./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2417941120

<...>
[    4.270239][   T86] acpid (86) used greatest stack depth: 23376 bytes left
[    4.492018][  T101] udevd[101]: starting version 3.2.11
[    4.565944][  T102] udevd[102]: starting eudev-3.2.11
[    6.136511][  T182] ssh-keygen (182) used greatest stack depth: 22256 bytes left
[   15.699988][   T28] kauditd_printk_skb: 50 callbacks suppressed
[   15.700001][   T28] audit: type=1400 audit(1720845218.079:61): avc:  denied  { transition } for  pid=228 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   15.706987][   T28] audit: type=1400 audit(1720845218.079:62): avc:  denied  { noatsecure } for  pid=228 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   15.709707][   T28] audit: type=1400 audit(1720845218.089:63): avc:  denied  { write } for  pid=228 comm="sh" path="pipe:[13068]" dev="pipefs" ino=13068 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   15.713899][   T28] audit: type=1400 audit(1720845218.089:64): avc:  denied  { rlimitinh } for  pid=228 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   15.717724][   T28] audit: type=1400 audit(1720845218.089:65): avc:  denied  { siginh } for  pid=228 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.94' (ED25519) to the list of known hosts.
execve("./syz-executor2417941120", ["./syz-executor2417941120"], 0x7fff893488d0 /* 10 vars */) = 0
brk(NULL)                               = 0x5555571ec000
brk(0x5555571ecd00)                     = 0x5555571ecd00
arch_prctl(ARCH_SET_FS, 0x5555571ec380) = 0
set_tid_address(0x5555571ec650)         = 297
set_robust_list(0x5555571ec660, 24)     = 0
rseq(0x5555571ecca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2417941120", 4096) = 28
getrandom("\x5e\xb5\xbf\x35\x68\x16\x50\x07", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555571ecd00
brk(0x55555720dd00)                     = 0x55555720dd00
brk(0x55555720e000)                     = 0x55555720e000
mprotect(0x7efe6710a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.1DGFlt", 0700)       = 0
chmod("./syzkaller.1DGFlt", 0777)       = 0
chdir("./syzkaller.1DGFlt")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ec650) = 298
./strace-static-x86_64: Process 298 attached
[pid   298] set_robust_list(0x5555571ec660, 24) = 0
[pid   298] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   298] setsid()                    = 1
[pid   298] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   298] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   298] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   298] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   298] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   298] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   298] unshare(CLONE_NEWNS)        = 0
[pid   298] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   298] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   298] unshare(CLONE_NEWCGROUP)    = 0
[pid   298] unshare(CLONE_NEWUTS)       = 0
[pid   298] unshare(CLONE_SYSVSEM)      = 0
[pid   298] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   298] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   298] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   298] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   298] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   298] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   298] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   298] getpid()                    = 1
[pid   298] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   298] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   298] unshare(CLONE_NEWNET)       = 0
[pid   298] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   298] write(3, "0 65535", 7)      = 7
[pid   298] close(3)                    = 0
[pid   298] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid   298] write(3, "100000", 6)       = 6
[pid   298] close(3)                    = 0
[pid   298] mkdir("./syz-tmp", 0777)    = 0
[pid   298] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid   298] mkdir("./syz-tmp/newroot", 0777) = 0
[pid   298] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid   298] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   298] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid   298] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid   298] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid   298] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   298] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   298] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid   298] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   298] mkdir("./syz-tmp/pivot", 0777) = 0
[pid   298] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid   298] chdir("/")                  = 0
[pid   298] umount2("./pivot", MNT_DETACH) = 0
[pid   298] chroot("./newroot")         = 0
[pid   298] chdir("/")                  = 0
[pid   298] mkdir("/dev/binderfs", 0777) = 0
[pid   298] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   298] mkdir("./0", 0777)          = 0
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ec650) = 2
./strace-static-x86_64: Process 299 attached
[pid   299] set_robust_list(0x5555571ec660, 24) = 0
[pid   299] chdir("./0")                = 0
[   24.587614][   T28] audit: type=1400 audit(1720845226.969:66): avc:  denied  { execmem } for  pid=297 comm="syz-executor241" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   24.607746][   T28] audit: type=1400 audit(1720845226.989:67): avc:  denied  { mounton } for  pid=298 comm="syz-executor241" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[pid   299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   299] setpgid(0, 0)               = 0
[pid   299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   299] write(3, "1000", 4)         = 4
[pid   299] close(3)                    = 0
[pid   299] symlink("/dev/binderfs", "./binderfs") = 0
[pid   299] write(1, "executing program\n", 18executing program
) = 18
[pid   299] mkdirat(AT_FDCWD, "./file0", 000) = 0
[pid   299] mount(".", "./file0", NULL, MS_RDONLY|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_SHARED, NULL) = 0
[pid   299] mount("./file0", "./file0", "incremental-fs", 0, NULL) = 0
[pid   299] close(3)                    = -1 EBADF (Bad file descriptor)
[pid   299] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   299] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   299] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   299] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   299] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   299] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   299] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   299] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   299] exit_group(0)               = ?
[pid   299] +++ exited with 0 +++
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   298] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   298] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=120, ...}, AT_EMPTY_PATH) = 0
[pid   298] getdents64(3, 0x5555571ed6f0 /* 6 entries */, 32768) = 176
[pid   298] umount2("./0/.incomplete", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] newfstatat(AT_FDCWD, "./0/.incomplete", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] umount2("./0/.incomplete", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] openat(AT_FDCWD, "./0/.incomplete", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   298] getdents64(4, 0x5555571f5730 /* 2 entries */, 32768) = 48
[pid   298] getdents64(4, 0x5555571f5730 /* 0 entries */, 32768) = 0
[pid   298] close(4)                    = 0
[pid   298] rmdir("./0/.incomplete")    = 0
[pid   298] umount2("./0/.index", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] newfstatat(AT_FDCWD, "./0/.index", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] umount2("./0/.index", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] openat(AT_FDCWD, "./0/.index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   298] getdents64(4, 0x5555571f5730 /* 2 entries */, 32768) = 48
[pid   298] getdents64(4, 0x5555571f5730 /* 0 entries */, 32768) = 0
[pid   298] close(4)                    = 0
[pid   298] rmdir("./0/.index")         = 0
[   24.632066][   T28] audit: type=1400 audit(1720845226.989:68): avc:  denied  { mount } for  pid=298 comm="syz-executor241" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   24.644452][  T299] incfs: ino conflict with backing FS 8
[   24.654227][   T28] audit: type=1400 audit(1720845226.989:69): avc:  denied  { mounton } for  pid=298 comm="syz-executor241" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   24.680908][   T28] audit: type=1400 audit(1720845227.009:70): avc:  denied  { mounton } for  pid=298 comm="syz-executor241" path="/root/syzkaller.1DGFlt/syz-tmp" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   24.705204][   T28] audit: type=1400 audit(1720845227.009:71): avc:  denied  { mount } for  pid=298 comm="syz-executor241" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   24.705571][  T298] ------------[ cut here ]------------
[   24.727112][   T28] audit: type=1400 audit(1720845227.009:72): avc:  denied  { mounton } for  pid=298 comm="syz-executor241" path="/root/syzkaller.1DGFlt/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   24.727143][   T28] audit: type=1400 audit(1720845227.009:73): avc:  denied  { mount } for  pid=298 comm="syz-executor241" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   24.727163][   T28] audit: type=1400 audit(1720845227.009:74): avc:  denied  { unmount } for  pid=298 comm="syz-executor241" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   24.727184][   T28] audit: type=1400 audit(1720845227.019:75): avc:  denied  { mounton } for  pid=298 comm="syz-executor241" path="/dev/binderfs" dev="devtmpfs" ino=370 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   24.824566][  T298] WARNING: CPU: 0 PID: 298 at fs/inode.c:332 drop_nlink+0xc1/0x110
[   24.832410][  T298] Modules linked in:
[   24.836076][  T298] CPU: 0 PID: 298 Comm: syz-executor241 Not tainted 6.1.84-syzkaller-00005-g96d66062d076 #0
[   24.846019][  T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   24.855912][  T298] RIP: 0010:drop_nlink+0xc1/0x110
[   24.860911][  T298] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 67 e8 ef ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 9f d9 a8 ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c
[   24.880959][  T298] RSP: 0018:ffffc90000e47b30 EFLAGS: 00010293
[   24.886971][  T298] RAX: ffffffff81ccac31 RBX: 0000000000000000 RCX: ffff8881095abcc0
[   24.894782][  T298] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   24.902551][  T298] RBP: ffffc90000e47b58 R08: ffffffff81ccabb4 R09: 0000000000000003
[   24.910334][  T298] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000
[   24.918380][  T298] R13: 1ffff1102328345a R14: ffff88811941a288 R15: ffff88811941a2d0
[   24.926466][  T298] FS:  00005555571ec380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   24.935449][  T298] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   24.941886][  T298] CR2: 00005555571fd738 CR3: 0000000120fb9000 CR4: 00000000003506b0
[   24.949647][  T298] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   24.958046][  T298] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   24.966692][  T298] Call Trace:
[   24.969841][  T298]  <TASK>
[   24.972657][  T298]  ? show_regs+0x58/0x60
[   24.976872][  T298]  ? __warn+0x160/0x3d0
[   24.981228][  T298]  ? drop_nlink+0xc1/0x110
[   24.985524][  T298]  ? report_bug+0x4d5/0x7d0
[   24.989812][  T298]  ? drop_nlink+0xc1/0x110
[   24.994284][  T298]  ? handle_bug+0x41/0x70
[   24.998496][  T298]  ? exc_invalid_op+0x1b/0x50
[   25.003266][  T298]  ? asm_exc_invalid_op+0x1b/0x20
[   25.008133][  T298]  ? drop_nlink+0x44/0x110
[   25.012409][  T298]  ? drop_nlink+0xc1/0x110
[   25.016698][  T298]  ? drop_nlink+0xc1/0x110
[   25.020937][  T298]  shmem_rmdir+0x59/0x90
[   25.025134][  T298]  vfs_rmdir+0x398/0x500
[   25.029142][  T298]  incfs_kill_sb+0x113/0x230
[   25.033570][  T298]  deactivate_locked_super+0xad/0x110
[   25.038891][  T298]  deactivate_super+0xbe/0xf0
[   25.043580][  T298]  cleanup_mnt+0x485/0x510
[   25.047770][  T298]  __cleanup_mnt+0x19/0x20
[   25.052037][  T298]  task_work_run+0x24d/0x2e0
[   25.056720][  T298]  ? task_work_cancel+0x2b0/0x2b0
[   25.061957][  T298]  ptrace_notify+0x29e/0x350
[   25.066694][  T298]  ? do_notify_parent+0xa20/0xa20
[   25.071628][  T298]  ? user_path_at_empty+0x14e/0x1a0
[   25.077332][  T298]  ? __x64_sys_umount+0x122/0x170
[   25.082364][  T298]  ? path_umount+0xe70/0xe70
[   25.086984][  T298]  syscall_exit_to_user_mode+0x99/0x130
[   25.092434][  T298]  do_syscall_64+0x49/0xb0
[   25.096897][  T298]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[   25.103891][  T298]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   25.110020][  T298] RIP: 0033:0x7efe670979a7
[   25.114414][  T298] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[   25.133872][  T298] RSP: 002b:00007ffe796ee638 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[   25.142216][  T298] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007efe670979a7
[   25.150162][  T298] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe796ee6f0
[   25.158022][  T298] RBP: 00007ffe796ee6f0 R08: 0000000000000000 R09: 0000000000000000
[   25.165950][  T298] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffe796ef760
[   25.173715][  T298] R13: 00005555571ed6c0 R14: 00007ffe796ef760 R15: 0000000000000001
[   25.181615][  T298]  </TASK>
[   25.184528][  T298] ---[ end trace 0000000000000000 ]---
[   25.190130][  T298] ==================================================================
[   25.198122][  T298] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60
[   25.204399][  T298] Write of size 4 at addr 0000000000000170 by task syz-executor241/298
[   25.212470][  T298] 
[   25.214639][  T298] CPU: 1 PID: 298 Comm: syz-executor241 Tainted: G        W          6.1.84-syzkaller-00005-g96d66062d076 #0
[   25.226423][  T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   25.236340][  T298] Call Trace:
[   25.239442][  T298]  <TASK>
[   25.242273][  T298]  dump_stack_lvl+0x151/0x1b7
[   25.246821][  T298]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   25.252134][  T298]  ? _printk+0xd1/0x111
[   25.256380][  T298]  print_report+0xe1/0x4e0
[   25.260952][  T298]  ? __virt_addr_valid+0x59/0x2f0
[   25.265750][  T298]  ? kasan_addr_to_slab+0xd/0x80
[   25.270514][  T298]  ? ihold+0x20/0x60
[   25.274246][  T298]  kasan_report+0x13c/0x170
[   25.278586][  T298]  ? ihold+0x20/0x60
[   25.282415][  T298]  kasan_check_range+0x294/0x2a0
[   25.287176][  T298]  __kasan_check_write+0x14/0x20
[   25.291972][  T298]  ihold+0x20/0x60
[   25.295509][  T298]  vfs_rmdir+0x268/0x500
[   25.299599][  T298]  incfs_kill_sb+0x113/0x230
[   25.304032][  T298]  deactivate_locked_super+0xad/0x110
[   25.309330][  T298]  deactivate_super+0xbe/0xf0
[   25.313839][  T298]  cleanup_mnt+0x485/0x510
[   25.318200][  T298]  __cleanup_mnt+0x19/0x20
[   25.322436][  T298]  task_work_run+0x24d/0x2e0
[   25.326865][  T298]  ? task_work_cancel+0x2b0/0x2b0
[   25.331722][  T298]  ptrace_notify+0x29e/0x350
[   25.336173][  T298]  ? do_notify_parent+0xa20/0xa20
[   25.341004][  T298]  ? user_path_at_empty+0x14e/0x1a0
[   25.346053][  T298]  ? __x64_sys_umount+0x122/0x170
[   25.351076][  T298]  ? path_umount+0xe70/0xe70
[   25.355499][  T298]  syscall_exit_to_user_mode+0x99/0x130
[   25.360889][  T298]  do_syscall_64+0x49/0xb0
[   25.365140][  T298]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[   25.370862][  T298]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   25.376595][  T298] RIP: 0033:0x7efe670979a7
[   25.380941][  T298] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[   25.400681][  T298] RSP: 002b:00007ffe796ee638 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[   25.409074][  T298] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007efe670979a7
[   25.416993][  T298] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe796ee6f0
[   25.424951][  T298] RBP: 00007ffe796ee6f0 R08: 0000000000000000 R09: 0000000000000000
[   25.432767][  T298] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffe796ef760
[   25.440583][  T298] R13: 00005555571ed6c0 R14: 00007ffe796ef760 R15: 0000000000000001
[   25.448403][  T298]  </TASK>
[   25.451261][  T298] ==================================================================
[   25.459416][  T298] Disabling lock debugging due to kernel taint
[   25.465688][  T298] BUG: kernel NULL pointer dereference, address: 0000000000000170
[   25.473267][  T298] #PF: supervisor write access in kernel mode
[   25.480429][  T298] #PF: error_code(0x0002) - not-present page
[   25.486470][  T298] PGD 0 P4D 0 
[   25.489637][  T298] Oops: 0002 [#1] PREEMPT SMP KASAN
[   25.494788][  T298] CPU: 1 PID: 298 Comm: syz-executor241 Tainted: G    B   W          6.1.84-syzkaller-00005-g96d66062d076 #0
[   25.506284][  T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   25.516158][  T298] RIP: 0010:ihold+0x25/0x60
[   25.520472][  T298] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 71 d1 a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 10 e0 ef ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 f4 d4 a8
[   25.540291][  T298] RSP: 0018:ffffc90000e47b70 EFLAGS: 00010246
[   25.546180][  T298] RAX: ffff8881095abc00 RBX: 0000000000000001 RCX: ffff8881095abcc0
[   25.554085][  T298] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   25.562184][  T298] RBP: ffffc90000e47b80 R08: ffffffff81447283 R09: fffffbfff0f264fd
[   25.570720][  T298] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110232833dc
[   25.579072][  T298] R13: ffff88811f54c110 R14: 0000000000000000 R15: 1ffff11023ea9828
[   25.587795][  T298] FS:  00005555571ec380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   25.596761][  T298] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.603180][  T298] CR2: 0000000000000170 CR3: 0000000120fb9000 CR4: 00000000003506a0
[   25.610996][  T298] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   25.618807][  T298] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   25.626630][  T298] Call Trace:
[   25.629731][  T298]  <TASK>
[   25.632600][  T298]  ? __die_body+0x62/0xb0
[   25.636766][  T298]  ? __die+0x7e/0x90
[   25.641121][  T298]  ? page_fault_oops+0x7f9/0xa90
[   25.645986][  T298]  ? vprintk_default+0x26/0x30
[   25.650594][  T298]  ? kernelmode_fixup_or_oops+0x270/0x270
[   25.656144][  T298]  ? add_taint+0x44/0xe0
[   25.660224][  T298]  ? panic+0x660/0x660
[   25.664139][  T298]  ? preempt_schedule_thunk+0x16/0x18
[   25.669323][  T298]  ? exc_page_fault+0x537/0x700
[   25.674010][  T298]  ? asm_exc_page_fault+0x27/0x30
[   25.678880][  T298]  ? add_taint+0x93/0xe0
[   25.683253][  T298]  ? ihold+0x25/0x60
[   25.687040][  T298]  vfs_rmdir+0x268/0x500
[   25.691108][  T298]  incfs_kill_sb+0x113/0x230
[   25.695708][  T298]  deactivate_locked_super+0xad/0x110
[   25.700932][  T298]  deactivate_super+0xbe/0xf0
[   25.705544][  T298]  cleanup_mnt+0x485/0x510
[   25.709783][  T298]  __cleanup_mnt+0x19/0x20
[   25.714032][  T298]  task_work_run+0x24d/0x2e0
[   25.718449][  T298]  ? task_work_cancel+0x2b0/0x2b0
[   25.723485][  T298]  ptrace_notify+0x29e/0x350
[   25.728865][  T298]  ? do_notify_parent+0xa20/0xa20
[   25.733740][  T298]  ? user_path_at_empty+0x14e/0x1a0
[   25.738765][  T298]  ? __x64_sys_umount+0x122/0x170
[   25.743708][  T298]  ? path_umount+0xe70/0xe70
[   25.748189][  T298]  syscall_exit_to_user_mode+0x99/0x130
[   25.753527][  T298]  do_syscall_64+0x49/0xb0
[   25.757872][  T298]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[   25.763498][  T298]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   25.769226][  T298] RIP: 0033:0x7efe670979a7
[   25.773478][  T298] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[   25.793095][  T298] RSP: 002b:00007ffe796ee638 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[   25.801338][  T298] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007efe670979a7
[   25.809276][  T298] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe796ee6f0
[   25.817093][  T298] RBP: 00007ffe796ee6f0 R08: 0000000000000000 R09: 0000000000000000
[   25.825257][  T298] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffe796ef760
[   25.833203][  T298] R13: 00005555571ed6c0 R14: 00007ffe796ef760 R15: 0000000000000001
[   25.840980][  T298]  </TASK>
[   25.844023][  T298] Modules linked in:
[   25.847759][  T298] CR2: 0000000000000170
[   25.851734][  T298] ---[ end trace 0000000000000000 ]---
[   25.857112][  T298] RIP: 0010:ihold+0x25/0x60
[   25.861469][  T298] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 71 d1 a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 10 e0 ef ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 f4 d4 a8
[   25.881086][  T298] RSP: 0018:ffffc90000e47b70 EFLAGS: 00010246
[   25.887058][  T298] RAX: ffff8881095abc00 RBX: 0000000000000001 RCX: ffff8881095abcc0
[   25.894879][  T298] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   25.902962][  T298] RBP: ffffc90000e47b80 R08: ffffffff81447283 R09: fffffbfff0f264fd
[   25.911038][  T298] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110232833dc
[   25.918976][  T298] R13: ffff88811f54c110 R14: 0000000000000000 R15: 1ffff11023ea9828
[   25.927121][  T298] FS:  00005555571ec380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   25.935906][  T298] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.942308][  T298] CR2: 0000000000000170 CR3: 0000000120fb9000 CR4: 00000000003506a0
[   25.950123][  T298] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   25.957921][  T298] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   25.965847][  T298] Kernel panic - not syncing: Fatal exception
[   25.971836][  T298] Kernel Offset: disabled
[   25.976087][  T298] Rebooting in 86400 seconds..