./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3952329297

<...>
Warning: Permanently added '10.128.0.229' (ED25519) to the list of known hosts.
execve("./syz-executor3952329297", ["./syz-executor3952329297"], 0x7fffd4f7e180 /* 10 vars */) = 0
brk(NULL)                               = 0x55558b5de000
brk(0x55558b5ded40)                     = 0x55558b5ded40
arch_prctl(ARCH_SET_FS, 0x55558b5de3c0) = 0
set_tid_address(0x55558b5de690)         = 297
set_robust_list(0x55558b5de6a0, 24)     = 0
rseq(0x55558b5dece0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3952329297", 4096) = 28
getrandom("\xd6\x63\xa8\x55\x52\x8d\x6a\xda", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55558b5ded40
brk(0x55558b5ffd40)                     = 0x55558b5ffd40
brk(0x55558b600000)                     = 0x55558b600000
mprotect(0x7f752f13e000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 298 attached
 <unfinished ...>
[pid   298] set_robust_list(0x55558b5de6a0, 24) = 0
[pid   298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   298] getppid()                   = 0
[pid   298] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   298] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   298] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   298] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   298] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   298] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   298] unshare(CLONE_NEWNS <unfinished ...>
[pid   297] <... clone resumed>, child_tidptr=0x55558b5de690) = 298
[pid   298] <... unshare resumed>)      = 0
[pid   298] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   298] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   298] unshare(CLONE_NEWCGROUP)    = 0
[pid   298] unshare(CLONE_NEWUTS)       = 0
[pid   298] unshare(CLONE_SYSVSEM)      = 0
[pid   298] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   298] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   298] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   298] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   298] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   298] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   298] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   298] getpid()                    = 1
[pid   298] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   298] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   298] unshare(CLONE_NEWNET)       = 0
[pid   298] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   298] write(3, "0 65535", 7)      = 7
[pid   298] close(3)                    = 0
[pid   298] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid   298] write(3, "100000", 6)       = 6
[pid   298] close(3)                    = 0
[pid   298] mkdir("./syz-tmp", 0777)    = 0
[pid   298] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid   298] mkdir("./syz-tmp/newroot", 0777) = 0
[   22.657657][   T36] audit: type=1400 audit(1750605643.400:64): avc:  denied  { execmem } for  pid=297 comm="syz-executor395" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   22.680048][   T36] audit: type=1400 audit(1750605643.430:65): avc:  denied  { mounton } for  pid=298 comm="syz-executor395" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[pid   298] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid   298] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   298] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid   298] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid   298] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid   298] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   298] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   298] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid   298] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   298] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   298] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   298] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   298] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0
[pid   298] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   298] mkdir("./syz-tmp/pivot", 0777) = 0
[pid   298] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid   298] chdir("/")                  = 0
[pid   298] umount2("./pivot", MNT_DETACH) = 0
[pid   298] chroot("./newroot")         = 0
[pid   298] chdir("/")                  = 0
[pid   298] mkdir("/dev/gadgetfs", 0777) = 0
[pid   298] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = -1 ENODEV (No such device)
[pid   298] mkdir("/dev/binderfs", 0777) = 0
[pid   298] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   298] symlink("/dev/binderfs", "./binderfs") = 0
[pid   298] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
executing program
[pid   298] write(1, "executing program\n", 18) = 18
[pid   298] futex(0x7f752f1443ec, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   298] rt_sigaction(SIGRT_1, {sa_handler=0x7f752f0df810, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f752f0d0e90}, NULL, 8) = 0
[pid   298] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid   298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f752f046000
[pid   298] mprotect(0x7f752f047000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f752f066990, parent_tid=0x7f752f066990, exit_signal=0, stack=0x7f752f046000, stack_size=0x20300, tls=0x7f752f0666c0}./strace-static-x86_64: Process 299 attached
 <unfinished ...>
[pid   299] set_robust_list(0x7f752f0669a0, 24) = 0
[pid   298] <... clone3 resumed> => {parent_tid=[2]}, 88) = 2
[pid   299] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid   298] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid   299] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid   298] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid   299] futex(0x7f752f1443e8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   298] futex(0x7f752f1443e8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   299] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid   298] <... futex resumed>)        = 0
[pid   299] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 <unfinished ...>
[pid   298] futex(0x7f752f1443ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   299] <... openat resumed>)       = 3
[pid   299] futex(0x7f752f1443ec, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   298] <... futex resumed>)        = 0
[pid   298] futex(0x7f752f1443e8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   299] <... futex resumed>)        = 1
[pid   299] openat(AT_FDCWD, "/dev/fuse", O_RDWR <unfinished ...>
[pid   298] <... futex resumed>)        = 0
[pid   299] <... openat resumed>)       = 4
[pid   298] futex(0x7f752f1443ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   299] futex(0x7f752f1443ec, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   298] <... futex resumed>)        = 0
[pid   299] <... futex resumed>)        = 1
[pid   298] futex(0x7f752f1443e8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   299] mount(NULL, "./file1", "fuse", MS_NOSUID, "fd=0x0000000000000004,rootmode=00000000000000000100000,user_id=00000000000000000000,group_id=0000000"... <unfinished ...>
[pid   298] <... futex resumed>)        = 0
[pid   299] <... mount resumed>)        = 0
[pid   298] futex(0x7f752f1443ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   299] futex(0x7f752f1443ec, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   298] <... futex resumed>)        = 0
[pid   298] futex(0x7f752f1443e8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   298] futex(0x7f752f1443ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   299] read(4, "\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x29\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\xfd\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104
[pid   299] futex(0x7f752f1443ec, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   298] <... futex resumed>)        = 0
[pid   298] futex(0x7f752f1443e8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   298] futex(0x7f752f1443ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[   22.708351][   T36] audit: type=1400 audit(1750605643.450:66): avc:  denied  { mounton } for  pid=298 comm="syz-executor395" path="/root/syz-tmp" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   22.731735][   T36] audit: type=1400 audit(1750605643.450:67): avc:  denied  { mount } for  pid=298 comm="syz-executor395" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[pid   299] openat(AT_FDCWD, "./file1", O_RDWR <unfinished ...>
[pid   298] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   298] futex(0x7f752f1443fc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f752f025000
[pid   298] mprotect(0x7f752f026000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid   298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f752f045990, parent_tid=0x7f752f045990, exit_signal=0, stack=0x7f752f025000, stack_size=0x20300, tls=0x7f752f0456c0}./strace-static-x86_64: Process 301 attached
 <unfinished ...>
[pid   301] set_robust_list(0x7f752f0459a0, 24) = 0
[pid   301] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid   298] <... clone3 resumed> => {parent_tid=[3]}, 88) = 3
[pid   301] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid   301] futex(0x7f752f1443f8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid   298] futex(0x7f752f1443f8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   301] <... futex resumed>)        = 0
[pid   298] <... futex resumed>)        = 1
[pid   301] write(4, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80) = 80
[pid   301] futex(0x7f752f1443fc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   298] futex(0x7f752f1443fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   301] <... futex resumed>)        = 0
[pid   298] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid   301] futex(0x7f752f1443f8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   298] futex(0x7f752f1443f8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   301] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid   298] <... futex resumed>)        = 0
[pid   301] read(4,  <unfinished ...>
[pid   298] futex(0x7f752f1443fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   301] <... read resumed>"\x30\x00\x00\x00\x0e\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x80\x00\x00\x00\x00\x00\x00", 8224) = 48
[pid   301] futex(0x7f752f1443fc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   298] <... futex resumed>)        = 0
[pid   301] futex(0x7f752f1443f8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   298] futex(0x7f752f1443f8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   301] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid   301] write(4, "\x10\x00\x00\x00\xda\xff\xff\xff\x04\x00\x00\x00\x00\x00\x00\x00", 16 <unfinished ...>
[pid   298] <... futex resumed>)        = 0
[pid   301] <... write resumed>)        = 16
[pid   299] <... openat resumed>)       = 5
[pid   298] futex(0x7f752f1443fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   301] futex(0x7f752f1443fc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   299] futex(0x7f752f1443ec, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   298] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid   301] <... futex resumed>)        = 0
[pid   299] <... futex resumed>)        = 0
[pid   298] close(3 <unfinished ...>
[pid   301] futex(0x7f752f1443f8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   299] futex(0x7f752f1443e8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   298] <... close resumed>)        = 0
[pid   298] close(4)                    = 0
[   22.754471][   T36] audit: type=1400 audit(1750605643.460:68): avc:  denied  { mounton } for  pid=298 comm="syz-executor395" path="/root/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   22.778274][   T36] audit: type=1400 audit(1750605643.460:69): avc:  denied  { mount } for  pid=298 comm="syz-executor395" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   22.798617][  T298] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN PTI
[   22.800617][   T36] audit: type=1400 audit(1750605643.460:70): avc:  denied  { mounton } for  pid=298 comm="syz-executor395" path="/root/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   22.812677][  T298] KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf]
[   22.812698][  T298] CPU: 0 UID: 0 PID: 298 Comm: syz-executor395 Not tainted 6.12.23-syzkaller-gd9fd901baa98 #0 f1acc3ef52b3e732a05c4f7a2560722db90bb473
[   22.838129][   T36] audit: type=1400 audit(1750605643.460:71): avc:  denied  { mounton } for  pid=298 comm="syz-executor395" path="/root/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=2414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   22.846240][  T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   22.846252][  T298] RIP: 0010:fuse_file_release+0x29e/0x400
[   22.860249][   T36] audit: type=1400 audit(1750605643.460:72): avc:  denied  { unmount } for  pid=298 comm="syz-executor395" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   22.885970][  T298] Code: 00 74 12 48 89 df e8 41 1e a1 ff 48 ba 00 00 00 00 00 fc ff df 4c 89 2b 4c 8b 75 b8 49 81 c7 c8 00 00 00 4c 89 f8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ff e8 f4 1c a1 ff 48 ba 00 00 00 00 00 fc
[   22.885986][  T298] RSP: 0018:ffffc9000126fd88 EFLAGS: 00010202
[   22.886012][  T298] RAX: 0000000000000019 RBX: 0000000000000000 RCX: ffff888100f28000
[   22.896269][   T36] audit: type=1400 audit(1750605643.480:73): avc:  denied  { mounton } for  pid=298 comm="syz-executor395" path="/dev/gadgetfs" dev="devtmpfs" ino=434 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   22.901735][  T298] RDX: dffffc0000000000 RSI: 0000000000000a02 RDI: ffff88810ea47c78
[   22.901749][  T298] RBP: ffffc9000126fdd0 R08: 0000000000000003 R09: 0000000000000004
[   22.901761][  T298] R10: dffffc0000000000 R11: fffff5200024df80 R12: 0000000000008002
[   23.001505][  T298] R13: ffff888128f18480 R14: ffff88810ea47c00 R15: 00000000000000c8
[   23.009451][  T298] FS:  000055558b5de3c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   23.018350][  T298] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   23.024902][  T298] CR2: 00007f752f045d58 CR3: 00000001232ac000 CR4: 00000000003526b0
[   23.032845][  T298] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   23.040788][  T298] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   23.048730][  T298] Call Trace:
[   23.051985][  T298]  <TASK>
[   23.054891][  T298]  fuse_release+0x13e/0x1b0
[   23.059387][  T298]  ? __cfi_fuse_release+0x10/0x10
[   23.064385][  T298]  __fput+0x1fb/0xa00
[   23.068337][  T298]  __fput_sync+0x4a/0x70
[   23.072549][  T298]  __se_sys_close+0x17b/0x240
[   23.077196][  T298]  __x64_sys_close+0x3c/0x60
[   23.081765][  T298]  x64_sys_call+0x2560/0x2ee0
[   23.086443][  T298]  do_syscall_64+0x58/0xf0
[   23.090843][  T298]  ? clear_bhb_loop+0x35/0x90
[   23.095504][  T298]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   23.101377][  T298] RIP: 0033:0x7f752f0b8b4a
[   23.105780][  T298] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 33 63 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 93 63 02 00 8b 44 24
[   23.125359][  T298] RSP: 002b:00007fff60194c60 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   23.133744][  T298] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f752f0b8b4a
[   23.141688][  T298] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[   23.149628][  T298] RBP: 0000000000005904 R08: 7fffffffffffffff R09: 0000000000000000
[   23.157572][  T298] R10: 00007fff60194ca0 R11: 0000000000000293 R12: 0000000000000008
[   23.165513][  T298] R13: 0000000000005936 R14: 00000000000003e8 R15: 00007f752f1443fc
[   23.173458][  T298]  </TASK>
[   23.176450][  T298] Modules linked in:
[   23.180423][  T298] ---[ end trace 0000000000000000 ]---
[   23.185902][  T298] RIP: 0010:fuse_file_release+0x29e/0x400
[   23.191646][  T298] Code: 00 74 12 48 89 df e8 41 1e a1 ff 48 ba 00 00 00 00 00 fc ff df 4c 89 2b 4c 8b 75 b8 49 81 c7 c8 00 00 00 4c 89 f8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ff e8 f4 1c a1 ff 48 ba 00 00 00 00 00 fc
[   23.211265][  T298] RSP: 0018:ffffc9000126fd88 EFLAGS: 00010202
[   23.217317][  T298] RAX: 0000000000000019 RBX: 0000000000000000 RCX: ffff888100f28000
[   23.225280][  T298] RDX: dffffc0000000000 RSI: 0000000000000a02 RDI: ffff88810ea47c78
[   23.233249][  T298] RBP: ffffc9000126fdd0 R08: 0000000000000003 R09: 0000000000000004
[   23.241219][  T298] R10: dffffc0000000000 R11: fffff5200024df80 R12: 0000000000008002
[   23.249177][  T298] R13: ffff888128f18480 R14: ffff88810ea47c00 R15: 00000000000000c8
[   23.257153][  T298] FS:  000055558b5de3c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   23.266076][  T298] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   23.272655][  T298] CR2: 00007f752f045d58 CR3: 00000001232ac000 CR4: 00000000003526b0
[   23.280620][  T298] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   23.288577][  T298] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   23.296556][  T298] Kernel panic - not syncing: Fatal exception
[   23.302939][  T298] Kernel Offset: disabled
[   23.307256][  T298] Rebooting in 86400 seconds..