./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor286941811

<...>
Warning: Permanently added '10.128.0.97' (ED25519) to the list of known hosts.
execve("./syz-executor286941811", ["./syz-executor286941811"], 0x7ffc82962600 /* 10 vars */) = 0
brk(NULL)                               = 0x555555b07000
brk(0x555555b07d00)                     = 0x555555b07d00
arch_prctl(ARCH_SET_FS, 0x555555b07380) = 0
set_tid_address(0x555555b07650)         = 286
set_robust_list(0x555555b07660, 24)     = 0
rseq(0x555555b07ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor286941811", 4096) = 27
getrandom("\xe5\x37\x8a\xd3\x79\x4a\xb5\xa6", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555555b07d00
brk(0x555555b28d00)                     = 0x555555b28d00
brk(0x555555b29000)                     = 0x555555b29000
mprotect(0x7f7f61631000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b07650) = 287
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b07650) = 288
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b07650) = 289
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b07650) = 290
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b07650) = 291
./strace-static-x86_64: Process 291 attached
[pid   291] set_robust_list(0x555555b07660, 24) = 0
[pid   291] unshare(CLONE_NEWPID./strace-static-x86_64: Process 287 attached
)       = 0
[pid   287] set_robust_list(0x555555b07660, 24) = 0
[pid   287] unshare(CLONE_NEWPID)       = 0
[pid   287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   287] <... clone resumed>, child_tidptr=0x555555b07650) = 292
[pid   291] <... clone resumed>, child_tidptr=0x555555b07650) = 293
./strace-static-x86_64: Process 293 attached
[pid   293] set_robust_list(0x555555b07660, 24) = 0
[pid   293] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL./strace-static-x86_64: Process 288 attached
./strace-static-x86_64: Process 290 attached
./strace-static-x86_64: Process 292 attached
./strace-static-x86_64: Process 289 attached
 <unfinished ...>
[pid   288] set_robust_list(0x555555b07660, 24 <unfinished ...>
[pid   290] set_robust_list(0x555555b07660, 24 <unfinished ...>
[pid   288] <... set_robust_list resumed>) = 0
[pid   290] <... set_robust_list resumed>) = 0
[pid   289] set_robust_list(0x555555b07660, 24) = 0
[pid   288] unshare(CLONE_NEWPID <unfinished ...>
[pid   290] unshare(CLONE_NEWPID <unfinished ...>
[pid   289] unshare(CLONE_NEWPID <unfinished ...>
[pid   288] <... unshare resumed>)      = 0
[pid   292] set_robust_list(0x555555b07660, 24 <unfinished ...>
[pid   290] <... unshare resumed>)      = 0
[pid   289] <... unshare resumed>)      = 0
[pid   288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   293] <... mount resumed>)        = -1 EBUSY (Device or resource busy)
[pid   293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   288] <... clone resumed>, child_tidptr=0x555555b07650) = 294
[pid   293] setsid()                    = 1
[pid   293] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024},  <unfinished ...>
[pid   290] <... clone resumed>, child_tidptr=0x555555b07650) = 295
[pid   289] <... clone resumed>, child_tidptr=0x555555b07650) = 296
[pid   293] <... prlimit64 resumed>NULL) = 0
[pid   293] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   293] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   293] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   293] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   293] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   293] unshare(CLONE_NEWNS)        = 0
[pid   293] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   293] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   293] unshare(CLONE_NEWCGROUP)    = 0
[pid   293] unshare(CLONE_NEWUTS)       = 0
[pid   293] unshare(CLONE_SYSVSEM)      = 0
[pid   293] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   293] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   293] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   293] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   293] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   293] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   293] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   293] getpid()                    = 1
[pid   293] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   293] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   293] unshare(CLONE_NEWNET./strace-static-x86_64: Process 294 attached
 <unfinished ...>
[pid   294] set_robust_list(0x555555b07660, 24) = 0
[pid   294] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   294] setsid()                    = 1
[pid   294] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   294] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   294] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   294] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   294] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   294] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   294] unshare(CLONE_NEWNS)        = 0
[pid   294] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   294] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   294] unshare(CLONE_NEWCGROUP)    = 0
[pid   294] unshare(CLONE_NEWUTS)       = 0
[pid   294] unshare(CLONE_SYSVSEM)      = 0
[pid   294] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   294] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   294] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   294] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   294] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   294] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   294] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   294] getpid()                    = 1
[pid   294] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   294] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   294] unshare(CLONE_NEWNET <unfinished ...>
[pid   292] <... set_robust_list resumed>) = 0
./strace-static-x86_64: Process 296 attached
[pid   292] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL./strace-static-x86_64: Process 295 attached
 <unfinished ...>
[pid   296] set_robust_list(0x555555b07660, 24) = 0
[pid   292] <... mount resumed>)        = -1 EBUSY (Device or resource busy)
[pid   295] set_robust_list(0x555555b07660, 24 <unfinished ...>
[pid   296] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL <unfinished ...>
[pid   295] <... set_robust_list resumed>) = 0
[   21.101757][   T24] audit: type=1400 audit(1713088380.170:66): avc:  denied  { execmem } for  pid=286 comm="syz-executor286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   21.105952][   T24] audit: type=1400 audit(1713088380.170:67): avc:  denied  { mounton } for  pid=286 comm="syz-executor286" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   21.111697][   T24] audit: type=1400 audit(1713088380.180:68): avc:  denied  { mount } for  pid=286 comm="syz-executor286" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   21.122389][   T24] audit: type=1400 audit(1713088380.190:69): avc:  denied  { mounton } for  pid=293 comm="syz-executor286" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[pid   292] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   293] <... unshare resumed>)      = 0
[pid   296] <... mount resumed>)        = -1 EBUSY (Device or resource busy)
[pid   296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   296] setsid()                    = 1
[pid   296] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   295] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL <unfinished ...>
[pid   296] unshare(CLONE_NEWNS)        = 0
[pid   296] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL <unfinished ...>
[pid   295] <... mount resumed>)        = -1 EBUSY (Device or resource busy)
[pid   292] <... prctl resumed>)        = 0
[pid   296] <... mount resumed>)        = 0
[pid   296] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   296] unshare(CLONE_NEWCGROUP)    = 0
[pid   296] unshare(CLONE_NEWUTS)       = 0
[pid   296] unshare(CLONE_SYSVSEM)      = 0
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] getpid()                    = 1
[pid   296] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   296] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   296] unshare(CLONE_NEWNET <unfinished ...>
[pid   293] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   293] write(3, "0 65535", 7)      = 7
[pid   293] close(3)                    = 0
[pid   293] mkdir("/dev/binderfs", 0777) = 0
[pid   293] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   293] symlink("/dev/binderfs", "./binderfs") = 0
[pid   293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b07650) = 2
[pid   295] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   294] <... unshare resumed>)      = 0
[   21.147476][   T24] audit: type=1400 audit(1713088380.190:70): avc:  denied  { mount } for  pid=293 comm="syz-executor286" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   21.170727][   T24] audit: type=1400 audit(1713088380.190:71): avc:  denied  { mounton } for  pid=293 comm="syz-executor286" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[pid   292] setsid( <unfinished ...>
[pid   294] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 297 attached
 <unfinished ...>
[pid   296] <... unshare resumed>)      = 0
[pid   295] <... prctl resumed>)        = 0
[pid   292] <... setsid resumed>)       = 1
[pid   295] setsid( <unfinished ...>
[pid   292] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024},  <unfinished ...>
[pid   295] <... setsid resumed>)       = 1
[pid   292] <... prlimit64 resumed>NULL) = 0
[pid   295] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024},  <unfinished ...>
[pid   292] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024},  <unfinished ...>
[pid   295] <... prlimit64 resumed>NULL) = 0
[pid   292] <... prlimit64 resumed>NULL) = 0
[pid   295] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024},  <unfinished ...>
[pid   292] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024},  <unfinished ...>
[pid   295] <... prlimit64 resumed>NULL) = 0
[pid   292] <... prlimit64 resumed>NULL) = 0
[pid   295] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024},  <unfinished ...>
[pid   292] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024},  <unfinished ...>
[pid   295] <... prlimit64 resumed>NULL) = 0
[pid   292] <... prlimit64 resumed>NULL) = 0
[pid   295] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024},  <unfinished ...>
[pid   292] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024},  <unfinished ...>
[pid   295] <... prlimit64 resumed>NULL) = 0
[pid   292] <... prlimit64 resumed>NULL) = 0
[pid   295] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024},  <unfinished ...>
[pid   292] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256},  <unfinished ...>
[pid   295] <... prlimit64 resumed>NULL) = 0
[pid   292] <... prlimit64 resumed>NULL) = 0
[pid   295] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256},  <unfinished ...>
[pid   292] unshare(CLONE_NEWNS <unfinished ...>
[pid   295] <... prlimit64 resumed>NULL) = 0
[pid   292] <... unshare resumed>)      = 0
[pid   295] unshare(CLONE_NEWNS <unfinished ...>
[pid   292] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL <unfinished ...>
[pid   295] <... unshare resumed>)      = 0
[pid   292] <... mount resumed>)        = 0
[pid   295] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL <unfinished ...>
[pid   294] <... openat resumed>)       = 3
[pid   292] unshare(CLONE_NEWIPC <unfinished ...>
[pid   295] <... mount resumed>)        = 0
[pid   292] <... unshare resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] unshare(CLONE_NEWIPC <unfinished ...>
[pid   294] write(3, "0 65535", 7 <unfinished ...>
[pid   292] unshare(CLONE_NEWCGROUP <unfinished ...>
[pid   295] <... unshare resumed>)      = -1 EINVAL (Invalid argument)
[pid   294] <... write resumed>)        = 7
[pid   292] <... unshare resumed>)      = 0
[pid   295] unshare(CLONE_NEWCGROUP <unfinished ...>
[pid   294] close(3 <unfinished ...>
[pid   292] unshare(CLONE_NEWUTS <unfinished ...>
[pid   295] <... unshare resumed>)      = 0
[pid   294] <... close resumed>)        = 0
[pid   292] <... unshare resumed>)      = 0
[pid   295] unshare(CLONE_NEWUTS <unfinished ...>
[pid   294] mkdir("/dev/binderfs", 0777 <unfinished ...>
[pid   292] unshare(CLONE_SYSVSEM <unfinished ...>
[pid   295] <... unshare resumed>)      = 0
[pid   294] <... mkdir resumed>)        = -1 EEXIST (File exists)
[pid   292] <... unshare resumed>)      = 0
[pid   295] unshare(CLONE_SYSVSEM <unfinished ...>
[pid   294] mount("binder", "/dev/binderfs", "binder", 0, NULL <unfinished ...>
[pid   292] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   295] <... unshare resumed>)      = 0
[pid   294] <... mount resumed>)        = 0
[pid   292] <... openat resumed>)       = -1 ENOENT (No such file or directory)
[pid   295] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   294] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   292] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   295] <... openat resumed>)       = -1 ENOENT (No such file or directory)
[pid   294] <... symlink resumed>)      = -1 EEXIST (File exists)
[pid   292] <... openat resumed>)       = -1 ENOENT (No such file or directory)
[pid   295] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   292] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   295] <... openat resumed>)       = -1 ENOENT (No such file or directory)
[pid   292] <... openat resumed>)       = -1 ENOENT (No such file or directory)
[pid   292] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   295] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   292] <... openat resumed>)       = -1 ENOENT (No such file or directory)
[pid   295] <... openat resumed>)       = -1 ENOENT (No such file or directory)
[pid   294] <... clone resumed>, child_tidptr=0x555555b07650) = 2
[pid   292] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   295] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   292] <... openat resumed>)       = -1 ENOENT (No such file or directory)
[pid   295] <... openat resumed>)       = -1 ENOENT (No such file or directory)
[pid   292] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   295] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   292] <... openat resumed>)       = -1 ENOENT (No such file or directory)
[pid   295] <... openat resumed>)       = -1 ENOENT (No such file or directory)
[pid   292] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   295] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   292] <... openat resumed>)       = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   295] <... openat resumed>)       = -1 ENOENT (No such file or directory)
./strace-static-x86_64: Process 298 attached
[pid   297] set_robust_list(0x555555b07660, 24 <unfinished ...>
[pid   298] set_robust_list(0x555555b07660, 24 <unfinished ...>
[pid   297] <... set_robust_list resumed>) = 0
[pid   298] <... set_robust_list resumed>) = 0
[pid   297] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   297] <... prctl resumed>)        = 0
[pid   298] setpgid(0, 0 <unfinished ...>
[pid   297] setpgid(0, 0 <unfinished ...>
[pid   298] <... setpgid resumed>)      = 0
[pid   297] <... setpgid resumed>)      = 0
[pid   298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   298] <... openat resumed>)       = 3
[pid   297] <... openat resumed>)       = 3
[pid   297] write(3, "1000", 4)         = 4
[pid   297] close(3)                    = 0
[pid   297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=1, value_size=6, max_entries=4096, map_flags=BPF_F_ZERO_SEED, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=4, btf_value_type_id=0, btf_vmlinux_value_type_id=4, map_extra=0}, 72) = -1 EINVAL (Invalid argument)
[pid   297] bpf(BPF_PROG_LOAD, NULL, 0) = -1 EFAULT (Bad address)
[pid   297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_da_reserve_space", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor)
[pid   297] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3
[pid   298] write(3, "1000", 4)         = 4
[pid   298] close(3)                    = 0
[pid   298] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=1, value_size=6, max_entries=4096, map_flags=BPF_F_ZERO_SEED, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=4, btf_value_type_id=0, btf_vmlinux_value_type_id=4, map_extra=0}, 72) = -1 EINVAL (Invalid argument)
[pid   298] bpf(BPF_PROG_LOAD, NULL, 0) = -1 EFAULT (Bad address)
[pid   298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_da_reserve_space", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor)
[pid   298] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3
[pid   297] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument)
[pid   297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=11, insns=NULL, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   298] bpf(BPF_MAP_CREATE, NULL, 0 <unfinished ...>
[pid   297] <... bpf resumed>)          = -1 EFAULT (Bad address)
[pid   298] <... bpf resumed>)          = -1 EINVAL (Invalid argument)
[pid   296] <... openat resumed>)       = 3
[pid   295] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   292] getpid( <unfinished ...>
[pid   296] write(3, "0 65535", 7 <unfinished ...>
[pid   295] <... openat resumed>)       = -1 ENOENT (No such file or directory)
[pid   292] <... getpid resumed>)       = 1
[pid   296] <... write resumed>)        = 7
[pid   295] getpid( <unfinished ...>
[pid   292] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1},  <unfinished ...>
[pid   296] close(3 <unfinished ...>
[pid   295] <... getpid resumed>)       = 1
[pid   292] <... capget resumed>{effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   296] <... close resumed>)        = 0
[pid   295] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1},  <unfinished ...>
[pid   292] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0} <unfinished ...>
[pid   298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=11, insns=NULL, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   296] mkdir("/dev/binderfs", 0777 <unfinished ...>
[pid   295] <... capget resumed>{effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   292] <... capset resumed>)       = 0
[pid   298] <... bpf resumed>)          = -1 EFAULT (Bad address)
[pid   297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16 <unfinished ...>
[pid   296] <... mkdir resumed>)        = -1 EEXIST (File exists)
[pid   295] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0} <unfinished ...>
[pid   292] unshare(CLONE_NEWNET <unfinished ...>
[pid   298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16 <unfinished ...>
[pid   296] mount("binder", "/dev/binderfs", "binder", 0, NULL <unfinished ...>
[pid   295] <... capset resumed>)       = 0
[pid   298] <... bpf resumed>)          = -1 EBADF (Bad file descriptor)
[pid   296] <... mount resumed>)        = 0
[pid   295] unshare(CLONE_NEWNET <unfinished ...>
[pid   298] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP <unfinished ...>
[   21.192947][   T24] audit: type=1400 audit(1713088380.250:72): avc:  denied  { mounton } for  pid=293 comm="syz-executor286" path="/dev/binderfs" dev="devtmpfs" ino=357 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   21.215807][   T24] audit: type=1400 audit(1713088380.250:73): avc:  denied  { mount } for  pid=293 comm="syz-executor286" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[pid   296] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   298] <... socket resumed>)       = 4
[pid   296] <... symlink resumed>)      = -1 EEXIST (File exists)
[pid   298] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_HASH, key_size=1, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   298] <... bpf resumed>)          = 5
[pid   298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   296] <... clone resumed>, child_tidptr=0x555555b07650) = 2
./strace-static-x86_64: Process 299 attached
[pid   297] <... bpf resumed>)          = -1 EBADF (Bad file descriptor)
[pid   299] set_robust_list(0x555555b07660, 24 <unfinished ...>
[pid   297] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP <unfinished ...>
[pid   299] <... set_robust_list resumed>) = 0
[pid   297] <... socket resumed>)       = 4
[pid   299] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_HASH, key_size=1, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   299] <... prctl resumed>)        = 0
[pid   297] <... bpf resumed>)          = 5
[pid   299] setpgid(0, 0 <unfinished ...>
[pid   297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   299] <... setpgid resumed>)      = 0
[pid   299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   299] write(3, "1000", 4)         = 4
[pid   299] close(3)                    = 0
[pid   299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=1, value_size=6, max_entries=4096, map_flags=BPF_F_ZERO_SEED, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=4, btf_value_type_id=0, btf_vmlinux_value_type_id=4, map_extra=0}, 72) = -1 EINVAL (Invalid argument)
[pid   299] bpf(BPF_PROG_LOAD, NULL, 0) = -1 EFAULT (Bad address)
[pid   299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_da_reserve_space", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor)
[pid   299] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3
[pid   299] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument)
[pid   299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=11, insns=NULL, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid   299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor)
[pid   299] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid   299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_HASH, key_size=1, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   295] <... unshare resumed>)      = 0
[pid   295] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   295] write(3, "0 65535", 7)      = 7
[pid   295] close(3)                    = 0
[pid   295] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists)
[pid   295] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   295] symlink("/dev/binderfs", "./binderfs") = -1 EEXIST (File exists)
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b07650) = 2
[pid   292] <... unshare resumed>)      = 0
[pid   292] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   292] write(3, "0 65535", 7)      = 7
[pid   292] close(3)                    = 0
[pid   292] mkdir("/dev/binderfs", 0777./strace-static-x86_64: Process 300 attached
 <unfinished ...>
[pid   300] set_robust_list(0x555555b07660, 24) = 0
[pid   292] <... mkdir resumed>)        = -1 EEXIST (File exists)
[pid   292] mount("binder", "/dev/binderfs", "binder", 0, NULL <unfinished ...>
[pid   300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   300] setpgid(0, 0)               = 0
[pid   300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   300] write(3, "1000", 4)         = 4
[pid   300] close(3 <unfinished ...>
[pid   292] <... mount resumed>)        = 0
[pid   300] <... close resumed>)        = 0
[pid   300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=1, value_size=6, max_entries=4096, map_flags=BPF_F_ZERO_SEED, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=4, btf_value_type_id=0, btf_vmlinux_value_type_id=4, map_extra=0}, 72) = -1 EINVAL (Invalid argument)
[pid   292] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   300] bpf(BPF_PROG_LOAD, NULL, 0) = -1 EFAULT (Bad address)
[pid   292] <... symlink resumed>)      = -1 EEXIST (File exists)
[pid   300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_da_reserve_space", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor)
[pid   292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   300] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 <unfinished ...>
[pid   292] <... clone resumed>, child_tidptr=0x555555b07650) = 2
[   21.238658][   T24] audit: type=1400 audit(1713088380.280:74): avc:  denied  { map_create } for  pid=297 comm="syz-executor286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   21.258092][   T24] audit: type=1400 audit(1713088380.280:75): avc:  denied  { prog_load } for  pid=297 comm="syz-executor286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[pid   300] <... openat resumed>)       = 3
[pid   300] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument)
[pid   300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=11, insns=NULL, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid   300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor)
[pid   300] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid   300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_HASH, key_size=1, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 301 attached
 <unfinished ...>
[pid   301] set_robust_list(0x555555b07660, 24) = 0
[pid   301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   301] setpgid(0, 0)               = 0
[pid   301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   301] write(3, "1000", 4)         = 4
[pid   301] close(3)                    = 0
[pid   301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=1, value_size=6, max_entries=4096, map_flags=BPF_F_ZERO_SEED, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=4, btf_value_type_id=0, btf_vmlinux_value_type_id=4, map_extra=0}, 72) = -1 EINVAL (Invalid argument)
[pid   301] bpf(BPF_PROG_LOAD, NULL, 0) = -1 EFAULT (Bad address)
[pid   301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_da_reserve_space", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor)
[pid   301] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3
[pid   301] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument)
[pid   301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=11, insns=NULL, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid   301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor)
[pid   301] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid   301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_HASH, key_size=1, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5
[pid   301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   297] <... bpf resumed>)          = 6
[pid   301] <... bpf resumed>)          = 6
[pid   300] <... bpf resumed>)          = 6
[pid   299] <... bpf resumed>)          = 6
[pid   298] <... bpf resumed>)          = 6
[pid   297] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000500, value=0x20000540, flags=BPF_ANY}, 32 <unfinished ...>
[pid   300] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000500, value=0x20000540, flags=BPF_ANY}, 32 <unfinished ...>
[pid   299] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000500, value=0x20000540, flags=BPF_ANY}, 32 <unfinished ...>
[pid   298] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000500, value=0x20000540, flags=BPF_ANY}, 32 <unfinished ...>
[pid   297] <... bpf resumed>)          = 0
[pid   300] <... bpf resumed>)          = 0
[pid   299] <... bpf resumed>)          = 0
[pid   298] <... bpf resumed>)          = 0
[pid   297] bpf(BPF_BTF_GET_FD_BY_ID, {btf_id=0}, 4 <unfinished ...>
[pid   300] bpf(BPF_BTF_GET_FD_BY_ID, {btf_id=0}, 4 <unfinished ...>
[pid   299] bpf(BPF_BTF_GET_FD_BY_ID, {btf_id=0}, 4 <unfinished ...>
[pid   298] bpf(BPF_BTF_GET_FD_BY_ID, {btf_id=0}, 4 <unfinished ...>
[pid   297] <... bpf resumed>)          = -1 ENOENT (No such file or directory)
[pid   300] <... bpf resumed>)          = -1 ENOENT (No such file or directory)
[pid   299] <... bpf resumed>)          = -1 ENOENT (No such file or directory)
[pid   298] <... bpf resumed>)          = -1 ENOENT (No such file or directory)
[pid   297] bpf(BPF_PROG_LOAD, {prog_type=0x20 /* BPF_PROG_TYPE_??? */, insn_cnt=15, insns=NULL, license="syzkaller", log_level=256, log_size=4096, log_buf="", kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0x40 /* BPF_F_??? */, prog_name="", prog_ifindex=0, expected_attach_type=BPF_SK_SKB_STREAM_VERDICT, prog_btf_fd=-1, func_info_rec_size=8, func_info=0x20000300, func_info_cnt=8, line_info_rec_size=16, line_info=0x20000340, line_info_cnt=16, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL, ...}, 144 <unfinished ...>
[pid   301] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000500, value=0x20000540, flags=BPF_ANY}, 32 <unfinished ...>
[pid   300] bpf(BPF_PROG_LOAD, {prog_type=0x20 /* BPF_PROG_TYPE_??? */, insn_cnt=15, insns=NULL, license="syzkaller", log_level=256, log_size=4096, log_buf="", kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0x40 /* BPF_F_??? */, prog_name="", prog_ifindex=0, expected_attach_type=BPF_SK_SKB_STREAM_VERDICT, prog_btf_fd=-1, func_info_rec_size=8, func_info=0x20000300, func_info_cnt=8, line_info_rec_size=16, line_info=0x20000340, line_info_cnt=16, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL, ...}, 144 <unfinished ...>
[pid   299] bpf(BPF_PROG_LOAD, {prog_type=0x20 /* BPF_PROG_TYPE_??? */, insn_cnt=15, insns=NULL, license="syzkaller", log_level=256, log_size=4096, log_buf="", kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0x40 /* BPF_F_??? */, prog_name="", prog_ifindex=0, expected_attach_type=BPF_SK_SKB_STREAM_VERDICT, prog_btf_fd=-1, func_info_rec_size=8, func_info=0x20000300, func_info_cnt=8, line_info_rec_size=16, line_info=0x20000340, line_info_cnt=16, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL, ...}, 144 <unfinished ...>
[pid   298] bpf(BPF_PROG_LOAD, {prog_type=0x20 /* BPF_PROG_TYPE_??? */, insn_cnt=15, insns=NULL, license="syzkaller", log_level=256, log_size=4096, log_buf="", kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0x40 /* BPF_F_??? */, prog_name="", prog_ifindex=0, expected_attach_type=BPF_SK_SKB_STREAM_VERDICT, prog_btf_fd=-1, func_info_rec_size=8, func_info=0x20000300, func_info_cnt=8, line_info_rec_size=16, line_info=0x20000340, line_info_cnt=16, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL, ...}, 144 <unfinished ...>
[pid   297] <... bpf resumed>)          = -1 E2BIG (Argument list too long)
[pid   300] <... bpf resumed>)          = -1 E2BIG (Argument list too long)
[pid   299] <... bpf resumed>)          = -1 E2BIG (Argument list too long)
[pid   298] <... bpf resumed>)          = -1 E2BIG (Argument list too long)
[pid   297] clock_gettime(CLOCK_REALTIME,  <unfinished ...>
[pid   300] clock_gettime(CLOCK_REALTIME,  <unfinished ...>
[pid   299] clock_gettime(CLOCK_REALTIME,  <unfinished ...>
[pid   298] clock_gettime(CLOCK_REALTIME,  <unfinished ...>
[pid   297] <... clock_gettime resumed>NULL) = -1 EFAULT (Bad address)
[pid   300] <... clock_gettime resumed>NULL) = -1 EFAULT (Bad address)
[pid   299] <... clock_gettime resumed>NULL) = -1 EFAULT (Bad address)
[pid   298] <... clock_gettime resumed>NULL) = -1 EFAULT (Bad address)
[pid   297] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP <unfinished ...>
[pid   300] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP <unfinished ...>
[pid   299] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP <unfinished ...>
[pid   298] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP <unfinished ...>
[pid   297] <... socket resumed>)       = 7
[pid   300] <... socket resumed>)       = 7
[pid   299] <... socket resumed>)       = 7
[pid   298] <... socket resumed>)       = 7
[pid   297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=5, insns=0x20000000, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 <unfinished ...>
[pid   301] <... bpf resumed>)          = 0
[pid   300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=5, insns=0x20000000, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 <unfinished ...>
[pid   299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=5, insns=0x20000000, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 <unfinished ...>
[pid   298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=5, insns=0x20000000, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 <unfinished ...>
[pid   297] <... bpf resumed>)          = 8
[pid   301] bpf(BPF_BTF_GET_FD_BY_ID, {btf_id=0}, 4 <unfinished ...>
[pid   300] <... bpf resumed>)          = 8
[pid   299] <... bpf resumed>)          = 8
[pid   298] <... bpf resumed>)          = 8
[pid   297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="fib6_table_lookup", prog_fd=8}}, 16 <unfinished ...>
[pid   301] <... bpf resumed>)          = -1 ENOENT (No such file or directory)
[pid   300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="fib6_table_lookup", prog_fd=8}}, 16 <unfinished ...>
[pid   299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="fib6_table_lookup", prog_fd=8}}, 16 <unfinished ...>
[pid   298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="fib6_table_lookup", prog_fd=8}}, 16 <unfinished ...>
[pid   297] <... bpf resumed>)          = 9
[pid   301] bpf(BPF_PROG_LOAD, {prog_type=0x20 /* BPF_PROG_TYPE_??? */, insn_cnt=15, insns=NULL, license="syzkaller", log_level=256, log_size=4096, log_buf="", kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0x40 /* BPF_F_??? */, prog_name="", prog_ifindex=0, expected_attach_type=BPF_SK_SKB_STREAM_VERDICT, prog_btf_fd=-1, func_info_rec_size=8, func_info=0x20000300, func_info_cnt=8, line_info_rec_size=16, line_info=0x20000340, line_info_cnt=16, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL, ...}, 144 <unfinished ...>
[pid   300] <... bpf resumed>)          = 9
[pid   301] <... bpf resumed>)          = -1 E2BIG (Argument list too long)
[pid   300] sendto(7, NULL, 1476, 0, {sa_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "fe80::aa", &sin6_addr), sin6_scope_id=0}, 28 <unfinished ...>
[pid   299] <... bpf resumed>)          = 9
[pid   297] sendto(7, NULL, 1476, 0, {sa_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "fe80::aa", &sin6_addr), sin6_scope_id=0}, 28 <unfinished ...>
[pid   301] clock_gettime(CLOCK_REALTIME,  <unfinished ...>
[pid   300] <... sendto resumed>)       = -1 EADDRNOTAVAIL (Cannot assign requested address)
[pid   299] sendto(7, NULL, 1476, 0, {sa_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "fe80::aa", &sin6_addr), sin6_scope_id=0}, 28 <unfinished ...>
[pid   298] <... bpf resumed>)          = 9
[pid   301] <... clock_gettime resumed>NULL) = -1 EFAULT (Bad address)
[pid   300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=4, insns=0x200002c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 <unfinished ...>
[pid   297] <... sendto resumed>)       = -1 EADDRNOTAVAIL (Cannot assign requested address)
[pid   299] <... sendto resumed>)       = -1 EADDRNOTAVAIL (Cannot assign requested address)
[pid   298] sendto(7, NULL, 1476, 0, {sa_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "fe80::aa", &sin6_addr), sin6_scope_id=0}, 28 <unfinished ...>
[pid   300] <... bpf resumed>)          = 10
[pid   299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=4, insns=0x200002c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 <unfinished ...>
[pid   297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=4, insns=0x200002c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 <unfinished ...>
[pid   301] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP <unfinished ...>
[pid   300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_ARRAY, key_size=4, value_size=7, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   298] <... sendto resumed>)       = -1 EADDRNOTAVAIL (Cannot assign requested address)
[pid   301] <... socket resumed>)       = 7
[pid   299] <... bpf resumed>)          = 10
[pid   297] <... bpf resumed>)          = 10
[pid   301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=5, insns=0x20000000, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 <unfinished ...>
[pid   300] <... bpf resumed>)          = 11
[pid   301] <... bpf resumed>)          = 8
[pid   299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_ARRAY, key_size=4, value_size=7, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=4, insns=0x200002c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 <unfinished ...>
[pid   297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_ARRAY, key_size=4, value_size=7, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=20, insns=0x200002c0, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="fib6_table_lookup", prog_fd=8}}, 16 <unfinished ...>
[pid   299] <... bpf resumed>)          = 11
[pid   297] <... bpf resumed>)          = 11
[pid   300] <... bpf resumed>)          = -1 EFAULT (Bad address)
[pid   301] <... bpf resumed>)          = 9
[pid   300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_ext_remove_space_done", prog_fd=-1}}, 16 <unfinished ...>
[pid   299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=20, insns=0x200002c0, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=20, insns=0x200002c0, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   301] sendto(7, NULL, 1476, 0, {sa_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "fe80::aa", &sin6_addr), sin6_scope_id=0}, 28 <unfinished ...>
[pid   300] <... bpf resumed>)          = -1 EBADF (Bad file descriptor)
[pid   299] <... bpf resumed>)          = -1 EFAULT (Bad address)
[pid   298] <... bpf resumed>)          = 10
[pid   297] <... bpf resumed>)          = -1 EFAULT (Bad address)
[pid   301] <... sendto resumed>)       = -1 EADDRNOTAVAIL (Cannot assign requested address)
[pid   300] openat(AT_FDCWD, "blkio.bfq.sectors_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 <unfinished ...>
[pid   299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_ext_remove_space_done", prog_fd=-1}}, 16 <unfinished ...>
[pid   298] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_ARRAY, key_size=4, value_size=7, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_ext_remove_space_done", prog_fd=-1}}, 16 <unfinished ...>
[pid   301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=4, insns=0x200002c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 <unfinished ...>
[pid   300] <... openat resumed>)       = 12
[pid   299] <... bpf resumed>)          = -1 EBADF (Bad file descriptor)
[pid   298] <... bpf resumed>)          = 11
[pid   297] <... bpf resumed>)          = -1 EBADF (Bad file descriptor)
[pid   301] <... bpf resumed>)          = 10
[pid   300] ioctl(12, _IOC(_IOC_WRITE, 0x58, 0x2b, 0x30), 0x20000280 <unfinished ...>
[pid   299] openat(AT_FDCWD, "blkio.bfq.sectors_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 <unfinished ...>
[pid   297] openat(AT_FDCWD, "blkio.bfq.sectors_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 <unfinished ...>
[pid   298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=20, insns=0x200002c0, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_ARRAY, key_size=4, value_size=7, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   300] <... ioctl resumed>)        = 0
[pid   299] <... openat resumed>)       = 12
[pid   297] <... openat resumed>)       = 12
[pid   298] <... bpf resumed>)          = -1 EFAULT (Bad address)
[pid   301] <... bpf resumed>)          = 11
[pid   300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=10}}, 16 <unfinished ...>
[pid   299] ioctl(12, _IOC(_IOC_WRITE, 0x58, 0x2b, 0x30), 0x20000280 <unfinished ...>
[pid   298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_ext_remove_space_done", prog_fd=-1}}, 16 <unfinished ...>
[pid   297] ioctl(12, _IOC(_IOC_WRITE, 0x58, 0x2b, 0x30), 0x20000280 <unfinished ...>
[pid   301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=20, insns=0x200002c0, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   300] <... bpf resumed>)          = 13
[pid   299] <... ioctl resumed>)        = 0
[pid   298] <... bpf resumed>)          = -1 EBADF (Bad file descriptor)
[pid   297] <... ioctl resumed>)        = 0
[pid   301] <... bpf resumed>)          = -1 EFAULT (Bad address)
[pid   300] close(3 <unfinished ...>
[pid   299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=10}}, 16 <unfinished ...>
[pid   298] openat(AT_FDCWD, "blkio.bfq.sectors_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 <unfinished ...>
[pid   297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=10}}, 16 <unfinished ...>
[pid   301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_ext_remove_space_done", prog_fd=-1}}, 16 <unfinished ...>
[pid   300] <... close resumed>)        = 0
[pid   299] <... bpf resumed>)          = 13
[pid   297] <... bpf resumed>)          = 13
[pid   301] <... bpf resumed>)          = -1 EBADF (Bad file descriptor)
[pid   300] close(4 <unfinished ...>
[pid   299] close(3 <unfinished ...>
[pid   298] <... openat resumed>)       = 12
[pid   297] close(3 <unfinished ...>
[pid   301] openat(AT_FDCWD, "blkio.bfq.sectors_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 <unfinished ...>
[pid   300] <... close resumed>)        = 0
[   23.483888][    T1] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000008
[   23.492218][    T1] CPU: 1 PID: 1 Comm: init Not tainted 5.10.209-syzkaller-00002-g4e1bc8d8e8ae #0
[   23.501152][    T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   23.511036][    T1] Call Trace:
[   23.514186][    T1]  dump_stack_lvl+0x1e2/0x24b
[   23.518701][    T1]  ? panic+0x22b/0x80b
[   23.522591][    T1]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   23.527889][    T1]  dump_stack+0x15/0x17
[   23.531870][    T1]  panic+0x2cf/0x80b
[   23.535603][    T1]  ? do_exit+0x239a/0x2a50
[   23.539860][    T1]  ? fb_is_primary_device+0xd4/0xd4
[   23.544894][    T1]  ? __kasan_check_write+0x14/0x20
[   23.549842][    T1]  ? sync_mm_rss+0x28a/0x2e0
[   23.554264][    T1]  do_exit+0x23b4/0x2a50
[   23.558347][    T1]  ? sched_group_set_shares+0x490/0x490
[   23.563725][    T1]  ? put_task_struct+0x80/0x80
[   23.568325][    T1]  ? schedule+0x154/0x1d0
[   23.572490][    T1]  ? schedule_timeout+0xa9/0x360
[   23.577265][    T1]  ? __kasan_check_write+0x14/0x20
[   23.582210][    T1]  ? _raw_spin_lock_irq+0xa5/0x1b0
[   23.587160][    T1]  do_group_exit+0x141/0x310
[   23.591592][    T1]  get_signal+0x10a0/0x1410
[   23.595928][    T1]  arch_do_signal_or_restart+0xbd/0x17c0
[   23.601394][    T1]  ? put_pid+0xd7/0x110
[   23.605381][    T1]  ? kernel_clone+0x6ca/0x9e0
[   23.609897][    T1]  ? create_io_thread+0x1e0/0x1e0
[   23.614756][    T1]  ? get_timespec64+0x197/0x270
[   23.619452][    T1]  ? timespec64_add_safe+0x220/0x220
[   23.624570][    T1]  ? __do_sys_rt_sigreturn+0x1e0/0x1e0
[   23.629859][    T1]  ? __do_sys_vfork+0xcd/0x130
[   23.634494][    T1]  exit_to_user_mode_loop+0x9b/0xd0
[   23.639499][    T1]  syscall_exit_to_user_mode+0xc5/0x1d0
[   23.644880][    T1]  do_syscall_64+0x40/0x70
[   23.649130][    T1]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[   23.654854][    T1] RIP: 0033:0x7fad78798a68
[   23.659109][    T1] Code: 00 48 8d b8 e0 02 00 00 48 89 b8 d8 02 00 00 48 89 b8 e0 02 00 00 b8 11 01 00 00 0f 05 44 89 c0 c3 90 5f b8 3a 00 00 00 0f 05 <57> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 90 43 0f 00 f7 d8 64 89 01 48
[   23.678551][    T1] RSP: 002b:00007ffd3e2bad60 EFLAGS: 00000246 ORIG_RAX: 000000000000003a
[   23.686792][    T1] RAX: 00000000000001d2 RBX: 00005600744e6a50 RCX: 00007fad78798a68
[   23.694607][    T1] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00007fad78923bed
[   23.702414][    T1] RBP: 00007fad7895e528 R08: 0000000000000007 R09: f0cf2b833acb486c
[   23.710224][    T1] R10: 00007ffd3e2bada0 R11: 0000000000000246 R12: 0000000000000000
[   23.718038][    T1] R13: 0000000000000018 R14: 0000560073205169 R15: 00007fad7898fa80
[   23.726057][    T1] Kernel Offset: disabled
[   23.730185][    T1] Rebooting in 86400 seconds..