./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor886407852 <...> Warning: Permanently added '10.128.0.227' (ED25519) to the list of known hosts. execve("./syz-executor886407852", ["./syz-executor886407852"], 0x7fff2b28aeb0 /* 10 vars */) = 0 brk(NULL) = 0x555556526000 brk(0x555556526d00) = 0x555556526d00 arch_prctl(ARCH_SET_FS, 0x555556526380) = 0 set_tid_address(0x555556526650) = 288 set_robust_list(0x555556526660, 24) = 0 rseq(0x555556526ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor886407852", 4096) = 27 getrandom("\x36\xaf\xfe\xed\xf6\x7a\x3b\x36", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556526d00 brk(0x555556547d00) = 0x555556547d00 brk(0x555556548000) = 0x555556548000 mprotect(0x7ff7524b8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556526650) = 289 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556526650) = 290 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556526650) = 291 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556526650) = 292 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556526650) = 293 ./strace-static-x86_64: Process 293 attached [pid 293] set_robust_list(0x555556526660, 24) = 0 [pid 293] mkdir("./syzkaller.0LGFyk", 0700) = 0 ./strace-static-x86_64: Process 290 attached [pid 290] set_robust_list(0x555556526660, 24) = 0 [pid 290] getrandom("\x16\x43\x82\x64\xa9\x9a\x06\xe3", 8, GRND_NONBLOCK) = 8 [pid 290] mkdir("./syzkaller.EgR9YZ", 0700) = 0 [pid 293] chmod("./syzkaller.0LGFyk", 0777) = 0 [pid 293] chdir("./syzkaller.0LGFyk") = 0 [pid 293] unshare(CLONE_NEWPID) = 0 [pid 290] chmod("./syzkaller.EgR9YZ", 0777) = 0 [pid 290] chdir("./syzkaller.EgR9YZ") = 0 [pid 290] unshare(CLONE_NEWPID) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... clone resumed>, child_tidptr=0x555556526650) = 294 [pid 293] <... clone resumed>, child_tidptr=0x555556526650) = 295 ./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x555556526660, 24) = 0 [pid 295] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 295] setsid() = 1 [pid 295] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 295] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 295] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 295] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 295] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 295] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 295] unshare(CLONE_NEWNS) = 0 [pid 295] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 295] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 294 attached ./strace-static-x86_64: Process 292 attached ./strace-static-x86_64: Process 291 attached ./strace-static-x86_64: Process 289 attached [pid 295] unshare(CLONE_NEWCGROUP) = 0 [pid 295] unshare(CLONE_NEWUTS) = 0 [pid 295] unshare(CLONE_SYSVSEM) = 0 [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] getpid() = 1 [pid 295] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 292] set_robust_list(0x555556526660, 24 [pid 291] set_robust_list(0x555556526660, 24 [pid 289] set_robust_list(0x555556526660, 24 [pid 295] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 295] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 295] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 294] <... set_robust_list resumed>) = 0 [pid 294] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 294] setsid() = 1 [pid 294] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 294] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 294] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 294] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 294] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 294] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 294] unshare(CLONE_NEWNS) = 0 [pid 294] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 294] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 294] unshare(CLONE_NEWCGROUP) = 0 [pid 294] unshare(CLONE_NEWUTS) = 0 [pid 294] unshare(CLONE_SYSVSEM) = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 294] getpid() = 1 [pid 294] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 295] <... mount resumed>) = 0 [pid 295] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 295] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 295] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 295] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 295] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 295] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 295] pivot_root("./syz-tmp", "./syz-tmp/pivot" [pid 292] <... set_robust_list resumed>) = 0 [pid 291] <... set_robust_list resumed>) = 0 [pid 289] <... set_robust_list resumed>) = 0 [pid 295] <... pivot_root resumed>) = 0 [pid 295] chdir("/") = 0 [pid 295] umount2("./pivot", MNT_DETACH [pid 294] <... unshare resumed>) = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "0 65535", 7) = 7 [pid 294] close(3) = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "100000", 6) = 6 [pid 294] close(3) = 0 [pid 294] mkdir("./syz-tmp", 0777) = 0 [pid 294] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0 [pid 294] mkdir("./syz-tmp/newroot", 0777) = 0 [pid 294] mkdir("./syz-tmp/newroot/dev", 0700) = 0 [ 25.243581][ T24] audit: type=1400 audit(1721576216.510:67): avc: denied { mounton } for pid=295 comm="syz-executor886" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 25.277496][ T24] audit: type=1400 audit(1721576216.510:68): avc: denied { mount } for pid=295 comm="syz-executor886" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [pid 294] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 294] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 294] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 294] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 294] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 294] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 294] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 294] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 294] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 294] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 294] chdir("/") = 0 [pid 294] umount2("./pivot", MNT_DETACH [pid 292] mkdir("./syzkaller.RdTZPj", 0700 [pid 291] mkdir("./syzkaller.kuBrxG", 0700 [pid 292] <... mkdir resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 291] chmod("./syzkaller.kuBrxG", 0777) = 0 [pid 291] chdir("./syzkaller.kuBrxG") = 0 [pid 291] unshare(CLONE_NEWPID [pid 292] chmod("./syzkaller.RdTZPj", 0777 [pid 291] <... unshare resumed>) = 0 [pid 292] <... chmod resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] chdir("./syzkaller.RdTZPj") = 0 [pid 292] unshare(CLONE_NEWPID) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556526650) = 297 [pid 291] <... clone resumed>, child_tidptr=0x555556526650) = 296 ./strace-static-x86_64: Process 297 attached ./strace-static-x86_64: Process 296 attached [pid 295] <... umount2 resumed>) = 0 [pid 289] mkdir("./syzkaller.I0MgoP", 0700 [pid 295] chroot("./newroot") = 0 [pid 295] chdir("/") = 0 [pid 295] mkdir("/dev/binderfs", 0777) = 0 [pid 295] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 295] mkdir("./0", 0777) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556526650) = 2 [pid 297] set_robust_list(0x555556526660, 24) = 0 [pid 297] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 297] setsid() = 1 [pid 297] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 297] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 297] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 297] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 297] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 297] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 297] unshare(CLONE_NEWNS) = 0 [pid 297] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 297] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 297] unshare(CLONE_NEWCGROUP) = 0 [pid 297] unshare(CLONE_NEWUTS) = 0 [pid 297] unshare(CLONE_SYSVSEM) = 0 [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 297] getpid() = 1 [pid 297] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 296] set_robust_list(0x555556526660, 24 [pid 294] <... umount2 resumed>) = 0 [pid 296] <... set_robust_list resumed>) = 0 [pid 289] <... mkdir resumed>) = 0 [pid 294] chroot("./newroot"./strace-static-x86_64: Process 298 attached [pid 296] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 289] chmod("./syzkaller.I0MgoP", 0777 [pid 294] <... chroot resumed>) = 0 [pid 294] chdir("/") = 0 [pid 294] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 294] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 294] mkdir("./0", 0777) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556526650) = 2 [pid 297] <... mkdir resumed>) = 0 [pid 297] mkdir("./syz-tmp/newroot/dev", 0700) = 0 [pid 297] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 297] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 297] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 297] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 297] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 297] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 297] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 297] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 297] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 297] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 297] chdir("/") = 0 [pid 297] umount2("./pivot", MNT_DETACH [pid 296] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] setsid() = 1 [pid 296] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 296] unshare(CLONE_NEWNS) = 0 [pid 296] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 296] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 296] unshare(CLONE_NEWCGROUP) = 0 [pid 296] unshare(CLONE_NEWUTS) = 0 [pid 296] unshare(CLONE_SYSVSEM) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] getpid() = 1 [pid 296] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 298] set_robust_list(0x555556526660, 24 [pid 289] <... chmod resumed>) = 0 [pid 298] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 300 attached [pid 289] chdir("./syzkaller.I0MgoP" [pid 300] set_robust_list(0x555556526660, 24 [pid 298] chdir("./0" [pid 297] <... umount2 resumed>) = 0 [pid 289] <... chdir resumed>) = 0 [pid 297] chroot("./newroot") = 0 [pid 297] chdir("/") = 0 [pid 297] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 297] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 297] mkdir("./0", 0777) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556526650) = 2 [ 25.334832][ T24] audit: type=1400 audit(1721576216.540:70): avc: denied { mounton } for pid=295 comm="syz-executor886" path="/root/syzkaller.0LGFyk/syz-tmp" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 25.371736][ T24] audit: type=1400 audit(1721576216.540:71): avc: denied { mount } for pid=295 comm="syz-executor886" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [pid 300] <... set_robust_list resumed>) = 0 [pid 298] <... chdir resumed>) = 0 [pid 289] unshare(CLONE_NEWPID [pid 300] chdir("./0" [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 289] <... unshare resumed>) = 0 [pid 300] <... chdir resumed>) = 0 [pid 298] <... prctl resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] setpgid(0, 0./strace-static-x86_64: Process 301 attached [pid 300] <... prctl resumed>) = 0 [pid 298] <... setpgid resumed>) = 0 [pid 300] setpgid(0, 0 [pid 301] set_robust_list(0x555556526660, 24 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] <... setpgid resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555556526650) = 302 [pid 301] <... set_robust_list resumed>) = 0 [pid 301] chdir("./0") = 0 [pid 298] <... openat resumed>) = 3 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] write(3, "1000", 4 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] <... openat resumed>) = 3 [pid 298] <... write resumed>) = 4 [pid 300] write(3, "1000", 4 [pid 298] close(3 [pid 300] <... write resumed>) = 4 [pid 298] <... close resumed>) = 0 [pid 300] close(3 [pid 298] symlink("/dev/binderfs", "./binderfs" [pid 300] <... close resumed>) = 0 [pid 301] <... prctl resumed>) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs" [pid 298] <... symlink resumed>) = 0 executing program executing program [pid 300] <... symlink resumed>) = 0 [pid 298] write(1, "executing program\n", 18 [pid 300] write(1, "executing program\n", 18 [pid 298] <... write resumed>) = 18 [pid 300] <... write resumed>) = 18 [pid 300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 298] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72./strace-static-x86_64: Process 302 attached [pid 296] <... unshare resumed>) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 executing program [pid 301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 301] write(1, "executing program\n", 18) = 18 [pid 301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [ 25.403008][ T24] audit: type=1400 audit(1721576216.570:72): avc: denied { mounton } for pid=295 comm="syz-executor886" path="/root/syzkaller.0LGFyk/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 300] <... bpf resumed>) = 3 [pid 302] set_robust_list(0x555556526660, 24 [pid 298] <... bpf resumed>) = 3 [pid 296] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 302] <... set_robust_list resumed>) = 0 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 302] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 296] <... openat resumed>) = 3 [pid 302] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 296] write(3, "0 65535", 7 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] <... write resumed>) = 7 [ 25.446375][ T24] audit: type=1400 audit(1721576216.570:73): avc: denied { mount } for pid=295 comm="syz-executor886" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 25.476221][ T24] audit: type=1400 audit(1721576216.600:74): avc: denied { unmount } for pid=295 comm="syz-executor886" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 302] <... prctl resumed>) = 0 [pid 296] close(3 [pid 302] setsid( [pid 296] <... close resumed>) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 302] <... setsid resumed>) = 1 [pid 296] <... openat resumed>) = 3 [pid 302] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 296] write(3, "100000", 6) = 6 [pid 302] <... prlimit64 resumed>NULL) = 0 [pid 302] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 296] close(3 [pid 302] <... prlimit64 resumed>NULL) = 0 [pid 302] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 296] <... close resumed>) = 0 [pid 302] <... prlimit64 resumed>NULL) = 0 [pid 296] mkdir("./syz-tmp", 0777 [pid 302] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 302] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 302] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 302] unshare(CLONE_NEWNS) = 0 [pid 302] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 302] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 302] unshare(CLONE_NEWCGROUP) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 302] unshare(CLONE_NEWUTS) = 0 [pid 302] unshare(CLONE_SYSVSEM) = 0 [pid 302] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 296] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 302] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 302] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 296] <... mount resumed>) = 0 [pid 302] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 296] mkdir("./syz-tmp/newroot", 0777 [pid 302] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 296] <... mkdir resumed>) = 0 [pid 302] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 296] mkdir("./syz-tmp/newroot/dev", 0700 [pid 302] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 296] <... mkdir resumed>) = 0 [pid 302] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 296] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 302] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 296] <... mount resumed>) = 0 [pid 302] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 296] mkdir("./syz-tmp/newroot/proc", 0700 [pid 302] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] <... mkdir resumed>) = 0 [pid 302] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 296] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 302] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 302] getpid() = 1 [pid 302] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 296] <... mount resumed>) = 0 [pid 302] <... capget resumed>{effective=1< [pid 302] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 296] <... mkdir resumed>) = 0 [pid 302] <... capset resumed>) = 0 [pid 296] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 302] unshare(CLONE_NEWNET [pid 296] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 296] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 296] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 296] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 296] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 296] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 296] chdir("/") = 0 [pid 296] umount2("./pivot", MNT_DETACH) = 0 [pid 296] chroot("./newroot") = 0 [pid 296] chdir("/") = 0 [pid 296] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 296] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 296] mkdir("./0", 0777) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556526650) = 2 [pid 302] <... unshare resumed>) = 0 ./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x555556526660, 24) = 0 [pid 303] chdir("./0") = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 302] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 303] <... openat resumed>) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] symlink("/dev/binderfs", "./binderfs" [pid 302] <... openat resumed>) = 3 [pid 303] <... symlink resumed>) = 0 executing program [pid 303] write(1, "executing program\n", 18) = 18 [pid 303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [ 25.504901][ T24] audit: type=1400 audit(1721576216.630:75): avc: denied { mounton } for pid=295 comm="syz-executor886" path="/dev/binderfs" dev="devtmpfs" ino=357 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [pid 302] write(3, "0 65535", 7 [pid 303] <... bpf resumed>) = 3 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 302] <... write resumed>) = 7 [pid 302] close(3) = 0 [pid 302] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "100000", 6) = 6 [pid 302] close(3) = 0 [pid 302] mkdir("./syz-tmp", 0777) = 0 [pid 302] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0 [pid 302] mkdir("./syz-tmp/newroot", 0777) = 0 [pid 302] mkdir("./syz-tmp/newroot/dev", 0700) = 0 [pid 302] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 302] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 302] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 302] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 302] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 302] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 302] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 302] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 302] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 302] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 302] chdir("/") = 0 [pid 302] umount2("./pivot", MNT_DETACH) = 0 [pid 302] chroot("./newroot") = 0 [pid 302] chdir("/") = 0 [pid 302] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 302] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 302] mkdir("./0", 0777) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556526650) = 2 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x555556526660, 24) = 0 [pid 304] chdir("./0") = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 304] write(1, "executing program\n", 18executing program ) = 18 [pid 304] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 301] <... bpf resumed>) = 4 [pid 300] <... bpf resumed>) = 4 [pid 298] <... bpf resumed>) = 4 [pid 304] <... bpf resumed>) = 4 [pid 303] <... bpf resumed>) = 4 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16) = 5 [pid 303] close(3) = 0 [pid 303] close(4) = 0 [pid 303] close(5) = 0 [pid 303] close(6 [pid 298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 303] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 303] close(7) = -1 EBADF (Bad file descriptor) [pid 303] close(8 [pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 303] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 303] close(9) = -1 EBADF (Bad file descriptor) [pid 303] close(10) = -1 EBADF (Bad file descriptor) [pid 303] close(11) = -1 EBADF (Bad file descriptor) [pid 303] close(12) = -1 EBADF (Bad file descriptor) [pid 303] close(13) = -1 EBADF (Bad file descriptor) [pid 303] close(14) = -1 EBADF (Bad file descriptor) [pid 303] close(15) = -1 EBADF (Bad file descriptor) [pid 303] close(16) = -1 EBADF (Bad file descriptor) [pid 303] close(17) = -1 EBADF (Bad file descriptor) [pid 303] close(18) = -1 EBADF (Bad file descriptor) [pid 303] close(19) = -1 EBADF (Bad file descriptor) [pid 303] close(20) = -1 EBADF (Bad file descriptor) [pid 303] close(21) = -1 EBADF (Bad file descriptor) [pid 303] close(22) = -1 EBADF (Bad file descriptor) [pid 303] close(23) = -1 EBADF (Bad file descriptor) [pid 303] close(24) = -1 EBADF (Bad file descriptor) [pid 303] close(25) = -1 EBADF (Bad file descriptor) [pid 303] close(26) = -1 EBADF (Bad file descriptor) [pid 303] close(27) = -1 EBADF (Bad file descriptor) [pid 303] close(28) = -1 EBADF (Bad file descriptor) [pid 303] close(29) = -1 EBADF (Bad file descriptor) [pid 303] exit_group(0) = ? [pid 303] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=60, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555565276f0 /* 3 entries */, 32768) = 80 [pid 296] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./0/binderfs") = 0 [pid 296] getdents64(3, 0x5555565276f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./0") = 0 [pid 296] mkdir("./1", 0777) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556526650) = 3 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x555556526660, 24) = 0 [pid 305] chdir("./1") = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 305] write(1, "executing program\n", 18) = 18 [pid 305] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 300] <... bpf resumed>) = 5 [pid 304] <... bpf resumed>) = 5 [pid 301] <... bpf resumed>) = 5 [pid 300] close(3 [pid 298] <... bpf resumed>) = 5 [pid 304] close(3 [pid 301] close(3 [pid 300] <... close resumed>) = 0 [pid 298] close(3 [pid 304] <... close resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 300] close(4 [pid 304] close(4 [pid 301] close(4 [pid 300] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 304] <... close resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 300] close(5 [pid 298] close(4 [pid 304] close(5 [pid 301] close(5 [pid 300] <... close resumed>) = 0 [pid 304] <... close resumed>) = 0 [pid 300] --- SIGFPE {si_signo=SIGFPE, si_code=SI_KERNEL, si_addr=NULL} --- [pid 298] <... close resumed>) = 0 [pid 304] --- SIGFPE {si_signo=SIGFPE, si_code=SI_KERNEL, si_addr=NULL} --- [pid 298] close(5 [pid 300] +++ killed by SIGFPE (core dumped) +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=2, si_uid=0, si_status=SIGFPE, si_utime=0, si_stime=0} --- [pid 294] restart_syscall(<... resuming interrupted clone ...>) = 0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 30.206807][ T1] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000008 [ 30.219567][ T1] CPU: 1 PID: 1 Comm: init Not tainted 5.10.221-syzkaller-01371-g1240968f7644 #0 [ 30.229773][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 30.240537][ T1] Call Trace: [ 30.244729][ T1] dump_stack_lvl+0x1e2/0x24b [ 30.250439][ T1] ? panic+0x22b/0x812 [ 30.254436][ T1] ? bfq_pos_tree_add_move+0x43b/0x43b [ 30.262710][ T1] dump_stack+0x15/0x17 [ 30.268430][ T1] panic+0x2cf/0x812 [ 30.275964][ T1] ? do_exit+0x239a/0x2a50 [ 30.281148][ T1] ? fb_is_primary_device+0xd4/0xd4 [ 30.287019][ T1] ? __kasan_check_write+0x14/0x20 [ 30.293448][ T1] ? sync_mm_rss+0x28a/0x2e0 [ 30.300221][ T1] do_exit+0x23b4/0x2a50 [ 30.307412][ T1] ? sched_group_set_shares+0x490/0x490 [ 30.314445][ T1] ? put_task_struct+0x80/0x80 [ 30.320848][ T1] ? schedule+0x154/0x1d0 [ 30.326111][ T1] ? schedule_timeout+0xa9/0x360 [ 30.334364][ T1] ? __kasan_check_write+0x14/0x20 [ 30.340936][ T1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 30.349633][ T1] do_group_exit+0x141/0x310 [ 30.355409][ T1] get_signal+0x10a0/0x1410 [ 30.362327][ T1] arch_do_signal_or_restart+0xbd/0x17c0 [ 30.370224][ T1] ? put_pid+0xd7/0x110 [ 30.375829][ T1] ? kernel_clone+0x6ca/0x9e0 [ 30.381164][ T1] ? create_io_thread+0x1e0/0x1e0 [ 30.386855][ T1] ? get_timespec64+0x197/0x270 [ 30.393219][ T1] ? timespec64_add_safe+0x220/0x220 [ 30.399670][ T1] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 30.408523][ T1] ? __do_sys_vfork+0xcd/0x130 [ 30.415492][ T1] exit_to_user_mode_loop+0x9b/0xd0 [ 30.423644][ T1] syscall_exit_to_user_mode+0xa2/0x1a0 [ 30.429769][ T1] do_syscall_64+0x40/0x70 [ 30.440272][ T1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 30.449311][ T1] RIP: 0033:0x7fa7707a2a68 [ 30.454545][ T1] Code: 00 48 8d b8 e0 02 00 00 48 89 b8 d8 02 00 00 48 89 b8 e0 02 00 00 b8 11 01 00 00 0f 05 44 89 c0 c3 90 5f b8 3a 00 00 00 0f 05 <57> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 90 43 0f 00 f7 d8 64 89 01 48 [ 30.482664][ T1] RSP: 002b:00007ffdec93ad00 EFLAGS: 00000246 ORIG_RAX: 000000000000003a [ 30.493415][ T1] RAX: 0000000000000313 RBX: 0000563d083c9a50 RCX: 00007fa7707a2a68 [ 30.503905][ T1] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00007fa77092dbed [ 30.514462][ T1] RBP: 00007fa770968528 R08: 0000000000000007 R09: c61b680eec53173c [ 30.523872][ T1] R10: 00007ffdec93ad40 R11: 0000000000000246 R12: 0000000000000000 [ 30.534919][ T1] R13: 0000000000000018 R14: 0000563d076ce169 R15: 00007fa770999a80 [ 30.544864][ T1] Kernel Offset: disabled [ 30.552233][ T1] Rebooting in 86400 seconds..