./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor432139898 <...> Warning: Permanently added '10.128.1.30' (ED25519) to the list of known hosts. execve("./syz-executor432139898", ["./syz-executor432139898"], 0x7ffd6afa66c0 /* 10 vars */) = 0 brk(NULL) = 0x555590e8f000 brk(0x555590e8fd00) = 0x555590e8fd00 arch_prctl(ARCH_SET_FS, 0x555590e8f380) = 0 set_tid_address(0x555590e8f650) = 296 set_robust_list(0x555590e8f660, 24) = 0 rseq(0x555590e8fca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor432139898", 4096) = 27 getrandom("\x16\x69\xde\xa1\x1b\x01\x63\x0b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555590e8fd00 brk(0x555590eb0d00) = 0x555590eb0d00 brk(0x555590eb1000) = 0x555590eb1000 mprotect(0x7fe934164000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 getrandom("\x3b\xc8\x67\x76\xd7\xe6\x66\xfb", 8, GRND_NONBLOCK) = 8 getrandom("\x82\x59\xe6\x24\x4c\x17\x94\xac", 8, GRND_NONBLOCK) = 8 mkdir("./syzkaller.Stpyqi", 0700) = 0 chmod("./syzkaller.Stpyqi", 0777) = 0 chdir("./syzkaller.Stpyqi") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x555590e8f660, 24) = 0 [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] <... clone resumed>, child_tidptr=0x555590e8f650) = 297 [pid 297] <... prctl resumed>) = 0 [pid 297] getppid() = 0 [pid 297] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 297] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 297] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 297] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 297] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 297] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 297] unshare(CLONE_NEWNS) = 0 [pid 297] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 297] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 297] unshare(CLONE_NEWCGROUP) = 0 [pid 297] unshare(CLONE_NEWUTS) = 0 [pid 297] unshare(CLONE_SYSVSEM) = 0 [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 297] getpid() = 1 [pid 297] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c [ 28.263052][ T297] RSP: 0018:ffffc9000111fa80 EFLAGS: 00010293 [ 28.316714][ T297] RAX: ffffffff81edb95e RBX: ffff8881203f8f50 RCX: ffff88810f652600 [ 28.324727][ T297] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 28.332739][ T297] RBP: ffffc9000111faa8 R08: 0000000000000003 R09: 0000000000000004 [ 28.340816][ T297] R10: dffffc0000000000 R11: fffff52000223f40 R12: dffffc0000000000 [ 28.348852][ T297] R13: 1ffff1102407f1f3 R14: ffff8881203f8f98 R15: 0000000000000000 [ 28.356869][ T297] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 28.365959][ T297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.372585][ T297] CR2: 00007fe93416b1b0 CR3: 000000010bf92000 CR4: 00000000003526b0 [ 28.380568][ T297] Call Trace: [ 28.383867][ T297] [ 28.386896][ T297] shmem_rmdir+0x5f/0x90 [ 28.391147][ T297] vfs_rmdir+0x3e0/0x560 [ 28.395460][ T297] incfs_kill_sb+0x109/0x230 [ 28.400082][ T297] deactivate_locked_super+0xd8/0x2a0 [ 28.405495][ T297] deactivate_super+0xb8/0xe0 [ 28.410191][ T297] cleanup_mnt+0x3f1/0x480 [ 28.414636][ T297] __cleanup_mnt+0x1d/0x40 [ 28.419082][ T297] task_work_run+0x1e0/0x250 [ 28.423717][ T297] ? __cfi_task_work_run+0x10/0x10 [ 28.428844][ T297] ? free_nsproxy+0x223/0x290 [ 28.433577][ T297] do_exit+0x9bc/0x2630 [ 28.437750][ T297] ? __cfi_do_exit+0x10/0x10 [ 28.442377][ T297] ? __kasan_check_write+0x18/0x20 [ 28.447546][ T297] ? _raw_spin_lock_irq+0x8d/0x120 [ 28.452710][ T297] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 28.458275][ T297] ? zap_other_threads+0x334/0x370 [ 28.463423][ T297] do_group_exit+0x22a/0x300 [ 28.468034][ T297] __x64_sys_exit_group+0x43/0x50 [ 28.473087][ T297] x64_sys_call+0x2ed2/0x2ee0 [ 28.477790][ T297] do_syscall_64+0x58/0xf0 [ 28.482202][ T297] ? clear_bhb_loop+0x50/0xa0 [ 28.486906][ T297] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 28.492867][ T297] RIP: 0033:0x7fe9340ee709 [ 28.497298][ T297] Code: Unable to access opcode bytes at 0x7fe9340ee6df. [ 28.504332][ T297] RSP: 002b:00007ffd7e5be468 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 28.512792][ T297] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fe9340ee709 [ 28.520774][ T297] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 28.528783][ T297] RBP: 00007fe93416a350 R08: ffffffffffffffb8 R09: 0000000000000000 [ 28.536855][ T297] R10: 0000000000001000 R11: 0000000000000246 R12: 00007fe93416a350 [ 28.544858][ T297] R13: 0000000000000000 R14: 00007fe93416ada0 R15: 00007fe9340bf6f0 [ 28.552892][ T297] [ 28.555938][ T297] ---[ end trace 0000000000000000 ]--- [ 28.561565][ T297] ================================================================== [ 28.569634][ T297] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 [ 28.575877][ T297] Write of size 4 at addr 0000000000000168 by task syz-executor432/297 [ 28.584119][ T297] [ 28.586448][ T297] CPU: 1 UID: 0 PID: 297 Comm: syz-executor432 Tainted: G W 6.12.38-syzkaller-gd0c633175c04 #0 79f03ae2e0a264f34f505a942aaa3597bcba712e [ 28.586473][ T297] Tainted: [W]=WARN [ 28.586479][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 28.586489][ T297] Call Trace: [ 28.586494][ T297] [ 28.586500][ T297] __dump_stack+0x21/0x30 [ 28.586525][ T297] dump_stack_lvl+0x10c/0x190 [ 28.586545][ T297] ? __cfi_dump_stack_lvl+0x10/0x10 [ 28.586568][ T297] print_report+0x3d/0x70 [ 28.586585][ T297] kasan_report+0x163/0x1a0 [ 28.586602][ T297] ? ihold+0x24/0x70 [ 28.586618][ T297] ? _raw_spin_unlock+0x45/0x60 [ 28.586636][ T297] ? ihold+0x24/0x70 [ 28.586651][ T297] kasan_check_range+0x299/0x2a0 [ 28.586669][ T297] __kasan_check_write+0x18/0x20 [ 28.586690][ T297] ihold+0x24/0x70 [ 28.586706][ T297] vfs_rmdir+0x26a/0x560 [ 28.586726][ T297] incfs_kill_sb+0x109/0x230 [ 28.586749][ T297] deactivate_locked_super+0xd8/0x2a0 [ 28.586770][ T297] deactivate_super+0xb8/0xe0 [ 28.586789][ T297] cleanup_mnt+0x3f1/0x480 [ 28.586807][ T297] __cleanup_mnt+0x1d/0x40 [ 28.586822][ T297] task_work_run+0x1e0/0x250 [ 28.586841][ T297] ? __cfi_task_work_run+0x10/0x10 [ 28.586860][ T297] ? free_nsproxy+0x223/0x290 [ 28.586882][ T297] do_exit+0x9bc/0x2630 [ 28.586902][ T297] ? __cfi_do_exit+0x10/0x10 [ 28.586921][ T297] ? __kasan_check_write+0x18/0x20 [ 28.586943][ T297] ? _raw_spin_lock_irq+0x8d/0x120 [ 28.586960][ T297] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 28.586990][ T297] ? zap_other_threads+0x334/0x370 [ 28.587008][ T297] do_group_exit+0x22a/0x300 [ 28.587037][ T297] __x64_sys_exit_group+0x43/0x50 [ 28.587054][ T297] x64_sys_call+0x2ed2/0x2ee0 [ 28.587075][ T297] do_syscall_64+0x58/0xf0 [ 28.587095][ T297] ? clear_bhb_loop+0x50/0xa0 [ 28.587116][ T297] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 28.587136][ T297] RIP: 0033:0x7fe9340ee709 [ 28.587147][ T297] Code: Unable to access opcode bytes at 0x7fe9340ee6df. [ 28.587154][ T297] RSP: 002b:00007ffd7e5be468 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 28.587169][ T297] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fe9340ee709 [ 28.587180][ T297] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 28.587188][ T297] RBP: 00007fe93416a350 R08: ffffffffffffffb8 R09: 0000000000000000 [ 28.587198][ T297] R10: 0000000000001000 R11: 0000000000000246 R12: 00007fe93416a350 [ 28.587208][ T297] R13: 0000000000000000 R14: 00007fe93416ada0 R15: 00007fe9340bf6f0 [ 28.587219][ T297] [ 28.587224][ T297] ================================================================== [ 28.843178][ T297] Disabling lock debugging due to kernel taint [ 28.849352][ T297] BUG: kernel NULL pointer dereference, address: 0000000000000168 [ 28.857141][ T297] #PF: supervisor write access in kernel mode [ 28.863185][ T297] #PF: error_code(0x0002) - not-present page [ 28.869148][ T297] PGD 0 P4D 0 [ 28.872518][ T297] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 28.878576][ T297] CPU: 1 UID: 0 PID: 297 Comm: syz-executor432 Tainted: G B W 6.12.38-syzkaller-gd0c633175c04 #0 79f03ae2e0a264f34f505a942aaa3597bcba712e [ 28.893858][ T297] Tainted: [B]=BAD_PAGE, [W]=WARN [ 28.898864][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 28.908909][ T297] RIP: 0010:ihold+0x2a/0x70 [ 28.913529][ T297] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 bd 1a 98 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 2c 45 ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 cd [ 28.933125][ T297] RSP: 0018:ffffc9000111fac0 EFLAGS: 00010246 [ 28.939189][ T297] RAX: ffff88810f652600 RBX: 0000000000000000 RCX: ffff88810f652600 [ 28.947164][ T297] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 28.955124][ T297] RBP: ffffc9000111fad0 R08: ffffffff8896a947 R09: 1ffffffff112d528 [ 28.963085][ T297] R10: dffffc0000000000 R11: fffffbfff112d529 R12: ffff8881203f8f5c [ 28.971069][ T297] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 28.979033][ T297] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 28.988044][ T297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.994623][ T297] CR2: 0000000000000168 CR3: 000000010bf92000 CR4: 00000000003526b0 [ 29.002587][ T297] Call Trace: [ 29.005859][ T297] [ 29.008800][ T297] vfs_rmdir+0x26a/0x560 [ 29.013056][ T297] incfs_kill_sb+0x109/0x230 [ 29.017667][ T297] deactivate_locked_super+0xd8/0x2a0 [ 29.023049][ T297] deactivate_super+0xb8/0xe0 [ 29.027724][ T297] cleanup_mnt+0x3f1/0x480 [ 29.032155][ T297] __cleanup_mnt+0x1d/0x40 [ 29.036656][ T297] task_work_run+0x1e0/0x250 [ 29.041251][ T297] ? __cfi_task_work_run+0x10/0x10 [ 29.046382][ T297] ? free_nsproxy+0x223/0x290 [ 29.051167][ T297] do_exit+0x9bc/0x2630 [ 29.055329][ T297] ? __cfi_do_exit+0x10/0x10 [ 29.059933][ T297] ? __kasan_check_write+0x18/0x20 [ 29.065036][ T297] ? _raw_spin_lock_irq+0x8d/0x120 [ 29.070153][ T297] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 29.075689][ T297] ? zap_other_threads+0x334/0x370 [ 29.080788][ T297] do_group_exit+0x22a/0x300 [ 29.085413][ T297] __x64_sys_exit_group+0x43/0x50 [ 29.090428][ T297] x64_sys_call+0x2ed2/0x2ee0 [ 29.095098][ T297] do_syscall_64+0x58/0xf0 [ 29.099501][ T297] ? clear_bhb_loop+0x50/0xa0 [ 29.104176][ T297] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 29.110069][ T297] RIP: 0033:0x7fe9340ee709 [ 29.114494][ T297] Code: Unable to access opcode bytes at 0x7fe9340ee6df. [ 29.121493][ T297] RSP: 002b:00007ffd7e5be468 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 29.129892][ T297] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fe9340ee709 [ 29.137867][ T297] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 29.145864][ T297] RBP: 00007fe93416a350 R08: ffffffffffffffb8 R09: 0000000000000000 [ 29.153825][ T297] R10: 0000000000001000 R11: 0000000000000246 R12: 00007fe93416a350 [ 29.161812][ T297] R13: 0000000000000000 R14: 00007fe93416ada0 R15: 00007fe9340bf6f0 [ 29.169785][ T297] [ 29.172798][ T297] Modules linked in: [ 29.176697][ T297] CR2: 0000000000000168 [ 29.180864][ T297] ---[ end trace 0000000000000000 ]--- [ 29.186343][ T297] RIP: 0010:ihold+0x2a/0x70 [ 29.190847][ T297] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 bd 1a 98 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 2c 45 ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 cd [ 29.210439][ T297] RSP: 0018:ffffc9000111fac0 EFLAGS: 00010246 [ 29.216501][ T297] RAX: ffff88810f652600 RBX: 0000000000000000 RCX: ffff88810f652600 [ 29.224475][ T297] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 29.232448][ T297] RBP: ffffc9000111fad0 R08: ffffffff8896a947 R09: 1ffffffff112d528 [ 29.240416][ T297] R10: dffffc0000000000 R11: fffffbfff112d529 R12: ffff8881203f8f5c [ 29.248379][ T297] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 29.256339][ T297] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 29.265262][ T297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.271837][ T297] CR2: 0000000000000168 CR3: 000000010bf92000 CR4: 00000000003526b0 [ 29.279812][ T297] Kernel panic - not syncing: Fatal exception [ 29.286191][ T297] Kernel Offset: disabled [ 29.290516][ T297] Rebooting in 86400 seconds..