./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor231825672 <...> Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. execve("./syz-executor231825672", ["./syz-executor231825672"], 0x7ffedbec50c0 /* 10 vars */) = 0 brk(NULL) = 0x555556cfd000 brk(0x555556cfdc40) = 0x555556cfdc40 arch_prctl(ARCH_SET_FS, 0x555556cfd300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor231825672", 4096) = 27 brk(0x555556d1ec40) = 0x555556d1ec40 brk(0x555556d1f000) = 0x555556d1f000 mprotect(0x7fba97a2a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cfd5d0) = 304 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 304 attached ./strace-static-x86_64: Process 305 attached , child_tidptr=0x555556cfd5d0) = 305 [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 303] <... clone resumed>, child_tidptr=0x555556cfd5d0) = 306 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 307 attached [pid 305] <... clone resumed>, child_tidptr=0x555556cfd5d0) = 307 [pid 303] <... clone resumed>, child_tidptr=0x555556cfd5d0) = 308 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 304] <... clone resumed>, child_tidptr=0x555556cfd5d0) = 309 [pid 303] <... clone resumed>, child_tidptr=0x555556cfd5d0) = 310 ./strace-static-x86_64: Process 309 attached [pid 307] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 310 attached [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 307] setpgid(0, 0 [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 309] <... prctl resumed>) = 0 [pid 307] <... setpgid resumed>) = 0 [pid 303] <... clone resumed>, child_tidptr=0x555556cfd5d0) = 312 [pid 310] <... clone resumed>, child_tidptr=0x555556cfd5d0) = 311 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 309] setpgid(0, 0./strace-static-x86_64: Process 308 attached [pid 308] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 307] <... openat resumed>) = 3 [pid 309] <... setpgid resumed>) = 0 [pid 307] write(3, "1000", 4./strace-static-x86_64: Process 313 attached [pid 308] <... clone resumed>, child_tidptr=0x555556cfd5d0) = 313 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 307] <... write resumed>) = 4 [pid 307] close(3./strace-static-x86_64: Process 306 attached ) = 0 [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 307] openat(AT_FDCWD, "/dev/char/4:22", O_RDWR./strace-static-x86_64: Process 314 attached [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 309] <... openat resumed>) = 3 [pid 306] <... clone resumed>, child_tidptr=0x555556cfd5d0) = 314 [pid 307] <... openat resumed>) = 3 [pid 307] openat(AT_FDCWD, "/proc/self/fd/3", O_RDWR) = 4 [pid 307] socket(AF_INET6, SOCK_STREAM, IPPROTO_IP) = 5 [pid 307] close(5) = 0 [pid 307] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC./strace-static-x86_64: Process 312 attached ./strace-static-x86_64: Process 311 attached [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 313] <... prctl resumed>) = 0 [pid 309] write(3, "1000", 4 [pid 307] <... socket resumed>) = 5 [pid 313] setpgid(0, 0 [pid 309] <... write resumed>) = 4 [pid 313] <... setpgid resumed>) = 0 [pid 309] close(3 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 309] <... close resumed>) = 0 [pid 313] <... openat resumed>) = 3 [pid 309] openat(AT_FDCWD, "/dev/char/4:20", O_RDWR [pid 313] write(3, "1000", 4) = 4 [pid 313] close(3) = 0 [pid 313] openat(AT_FDCWD, "/dev/char/4:26", O_RDWR [pid 314] <... prctl resumed>) = 0 [pid 314] setpgid(0, 0) = 0 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 314] write(3, "1000", 4) = 4 [pid 314] close(3) = 0 [pid 314] openat(AT_FDCWD, "/dev/char/4:24", O_RDWR [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL [ 21.804603][ T22] audit: type=1400 audit(1653262669.240:73): avc: denied { execmem } for pid=303 comm="syz-executor231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 312] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 311] <... prctl resumed>) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 307] mount(NULL, ".", "9p", 0, "trans=fd,rfdno=0x0000000000000004,wfdno=0x0000000000000005," [pid 309] <... openat resumed>) = 3 [pid 309] openat(AT_FDCWD, "/proc/self/fd/3", O_RDWR [pid 313] <... openat resumed>) = 3 [pid 313] openat(AT_FDCWD, "/proc/self/fd/3", O_RDWR [pid 314] <... openat resumed>) = 3 [pid 313] <... openat resumed>) = 4 [pid 309] <... openat resumed>) = 4 [pid 314] openat(AT_FDCWD, "/proc/self/fd/3", O_RDWR [pid 313] socket(AF_INET6, SOCK_STREAM, IPPROTO_IP [pid 309] socket(AF_INET6, SOCK_STREAM, IPPROTO_IP [pid 314] <... openat resumed>) = 4 [pid 313] <... socket resumed>) = 5 [pid 309] <... socket resumed>) = 5 [pid 314] socket(AF_INET6, SOCK_STREAM, IPPROTO_IP [pid 313] close(5 [pid 309] close(5 [pid 314] <... socket resumed>) = 5 [pid 313] <... close resumed>) = 0 [pid 309] <... close resumed>) = 0 [pid 314] close(5 [pid 313] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 309] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 314] <... close resumed>) = 0 [pid 313] <... socket resumed>) = 5 [pid 309] <... socket resumed>) = 5 [pid 314] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 313] mount(NULL, ".", "9p", 0, "trans=fd,rfdno=0x0000000000000004,wfdno=0x0000000000000005," [pid 309] mount(NULL, ".", "9p", 0, "trans=fd,rfdno=0x0000000000000004,wfdno=0x0000000000000005," [pid 314] <... socket resumed>) = 5 [pid 314] mount(NULL, ".", "9p", 0, "trans=fd,rfdno=0x0000000000000004,wfdno=0x0000000000000005," [pid 311] <... openat resumed>) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] openat(AT_FDCWD, "/dev/char/4:28", O_RDWR [pid 312] <... clone resumed>, child_tidptr=0x555556cfd5d0) = 318 ./strace-static-x86_64: Process 318 attached [pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 318] setpgid(0, 0) = 0 [pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 318] write(3, "1000", 4) = 4 [pid 318] close(3) = 0 [pid 318] openat(AT_FDCWD, "/dev/char/4:30", O_RDWR [pid 311] <... openat resumed>) = 3 [pid 311] openat(AT_FDCWD, "/proc/self/fd/3", O_RDWR) = 4 [pid 311] socket(AF_INET6, SOCK_STREAM, IPPROTO_IP) = 5 [pid 311] close(5) = 0 [pid 311] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5 [pid 311] mount(NULL, ".", "9p", 0, "trans=fd,rfdno=0x0000000000000004,wfdno=0x0000000000000005," [pid 318] <... openat resumed>) = 3 [pid 318] openat(AT_FDCWD, "/proc/self/fd/3", O_RDWR) = 4 [pid 318] socket(AF_INET6, SOCK_STREAM, IPPROTO_IP) = 5 [pid 318] close(5) = 0 [pid 318] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5 [ 21.835491][ T22] audit: type=1400 audit(1653262669.270:74): avc: denied { create } for pid=307 comm="syz-executor231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 21.862813][ T22] audit: type=1400 audit(1653262669.290:75): avc: denied { mounton } for pid=307 comm="syz-executor231" path="/root" dev="sda1" ino=564 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_dir_t tclass=dir permissive=1 [pid 318] mount(NULL, ".", "9p", 0, "trans=fd,rfdno=0x0000000000000004,wfdno=0x0000000000000005," [pid 305] kill(-307, SIGKILL) = 0 [pid 305] kill(307, SIGKILL) = 0 [pid 304] kill(-309, SIGKILL) = 0 [pid 304] kill(309, SIGKILL) = 0 [pid 310] kill(-311, SIGKILL) = 0 [pid 310] kill(311, SIGKILL) = 0 [pid 308] kill(-313, SIGKILL) = 0 [pid 308] kill(313, SIGKILL) = 0 [pid 306] kill(-314, SIGKILL) = 0 [pid 306] kill(314, SIGKILL) = 0 [pid 312] kill(-318, SIGKILL) = 0 [pid 312] kill(318, SIGKILL) = 0 [pid 305] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 310] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 305] <... openat resumed>) = 3 [pid 310] <... openat resumed>) = 3 [pid 305] fstat(3, [pid 310] fstat(3, [pid 305] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 310] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 305] getdents64(3, 0x555556cfe620 /* 2 entries */, 32768) = 48 [pid 310] getdents64(3, [pid 305] getdents64(3, [pid 310] <... getdents64 resumed>0x555556cfe620 /* 2 entries */, 32768) = 48 [pid 305] <... getdents64 resumed>0x555556cfe620 /* 0 entries */, 32768) = 0 [pid 310] getdents64(3, [pid 305] close(3 [pid 310] <... getdents64 resumed>0x555556cfe620 /* 0 entries */, 32768) = 0 [pid 305] <... close resumed>) = 0 [pid 310] close(3) = 0 [pid 308] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 308] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 308] getdents64(3, 0x555556cfe620 /* 2 entries */, 32768) = 48 [pid 308] getdents64(3, 0x555556cfe620 /* 0 entries */, 32768) = 0 [pid 308] close(3) = 0 [pid 304] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 304] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 304] getdents64(3, 0x555556cfe620 /* 2 entries */, 32768) = 48 [pid 304] getdents64(3, 0x555556cfe620 /* 0 entries */, 32768) = 0 [pid 304] close(3) = 0 [pid 306] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 306] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 306] getdents64(3, 0x555556cfe620 /* 2 entries */, 32768) = 48 [pid 306] getdents64(3, 0x555556cfe620 /* 0 entries */, 32768) = 0 [pid 306] close(3) = 0 [pid 312] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 312] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 312] getdents64(3, 0x555556cfe620 /* 2 entries */, 32768) = 48 [pid 312] getdents64(3, 0x555556cfe620 /* 0 entries */, 32768) = 0 [pid 312] close(3) = 0 [ 66.771508][ T12] cfg80211: failed to load regulatory.db