./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2123267477

<...>
[    4.048196][   T86] acpid (86) used greatest stack depth: 23344 bytes left
[    4.353803][  T101] udevd[101]: starting version 3.2.11
[    4.387479][  T102] udevd[102]: starting eudev-3.2.11
[    4.389118][  T101] udevd (101) used greatest stack depth: 22256 bytes left
[   12.739198][   T28] kauditd_printk_skb: 50 callbacks suppressed
[   12.739214][   T28] audit: type=1400 audit(1739148403.947:61): avc:  denied  { transition } for  pid=224 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   12.749061][   T28] audit: type=1400 audit(1739148403.947:62): avc:  denied  { noatsecure } for  pid=224 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   12.756873][   T28] audit: type=1400 audit(1739148403.947:63): avc:  denied  { write } for  pid=224 comm="sh" path="pipe:[14684]" dev="pipefs" ino=14684 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   12.765730][   T28] audit: type=1400 audit(1739148403.947:64): avc:  denied  { rlimitinh } for  pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   12.771599][   T28] audit: type=1400 audit(1739148403.947:65): avc:  denied  { siginh } for  pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.10.25' (ED25519) to the list of known hosts.
execve("./syz-executor2123267477", ["./syz-executor2123267477"], 0x7ffd4b299150 /* 10 vars */) = 0
brk(NULL)                               = 0x55557a6f1000
brk(0x55557a6f1d00)                     = 0x55557a6f1d00
arch_prctl(ARCH_SET_FS, 0x55557a6f1380) = 0
set_tid_address(0x55557a6f1650)         = 295
set_robust_list(0x55557a6f1660, 24)     = 0
rseq(0x55557a6f1ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2123267477", 4096) = 28
getrandom("\x4e\x31\x01\x71\x8e\x3d\x20\x8f", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55557a6f1d00
brk(0x55557a712d00)                     = 0x55557a712d00
brk(0x55557a713000)                     = 0x55557a713000
mprotect(0x7ffb5446f000, 16384, PROT_READ) = 0
mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000
mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000
mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000
mkdir("./syzkaller.82kvSA", 0700)       = 0
chmod("./syzkaller.82kvSA", 0777)       = 0
chdir("./syzkaller.82kvSA")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 296 attached
, child_tidptr=0x55557a6f1650) = 296
[pid   296] set_robust_list(0x55557a6f1660, 24) = 0
[pid   296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   296] getppid()                   = 0
[pid   296] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   296] unshare(CLONE_NEWNS)        = 0
[pid   296] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   296] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   296] unshare(CLONE_NEWCGROUP)    = 0
[pid   296] unshare(CLONE_NEWUTS)       = 0
[pid   296] unshare(CLONE_SYSVSEM)      = 0
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] getpid()                    = 1
[pid   296] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   296] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   296] unshare(CLONE_NEWNET)       = 0
[pid   296] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   296] write(3, "0 65535", 7)      = 7
[pid   296] close(3)                    = 0
[pid   296] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid   296] write(3, "100000", 6)       = 6
[pid   296] close(3)                    = 0
[pid   296] mkdir("./syz-tmp", 0777)    = 0
[pid   296] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid   296] mkdir("./syz-tmp/newroot", 0777) = 0
[pid   296] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid   296] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   296] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid   296] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid   296] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid   296] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   296] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   296] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid   296] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   296] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   296] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   296] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   296] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0
[pid   296] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   296] mkdir("./syz-tmp/pivot", 0777) = 0
[pid   296] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid   296] chdir("/")                  = 0
[   22.435976][   T28] audit: type=1400 audit(1739148413.647:66): avc:  denied  { execmem } for  pid=295 comm="syz-executor212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   22.443585][   T28] audit: type=1400 audit(1739148413.657:67): avc:  denied  { mounton } for  pid=296 comm="syz-executor212" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[pid   296] umount2("./pivot", MNT_DETACH) = 0
[pid   296] chroot("./newroot")         = 0
[pid   296] chdir("/")                  = 0
[pid   296] mkdir("/dev/gadgetfs", 0777) = 0
[pid   296] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = -1 ENODEV (No such device)
[pid   296] mkdir("/dev/binderfs", 0777) = 0
[pid   296] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   296] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   296] mkdir("./0", 0777)          = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a6f1650) = 2
./strace-static-x86_64: Process 297 attached
[pid   297] set_robust_list(0x55557a6f1660, 24) = 0
[pid   297] chdir("./0")                = 0
[pid   297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[   22.465076][   T28] audit: type=1400 audit(1739148413.677:68): avc:  denied  { mounton } for  pid=296 comm="syz-executor212" path="/root/syzkaller.82kvSA/syz-tmp" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   22.490172][   T28] audit: type=1400 audit(1739148413.677:69): avc:  denied  { mount } for  pid=296 comm="syz-executor212" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   22.492687][  T296] request_module fs-gadgetfs succeeded, but still no fs?
[pid   297] setpgid(0, 0executing program
)               = 0
[pid   297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   297] write(3, "1000", 4)         = 4
[pid   297] close(3)                    = 0
[pid   297] symlink("/dev/binderfs", "./binderfs") = 0
[pid   297] write(1, "executing program\n", 18) = 18
[pid   297] mkdirat(AT_FDCWD, "./file0", 000) = 0
[pid   297] mount(".", "./file0", NULL, MS_RDONLY|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_SHARED, NULL) = 0
[pid   297] mount("./file0", "./file0", "incremental-fs", MS_RDONLY, NULL) = 0
[pid   297] close(3)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   297] exit_group(0)               = ?
[pid   297] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   296] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   296] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   296] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=120, ...}, AT_EMPTY_PATH) = 0
[pid   296] getdents64(3, 0x55557a6f26f0 /* 6 entries */, 32768) = 176
[pid   296] umount2("./0/.incomplete", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   296] newfstatat(AT_FDCWD, "./0/.incomplete", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] umount2("./0/.incomplete", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   296] openat(AT_FDCWD, "./0/.incomplete", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   296] getdents64(4, 0x55557a6fa730 /* 2 entries */, 32768) = 48
[pid   296] getdents64(4, 0x55557a6fa730 /* 0 entries */, 32768) = 0
[pid   296] close(4)                    = 0
[pid   296] rmdir("./0/.incomplete")    = 0
[pid   296] umount2("./0/.index", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   296] newfstatat(AT_FDCWD, "./0/.index", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] umount2("./0/.index", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   296] openat(AT_FDCWD, "./0/.index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   296] getdents64(4, 0x55557a6fa730 /* 2 entries */, 32768) = 48
[pid   296] getdents64(4, 0x55557a6fa730 /* 0 entries */, 32768) = 0
[pid   296] close(4)                    = 0
[pid   296] rmdir("./0/.index")         = 0
[   22.513031][   T28] audit: type=1400 audit(1739148413.677:70): avc:  denied  { mounton } for  pid=296 comm="syz-executor212" path="/root/syzkaller.82kvSA/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   22.529883][  T297] incfs: ino conflict with backing FS 9
[   22.546087][   T28] audit: type=1400 audit(1739148413.677:71): avc:  denied  { mount } for  pid=296 comm="syz-executor212" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   22.572968][  T296] ------------[ cut here ]------------
[   22.573527][   T28] audit: type=1400 audit(1739148413.677:72): avc:  denied  { mounton } for  pid=296 comm="syz-executor212" path="/root/syzkaller.82kvSA/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   22.578254][  T296] WARNING: CPU: 0 PID: 296 at fs/inode.c:332 drop_nlink+0xc1/0x110
[   22.605186][   T28] audit: type=1400 audit(1739148413.677:73): avc:  denied  { mounton } for  pid=296 comm="syz-executor212" path="/root/syzkaller.82kvSA/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=14797 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   22.612851][  T296] Modules linked in:
[   22.640675][   T28] audit: type=1400 audit(1739148413.677:74): avc:  denied  { unmount } for  pid=296 comm="syz-executor212" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   22.644095][  T296] CPU: 0 PID: 296 Comm: syz-executor212 Not tainted 6.1.124-syzkaller-00004-g1ac09f5c0571 #0
[   22.663918][   T28] audit: type=1400 audit(1739148413.707:75): avc:  denied  { mounton } for  pid=296 comm="syz-executor212" path="/dev/gadgetfs" dev="devtmpfs" ino=522 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   22.673706][  T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   22.673729][  T296] RIP: 0010:drop_nlink+0xc1/0x110
[   22.711827][  T296] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 d7 d5 ef ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 7f 4d a8 ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c
[   22.732491][  T296] RSP: 0018:ffffc90000d67b30 EFLAGS: 00010293
[   22.738584][  T296] RAX: ffffffff81cd4741 RBX: 0000000000000000 RCX: ffff8881102ca880
[   22.746415][  T296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   22.754301][  T296] RBP: ffffc90000d67b58 R08: ffffffff81cd46c4 R09: 0000000000000003
[   22.762136][  T296] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000
[   22.769910][  T296] R13: 1ffff110220e9c5a R14: ffff88811074e288 R15: ffff88811074e2d0
[   22.777741][  T296] FS:  000055557a6f1380(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   22.786580][  T296] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   22.793005][  T296] CR2: 000055557a702738 CR3: 0000000122ed4000 CR4: 00000000003506b0
[   22.800801][  T296] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   22.808646][  T296] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   22.816554][  T296] Call Trace:
[   22.819631][  T296]  <TASK>
[   22.822436][  T296]  ? show_regs+0x58/0x60
[   22.826492][  T296]  ? __warn+0x160/0x3d0
[   22.830489][  T296]  ? drop_nlink+0xc1/0x110
[   22.834765][  T296]  ? report_bug+0x4d5/0x7d0
[   22.839075][  T296]  ? drop_nlink+0xc1/0x110
[   22.843355][  T296]  ? handle_bug+0x41/0x70
[   22.847493][  T296]  ? exc_invalid_op+0x1b/0x50
[   22.852043][  T296]  ? asm_exc_invalid_op+0x1b/0x20
[   22.856872][  T296]  ? drop_nlink+0x44/0x110
[   22.861126][  T296]  ? drop_nlink+0xc1/0x110
[   22.865419][  T296]  ? drop_nlink+0xc1/0x110
[   22.869625][  T296]  shmem_rmdir+0x59/0x90
[   22.873741][  T296]  vfs_rmdir+0x398/0x500
[   22.877795][  T296]  incfs_kill_sb+0x113/0x230
[   22.882254][  T296]  deactivate_locked_super+0xad/0x110
[   22.887418][  T296]  deactivate_super+0xbe/0xf0
[   22.891930][  T296]  cleanup_mnt+0x485/0x510
[   22.896399][  T296]  __cleanup_mnt+0x19/0x20
[   22.901174][  T296]  task_work_run+0x24d/0x2e0
[   22.905668][  T296]  ? task_work_cancel+0x2e0/0x2e0
[   22.910544][  T296]  ptrace_notify+0x29e/0x350
[   22.915167][  T296]  ? do_notify_parent+0xa20/0xa20
[   22.919999][  T296]  ? user_path_at_empty+0x14e/0x1a0
[   22.925236][  T296]  ? __x64_sys_umount+0x122/0x170
[   22.930259][  T296]  ? path_umount+0xe70/0xe70
[   22.934936][  T296]  syscall_exit_to_user_mode+0x99/0x130
[   22.940598][  T296]  do_syscall_64+0x47/0xb0
[   22.945660][  T296]  ? clear_bhb_loop+0x55/0xb0
[   22.950276][  T296]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   22.956279][  T296] RIP: 0033:0x7ffb543fca87
[   22.960488][  T296] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[   22.980163][  T296] RSP: 002b:00007fff39fbe148 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[   22.988497][  T296] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ffb543fca87
[   22.996852][  T296] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff39fbe200
[   23.004826][  T296] RBP: 00007fff39fbe200 R08: 0000000000000000 R09: 0000000000000000
[   23.012912][  T296] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007fff39fbf270
[   23.022366][  T296] R13: 000055557a6f26c0 R14: 00007fff39fbf270 R15: 0000000000000001
[   23.031216][  T296]  </TASK>
[   23.034497][  T296] ---[ end trace 0000000000000000 ]---
[   23.040619][  T296] ==================================================================
[   23.048506][  T296] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60
[   23.054584][  T296] Write of size 4 at addr 0000000000000170 by task syz-executor212/296
[   23.062650][  T296] 
[   23.064832][  T296] CPU: 1 PID: 296 Comm: syz-executor212 Tainted: G        W          6.1.124-syzkaller-00004-g1ac09f5c0571 #0
[   23.076289][  T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   23.086548][  T296] Call Trace:
[   23.089671][  T296]  <TASK>
[   23.092461][  T296]  dump_stack_lvl+0x151/0x1b7
[   23.096962][  T296]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   23.102257][  T296]  ? _printk+0xd1/0x111
[   23.106262][  T296]  print_report+0xe1/0x4e0
[   23.111118][  T296]  ? __virt_addr_valid+0x59/0x2f0
[   23.116093][  T296]  ? kasan_addr_to_slab+0xd/0x80
[   23.120996][  T296]  ? ihold+0x20/0x60
[   23.124727][  T296]  kasan_report+0x13c/0x170
[   23.129056][  T296]  ? ihold+0x20/0x60
[   23.133047][  T296]  kasan_check_range+0x294/0x2a0
[   23.137950][  T296]  __kasan_check_write+0x14/0x20
[   23.142842][  T296]  ihold+0x20/0x60
[   23.146399][  T296]  vfs_rmdir+0x268/0x500
[   23.150477][  T296]  incfs_kill_sb+0x113/0x230
[   23.155159][  T296]  deactivate_locked_super+0xad/0x110
[   23.160533][  T296]  deactivate_super+0xbe/0xf0
[   23.165043][  T296]  cleanup_mnt+0x485/0x510
[   23.169302][  T296]  __cleanup_mnt+0x19/0x20
[   23.173554][  T296]  task_work_run+0x24d/0x2e0
[   23.177985][  T296]  ? task_work_cancel+0x2e0/0x2e0
[   23.182930][  T296]  ptrace_notify+0x29e/0x350
[   23.187350][  T296]  ? do_notify_parent+0xa20/0xa20
[   23.192386][  T296]  ? user_path_at_empty+0x14e/0x1a0
[   23.197466][  T296]  ? __x64_sys_umount+0x122/0x170
[   23.202446][  T296]  ? path_umount+0xe70/0xe70
[   23.207033][  T296]  syscall_exit_to_user_mode+0x99/0x130
[   23.212419][  T296]  do_syscall_64+0x47/0xb0
[   23.216905][  T296]  ? clear_bhb_loop+0x55/0xb0
[   23.221419][  T296]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   23.227135][  T296] RIP: 0033:0x7ffb543fca87
[   23.231384][  T296] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[   23.250958][  T296] RSP: 002b:00007fff39fbe148 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[   23.259177][  T296] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ffb543fca87
[   23.266989][  T296] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff39fbe200
[   23.274801][  T296] RBP: 00007fff39fbe200 R08: 0000000000000000 R09: 0000000000000000
[   23.282635][  T296] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007fff39fbf270
[   23.290714][  T296] R13: 000055557a6f26c0 R14: 00007fff39fbf270 R15: 0000000000000001
[   23.298912][  T296]  </TASK>
[   23.301979][  T296] ==================================================================
[   23.310301][  T296] Disabling lock debugging due to kernel taint
[   23.316791][  T296] BUG: kernel NULL pointer dereference, address: 0000000000000170
[   23.324445][  T296] #PF: supervisor write access in kernel mode
[   23.330432][  T296] #PF: error_code(0x0002) - not-present page
[   23.336253][  T296] PGD 0 P4D 0 
[   23.339517][  T296] Oops: 0002 [#1] PREEMPT SMP KASAN
[   23.344575][  T296] CPU: 1 PID: 296 Comm: syz-executor212 Tainted: G    B   W          6.1.124-syzkaller-00004-g1ac09f5c0571 #0
[   23.356231][  T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   23.366121][  T296] RIP: 0010:ihold+0x25/0x60
[   23.370473][  T296] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 51 45 a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 80 cd ef ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 d4 48 a8
[   23.390004][  T296] RSP: 0018:ffffc90000d67b70 EFLAGS: 00010246
[   23.395884][  T296] RAX: ffff8881102ca800 RBX: 0000000000000001 RCX: ffff8881102ca880
[   23.403694][  T296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   23.411526][  T296] RBP: ffffc90000d67b80 R08: ffffffff8144b2c3 R09: fffffbfff0f6e6fd
[   23.419323][  T296] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110220e988d
[   23.427234][  T296] R13: ffff888123cee880 R14: 0000000000000000 R15: 1ffff1102479dd16
[   23.435046][  T296] FS:  000055557a6f1380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   23.443897][  T296] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   23.450323][  T296] CR2: 0000000000000170 CR3: 0000000122ed4000 CR4: 00000000003506a0
[   23.458135][  T296] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   23.465949][  T296] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   23.473757][  T296] Call Trace:
[   23.476895][  T296]  <TASK>
[   23.479659][  T296]  ? __die_body+0x62/0xb0
[   23.483842][  T296]  ? __die+0x7e/0x90
[   23.487557][  T296]  ? page_fault_oops+0x7f9/0xa90
[   23.492332][  T296]  ? vprintk_default+0x26/0x30
[   23.497110][  T296]  ? kernelmode_fixup_or_oops+0xd0/0xd0
[   23.502484][  T296]  ? add_taint+0x44/0xe0
[   23.506562][  T296]  ? panic+0x667/0x667
[   23.510575][  T296]  ? preempt_schedule_thunk+0x16/0x18
[   23.515900][  T296]  ? exc_page_fault+0x529/0x6d0
[   23.521285][  T296]  ? asm_exc_page_fault+0x27/0x30
[   23.526144][  T296]  ? add_taint+0x93/0xe0
[   23.530524][  T296]  ? ihold+0x25/0x60
[   23.534505][  T296]  vfs_rmdir+0x268/0x500
[   23.538602][  T296]  incfs_kill_sb+0x113/0x230
[   23.543075][  T296]  deactivate_locked_super+0xad/0x110
[   23.548285][  T296]  deactivate_super+0xbe/0xf0
[   23.553025][  T296]  cleanup_mnt+0x485/0x510
[   23.557291][  T296]  __cleanup_mnt+0x19/0x20
[   23.561534][  T296]  task_work_run+0x24d/0x2e0
[   23.565958][  T296]  ? task_work_cancel+0x2e0/0x2e0
[   23.570918][  T296]  ptrace_notify+0x29e/0x350
[   23.575352][  T296]  ? do_notify_parent+0xa20/0xa20
[   23.580491][  T296]  ? user_path_at_empty+0x14e/0x1a0
[   23.585755][  T296]  ? __x64_sys_umount+0x122/0x170
[   23.591380][  T296]  ? path_umount+0xe70/0xe70
[   23.595935][  T296]  syscall_exit_to_user_mode+0x99/0x130
[   23.601516][  T296]  do_syscall_64+0x47/0xb0
[   23.605863][  T296]  ? clear_bhb_loop+0x55/0xb0
[   23.610635][  T296]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   23.616376][  T296] RIP: 0033:0x7ffb543fca87
[   23.620621][  T296] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[   23.640282][  T296] RSP: 002b:00007fff39fbe148 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[   23.648521][  T296] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ffb543fca87
[   23.656565][  T296] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff39fbe200
[   23.664366][  T296] RBP: 00007fff39fbe200 R08: 0000000000000000 R09: 0000000000000000
[   23.672181][  T296] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007fff39fbf270
[   23.680158][  T296] R13: 000055557a6f26c0 R14: 00007fff39fbf270 R15: 0000000000000001
[   23.687977][  T296]  </TASK>
[   23.690835][  T296] Modules linked in:
[   23.694579][  T296] CR2: 0000000000000170
[   23.698570][  T296] ---[ end trace 0000000000000000 ]---
[   23.703875][  T296] RIP: 0010:ihold+0x25/0x60
[   23.708364][  T296] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 51 45 a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 80 cd ef ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 d4 48 a8
[   23.727809][  T296] RSP: 0018:ffffc90000d67b70 EFLAGS: 00010246
[   23.733722][  T296] RAX: ffff8881102ca800 RBX: 0000000000000001 RCX: ffff8881102ca880
[   23.741612][  T296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   23.749762][  T296] RBP: ffffc90000d67b80 R08: ffffffff8144b2c3 R09: fffffbfff0f6e6fd
[   23.758343][  T296] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110220e988d
[   23.766187][  T296] R13: ffff888123cee880 R14: 0000000000000000 R15: 1ffff1102479dd16
[   23.774170][  T296] FS:  000055557a6f1380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   23.783263][  T296] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   23.789750][  T296] CR2: 0000000000000170 CR3: 0000000122ed4000 CR4: 00000000003506a0
[   23.797840][  T296] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   23.805669][  T296] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   23.813700][  T296] Kernel panic - not syncing: Fatal exception
[   23.819681][  T296] Kernel Offset: disabled
[   23.823816][  T296] Rebooting in 86400 seconds..