./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2123267477
<...>
[ 4.048196][ T86] acpid (86) used greatest stack depth: 23344 bytes left
[ 4.353803][ T101] udevd[101]: starting version 3.2.11
[ 4.387479][ T102] udevd[102]: starting eudev-3.2.11
[ 4.389118][ T101] udevd (101) used greatest stack depth: 22256 bytes left
[ 12.739198][ T28] kauditd_printk_skb: 50 callbacks suppressed
[ 12.739214][ T28] audit: type=1400 audit(1739148403.947:61): avc: denied { transition } for pid=224 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 12.749061][ T28] audit: type=1400 audit(1739148403.947:62): avc: denied { noatsecure } for pid=224 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 12.756873][ T28] audit: type=1400 audit(1739148403.947:63): avc: denied { write } for pid=224 comm="sh" path="pipe:[14684]" dev="pipefs" ino=14684 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 12.765730][ T28] audit: type=1400 audit(1739148403.947:64): avc: denied { rlimitinh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 12.771599][ T28] audit: type=1400 audit(1739148403.947:65): avc: denied { siginh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.10.25' (ED25519) to the list of known hosts.
execve("./syz-executor2123267477", ["./syz-executor2123267477"], 0x7ffd4b299150 /* 10 vars */) = 0
brk(NULL) = 0x55557a6f1000
brk(0x55557a6f1d00) = 0x55557a6f1d00
arch_prctl(ARCH_SET_FS, 0x55557a6f1380) = 0
set_tid_address(0x55557a6f1650) = 295
set_robust_list(0x55557a6f1660, 24) = 0
rseq(0x55557a6f1ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2123267477", 4096) = 28
getrandom("\x4e\x31\x01\x71\x8e\x3d\x20\x8f", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55557a6f1d00
brk(0x55557a712d00) = 0x55557a712d00
brk(0x55557a713000) = 0x55557a713000
mprotect(0x7ffb5446f000, 16384, PROT_READ) = 0
mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000
mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000
mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000
mkdir("./syzkaller.82kvSA", 0700) = 0
chmod("./syzkaller.82kvSA", 0777) = 0
chdir("./syzkaller.82kvSA") = 0
unshare(CLONE_NEWPID) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 296 attached
, child_tidptr=0x55557a6f1650) = 296
[pid 296] set_robust_list(0x55557a6f1660, 24) = 0
[pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 296] getppid() = 0
[pid 296] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid 296] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid 296] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid 296] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid 296] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid 296] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid 296] unshare(CLONE_NEWNS) = 0
[pid 296] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid 296] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument)
[pid 296] unshare(CLONE_NEWCGROUP) = 0
[pid 296] unshare(CLONE_NEWUTS) = 0
[pid 296] unshare(CLONE_SYSVSEM) = 0
[pid 296] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 296] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 296] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 296] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 296] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 296] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 296] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 296] getpid() = 1
[pid 296] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 296] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 296] unshare(CLONE_NEWNET) = 0
[pid 296] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid 296] write(3, "0 65535", 7) = 7
[pid 296] close(3) = 0
[pid 296] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid 296] write(3, "100000", 6) = 6
[pid 296] close(3) = 0
[pid 296] mkdir("./syz-tmp", 0777) = 0
[pid 296] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid 296] mkdir("./syz-tmp/newroot", 0777) = 0
[pid 296] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid 296] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid 296] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid 296] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid 296] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid 296] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid 296] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid 296] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid 296] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid 296] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid 296] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid 296] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid 296] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0
[pid 296] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid 296] mkdir("./syz-tmp/pivot", 0777) = 0
[pid 296] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid 296] chdir("/") = 0
[ 22.435976][ T28] audit: type=1400 audit(1739148413.647:66): avc: denied { execmem } for pid=295 comm="syz-executor212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 22.443585][ T28] audit: type=1400 audit(1739148413.657:67): avc: denied { mounton } for pid=296 comm="syz-executor212" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[pid 296] umount2("./pivot", MNT_DETACH) = 0
[pid 296] chroot("./newroot") = 0
[pid 296] chdir("/") = 0
[pid 296] mkdir("/dev/gadgetfs", 0777) = 0
[pid 296] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = -1 ENODEV (No such device)
[pid 296] mkdir("/dev/binderfs", 0777) = 0
[pid 296] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid 296] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid 296] mkdir("./0", 0777) = 0
[pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a6f1650) = 2
./strace-static-x86_64: Process 297 attached
[pid 297] set_robust_list(0x55557a6f1660, 24) = 0
[pid 297] chdir("./0") = 0
[pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 22.465076][ T28] audit: type=1400 audit(1739148413.677:68): avc: denied { mounton } for pid=296 comm="syz-executor212" path="/root/syzkaller.82kvSA/syz-tmp" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 22.490172][ T28] audit: type=1400 audit(1739148413.677:69): avc: denied { mount } for pid=296 comm="syz-executor212" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 22.492687][ T296] request_module fs-gadgetfs succeeded, but still no fs?
[pid 297] setpgid(0, 0executing program
) = 0
[pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 297] write(3, "1000", 4) = 4
[pid 297] close(3) = 0
[pid 297] symlink("/dev/binderfs", "./binderfs") = 0
[pid 297] write(1, "executing program\n", 18) = 18
[pid 297] mkdirat(AT_FDCWD, "./file0", 000) = 0
[pid 297] mount(".", "./file0", NULL, MS_RDONLY|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_SHARED, NULL) = 0
[pid 297] mount("./file0", "./file0", "incremental-fs", MS_RDONLY, NULL) = 0
[pid 297] close(3) = -1 EBADF (Bad file descriptor)
[pid 297] close(4) = -1 EBADF (Bad file descriptor)
[pid 297] close(5) = -1 EBADF (Bad file descriptor)
[pid 297] close(6) = -1 EBADF (Bad file descriptor)
[pid 297] close(7) = -1 EBADF (Bad file descriptor)
[pid 297] close(8) = -1 EBADF (Bad file descriptor)
[pid 297] close(9) = -1 EBADF (Bad file descriptor)
[pid 297] close(10) = -1 EBADF (Bad file descriptor)
[pid 297] close(11) = -1 EBADF (Bad file descriptor)
[pid 297] close(12) = -1 EBADF (Bad file descriptor)
[pid 297] close(13) = -1 EBADF (Bad file descriptor)
[pid 297] close(14) = -1 EBADF (Bad file descriptor)
[pid 297] close(15) = -1 EBADF (Bad file descriptor)
[pid 297] close(16) = -1 EBADF (Bad file descriptor)
[pid 297] close(17) = -1 EBADF (Bad file descriptor)
[pid 297] close(18) = -1 EBADF (Bad file descriptor)
[pid 297] close(19) = -1 EBADF (Bad file descriptor)
[pid 297] close(20) = -1 EBADF (Bad file descriptor)
[pid 297] close(21) = -1 EBADF (Bad file descriptor)
[pid 297] close(22) = -1 EBADF (Bad file descriptor)
[pid 297] close(23) = -1 EBADF (Bad file descriptor)
[pid 297] close(24) = -1 EBADF (Bad file descriptor)
[pid 297] close(25) = -1 EBADF (Bad file descriptor)
[pid 297] close(26) = -1 EBADF (Bad file descriptor)
[pid 297] close(27) = -1 EBADF (Bad file descriptor)
[pid 297] close(28) = -1 EBADF (Bad file descriptor)
[pid 297] close(29) = -1 EBADF (Bad file descriptor)
[pid 297] exit_group(0) = ?
[pid 297] +++ exited with 0 +++
[pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid 296] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid 296] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=120, ...}, AT_EMPTY_PATH) = 0
[pid 296] getdents64(3, 0x55557a6f26f0 /* 6 entries */, 32768) = 176
[pid 296] umount2("./0/.incomplete", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid 296] newfstatat(AT_FDCWD, "./0/.incomplete", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid 296] umount2("./0/.incomplete", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid 296] openat(AT_FDCWD, "./0/.incomplete", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid 296] getdents64(4, 0x55557a6fa730 /* 2 entries */, 32768) = 48
[pid 296] getdents64(4, 0x55557a6fa730 /* 0 entries */, 32768) = 0
[pid 296] close(4) = 0
[pid 296] rmdir("./0/.incomplete") = 0
[pid 296] umount2("./0/.index", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid 296] newfstatat(AT_FDCWD, "./0/.index", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid 296] umount2("./0/.index", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid 296] openat(AT_FDCWD, "./0/.index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid 296] getdents64(4, 0x55557a6fa730 /* 2 entries */, 32768) = 48
[pid 296] getdents64(4, 0x55557a6fa730 /* 0 entries */, 32768) = 0
[pid 296] close(4) = 0
[pid 296] rmdir("./0/.index") = 0
[ 22.513031][ T28] audit: type=1400 audit(1739148413.677:70): avc: denied { mounton } for pid=296 comm="syz-executor212" path="/root/syzkaller.82kvSA/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 22.529883][ T297] incfs: ino conflict with backing FS 9
[ 22.546087][ T28] audit: type=1400 audit(1739148413.677:71): avc: denied { mount } for pid=296 comm="syz-executor212" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 22.572968][ T296] ------------[ cut here ]------------
[ 22.573527][ T28] audit: type=1400 audit(1739148413.677:72): avc: denied { mounton } for pid=296 comm="syz-executor212" path="/root/syzkaller.82kvSA/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 22.578254][ T296] WARNING: CPU: 0 PID: 296 at fs/inode.c:332 drop_nlink+0xc1/0x110
[ 22.605186][ T28] audit: type=1400 audit(1739148413.677:73): avc: denied { mounton } for pid=296 comm="syz-executor212" path="/root/syzkaller.82kvSA/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=14797 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[ 22.612851][ T296] Modules linked in:
[ 22.640675][ T28] audit: type=1400 audit(1739148413.677:74): avc: denied { unmount } for pid=296 comm="syz-executor212" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 22.644095][ T296] CPU: 0 PID: 296 Comm: syz-executor212 Not tainted 6.1.124-syzkaller-00004-g1ac09f5c0571 #0
[ 22.663918][ T28] audit: type=1400 audit(1739148413.707:75): avc: denied { mounton } for pid=296 comm="syz-executor212" path="/dev/gadgetfs" dev="devtmpfs" ino=522 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 22.673706][ T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 22.673729][ T296] RIP: 0010:drop_nlink+0xc1/0x110
[ 22.711827][ T296] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 d7 d5 ef ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 7f 4d a8 ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c
[ 22.732491][ T296] RSP: 0018:ffffc90000d67b30 EFLAGS: 00010293
[ 22.738584][ T296] RAX: ffffffff81cd4741 RBX: 0000000000000000 RCX: ffff8881102ca880
[ 22.746415][ T296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 22.754301][ T296] RBP: ffffc90000d67b58 R08: ffffffff81cd46c4 R09: 0000000000000003
[ 22.762136][ T296] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000
[ 22.769910][ T296] R13: 1ffff110220e9c5a R14: ffff88811074e288 R15: ffff88811074e2d0
[ 22.777741][ T296] FS: 000055557a6f1380(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 22.786580][ T296] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 22.793005][ T296] CR2: 000055557a702738 CR3: 0000000122ed4000 CR4: 00000000003506b0
[ 22.800801][ T296] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 22.808646][ T296] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 22.816554][ T296] Call Trace:
[ 22.819631][ T296] <TASK>
[ 22.822436][ T296] ? show_regs+0x58/0x60
[ 22.826492][ T296] ? __warn+0x160/0x3d0
[ 22.830489][ T296] ? drop_nlink+0xc1/0x110
[ 22.834765][ T296] ? report_bug+0x4d5/0x7d0
[ 22.839075][ T296] ? drop_nlink+0xc1/0x110
[ 22.843355][ T296] ? handle_bug+0x41/0x70
[ 22.847493][ T296] ? exc_invalid_op+0x1b/0x50
[ 22.852043][ T296] ? asm_exc_invalid_op+0x1b/0x20
[ 22.856872][ T296] ? drop_nlink+0x44/0x110
[ 22.861126][ T296] ? drop_nlink+0xc1/0x110
[ 22.865419][ T296] ? drop_nlink+0xc1/0x110
[ 22.869625][ T296] shmem_rmdir+0x59/0x90
[ 22.873741][ T296] vfs_rmdir+0x398/0x500
[ 22.877795][ T296] incfs_kill_sb+0x113/0x230
[ 22.882254][ T296] deactivate_locked_super+0xad/0x110
[ 22.887418][ T296] deactivate_super+0xbe/0xf0
[ 22.891930][ T296] cleanup_mnt+0x485/0x510
[ 22.896399][ T296] __cleanup_mnt+0x19/0x20
[ 22.901174][ T296] task_work_run+0x24d/0x2e0
[ 22.905668][ T296] ? task_work_cancel+0x2e0/0x2e0
[ 22.910544][ T296] ptrace_notify+0x29e/0x350
[ 22.915167][ T296] ? do_notify_parent+0xa20/0xa20
[ 22.919999][ T296] ? user_path_at_empty+0x14e/0x1a0
[ 22.925236][ T296] ? __x64_sys_umount+0x122/0x170
[ 22.930259][ T296] ? path_umount+0xe70/0xe70
[ 22.934936][ T296] syscall_exit_to_user_mode+0x99/0x130
[ 22.940598][ T296] do_syscall_64+0x47/0xb0
[ 22.945660][ T296] ? clear_bhb_loop+0x55/0xb0
[ 22.950276][ T296] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 22.956279][ T296] RIP: 0033:0x7ffb543fca87
[ 22.960488][ T296] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 22.980163][ T296] RSP: 002b:00007fff39fbe148 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 22.988497][ T296] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ffb543fca87
[ 22.996852][ T296] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff39fbe200
[ 23.004826][ T296] RBP: 00007fff39fbe200 R08: 0000000000000000 R09: 0000000000000000
[ 23.012912][ T296] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007fff39fbf270
[ 23.022366][ T296] R13: 000055557a6f26c0 R14: 00007fff39fbf270 R15: 0000000000000001
[ 23.031216][ T296] </TASK>
[ 23.034497][ T296] ---[ end trace 0000000000000000 ]---
[ 23.040619][ T296] ==================================================================
[ 23.048506][ T296] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60
[ 23.054584][ T296] Write of size 4 at addr 0000000000000170 by task syz-executor212/296
[ 23.062650][ T296]
[ 23.064832][ T296] CPU: 1 PID: 296 Comm: syz-executor212 Tainted: G W 6.1.124-syzkaller-00004-g1ac09f5c0571 #0
[ 23.076289][ T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 23.086548][ T296] Call Trace:
[ 23.089671][ T296] <TASK>
[ 23.092461][ T296] dump_stack_lvl+0x151/0x1b7
[ 23.096962][ T296] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 23.102257][ T296] ? _printk+0xd1/0x111
[ 23.106262][ T296] print_report+0xe1/0x4e0
[ 23.111118][ T296] ? __virt_addr_valid+0x59/0x2f0
[ 23.116093][ T296] ? kasan_addr_to_slab+0xd/0x80
[ 23.120996][ T296] ? ihold+0x20/0x60
[ 23.124727][ T296] kasan_report+0x13c/0x170
[ 23.129056][ T296] ? ihold+0x20/0x60
[ 23.133047][ T296] kasan_check_range+0x294/0x2a0
[ 23.137950][ T296] __kasan_check_write+0x14/0x20
[ 23.142842][ T296] ihold+0x20/0x60
[ 23.146399][ T296] vfs_rmdir+0x268/0x500
[ 23.150477][ T296] incfs_kill_sb+0x113/0x230
[ 23.155159][ T296] deactivate_locked_super+0xad/0x110
[ 23.160533][ T296] deactivate_super+0xbe/0xf0
[ 23.165043][ T296] cleanup_mnt+0x485/0x510
[ 23.169302][ T296] __cleanup_mnt+0x19/0x20
[ 23.173554][ T296] task_work_run+0x24d/0x2e0
[ 23.177985][ T296] ? task_work_cancel+0x2e0/0x2e0
[ 23.182930][ T296] ptrace_notify+0x29e/0x350
[ 23.187350][ T296] ? do_notify_parent+0xa20/0xa20
[ 23.192386][ T296] ? user_path_at_empty+0x14e/0x1a0
[ 23.197466][ T296] ? __x64_sys_umount+0x122/0x170
[ 23.202446][ T296] ? path_umount+0xe70/0xe70
[ 23.207033][ T296] syscall_exit_to_user_mode+0x99/0x130
[ 23.212419][ T296] do_syscall_64+0x47/0xb0
[ 23.216905][ T296] ? clear_bhb_loop+0x55/0xb0
[ 23.221419][ T296] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 23.227135][ T296] RIP: 0033:0x7ffb543fca87
[ 23.231384][ T296] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 23.250958][ T296] RSP: 002b:00007fff39fbe148 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 23.259177][ T296] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ffb543fca87
[ 23.266989][ T296] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff39fbe200
[ 23.274801][ T296] RBP: 00007fff39fbe200 R08: 0000000000000000 R09: 0000000000000000
[ 23.282635][ T296] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007fff39fbf270
[ 23.290714][ T296] R13: 000055557a6f26c0 R14: 00007fff39fbf270 R15: 0000000000000001
[ 23.298912][ T296] </TASK>
[ 23.301979][ T296] ==================================================================
[ 23.310301][ T296] Disabling lock debugging due to kernel taint
[ 23.316791][ T296] BUG: kernel NULL pointer dereference, address: 0000000000000170
[ 23.324445][ T296] #PF: supervisor write access in kernel mode
[ 23.330432][ T296] #PF: error_code(0x0002) - not-present page
[ 23.336253][ T296] PGD 0 P4D 0
[ 23.339517][ T296] Oops: 0002 [#1] PREEMPT SMP KASAN
[ 23.344575][ T296] CPU: 1 PID: 296 Comm: syz-executor212 Tainted: G B W 6.1.124-syzkaller-00004-g1ac09f5c0571 #0
[ 23.356231][ T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 23.366121][ T296] RIP: 0010:ihold+0x25/0x60
[ 23.370473][ T296] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 51 45 a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 80 cd ef ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 d4 48 a8
[ 23.390004][ T296] RSP: 0018:ffffc90000d67b70 EFLAGS: 00010246
[ 23.395884][ T296] RAX: ffff8881102ca800 RBX: 0000000000000001 RCX: ffff8881102ca880
[ 23.403694][ T296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 23.411526][ T296] RBP: ffffc90000d67b80 R08: ffffffff8144b2c3 R09: fffffbfff0f6e6fd
[ 23.419323][ T296] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110220e988d
[ 23.427234][ T296] R13: ffff888123cee880 R14: 0000000000000000 R15: 1ffff1102479dd16
[ 23.435046][ T296] FS: 000055557a6f1380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 23.443897][ T296] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 23.450323][ T296] CR2: 0000000000000170 CR3: 0000000122ed4000 CR4: 00000000003506a0
[ 23.458135][ T296] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 23.465949][ T296] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 23.473757][ T296] Call Trace:
[ 23.476895][ T296] <TASK>
[ 23.479659][ T296] ? __die_body+0x62/0xb0
[ 23.483842][ T296] ? __die+0x7e/0x90
[ 23.487557][ T296] ? page_fault_oops+0x7f9/0xa90
[ 23.492332][ T296] ? vprintk_default+0x26/0x30
[ 23.497110][ T296] ? kernelmode_fixup_or_oops+0xd0/0xd0
[ 23.502484][ T296] ? add_taint+0x44/0xe0
[ 23.506562][ T296] ? panic+0x667/0x667
[ 23.510575][ T296] ? preempt_schedule_thunk+0x16/0x18
[ 23.515900][ T296] ? exc_page_fault+0x529/0x6d0
[ 23.521285][ T296] ? asm_exc_page_fault+0x27/0x30
[ 23.526144][ T296] ? add_taint+0x93/0xe0
[ 23.530524][ T296] ? ihold+0x25/0x60
[ 23.534505][ T296] vfs_rmdir+0x268/0x500
[ 23.538602][ T296] incfs_kill_sb+0x113/0x230
[ 23.543075][ T296] deactivate_locked_super+0xad/0x110
[ 23.548285][ T296] deactivate_super+0xbe/0xf0
[ 23.553025][ T296] cleanup_mnt+0x485/0x510
[ 23.557291][ T296] __cleanup_mnt+0x19/0x20
[ 23.561534][ T296] task_work_run+0x24d/0x2e0
[ 23.565958][ T296] ? task_work_cancel+0x2e0/0x2e0
[ 23.570918][ T296] ptrace_notify+0x29e/0x350
[ 23.575352][ T296] ? do_notify_parent+0xa20/0xa20
[ 23.580491][ T296] ? user_path_at_empty+0x14e/0x1a0
[ 23.585755][ T296] ? __x64_sys_umount+0x122/0x170
[ 23.591380][ T296] ? path_umount+0xe70/0xe70
[ 23.595935][ T296] syscall_exit_to_user_mode+0x99/0x130
[ 23.601516][ T296] do_syscall_64+0x47/0xb0
[ 23.605863][ T296] ? clear_bhb_loop+0x55/0xb0
[ 23.610635][ T296] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 23.616376][ T296] RIP: 0033:0x7ffb543fca87
[ 23.620621][ T296] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 23.640282][ T296] RSP: 002b:00007fff39fbe148 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 23.648521][ T296] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ffb543fca87
[ 23.656565][ T296] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff39fbe200
[ 23.664366][ T296] RBP: 00007fff39fbe200 R08: 0000000000000000 R09: 0000000000000000
[ 23.672181][ T296] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007fff39fbf270
[ 23.680158][ T296] R13: 000055557a6f26c0 R14: 00007fff39fbf270 R15: 0000000000000001
[ 23.687977][ T296] </TASK>
[ 23.690835][ T296] Modules linked in:
[ 23.694579][ T296] CR2: 0000000000000170
[ 23.698570][ T296] ---[ end trace 0000000000000000 ]---
[ 23.703875][ T296] RIP: 0010:ihold+0x25/0x60
[ 23.708364][ T296] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 51 45 a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 80 cd ef ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 d4 48 a8
[ 23.727809][ T296] RSP: 0018:ffffc90000d67b70 EFLAGS: 00010246
[ 23.733722][ T296] RAX: ffff8881102ca800 RBX: 0000000000000001 RCX: ffff8881102ca880
[ 23.741612][ T296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 23.749762][ T296] RBP: ffffc90000d67b80 R08: ffffffff8144b2c3 R09: fffffbfff0f6e6fd
[ 23.758343][ T296] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110220e988d
[ 23.766187][ T296] R13: ffff888123cee880 R14: 0000000000000000 R15: 1ffff1102479dd16
[ 23.774170][ T296] FS: 000055557a6f1380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 23.783263][ T296] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 23.789750][ T296] CR2: 0000000000000170 CR3: 0000000122ed4000 CR4: 00000000003506a0
[ 23.797840][ T296] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 23.805669][ T296] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 23.813700][ T296] Kernel panic - not syncing: Fatal exception
[ 23.819681][ T296] Kernel Offset: disabled
[ 23.823816][ T296] Rebooting in 86400 seconds..