41 89 f4 49 89 fd [ 19.254607][ T412] RSP: 0018:ffffc900002cfaf0 EFLAGS: 00010293 [ 19.260515][ T412] RAX: ffffffff81c3cbfe RBX: 0000000000001847 RCX: ffff8881071813c0 [ 19.268318][ T412] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 19.276134][ T412] RBP: ffffc900002cfb78 R08: ffffffff81c3c198 R09: ffffc900002cfa60 [ 19.283942][ T412] R10: fffff52000059f4e R11: 1ffff92000059f4c R12: ffffc900002cfd40 [ 19.291751][ T412] R13: ffff88811e069cc0 R14: dffffc0000000000 R15: 0000000000000001 [ 19.299565][ T412] FS: 0000555555d6b300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 19.308336][ T412] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 19.314751][ T412] CR2: 0000000020000100 CR3: 000000011f755000 CR4: 00000000003506b0 [ 19.322571][ T412] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 19.330381][ T412] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 19.338185][ T412] Call Trace: [ 19.341311][ T412] [ 19.344097][ T412] incfs_setattr+0x238/0x3c0 [ 19.348520][ T412] ? file_release+0x180/0x180 [ 19.353031][ T412] notify_change+0xd8f/0x1040 [ 19.357542][ T412] ? down_read_killable+0x250/0x250 [ 19.362579][ T412] chown_common+0x526/0x7e0 [ 19.366914][ T412] ? kasan_quarantine_put+0x34/0x1b0 [ 19.372037][ T412] ? __ia32_sys_chmod+0x190/0x190 [ 19.376894][ T412] ? mnt_want_write+0x1bd/0x290 [ 19.381582][ T412] do_fchownat+0x175/0x250 [ 19.385835][ T412] ? chown_common+0x7e0/0x7e0 [ 19.390346][ T412] ? __x64_sys_creat+0x11f/0x160 [ 19.395127][ T412] ? __x64_compat_sys_openat+0x290/0x290 [ 19.400590][ T412] __x64_sys_chown+0x82/0x90 [ 19.405015][ T412] do_syscall_64+0x44/0xd0 [ 19.409268][ T412] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 19.414994][ T412] RIP: 0033:0x7f0aecbc2ba9 [ 19.419250][ T412] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 19.438691][ T412] RSP: 002b:00007ffd8da001a8 EFLAGS: 00000246 ORIG_RAX: 000000000000005c [ 19.446941][ T412] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f0aecbc2ba9 [ 19.454744][ T412] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000300 [ 19.462560][ T412] RBP: 2f30656c69662f2e R08: 0000000000000000 R09: 0000000000000000 [ 19.470370][ T412] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0aecb86de0 [ 19.478179][ T412] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 19.485995][ T412] [ 19.488854][ T412] Modules linked in: [ 19.492971][ T412] ---[ end trace 81a5101ef8a25cb2 ]--- [ 19.498248][ T412] RIP: 0010:notify_change+0x103e/0x1040 [ 19.503612][ T412] Code: f0 ff e9 61 fa ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 79 f5 ff ff 4c 89 e7 e8 2c 12 f0 ff e9 6c f5 ff ff e8 92 c5 ad ff <0f> 0b 55 48 89 e5 41 57 41 56 41 55 41 54 53 50 41 89 f4 49 89 fd [ 19.523279][ T412] RSP: 0018:ffffc900002cfaf0 EFLAGS: 00010293 [ 19.529152][ T412] RAX: ffffffff81c3cbfe RBX: 0000000000001847 RCX: ffff8881071813c0 [ 19.536984][ T412] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 19.544748][ T412] RBP: ffffc900002cfb78 R08: ffffffff81c3c198 R09: ffffc900002cfa60 [ 19.552597][ T412] R10: fffff52000059f4e R11: 1ffff92000059f4c R12: ffffc900002cfd40 [ 19.560447][ T412] R13: ffff88811e069cc0 R14: dffffc0000000000 R15: 0000000000000001 [ 19.568265][ T412] FS: 0000555555d6b300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 19.577017][ T412] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 19.583372][ T412] CR2: 0000000020000100 CR3: 000000011f755000 CR4: 00000000003506b0 [ 19.591223][ T412] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 19.599013][ T412] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 19.606839][ T412] Kernel panic - not syncing: Fatal exception [ 19.612900][ T412] Kernel Offset: disabled [ 19.617022][ T412] Rebooting in 86400 seconds..