./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3320444942

<...>
Warning: Permanently added '10.128.1.81' (ED25519) to the list of known hosts.
execve("./syz-executor3320444942", ["./syz-executor3320444942"], 0x7ffddede7ad0 /* 10 vars */) = 0
brk(NULL)                               = 0x555566e9a000
brk(0x555566e9ad00)                     = 0x555566e9ad00
arch_prctl(ARCH_SET_FS, 0x555566e9a380) = 0
set_tid_address(0x555566e9a650)         = 272
set_robust_list(0x555566e9a660, 24)     = 0
rseq(0x555566e9aca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3320444942", 4096) = 28
getrandom("\x30\xd4\x90\xfa\xe7\x10\x7a\x5f", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555566e9ad00
brk(0x555566ebbd00)                     = 0x555566ebbd00
brk(0x555566ebc000)                     = 0x555566ebc000
mprotect(0x7f53157d8000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
mkdir("./syzkaller.nlig4A", 0700)       = 0
chmod("./syzkaller.nlig4A", 0777)       = 0
chdir("./syzkaller.nlig4A")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566e9a650) = 273
./strace-static-x86_64: Process 273 attached
[pid   273] set_robust_list(0x555566e9a660, 24) = 0
[pid   273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   273] getppid()                   = 0
[pid   273] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   273] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   273] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   273] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   273] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   273] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   273] unshare(CLONE_NEWNS)        = 0
[pid   273] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   273] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   273] unshare(CLONE_NEWCGROUP)    = 0
[pid   273] unshare(CLONE_NEWUTS)       = 0
[pid   273] unshare(CLONE_SYSVSEM)      = 0
[pid   273] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   273] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   273] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   273] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   273] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   273] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   273] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   273] getpid()                    = 1
[pid   273] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   273] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   273] unshare(CLONE_NEWNET)       = 0
[pid   273] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   273] write(3, "0 65535", 7)      = 7
[pid   273] close(3)                    = 0
[pid   273] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid   273] write(3, "100000", 6)       = 6
[pid   273] close(3)                    = 0
[pid   273] mkdir("./syz-tmp", 0777)    = 0
[pid   273] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid   273] mkdir("./syz-tmp/newroot", 0777) = 0
[pid   273] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid   273] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   273] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid   273] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid   273] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid   273] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   273] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   273] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid   273] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   273] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   273] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   273] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   273] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0
[pid   273] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   273] mkdir("./syz-tmp/pivot", 0777) = 0
[pid   273] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid   273] chdir("/")                  = 0
[pid   273] umount2("./pivot", MNT_DETACH) = 0
[pid   273] chroot("./newroot")         = 0
[pid   273] chdir("/")                  = 0
[pid   273] mkdir("/dev/gadgetfs", 0777) = 0
[   33.635103][   T24] audit: type=1400 audit(1746474327.230:80): avc:  denied  { execmem } for  pid=272 comm="syz-executor332" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   33.661410][   T24] audit: type=1400 audit(1746474327.250:81): avc:  denied  { mounton } for  pid=273 comm="syz-executor332" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   33.684139][   T24] audit: type=1400 audit(1746474327.270:82): avc:  denied  { mounton } for  pid=273 comm="syz-executor332" path="/root/syzkaller.nlig4A/syz-tmp" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   33.684173][  T273] request_module fs-gadgetfs succeeded, but still no fs?
[pid   273] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULLexecuting program
) = -1 ENODEV (No such device)
[pid   273] mkdir("/dev/binderfs", 0777) = 0
[pid   273] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   273] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   273] mkdir("./0", 0777)          = 0
[pid   273] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566e9a650) = 2
./strace-static-x86_64: Process 274 attached
[pid   274] set_robust_list(0x555566e9a660, 24) = 0
[pid   274] chdir("./0")                = 0
[pid   274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   274] setpgid(0, 0)               = 0
[pid   274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   274] write(3, "1000", 4)         = 4
[pid   274] close(3)                    = 0
[pid   274] symlink("/dev/binderfs", "./binderfs") = 0
[pid   274] write(1, "executing program\n", 18) = 18
[pid   274] mkdirat(AT_FDCWD, "./file0", 000) = 0
[pid   274] mount(".", "./file0/../file0", NULL, MS_RDONLY|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_SHARED, NULL) = 0
[pid   274] mount("./file0", "./file0", "incremental-fs", 0, NULL) = 0
[pid   274] close(3)                    = -1 EBADF (Bad file descriptor)
[pid   274] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   274] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   274] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   274] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   274] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   274] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   274] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   274] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   274] exit_group(0)               = ?
[pid   274] +++ exited with 0 +++
[pid   273] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   273] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   273] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   273] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=120, ...}, AT_EMPTY_PATH) = 0
[pid   273] getdents64(3, 0x555566e9b6f0 /* 6 entries */, 32768) = 176
[pid   273] umount2("./0/.incomplete", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   273] newfstatat(AT_FDCWD, "./0/.incomplete", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   273] umount2("./0/.incomplete", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   273] openat(AT_FDCWD, "./0/.incomplete", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   273] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   273] getdents64(4, 0x555566ea3730 /* 2 entries */, 32768) = 48
[pid   273] getdents64(4, 0x555566ea3730 /* 0 entries */, 32768) = 0
[pid   273] close(4)                    = 0
[pid   273] rmdir("./0/.incomplete")    = 0
[pid   273] umount2("./0/.index", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   273] newfstatat(AT_FDCWD, "./0/.index", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   273] umount2("./0/.index", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   273] openat(AT_FDCWD, "./0/.index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   273] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   273] getdents64(4, 0x555566ea3730 /* 2 entries */, 32768) = 48
[pid   273] getdents64(4, 0x555566ea3730 /* 0 entries */, 32768) = 0
[pid   273] close(4)                    = 0
[pid   273] rmdir("./0/.index")         = 0
[   33.708642][   T24] audit: type=1400 audit(1746474327.270:83): avc:  denied  { mount } for  pid=273 comm="syz-executor332" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   33.719437][  T274] incfs: ino conflict with backing FS 9
[   33.737627][   T24] audit: type=1400 audit(1746474327.270:84): avc:  denied  { mounton } for  pid=273 comm="syz-executor332" path="/root/syzkaller.nlig4A/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   33.768712][  T273] ------------[ cut here ]------------
[   33.769195][   T24] audit: type=1400 audit(1746474327.270:85): avc:  denied  { mount } for  pid=273 comm="syz-executor332" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   33.774386][  T273] WARNING: CPU: 0 PID: 273 at fs/inode.c:304 drop_nlink+0xc5/0x110
[   33.796164][   T24] audit: type=1400 audit(1746474327.270:86): avc:  denied  { mounton } for  pid=273 comm="syz-executor332" path="/root/syzkaller.nlig4A/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   33.804186][  T273] Modules linked in:
[   33.830730][   T24] audit: type=1400 audit(1746474327.270:87): avc:  denied  { mounton } for  pid=273 comm="syz-executor332" path="/root/syzkaller.nlig4A/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=14375 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   33.830744][   T24] audit: type=1400 audit(1746474327.270:88): avc:  denied  { unmount } for  pid=273 comm="syz-executor332" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   33.830760][   T24] audit: type=1400 audit(1746474327.280:89): avc:  denied  { mounton } for  pid=273 comm="syz-executor332" path="/dev/gadgetfs" dev="devtmpfs" ino=517 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   33.904654][  T273] 
[   33.906969][  T273] CPU: 0 PID: 273 Comm: syz-executor332 Not tainted 5.10.236-syzkaller-00012-gab07aeb2c93d #0
[   33.917194][  T273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   33.927276][  T273] RIP: 0010:drop_nlink+0xc5/0x110
[   33.932307][  T273] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 a3 23 f2 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 eb 3a b8 ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c
[   33.951922][  T273] RSP: 0018:ffffc90000b67be8 EFLAGS: 00010293
[   33.957977][  T273] RAX: ffffffff81ab51c5 RBX: ffff88810d410b40 RCX: ffff88810d22e2c0
[   33.966048][  T273] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   33.974035][  T273] RBP: ffffc90000b67c10 R08: 0000000000000004 R09: 0000000000000003
[   33.982023][  T273] R10: fffff5200016cf6c R11: 1ffff9200016cf6c R12: dffffc0000000000
[   33.989986][  T273] R13: 1ffff11021a82171 R14: ffff88810d410b88 R15: 0000000000000000
[   33.997970][  T273] FS:  0000555566e9a380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   34.006897][  T273] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.013476][  T273] CR2: 0000555566eab738 CR3: 000000011c9d2000 CR4: 00000000003506b0
[   34.021439][  T273] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   34.029412][  T273] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   34.037380][  T273] Call Trace:
[   34.040648][  T273]  shmem_rmdir+0x5b/0x90
[   34.044894][  T273]  vfs_rmdir+0x1b3/0x3e0
[   34.049124][  T273]  incfs_kill_sb+0xfe/0x210
[   34.053627][  T273]  deactivate_locked_super+0xa0/0x100
[   34.059002][  T273]  deactivate_super+0xaf/0xe0
[   34.063678][  T273]  cleanup_mnt+0x446/0x500
[   34.068084][  T273]  __cleanup_mnt+0x19/0x20
[   34.072500][  T273]  task_work_run+0x127/0x190
[   34.077093][  T273]  ptrace_notify+0x212/0x250
[   34.081702][  T273]  ? do_notify_parent+0x7e0/0x7e0
[   34.086803][  T273]  ? user_path_at_empty+0x43/0x50
[   34.091829][  T273]  ? __x64_sys_umount+0x125/0x160
[   34.096851][  T273]  ? path_umount+0xe60/0xe60
[   34.101417][  T273]  syscall_exit_work+0x6e/0x140
[   34.106292][  T273]  syscall_exit_to_user_mode+0x5b/0x90
[   34.111759][  T273]  do_syscall_64+0x3d/0x40
[   34.116168][  T273]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   34.122053][  T273] RIP: 0033:0x7f5315765ac7
[   34.126459][  T273] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[   34.146062][  T273] RSP: 002b:00007ffda0f4a458 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[   34.154477][  T273] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5315765ac7
[   34.162451][  T273] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffda0f4a510
[   34.170410][  T273] RBP: 00007ffda0f4a510 R08: 0000000000000000 R09: 0000000000000000
[   34.178381][  T273] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffda0f4b580
[   34.186352][  T273] R13: 0000555566e9b6c0 R14: 00007ffda0f4b580 R15: 0000000000000001
[   34.194344][  T273] ---[ end trace 9a7a3c6da5d9247a ]---
[   34.199828][  T273] ==================================================================
[   34.207871][  T273] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60
[   34.214085][  T273] Write of size 4 at addr 0000000000000170 by task syz-executor332/273
[   34.222376][  T273] 
[   34.224701][  T273] CPU: 0 PID: 273 Comm: syz-executor332 Tainted: G        W         5.10.236-syzkaller-00012-gab07aeb2c93d #0
[   34.236294][  T273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   34.246323][  T273] Call Trace:
[   34.249603][  T273]  __dump_stack+0x21/0x24
[   34.253920][  T273]  dump_stack_lvl+0x169/0x1d8
[   34.258603][  T273]  ? thaw_kernel_threads+0x220/0x220
[   34.263870][  T273]  ? show_regs_print_info+0x18/0x18
[   34.269044][  T273]  ? _raw_spin_lock+0x8e/0xe0
[   34.273694][  T273]  ? _raw_spin_trylock_bh+0x130/0x130
[   34.279039][  T273]  ? ihold+0x20/0x60
[   34.283068][  T273]  kasan_report+0xd8/0x130
[   34.287467][  T273]  ? ihold+0x20/0x60
[   34.291351][  T273]  kasan_check_range+0x280/0x290
[   34.296269][  T273]  __kasan_check_write+0x14/0x20
[   34.301184][  T273]  ihold+0x20/0x60
[   34.304884][  T273]  vfs_rmdir+0x247/0x3e0
[   34.309103][  T273]  incfs_kill_sb+0xfe/0x210
[   34.313582][  T273]  deactivate_locked_super+0xa0/0x100
[   34.318927][  T273]  deactivate_super+0xaf/0xe0
[   34.324012][  T273]  cleanup_mnt+0x446/0x500
[   34.328404][  T273]  __cleanup_mnt+0x19/0x20
[   34.332793][  T273]  task_work_run+0x127/0x190
[   34.337357][  T273]  ptrace_notify+0x212/0x250
[   34.341925][  T273]  ? do_notify_parent+0x7e0/0x7e0
[   34.346923][  T273]  ? user_path_at_empty+0x43/0x50
[   34.351922][  T273]  ? __x64_sys_umount+0x125/0x160
[   34.356916][  T273]  ? path_umount+0xe60/0xe60
[   34.361479][  T273]  syscall_exit_work+0x6e/0x140
[   34.366304][  T273]  syscall_exit_to_user_mode+0x5b/0x90
[   34.371733][  T273]  do_syscall_64+0x3d/0x40
[   34.376125][  T273]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   34.381995][  T273] RIP: 0033:0x7f5315765ac7
[   34.386386][  T273] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[   34.405963][  T273] RSP: 002b:00007ffda0f4a458 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[   34.414353][  T273] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5315765ac7
[   34.422308][  T273] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffda0f4a510
[   34.430255][  T273] RBP: 00007ffda0f4a510 R08: 0000000000000000 R09: 0000000000000000
[   34.438209][  T273] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffda0f4b580
[   34.446167][  T273] R13: 0000555566e9b6c0 R14: 00007ffda0f4b580 R15: 0000000000000001
[   34.454126][  T273] ==================================================================
[   34.462164][  T273] Disabling lock debugging due to kernel taint
[   34.468372][  T273] BUG: kernel NULL pointer dereference, address: 0000000000000170
[   34.476168][  T273] #PF: supervisor write access in kernel mode
[   34.482218][  T273] #PF: error_code(0x0002) - not-present page
[   34.488172][  T273] PGD 0 P4D 0 
[   34.491539][  T273] Oops: 0002 [#1] PREEMPT SMP KASAN
[   34.496719][  T273] CPU: 0 PID: 273 Comm: syz-executor332 Tainted: G    B   W         5.10.236-syzkaller-00012-gab07aeb2c93d #0
[   34.508319][  T273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   34.518363][  T273] RIP: 0010:ihold+0x26/0x60
[   34.522847][  T273] Code: 00 00 00 00 55 48 89 e5 41 56 53 48 89 fb e8 01 33 b8 ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 90 1b f2 ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 81
[   34.542437][  T273] RSP: 0018:ffffc90000b67c28 EFLAGS: 00010246
[   34.548486][  T273] RAX: ffff88810d22e200 RBX: 0000000000000000 RCX: 0000000000000286
[   34.556440][  T273] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff
[   34.564394][  T273] RBP: ffffc90000b67c38 R08: 0000000000000004 R09: 0000000000000003
[   34.572351][  T273] R10: fffffbfff0d8e448 R11: 1ffffffff0d8e448 R12: 1ffff1102387c19e
[   34.580304][  T273] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[   34.588259][  T273] FS:  0000555566e9a380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   34.597172][  T273] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.603737][  T273] CR2: 0000000000000170 CR3: 000000011c9d2000 CR4: 00000000003506b0
[   34.611700][  T273] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   34.619658][  T273] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   34.627612][  T273] Call Trace:
[   34.630889][  T273]  vfs_rmdir+0x247/0x3e0
[   34.635118][  T273]  incfs_kill_sb+0xfe/0x210
[   34.639603][  T273]  deactivate_locked_super+0xa0/0x100
[   34.644960][  T273]  deactivate_super+0xaf/0xe0
[   34.649658][  T273]  cleanup_mnt+0x446/0x500
[   34.654065][  T273]  __cleanup_mnt+0x19/0x20
[   34.658464][  T273]  task_work_run+0x127/0x190
[   34.663039][  T273]  ptrace_notify+0x212/0x250
[   34.667623][  T273]  ? do_notify_parent+0x7e0/0x7e0
[   34.672632][  T273]  ? user_path_at_empty+0x43/0x50
[   34.677643][  T273]  ? __x64_sys_umount+0x125/0x160
[   34.682649][  T273]  ? path_umount+0xe60/0xe60
[   34.687223][  T273]  syscall_exit_work+0x6e/0x140
[   34.692059][  T273]  syscall_exit_to_user_mode+0x5b/0x90
[   34.697502][  T273]  do_syscall_64+0x3d/0x40
[   34.701909][  T273]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   34.707787][  T273] RIP: 0033:0x7f5315765ac7
[   34.712187][  T273] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[   34.731778][  T273] RSP: 002b:00007ffda0f4a458 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[   34.740180][  T273] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5315765ac7
[   34.748137][  T273] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffda0f4a510
[   34.756091][  T273] RBP: 00007ffda0f4a510 R08: 0000000000000000 R09: 0000000000000000
[   34.764047][  T273] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffda0f4b580
[   34.772003][  T273] R13: 0000555566e9b6c0 R14: 00007ffda0f4b580 R15: 0000000000000001
[   34.779967][  T273] Modules linked in:
[   34.783856][  T273] CR2: 0000000000000170
[   34.788000][  T273] ---[ end trace 9a7a3c6da5d9247b ]---
[   34.793452][  T273] RIP: 0010:ihold+0x26/0x60
[   34.797945][  T273] Code: 00 00 00 00 55 48 89 e5 41 56 53 48 89 fb e8 01 33 b8 ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 90 1b f2 ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 81
[   34.817539][  T273] RSP: 0018:ffffc90000b67c28 EFLAGS: 00010246
[   34.823593][  T273] RAX: ffff88810d22e200 RBX: 0000000000000000 RCX: 0000000000000286
[   34.831550][  T273] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff
[   34.839505][  T273] RBP: ffffc90000b67c38 R08: 0000000000000004 R09: 0000000000000003
[   34.847460][  T273] R10: fffffbfff0d8e448 R11: 1ffffffff0d8e448 R12: 1ffff1102387c19e
[   34.855420][  T273] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[   34.863378][  T273] FS:  0000555566e9a380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   34.872290][  T273] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.878863][  T273] CR2: 0000000000000170 CR3: 000000011c9d2000 CR4: 00000000003506b0
[   34.886833][  T273] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   34.894788][  T273] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   34.902743][  T273] Kernel panic - not syncing: Fatal exception
[   34.908855][  T273] Kernel Offset: disabled
[   34.913179][  T273] Rebooting in 86400 seconds..