./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2998379806 <...> Warning: Permanently added '10.128.0.145' (ED25519) to the list of known hosts. execve("./syz-executor2998379806", ["./syz-executor2998379806"], 0x7ffe89f9da00 /* 10 vars */) = 0 brk(NULL) = 0x55557ab26000 brk(0x55557ab26d00) = 0x55557ab26d00 arch_prctl(ARCH_SET_FS, 0x55557ab26380) = 0 set_tid_address(0x55557ab26650) = 290 set_robust_list(0x55557ab26660, 24) = 0 rseq(0x55557ab26ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2998379806", 4096) = 28 getrandom("\x23\x51\x82\x93\xda\x77\xc3\xd9", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557ab26d00 brk(0x55557ab47d00) = 0x55557ab47d00 brk(0x55557ab48000) = 0x55557ab48000 mprotect(0x7f1515771000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.6YuZnL", 0700) = 0 chmod("./syzkaller.6YuZnL", 0777) = 0 chdir("./syzkaller.6YuZnL") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557ab26650) = 291 executing program ./strace-static-x86_64: Process 291 attached [pid 291] set_robust_list(0x55557ab26660, 24) = 0 [pid 291] chdir("./0") = 0 [pid 291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 291] setpgid(0, 0) = 0 [pid 291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 291] write(3, "1000", 4) = 4 [pid 291] close(3) = 0 [pid 291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 291] write(1, "executing program\n", 18) = 18 [pid 291] memfd_create("syzkaller", 0) = 3 [pid 291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f150d2be000 [pid 291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 291] munmap(0x7f150d2be000, 138412032) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 24.872663][ T28] audit: type=1400 audit(1747213457.922:64): avc: denied { execmem } for pid=290 comm="syz-executor299" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 24.892514][ T28] audit: type=1400 audit(1747213457.922:65): avc: denied { read write } for pid=290 comm="syz-executor299" name="loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.910830][ T291] loop0: detected capacity change from 0 to 512 [pid 291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 291] close(3) = 0 [pid 291] close(4) = 0 [pid 291] mkdir("./file0", 0777) = 0 [ 24.917818][ T28] audit: type=1400 audit(1747213457.922:66): avc: denied { open } for pid=290 comm="syz-executor299" path="/dev/loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.947417][ T28] audit: type=1400 audit(1747213457.922:67): avc: denied { ioctl } for pid=290 comm="syz-executor299" path="/dev/loop0" dev="devtmpfs" ino=118 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.959747][ T291] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor299: inode #1: comm syz-executor299: iget: illegal inode # [ 24.973934][ T28] audit: type=1400 audit(1747213457.982:68): avc: denied { mounton } for pid=291 comm="syz-executor299" path="/root/syzkaller.6YuZnL/0/file0" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 291] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_NOEXEC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 291] chdir("./file0") = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 291] ioctl(4, LOOP_CLR_FD) = 0 [pid 291] close(4) = 0 [pid 291] mount("./file0", "./file0", "incremental-fs", 0, NULL) = 0 [pid 291] exit_group(0) = ? [pid 291] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=291, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557ab276f0 /* 4 entries */, 32768) = 112 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 [ 24.987147][ T291] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor299: error while reading EA inode 1 err=-117 [ 25.025064][ T291] EXT4-fs (loop0): 1 orphan inode deleted [ 25.030822][ T291] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 25.039477][ T28] audit: type=1400 audit(1747213458.092:69): avc: denied { mount } for pid=291 comm="syz-executor299" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 getdents64(4, 0x55557ab2f730 /* 5 entries */, 32768) = 144 umount2("./0/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0/lost+found", {st_mode=S_IFBLK|S_ISVTX|0614, st_rdev=makedev(0, 0xe), ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file0/lost+found") = 0 umount2("./0/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0/file1", {st_mode=S_IFDIR|0700, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55557ab37770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55557ab37770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/file0/file1") = 0 [ 25.059575][ T290] EXT4-fs error (device loop0): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor299: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 25.061396][ T28] audit: type=1400 audit(1747213458.102:70): avc: denied { mounton } for pid=291 comm="syz-executor299" path="/root/syzkaller.6YuZnL/0/file0/file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.107234][ T28] audit: type=1400 audit(1747213458.102:71): avc: denied { write } for pid=291 comm="syz-executor299" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.107417][ T290] ------------[ cut here ]------------ [ 25.129893][ T28] audit: type=1400 audit(1747213458.102:72): avc: denied { add_name } for pid=291 comm="syz-executor299" name=".index" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.135341][ T290] kernel BUG at fs/namei.c:2954! [ 25.161430][ T28] audit: type=1400 audit(1747213458.102:73): avc: denied { create } for pid=291 comm="syz-executor299" name=".index" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 25.162127][ T290] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 25.187912][ T290] CPU: 0 PID: 290 Comm: syz-executor299 Not tainted 6.1.134-syzkaller-00013-g53b26534cce7 #0 [ 25.198058][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 25.208142][ T290] RIP: 0010:may_delete+0x701/0x710 [ 25.213263][ T290] Code: ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 84 fe ff ff 48 89 df e8 40 19 f4 ff e9 77 fe ff ff e8 26 c7 af ff 0f 0b e8 1f c7 af ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 55 48 89 e5 41 56 53 [ 25.232863][ T290] RSP: 0018:ffffc90000e27b20 EFLAGS: 00010293 [ 25.238924][ T290] RAX: ffffffff81c01fb1 RBX: ffff888114ba3000 RCX: ffff88810d7c1440 [ 25.246980][ T290] RDX: 0000000000000000 RSI: 0000000000200000 RDI: 0000000000000000 [ 25.254944][ T290] RBP: ffffc90000e27b88 R08: 0000000000000004 R09: 0000000000000003 [ 25.262906][ T290] R10: fffff520001c4f44 R11: 1ffff920001c4f44 R12: dffffc0000000000 [ 25.270883][ T290] R13: 0000000000000001 R14: ffff888114ba3cf0 R15: 1ffff11022974600 [ 25.278849][ T290] FS: 000055557ab26380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 25.287784][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.294363][ T290] CR2: 000055557ab3f778 CR3: 000000012639c000 CR4: 00000000003506b0 [ 25.302339][ T290] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.310304][ T290] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.318265][ T290] Call Trace: [ 25.321535][ T290] [ 25.324458][ T290] vfs_rmdir+0x32/0x500 [ 25.328611][ T290] incfs_kill_sb+0x105/0x220 [ 25.333197][ T290] deactivate_locked_super+0xb5/0x120 [ 25.338569][ T290] deactivate_super+0xaf/0xe0 [ 25.343241][ T290] cleanup_mnt+0x45f/0x4e0 [ 25.347659][ T290] __cleanup_mnt+0x19/0x20 [ 25.352086][ T290] task_work_run+0x1db/0x240 [ 25.356694][ T290] ? __cfi_task_work_run+0x10/0x10 [ 25.361977][ T290] ? path_umount+0x1f0/0xe20 [ 25.366567][ T290] ptrace_notify+0x221/0x250 [ 25.371161][ T290] ? __cfi_path_umount+0x10/0x10 [ 25.376257][ T290] ? __cfi_ptrace_notify+0x10/0x10 [ 25.381657][ T290] ? user_path_at_empty+0x161/0x1c0 [ 25.386952][ T290] ? __x64_sys_umount+0x125/0x160 [ 25.391981][ T290] ? __cfi___x64_sys_umount+0x10/0x10 [ 25.397359][ T290] ? fpregs_restore_userregs+0x128/0x260 [ 25.402989][ T290] syscall_exit_work+0x84/0x140 [ 25.407837][ T290] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 25.413985][ T290] syscall_exit_to_user_mode+0xd/0x30 [ 25.419448][ T290] do_syscall_64+0x58/0xa0 [ 25.423895][ T290] ? clear_bhb_loop+0x15/0x70 [ 25.428590][ T290] ? clear_bhb_loop+0x15/0x70 [ 25.433287][ T290] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 25.439186][ T290] RIP: 0033:0x7f15156fe3c7 [ 25.443600][ T290] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 25.463204][ T290] RSP: 002b:00007ffc9b8211c8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 25.471619][ T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f15156fe3c7 [ 25.479621][ T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc9b821280 [ 25.487587][ T290] RBP: 00007ffc9b821280 R08: 0000000000000000 R09: 0000000000000000 [ 25.495561][ T290] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffc9b822370 [ 25.503550][ T290] R13: 000055557ab2f700 R14: 0000000000000001 R15: 431bde82d7b634db [ 25.511532][ T290] [ 25.514547][ T290] Modules linked in: [ 25.518672][ T290] ---[ end trace 0000000000000000 ]--- [ 25.524142][ T290] RIP: 0010:may_delete+0x701/0x710 [ 25.529295][ T290] Code: ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 84 fe ff ff 48 89 df e8 40 19 f4 ff e9 77 fe ff ff e8 26 c7 af ff 0f 0b e8 1f c7 af ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 55 48 89 e5 41 56 53 [ 25.548970][ T290] RSP: 0018:ffffc90000e27b20 EFLAGS: 00010293 [ 25.555078][ T290] RAX: ffffffff81c01fb1 RBX: ffff888114ba3000 RCX: ffff88810d7c1440 [ 25.563077][ T290] RDX: 0000000000000000 RSI: 0000000000200000 RDI: 0000000000000000 [ 25.571103][ T290] RBP: ffffc90000e27b88 R08: 0000000000000004 R09: 0000000000000003 [ 25.579106][ T290] R10: fffff520001c4f44 R11: 1ffff920001c4f44 R12: dffffc0000000000 [ 25.587191][ T290] R13: 0000000000000001 R14: ffff888114ba3cf0 R15: 1ffff11022974600 [ 25.595188][ T290] FS: 000055557ab26380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 25.604617][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.611243][ T290] CR2: 00007ffcc1a84ff8 CR3: 000000012639c000 CR4: 00000000003506a0 [ 25.619278][ T290] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.627293][ T290] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.635309][ T290] Kernel panic - not syncing: Fatal exception [ 25.641685][ T290] Kernel Offset: disabled [ 25.646094][ T290] Rebooting in 86400 seconds..