./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2488140969 <...> Warning: Permanently added '10.128.1.39' (ED25519) to the list of known hosts. execve("./syz-executor2488140969", ["./syz-executor2488140969"], 0x7ffefd4f13d0 /* 10 vars */) = 0 brk(NULL) = 0x5555574b5000 brk(0x5555574b5d00) = 0x5555574b5d00 arch_prctl(ARCH_SET_FS, 0x5555574b5380) = 0 set_tid_address(0x5555574b5650) = 310 set_robust_list(0x5555574b5660, 24) = 0 rseq(0x5555574b5ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2488140969", 4096) = 28 getrandom("\x97\xc5\xa3\xc4\x8d\x56\xe6\x37", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555574b5d00 brk(0x5555574d6d00) = 0x5555574d6d00 brk(0x5555574d7000) = 0x5555574d7000 mprotect(0x7f4b526d8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 311 attached , child_tidptr=0x5555574b5650) = 311 [pid 311] set_robust_list(0x5555574b5660, 24) = 0 [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 312 attached [pid 311] mkdir("./syzkaller.2TAkLz", 0700 [pid 310] <... clone resumed>, child_tidptr=0x5555574b5650) = 312 [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574b5650) = 313 [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574b5650) = 314 [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574b5650) = 315 ./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x5555574b5660, 24) = 0 [pid 315] mkdir("./syzkaller.15GRkM", 0700 [pid 311] <... mkdir resumed>) = 0 [pid 311] chmod("./syzkaller.2TAkLz", 0777 [pid 312] set_robust_list(0x5555574b5660, 24 [pid 315] <... mkdir resumed>) = 0 [pid 315] chmod("./syzkaller.15GRkM", 0777) = 0 [pid 315] chdir("./syzkaller.15GRkM") = 0 [pid 311] <... chmod resumed>) = 0 [pid 312] <... set_robust_list resumed>) = 0 [pid 315] unshare(CLONE_NEWPID) = 0 [pid 315] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 312] mkdir("./syzkaller.d6QLil", 0700 [pid 311] chdir("./syzkaller.2TAkLz") = 0 [pid 315] <... clone resumed>, child_tidptr=0x5555574b5650) = 316 ./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x5555574b5660, 24) = 0 [pid 312] <... mkdir resumed>) = 0 [pid 311] unshare(CLONE_NEWPID [pid 316] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 311] <... unshare resumed>) = 0 [pid 312] chmod("./syzkaller.d6QLil", 0777 [pid 311] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 312] <... chmod resumed>) = 0 ./strace-static-x86_64: Process 317 attached ./strace-static-x86_64: Process 314 attached ./strace-static-x86_64: Process 313 attached [pid 316] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 312] chdir("./syzkaller.d6QLil") = 0 [pid 311] <... clone resumed>, child_tidptr=0x5555574b5650) = 317 [pid 312] unshare(CLONE_NEWPID) = 0 [pid 312] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574b5650) = 318 [pid 313] set_robust_list(0x5555574b5660, 24 [pid 314] set_robust_list(0x5555574b5660, 24 [pid 313] <... set_robust_list resumed>) = 0 [pid 314] <... set_robust_list resumed>) = 0 [pid 313] mkdir("./syzkaller.6saGSb", 0700 [pid 314] mkdir("./syzkaller.BXi74p", 0700) = 0 [pid 313] <... mkdir resumed>) = 0 [pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 316] setsid() = 1 [pid 316] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 316] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 316] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 316] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 316] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 316] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 313] chmod("./syzkaller.6saGSb", 0777 [pid 316] <... prlimit64 resumed>NULL) = 0 [pid 316] unshare(CLONE_NEWNS [pid 313] <... chmod resumed>) = 0 [pid 316] <... unshare resumed>) = 0 [pid 313] chdir("./syzkaller.6saGSb") = 0 [pid 314] chmod("./syzkaller.BXi74p", 0777) = 0 [pid 313] unshare(CLONE_NEWPID) = 0 [pid 314] chdir("./syzkaller.BXi74p" [pid 313] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 314] <... chdir resumed>) = 0 [pid 314] unshare(CLONE_NEWPID) = 0 [pid 314] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 316] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL./strace-static-x86_64: Process 318 attached [pid 317] set_robust_list(0x5555574b5660, 24./strace-static-x86_64: Process 319 attached [pid 318] set_robust_list(0x5555574b5660, 24 [pid 317] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 320 attached [pid 319] set_robust_list(0x5555574b5660, 24 [pid 318] <... set_robust_list resumed>) = 0 [pid 319] <... set_robust_list resumed>) = 0 [pid 320] set_robust_list(0x5555574b5660, 24 [pid 318] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 317] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 319] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 318] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 320] <... set_robust_list resumed>) = 0 [pid 319] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 317] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 316] <... mount resumed>) = 0 [pid 316] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [ 44.248471][ T24] audit: type=1400 audit(1721256539.469:66): avc: denied { execmem } for pid=310 comm="syz-executor248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 44.274614][ T24] audit: type=1400 audit(1721256539.489:67): avc: denied { mounton } for pid=316 comm="syz-executor248" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [pid 316] unshare(CLONE_NEWCGROUP [pid 313] <... clone resumed>, child_tidptr=0x5555574b5650) = 319 [pid 316] <... unshare resumed>) = 0 [pid 314] <... clone resumed>, child_tidptr=0x5555574b5650) = 320 [pid 316] unshare(CLONE_NEWUTS) = 0 [pid 316] unshare(CLONE_SYSVSEM) = 0 [pid 316] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 316] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 316] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 316] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 316] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 316] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 316] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 316] getpid() = 1 [pid 316] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 320] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 318] <... prctl resumed>) = 0 [pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 320] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 319] <... prctl resumed>) = 0 [pid 316] <... mount resumed>) = 0 [pid 316] mkdir("./syz-tmp/newroot", 0777) = 0 [pid 316] mkdir("./syz-tmp/newroot/dev", 0700) = 0 [pid 316] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 316] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 316] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 316] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 316] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 316] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 316] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 316] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 316] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 316] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 316] chdir("/") = 0 [pid 316] umount2("./pivot", MNT_DETACH [pid 318] setsid() = 1 [pid 318] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 318] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 318] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 318] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 318] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 318] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 318] unshare(CLONE_NEWNS) = 0 [pid 318] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 318] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 318] unshare(CLONE_NEWCGROUP) = 0 [pid 318] unshare(CLONE_NEWUTS) = 0 [pid 318] unshare(CLONE_SYSVSEM) = 0 [pid 318] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 318] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 318] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 318] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 318] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 318] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 318] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 318] getpid() = 1 [pid 318] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 319] setsid( [pid 317] <... prctl resumed>) = 0 [pid 316] <... umount2 resumed>) = 0 [pid 316] chroot("./newroot") = 0 [pid 316] chdir("/") = 0 [pid 316] mkdir("/dev/binderfs", 0777) = 0 [pid 316] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 316] mkdir("./0", 0777) = 0 [pid 316] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574b5650) = 2 ./strace-static-x86_64: Process 321 attached [pid 321] set_robust_list(0x5555574b5660, 24) = 0 [pid 321] chdir("./0") = 0 [pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 321] setpgid(0, 0) = 0 [ 44.299140][ T24] audit: type=1400 audit(1721256539.499:68): avc: denied { mount } for pid=316 comm="syz-executor248" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 44.322026][ T24] audit: type=1400 audit(1721256539.519:69): avc: denied { mounton } for pid=316 comm="syz-executor248" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 321] write(3, "1000", 4) = 4 [pid 321] close(3) = 0 [pid 321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 321] write(1, "executing program\n", 18executing program ) = 18 [pid 321] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 318] <... unshare resumed>) = 0 [pid 318] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 318] write(3, "0 65535", 7) = 7 [pid 318] close(3) = 0 [pid 318] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 321] <... bpf resumed>) = 3 [pid 318] write(3, "100000", 6) = 6 [pid 318] close(3) = 0 [pid 318] mkdir("./syz-tmp", 0777) = 0 [pid 318] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0 [pid 321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 318] mkdir("./syz-tmp/newroot", 0777) = 0 [pid 318] mkdir("./syz-tmp/newroot/dev", 0700) = 0 [pid 320] <... prctl resumed>) = 0 [pid 319] <... setsid resumed>) = 1 [pid 317] setsid( [pid 320] setsid( [pid 319] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 317] <... setsid resumed>) = 1 [pid 318] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 318] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 318] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 318] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 318] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 318] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 318] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 318] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 318] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 318] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 318] chdir("/") = 0 [pid 318] umount2("./pivot", MNT_DETACH [pid 320] <... setsid resumed>) = 1 [pid 319] <... prlimit64 resumed>NULL) = 0 [pid 318] <... umount2 resumed>) = 0 [pid 317] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 318] chroot("./newroot") = 0 [pid 318] chdir("/") = 0 [pid 318] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 318] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 318] mkdir("./0", 0777) = 0 [pid 318] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574b5650) = 2 ./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x5555574b5660, 24) = 0 [pid 322] chdir("./0") = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 44.343658][ T24] audit: type=1400 audit(1721256539.539:70): avc: denied { mounton } for pid=316 comm="syz-executor248" path="/root/syzkaller.15GRkM/syz-tmp" dev="sda1" ino=1932 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 44.368023][ T24] audit: type=1400 audit(1721256539.539:71): avc: denied { mount } for pid=316 comm="syz-executor248" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 322] write(1, "executing program\n", 18executing program ) = 18 [pid 322] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 320] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 319] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 317] <... prlimit64 resumed>NULL) = 0 [pid 320] <... prlimit64 resumed>NULL) = 0 [pid 319] <... prlimit64 resumed>NULL) = 0 [pid 320] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 317] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 319] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 320] <... prlimit64 resumed>NULL) = 0 [pid 320] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 320] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 320] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 320] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 320] unshare(CLONE_NEWNS) = 0 [pid 320] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 320] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 320] unshare(CLONE_NEWCGROUP) = 0 [pid 320] unshare(CLONE_NEWUTS) = 0 [pid 320] unshare(CLONE_SYSVSEM) = 0 [pid 317] <... prlimit64 resumed>NULL) = 0 [pid 320] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 319] <... prlimit64 resumed>NULL) = 0 [pid 317] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 320] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 320] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 320] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 320] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 320] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 320] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 320] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 320] getpid() = 1 [pid 320] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 317] <... prlimit64 resumed>NULL) = 0 [pid 319] <... prlimit64 resumed>NULL) = 0 [pid 317] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 320] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "0 65535", 7) = 7 [pid 320] close(3) = 0 [pid 320] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "100000", 6) = 6 [pid 320] close(3) = 0 [pid 320] mkdir("./syz-tmp", 0777) = 0 [pid 320] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0 [pid 320] mkdir("./syz-tmp/newroot", 0777) = 0 [pid 320] mkdir("./syz-tmp/newroot/dev", 0700) = 0 [pid 320] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 320] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 320] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 320] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 320] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 320] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 320] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 320] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 320] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 320] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 320] chdir("/") = 0 [pid 320] umount2("./pivot", MNT_DETACH) = 0 [pid 319] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 317] <... prlimit64 resumed>NULL) = 0 [pid 319] <... prlimit64 resumed>NULL) = 0 [pid 317] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 319] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 317] <... prlimit64 resumed>NULL) = 0 [pid 319] <... prlimit64 resumed>NULL) = 0 [pid 317] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 319] unshare(CLONE_NEWNS [pid 317] <... prlimit64 resumed>NULL) = 0 [pid 320] chroot("./newroot" [pid 319] <... unshare resumed>) = 0 [pid 317] unshare(CLONE_NEWNS [pid 319] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 320] <... chroot resumed>) = 0 [pid 319] <... mount resumed>) = 0 [pid 317] <... unshare resumed>) = 0 [pid 319] unshare(CLONE_NEWIPC [pid 317] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 319] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 317] <... mount resumed>) = 0 [pid 319] unshare(CLONE_NEWCGROUP [pid 317] unshare(CLONE_NEWIPC [pid 319] <... unshare resumed>) = 0 [pid 317] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 319] unshare(CLONE_NEWUTS [pid 317] unshare(CLONE_NEWCGROUP [pid 319] <... unshare resumed>) = 0 [pid 317] <... unshare resumed>) = 0 [pid 319] unshare(CLONE_SYSVSEM [pid 317] unshare(CLONE_NEWUTS [pid 319] <... unshare resumed>) = 0 [pid 317] <... unshare resumed>) = 0 [pid 320] chdir("/" [pid 319] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 317] unshare(CLONE_SYSVSEM [pid 320] <... chdir resumed>) = 0 [pid 319] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 317] <... unshare resumed>) = 0 [pid 319] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 320] mkdir("/dev/binderfs", 0777 [pid 319] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 317] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 319] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 317] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 320] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 319] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 317] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 319] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 320] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 319] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 317] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 319] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 317] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 320] <... mount resumed>) = 0 [pid 319] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 317] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 319] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 317] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 320] mkdir("./0", 0777 [pid 319] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 317] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 319] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 317] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 319] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 320] <... mkdir resumed>) = 0 [pid 319] getpid( [pid 317] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 319] <... getpid resumed>) = 1 [pid 317] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 319] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 317] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 319] <... capget resumed>{effective=1< [pid 319] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 317] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 319] <... capset resumed>) = 0 [pid 317] getpid( [pid 319] unshare(CLONE_NEWNET [pid 317] <... getpid resumed>) = 1 [pid 320] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574b5650) = 2 ./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x5555574b5660, 24) = 0 [pid 323] chdir("./0") = 0 [pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 323] setpgid(0, 0) = 0 [pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 323] write(3, "1000", 4) = 4 [pid 323] close(3) = 0 [pid 323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 323] write(1, "executing program\n", 18executing program ) = 18 [pid 323] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 317] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 319] <... unshare resumed>) = 0 [pid 319] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "0 65535", 7) = 7 [pid 319] close(3) = 0 [pid 319] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "100000", 6) = 6 [pid 319] close(3) = 0 [pid 319] mkdir("./syz-tmp", 0777) = 0 [pid 319] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0 [pid 319] mkdir("./syz-tmp/newroot", 0777) = 0 [pid 317] <... unshare resumed>) = 0 [pid 319] mkdir("./syz-tmp/newroot/dev", 0700) = 0 [pid 317] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 319] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 319] mkdir("./syz-tmp/newroot/proc", 0700 [pid 317] <... openat resumed>) = 3 [pid 319] <... mkdir resumed>) = 0 [pid 317] write(3, "0 65535", 7 [pid 319] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 319] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 317] <... write resumed>) = 7 [pid 319] <... mkdir resumed>) = 0 [pid 317] close(3 [pid 319] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 317] <... close resumed>) = 0 [pid 319] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 317] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 319] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 317] <... openat resumed>) = 3 [pid 319] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 317] write(3, "100000", 6 [pid 319] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 317] <... write resumed>) = 6 [pid 319] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 317] close(3 [pid 319] chdir("/") = 0 [pid 317] <... close resumed>) = 0 [pid 319] umount2("./pivot", MNT_DETACH [pid 317] mkdir("./syz-tmp", 0777 [pid 319] <... umount2 resumed>) = 0 [pid 319] chroot("./newroot") = 0 [pid 319] chdir("/" [pid 317] <... mkdir resumed>) = 0 [pid 319] <... chdir resumed>) = 0 [pid 317] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 319] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 319] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 317] <... mount resumed>) = 0 [pid 319] <... mount resumed>) = 0 [pid 317] mkdir("./syz-tmp/newroot", 0777 [pid 319] mkdir("./0", 0777 [pid 317] <... mkdir resumed>) = 0 [pid 319] <... mkdir resumed>) = 0 [pid 317] mkdir("./syz-tmp/newroot/dev", 0700 [pid 319] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574b5650) = 2 [pid 317] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 324 attached [pid 317] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 324] set_robust_list(0x5555574b5660, 24 [pid 317] <... mount resumed>) = 0 [pid 324] <... set_robust_list resumed>) = 0 [pid 317] mkdir("./syz-tmp/newroot/proc", 0700 [pid 324] chdir("./0" [pid 317] <... mkdir resumed>) = 0 [pid 324] <... chdir resumed>) = 0 [pid 317] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 317] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 324] <... prctl resumed>) = 0 [pid 317] <... mkdir resumed>) = 0 [pid 324] setpgid(0, 0 [pid 317] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 324] <... setpgid resumed>) = 0 [pid 317] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 317] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 324] <... openat resumed>) = 3 [pid 317] mkdir("./syz-tmp/newroot/sys", 0700 [pid 324] write(3, "1000", 4 [pid 317] <... mkdir resumed>) = 0 [pid 324] <... write resumed>) = 4 [pid 317] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 324] close(3 [pid 317] <... mount resumed>) = 0 [pid 324] <... close resumed>) = 0 [pid 317] mkdir("./syz-tmp/pivot", 0777 [pid 324] symlink("/dev/binderfs", "./binderfs" [pid 317] <... mkdir resumed>) = 0 [pid 324] <... symlink resumed>) = 0 [pid 317] pivot_root("./syz-tmp", "./syz-tmp/pivot" [pid 324] write(1, "executing program\n", 18 [pid 317] <... pivot_root resumed>) = 0 executing program [pid 324] <... write resumed>) = 18 [pid 317] chdir("/" [pid 324] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 317] <... chdir resumed>) = 0 [pid 324] <... bpf resumed>) = 3 [pid 317] umount2("./pivot", MNT_DETACH [pid 324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 317] <... umount2 resumed>) = 0 [pid 317] chroot("./newroot") = 0 [pid 317] chdir("/") = 0 [pid 317] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 317] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 317] mkdir("./0", 0777) = 0 [pid 317] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574b5650) = 2 ./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x5555574b5660, 24) = 0 [pid 325] chdir("./0") = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 325] write(1, "executing program\n", 18executing program ) = 18 [ 44.439461][ T24] audit: type=1400 audit(1721256539.549:74): avc: denied { unmount } for pid=316 comm="syz-executor248" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 44.459069][ T24] audit: type=1400 audit(1721256539.559:75): avc: denied { mounton } for pid=316 comm="syz-executor248" path="/dev/binderfs" dev="devtmpfs" ino=357 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [pid 325] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 324] <... bpf resumed>) = 4 [pid 323] <... bpf resumed>) = 4 [pid 322] <... bpf resumed>) = 4 [pid 321] <... bpf resumed>) = 4 [pid 323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 13 [pid 325] <... bpf resumed>) = 4 [pid 323] <... bpf resumed>) = 5 [pid 323] close(3) = 0 [pid 323] close(4) = 0 [pid 323] close(5executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 47.008688][ T1] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004 [ 47.017205][ T1] CPU: 0 PID: 1 Comm: init Not tainted 5.10.220-syzkaller-01084-gc4f41ad97060 #0 [ 47.026383][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 47.036395][ T1] Call Trace: [ 47.039602][ T1] dump_stack_lvl+0x1e2/0x24b [ 47.044198][ T1] ? panic+0x22b/0x812 [ 47.048190][ T1] ? bfq_pos_tree_add_move+0x43b/0x43b [ 47.053660][ T1] dump_stack+0x15/0x17 [ 47.057661][ T1] panic+0x2cf/0x812 [ 47.061439][ T1] ? do_exit+0x239a/0x2a50 [ 47.065983][ T1] ? fb_is_primary_device+0xd4/0xd4 [ 47.071456][ T1] ? __kasan_check_write+0x14/0x20 [ 47.076473][ T1] ? sync_mm_rss+0x28a/0x2e0 [ 47.080898][ T1] do_exit+0x23b4/0x2a50 [ 47.084977][ T1] ? sched_group_set_shares+0x490/0x490 [ 47.090357][ T1] ? put_task_struct+0x80/0x80 [ 47.094956][ T1] ? schedule+0x154/0x1d0 [ 47.099124][ T1] ? schedule_timeout+0xa9/0x360 [ 47.103900][ T1] ? __kasan_check_write+0x14/0x20 [ 47.108934][ T1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 47.114001][ T1] do_group_exit+0x141/0x310 [ 47.118421][ T1] get_signal+0x10a0/0x1410 [ 47.123018][ T1] arch_do_signal_or_restart+0xbd/0x17c0 [ 47.128487][ T1] ? put_pid+0xd7/0x110 [ 47.132478][ T1] ? kernel_clone+0x6ca/0x9e0 [ 47.137340][ T1] ? create_io_thread+0x1e0/0x1e0 [ 47.142550][ T1] ? get_timespec64+0x197/0x270 [ 47.147236][ T1] ? timespec64_add_safe+0x220/0x220 [ 47.152357][ T1] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 47.157650][ T1] ? __do_sys_vfork+0xcd/0x130 [ 47.162251][ T1] exit_to_user_mode_loop+0x9b/0xd0 [ 47.167288][ T1] syscall_exit_to_user_mode+0xa2/0x1a0 [ 47.172668][ T1] do_syscall_64+0x40/0x70 [ 47.177007][ T1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.182734][ T1] RIP: 0033:0x7f18f33eaa68 [ 47.187157][ T1] Code: 00 48 8d b8 e0 02 00 00 48 89 b8 d8 02 00 00 48 89 b8 e0 02 00 00 b8 11 01 00 00 0f 05 44 89 c0 c3 90 5f b8 3a 00 00 00 0f 05 <57> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 90 43 0f 00 f7 d8 64 89 01 48 [ 47.206683][ T1] RSP: 002b:00007fff9ea10270 EFLAGS: 00000246 ORIG_RAX: 000000000000003a [ 47.214928][ T1] RAX: 0000000000000269 RBX: 00005609c100fa50 RCX: 00007f18f33eaa68 [ 47.222741][ T1] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00007f18f3575bed [ 47.230552][ T1] RBP: 00007f18f35b0528 R08: 0000000000000007 R09: 4d1080e0eaeb1db5 [ 47.238370][ T1] R10: 00007fff9ea102b0 R11: 0000000000000246 R12: 0000000000000000 [ 47.246171][ T1] R13: 0000000000000018 R14: 00005609bf010169 R15: 00007f18f35e1a80 [ 47.254363][ T1] Kernel Offset: disabled [ 47.258493][ T1] Rebooting in 86400 seconds..