./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4277640988 <...> [ 3.568793][ T28] audit: type=1400 audit(1685211502.271:10): avc: denied { getattr } for pid=81 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.890667][ T98] udevd[98]: starting version 3.2.11 [ 3.958068][ T99] udevd[99]: starting eudev-3.2.11 [ 5.533567][ T183] sshd (183) used greatest stack depth: 22448 bytes left [ 13.359188][ T28] kauditd_printk_skb: 50 callbacks suppressed [ 13.359204][ T28] audit: type=1400 audit(1685211512.091:61): avc: denied { transition } for pid=223 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.367967][ T28] audit: type=1400 audit(1685211512.091:62): avc: denied { noatsecure } for pid=223 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.373977][ T28] audit: type=1400 audit(1685211512.101:63): avc: denied { write } for pid=223 comm="sh" path="pipe:[10184]" dev="pipefs" ino=10184 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 13.378092][ T28] audit: type=1400 audit(1685211512.101:64): avc: denied { rlimitinh } for pid=223 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.394517][ T28] audit: type=1400 audit(1685211512.101:65): avc: denied { siginh } for pid=223 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts. execve("./syz-executor4277640988", ["./syz-executor4277640988"], 0x7fff2b57f970 /* 10 vars */) = 0 brk(NULL) = 0x5555566a3000 brk(0x5555566a3c40) = 0x5555566a3c40 arch_prctl(ARCH_SET_FS, 0x5555566a3300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor4277640988", 4096) = 28 brk(0x5555566c4c40) = 0x5555566c4c40 brk(0x5555566c5000) = 0x5555566c5000 mprotect(0x7f2a2b1f1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 293 mkdir("./syzkaller.5TRTPk", 0700) = 0 chmod("./syzkaller.5TRTPk", 0777) = 0 chdir("./syzkaller.5TRTPk") = 0 mkdir("./0", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566a35d0) = 294 ./strace-static-x86_64: Process 294 attached [pid 294] chdir("./0") = 0 [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 294] setpgid(0, 0) = 0 [pid 294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "1000", 4) = 4 [pid 294] close(3) = 0 [pid 294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 294] mkdir("./file0", 000) = 0 [pid 294] pipe2([3, 4], 0) = 0 [pid 294] write(4, "\x15\x00\x00\x00\x65\xff\xff\x01\x7f\x00\x00\x08\x00\x39\x50\x32\x30\x30\x30\x00\x00", 21) = 21 [pid 294] dup(4) = 5 [pid 294] write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = 24 [pid 294] write(5, "\xb0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 176) = 176 [pid 294] write(5, "\x05\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [ 22.838711][ T28] audit: type=1400 audit(1685211521.571:66): avc: denied { execmem } for pid=293 comm="syz-executor427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 294] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000004,") = 0 [pid 294] exit_group(0) = ? [pid 294] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=294, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555566a4620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 22.867474][ T28] audit: type=1400 audit(1685211521.601:67): avc: denied { mounton } for pid=294 comm="syz-executor427" path="/root/syzkaller.5TRTPk/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.892356][ T28] audit: type=1400 audit(1685211521.611:68): avc: denied { mount } for pid=294 comm="syz-executor427" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 22.916478][ T28] audit: type=1400 audit(1685211521.651:69): avc: denied { unmount } for pid=293 comm="syz-executor427" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1