./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3569653361 <...> Warning: Permanently added '10.128.0.86' (ED25519) to the list of known hosts. execve("./syz-executor3569653361", ["./syz-executor3569653361"], 0x7ffff6a40390 /* 10 vars */) = 0 brk(NULL) = 0x555562a1e000 brk(0x555562a1ed00) = 0x555562a1ed00 arch_prctl(ARCH_SET_FS, 0x555562a1e380) = 0 set_tid_address(0x555562a1e650) = 282 set_robust_list(0x555562a1e660, 24) = 0 rseq(0x555562a1eca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3569653361", 4096) = 28 getrandom("\x67\x93\x10\x11\x49\x74\xab\x3c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555562a1ed00 brk(0x555562a3fd00) = 0x555562a3fd00 brk(0x555562a40000) = 0x555562a40000 mprotect(0x7f1813346000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562a1e650) = 283 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562a1e650) = 284 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562a1e650) = 285 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562a1e650) = 286 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562a1e650) = 287 ./strace-static-x86_64: Process 287 attached ./strace-static-x86_64: Process 284 attached ./strace-static-x86_64: Process 283 attached ./strace-static-x86_64: Process 285 attached [pid 287] set_robust_list(0x555562a1e660, 24 [pid 285] set_robust_list(0x555562a1e660, 24 [pid 284] set_robust_list(0x555562a1e660, 24 [pid 283] set_robust_list(0x555562a1e660, 24./strace-static-x86_64: Process 286 attached [pid 286] set_robust_list(0x555562a1e660, 24 [pid 284] <... set_robust_list resumed>) = 0 [pid 283] <... set_robust_list resumed>) = 0 [pid 287] <... set_robust_list resumed>) = 0 [pid 286] <... set_robust_list resumed>) = 0 [pid 285] <... set_robust_list resumed>) = 0 [pid 287] mkdir("./syzkaller.YaojGo", 0700 [pid 283] mkdir("./syzkaller.nlYfJQ", 0700 [pid 285] mkdir("./syzkaller.p2YtgL", 0700 [pid 286] mkdir("./syzkaller.776TwZ", 0700 [pid 284] getrandom("\x22\x4f\xe9\x65\x9f\x4b\x01\x25", 8, GRND_NONBLOCK) = 8 [pid 284] mkdir("./syzkaller.MAAz5y", 0700 [pid 283] <... mkdir resumed>) = 0 [pid 283] chmod("./syzkaller.nlYfJQ", 0777) = 0 [pid 283] chdir("./syzkaller.nlYfJQ") = 0 [pid 283] unshare(CLONE_NEWPID [pid 285] <... mkdir resumed>) = 0 [pid 283] <... unshare resumed>) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... mkdir resumed>) = 0 [pid 285] chmod("./syzkaller.p2YtgL", 0777) = 0 [pid 287] chmod("./syzkaller.YaojGo", 0777 [pid 283] <... clone resumed>, child_tidptr=0x555562a1e650) = 288 [pid 285] chdir("./syzkaller.p2YtgL"./strace-static-x86_64: Process 288 attached [pid 287] <... chmod resumed>) = 0 [pid 285] <... chdir resumed>) = 0 [pid 287] chdir("./syzkaller.YaojGo" [pid 285] unshare(CLONE_NEWPID [pid 287] <... chdir resumed>) = 0 [pid 286] <... mkdir resumed>) = 0 [pid 285] <... unshare resumed>) = 0 [pid 287] unshare(CLONE_NEWPID [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] set_robust_list(0x555562a1e660, 24 [pid 287] <... unshare resumed>) = 0 [pid 286] chmod("./syzkaller.776TwZ", 0777 [pid 284] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 289 attached [pid 288] <... set_robust_list resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] <... chmod resumed>) = 0 [pid 284] chmod("./syzkaller.MAAz5y", 0777 [pid 289] set_robust_list(0x555562a1e660, 24 [pid 288] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 286] chdir("./syzkaller.776TwZ" [pid 285] <... clone resumed>, child_tidptr=0x555562a1e650) = 289 [pid 284] <... chmod resumed>) = 0 ./strace-static-x86_64: Process 290 attached [pid 284] chdir("./syzkaller.MAAz5y" [pid 287] <... clone resumed>, child_tidptr=0x555562a1e650) = 290 [pid 284] <... chdir resumed>) = 0 [pid 284] unshare(CLONE_NEWPID) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] set_robust_list(0x555562a1e660, 24 [pid 289] <... set_robust_list resumed>) = 0 [pid 290] <... set_robust_list resumed>) = 0 [pid 284] <... clone resumed>, child_tidptr=0x555562a1e650) = 291 [pid 286] <... chdir resumed>) = 0 [pid 286] unshare(CLONE_NEWPID) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 288] <... prctl resumed>) = 0 [pid 290] <... prctl resumed>) = 0 [pid 288] getppid( [pid 289] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 286] <... clone resumed>, child_tidptr=0x555562a1e650) = 292 ./strace-static-x86_64: Process 291 attached [pid 291] set_robust_list(0x555562a1e660, 24) = 0 [pid 288] <... getppid resumed>) = 0 [pid 290] getppid( [pid 289] <... prctl resumed>) = 0 [pid 291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 291] getppid() = 0 [pid 291] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 291] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 291] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 291] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 291] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 291] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 291] unshare(CLONE_NEWNS [pid 288] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 290] <... getppid resumed>) = 0 [pid 289] getppid( [pid 291] <... unshare resumed>) = 0 [pid 291] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 288] <... prlimit64 resumed>NULL) = 0 ./strace-static-x86_64: Process 292 attached [pid 291] <... mount resumed>) = 0 [pid 290] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 289] <... getppid resumed>) = 0 [pid 288] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 290] <... prlimit64 resumed>NULL) = 0 [ 25.197221][ T24] audit: type=1400 audit(1756447983.770:64): avc: denied { execmem } for pid=282 comm="syz-executor356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 288] <... prlimit64 resumed>NULL) = 0 [pid 290] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 288] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 290] <... prlimit64 resumed>NULL) = 0 [pid 288] <... prlimit64 resumed>NULL) = 0 [pid 288] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 290] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 288] <... prlimit64 resumed>NULL) = 0 [pid 290] <... prlimit64 resumed>NULL) = 0 [pid 288] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 290] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 288] <... prlimit64 resumed>NULL) = 0 [pid 290] <... prlimit64 resumed>NULL) = 0 [pid 290] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 288] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 290] <... prlimit64 resumed>NULL) = 0 [pid 288] <... prlimit64 resumed>NULL) = 0 [pid 288] unshare(CLONE_NEWNS [pid 289] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 288] <... unshare resumed>) = 0 [pid 290] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 290] unshare(CLONE_NEWNS) = 0 [pid 289] <... prlimit64 resumed>NULL) = 0 [pid 289] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 289] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 289] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 288] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 289] <... prlimit64 resumed>NULL) = 0 [pid 288] <... mount resumed>) = 0 [pid 289] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 292] set_robust_list(0x555562a1e660, 24 [pid 289] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 288] unshare(CLONE_NEWIPC [pid 291] unshare(CLONE_NEWIPC [pid 289] unshare(CLONE_NEWNS [pid 288] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... unshare resumed>) = 0 [pid 292] <... set_robust_list resumed>) = 0 [pid 288] unshare(CLONE_NEWCGROUP [pid 291] unshare(CLONE_NEWCGROUP [pid 292] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 288] <... unshare resumed>) = 0 [pid 291] <... unshare resumed>) = 0 [pid 290] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 291] unshare(CLONE_NEWUTS [pid 288] unshare(CLONE_NEWUTS [pid 290] <... mount resumed>) = 0 [pid 288] <... unshare resumed>) = 0 [pid 291] <... unshare resumed>) = 0 [pid 290] unshare(CLONE_NEWIPC [pid 288] unshare(CLONE_SYSVSEM [pid 291] unshare(CLONE_SYSVSEM [pid 288] <... unshare resumed>) = 0 [pid 290] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... unshare resumed>) = 0 [pid 288] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 291] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 290] unshare(CLONE_NEWCGROUP [pid 292] <... prctl resumed>) = 0 [pid 290] <... unshare resumed>) = 0 [pid 292] getppid() = 0 [pid 290] unshare(CLONE_NEWUTS [pid 292] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 290] <... unshare resumed>) = 0 [pid 289] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 288] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 289] <... mount resumed>) = 0 [pid 291] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 290] unshare(CLONE_SYSVSEM) = 0 [pid 292] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 290] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 292] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 289] unshare(CLONE_NEWIPC [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 289] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 292] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 291] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 289] unshare(CLONE_NEWCGROUP [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 291] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 289] <... unshare resumed>) = 0 [pid 292] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 290] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 288] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 292] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 289] unshare(CLONE_NEWUTS [pid 288] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 289] <... unshare resumed>) = 0 [pid 292] unshare(CLONE_NEWNS) = 0 [pid 289] unshare(CLONE_SYSVSEM [pid 291] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 290] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 289] <... unshare resumed>) = 0 [pid 291] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 290] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 289] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 288] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 291] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 290] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 291] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 290] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 289] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 288] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 290] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 291] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 290] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 291] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 289] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 292] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 289] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 288] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 292] <... mount resumed>) = 0 [pid 291] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 290] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 291] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] unshare(CLONE_NEWIPC [pid 290] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 292] unshare(CLONE_NEWCGROUP) = 0 [pid 289] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 288] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 292] unshare(CLONE_NEWUTS [pid 291] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 290] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 289] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 288] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] <... unshare resumed>) = 0 [pid 291] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 290] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 289] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 288] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 292] unshare(CLONE_SYSVSEM [pid 291] getpid( [pid 290] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 289] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 288] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] <... unshare resumed>) = 0 [pid 291] <... getpid resumed>) = 1 [pid 290] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 289] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 288] getpid( [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 291] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 290] getpid( [pid 289] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 288] <... getpid resumed>) = 1 [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 291] <... capget resumed>{effective=1<) = 1 [pid 289] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 288] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 291] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 290] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 289] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 288] <... capget resumed>{effective=1<) = -1 ENOENT (No such file or directory) [pid 291] <... capset resumed>) = 0 [pid 290] <... capget resumed>{effective=1<) = -1 ENOENT (No such file or directory) [pid 288] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 291] unshare(CLONE_NEWNET [pid 290] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 289] getpid( [pid 288] <... capset resumed>) = 0 [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 290] <... capset resumed>) = 0 [pid 289] <... getpid resumed>) = 1 [pid 288] unshare(CLONE_NEWNET [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 290] unshare(CLONE_NEWNET [pid 289] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 289] <... capget resumed>{effective=1< [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 289] <... capset resumed>) = 0 [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 291] <... unshare resumed>) = 0 [pid 289] unshare(CLONE_NEWNET [pid 291] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 291] write(3, "0 65535", 7) = 7 [pid 291] close(3) = 0 [pid 291] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3 [pid 291] dup2(3, 200) = 200 [pid 291] close(3) = 0 [pid 291] ioctl(200, TUNSETIFF, 0x7fff9357b920 [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 292] getpid() = 1 [pid 292] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 291] <... ioctl resumed>) = 0 [pid 288] <... unshare resumed>) = 0 [pid 291] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC [pid 288] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 291] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 291] write(3, "0", 1 [pid 288] write(3, "0 65535", 7 [pid 291] <... write resumed>) = 1 [pid 288] <... write resumed>) = 7 [pid 291] close(3 [pid 288] close(3 [pid 291] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 291] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC [pid 288] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK [pid 291] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 291] write(3, "0", 1 [pid 288] dup2(3, 200 [pid 291] <... write resumed>) = 1 [pid 288] <... dup2 resumed>) = 200 [pid 291] close(3) = 0 [pid 288] close(3 [pid 291] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 288] <... close resumed>) = 0 [pid 291] <... socket resumed>) = 3 [pid 288] ioctl(200, TUNSETIFF, 0x7fff9357b920 [pid 291] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 [pid 291] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 291] close(4) = 0 [pid 291] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 292] <... unshare resumed>) = 0 [pid 291] <... sendto resumed>) = 40 [pid 290] <... unshare resumed>) = 0 [pid 289] <... unshare resumed>) = 0 [pid 288] <... ioctl resumed>) = 0 [pid 291] recvfrom(3, [pid 288] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC [pid 291] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 288] <... openat resumed>) = 3 [pid 291] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 288] write(3, "0", 1 [pid 291] <... socket resumed>) = 4 [pid 288] <... write resumed>) = 1 [pid 291] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 288] close(3 [pid 291] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 288] <... close resumed>) = 0 [pid 291] close(4 [pid 288] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC [pid 291] <... close resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 291] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 288] write(3, "0", 1 [pid 291] <... sendto resumed>) = 64 [pid 290] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 288] <... write resumed>) = 1 [pid 291] recvfrom(3, [pid 290] <... openat resumed>) = 3 [pid 288] close(3 [pid 291] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 290] write(3, "0 65535", 7 [pid 288] <... close resumed>) = 0 [pid 291] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 290] <... write resumed>) = 7 [pid 288] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 291] <... socket resumed>) = 4 [pid 290] close(3 [pid 288] <... socket resumed>) = 3 [pid 291] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 290] <... close resumed>) = 0 [pid 288] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 291] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 290] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK [pid 288] <... socket resumed>) = 4 [pid 291] close(4 [pid 290] <... openat resumed>) = 3 [pid 288] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 292] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 291] <... close resumed>) = 0 [pid 290] dup2(3, 200 [pid 289] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 288] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 292] <... openat resumed>) = 3 [pid 291] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 290] <... dup2 resumed>) = 200 [pid 288] close(4 [pid 292] write(3, "0 65535", 7 [pid 291] <... sendto resumed>) = 48 [pid 290] close(3 [pid 289] <... openat resumed>) = 3 [pid 288] <... close resumed>) = 0 [pid 292] <... write resumed>) = 7 [pid 291] recvfrom(3, [pid 290] <... close resumed>) = 0 [pid 288] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 289] write(3, "0 65535", 7 [pid 292] close(3 [pid 291] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 290] ioctl(200, TUNSETIFF, 0x7fff9357b920 [pid 288] <... sendto resumed>) = 40 [pid 292] <... close resumed>) = 0 [pid 291] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 290] <... ioctl resumed>) = 0 [pid 289] <... write resumed>) = 7 [pid 288] recvfrom(3, [pid 292] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK [pid 291] <... socket resumed>) = 4 [pid 290] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC [pid 289] close(3 [pid 288] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 292] <... openat resumed>) = 3 [pid 291] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 290] <... openat resumed>) = 3 [pid 289] <... close resumed>) = 0 [pid 288] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 292] dup2(3, 200 [pid 291] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 290] write(3, "0", 1 [pid 288] <... socket resumed>) = 4 [pid 292] <... dup2 resumed>) = 200 [pid 291] close(4 [pid 290] <... write resumed>) = 1 [pid 289] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK [pid 288] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 292] close(3 [pid 291] <... close resumed>) = 0 [pid 290] close(3 [pid 288] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 292] <... close resumed>) = 0 [pid 291] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 290] <... close resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 288] close(4 [pid 292] ioctl(200, TUNSETIFF, 0x7fff9357b920 [pid 291] <... sendto resumed>) = 60 [pid 290] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC [pid 288] <... close resumed>) = 0 [pid 291] recvfrom(3, [pid 290] <... openat resumed>) = 3 [pid 289] dup2(3, 200 [pid 288] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 292] <... ioctl resumed>) = 0 [pid 291] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 290] write(3, "0", 1 [pid 289] <... dup2 resumed>) = 200 [pid 288] <... sendto resumed>) = 64 [pid 292] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC [pid 291] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 290] <... write resumed>) = 1 [pid 289] close(3 [pid 288] recvfrom(3, [pid 292] <... openat resumed>) = 3 [pid 291] <... socket resumed>) = 4 [pid 290] close(3 [pid 289] <... close resumed>) = 0 [pid 288] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 292] write(3, "0", 1 [pid 291] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 290] <... close resumed>) = 0 [pid 289] ioctl(200, TUNSETIFF, 0x7fff9357b920 [pid 288] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 292] <... write resumed>) = 1 [pid 291] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 290] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 288] <... socket resumed>) = 4 [pid 292] close(3 [pid 291] close(4 [pid 290] <... socket resumed>) = 3 [pid 288] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 292] <... close resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 290] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 288] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 292] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC [pid 291] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 290] <... socket resumed>) = 4 [pid 288] close(4 [pid 292] <... openat resumed>) = 3 [pid 291] <... sendto resumed>) = 44 [pid 290] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 289] <... ioctl resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 292] write(3, "0", 1 [pid 291] recvfrom(3, [pid 290] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 288] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 292] <... write resumed>) = 1 [pid 291] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 290] close(4 [pid 289] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC [pid 288] <... sendto resumed>) = 48 [pid 292] close(3 [pid 291] close(3 [pid 290] <... close resumed>) = 0 [pid 288] recvfrom(3, [pid 292] <... close resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 290] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 289] <... openat resumed>) = 3 [pid 288] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 292] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 291] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 290] <... sendto resumed>) = 40 [pid 289] write(3, "0", 1 [pid 288] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 292] <... socket resumed>) = 3 [pid 291] <... openat resumed>) = 3 [pid 290] recvfrom(3, [pid 289] <... write resumed>) = 1 [pid 288] <... socket resumed>) = 4 [pid 292] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 291] write(3, "100000", 6 [pid 290] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 289] close(3 [pid 288] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 292] <... socket resumed>) = 4 [pid 291] <... write resumed>) = 6 [pid 290] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 289] <... close resumed>) = 0 [pid 288] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 292] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 291] close(3 [pid 290] <... socket resumed>) = 4 [pid 289] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC [pid 288] close(4 [pid 292] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 291] <... close resumed>) = 0 [pid 290] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 288] <... close resumed>) = 0 [pid 292] close(4 [pid 291] mkdir("./syz-tmp", 0777 [pid 290] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 289] <... openat resumed>) = 3 [pid 288] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 292] <... close resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 290] close(4 [pid 289] write(3, "0", 1 [pid 288] <... sendto resumed>) = 60 [pid 292] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [ 25.313730][ T24] audit: type=1400 audit(1756447983.890:66): avc: denied { module_request } for pid=279 comm="strace-static-x" kmod="net-pf-16-proto-4-type-16" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [pid 291] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 290] <... close resumed>) = 0 [pid 289] <... write resumed>) = 1 [pid 288] recvfrom(3, [pid 292] <... sendto resumed>) = 40 [pid 291] <... mount resumed>) = 0 [pid 290] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 288] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 291] mkdir("./syz-tmp/newroot", 0777 [pid 290] <... sendto resumed>) = 64 [pid 288] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 291] <... mkdir resumed>) = 0 [pid 290] recvfrom(3, [pid 288] <... socket resumed>) = 4 [pid 291] mkdir("./syz-tmp/newroot/dev", 0700 [pid 290] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 288] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 291] <... mkdir resumed>) = 0 [pid 290] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 288] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 291] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 290] <... socket resumed>) = 4 [pid 288] close(4 [pid 291] <... mount resumed>) = 0 [pid 290] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 288] <... close resumed>) = 0 [pid 291] mkdir("./syz-tmp/newroot/proc", 0700 [pid 290] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 288] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 291] <... mkdir resumed>) = 0 [pid 290] close(4 [pid 288] <... sendto resumed>) = 44 [pid 291] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 290] <... close resumed>) = 0 [pid 288] recvfrom(3, [pid 291] <... mount resumed>) = 0 [pid 290] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 288] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 291] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 290] <... sendto resumed>) = 48 [pid 288] close(3 [pid 291] <... mkdir resumed>) = 0 [pid 290] recvfrom(3, [pid 288] <... close resumed>) = 0 [pid 291] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 290] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 288] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 291] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 290] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 288] <... openat resumed>) = 3 [pid 291] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 290] <... socket resumed>) = 4 [pid 288] write(3, "100000", 6 [pid 291] <... mount resumed>) = 0 [pid 290] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 288] <... write resumed>) = 6 [pid 291] mkdir("./syz-tmp/newroot/sys", 0700 [pid 290] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 288] close(3 [pid 291] <... mkdir resumed>) = 0 [pid 290] close(4 [pid 288] <... close resumed>) = 0 [pid 291] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 290] <... close resumed>) = 0 [pid 288] mkdir("./syz-tmp", 0777 [pid 291] <... mount resumed>) = 0 [pid 290] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 288] <... mkdir resumed>) = 0 [pid 291] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 290] <... sendto resumed>) = 60 [pid 288] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 291] <... mount resumed>) = 0 [pid 290] recvfrom(3, [pid 288] <... mount resumed>) = 0 [pid 291] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 290] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 288] mkdir("./syz-tmp/newroot", 0777 [pid 291] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 290] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 288] <... mkdir resumed>) = 0 [pid 291] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 290] <... socket resumed>) = 4 [pid 288] mkdir("./syz-tmp/newroot/dev", 0700 [pid 291] <... mount resumed>) = 0 [pid 290] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 288] <... mkdir resumed>) = 0 [pid 291] mkdir("./syz-tmp/newroot/syz-inputs", 0700 [pid 290] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 288] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 291] <... mkdir resumed>) = 0 [pid 290] close(4 [pid 288] <... mount resumed>) = 0 [pid 291] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 290] <... close resumed>) = 0 [pid 288] mkdir("./syz-tmp/newroot/proc", 0700 [pid 291] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 290] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 288] <... mkdir resumed>) = 0 [pid 291] mkdir("./syz-tmp/pivot", 0777 [pid 290] <... sendto resumed>) = 44 [pid 288] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 291] <... mkdir resumed>) = 0 [pid 290] recvfrom(3, [pid 288] <... mount resumed>) = 0 [pid 291] pivot_root("./syz-tmp", "./syz-tmp/pivot" [pid 290] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 288] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 291] <... pivot_root resumed>) = 0 [pid 290] close(3 [pid 288] <... mkdir resumed>) = 0 [pid 291] chdir("/" [pid 290] <... close resumed>) = 0 [pid 288] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 291] <... chdir resumed>) = 0 [pid 290] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 288] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 291] umount2("./pivot", MNT_DETACH [pid 290] <... openat resumed>) = 3 [pid 288] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 290] write(3, "100000", 6 [pid 288] <... mount resumed>) = 0 [pid 290] <... write resumed>) = 6 [pid 288] mkdir("./syz-tmp/newroot/sys", 0700 [pid 290] close(3 [pid 288] <... mkdir resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 288] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 290] mkdir("./syz-tmp", 0777 [pid 288] <... mount resumed>) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 288] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 290] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 288] <... mount resumed>) = 0 [pid 290] <... mount resumed>) = 0 [pid 288] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 290] mkdir("./syz-tmp/newroot", 0777 [pid 288] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 290] <... mkdir resumed>) = 0 [pid 288] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 290] mkdir("./syz-tmp/newroot/dev", 0700 [pid 288] <... mount resumed>) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 288] mkdir("./syz-tmp/newroot/syz-inputs", 0700 [pid 290] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 288] <... mkdir resumed>) = 0 [pid 290] <... mount resumed>) = 0 [pid 288] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 290] mkdir("./syz-tmp/newroot/proc", 0700 [pid 288] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 290] <... mkdir resumed>) = 0 [pid 288] mkdir("./syz-tmp/pivot", 0777 [pid 290] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 288] <... mkdir resumed>) = 0 [pid 290] <... mount resumed>) = 0 [pid 288] pivot_root("./syz-tmp", "./syz-tmp/pivot" [pid 290] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 288] <... pivot_root resumed>) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 288] chdir("/" [pid 290] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 288] <... chdir resumed>) = 0 [pid 290] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 288] umount2("./pivot", MNT_DETACH [pid 290] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 290] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 290] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 290] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 290] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 290] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 290] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0 [pid 290] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 290] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 290] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 290] chdir("/") = 0 [ 25.357544][ T24] audit: type=1400 audit(1756447983.930:67): avc: denied { mounton } for pid=291 comm="syz-executor356" path="/root/syzkaller.MAAz5y/syz-tmp" dev="sda1" ino=2029 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 25.382114][ T24] audit: type=1400 audit(1756447983.930:68): avc: denied { mount } for pid=291 comm="syz-executor356" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [pid 290] umount2("./pivot", MNT_DETACH [pid 292] recvfrom(3, [pid 291] <... umount2 resumed>) = 0 [pid 289] close(3 [pid 291] chroot("./newroot") = 0 [pid 291] chdir("/") = 0 [pid 291] mkdir("/dev/gadgetfs", 0777) = 0 [pid 291] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL [pid 292] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 290] <... umount2 resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 290] chroot("./newroot" [pid 288] chroot("./newroot" [pid 290] <... chroot resumed>) = 0 [pid 288] <... chroot resumed>) = 0 [pid 290] chdir("/" [pid 288] chdir("/" [pid 290] <... chdir resumed>) = 0 [pid 288] <... chdir resumed>) = 0 [pid 290] mkdir("/dev/gadgetfs", 0777 [pid 288] mkdir("/dev/gadgetfs", 0777 [pid 290] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 288] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 290] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL [pid 288] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL [pid 290] <... mount resumed>) = -1 ENODEV (No such device) [pid 288] <... mount resumed>) = -1 ENODEV (No such device) [pid 290] mkdir("/dev/binderfs", 0777 [pid 288] mkdir("/dev/binderfs", 0777 [pid 290] <... mkdir resumed>) = 0 [pid 288] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 290] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 288] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 290] <... mount resumed>) = 0 [pid 288] <... mount resumed>) = 0 [pid 290] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 288] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 290] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 288] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 290] mkdir("./0", 0777 [pid 288] mkdir("./0", 0777 [pid 290] <... mkdir resumed>) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... clone resumed>, child_tidptr=0x555562a1e650) = 2 [pid 288] <... clone resumed>, child_tidptr=0x555562a1e650) = 2 [pid 291] <... mount resumed>) = -1 ENODEV (No such device) [pid 291] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 291] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 291] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 291] mkdir("./0", 0777) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562a1e650) = 2 ./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x555562a1e660, 24) = 0 [pid 295] chdir("./0") = 0 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 295] setpgid(0, 0) = 0 [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 295] write(3, "1000", 4) = 4 [pid 295] close(3) = 0 [pid 295] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 295] read(200, 0x7fff9357b300, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 295] write(1, "executing program\n", 18executing program ) = 18 [ 25.383294][ T291] request_module fs-gadgetfs succeeded, but still no fs? [ 25.404636][ T24] audit: type=1400 audit(1756447983.930:69): avc: denied { mounton } for pid=291 comm="syz-executor356" path="/root/syzkaller.MAAz5y/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [pid 295] getpid() = 2 [pid 295] pidfd_open(2, 0) = 3 [pid 295] setns(3, 0x24020000 /* CLONE_NEW??? */) = 0 [pid 292] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 289] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 295] umount2(".", MNT_DETACH [pid 289] <... socket resumed>) = 3 ./strace-static-x86_64: Process 293 attached ./strace-static-x86_64: Process 294 attached [pid 292] <... socket resumed>) = 4 [pid 289] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 294] set_robust_list(0x555562a1e660, 24 [pid 293] set_robust_list(0x555562a1e660, 24 [pid 292] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 289] <... socket resumed>) = 4 [pid 295] <... umount2 resumed>) = 0 [pid 295] mount("./bus", "./bus", "incremental-fs", MS_NOSUID|MS_REC|MS_STRICTATIME, NULL) = -1 ENOENT (No such file or directory) [pid 295] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 295] mkdir("./file1", 000) = 0 [pid 295] mkdir("./bus", 000) = 0 [ 25.437757][ T24] audit: type=1400 audit(1756447983.940:70): avc: denied { mount } for pid=291 comm="syz-executor356" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 25.460423][ T24] audit: type=1400 audit(1756447983.940:71): avc: denied { mounton } for pid=291 comm="syz-executor356" path="/root/syzkaller.MAAz5y/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [pid 295] mount(NULL, "./bus", "overlay", MS_MANDLOCK|MS_REC|MS_STRICTATIME, "workdir=./bus,lowerdir=./file0,upperdir=./file1," [pid 294] <... set_robust_list resumed>) = 0 [pid 293] <... set_robust_list resumed>) = 0 [pid 292] <... ioctl resumed>, ifr_ifindex=11}) = 0 [ 25.487758][ T24] audit: type=1400 audit(1756447983.940:72): avc: denied { mounton } for pid=291 comm="syz-executor356" path="/root/syzkaller.MAAz5y/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=14156 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 25.491544][ T295] ====================================================== [ 25.491544][ T295] WARNING: the mand mount option is being deprecated and [ 25.491544][ T295] will be removed in v5.15! [ 25.491544][ T295] ====================================================== [pid 289] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 294] chdir("./0") = 0 [pid 293] chdir("./0" [pid 292] close(4 [pid 289] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 293] <... chdir resumed>) = 0 [pid 294] <... prctl resumed>) = 0 [pid 293] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 292] <... close resumed>) = 0 [pid 289] close(4) = 0 [pid 294] setpgid(0, 0 [pid 293] <... prctl resumed>) = 0 [pid 292] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 289] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 294] <... setpgid resumed>) = 0 [pid 293] setpgid(0, 0 [pid 292] <... sendto resumed>) = 64 [pid 294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] <... setpgid resumed>) = 0 [pid 292] recvfrom(3, [pid 289] <... sendto resumed>) = 40 [pid 295] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 292] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 289] recvfrom(3, [pid 295] close(3 [pid 294] <... openat resumed>) = 3 [pid 293] <... openat resumed>) = 3 [pid 292] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 [pid 294] write(3, "1000", 4 [pid 293] write(3, "1000", 4 [pid 292] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 289] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 295] <... close resumed>) = 0 [pid 294] <... write resumed>) = 4 [pid 293] <... write resumed>) = 4 [pid 292] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 292] close(4 [pid 289] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 292] <... close resumed>) = 0 [pid 292] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 295] close(4 [pid 294] close(3 [pid 293] close(3 [pid 292] <... sendto resumed>) = 48 [pid 289] <... socket resumed>) = 4 [pid 295] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] <... close resumed>) = 0 [pid 293] <... close resumed>) = 0 [pid 292] recvfrom(3, [pid 289] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 294] read(200, [pid 293] read(200, [pid 292] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 289] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 295] close(5 [pid 294] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 293] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 292] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 289] close(4 [pid 294] read(200, [pid 293] read(200, [pid 292] <... socket resumed>) = 4 [pid 294] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 293] <... read resumed>0x7fff9357b300, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 292] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 289] <... close resumed>) = 0 [pid 294] read(200, [pid 293] symlink("/dev/binderfs", "./binderfs" [pid 292] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 294] <... read resumed>0x7fff9357b300, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 292] close(4 [pid 289] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 295] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] symlink("/dev/binderfs", "./binderfs" [pid 293] <... symlink resumed>) = 0 [pid 292] <... close resumed>) = 0 [pid 292] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 294] <... symlink resumed>) = 0 [pid 293] write(1, "executing program\n", 18executing program executing program