./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3856240249 <...> Warning: Permanently added '10.128.0.221' (ECDSA) to the list of known hosts. execve("./syz-executor3856240249", ["./syz-executor3856240249"], 0x7ffcc35542d0 /* 10 vars */) = 0 brk(NULL) = 0x5555559a7000 brk(0x5555559a7d00) = 0x5555559a7d00 arch_prctl(ARCH_SET_FS, 0x5555559a73c0) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3856240249", 4096) = 28 brk(0x5555559c8d00) = 0x5555559c8d00 brk(0x5555559c9000) = 0x5555559c9000 mprotect(0x7fc3f75f8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fc3f75490a0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fc3f7549d10}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fc3f75490a0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fc3f7549d10}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 305 attached , child_tidptr=0x5555559a7690) = 305 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559a7690) = 306 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559a7690) = 307 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 305] <... openat resumed>) = 3 [pid 304] <... clone resumed>, child_tidptr=0x5555559a7690) = 308 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559a7690) = 309 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559a7690) = 310 ./strace-static-x86_64: Process 310 attached [pid 310] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 310] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 310] close(3) = 0 [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 309 attached [pid 309] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 310] <... clone resumed>, child_tidptr=0x5555559a7690) = 311 [pid 309] <... openat resumed>) = 3 [pid 309] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 309] close(3) = 0 [pid 309] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559a7690) = 312 ./strace-static-x86_64: Process 307 attached [pid 307] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 307] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 307] close(3) = 0 [pid 307] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559a7690) = 313 ./strace-static-x86_64: Process 311 attached [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] mkdir("./file0", 0777./strace-static-x86_64: Process 312 attached [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 311] <... mkdir resumed>) = 0 [pid 312] <... prctl resumed>) = 0 [pid 312] setpgid(0, 0) = 0 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 312] write(3, "1000", 4) = 4 [pid 312] close(3) = 0 [pid 312] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 312] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 312] pipe2([3, 4], 0) = 0 [pid 311] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 311] pipe2([3, 4], 0) = 0 [pid 312] write(4, "\x15\x19\x00\x00\xfe\xff\xff\x01\x80\x00\x80\x08\x00\x39\x50\x32\x30\x30\x30\x13\xaf", 21) = 21 [pid 311] write(4, "\x15\x19\x00\x00\xfe\xff\xff\x01\x80\x00\x80\x08\x00\x39\x50\x32\x30\x30\x30\x13\xaf", 21) = 21 [pid 311] dup(4) = 5 [pid 311] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,access=00000000000000000000,k" [pid 312] dup(4) = 5 [pid 312] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,access=00000000000000000000,k"./strace-static-x86_64: Process 306 attached [pid 306] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 306] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 306] close(3) = 0 [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559a7690) = 314 ./strace-static-x86_64: Process 314 attached [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 314] setpgid(0, 0) = 0 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 314] write(3, "1000", 4) = 4 [pid 314] close(3) = 0 [pid 314] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 314] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 314] pipe2([3, 4], 0) = 0 [pid 314] write(4, "\x15\x19\x00\x00\xfe\xff\xff\x01\x80\x00\x80\x08\x00\x39\x50\x32\x30\x30\x30\x13\xaf", 21) = 21 [pid 314] dup(4) = 5 [pid 314] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,access=00000000000000000000,k"./strace-static-x86_64: Process 313 attached ./strace-static-x86_64: Process 308 attached [pid 305] ioctl(3, LOOP_CLR_FD [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 308] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 305] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 313] <... prctl resumed>) = 0 [pid 308] <... openat resumed>) = 3 [pid 305] close(3 [pid 313] setpgid(0, 0 [pid 308] ioctl(3, LOOP_CLR_FD [pid 305] <... close resumed>) = 0 [pid 313] <... setpgid resumed>) = 0 [pid 308] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 308] close(3 [pid 313] <... openat resumed>) = 3 [pid 308] <... close resumed>) = 0 [pid 305] <... clone resumed>, child_tidptr=0x5555559a7690) = 319 [pid 313] write(3, "1000", 4 [pid 308] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 313] <... write resumed>) = 4 [pid 313] close(3 [pid 308] <... clone resumed>, child_tidptr=0x5555559a7690) = 320 [pid 313] <... close resumed>) = 0 ./strace-static-x86_64: Process 319 attached [pid 313] mkdir("./file0", 0777 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 313] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 313] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 313] pipe2( [pid 319] <... prctl resumed>) = 0 [pid 313] <... pipe2 resumed>[3, 4], 0) = 0 [pid 313] write(4, "\x15\x19\x00\x00\xfe\xff\xff\x01\x80\x00\x80\x08\x00\x39\x50\x32\x30\x30\x30\x13\xaf", 21 [pid 319] setpgid(0, 0 [pid 313] <... write resumed>) = 21 [pid 313] dup(4) = 5 [pid 313] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,access=00000000000000000000,k" [pid 319] <... setpgid resumed>) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 320 attached [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [ 19.459864][ T22] audit: type=1400 audit(1657022466.009:73): avc: denied { execmem } for pid=304 comm="syz-executor385" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.464970][ T22] audit: type=1400 audit(1657022466.019:74): avc: denied { read write } for pid=305 comm="syz-executor385" name="loop0" dev="devtmpfs" ino=9367 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 19.468798][ T22] audit: type=1400 audit(1657022466.019:75): avc: denied { open } for pid=305 comm="syz-executor385" path="/dev/loop0" dev="devtmpfs" ino=9367 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 19.479982][ T22] audit: type=1400 audit(1657022466.019:76): avc: denied { ioctl } for pid=310 comm="syz-executor385" path="/dev/loop5" dev="devtmpfs" ino=9372 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 319] mkdir("./file0", 0777 [pid 320] <... prctl resumed>) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 320] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 320] pipe2([3, 4], 0) = 0 [pid 320] write(4, "\x15\x19\x00\x00\xfe\xff\xff\x01\x80\x00\x80\x08\x00\x39\x50\x32\x30\x30\x30\x13\xaf", 21) = 21 [pid 320] dup(4) = 5 [pid 320] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,access=00000000000000000000,k" [pid 319] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 319] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 319] pipe2([3, 4], 0) = 0 [pid 319] write(4, "\x15\x19\x00\x00\xfe\xff\xff\x01\x80\x00\x80\x08\x00\x39\x50\x32\x30\x30\x30\x13\xaf", 21) = 21 [pid 319] dup(4) = 5 [ 19.513188][ T22] audit: type=1400 audit(1657022466.029:77): avc: denied { mounton } for pid=311 comm="syz-executor385" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 319] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,access=00000000000000000000,k" [pid 309] kill(-312, SIGKILL [pid 310] kill(-311, SIGKILL [pid 309] <... kill resumed>) = 0 [pid 309] kill(312, SIGKILL [pid 310] <... kill resumed>) = 0 [pid 309] <... kill resumed>) = 0 [pid 310] kill(311, SIGKILL) = 0 [pid 307] kill(-313, SIGKILL) = 0 [pid 307] kill(313, SIGKILL) = 0 [pid 306] kill(-314, SIGKILL) = 0 [pid 306] kill(314, SIGKILL) = 0 [pid 305] kill(-319, SIGKILL) = 0 [pid 305] kill(319, SIGKILL [pid 308] kill(-320, SIGKILL [pid 305] <... kill resumed>) = 0 [pid 308] <... kill resumed>) = 0 [pid 308] kill(320, SIGKILL) = 0 [pid 309] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 309] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 309] getdents64(3, [pid 310] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 310] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 310] getdents64(3, 0x5555559a86e0 /* 2 entries */, 32768) = 48 [pid 310] getdents64(3, 0x5555559a86e0 /* 0 entries */, 32768) = 0 [pid 310] close(3) = 0 [pid 309] <... getdents64 resumed>0x5555559a86e0 /* 2 entries */, 32768) = 48 [pid 309] getdents64(3, 0x5555559a86e0 /* 0 entries */, 32768) = 0 [pid 309] close(3) = 0 [pid 307] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 307] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 307] getdents64(3, 0x5555559a86e0 /* 2 entries */, 32768) = 48 [pid 307] getdents64(3, 0x5555559a86e0 /* 0 entries */, 32768) = 0 [pid 307] close(3) = 0 [pid 306] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 306] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 306] getdents64(3, 0x5555559a86e0 /* 2 entries */, 32768) = 48 [pid 306] getdents64(3, 0x5555559a86e0 /* 0 entries */, 32768) = 0 [pid 306] close(3) = 0 [pid 305] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 305] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 305] getdents64(3, 0x5555559a86e0 /* 2 entries */, 32768) = 48 [pid 305] getdents64(3, 0x5555559a86e0 /* 0 entries */, 32768) = 0 [pid 305] close(3) = 0 [pid 308] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 308] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 308] getdents64(3, 0x5555559a86e0 /* 2 entries */, 32768) = 48 [pid 308] getdents64(3, 0x5555559a86e0 /* 0 entries */, 32768) = 0 [pid 308] close(3) = 0 [ 66.762630][ T115] cfg80211: failed to load regulatory.db