./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3786285620

<...>
Warning: Permanently added '10.128.0.210' (ED25519) to the list of known hosts.
execve("./syz-executor3786285620", ["./syz-executor3786285620"], 0x7ffc8d622a60 /* 10 vars */) = 0
brk(NULL)                               = 0x55558dda3000
brk(0x55558dda3e00)                     = 0x55558dda3e00
arch_prctl(ARCH_SET_FS, 0x55558dda3480) = 0
set_tid_address(0x55558dda3750)         = 289
set_robust_list(0x55558dda3760, 24)     = 0
rseq(0x55558dda3da0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3786285620", 4096) = 28
getrandom("\x51\x1b\x90\x19\xff\x72\xbe\x75", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55558dda3e00
brk(0x55558ddc4e00)                     = 0x55558ddc4e00
brk(0x55558ddc5000)                     = 0x55558ddc5000
mprotect(0x7f1eac347000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f1eac29ddf0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f1eac2a5b40}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f1eac29ddf0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f1eac2a5b40}, NULL, 8) = 0
mkdir("./syzkaller.MXLCHo", 0700)       = 0
chmod("./syzkaller.MXLCHo", 0777)       = 0
chdir("./syzkaller.MXLCHo")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dda3750) = 290
./strace-static-x86_64: Process 290 attached
[pid   290] set_robust_list(0x55558dda3760, 24) = 0
[pid   290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   290] getppid()                   = 0
[pid   290] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   290] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   290] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   290] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   290] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   290] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   290] unshare(CLONE_NEWNS)        = 0
[pid   290] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   290] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   290] unshare(CLONE_NEWCGROUP)    = 0
[pid   290] unshare(CLONE_NEWUTS)       = 0
[pid   290] unshare(CLONE_SYSVSEM)      = 0
[pid   290] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   290] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   290] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   290] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   290] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   290] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   290] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   290] getpid()                    = 1
[pid   290] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   290] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[   38.487364][   T28] audit: type=1400 audit(1748469859.486:64): avc:  denied  { execmem } for  pid=289 comm="syz-executor378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[pid   290] unshare(CLONE_NEWNET)       = 0
[pid   290] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   290] write(3, "0 65535", 7)      = 7
[pid   290] close(3)                    = 0
[pid   290] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid   290] write(3, "100000", 6)       = 6
[pid   290] close(3)                    = 0
[pid   290] mkdir("./syz-tmp", 0777)    = 0
[pid   290] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid   290] mkdir("./syz-tmp/newroot", 0777) = 0
[pid   290] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid   290] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   290] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid   290] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid   290] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid   290] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   290] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   290] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid   290] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   290] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   290] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   290] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   290] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0
[pid   290] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   290] mkdir("./syz-tmp/pivot", 0777) = 0
[   38.521927][   T28] audit: type=1400 audit(1748469859.486:65): avc:  denied  { mounton } for  pid=290 comm="syz-executor378" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[pid   290] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid   290] chdir("/")                  = 0
[pid   290] umount2("./pivot", MNT_DETACH) = 0
[pid   290] chroot("./newroot")         = 0
[pid   290] chdir("/")                  = 0
[pid   290] mkdir("/dev/gadgetfs", 0777) = 0
[   38.574317][   T28] audit: type=1400 audit(1748469859.516:66): avc:  denied  { mounton } for  pid=290 comm="syz-executor378" path="/root/syzkaller.MXLCHo/syz-tmp" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[pid   290] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = -1 ENODEV (No such device)
[pid   290] mkdir("/dev/binderfs", 0777) = 0
[pid   290] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   290] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   290] mkdir("./0", 0777)          = 0
[pid   290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   290] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   290] close(3)                    = 0
[pid   290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dda3750) = 2
[   38.612834][   T28] audit: type=1400 audit(1748469859.516:67): avc:  denied  { mount } for  pid=290 comm="syz-executor378" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   38.616255][  T290] request_module fs-gadgetfs succeeded, but still no fs?
./strace-static-x86_64: Process 292 attached
[pid   292] set_robust_list(0x55558dda3760, 24) = 0
[pid   292] chdir("./0")                = 0
[pid   292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   292] setpgid(0, 0)               = 0
[pid   292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   292] write(3, "1000", 4)         = 4
[pid   292] close(3)                    = 0
[pid   292] symlink("/dev/binderfs", "./binderfs") = 0
[pid   292] write(1, "executing program\n", 18executing program
) = 18
[pid   292] mkdir("./file0", 0777)      = 0
[pid   292] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid   292] open_tree(AT_FDCWD, "", OPEN_TREE_CLONE|OPEN_TREE_CLOEXEC|AT_SYMLINK_NOFOLLOW|AT_NO_AUTOMOUNT|AT_EMPTY_PATH|AT_RECURSIVE) = 3
[pid   292] move_mount(3, ".", AT_FDCWD, "./file0", 0) = 0
[pid   292] mount("./file0", "./file0", "incremental-fs", 0, NULL) = 0
[pid   292] close(3)                    = 0
[pid   292] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   292] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   292] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   292] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   292] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   292] close(9)                    = -1 EBADF (Bad file descriptor)
[   38.653093][   T28] audit: type=1400 audit(1748469859.566:68): avc:  denied  { mounton } for  pid=290 comm="syz-executor378" path="/root/syzkaller.MXLCHo/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   38.701830][   T28] audit: type=1400 audit(1748469859.566:69): avc:  denied  { mount } for  pid=290 comm="syz-executor378" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   38.712196][  T292] incfs: ino conflict with backing FS 9
[pid   292] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   292] exit_group(0)               = ?
[pid   292] +++ exited with 0 +++
[pid   290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   290] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   290] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=120, ...}, AT_EMPTY_PATH) = 0
[pid   290] getdents64(3, 0x55558dda47f0 /* 6 entries */, 32768) = 176
[pid   290] umount2("./0/.incomplete", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] newfstatat(AT_FDCWD, "./0/.incomplete", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   290] umount2("./0/.incomplete", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] openat(AT_FDCWD, "./0/.incomplete", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   290] getdents64(4, 0x55558ddac830 /* 2 entries */, 32768) = 48
[pid   290] getdents64(4, 0x55558ddac830 /* 0 entries */, 32768) = 0
[pid   290] close(4)                    = 0
[pid   290] rmdir("./0/.incomplete")    = 0
[pid   290] umount2("./0/.index", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] newfstatat(AT_FDCWD, "./0/.index", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   290] umount2("./0/.index", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   290] openat(AT_FDCWD, "./0/.index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   290] getdents64(4, 0x55558ddac830 /* 2 entries */, 32768) = 48
[pid   290] getdents64(4, 0x55558ddac830 /* 0 entries */, 32768) = 0
[pid   290] close(4)                    = 0
[pid   290] rmdir("./0/.index")         = 0
[   38.729836][   T28] audit: type=1400 audit(1748469859.566:70): avc:  denied  { mounton } for  pid=290 comm="syz-executor378" path="/root/syzkaller.MXLCHo/syz-tmp/newroot/selinux" dev="tmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   38.782783][   T28] audit: type=1400 audit(1748469859.566:71): avc:  denied  { mounton } for  pid=290 comm="syz-executor378" path="/root/syzkaller.MXLCHo/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   38.783017][  T290] ------------[ cut here ]------------
[   38.824308][   T28] audit: type=1400 audit(1748469859.566:72): avc:  denied  { mounton } for  pid=290 comm="syz-executor378" path="/root/syzkaller.MXLCHo/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=14761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   38.824378][   T28] audit: type=1400 audit(1748469859.566:73): avc:  denied  { unmount } for  pid=290 comm="syz-executor378" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   38.913996][  T290] WARNING: CPU: 0 PID: 290 at fs/inode.c:332 drop_nlink+0xc5/0x110
[   38.932944][  T290] Modules linked in:
[   38.942000][  T290] CPU: 0 PID: 290 Comm: syz-executor378 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0
[   38.958559][  T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   38.974306][  T290] RIP: 0010:drop_nlink+0xc5/0x110
[   38.981599][  T290] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 63 ee f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 1b 93 ac ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c
[   39.011050][  T290] RSP: 0018:ffffc90000dc7b38 EFLAGS: 00010293
[   39.020608][  T290] RAX: ffffffff81c35df5 RBX: ffff8881251c8080 RCX: ffff88811eb06540
[   39.031638][  T290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   39.044407][  T290] RBP: ffffc90000dc7b60 R08: 0000000000000004 R09: 0000000000000003
[   39.053157][  T290] R10: fffff520001b8f58 R11: 1ffff920001b8f58 R12: dffffc0000000000
[   39.062742][  T290] R13: 1ffff11024a39019 R14: ffff8881251c80c8 R15: 0000000000000000
[   39.074284][  T290] FS:  000055558dda3480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   39.089610][  T290] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   39.097890][  T290] CR2: 0000555b736f0748 CR3: 0000000121e3c000 CR4: 00000000003506b0
[   39.113386][  T290] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   39.128589][  T290] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   39.142696][  T290] Call Trace:
[   39.148668][  T290]  <TASK>
[   39.152363][  T290]  shmem_rmdir+0x5b/0x90
[   39.157418][  T290]  vfs_rmdir+0x393/0x500
[   39.166144][  T290]  incfs_kill_sb+0x105/0x220
[   39.171477][  T290]  deactivate_locked_super+0xb5/0x120
[   39.177882][  T290]  deactivate_super+0xaf/0xe0
[   39.186721][  T290]  cleanup_mnt+0x45f/0x4e0
[   39.192295][  T290]  ? umount_tree+0xe10/0xe10
[   39.197571][  T290]  __cleanup_mnt+0x19/0x20
[   39.206674][  T290]  task_work_run+0x1db/0x240
[   39.212859][  T290]  ? __cfi_task_work_run+0x10/0x10
[   39.218555][  T290]  ? path_umount+0x351/0xf40
[   39.227052][  T290]  ? __kasan_slab_free+0x11/0x20
[   39.232424][  T290]  ptrace_notify+0x221/0x250
[   39.237718][  T290]  ? __cfi_path_umount+0x10/0x10
[   39.245143][  T290]  ? __cfi_ptrace_notify+0x10/0x10
[   39.251972][  T290]  ? user_path_at_empty+0x161/0x1c0
[   39.258802][  T290]  ? __x64_sys_umount+0x125/0x160
[   39.268597][  T290]  ? __cfi___x64_sys_umount+0x10/0x10
[   39.275988][  T290]  ? fpregs_restore_userregs+0x128/0x260
[   39.286027][  T290]  syscall_exit_work+0x84/0x140
[   39.291225][  T290]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   39.298380][  T290]  syscall_exit_to_user_mode+0xd/0x30
[   39.309747][  T290]  do_syscall_64+0x58/0xa0
[   39.316769][  T290]  ? clear_bhb_loop+0x15/0x70
[   39.327208][  T290]  ? clear_bhb_loop+0x15/0x70
[   39.332706][  T290]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   39.343151][  T290] RIP: 0033:0x7f1eac2d4247
[   39.352900][  T290] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[   39.376635][  T290] RSP: 002b:00007ffc668f5d28 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[   39.389809][  T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f1eac2d4247
[   39.402920][  T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc668f5de0
[   39.413587][  T290] RBP: 00007ffc668f5de0 R08: 0000000000000000 R09: 0000000000000000
[   39.426599][  T290] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc668f6e50
[   39.435712][  T290] R13: 000055558dda47c0 R14: 431bde82d7b634db R15: 00007ffc668f6e70
[   39.449260][  T290]  </TASK>
[   39.453605][  T290] ---[ end trace 0000000000000000 ]---
[   39.466096][  T290] ==================================================================
[   39.485472][  T290] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60
[   39.494354][  T290] Write of size 4 at addr 0000000000000170 by task syz-executor378/290
[   39.511848][  T290] 
[   39.515912][  T290] CPU: 0 PID: 290 Comm: syz-executor378 Tainted: G        W          6.1.138-syzkaller-00046-gdb710ea87c32 #0
[   39.538429][  T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   39.556287][  T290] Call Trace:
[   39.562167][  T290]  <TASK>
[   39.567215][  T290]  __dump_stack+0x21/0x24
[   39.572137][  T290]  dump_stack_lvl+0xee/0x150
[   39.577448][  T290]  ? __cfi_dump_stack_lvl+0x8/0x8
[   39.586546][  T290]  ? ihold+0x20/0x60
[   39.591346][  T290]  ? ihold+0x20/0x60
[   39.595487][  T290]  print_report+0x3d/0x60
[   39.601045][  T290]  kasan_report+0x122/0x150
[   39.607420][  T290]  ? ihold+0x20/0x60
[   39.612040][  T290]  kasan_check_range+0x280/0x290
[   39.617972][  T290]  __kasan_check_write+0x14/0x20
[   39.625018][  T290]  ihold+0x20/0x60
[   39.629352][  T290]  vfs_rmdir+0x25f/0x500
[   39.634004][  T290]  incfs_kill_sb+0x105/0x220
[   39.639674][  T290]  deactivate_locked_super+0xb5/0x120
[   39.649354][  T290]  deactivate_super+0xaf/0xe0
[   39.655234][  T290]  cleanup_mnt+0x45f/0x4e0
[   39.662960][  T290]  ? umount_tree+0xe10/0xe10
[   39.670556][  T290]  __cleanup_mnt+0x19/0x20
[   39.675407][  T290]  task_work_run+0x1db/0x240
[   39.682883][  T290]  ? __cfi_task_work_run+0x10/0x10
[   39.690891][  T290]  ? path_umount+0x351/0xf40
[   39.698350][  T290]  ? __kasan_slab_free+0x11/0x20
[   39.705174][  T290]  ptrace_notify+0x221/0x250
[   39.712447][  T290]  ? __cfi_path_umount+0x10/0x10
[   39.721587][  T290]  ? __cfi_ptrace_notify+0x10/0x10
[   39.727754][  T290]  ? user_path_at_empty+0x161/0x1c0
[   39.733331][  T290]  ? __x64_sys_umount+0x125/0x160
[   39.741924][  T290]  ? __cfi___x64_sys_umount+0x10/0x10
[   39.749319][  T290]  ? fpregs_restore_userregs+0x128/0x260
[   39.755766][  T290]  syscall_exit_work+0x84/0x140
[   39.761759][  T290]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   39.770041][  T290]  syscall_exit_to_user_mode+0xd/0x30
[   39.776337][  T290]  do_syscall_64+0x58/0xa0
[   39.782611][  T290]  ? clear_bhb_loop+0x15/0x70
[   39.788784][  T290]  ? clear_bhb_loop+0x15/0x70
[   39.794291][  T290]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   39.801205][  T290] RIP: 0033:0x7f1eac2d4247
[   39.806154][  T290] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[   39.832076][  T290] RSP: 002b:00007ffc668f5d28 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[   39.840933][  T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f1eac2d4247
[   39.851061][  T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc668f5de0
[   39.859782][  T290] RBP: 00007ffc668f5de0 R08: 0000000000000000 R09: 0000000000000000
[   39.869556][  T290] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc668f6e50
[   39.879993][  T290] R13: 000055558dda47c0 R14: 431bde82d7b634db R15: 00007ffc668f6e70
[   39.888922][  T290]  </TASK>
[   39.892206][  T290] ==================================================================
[   39.903038][  T290] Disabling lock debugging due to kernel taint
[   39.910221][  T290] BUG: kernel NULL pointer dereference, address: 0000000000000170
[   39.919664][  T290] #PF: supervisor write access in kernel mode
[   39.927206][  T290] #PF: error_code(0x0002) - not-present page
[   39.934151][  T290] PGD 0 P4D 0 
[   39.937888][  T290] Oops: 0002 [#1] PREEMPT SMP KASAN
[   39.943985][  T290] CPU: 1 PID: 290 Comm: syz-executor378 Tainted: G    B   W          6.1.138-syzkaller-00046-gdb710ea87c32 #0
[   39.957082][  T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   39.969679][  T290] RIP: 0010:ihold+0x26/0x60
[   39.974717][  T290] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 81 8a ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 a0 e5 f0 ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 71
[   39.999011][  T290] RSP: 0018:ffffc90000dc7b78 EFLAGS: 00010246
[   40.006444][  T290] RAX: ffff88811eb06500 RBX: 0000000000000000 RCX: ffff88811eb06540
[   40.015580][  T290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   40.024385][  T290] RBP: ffffc90000dc7b88 R08: dffffc0000000000 R09: fffffbfff0f2cafd
[   40.033172][  T290] R10: fffffbfff0f2cafd R11: 1ffffffff0f2cafc R12: ffff8881251c808c
[   40.042906][  T290] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000
[   40.051504][  T290] FS:  000055558dda3480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   40.062171][  T290] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   40.069247][  T290] CR2: 0000000000000170 CR3: 0000000121e3c000 CR4: 00000000003506a0
[   40.078633][  T290] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   40.087067][  T290] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   40.095508][  T290] Call Trace:
[   40.100435][  T290]  <TASK>
[   40.103677][  T290]  vfs_rmdir+0x25f/0x500
[   40.109531][  T290]  incfs_kill_sb+0x105/0x220
[   40.115141][  T290]  deactivate_locked_super+0xb5/0x120
[   40.121578][  T290]  deactivate_super+0xaf/0xe0
[   40.126983][  T290]  cleanup_mnt+0x45f/0x4e0
[   40.132181][  T290]  ? umount_tree+0xe10/0xe10
[   40.137354][  T290]  __cleanup_mnt+0x19/0x20
[   40.142988][  T290]  task_work_run+0x1db/0x240
[   40.148212][  T290]  ? __cfi_task_work_run+0x10/0x10
[   40.154578][  T290]  ? path_umount+0x351/0xf40
[   40.160098][  T290]  ? __kasan_slab_free+0x11/0x20
[   40.166994][  T290]  ptrace_notify+0x221/0x250
[   40.172519][  T290]  ? __cfi_path_umount+0x10/0x10
[   40.177832][  T290]  ? __cfi_ptrace_notify+0x10/0x10
[   40.184489][  T290]  ? user_path_at_empty+0x161/0x1c0
[   40.191184][  T290]  ? __x64_sys_umount+0x125/0x160
[   40.196596][  T290]  ? __cfi___x64_sys_umount+0x10/0x10
[   40.204534][  T290]  ? fpregs_restore_userregs+0x128/0x260
[   40.210458][  T290]  syscall_exit_work+0x84/0x140
[   40.216030][  T290]  syscall_exit_to_user_mode_prepare+0x1c/0x20
[   40.222669][  T290]  syscall_exit_to_user_mode+0xd/0x30
[   40.228507][  T290]  do_syscall_64+0x58/0xa0
[   40.233301][  T290]  ? clear_bhb_loop+0x15/0x70
[   40.240146][  T290]  ? clear_bhb_loop+0x15/0x70
[   40.245713][  T290]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   40.252329][  T290] RIP: 0033:0x7f1eac2d4247
[   40.257666][  T290] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[   40.283891][  T290] RSP: 002b:00007ffc668f5d28 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[   40.293294][  T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f1eac2d4247
[   40.302601][  T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc668f5de0
[   40.312543][  T290] RBP: 00007ffc668f5de0 R08: 0000000000000000 R09: 0000000000000000
[   40.322234][  T290] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc668f6e50
[   40.331687][  T290] R13: 000055558dda47c0 R14: 431bde82d7b634db R15: 00007ffc668f6e70
[   40.342070][  T290]  </TASK>
[   40.346448][  T290] Modules linked in:
[   40.351306][  T290] CR2: 0000000000000170
[   40.356090][  T290] ---[ end trace 0000000000000000 ]---
[   40.362098][  T290] RIP: 0010:ihold+0x26/0x60
[   40.368185][  T290] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 81 8a ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 a0 e5 f0 ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 71
[   40.396382][  T290] RSP: 0018:ffffc90000dc7b78 EFLAGS: 00010246
[   40.406119][  T290] RAX: ffff88811eb06500 RBX: 0000000000000000 RCX: ffff88811eb06540
[   40.414588][  T290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   40.424097][  T290] RBP: ffffc90000dc7b88 R08: dffffc0000000000 R09: fffffbfff0f2cafd
[   40.432695][  T290] R10: fffffbfff0f2cafd R11: 1ffffffff0f2cafc R12: ffff8881251c808c
[   40.441349][  T290] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000
[   40.450724][  T290] FS:  000055558dda3480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   40.461496][  T290] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   40.469275][  T290] CR2: 0000000000000170 CR3: 0000000121e3c000 CR4: 00000000003506a0
[   40.478873][  T290] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   40.487982][  T290] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   40.496806][  T290] Kernel panic - not syncing: Fatal exception
[   40.504338][  T290] Kernel Offset: disabled
[   40.509035][  T290] Rebooting in 86400 seconds..