./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3219412120 <...> [ 6.294285][ T28] audit: type=1400 audit(1743407869.880:58): avc: denied { use } for pid=182 comm="ssh-keygen" path="/dev/null" dev="devtmpfs" ino=4 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:system_r:kernel_t tclass=fd permissive=1 [ 6.348685][ T28] audit: type=1400 audit(1743407869.930:59): avc: denied { search } for pid=182 comm="ssh-keygen" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 6.364143][ T28] audit: type=1400 audit(1743407869.950:60): avc: denied { use } for pid=187 comm="sshd" path="/dev/null" dev="devtmpfs" ino=4 scontext=system_u:system_r:sshd_t tcontext=system_u:system_r:kernel_t tclass=fd permissive=1 [ 6.407454][ T187] sshd (187) used greatest stack depth: 22224 bytes left [ 20.882670][ T28] audit: type=1400 audit(1743407884.470:61): avc: denied { transition } for pid=275 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.889038][ T28] audit: type=1400 audit(1743407884.470:62): avc: denied { noatsecure } for pid=275 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.894883][ T28] audit: type=1400 audit(1743407884.470:63): avc: denied { write } for pid=275 comm="sh" path="pipe:[14885]" dev="pipefs" ino=14885 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 20.899222][ T28] audit: type=1400 audit(1743407884.470:64): avc: denied { rlimitinh } for pid=275 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.909769][ T28] audit: type=1400 audit(1743407884.470:65): avc: denied { siginh } for pid=275 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.722921][ T278] sftp-server (278) used greatest stack depth: 20968 bytes left Warning: Permanently added '10.128.0.176' (ED25519) to the list of known hosts. execve("./syz-executor3219412120", ["./syz-executor3219412120"], 0x7ffc9373f950 /* 10 vars */) = 0 brk(NULL) = 0x555567a4d000 brk(0x555567a4de00) = 0x555567a4de00 arch_prctl(ARCH_SET_FS, 0x555567a4d480) = 0 set_tid_address(0x555567a4d750) = 333 set_robust_list(0x555567a4d760, 24) = 0 rseq(0x555567a4dda0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3219412120", 4096) = 28 getrandom("\x5b\x38\xb7\x2f\x89\x4d\x62\xfb", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555567a4de00 brk(0x555567a6ee00) = 0x555567a6ee00 brk(0x555567a6f000) = 0x555567a6f000 mprotect(0x7fc30a784000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fc30a6d9830, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fc30a6e67d0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fc30a6d9830, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fc30a6e67d0}, NULL, 8) = 0 mkdir("./syzkaller.SHE85M", 0700) = 0 chmod("./syzkaller.SHE85M", 0777) = 0 chdir("./syzkaller.SHE85M") = 0 mkdir("./0", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 334 ./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x555567a4d760, 24) = 0 [pid 334] chdir("./0") = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 [pid 334] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 334] write(1, "executing program\n", 18) = 18 [pid 334] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 334] close(3) = 0 [pid 334] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 334] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [ 60.066809][ T28] audit: type=1400 audit(1743407923.650:66): avc: denied { execmem } for pid=333 comm="syz-executor321" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 60.089888][ T28] audit: type=1400 audit(1743407923.680:67): avc: denied { bpf } for pid=334 comm="syz-executor321" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 334] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 334] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 334] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 334] exit_group(0) = ? [pid 334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 335 ./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x555567a4d760, 24) = 0 [pid 335] chdir("./1") = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 335] write(1, "executing program\n", 18executing program ) = 18 [pid 335] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 335] close(3) = 0 [pid 335] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 335] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [ 60.110894][ T28] audit: type=1400 audit(1743407923.680:68): avc: denied { map_create } for pid=334 comm="syz-executor321" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 60.130390][ T28] audit: type=1400 audit(1743407923.680:69): avc: denied { map_read map_write } for pid=334 comm="syz-executor321" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 335] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 335] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 335] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 335] exit_group(0) = ? [pid 335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 336 ./strace-static-x86_64: Process 336 attached [pid 336] set_robust_list(0x555567a4d760, 24) = 0 [pid 336] chdir("./2") = 0 [pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 336] setpgid(0, 0) = 0 [pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 336] write(3, "1000", 4) = 4 [pid 336] close(3) = 0 [pid 336] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 336] write(1, "executing program\n", 18) = 18 [pid 336] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 336] close(3) = 0 [pid 336] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 336] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [pid 336] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 336] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 336] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 336] exit_group(0) = ? [pid 336] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 337 ./strace-static-x86_64: Process 337 attached [ 60.150634][ T28] audit: type=1400 audit(1743407923.680:70): avc: denied { prog_load } for pid=334 comm="syz-executor321" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 60.170094][ T28] audit: type=1400 audit(1743407923.680:71): avc: denied { perfmon } for pid=334 comm="syz-executor321" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 60.191429][ T28] audit: type=1400 audit(1743407923.680:72): avc: denied { prog_run } for pid=334 comm="syz-executor321" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 337] set_robust_list(0x555567a4d760, 24) = 0 [pid 337] chdir("./3") = 0 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 337] setpgid(0, 0) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 337] write(3, "1000", 4) = 4 [pid 337] close(3) = 0 [pid 337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 337] write(1, "executing program\n", 18executing program ) = 18 [pid 337] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 337] close(3) = 0 [pid 337] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 337] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [pid 337] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 337] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 337] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 337] exit_group(0) = ? [pid 337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 339 ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x555567a4d760, 24) = 0 [pid 339] chdir("./4") = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 339] write(1, "executing program\n", 18executing program ) = 18 [pid 339] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 339] close(3) = 0 [pid 339] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 339] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [pid 339] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 339] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 339] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 339] exit_group(0) = ? [pid 339] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 340 ./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x555567a4d760, 24) = 0 [pid 340] chdir("./5") = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 340] write(3, "1000", 4) = 4 [pid 340] close(3) = 0 [pid 340] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 340] write(1, "executing program\n", 18) = 18 [pid 340] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 340] close(3) = 0 [pid 340] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 340] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [pid 340] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 340] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 340] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 340] exit_group(0) = ? [pid 340] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 341 ./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x555567a4d760, 24) = 0 [pid 341] chdir("./6") = 0 [pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 341] setpgid(0, 0) = 0 [pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 341] write(3, "1000", 4) = 4 [pid 341] close(3) = 0 [pid 341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 341] write(1, "executing program\n", 18executing program ) = 18 [pid 341] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 341] close(3) = 0 [pid 341] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 341] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [pid 341] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 341] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 341] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 341] exit_group(0) = ? [pid 341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 342 attached , child_tidptr=0x555567a4d750) = 342 [pid 342] set_robust_list(0x555567a4d760, 24) = 0 [pid 342] chdir("./7") = 0 [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 342] setpgid(0, 0) = 0 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 342] write(3, "1000", 4) = 4 [pid 342] close(3) = 0 [pid 342] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 342] write(1, "executing program\n", 18) = 18 [pid 342] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 342] close(3) = 0 [pid 342] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 342] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [pid 342] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 342] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 342] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 342] exit_group(0) = ? [pid 342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 343 ./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x555567a4d760, 24) = 0 [pid 343] chdir("./8") = 0 [pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 343] setpgid(0, 0) = 0 [pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 343] write(3, "1000", 4) = 4 [pid 343] close(3) = 0 [pid 343] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 343] write(1, "executing program\n", 18) = 18 [pid 343] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 343] close(3) = 0 [pid 343] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 343] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [pid 343] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 343] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 343] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 343] exit_group(0) = ? [pid 343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 344 ./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x555567a4d760, 24) = 0 [pid 344] chdir("./9") = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 344] setpgid(0, 0) = 0 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 344] write(3, "1000", 4) = 4 [pid 344] close(3) = 0 [pid 344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 344] write(1, "executing program\n", 18executing program ) = 18 [pid 344] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 344] close(3) = 0 [pid 344] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 344] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [pid 344] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 344] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 344] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 344] exit_group(0) = ? [pid 344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 345 ./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x555567a4d760, 24) = 0 [pid 345] chdir("./10") = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 345] write(3, "1000", 4) = 4 [pid 345] close(3) = 0 [pid 345] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 345] write(1, "executing program\n", 18) = 18 [pid 345] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 345] close(3) = 0 [pid 345] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 345] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [pid 345] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 345] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 345] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 345] exit_group(0) = ? [pid 345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 346 ./strace-static-x86_64: Process 346 attached [pid 346] set_robust_list(0x555567a4d760, 24) = 0 [pid 346] chdir("./11") = 0 [pid 346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 346] setpgid(0, 0) = 0 [pid 346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 346] write(3, "1000", 4) = 4 [pid 346] close(3) = 0 [pid 346] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 346] write(1, "executing program\n", 18) = 18 [pid 346] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 346] close(3) = 0 [pid 346] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 346] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [pid 346] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 346] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 346] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 346] exit_group(0) = ? [pid 346] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 347 ./strace-static-x86_64: Process 347 attached [pid 347] set_robust_list(0x555567a4d760, 24) = 0 [pid 347] chdir("./12") = 0 [pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 347] setpgid(0, 0) = 0 [pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 347] write(3, "1000", 4) = 4 [pid 347] close(3) = 0 [pid 347] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 347] write(1, "executing program\n", 18) = 18 [pid 347] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 347] close(3) = 0 [pid 347] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 347] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [pid 347] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 347] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 347] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 347] exit_group(0) = ? [pid 347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 349 ./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x555567a4d760, 24) = 0 [pid 349] chdir("./13") = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 349] write(1, "executing program\n", 18executing program ) = 18 [pid 349] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 349] close(3) = 0 [pid 349] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 349] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [pid 349] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 349] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 349] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 349] exit_group(0) = ? [pid 349] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 350 attached , child_tidptr=0x555567a4d750) = 350 [pid 350] set_robust_list(0x555567a4d760, 24) = 0 [pid 350] chdir("./14") = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 350] write(1, "executing program\n", 18executing program ) = 18 [pid 350] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 350] close(3) = 0 [pid 350] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 350] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [pid 350] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 350] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 350] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 350] exit_group(0) = ? [pid 350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 351 ./strace-static-x86_64: Process 351 attached [pid 351] set_robust_list(0x555567a4d760, 24) = 0 [pid 351] chdir("./15") = 0 [pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 351] setpgid(0, 0) = 0 [pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 351] write(3, "1000", 4) = 4 [pid 351] close(3) = 0 [pid 351] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 351] write(1, "executing program\n", 18) = 18 [pid 351] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 351] close(3) = 0 [pid 351] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 351] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [pid 351] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 351] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 351] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 351] exit_group(0) = ? [pid 351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 352 ./strace-static-x86_64: Process 352 attached [pid 352] set_robust_list(0x555567a4d760, 24) = 0 [pid 352] chdir("./16") = 0 [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 352] setpgid(0, 0) = 0 [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 352] write(3, "1000", 4) = 4 [pid 352] close(3) = 0 [pid 352] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 352] write(1, "executing program\n", 18) = 18 [pid 352] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 352] close(3) = 0 [pid 352] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 352] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [pid 352] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80) = 0 [pid 352] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 6 [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x2000000005c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x35 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 352] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x2000000002c0, data_out=0x200000000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [pid 352] exit_group(0) = ? [pid 352] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555567a4e7f0 /* 3 entries */, 32768) = 80 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x555567a4e7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a4d750) = 353 ./strace-static-x86_64: Process 353 attached [pid 353] set_robust_list(0x555567a4d760, 24) = 0 [pid 353] chdir("./17") = 0 [pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 353] setpgid(0, 0) = 0 [pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 353] write(3, "1000", 4) = 4 [pid 353] close(3) = 0 [pid 353] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 353] write(1, "executing program\n", 18) = 18 [pid 353] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_CPUMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 353] close(3) = 0 [pid 353] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=9, map_flags=0, inner_map_fd=3, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200000000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 353] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x200000000640, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 5 [ 60.594042][ T353] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 60.605595][ T353] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 60.613835][ T353] CPU: 0 PID: 353 Comm: syz-executor321 Not tainted 6.1.129-syzkaller-00051-gc1fd50266bd6 #0 [ 60.623817][ T353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 60.633816][ T353] RIP: 0010:dev_map_enqueue+0x31/0x340 [ 60.639129][ T353] Code: 56 41 55 41 54 53 48 83 ec 18 48 89 55 c0 49 89 f7 48 89 fb 49 bc 00 00 00 00 00 fc ff df e8 a6 f3 dd ff 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 e0 9e 25 00 4c 8b 33 48 83 c3 20 [ 60.658546][ T353] RSP: 0018:ffffc9000111f5f8 EFLAGS: 00010246 [ 60.664455][ T353] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88811187d100 [ 60.672257][ T353] RDX: 0000000000000000 RSI: ffff8881226b9070 RDI: 0000000000000000 [ 60.680260][ T353] RBP: ffffc9000111f638 R08: ffffffff84158d72 R09: ffffffff84158c92 [ 60.688069][ T353] R10: 0000000000000004 R11: ffff88811187d100 R12: dffffc0000000000 [ 60.695889][ T353] R13: 1ffff1103edc6e15 R14: 1ffff1103edc6e15 R15: ffff8881226b9070 [ 60.704445][ T353] FS: 0000555567a4d480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 60.714113][ T353] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.721179][ T353] CR2: 00007fc30a7880e0 CR3: 000000012345a000 CR4: 00000000003506b0 [ 60.729734][ T353] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.739136][ T353] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.747876][ T353] Call Trace: [ 60.751022][ T353] [ 60.753907][ T353] ? __die_body+0x62/0xb0 [ 60.758838][ T353] ? die_addr+0x9f/0xd0 [ 60.762842][ T353] ? exc_general_protection+0x317/0x4c0 [ 60.768228][ T353] ? asm_exc_general_protection+0x27/0x30 [ 60.774190][ T353] ? xdp_do_redirect_frame+0x1b2/0x800 [ 60.779616][ T353] ? xdp_do_redirect_frame+0x292/0x800 [ 60.784947][ T353] ? dev_map_enqueue+0x31/0x340 [ 60.790614][ T353] ? dev_map_enqueue+0x2a/0x340 [ 60.796364][ T353] xdp_do_redirect_frame+0x2b5/0x800 [ 60.801485][ T353] bpf_test_run_xdp_live+0xc30/0x1f70 [ 60.806787][ T353] ? __kasan_check_write+0x14/0x20 [ 60.811728][ T353] ? bpf_test_run_xdp_live+0x7ae/0x1f70 [ 60.817107][ T353] ? xdp_convert_md_to_buff+0x360/0x360 [ 60.822485][ T353] ? bpf_dispatcher_change_prog+0xd86/0xf10 [ 60.828252][ T353] ? 0xffffffffa00038c0 [ 60.832211][ T353] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 60.838288][ T353] ? __kasan_check_write+0x14/0x20 [ 60.843256][ T353] ? _copy_from_user+0x90/0xc0 [ 60.847839][ T353] bpf_prog_test_run_xdp+0x7d1/0x1130 [ 60.853039][ T353] ? dev_put+0x80/0x80 [ 60.857059][ T353] ? selinux_capable+0x2f1/0x430 [ 60.861848][ T353] ? __kasan_check_read+0x11/0x20 [ 60.866681][ T353] ? dev_put+0x80/0x80 [ 60.870587][ T353] bpf_prog_test_run+0x3b0/0x630 [ 60.875486][ T353] ? bpf_prog_query+0x260/0x260 [ 60.880174][ T353] ? selinux_bpf+0xd2/0x100 [ 60.884506][ T353] ? security_bpf+0x82/0xb0 [ 60.888844][ T353] __sys_bpf+0x59f/0x7f0 [ 60.892924][ T353] ? ptrace_stop+0x709/0x930 [ 60.897354][ T353] ? bpf_link_show_fdinfo+0x300/0x300 [ 60.902570][ T353] ? do_notify_parent+0xa20/0xa20 [ 60.908442][ T353] ? fpregs_restore_userregs+0x130/0x290 [ 60.913903][ T353] __x64_sys_bpf+0x7c/0x90 [ 60.918154][ T353] x64_sys_call+0x87f/0x9a0 [ 60.922651][ T353] do_syscall_64+0x3b/0xb0 [ 60.926902][ T353] ? clear_bhb_loop+0x55/0xb0 [ 60.931429][ T353] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 60.937387][ T353] RIP: 0033:0x7fc30a710ea9 [ 60.941638][ T353] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.961078][ T353] RSP: 002b:00007fff0d295158 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 60.969472][ T353] RAX: ffffffffffffffda RBX: 000000000000ec81 RCX: 00007fc30a710ea9 [ 60.977829][ T353] RDX: 0000000000000050 RSI: 00002000000000c0 RDI: 000000000000000a [ 60.985638][ T353] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fff0d29518c [ 60.993536][ T353] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff0d29518c [ 61.001677][ T353] R13: 00007fff0d2951c0 R14: 00007fff0d2951a0 R15: 0000000000000011 [ 61.009658][ T353] [ 61.013775][ T353] Modules linked in: [ 61.017608][ T353] ---[ end trace 0000000000000000 ]--- [ 61.022907][ T353] RIP: 0010:dev_map_enqueue+0x31/0x340 [ 61.029485][ T353] Code: 56 41 55 41 54 53 48 83 ec 18 48 89 55 c0 49 89 f7 48 89 fb 49 bc 00 00 00 00 00 fc ff df e8 a6 f3 dd ff 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 e0 9e 25 00 4c 8b 33 48 83 c3 20 [ 61.049875][ T353] RSP: 0018:ffffc9000111f5f8 EFLAGS: 00010246 [ 61.055737][ T353] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88811187d100 [ 61.063617][ T353] RDX: 0000000000000000 RSI: ffff8881226b9070 RDI: 0000000000000000 [ 61.071381][ T353] RBP: ffffc9000111f638 R08: ffffffff84158d72 R09: ffffffff84158c92 [ 61.079169][ T353] R10: 0000000000000004 R11: ffff88811187d100 R12: dffffc0000000000 [ 61.087014][ T353] R13: 1ffff1103edc6e15 R14: 1ffff1103edc6e15 R15: ffff8881226b9070 [ 61.094914][ T353] FS: 0000555567a4d480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 61.103784][ T353] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 61.110181][ T353] CR2: 00007fc30a7880e0 CR3: 000000012345a000 CR4: 00000000003506b0 [ 61.118062][ T353] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 61.125908][ T353] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 61.133702][ T353] Kernel panic - not syncing: Fatal exception in interrupt [ 61.141005][ T353] Kernel Offset: disabled [ 61.145140][ T353] Rebooting in 86400 seconds..