./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3577434586 <...> Warning: Permanently added '10.128.1.167' (ED25519) to the list of known hosts. execve("./syz-executor3577434586", ["./syz-executor3577434586"], 0x7ffdf0638e40 /* 10 vars */) = 0 brk(NULL) = 0x555576ad6000 brk(0x555576ad6e00) = 0x555576ad6e00 arch_prctl(ARCH_SET_FS, 0x555576ad6480) = 0 set_tid_address(0x555576ad6750) = 358 set_robust_list(0x555576ad6760, 24) = 0 rseq(0x555576ad6da0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3577434586", 4096) = 28 getrandom("\x56\x39\xeb\xd1\x9f\xa7\x8a\xa7", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555576ad6e00 brk(0x555576af7e00) = 0x555576af7e00 brk(0x555576af8000) = 0x555576af8000 mprotect(0x7f8077c3e000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f8077b8f220, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f8077b99c30}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f8077b8f220, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f8077b99c30}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555576ad6750) = 359 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555576ad6750) = 360 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555576ad6750) = 361 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555576ad6750) = 362 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555576ad6750) = 363 ./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x555576ad6760, 24) = 0 [pid 362] mkdir("./syzkaller.OXcn2q", 0700) = 0 ./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x555576ad6760, 24) = 0 [pid 360] mkdir("./syzkaller.PsNoap", 0700) = 0 [pid 362] chmod("./syzkaller.OXcn2q", 0777) = 0 [pid 362] chdir("./syzkaller.OXcn2q") = 0 [pid 362] unshare(CLONE_NEWPID) = 0 [pid 360] chmod("./syzkaller.PsNoap", 0777) = 0 [pid 360] chdir("./syzkaller.PsNoap") = 0 [pid 360] unshare(CLONE_NEWPID) = 0 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 360] <... clone resumed>, child_tidptr=0x555576ad6750) = 364 ./strace-static-x86_64: Process 361 attached ./strace-static-x86_64: Process 359 attached ./strace-static-x86_64: Process 363 attached ./strace-static-x86_64: Process 366 attached [pid 363] set_robust_list(0x555576ad6760, 24 [pid 361] set_robust_list(0x555576ad6760, 24 [pid 359] set_robust_list(0x555576ad6760, 24 [pid 362] <... clone resumed>, child_tidptr=0x555576ad6750) = 366 [pid 363] <... set_robust_list resumed>) = 0 [pid 361] <... set_robust_list resumed>) = 0 [pid 366] set_robust_list(0x555576ad6760, 24 [pid 359] <... set_robust_list resumed>) = 0 [pid 361] mkdir("./syzkaller.J6I0qK", 0700 [pid 359] mkdir("./syzkaller.KH65ft", 0700 [pid 363] mkdir("./syzkaller.sm8WSJ", 0700 [pid 359] <... mkdir resumed>) = 0 [pid 361] <... mkdir resumed>) = 0 [pid 363] <... mkdir resumed>) = 0 [pid 361] chmod("./syzkaller.J6I0qK", 0777 [pid 366] <... set_robust_list resumed>) = 0 [pid 359] chmod("./syzkaller.KH65ft", 0777 [pid 361] <... chmod resumed>) = 0 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 363] chmod("./syzkaller.sm8WSJ", 0777 [pid 359] <... chmod resumed>) = 0 [pid 361] chdir("./syzkaller.J6I0qK" [pid 359] chdir("./syzkaller.KH65ft" [pid 366] <... prctl resumed>) = 0 [pid 363] <... chmod resumed>) = 0 [pid 361] <... chdir resumed>) = 0 [pid 359] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x555576ad6760, 24 [pid 366] getppid( [pid 363] chdir("./syzkaller.sm8WSJ" [pid 361] unshare(CLONE_NEWPID [pid 359] unshare(CLONE_NEWPID [pid 366] <... getppid resumed>) = 0 [pid 363] <... chdir resumed>) = 0 [pid 361] <... unshare resumed>) = 0 [pid 359] <... unshare resumed>) = 0 [pid 366] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 363] unshare(CLONE_NEWPID [pid 361] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 366] <... prlimit64 resumed>NULL) = 0 [pid 363] <... unshare resumed>) = 0 [pid 364] <... set_robust_list resumed>) = 0 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 364] getppid() = 0 [pid 364] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 364] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 364] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 364] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 363] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 366] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 361] <... clone resumed>, child_tidptr=0x555576ad6750) = 367 [pid 364] <... prlimit64 resumed>NULL) = 0 [pid 364] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 364] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 364] unshare(CLONE_NEWNS [pid 366] <... prlimit64 resumed>NULL) = 0 [pid 359] <... clone resumed>, child_tidptr=0x555576ad6750) = 368 [pid 366] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 363] <... clone resumed>, child_tidptr=0x555576ad6750) = 369 [pid 366] <... prlimit64 resumed>NULL) = 0 [pid 366] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 366] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 366] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 366] unshare(CLONE_NEWNS [pid 364] <... unshare resumed>) = 0 [pid 364] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 366] <... unshare resumed>) = 0 [pid 364] <... mount resumed>) = 0 [pid 364] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 364] unshare(CLONE_NEWCGROUP) = 0 [ 24.088218][ T23] audit: type=1400 audit(1745424994.560:66): avc: denied { execmem } for pid=358 comm="syz-executor357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 364] unshare(CLONE_NEWUTS) = 0 [pid 366] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 364] unshare(CLONE_SYSVSEM) = 0 [pid 364] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 364] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 364] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 364] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 364] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 364] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 364] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 364] getpid() = 1 [pid 364] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 368] set_robust_list(0x555576ad6760, 24) = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] getppid() = 0 [pid 368] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 368] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 368] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 368] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 368] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 368] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 368] unshare(CLONE_NEWNS) = 0 ./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x555576ad6760, 24) = 0 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 369] getppid() = 0 [pid 369] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 369] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 369] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 369] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 369] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 368] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 369] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 368] <... mount resumed>) = 0 [pid 369] <... prlimit64 resumed>NULL) = 0 [pid 369] unshare(CLONE_NEWNS) = 0 [pid 368] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 367 attached [pid 368] unshare(CLONE_NEWCGROUP) = 0 [pid 368] unshare(CLONE_NEWUTS [pid 367] set_robust_list(0x555576ad6760, 24 [pid 368] <... unshare resumed>) = 0 [pid 368] unshare(CLONE_SYSVSEM [pid 367] <... set_robust_list resumed>) = 0 [pid 368] <... unshare resumed>) = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 368] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 367] <... prctl resumed>) = 0 [pid 367] getppid() = 0 [pid 367] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 368] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 367] <... prlimit64 resumed>NULL) = 0 [pid 367] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 367] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 367] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 368] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 367] <... prlimit64 resumed>NULL) = 0 [pid 368] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 367] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 367] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 367] unshare(CLONE_NEWNS) = 0 [pid 368] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 369] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 369] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 368] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 369] unshare(CLONE_NEWCGROUP) = 0 [pid 369] unshare(CLONE_NEWUTS) = 0 [pid 368] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 369] unshare(CLONE_SYSVSEM) = 0 [pid 369] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 368] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 368] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 369] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 369] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 368] getpid( [pid 369] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 368] <... getpid resumed>) = 1 [pid 368] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 369] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 367] <... mount resumed>) = 0 [pid 369] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 368] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 369] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 367] unshare(CLONE_NEWCGROUP [pid 369] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 367] <... unshare resumed>) = 0 [pid 367] unshare(CLONE_NEWUTS) = 0 [pid 369] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 367] unshare(CLONE_SYSVSEM [pid 369] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 367] <... unshare resumed>) = 0 [pid 367] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 369] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 369] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 367] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 369] getpid() = 1 [pid 367] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 369] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 367] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 369] <... capget resumed>{effective=1< [pid 369] unshare(CLONE_NEWNET [pid 366] <... mount resumed>) = 0 [pid 367] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 366] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 367] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 366] unshare(CLONE_NEWCGROUP [pid 367] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 366] <... unshare resumed>) = 0 [pid 367] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 366] unshare(CLONE_NEWUTS [pid 367] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 366] <... unshare resumed>) = 0 [pid 367] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 366] unshare(CLONE_SYSVSEM [pid 367] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 366] <... unshare resumed>) = 0 [pid 367] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 367] getpid() = 1 [pid 367] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 367] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<) = -1 ENOENT (No such file or directory) [pid 367] unshare(CLONE_NEWNET [pid 366] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 366] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 366] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 366] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 366] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 366] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 366] getpid() = 1 [pid 366] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 364] <... unshare resumed>) = 0 [pid 364] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "0 65535", 7) = 7 [pid 364] close(3) = 0 [pid 364] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3 [pid 364] dup2(3, 200) = 200 [pid 364] close(3) = 0 [pid 364] ioctl(200, TUNSETIFF, 0x7ffc32f49820) = 0 [pid 364] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "0", 1) = 1 [pid 364] close(3) = 0 [pid 364] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "0", 1) = 1 [pid 364] close(3) = 0 [pid 364] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 364] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 [pid 364] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 364] close(4) = 0 [pid 364] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 367] <... unshare resumed>) = 0 [pid 367] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "0 65535", 7) = 7 [pid 367] close(3) = 0 [pid 367] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3 [pid 367] dup2(3, 200) = 200 [pid 367] close(3) = 0 [pid 367] ioctl(200, TUNSETIFF, 0x7ffc32f49820) = 0 [pid 364] <... sendto resumed>) = 40 [pid 364] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 364] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 [pid 367] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "0", 1) = 1 [pid 367] close(3) = 0 [pid 367] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "0", 1) = 1 [pid 367] close(3) = 0 [pid 367] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 367] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 [pid 367] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 367] close(4) = 0 [pid 367] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 368] <... unshare resumed>) = 0 [pid 364] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 364] close(4) = 0 [pid 364] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64 [pid 368] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 364] recvfrom(3, [pid 367] <... sendto resumed>) = 40 [pid 367] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 367] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 [pid 367] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 367] close(4) = 0 [pid 367] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 368] <... openat resumed>) = 3 [pid 368] write(3, "0 65535", 7) = 7 [pid 368] close(3) = 0 [pid 368] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3 [pid 368] dup2(3, 200) = 200 [pid 368] close(3) = 0 [pid 368] ioctl(200, TUNSETIFF, 0x7ffc32f49820 [pid 364] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 364] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 [pid 364] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 364] close(4) = 0 [ 24.202637][ T23] audit: type=1400 audit(1745424994.680:68): avc: denied { create } for pid=355 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [pid 364] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 369] <... unshare resumed>) = 0 [pid 369] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "0 65535", 7) = 7 [pid 369] close(3) = 0 [pid 369] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3 [pid 369] dup2(3, 200) = 200 [pid 369] close(3) = 0 [pid 369] ioctl(200, TUNSETIFF, 0x7ffc32f49820) = 0 [pid 369] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "0", 1) = 1 [pid 369] close(3) = 0 [pid 369] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "0", 1) = 1 [pid 369] close(3) = 0 [pid 369] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 369] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 [pid 369] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 369] close(4) = 0 [pid 368] <... ioctl resumed>) = 0 [pid 367] <... sendto resumed>) = 64 [pid 364] <... sendto resumed>) = 48 [pid 369] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 368] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC [pid 367] recvfrom(3, [pid 364] recvfrom(3, [pid 369] <... sendto resumed>) = 40 [pid 368] <... openat resumed>) = 3 [pid 367] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 364] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 369] recvfrom(3, [pid 368] write(3, "0", 1 [pid 367] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 364] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 369] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 368] <... write resumed>) = 1 [pid 367] <... socket resumed>) = 4 [pid 364] <... socket resumed>) = 4 [pid 369] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 368] close(3 [pid 367] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 364] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 369] <... socket resumed>) = 4 [pid 368] <... close resumed>) = 0 [pid 367] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 364] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 369] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 368] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC [pid 367] close(4 [pid 364] close(4 [pid 369] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 368] <... openat resumed>) = 3 [pid 367] <... close resumed>) = 0 [pid 364] <... close resumed>) = 0 [pid 369] close(4 [pid 368] write(3, "0", 1 [pid 367] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 364] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 369] <... close resumed>) = 0 [pid 368] <... write resumed>) = 1 [pid 367] <... sendto resumed>) = 48 [pid 364] <... sendto resumed>) = 60 [pid 369] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 368] close(3 [pid 367] recvfrom(3, [pid 364] recvfrom(3, [pid 369] <... sendto resumed>) = 64 [pid 368] <... close resumed>) = 0 [pid 367] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 364] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 369] recvfrom(3, [pid 368] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 367] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 364] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 369] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 368] <... socket resumed>) = 3 [pid 367] <... socket resumed>) = 4 [pid 364] <... socket resumed>) = 4 [pid 369] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 368] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 367] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 364] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 369] <... socket resumed>) = 4 [pid 368] <... socket resumed>) = 4 [pid 367] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 366] <... unshare resumed>) = 0 [pid 364] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 369] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 368] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 367] close(4 [pid 364] close(4 [pid 369] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 368] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 367] <... close resumed>) = 0 [pid 364] <... close resumed>) = 0 [pid 369] close(4 [pid 368] close(4 [pid 367] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 364] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 369] <... close resumed>) = 0 [pid 368] <... close resumed>) = 0 [pid 367] <... sendto resumed>) = 60 [pid 364] <... sendto resumed>) = 44 [pid 369] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 368] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 367] recvfrom(3, [pid 364] recvfrom(3, [pid 369] <... sendto resumed>) = 48 [pid 368] <... sendto resumed>) = 40 [pid 367] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 364] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 369] recvfrom(3, [pid 368] recvfrom(3, [pid 367] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [ 24.240587][ T23] audit: type=1400 audit(1745424994.680:69): avc: denied { write } for pid=355 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 24.264085][ T23] audit: type=1400 audit(1745424994.680:70): avc: denied { nlmsg_read } for pid=355 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [pid 364] close(3 [pid 369] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 368] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 367] <... socket resumed>) = 4 [pid 364] <... close resumed>) = 0 [pid 369] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 368] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 367] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 364] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 369] <... socket resumed>) = 4 [pid 368] <... socket resumed>) = 4 [pid 367] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 364] <... openat resumed>) = 3 [pid 369] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 368] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 367] close(4 [pid 364] write(3, "100000", 6 [pid 369] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 368] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 367] <... close resumed>) = 0 [pid 364] <... write resumed>) = 6 [pid 369] close(4 [pid 368] close(4 [pid 367] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 364] close(3 [pid 369] <... close resumed>) = 0 [pid 368] <... close resumed>) = 0 [pid 367] <... sendto resumed>) = 44 [pid 366] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 364] <... close resumed>) = 0 [pid 369] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 368] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 367] recvfrom(3, [pid 364] mkdir("./syz-tmp", 0777 [pid 369] <... sendto resumed>) = 60 [pid 368] <... sendto resumed>) = 64 [pid 367] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 364] <... mkdir resumed>) = 0 [pid 369] recvfrom(3, [pid 368] recvfrom(3, [pid 367] close(3 [pid 364] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 369] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 368] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 367] <... close resumed>) = 0 [pid 364] <... mount resumed>) = 0 [pid 369] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 368] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 367] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 364] mkdir("./syz-tmp/newroot", 0777 [pid 369] <... socket resumed>) = 4 [pid 368] <... socket resumed>) = 4 [pid 367] <... openat resumed>) = 3 [pid 364] <... mkdir resumed>) = 0 [pid 369] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 368] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 367] write(3, "100000", 6 [pid 364] mkdir("./syz-tmp/newroot/dev", 0700 [pid 369] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 368] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 367] <... write resumed>) = 6 [pid 364] <... mkdir resumed>) = 0 [pid 369] close(4 [pid 368] close(4 [pid 367] close(3 [pid 364] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 369] <... close resumed>) = 0 [pid 368] <... close resumed>) = 0 [pid 367] <... close resumed>) = 0 [pid 364] <... mount resumed>) = 0 [pid 369] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 368] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 367] mkdir("./syz-tmp", 0777 [pid 364] mkdir("./syz-tmp/newroot/proc", 0700 [pid 369] <... sendto resumed>) = 44 [pid 368] <... sendto resumed>) = 48 [pid 367] <... mkdir resumed>) = 0 [pid 366] <... openat resumed>) = 3 [pid 364] <... mkdir resumed>) = 0 [pid 369] recvfrom(3, [pid 368] recvfrom(3, [pid 367] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 364] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 369] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 368] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 367] <... mount resumed>) = 0 [pid 364] <... mount resumed>) = 0 [pid 369] close(3 [pid 368] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 367] mkdir("./syz-tmp/newroot", 0777 [pid 364] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 369] <... close resumed>) = 0 [pid 368] <... socket resumed>) = 4 [pid 367] <... mkdir resumed>) = 0 [pid 364] <... mkdir resumed>) = 0 [pid 369] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 368] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 367] mkdir("./syz-tmp/newroot/dev", 0700 [pid 364] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 369] <... openat resumed>) = 3 [pid 368] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 367] <... mkdir resumed>) = 0 [pid 364] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 369] write(3, "100000", 6 [pid 368] close(4 [pid 367] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 364] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 369] <... write resumed>) = 6 [pid 368] <... close resumed>) = 0 [pid 367] <... mount resumed>) = 0 [pid 364] <... mount resumed>) = 0 [pid 369] close(3 [pid 368] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 367] mkdir("./syz-tmp/newroot/proc", 0700 [pid 364] mkdir("./syz-tmp/newroot/sys", 0700 [pid 369] <... close resumed>) = 0 [pid 368] <... sendto resumed>) = 60 [pid 367] <... mkdir resumed>) = 0 [pid 364] <... mkdir resumed>) = 0 [pid 369] mkdir("./syz-tmp", 0777 [pid 368] recvfrom(3, [pid 367] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 364] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 369] <... mkdir resumed>) = 0 [pid 368] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 367] <... mount resumed>) = 0 [pid 364] <... mount resumed>) = 0 [ 24.290570][ T23] audit: type=1400 audit(1745424994.680:71): avc: denied { module_request } for pid=355 comm="strace-static-x" kmod="net-pf-16-proto-4-type-16" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 24.313975][ T23] audit: type=1400 audit(1745424994.680:72): avc: denied { read } for pid=355 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [pid 369] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 368] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 367] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 364] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 369] <... mount resumed>) = 0 [pid 368] <... socket resumed>) = 4 [pid 367] <... mkdir resumed>) = 0 [pid 364] <... mount resumed>) = 0 [pid 369] mkdir("./syz-tmp/newroot", 0777 [pid 368] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 367] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 364] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 369] <... mkdir resumed>) = 0 [pid 368] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 367] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 364] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 369] mkdir("./syz-tmp/newroot/dev", 0700 [pid 368] close(4 [pid 367] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 364] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 369] <... mkdir resumed>) = 0 [pid 368] <... close resumed>) = 0 [pid 367] <... mount resumed>) = 0 [pid 364] <... mount resumed>) = 0 [pid 369] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 368] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 367] mkdir("./syz-tmp/newroot/sys", 0700 [pid 364] mkdir("./syz-tmp/newroot/syz-inputs", 0700 [pid 369] <... mount resumed>) = 0 [pid 368] <... sendto resumed>) = 44 [pid 367] <... mkdir resumed>) = 0 [pid 366] write(3, "0 65535", 7 [pid 364] <... mkdir resumed>) = 0 [pid 369] mkdir("./syz-tmp/newroot/proc", 0700 [pid 368] recvfrom(3, [pid 367] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 364] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 369] <... mkdir resumed>) = 0 [pid 368] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 367] <... mount resumed>) = 0 [pid 364] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 369] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 368] close(3 [pid 367] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 364] mkdir("./syz-tmp/pivot", 0777 [pid 369] <... mount resumed>) = 0 [pid 368] <... close resumed>) = 0 [pid 367] <... mount resumed>) = 0 [pid 364] <... mkdir resumed>) = 0 [pid 369] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 368] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 367] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 364] pivot_root("./syz-tmp", "./syz-tmp/pivot" [pid 369] <... mkdir resumed>) = 0 [pid 368] <... openat resumed>) = 3 [pid 367] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 364] <... pivot_root resumed>) = 0 [pid 369] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 368] write(3, "100000", 6 [pid 367] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 364] chdir("/" [pid 369] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 368] <... write resumed>) = 6 [pid 367] <... mount resumed>) = 0 [pid 364] <... chdir resumed>) = 0 [pid 369] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 368] close(3 [pid 367] mkdir("./syz-tmp/newroot/syz-inputs", 0700 [pid 364] umount2("./pivot", MNT_DETACH [pid 369] <... mount resumed>) = 0 [pid 368] <... close resumed>) = 0 [pid 367] <... mkdir resumed>) = 0 [pid 369] mkdir("./syz-tmp/newroot/sys", 0700 [pid 368] mkdir("./syz-tmp", 0777 [pid 367] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 369] <... mkdir resumed>) = 0 [pid 368] <... mkdir resumed>) = 0 [pid 367] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 369] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 368] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 367] mkdir("./syz-tmp/pivot", 0777 [pid 369] <... mount resumed>) = 0 [pid 368] <... mount resumed>) = 0 [pid 367] <... mkdir resumed>) = 0 [pid 369] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 368] mkdir("./syz-tmp/newroot", 0777 [pid 367] pivot_root("./syz-tmp", "./syz-tmp/pivot" [pid 369] <... mount resumed>) = 0 [pid 368] <... mkdir resumed>) = 0 [pid 367] <... pivot_root resumed>) = 0 [pid 369] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 368] mkdir("./syz-tmp/newroot/dev", 0700 [pid 367] chdir("/" [pid 369] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 368] <... mkdir resumed>) = 0 [pid 367] <... chdir resumed>) = 0 [pid 369] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 368] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 367] umount2("./pivot", MNT_DETACH [pid 369] <... mount resumed>) = 0 [pid 368] <... mount resumed>) = 0 [pid 369] mkdir("./syz-tmp/newroot/syz-inputs", 0700 [pid 368] mkdir("./syz-tmp/newroot/proc", 0700 [pid 369] <... mkdir resumed>) = 0 [pid 368] <... mkdir resumed>) = 0 [pid 369] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 368] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 369] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 368] <... mount resumed>) = 0 [pid 369] mkdir("./syz-tmp/pivot", 0777 [pid 368] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 369] <... mkdir resumed>) = 0 [pid 368] <... mkdir resumed>) = 0 [pid 369] pivot_root("./syz-tmp", "./syz-tmp/pivot" [pid 368] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 369] <... pivot_root resumed>) = 0 [pid 368] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 369] chdir("/" [pid 368] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 369] <... chdir resumed>) = 0 [pid 368] <... mount resumed>) = 0 [pid 367] <... umount2 resumed>) = 0 [pid 366] <... write resumed>) = 7 [pid 364] <... umount2 resumed>) = 0 [pid 369] umount2("./pivot", MNT_DETACH [pid 368] mkdir("./syz-tmp/newroot/sys", 0700 [pid 367] chroot("./newroot" [pid 364] chroot("./newroot" [pid 368] <... mkdir resumed>) = 0 [pid 367] <... chroot resumed>) = 0 [pid 364] <... chroot resumed>) = 0 [pid 368] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 367] chdir("/" [pid 364] chdir("/" [pid 368] <... mount resumed>) = 0 [pid 367] <... chdir resumed>) = 0 [pid 364] <... chdir resumed>) = 0 [pid 368] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 367] mkdir("/dev/gadgetfs", 0777 [pid 364] mkdir("/dev/gadgetfs", 0777 [pid 368] <... mount resumed>) = 0 [ 24.334652][ T23] audit: type=1400 audit(1745424994.800:73): avc: denied { mounton } for pid=364 comm="syz-executor357" path="/root/syzkaller.PsNoap/syz-tmp" dev="sda1" ino=1932 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 24.359224][ T23] audit: type=1400 audit(1745424994.800:74): avc: denied { mount } for pid=364 comm="syz-executor357" name="/" dev="tmpfs" ino=11642 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [pid 367] <... mkdir resumed>) = 0 [pid 364] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 368] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 367] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL [pid 364] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL [pid 368] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 366] close(3) = 0 [pid 366] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3 [pid 366] dup2(3, 200) = 200 [pid 366] close(3) = 0 [pid 366] ioctl(200, TUNSETIFF, 0x7ffc32f49820) = 0 [pid 366] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3 [pid 366] write(3, "0", 1) = 1 [pid 366] close(3) = 0 [pid 366] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3 [pid 366] write(3, "0", 1) = 1 [pid 366] close(3) = 0 [pid 366] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 366] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 369] <... umount2 resumed>) = 0 [pid 368] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 367] <... mount resumed>) = -1 ENODEV (No such device) [pid 364] <... mount resumed>) = -1 ENODEV (No such device) [pid 369] chroot("./newroot" [pid 368] <... mount resumed>) = 0 [pid 367] mkdir("/dev/binderfs", 0777 [pid 366] <... socket resumed>) = 4 [pid 364] mkdir("/dev/binderfs", 0777 [pid 369] <... chroot resumed>) = 0 [pid 368] mkdir("./syz-tmp/newroot/syz-inputs", 0700 [pid 367] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 366] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 364] <... mkdir resumed>) = 0 [pid 369] chdir("/" [pid 368] <... mkdir resumed>) = 0 [pid 367] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 364] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 369] <... chdir resumed>) = 0 [pid 368] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 367] <... mount resumed>) = 0 [pid 366] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 364] <... mount resumed>) = 0 [pid 369] mkdir("/dev/gadgetfs", 0777 [pid 368] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 367] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 366] close(4 [pid 364] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 369] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 368] mkdir("./syz-tmp/pivot", 0777 [pid 367] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 366] <... close resumed>) = 0 [pid 364] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 369] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL [pid 368] <... mkdir resumed>) = 0 [pid 367] mkdir("./0", 0777 [pid 364] mkdir("./0", 0777 [pid 369] <... mount resumed>) = -1 ENODEV (No such device) [pid 368] pivot_root("./syz-tmp", "./syz-tmp/pivot" [pid 367] <... mkdir resumed>) = 0 [pid 366] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 364] <... mkdir resumed>) = 0 [pid 369] mkdir("/dev/binderfs", 0777 [pid 368] <... pivot_root resumed>) = 0 [pid 367] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 364] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 369] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 368] chdir("/" [pid 367] <... openat resumed>) = 3 [pid 366] <... sendto resumed>) = 40 [pid 364] <... openat resumed>) = 3 [pid 369] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 368] <... chdir resumed>) = 0 [pid 367] ioctl(3, LOOP_CLR_FD [pid 366] recvfrom(3, [pid 364] ioctl(3, LOOP_CLR_FD [pid 369] <... mount resumed>) = 0 [pid 368] umount2("./pivot", MNT_DETACH [pid 367] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 366] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 364] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 369] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 368] <... umount2 resumed>) = 0 [pid 367] close(3 [pid 366] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 364] close(3 [pid 369] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 368] chroot("./newroot" [pid 367] <... close resumed>) = 0 [pid 366] <... socket resumed>) = 4 [pid 364] <... close resumed>) = 0 [pid 369] mkdir("./0", 0777 [pid 368] <... chroot resumed>) = 0 [pid 367] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 366] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 369] <... mkdir resumed>) = 0 [pid 368] chdir("/" [pid 366] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 364] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 369] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 368] <... chdir resumed>) = 0 [pid 367] <... clone resumed>, child_tidptr=0x555576ad6750) = 2 [pid 366] close(4) = 0 [pid 366] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 369] <... openat resumed>) = 3 [pid 368] mkdir("/dev/gadgetfs", 0777 [pid 366] <... sendto resumed>) = 64 [pid 369] ioctl(3, LOOP_CLR_FD [pid 368] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 366] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 364] <... clone resumed>, child_tidptr=0x555576ad6750) = 2 [pid 369] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 368] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL [pid 366] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 369] close(3 [pid 368] <... mount resumed>) = -1 ENODEV (No such device) [pid 366] <... socket resumed>) = 4 [pid 369] <... close resumed>) = 0 [pid 368] mkdir("/dev/binderfs", 0777 [pid 366] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 369] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 368] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 366] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 366] close(4) = 0 [pid 366] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 368] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 366] <... sendto resumed>) = 48 [pid 369] <... clone resumed>, child_tidptr=0x555576ad6750) = 2 [pid 366] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 ./strace-static-x86_64: Process 371 attached [pid 368] <... mount resumed>) = 0 [pid 366] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 371] set_robust_list(0x555576ad6760, 24 [pid 368] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 366] <... socket resumed>) = 4 [pid 371] <... set_robust_list resumed>) = 0 [pid 368] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 366] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 371] chdir("./0" [pid 368] mkdir("./0", 0777 [pid 366] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 371] <... chdir resumed>) = 0 [pid 366] close(4 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 368] <... mkdir resumed>) = 0 [pid 366] <... close resumed>) = 0 [pid 371] <... prctl resumed>) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 366] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 371] setpgid(0, 0 [pid 368] <... openat resumed>) = 3 [pid 366] <... sendto resumed>) = 60 [pid 371] <... setpgid resumed>) = 0 [pid 368] ioctl(3, LOOP_CLR_FD [pid 366] recvfrom(3, ./strace-static-x86_64: Process 372 attached [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 368] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 366] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 372] set_robust_list(0x555576ad6760, 24 [pid 371] <... openat resumed>) = 3 [pid 368] close(3 [pid 366] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0 [pid 372] <... set_robust_list resumed>) = 0 [pid 371] write(3, "1000", 4 [pid 368] <... close resumed>) = 0 [pid 366] <... socket resumed>) = 4 ./strace-static-x86_64: Process 370 attached [pid 372] chdir("./0" [pid 371] <... write resumed>) = 4 [pid 368] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 366] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun" [pid 371] close(3 [pid 366] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 371] <... close resumed>) = 0 [pid 366] close(4 [pid 372] <... chdir resumed>) = 0 [pid 371] read(200, [pid 370] set_robust_list(0x555576ad6760, 24 [pid 366] <... close resumed>) = 0 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 371] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 370] <... set_robust_list resumed>) = 0 [pid 368] <... clone resumed>, child_tidptr=0x555576ad6750) = 2 [pid 366] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 [pid 372] <... prctl resumed>) = 0 [pid 371] read(200, [pid 370] chdir("./0" [pid 366] <... sendto resumed>) = 44 [pid 371] <... read resumed>0x7ffc32f49200, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 366] recvfrom(3, [pid 371] symlink("/dev/binderfs", "./binderfs" [pid 366] <... recvfrom resumed>[{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 371] <... symlink resumed>) = 0 [pid 366] close(3executing program [pid 371] write(1, "executing program\n", 18 [pid 366] <... close resumed>) = 0 [pid 372] setpgid(0, 0 [pid 371] <... write resumed>) = 18 [pid 370] <... chdir resumed>) = 0 [pid 366] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 372] <... setpgid resumed>) = 0 [pid 371] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 366] <... openat resumed>) = 3 ./strace-static-x86_64: Process 373 attached [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 371] <... openat resumed>) = 3 [pid 370] <... prctl resumed>) = 0 [pid 366] write(3, "100000", 6 [pid 373] set_robust_list(0x555576ad6760, 24 [pid 372] <... openat resumed>) = 3 [pid 371] ioctl(3, VHOST_SET_OWNER [pid 370] setpgid(0, 0 [pid 366] <... write resumed>) = 6 [pid 373] <... set_robust_list resumed>) = 0 [pid 372] write(3, "1000", 4 [pid 370] <... setpgid resumed>) = 0 [pid 366] close(3 [pid 373] chdir("./0" [pid 372] <... write resumed>) = 4 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 366] <... close resumed>) = 0 [pid 373] <... chdir resumed>) = 0 [pid 372] close(3 [pid 370] <... openat resumed>) = 3 [pid 366] mkdir("./syz-tmp", 0777 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 372] <... close resumed>) = 0 [pid 370] write(3, "1000", 4 [pid 366] <... mkdir resumed>) = 0 [pid 373] <... prctl resumed>) = 0 [pid 372] read(200, [pid 370] <... write resumed>) = 4 [pid 366] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 373] setpgid(0, 0 [pid 372] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 370] close(3 [pid 366] <... mount resumed>) = 0 [pid 373] <... setpgid resumed>) = 0 [pid 366] mkdir("./syz-tmp/newroot", 0777 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 366] <... mkdir resumed>) = 0 [pid 373] <... openat resumed>) = 3 [pid 366] mkdir("./syz-tmp/newroot/dev", 0700 [pid 373] write(3, "1000", 4 [pid 366] <... mkdir resumed>) = 0 [pid 373] <... write resumed>) = 4 [pid 366] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 373] close(3 [pid 366] <... mount resumed>) = 0 [pid 373] <... close resumed>) = 0 [pid 366] mkdir("./syz-tmp/newroot/proc", 0700 [pid 373] read(200, [pid 366] <... mkdir resumed>) = 0 [pid 373] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 372] read(200, [pid 370] <... close resumed>) = 0 [pid 366] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 373] read(200, [pid 372] <... read resumed>0x7ffc32f49200, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] <... ioctl resumed>, 0) = 0 [pid 370] read(200, [pid 373] <... read resumed>0x7ffc32f49200, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 372] symlink("/dev/binderfs", "./binderfs" [pid 371] ioctl(3, VHOST_SET_VRING_ADDR [pid 366] <... mount resumed>) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs" [pid 371] <... ioctl resumed>, 0x200000000300) = 0 [ 24.382064][ T23] audit: type=1400 audit(1745424994.800:75): avc: denied { mounton } for pid=364 comm="syz-executor357" path="/root/syzkaller.PsNoap/syz-tmp/newroot/dev" dev="tmpfs" ino=11648 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 24.386588][ T367] request_module fs-gadgetfs succeeded, but still no fs? executing program executing program [pid 370] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 373] <... symlink resumed>) = 0 [pid 372] <... symlink resumed>) = 0 [pid 371] ioctl(3, VHOST_SET_MEM_TABLE [pid 370] read(200, [pid 366] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 373] write(1, "executing program\n", 18 [pid 372] write(1, "executing program\n", 18 [pid 370] <... read resumed>"\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 [pid 373] <... write resumed>) = 18 [pid 373] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 373] ioctl(3, VHOST_SET_OWNER [pid 366] <... mkdir resumed>) = 0 executing program [pid 372] <... write resumed>) = 18 [pid 370] read(200, [pid 366] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 372] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 371] <... ioctl resumed>, 0x200000003380) = 0 [pid 370] <... read resumed>0x7ffc32f49200, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] eventfd2(118, EFD_SEMAPHORE [pid 372] <... openat resumed>) = 3 [pid 366] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 372] ioctl(3, VHOST_SET_OWNER [pid 371] <... eventfd2 resumed>) = 4 [pid 370] symlink("/dev/binderfs", "./binderfs" [pid 366] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 371] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 371] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 371] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 371] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 366] <... mount resumed>) = 0 [pid 371] <... ioctl resumed>, 0x200000000140) = 0 [pid 371] memfd_create("syzkaller", 0 [pid 370] <... symlink resumed>) = 0 [pid 366] mkdir("./syz-tmp/newroot/sys", 0700 [pid 371] <... memfd_create resumed>) = 5 [pid 370] write(1, "executing program\n", 18 [pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f806f785000 [pid 370] <... write resumed>) = 18 [pid 366] <... mkdir resumed>) = 0 [pid 371] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 370] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 366] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 372] <... ioctl resumed>, 0) = 0 [pid 370] <... openat resumed>) = 3 [pid 366] <... mount resumed>) = 0 [pid 373] <... ioctl resumed>, 0) = 0 [pid 373] ioctl(3, VHOST_SET_VRING_ADDR