./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3462391181

<...>
Warning: Permanently added '10.128.1.24' (ED25519) to the list of known hosts.
execve("./syz-executor3462391181", ["./syz-executor3462391181"], 0x7ffc261aaeb0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555611c000
brk(0x55555611cd00)                     = 0x55555611cd00
arch_prctl(ARCH_SET_FS, 0x55555611c380) = 0
set_tid_address(0x55555611c650)         = 286
set_robust_list(0x55555611c660, 24)     = 0
rseq(0x55555611cca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3462391181", 4096) = 28
getrandom("\x2f\x4f\x3a\x77\x38\x7e\x53\xc5", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55555611cd00
brk(0x55555613dd00)                     = 0x55555613dd00
brk(0x55555613e000)                     = 0x55555613e000
mprotect(0x7f096f4ad000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("/syzcgroup", 0777)               = 0
mkdir("/syzcgroup/unified", 0777)       = 0
mount("none", "/syzcgroup/unified", "cgroup2", 0, NULL) = 0
chmod("/syzcgroup/unified", 0777)       = 0
openat(AT_FDCWD, "/syzcgroup/unified/cgroup.subtree_control", O_WRONLY) = 3
write(3, "+cpu", 4)                     = 4
write(3, "+io", 3)                      = 3
write(3, "+pids", 5)                    = 5
close(3)                                = 0
mkdir("/syzcgroup/net", 0777)           = 0
mount("none", "/syzcgroup/net", "cgroup", 0, "net") = -1 EINVAL (Invalid argument)
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio") = 0
umount2("/syzcgroup/net", 0)            = 0
mount("none", "/syzcgroup/net", "cgroup", 0, "devices") = -1 EINVAL (Invalid argument)
mount("none", "/syzcgroup/net", "cgroup", 0, "blkio") = 0
umount2("/syzcgroup/net", 0)            = 0
mount("none", "/syzcgroup/net", "cgroup", 0, "freezer") = 0
umount2("/syzcgroup/net", 0)            = 0
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,blkio,freezer") = ? ERESTARTNOINTR (To be restarted)
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,blkio,freezer") = ? ERESTARTNOINTR (To be restarted)
[   19.952085][   T24] audit: type=1400 audit(1712865255.040:66): avc:  denied  { execmem } for  pid=286 comm="syz-executor346" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   19.957706][   T24] audit: type=1400 audit(1712865255.040:67): avc:  denied  { mounton } for  pid=286 comm="syz-executor346" path="/syzcgroup/unified" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   19.960772][  T286] cgroup: Unknown subsys name 'net'
[   19.963300][   T24] audit: type=1400 audit(1712865255.040:68): avc:  denied  { mount } for  pid=286 comm="syz-executor346" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   19.968886][   T24] audit: type=1400 audit(1712865255.050:69): avc:  denied  { unmount } for  pid=286 comm="syz-executor346" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   19.969357][  T286] cgroup: Unknown subsys name 'devices'
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,blkio,freezer") = ? ERESTARTNOINTR (To be restarted)
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,blkio,freezer") = 0
chmod("/syzcgroup/net", 0777)           = 0
mkdir("/syzcgroup/cpu", 0777)           = 0
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset") = 0
umount2("/syzcgroup/cpu", 0)            = 0
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct") = 0
umount2("/syzcgroup/cpu", 0)            = 0
mount("none", "/syzcgroup/cpu", "cgroup", 0, "hugetlb") = -1 EINVAL (Invalid argument)
mount("none", "/syzcgroup/cpu", "cgroup", 0, "rlimit") = -1 EINVAL (Invalid argument)
mount("none", "/syzcgroup/cpu", "cgroup", 0, "memory") = 0
umount2("/syzcgroup/cpu", 0)            = 0
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,memory") = ? ERESTARTNOINTR (To be restarted)
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,memory") = ? ERESTARTNOINTR (To be restarted)
[   20.072708][  T286] cgroup: Unknown subsys name 'hugetlb'
[   20.078530][  T286] cgroup: Unknown subsys name 'rlimit'
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,memory") = ? ERESTARTNOINTR (To be restarted)
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,memory") = ? ERESTARTNOINTR (To be restarted)
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,memory") = 0
chmod("/syzcgroup/cpu", 0777)           = 0
openat(AT_FDCWD, "/syzcgroup/cpu/cgroup.clone_children", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/syzcgroup/cpu/cpuset.memory_pressure_enabled", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
mkdir("./syzkaller.VHOKgP", 0700)       = 0
chmod("./syzkaller.VHOKgP", 0777)       = 0
chdir("./syzkaller.VHOKgP")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555611c650) = 287
./strace-static-x86_64: Process 287 attached
[pid   287] set_robust_list(0x55555611c660, 24) = 0
[pid   287] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   287] setsid()                    = 1
[pid   287] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   287] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   287] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   287] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   287] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   287] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   287] unshare(CLONE_NEWNS)        = 0
[pid   287] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   287] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   287] unshare(CLONE_NEWCGROUP)    = 0
[pid   287] unshare(CLONE_NEWUTS)       = 0
[pid   287] unshare(CLONE_SYSVSEM)      = 0
[pid   287] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   287] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   287] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   287] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   287] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   287] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   287] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   287] getpid()                    = 1
[pid   287] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   287] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   287] unshare(CLONE_NEWNET)       = 0
[pid   287] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   287] write(3, "0 65535", 7)      = 7
[pid   287] close(3)                    = 0
[pid   287] mkdir("/dev/binderfs", 0777) = 0
[pid   287] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   287] getpid()                    = 1
[pid   287] mkdir("/syzcgroup/unified/syz0", 0777) = 0
[pid   287] openat(AT_FDCWD, "/syzcgroup/unified/syz0/pids.max", O_WRONLY|O_CLOEXEC) = 3
[pid   287] write(3, "32", 2)           = 2
[pid   287] close(3)                    = 0
[pid   287] openat(AT_FDCWD, "/syzcgroup/unified/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3
[pid   287] write(3, "1", 1)            = 1
[pid   287] close(3)                    = 0
[pid   287] mkdir("/syzcgroup/cpu/syz0", 0777) = 0
[pid   287] openat(AT_FDCWD, "/syzcgroup/cpu/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3
[pid   287] write(3, "1", 1)            = 1
[pid   287] close(3)                    = 0
[pid   287] openat(AT_FDCWD, "/syzcgroup/cpu/syz0/memory.soft_limit_in_bytes", O_WRONLY|O_CLOEXEC) = 3
[pid   287] write(3, "313524224", 9)    = 9
[pid   287] close(3)                    = 0
[pid   287] openat(AT_FDCWD, "/syzcgroup/cpu/syz0/memory.limit_in_bytes", O_WRONLY|O_CLOEXEC) = 3
[pid   287] write(3, "314572800", 9)    = 9
[pid   287] close(3)                    = 0
[pid   287] mkdir("/syzcgroup/net/syz0", 0777) = 0
[pid   287] openat(AT_FDCWD, "/syzcgroup/net/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3
[   20.203794][   T24] audit: type=1400 audit(1712865255.290:70): avc:  denied  { mounton } for  pid=287 comm="syz-executor346" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   20.228026][   T24] audit: type=1400 audit(1712865255.290:71): avc:  denied  { mount } for  pid=287 comm="syz-executor346" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[pid   287] write(3, "1", 1)            = 1
[pid   287] close(3)                    = 0
[pid   287] mkdir("./0", 0777)          = 0
[pid   287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555611c650) = 2
./strace-static-x86_64: Process 288 attached
[pid   288] set_robust_list(0x55555611c660, 24) = 0
[pid   288] chdir("./0")                = 0
[pid   288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   288] setpgid(0, 0)               = 0
[pid   288] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0
[pid   288] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0
[pid   288] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0
[pid   288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   288] write(3, "1000", 4)         = 4
[pid   288] close(3)                    = 0
[pid   288] symlink("/dev/binderfs", "./binderfs") = 0
[pid   288] mkdir("./file0", 000)       = 0
[pid   288] mount(NULL, "./file0", "tmpfs", 0, NULL) = 0
[pid   288] mount("./file0", "./cgroup", "incremental-fs", 0, NULL) = 0
[pid   288] close(3)                    = -1 EBADF (Bad file descriptor)
[pid   288] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   288] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   288] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   288] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   288] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   288] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   288] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   288] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   288] exit_group(0)               = ?
[pid   288] +++ exited with 0 +++
[pid   287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   287] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   287] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   287] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   287] getdents64(3, 0x55555611d6f0 /* 7 entries */, 32768) = 208
[pid   287] umount2("./0/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   287] newfstatat(AT_FDCWD, "./0/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   287] unlink("./0/cgroup.cpu")    = 0
[pid   287] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   287] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   287] unlink("./0/binderfs")      = 0
[pid   287] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
[pid   287] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=80, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   287] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
[pid   287] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   287] newfstatat(4, "", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=80, ...}, AT_EMPTY_PATH) = 0
[pid   287] getdents64(4, 0x555556125730 /* 4 entries */, 32768) = 112
[pid   287] umount2("./0/file0/.incomplete", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   287] newfstatat(AT_FDCWD, "./0/file0/.incomplete", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   287] umount2("./0/file0/.incomplete", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   287] openat(AT_FDCWD, "./0/file0/.incomplete", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
[pid   287] newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   287] getdents64(5, 0x55555612d770 /* 2 entries */, 32768) = 48
[pid   287] getdents64(5, 0x55555612d770 /* 0 entries */, 32768) = 0
[pid   287] close(5)                    = 0
[pid   287] rmdir("./0/file0/.incomplete") = 0
[pid   287] umount2("./0/file0/.index", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   287] newfstatat(AT_FDCWD, "./0/file0/.index", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   287] umount2("./0/file0/.index", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   287] openat(AT_FDCWD, "./0/file0/.index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
[pid   287] newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   287] getdents64(5, 0x55555612d770 /* 2 entries */, 32768) = 48
[pid   287] getdents64(5, 0x55555612d770 /* 0 entries */, 32768) = 0
[pid   287] close(5)                    = 0
[pid   287] rmdir("./0/file0/.index")   = 0
[pid   287] getdents64(4, 0x555556125730 /* 0 entries */, 32768) = 0
[pid   287] close(4)                    = 0
[pid   287] rmdir("./0/file0")          = -1 EBUSY (Device or resource busy)
[   20.230949][  T287] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   20.250654][   T24] audit: type=1400 audit(1712865255.290:72): avc:  denied  { mounton } for  pid=287 comm="syz-executor346" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   20.267840][  T288] incfs: ino conflict with backing FS 1
[pid   287] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
[pid   287] exit_group(1)               = ?
[   20.282223][   T24] audit: type=1400 audit(1712865255.310:73): avc:  denied  { mounton } for  pid=287 comm="syz-executor346" path="/dev/binderfs" dev="devtmpfs" ino=357 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   20.309942][   T24] audit: type=1400 audit(1712865255.310:74): avc:  denied  { mount } for  pid=287 comm="syz-executor346" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   20.332345][   T24] audit: type=1400 audit(1712865255.350:75): avc:  denied  { mounton } for  pid=288 comm="syz-executor346" path="/root/syzkaller.VHOKgP/0/file0" dev="sda1" ino=1936 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   20.333045][  T287] ------------[ cut here ]------------
[   20.362105][  T287] WARNING: CPU: 1 PID: 287 at fs/inode.c:304 drop_nlink+0xc1/0x110
[   20.369907][  T287] Modules linked in:
[   20.373615][  T287] CPU: 1 PID: 287 Comm: syz-executor346 Not tainted 5.10.209-syzkaller-00002-g4e1bc8d8e8ae #0
[   20.383877][  T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   20.394137][  T287] RIP: 0010:drop_nlink+0xc1/0x110
[   20.399094][  T287] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 17 dc f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 9f 5e b3 ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c
[   20.419316][  T287] RSP: 0018:ffffc90000b07b08 EFLAGS: 00010293
[   20.425125][  T287] RAX: ffffffff81b74951 RBX: 0000000000000000 RCX: ffff88811d163b40
[   20.432971][  T287] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   20.441168][  T287] RBP: ffffc90000b07b30 R08: ffffffff81b748d4 R09: 0000000000000003
[   20.449005][  T287] R10: fffff52000160f50 R11: dffffc0000000001 R12: dffffc0000000000
[   20.456815][  T287] R13: 1ffff11022e7e0fd R14: ffff8881173f07a0 R15: ffff8881173f07e8
[   20.464707][  T287] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   20.473430][  T287] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   20.479851][  T287] CR2: 00007f096f4b41b0 CR3: 000000010cacb000 CR4: 00000000003506a0
[   20.487619][  T287] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   20.496026][  T287] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   20.503928][  T287] Call Trace:
[   20.507038][  T287]  ? show_regs+0x58/0x60
[   20.511184][  T287]  ? __warn+0x160/0x2f0
[   20.515116][  T287]  ? drop_nlink+0xc1/0x110
[   20.519431][  T287]  ? report_bug+0x3d9/0x5b0
[   20.523699][  T287]  ? drop_nlink+0xc1/0x110
[   20.527996][  T287]  ? handle_bug+0x41/0x70
[   20.532397][  T287]  ? exc_invalid_op+0x1b/0x50
[   20.536894][  T287]  ? asm_exc_invalid_op+0x12/0x20
[   20.542177][  T287]  ? drop_nlink+0x44/0x110
[   20.546353][  T287]  ? drop_nlink+0xc1/0x110
[   20.550792][  T287]  ? drop_nlink+0xc1/0x110
[   20.555035][  T287]  ? drop_nlink+0xc1/0x110
[   20.559478][  T287]  shmem_rmdir+0x59/0x90
[   20.563549][  T287]  vfs_rmdir+0x2b7/0x3f0
[   20.567605][  T287]  incfs_kill_sb+0x108/0x220
[   20.572128][  T287]  deactivate_locked_super+0xad/0x110
[   20.577240][  T287]  deactivate_super+0xbe/0xf0
[   20.581839][  T287]  cleanup_mnt+0x45c/0x510
[   20.586005][  T287]  __cleanup_mnt+0x19/0x20
[   20.590314][  T287]  task_work_run+0x129/0x190
[   20.594686][  T287]  do_exit+0xc83/0x2a50
[   20.598716][  T287]  ? put_task_struct+0x80/0x80
[   20.603278][  T287]  ? _raw_spin_unlock_irq+0x4e/0x70
[   20.608378][  T287]  ? ptrace_notify+0x24c/0x350
[   20.612912][  T287]  ? do_notify_parent+0xa10/0xa10
[   20.617957][  T287]  ? debug_smp_processor_id+0x17/0x20
[   20.623166][  T287]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   20.629146][  T287]  do_group_exit+0x141/0x310
[   20.633480][  T287]  __x64_sys_exit_group+0x3f/0x40
[   20.638379][  T287]  do_syscall_64+0x34/0x70
[   20.642589][  T287]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[   20.648393][  T287] RIP: 0033:0x7f096f437909
[   20.652564][  T287] Code: Unable to access opcode bytes at RIP 0x7f096f4378df.
[   20.659853][  T287] RSP: 002b:00007fff940343c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   20.668054][  T287] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f096f437909
[   20.675822][  T287] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   20.683895][  T287] RBP: 00007f096f4b3350 R08: ffffffffffffffb8 R09: 0000000000000000
[   20.691799][  T287] R10: 0000000000001000 R11: 0000000000000246 R12: 00007f096f4b3350
[   20.699706][  T287] R13: 0000000000000000 R14: 00007f096f4b3da0 R15: 00007f096f4088f0
[   20.707415][  T287] ---[ end trace 84092e9bf4af7d85 ]---
[   20.712998][  T287] ==================================================================
[   20.720870][  T287] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60
[   20.726936][  T287] Write of size 4 at addr 0000000000000170 by task syz-executor346/287
[   20.735004][  T287] 
[   20.737183][  T287] CPU: 1 PID: 287 Comm: syz-executor346 Tainted: G        W         5.10.209-syzkaller-00002-g4e1bc8d8e8ae #0
[   20.748721][  T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   20.758614][  T287] Call Trace:
[   20.761750][  T287]  dump_stack_lvl+0x1e2/0x24b
[   20.766257][  T287]  ? panic+0x80b/0x80b
[   20.770161][  T287]  ? _raw_spin_lock+0xa4/0x1b0
[   20.774761][  T287]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   20.780057][  T287]  kasan_report+0x167/0x1c0
[   20.784394][  T287]  ? __dentry_kill+0x505/0x650
[   20.788994][  T287]  ? ihold+0x20/0x60
[   20.792725][  T287]  ? ihold+0x20/0x60
[   20.796470][  T287]  kasan_check_range+0x293/0x2a0
[   20.801235][  T287]  __kasan_check_write+0x14/0x20
[   20.806021][  T287]  ihold+0x20/0x60
[   20.809594][  T287]  vfs_rmdir+0x200/0x3f0
[   20.813652][  T287]  incfs_kill_sb+0x108/0x220
[   20.818165][  T287]  deactivate_locked_super+0xad/0x110
[   20.823367][  T287]  deactivate_super+0xbe/0xf0
[   20.827887][  T287]  cleanup_mnt+0x45c/0x510
[   20.832179][  T287]  __cleanup_mnt+0x19/0x20
[   20.836402][  T287]  task_work_run+0x129/0x190
[   20.840818][  T287]  do_exit+0xc83/0x2a50
[   20.844808][  T287]  ? put_task_struct+0x80/0x80
[   20.849409][  T287]  ? _raw_spin_unlock_irq+0x4e/0x70
[   20.854436][  T287]  ? ptrace_notify+0x24c/0x350
[   20.859037][  T287]  ? do_notify_parent+0xa10/0xa10
[   20.863899][  T287]  ? debug_smp_processor_id+0x17/0x20
[   20.869108][  T287]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   20.875009][  T287]  do_group_exit+0x141/0x310
[   20.879455][  T287]  __x64_sys_exit_group+0x3f/0x40
[   20.884392][  T287]  do_syscall_64+0x34/0x70
[   20.888662][  T287]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[   20.894380][  T287] RIP: 0033:0x7f096f437909
[   20.898632][  T287] Code: Unable to access opcode bytes at RIP 0x7f096f4378df.
[   20.905824][  T287] RSP: 002b:00007fff940343c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   20.914070][  T287] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f096f437909
[   20.921880][  T287] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   20.929699][  T287] RBP: 00007f096f4b3350 R08: ffffffffffffffb8 R09: 0000000000000000
[   20.937501][  T287] R10: 0000000000001000 R11: 0000000000000246 R12: 00007f096f4b3350
[   20.945315][  T287] R13: 0000000000000000 R14: 00007f096f4b3da0 R15: 00007f096f4088f0
[   20.953141][  T287] ==================================================================
[   20.961105][  T287] Disabling lock debugging due to kernel taint
[   20.967440][  T287] BUG: kernel NULL pointer dereference, address: 0000000000000170
[   20.975051][  T287] #PF: supervisor write access in kernel mode
[   20.980950][  T287] #PF: error_code(0x0002) - not-present page
[   20.986772][  T287] PGD 0 P4D 0 
[   20.989978][  T287] Oops: 0002 [#1] PREEMPT SMP KASAN
[   20.995016][  T287] CPU: 1 PID: 287 Comm: syz-executor346 Tainted: G    B   W         5.10.209-syzkaller-00002-g4e1bc8d8e8ae #0
[   21.006476][  T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   21.016373][  T287] RIP: 0010:ihold+0x25/0x60
[   21.020704][  T287] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 b1 56 b3 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 00 d4 f0 ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 34 5a b3
[   21.040141][  T287] RSP: 0018:ffffc90000b07b48 EFLAGS: 00010246
[   21.046427][  T287] RAX: ffff88811d163b00 RBX: 0000000000000001 RCX: ffff88811d163b40
[   21.054235][  T287] RDX: 0000000000000000 RSI: 0000000000000286 RDI: 00000000ffffffff
[   21.062054][  T287] RBP: ffffc90000b07b58 R08: ffffffff813e2edb R09: 0000000000000003
[   21.069869][  T287] R10: fffffbfff0e10248 R11: dffffc0000000001 R12: dffffc0000000000
[   21.077669][  T287] R13: ffff88811c52a770 R14: 0000000000000000 R15: 0000000000000000
[   21.085482][  T287] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   21.094253][  T287] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   21.100760][  T287] CR2: 0000000000000170 CR3: 000000010bab6000 CR4: 00000000003506a0
[   21.108573][  T287] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   21.116376][  T287] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   21.124203][  T287] Call Trace:
[   21.127328][  T287]  ? __die_body+0x62/0xb0
[   21.131482][  T287]  ? __die+0x7e/0x90
[   21.135236][  T287]  ? no_context+0xbc8/0xf20
[   21.139561][  T287]  ? is_prefetch+0x5c0/0x5c0
[   21.143983][  T287]  ? preempt_schedule+0xd9/0xe0
[   21.148673][  T287]  ? __kasan_check_read+0x11/0x20
[   21.153533][  T287]  ? preempt_schedule_common+0xbe/0xf0
[   21.158821][  T287]  ? preempt_schedule+0xd9/0xe0
[   21.163507][  T287]  ? schedule_preempt_disabled+0x20/0x20
[   21.168974][  T287]  ? sysvec_apic_timer_interrupt+0xcb/0xe0
[   21.174614][  T287]  ? __bad_area_nosemaphore+0xcd/0x440
[   21.179915][  T287]  ? bad_area_nosemaphore+0x2d/0x40
[   21.184943][  T287]  ? exc_page_fault+0x3ea/0x5b0
[   21.189631][  T287]  ? asm_exc_page_fault+0x1e/0x30
[   21.194514][  T287]  ? check_panic_on_warn+0x5b/0xb0
[   21.199459][  T287]  ? ihold+0x25/0x60
[   21.203175][  T287]  ? ihold+0x20/0x60
[   21.206904][  T287]  vfs_rmdir+0x200/0x3f0
[   21.210986][  T287]  incfs_kill_sb+0x108/0x220
[   21.215415][  T287]  deactivate_locked_super+0xad/0x110
[   21.220617][  T287]  deactivate_super+0xbe/0xf0
[   21.225130][  T287]  cleanup_mnt+0x45c/0x510
[   21.229398][  T287]  __cleanup_mnt+0x19/0x20
[   21.233647][  T287]  task_work_run+0x129/0x190
[   21.238070][  T287]  do_exit+0xc83/0x2a50
[   21.242066][  T287]  ? put_task_struct+0x80/0x80
[   21.246658][  T287]  ? _raw_spin_unlock_irq+0x4e/0x70
[   21.251691][  T287]  ? ptrace_notify+0x24c/0x350
[   21.256287][  T287]  ? do_notify_parent+0xa10/0xa10
[   21.261153][  T287]  ? debug_smp_processor_id+0x17/0x20
[   21.266368][  T287]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   21.272314][  T287]  do_group_exit+0x141/0x310
[   21.276692][  T287]  __x64_sys_exit_group+0x3f/0x40
[   21.281595][  T287]  do_syscall_64+0x34/0x70
[   21.285799][  T287]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[   21.291541][  T287] RIP: 0033:0x7f096f437909
[   21.295776][  T287] Code: Unable to access opcode bytes at RIP 0x7f096f4378df.
[   21.302982][  T287] RSP: 002b:00007fff940343c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   21.311227][  T287] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f096f437909
[   21.319034][  T287] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   21.326847][  T287] RBP: 00007f096f4b3350 R08: ffffffffffffffb8 R09: 0000000000000000
[   21.334656][  T287] R10: 0000000000001000 R11: 0000000000000246 R12: 00007f096f4b3350
[   21.342477][  T287] R13: 0000000000000000 R14: 00007f096f4b3da0 R15: 00007f096f4088f0
[   21.350383][  T287] Modules linked in:
[   21.354118][  T287] CR2: 0000000000000170
[   21.358113][  T287] ---[ end trace 84092e9bf4af7d86 ]---
[   21.363412][  T287] RIP: 0010:ihold+0x25/0x60
[   21.367746][  T287] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 b1 56 b3 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 00 d4 f0 ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 34 5a b3
[   21.387189][  T287] RSP: 0018:ffffc90000b07b48 EFLAGS: 00010246
[   21.393087][  T287] RAX: ffff88811d163b00 RBX: 0000000000000001 RCX: ffff88811d163b40
[   21.400916][  T287] RDX: 0000000000000000 RSI: 0000000000000286 RDI: 00000000ffffffff
[   21.408795][  T287] RBP: ffffc90000b07b58 R08: ffffffff813e2edb R09: 0000000000000003
[   21.416611][  T287] R10: fffffbfff0e10248 R11: dffffc0000000001 R12: dffffc0000000000
[   21.424509][  T287] R13: ffff88811c52a770 R14: 0000000000000000 R15: 0000000000000000
[   21.432320][  T287] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   21.441084][  T287] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   21.447534][  T287] CR2: 0000000000000170 CR3: 000000010bab6000 CR4: 00000000003506a0
[   21.455495][  T287] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   21.463304][  T287] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   21.471239][  T287] Kernel panic - not syncing: Fatal exception
[   21.477461][  T287] Kernel Offset: disabled
[   21.481586][  T287] Rebooting in 86400 seconds..