Skip to content

Instantly share code, notes, and snippets.

@xse

xse/gist:a7c7fb9dd04cfccaefd8e894632a2d25 Secret

Created March 22, 2018 16:35
Show Gist options
  • Save xse/a7c7fb9dd04cfccaefd8e894632a2d25 to your computer and use it in GitHub Desktop.
Save xse/a7c7fb9dd04cfccaefd8e894632a2d25 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
442 execve("/usr/bin/kfcgi", ["kfcgi", "-d", "-v", "-s", "/run/httpd.sock", "-p", "/", "--", "/srv/http/kcgi"], ["LANG=en_US.UTF-8", "TERM=screen", "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl", "MAIL=/var/mail/root", "LOGNAME=root", "USER=root", "USERNAME=root", "HOME=/root", "SHELL=/bin/bash", "SUDO_COMMAND=/usr/bin/strace -s 2048 -f -v -o /srv/http/foo/kfcgi.strace kfcgi -d -v -s /run/httpd.sock -p / -- /srv/http/kcgi", "SUDO_USER=xse", "SUDO_UID=1001", "SUDO_GID=1001"]) = 0
442 brk(NULL) = 0x1e9e000
442 uname({sysname="Linux", nodename="rpi", release="4.14.27-1-ARCH", version="#1 SMP Sat Mar 17 00:42:16 UTC 2018", machine="armv6l", domainname="(none)"}) = 0
442 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
442 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
442 fstat64(3, {st_dev=makedev(179, 2), st_ino=57881, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=80, st_size=37127, st_atime=1521733116 /* 2018-03-22T16:38:36.127192000+0100 */, st_atime_nsec=127192000, st_mtime=1520908727 /* 2018-03-13T03:38:47.830000000+0100 */, st_mtime_nsec=830000000, st_ctime=1520908727 /* 2018-03-13T03:38:47.830000000+0100 */, st_ctime_nsec=830000000}) = 0
442 mmap2(NULL, 37127, PROT_READ, MAP_PRIVATE, 3, 0) = 0x76fda000
442 close(3) = 0
442 openat(AT_FDCWD, "/usr/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
442 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\fl\1\0004\0\0\0\0\2\30\0\0\4\0\0054\0 \0\n\0(\0K\0J\0\1\0\0p\354\277\22\0\354\277\22\0\354\277\22\0008\26\0\0008\26\0\0\4\0\0\0\4\0\0\0\6\0\0\0004\0\0\0004\0\0\0004\0\0\0@\1\0\0@\1\0\0\5\0\0\0\4\0\0\0\3\0\0\0\330\266\22\0\330\266\22\0\330\266\22\0\35\0\0\0\35\0\0\0\4\0\0\0\4\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\240\t\23\0\240\t\23\0\5\0\0\0\0\0\1\0\1\0\0\0008\25\23\0008\25\24\0008\25\24\0<'\0\0lN\0\0\6\0\0\0\0\0\1\0\2\0\0\0P-\23\0P-\24\0P-\24\0\350\0\0\0\350\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0t\1\0\0t\1\0\0t\1\0\0D\0\0\0D\0\0\0\4\0\0\0\4\0\0\0\7\0\0\0008\25\23\0008\25\24\0008\25\24\0\10\0\0\0T\0\0\0\4\0\0\0\4\0\0\0Q\345td\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\20\0\0\0R\345td8\25\23\0008\25\24\0008\25\24\0\310\32\0\0\310\32\0\0\4\0\0\0\1\0\0\0\4\0\0\0\24\0\0\0\3\0\0\0GNU\0/\2435\2244\214\243\363h\327\17\32\212\335\316/\4\367\10q\4\0\0\0\20\0\0\0\1\0\0\0GNU\0\0\0\0\0\3\0\0\0\2\0\0\0\0\0\0\0\363\3\0\0\r\0\0\0\0\2\0\0\16\0\0\0\2440\20D\204!\n\1\214\3\346\220AE\210\0\204\0\10\0E\204\0`\300\200\1\f\212\f@\0010\0\10@2\10\252\0\210H6l\240\0268\0&\204\200\216\4\10@\4", 512) = 512
442 fstat64(3, {st_dev=makedev(179, 2), st_ino=3926, st_mode=S_IFREG|0755, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=3080, st_size=1576376, st_atime=1521658366 /* 2018-03-21T19:52:46.591133956+0100 */, st_atime_nsec=591133956, st_mtime=1516328080 /* 2018-01-19T03:14:40.341225537+0100 */, st_mtime_nsec=341225537, st_ctime=1520876934 /* 2018-03-12T18:48:54.399098137+0100 */, st_ctime_nsec=399098137}) = 0
442 mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76fd8000
442 mmap2(NULL, 1336228, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x76e6d000
442 mprotect(0x76f9e000, 65536, PROT_NONE) = 0
442 mmap2(0x76fae000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x131000) = 0x76fae000
442 mmap2(0x76fb1000, 9124, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x76fb1000
442 close(3) = 0
442 set_tls(0x76fd8bf0) = 0
442 mprotect(0x76fae000, 8192, PROT_READ) = 0
442 mprotect(0x4f8000, 4096, PROT_READ) = 0
442 mprotect(0x76fe4000, 4096, PROT_READ) = 0
442 munmap(0x76fda000, 37127) = 0
442 geteuid32() = 0
442 socket(AF_UNIX, SOCK_STREAM, 0) = 3
442 unlink("/run/httpd.sock") = 0
442 umask(0117) = 022
442 bind(3, {sa_family=AF_UNIX, sun_path="/run/httpd.sock"}, 110) = 0
442 umask(022) = 0117
442 listen(3, 10) = 0
442 chroot("/") = 0
442 chdir("/") = 0
442 brk(NULL) = 0x1e9e000
442 brk(0x1ebf000) = 0x1ebf000
442 rt_sigaction(SIGTERM, {sa_handler=0x4e215c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x76e998e0}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
442 rt_sigaction(SIGCHLD, {sa_handler=0x4e2190, sa_mask=[CHLD], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x76e998e0}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
442 rt_sigaction(SIGHUP, {sa_handler=0x4e2128, sa_mask=[HUP], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x76e998e0}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
442 rt_sigprocmask(SIG_BLOCK, [HUP TERM CHLD], [], 8) = 0
442 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x76fd8798) = 443
442 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x76fd8798) = 444
442 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x76fd8798) = 445
442 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x76fd8798) = 446
442 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x76fd8798) = 447
442 rt_sigsuspend([], 8 <unfinished ...>
445 dup2(3, 0 <unfinished ...>
444 dup2(3, 0 <unfinished ...>
447 dup2(3, 0 <unfinished ...>
446 dup2(3, 0 <unfinished ...>
443 dup2(3, 0 <unfinished ...>
445 <... dup2 resumed> ) = 0
444 <... dup2 resumed> ) = 0
443 <... dup2 resumed> ) = 0
447 <... dup2 resumed> ) = 0
446 <... dup2 resumed> ) = 0
445 close(3 <unfinished ...>
444 close(3 <unfinished ...>
447 close(3 <unfinished ...>
446 close(3 <unfinished ...>
447 <... close resumed> ) = 0
447 execve("/srv/http/kcgi", ["/srv/http/kcgi"], ["LANG=en_US.UTF-8", "TERM=screen", "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl", "MAIL=/var/mail/root", "LOGNAME=root", "USER=root", "USERNAME=root", "HOME=/root", "SHELL=/bin/bash", "SUDO_COMMAND=/usr/bin/strace -s 2048 -f -v -o /srv/http/foo/kfcgi.strace kfcgi -d -v -s /run/httpd.sock -p / -- /srv/http/kcgi", "SUDO_USER=xse", "SUDO_UID=1001", "SUDO_GID=1001"] <unfinished ...>
446 <... close resumed> ) = 0
447 <... execve resumed> ) = 0
446 execve("/srv/http/kcgi", ["/srv/http/kcgi"], ["LANG=en_US.UTF-8", "TERM=screen", "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl", "MAIL=/var/mail/root", "LOGNAME=root", "USER=root", "USERNAME=root", "HOME=/root", "SHELL=/bin/bash", "SUDO_COMMAND=/usr/bin/strace -s 2048 -f -v -o /srv/http/foo/kfcgi.strace kfcgi -d -v -s /run/httpd.sock -p / -- /srv/http/kcgi", "SUDO_USER=xse", "SUDO_UID=1001", "SUDO_GID=1001"] <unfinished ...>
447 brk(NULL) = 0x444000
447 brk(0x444d08) = 0x444d08
447 set_tls(0x4444c0) = 0
447 uname({sysname="Linux", nodename="rpi", release="4.14.27-1-ARCH", version="#1 SMP Sat Mar 17 00:42:16 UTC 2018", machine="armv6l", domainname="(none)"}) = 0
447 readlink("/proc/self/exe", "/srv/http/kcgi", 4096) = 14
447 brk(0x465d08) = 0x465d08
447 brk(0x466000) = 0x466000
447 rt_sigaction(SIGTERM, {sa_handler=0x1043c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
447 rt_sigprocmask(SIG_BLOCK, [TERM], NULL, 8) = 0
447 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0
447 fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
447 fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR)
447 fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
447 fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
447 socketpair(AF_UNIX, SOCK_STREAM, 0, [5, 6]) = 0
447 fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR)
447 fcntl64(6, F_GETFL) = 0x2 (flags O_RDWR)
447 fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0
447 fcntl64(6, F_SETFL, O_RDWR|O_NONBLOCK) = 0
447 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x444068) = 448
447 close(5) = 0
447 close(3) = 0
447 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 5]) = 0
447 fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
447 fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR)
447 fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
447 fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0
448 rt_sigaction(SIGTERM, {sa_handler=SIG_IGN, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, <unfinished ...>
447 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x444068) = 449
448 <... rt_sigaction resumed> {sa_handler=0x1043c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, 8) = 0
447 close(3 <unfinished ...>
448 close(0 <unfinished ...>
447 <... close resumed> ) = 0
448 <... close resumed> ) = 0
447 close(4 <unfinished ...>
448 close(1) = 0
448 close(6) = 0
449 rt_sigaction(SIGTERM, {sa_handler=SIG_IGN, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, <unfinished ...>
448 close(4) = 0
449 <... rt_sigaction resumed> {sa_handler=0x1043c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, 8) = 0
448 prlimit64(0, RLIMIT_FSIZE, {rlim_cur=0, rlim_max=0}, <unfinished ...>
449 close(1 <unfinished ...>
448 <... prlimit64 resumed> NULL) = 0
449 <... close resumed> ) = 0
448 prlimit64(0, RLIMIT_NPROC, {rlim_cur=0, rlim_max=0}, <unfinished ...>
449 close(6) = 0
449 close(5) = 0
449 prlimit64(0, RLIMIT_FSIZE, {rlim_cur=0, rlim_max=0}, NULL) = 0
449 prlimit64(0, RLIMIT_NPROC, {rlim_cur=0, rlim_max=0}, NULL) = 0
449 rt_sigaction(SIGSYS, {sa_handler=0x17d78, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x351b0}, NULL, 8) = 0
449 rt_sigprocmask(SIG_UNBLOCK, [SYS], NULL, 8) = 0
449 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
449 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=45, filter=[BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0x4), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x40000028, 0x1, 0), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP), BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO|0xd), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x14, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x107, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x11d, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x37, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x128, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x129, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x3, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x6, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x125, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x2d, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xa8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x8e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xdc, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xc0, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5b, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xf8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xaf, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP)]}) = 0
449 fcntl64(0, F_GETFL <unfinished ...>
449 --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x51d2c, si_syscall=__NR_fcntl64, si_arch=AUDIT_ARCH_ARM} ---
449 <... fcntl64 resumed> ) = 0x2 (flags O_RDWR)
449 write(86, "ssh_sandbox_violation: unexpected system call (arch:0x40000028,syscall:221 @ 0x51d2c)\n", 86) = 1
449 +++ exited with 1 +++
448 <... prlimit64 resumed> NULL) = 0
448 rt_sigaction(SIGSYS, {sa_handler=0x17d78, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x351b0}, NULL, 8) = 0
448 rt_sigprocmask(SIG_UNBLOCK, [SYS], NULL, 8) = 0
448 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
448 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=39, filter=[BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0x4), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x40000028, 0x1, 0), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP), BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO|0xd), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x14, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x107, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x3, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x6, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x125, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x2d, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xa8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x8e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xdc, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xc0, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xa3, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5b, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xf8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xaf, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP)]}) = 0
448 poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN|POLLHUP}])
448 read(3, "", 4) = 0
448 close(5) = 0
448 close(3) = 0
448 exit_group(0) = ?
448 +++ exited with 0 +++
447 <... close resumed> ) = 0
447 close(0) = 0
447 rt_sigprocmask(SIG_UNBLOCK, [TERM], NULL, 8) = 0
447 poll([{fd=5, events=POLLIN}], 1, 1000) = 1 ([{fd=5, revents=POLLIN|POLLHUP}])
447 rt_sigprocmask(SIG_UNBLOCK, [TERM], NULL, 8) = 0
447 poll([{fd=5, events=POLLIN}], 1, -1) = 1 ([{fd=5, revents=POLLIN|POLLHUP}])
447 recvmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="", iov_len=256}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 0
447 write(2, "fcgi.c:685: application signalled\n", 34) = 34
447 close(5) = 0
447 close(6) = 0
447 wait4(448, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 448
447 wait4(449, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 449
447 write(2, "wrappers.c:181: child status 1\n", 31) = 31
447 exit_group(0) = ?
447 +++ exited with 0 +++
442 <... rt_sigsuspend resumed> ) = ? ERESTARTNOHAND (To be restarted if no handler)
442 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=447, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
442 sigreturn({mask=[HUP TERM CHLD]}) = -1 EINTR (Interrupted system call)
442 gettimeofday({tv_sec=1521734730, tv_usec=252230}, NULL) = 0
442 open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 4
442 fstat64(4, {st_dev=makedev(179, 2), st_ino=31118, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=6, st_size=2971, st_atime=1521658654 /* 2018-03-21T19:57:34.281474375+0100 */, st_atime_nsec=281474375, st_mtime=1516857915 /* 2018-01-25T06:25:15.776826739+0100 */, st_mtime_nsec=776826739, st_ctime=1520877154 /* 2018-03-12T18:52:34.670100026+0100 */, st_ctime_nsec=670100026}) = 0
442 fstat64(4, {st_dev=makedev(179, 2), st_ino=31118, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=6, st_size=2971, st_atime=1521658654 /* 2018-03-21T19:57:34.281474375+0100 */, st_atime_nsec=281474375, st_mtime=1516857915 /* 2018-01-25T06:25:15.776826739+0100 */, st_mtime_nsec=776826739, st_ctime=1520877154 /* 2018-03-12T18:52:34.670100026+0100 */, st_ctime_nsec=670100026}) = 0
442 read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\r\0\0\0\r\0\0\0\0\0\0\0\270\0\0\0\r\0\0\0\37\200\0\0\0\221`P\213\233Gx\360\233\327,p\234\274\221p\235\300H\360\236\211\376p\237\240*\360\240`\245\360\241\200\f\360\242.\22\360\243zL\360\2445\201\360\245^#p\246%5\360\247'\233\360\250X&p\251\7}\360\251\3564p\252\347_\360\253\327P\360\254\307A\360\255\311\247\360\256\247#\360\257\240Op\260\207\5\360\261\211k\360\262p\"p\263r\210p\264P\4p\265I/\360\266/\346p\2672Lp\270\17\310p\270\377\271p\271\357\252p\272\326`\360\273\330\306\360\274\310\267\360\275\270\250\360\276\237_p\277\230\212\360\300\232\360\360\301xl\360\302h]\360\303XN\360\304?\5p\30580\360\306:\226\360\307X\254p\307\332\t\240\310l'\340\314\347K\20\315\251\27\220\316\242C\20\317\2224\20\320O\341\340\320\211\361\360\321r\26\20\322N@\220\v\2739\0\f\253\33\360\r\244c\220\16\213\32\20\17\204E\220\20t6\220\21d'\220\22T\30\220\23MD\20\0243\372\220\25#\353\220\26\23\334\220\27\3\315\220\27\363\276\220\30\343\257\220\31\323\240\220\32\303\221\220\33\274\275\20\34\254\256\20\35\234\237\20\36\214\220\20\37|\201\20 lr\20!\\c\20\"LT\20#<E\20$,6\20%\34'\20&\f\30\20'\5C\220'\3654\220(\345%\220)\325\26\220*\305\7\220+\264\370\220,\244\351\220-\224\332\220.\204\313\220/t\274\2200d\255\2201]\331\0202r\264\0203=\273\0204R\226\0205\35\235\02062x\0206\375\177\0208\33\224\2208\335a\0209\373v\220:\275C\20;\333X\220<\246_\220=\273:\220>\206A\220?\233\34\220@f#\220A\2049\20BF\5\220Cd\33\20D%\347\220EC\375\20F\5\311\220G#\337\20G\356\346\20I\3\301\20I\316\310\20J\343\243\20K\256\252\20L\314\277\220M\216\214\20N\254\241\220Onn\20P\214\203\220QW\212\220Rle\220S7l\220TLG\220U\27N\220V,)\220V\3670\220X\25F\20X\327\22\220Y\365(\20Z\266\364\220[\325\n\20\\\240\21\20]\264\354\20^\177\363\20_\224\316\20`_\325\20a}\352\220b?\267\20c]\314\220d\37\231\20e=\256\220f\10\265\220g\35\220\220g\350\227\220h\375r\220i\310y\220j\335T\220k\250[\220l\306q\20m\210=\220n\246S\20oh\37\220p\2065\20qQ<\20rf\27\20s1\36\20tE\371\20u\21\0\20v/\25\220v\360\342\20x\16\367\220x\320\304\20y\356\331\220z\260\246\20{\316\273\220|\231\302\220}\256\235\220~y\244\220\177\216\177\220\1\5\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\2\3\4\10\6\7\6\7\t\4\t\n\10\n\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\v\f\0\0\0021\0\0\0\0\0021\0\4\0\0\16\20\1\10\0\0\0\0\0\r\0\0\16\20\1\10\0\0\0\0\0\r\0\0\16\20\0\21\0\0\34 \1\25\0\0\34 \1\25\0\0\34 \1\32\0\0\16\20\0\21\0\0\34 \1\25\0\0\16\20\0\21LMT\0PMT\0WEST\0WET\0CET\0CEST\0WEMT\0\0\0\1\1\0\0\1\1\0\0\0\1\1\0\0\0\0\0\0\0\0\0\0\0\1\1TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\r\0\0\0\r\0\0\0\0\0\0\0\271\0\0\0\r\0\0\0\37\370\0\0\0\0\0\0\0\377\377\377\377k\310J\213\377\377\377\377\221`P\213\377\377\377\377\233Gx\360\377\377\377\377\233\327,p\377\377\377\377\234\274\221p\377\377\377\377\235\300H\360\377\377\377\377\236\211\376p\377\377\377\377\237\240*\360\377\377\377\377\240`\245\360\377\377\377\377\241\200\f\360\377\377\377\377\242.\22\360\377\377\377\377\243zL\360\377\377\377\377\2445\201\360\377\377\377\377\245^#p\377\377\377\377\246%5\360\377\377\377\377\247'\233\360\377\377\377\377\250X&p\377\377\377\377\251\7}\360\377\377\377\377\251\3564p\377\377\377\377\252\347_\360\377\377\377\377\253\327P\360\377\377\377\377\254\307A\360\377\377\377\377\255\311\247\360\377\377\377\377\256\247#\360\377\377\377\377\257\240Op\377\377\377\377\260\207\5\360\377\377\377\377\261\211k\360\377\377\377\377\262p\"p\377\377\377\377\263r\210p\377\377\377\377\264P\4p\377\377\377\377\265I/\360\377\377\377\377\266/\346p\377\377\377\377\2672Lp\377\377\377\377\270\17\310p\377\377\377\377\270\377\271p\377\377\377\377\271\357\252p\377\377\377\377\272\326`\360\377\377\377\377\273\330\306\360\377\377\377\377\274\310\267\360\377\377\377\377\275\270\250\360\377\377\377\377\276\237_p\377\377\377\377\277\230\212\360\377\377\377\377\300\232\360\360\377\377\377\377\301xl\360\377\377\377\377\302h]\360\377\377\377\377\303XN\360\377\377\377\377\304?\5p\377\377\377\377\30580\360\377\377\377\377\306:\226\360\377\377\377\377\307X\254p\377\377\377\377\307\332\t\240\377\377\377\377\310l'\340\377\377\377\377\314\347K\20\377\377\377\377\315\251\27\220\377\377\377\377\316\242C\20\377\377\377\377\317\2224\20\377\377\377\377\320O\341\340\377\377\377\377\320\211\361\360\377\377\377\377\321r\26\20\377\377\377\377\322N@\220\0\0\0\0\v\2739\0\0\0\0\0\f\253\33\360\0\0\0\0\r\244c\220\0\0\0\0\16\213\32\20\0\0\0\0\17\204E\220\0\0\0\0\20t6\220\0\0\0\0\21d'\220\0\0\0\0\22T\30\220\0\0\0\0\23MD\20\0\0\0\0\0243\372\220\0\0\0\0\25#\353\220\0\0\0\0\26\23\334\220\0\0\0\0\27\3\315\220\0\0\0\0\27\363\276\220\0\0\0\0\30\343\257\220\0\0\0\0\31\323\240\220\0\0\0\0\32\303\221\220\0\0\0\0\33\274\275\20\0\0\0\0\34\254\256\20\0\0\0\0\35\234\237\20\0\0\0\0\36\214\220\20\0\0\0\0\37|\201\20\0\0\0\0 lr\20\0\0\0\0!\\c\20\0\0\0\0\"LT\20\0\0\0\0#<E\20\0\0\0\0$,6\20\0\0\0\0%\34'\20\0\0\0\0&\f\30\20\0\0\0\0'\5C\220\0\0\0\0'\3654\220\0\0\0\0(\345%\220\0\0\0\0)\325\26\220\0\0\0\0*\305\7\220\0\0\0\0+\264\370\220\0\0\0\0,\244\351\220\0\0\0\0-\224\332\220\0\0\0\0.\204\313\220\0\0\0\0/t\274\220\0\0\0\0000d\255\220\0\0\0\0001]\331\20\0\0\0\0002r\264\20\0\0\0\0003=\273\20\0\0\0\0004R\226\20\0\0\0\0005\35\235\20\0\0\0\00062x\20\0\0\0\0006\375\177\20\0\0\0\0008\33\224\220\0\0\0\0008\335a\20\0\0\0\0009\373v\220\0\0\0\0:\275C\20\0\0\0\0;\333X\220\0"..., 4096) = 2971
442 _llseek(4, -28, [2943], SEEK_CUR) = 0
442 read(4, "\nCET-1CEST,M3.5.0,M10.5.0/3\n", 4096) = 28
442 close(4) = 0
442 getpid() = 442
442 writev(2, [{iov_base="kfcgi[442]: worker unexpectedly exited", iov_len=38}, {iov_base="\n", iov_len=1}], 2) = 39
442 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
442 connect(4, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = 0
442 send(4, "<27>Mar 22 17:05:30 kfcgi[442]: worker unexpectedly exited", 58, MSG_NOSIGNAL) = 58
442 close(3) = 0
442 rt_sigaction(SIGCHLD, {sa_handler=SIG_DFL, sa_mask=[CHLD], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x76e998e0}, {sa_handler=0x4e2190, sa_mask=[CHLD], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x76e998e0}, 8) = 0
442 kill(443, SIGTERM) = 0
442 kill(444, SIGTERM) = 0
442 kill(445, SIGTERM) = 0
442 kill(446, SIGTERM) = 0
442 kill(447, SIGTERM) = 0
442 wait4(443, <unfinished ...>
446 <... execve resumed> ) = 0
446 brk(NULL) = 0x3ab000
446 brk(0x3abd08) = 0x3abd08
446 set_tls(0x3ab4c0) = 0
446 uname({sysname="Linux", nodename="rpi", release="4.14.27-1-ARCH", version="#1 SMP Sat Mar 17 00:42:16 UTC 2018", machine="armv6l", domainname="(none)"}) = 0
446 readlink("/proc/self/exe", "/srv/http/kcgi", 4096) = 14
446 brk(0x3ccd08) = 0x3ccd08
446 brk(0x3cd000) = 0x3cd000
446 rt_sigaction(SIGTERM, {sa_handler=0x1043c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
446 rt_sigprocmask(SIG_BLOCK, [TERM], NULL, 8) = 0
446 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0
446 fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
446 fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR)
446 fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
446 fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
446 socketpair(AF_UNIX, SOCK_STREAM, 0, [5, 6]) = 0
446 fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR)
446 fcntl64(6, F_GETFL) = 0x2 (flags O_RDWR)
446 fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0
446 fcntl64(6, F_SETFL, O_RDWR|O_NONBLOCK) = 0
446 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x3ab068) = 450
446 close(5) = 0
446 close(3) = 0
446 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 5]) = 0
446 fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
446 fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR)
446 fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
446 fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0
450 rt_sigaction(SIGTERM, {sa_handler=SIG_IGN, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, {sa_handler=0x1043c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, 8) = 0
446 clone( <unfinished ...>
450 close(0) = 0
446 <... clone resumed> child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x3ab068) = 451
450 close(1 <unfinished ...>
446 close(3 <unfinished ...>
450 <... close resumed> ) = 0
450 close(6) = 0
450 close(4) = 0
450 prlimit64(0, RLIMIT_FSIZE, {rlim_cur=0, rlim_max=0}, NULL) = 0
451 rt_sigaction(SIGTERM, {sa_handler=SIG_IGN, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, <unfinished ...>
450 prlimit64(0, RLIMIT_NPROC, {rlim_cur=0, rlim_max=0}, <unfinished ...>
451 <... rt_sigaction resumed> {sa_handler=0x1043c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, 8) = 0
450 <... prlimit64 resumed> NULL) = 0
451 close(1 <unfinished ...>
450 rt_sigaction(SIGSYS, {sa_handler=0x17d78, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x351b0}, <unfinished ...>
451 <... close resumed> ) = 0
450 <... rt_sigaction resumed> NULL, 8) = 0
451 close(6) = 0
451 close(5) = 0
451 prlimit64(0, RLIMIT_FSIZE, {rlim_cur=0, rlim_max=0}, NULL) = 0
451 prlimit64(0, RLIMIT_NPROC, {rlim_cur=0, rlim_max=0}, NULL) = 0
451 rt_sigaction(SIGSYS, {sa_handler=0x17d78, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x351b0}, NULL, 8) = 0
451 rt_sigprocmask(SIG_UNBLOCK, [SYS], NULL, 8) = 0
451 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
451 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=45, filter=[BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0x4), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x40000028, 0x1, 0), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP), BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO|0xd), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x14, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x107, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x11d, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x37, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x128, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x129, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x3, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x6, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x125, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x2d, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xa8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x8e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xdc, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xc0, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5b, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xf8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xaf, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP)]}) = 0
451 fcntl64(0, F_GETFL <unfinished ...>
451 --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x51d2c, si_syscall=__NR_fcntl64, si_arch=AUDIT_ARCH_ARM} ---
451 <... fcntl64 resumed> ) = 0x2 (flags O_RDWR)
451 write(86, "ssh_sandbox_violation: unexpected system call (arch:0x40000028,syscall:221 @ 0x51d2c)\n", 86) = 1
451 +++ exited with 1 +++
450 rt_sigprocmask(SIG_UNBLOCK, [SYS], NULL, 8) = 0
450 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
450 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=39, filter=[BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0x4), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x40000028, 0x1, 0), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP), BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO|0xd), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x14, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x107, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x3, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x6, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x125, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x2d, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xa8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x8e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xdc, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xc0, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xa3, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5b, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xf8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xaf, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP)]}) = 0
450 poll([{fd=3, events=POLLIN}], 1, -1 <unfinished ...>
446 <... close resumed> ) = 0
446 close(4 <unfinished ...>
450 <... poll resumed> ) = 1 ([{fd=3, revents=POLLIN|POLLHUP}])
450 read(3, "", 4) = 0
450 close(5) = 0
450 close(3) = 0
450 exit_group(0) = ?
450 +++ exited with 0 +++
446 <... close resumed> ) = 0
446 close(0) = 0
446 rt_sigprocmask(SIG_UNBLOCK, [TERM], NULL, 8) = 0
446 --- SIGTERM {si_signo=SIGTERM, si_code=SI_USER, si_pid=442, si_uid=0} ---
446 sigreturn({mask=[HUP CHLD]}) = 0
446 poll([{fd=5, events=POLLIN}], 1, 1000) = 1 ([{fd=5, revents=POLLIN|POLLHUP}])
446 rt_sigprocmask(SIG_UNBLOCK, [TERM], NULL, 8) = 0
446 close(5) = 0
446 close(6) = 0
446 wait4(450, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 450
446 wait4(451, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 451
446 write(2, "wrappers.c:181: child status 1\n", 31) = 31
446 exit_group(0) = ?
446 +++ exited with 0 +++
445 <... close resumed> ) = 0
445 execve("/srv/http/kcgi", ["/srv/http/kcgi"], ["LANG=en_US.UTF-8", "TERM=screen", "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl", "MAIL=/var/mail/root", "LOGNAME=root", "USER=root", "USERNAME=root", "HOME=/root", "SHELL=/bin/bash", "SUDO_COMMAND=/usr/bin/strace -s 2048 -f -v -o /srv/http/foo/kfcgi.strace kfcgi -d -v -s /run/httpd.sock -p / -- /srv/http/kcgi", "SUDO_USER=xse", "SUDO_UID=1001", "SUDO_GID=1001"]) = 0
445 brk(NULL) = 0xb11000
445 brk(0xb11d08) = 0xb11d08
445 set_tls(0xb114c0) = 0
445 uname({sysname="Linux", nodename="rpi", release="4.14.27-1-ARCH", version="#1 SMP Sat Mar 17 00:42:16 UTC 2018", machine="armv6l", domainname="(none)"}) = 0
445 readlink("/proc/self/exe", "/srv/http/kcgi", 4096) = 14
445 brk(0xb32d08) = 0xb32d08
445 brk(0xb33000) = 0xb33000
445 rt_sigaction(SIGTERM, {sa_handler=0x1043c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
445 rt_sigprocmask(SIG_BLOCK, [TERM], NULL, 8) = 0
445 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0
445 fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
445 fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR)
445 fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
445 fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
445 socketpair(AF_UNIX, SOCK_STREAM, 0, [5, 6]) = 0
445 fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR)
445 fcntl64(6, F_GETFL) = 0x2 (flags O_RDWR)
445 fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0
445 fcntl64(6, F_SETFL, O_RDWR|O_NONBLOCK) = 0
445 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb11068) = 452
445 close(5) = 0
445 close(3) = 0
445 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 5]) = 0
445 fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
445 fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR)
445 fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
445 fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0
452 rt_sigaction(SIGTERM, {sa_handler=SIG_IGN, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, <unfinished ...>
445 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb11068) = 453
452 <... rt_sigaction resumed> {sa_handler=0x1043c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, 8) = 0
445 close(3 <unfinished ...>
452 close(0 <unfinished ...>
445 <... close resumed> ) = 0
452 <... close resumed> ) = 0
452 close(1) = 0
452 close(6) = 0
453 rt_sigaction(SIGTERM, {sa_handler=SIG_IGN, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, <unfinished ...>
452 close(4 <unfinished ...>
453 <... rt_sigaction resumed> {sa_handler=0x1043c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, 8) = 0
452 <... close resumed> ) = 0
453 close(1 <unfinished ...>
452 prlimit64(0, RLIMIT_FSIZE, {rlim_cur=0, rlim_max=0}, <unfinished ...>
453 <... close resumed> ) = 0
452 <... prlimit64 resumed> NULL) = 0
453 close(6) = 0
453 close(5) = 0
453 prlimit64(0, RLIMIT_FSIZE, {rlim_cur=0, rlim_max=0}, NULL) = 0
453 prlimit64(0, RLIMIT_NPROC, {rlim_cur=0, rlim_max=0}, NULL) = 0
453 rt_sigaction(SIGSYS, {sa_handler=0x17d78, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x351b0}, NULL, 8) = 0
453 rt_sigprocmask(SIG_UNBLOCK, [SYS], NULL, 8) = 0
453 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
453 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=45, filter=[BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0x4), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x40000028, 0x1, 0), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP), BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO|0xd), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x14, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x107, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x11d, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x37, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x128, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x129, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x3, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x6, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x125, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x2d, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xa8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x8e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xdc, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xc0, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5b, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xf8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xaf, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP)]}) = 0
453 fcntl64(0, F_GETFL <unfinished ...>
453 --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x51d2c, si_syscall=__NR_fcntl64, si_arch=AUDIT_ARCH_ARM} ---
453 <... fcntl64 resumed> ) = 0x2 (flags O_RDWR)
453 write(86, "ssh_sandbox_violation: unexpected system call (arch:0x40000028,syscall:221 @ 0x51d2c)\n", 86) = 1
453 +++ exited with 1 +++
452 prlimit64(0, RLIMIT_NPROC, {rlim_cur=0, rlim_max=0}, NULL) = 0
452 rt_sigaction(SIGSYS, {sa_handler=0x17d78, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x351b0}, NULL, 8) = 0
452 rt_sigprocmask(SIG_UNBLOCK, [SYS], NULL, 8) = 0
452 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
452 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=39, filter=[BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0x4), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x40000028, 0x1, 0), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP), BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO|0xd), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x14, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x107, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x3, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x6, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x125, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x2d, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xa8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x8e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xdc, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xc0, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xa3, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5b, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xf8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xaf, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP)]}) = 0
452 poll([{fd=3, events=POLLIN}], 1, -1 <unfinished ...>
445 close(4 <unfinished ...>
452 <... poll resumed> ) = 1 ([{fd=3, revents=POLLIN|POLLHUP}])
452 read(3, "", 4) = 0
452 close(5) = 0
452 close(3) = 0
452 exit_group(0) = ?
452 +++ exited with 0 +++
445 <... close resumed> ) = 0
445 close(0) = 0
445 rt_sigprocmask(SIG_UNBLOCK, [TERM], NULL, 8) = 0
445 --- SIGTERM {si_signo=SIGTERM, si_code=SI_USER, si_pid=442, si_uid=0} ---
445 sigreturn({mask=[HUP CHLD]}) = 0
445 poll([{fd=5, events=POLLIN}], 1, 1000) = 1 ([{fd=5, revents=POLLIN|POLLHUP}])
445 rt_sigprocmask(SIG_UNBLOCK, [TERM], NULL, 8) = 0
445 close(5) = 0
445 close(6) = 0
445 wait4(452, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 452
445 wait4(453, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 453
445 write(2, "wrappers.c:181: child status 1\n", 31) = 31
445 exit_group(0) = ?
445 +++ exited with 0 +++
444 <... close resumed> ) = 0
444 execve("/srv/http/kcgi", ["/srv/http/kcgi"], ["LANG=en_US.UTF-8", "TERM=screen", "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl", "MAIL=/var/mail/root", "LOGNAME=root", "USER=root", "USERNAME=root", "HOME=/root", "SHELL=/bin/bash", "SUDO_COMMAND=/usr/bin/strace -s 2048 -f -v -o /srv/http/foo/kfcgi.strace kfcgi -d -v -s /run/httpd.sock -p / -- /srv/http/kcgi", "SUDO_USER=xse", "SUDO_UID=1001", "SUDO_GID=1001"]) = 0
444 brk(NULL) = 0x1e10000
444 brk(0x1e10d08) = 0x1e10d08
444 set_tls(0x1e104c0) = 0
444 uname({sysname="Linux", nodename="rpi", release="4.14.27-1-ARCH", version="#1 SMP Sat Mar 17 00:42:16 UTC 2018", machine="armv6l", domainname="(none)"}) = 0
444 readlink("/proc/self/exe", "/srv/http/kcgi", 4096) = 14
444 brk(0x1e31d08) = 0x1e31d08
444 brk(0x1e32000) = 0x1e32000
444 rt_sigaction(SIGTERM, {sa_handler=0x1043c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
444 rt_sigprocmask(SIG_BLOCK, [TERM], NULL, 8) = 0
444 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0
444 fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
444 fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR)
444 fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
444 fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
444 socketpair(AF_UNIX, SOCK_STREAM, 0, [5, 6]) = 0
444 fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR)
444 fcntl64(6, F_GETFL) = 0x2 (flags O_RDWR)
444 fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0
444 fcntl64(6, F_SETFL, O_RDWR|O_NONBLOCK) = 0
444 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x1e10068) = 454
444 close(5) = 0
444 close(3) = 0
444 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 5]) = 0
444 fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
444 fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR)
444 fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
444 fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0
444 clone( <unfinished ...>
454 rt_sigaction(SIGTERM, {sa_handler=SIG_IGN, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, <unfinished ...>
444 <... clone resumed> child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x1e10068) = 455
454 <... rt_sigaction resumed> {sa_handler=0x1043c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, 8) = 0
444 close(3 <unfinished ...>
454 close(0 <unfinished ...>
444 <... close resumed> ) = 0
454 <... close resumed> ) = 0
444 close(4 <unfinished ...>
454 close(1 <unfinished ...>
455 rt_sigaction(SIGTERM, {sa_handler=SIG_IGN, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, <unfinished ...>
454 <... close resumed> ) = 0
455 <... rt_sigaction resumed> {sa_handler=0x1043c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, 8) = 0
454 close(6 <unfinished ...>
455 close(1 <unfinished ...>
454 <... close resumed> ) = 0
455 <... close resumed> ) = 0
454 close(4 <unfinished ...>
455 close(6 <unfinished ...>
454 <... close resumed> ) = 0
455 <... close resumed> ) = 0
455 close(5) = 0
455 prlimit64(0, RLIMIT_FSIZE, {rlim_cur=0, rlim_max=0}, NULL) = 0
455 prlimit64(0, RLIMIT_NPROC, {rlim_cur=0, rlim_max=0}, NULL) = 0
455 rt_sigaction(SIGSYS, {sa_handler=0x17d78, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x351b0}, NULL, 8) = 0
455 rt_sigprocmask(SIG_UNBLOCK, [SYS], NULL, 8) = 0
455 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
455 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=45, filter=[BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0x4), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x40000028, 0x1, 0), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP), BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO|0xd), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x14, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x107, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x11d, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x37, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x128, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x129, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x3, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x6, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x125, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x2d, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xa8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x8e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xdc, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xc0, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5b, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xf8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xaf, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP)]}) = 0
455 fcntl64(0, F_GETFL <unfinished ...>
455 --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x51d2c, si_syscall=__NR_fcntl64, si_arch=AUDIT_ARCH_ARM} ---
455 <... fcntl64 resumed> ) = 0x2 (flags O_RDWR)
455 write(86, "ssh_sandbox_violation: unexpected system call (arch:0x40000028,syscall:221 @ 0x51d2c)\n", 86) = 1
455 +++ exited with 1 +++
454 prlimit64(0, RLIMIT_FSIZE, {rlim_cur=0, rlim_max=0}, NULL) = 0
454 prlimit64(0, RLIMIT_NPROC, {rlim_cur=0, rlim_max=0}, NULL) = 0
454 rt_sigaction(SIGSYS, {sa_handler=0x17d78, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x351b0}, NULL, 8) = 0
454 rt_sigprocmask(SIG_UNBLOCK, [SYS], NULL, 8) = 0
454 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
454 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=39, filter=[BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0x4), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x40000028, 0x1, 0), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP), BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO|0xd), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x14, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x107, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x3, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x6, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x125, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x2d, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xa8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x8e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xdc, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xc0, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xa3, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5b, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xf8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xaf, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP)]}) = 0
454 poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN|POLLHUP}])
454 read(3, "", 4) = 0
454 close(5) = 0
454 close(3) = 0
454 exit_group(0) = ?
454 +++ exited with 0 +++
444 <... close resumed> ) = 0
444 close(0) = 0
444 rt_sigprocmask(SIG_UNBLOCK, [TERM], NULL, 8) = 0
444 --- SIGTERM {si_signo=SIGTERM, si_code=SI_USER, si_pid=442, si_uid=0} ---
444 sigreturn({mask=[HUP CHLD]}) = 0
444 poll([{fd=5, events=POLLIN}], 1, 1000) = 1 ([{fd=5, revents=POLLIN|POLLHUP}])
444 rt_sigprocmask(SIG_UNBLOCK, [TERM], NULL, 8) = 0
444 close(5) = 0
444 close(6) = 0
444 wait4(454, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 454
444 wait4(455, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 455
444 write(2, "wrappers.c:181: child status 1\n", 31) = 31
444 exit_group(0) = ?
444 +++ exited with 0 +++
443 close(3) = 0
443 execve("/srv/http/kcgi", ["/srv/http/kcgi"], ["LANG=en_US.UTF-8", "TERM=screen", "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl", "MAIL=/var/mail/root", "LOGNAME=root", "USER=root", "USERNAME=root", "HOME=/root", "SHELL=/bin/bash", "SUDO_COMMAND=/usr/bin/strace -s 2048 -f -v -o /srv/http/foo/kfcgi.strace kfcgi -d -v -s /run/httpd.sock -p / -- /srv/http/kcgi", "SUDO_USER=xse", "SUDO_UID=1001", "SUDO_GID=1001"]) = 0
443 brk(NULL) = 0x1f52000
443 brk(0x1f52d08) = 0x1f52d08
443 set_tls(0x1f524c0) = 0
443 uname({sysname="Linux", nodename="rpi", release="4.14.27-1-ARCH", version="#1 SMP Sat Mar 17 00:42:16 UTC 2018", machine="armv6l", domainname="(none)"}) = 0
443 readlink("/proc/self/exe", "/srv/http/kcgi", 4096) = 14
443 brk(0x1f73d08) = 0x1f73d08
443 brk(0x1f74000) = 0x1f74000
443 rt_sigaction(SIGTERM, {sa_handler=0x1043c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
443 rt_sigprocmask(SIG_BLOCK, [TERM], NULL, 8) = 0
443 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0
443 fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
443 fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR)
443 fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
443 fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
443 socketpair(AF_UNIX, SOCK_STREAM, 0, [5, 6]) = 0
443 fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR)
443 fcntl64(6, F_GETFL) = 0x2 (flags O_RDWR)
443 fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0
443 fcntl64(6, F_SETFL, O_RDWR|O_NONBLOCK) = 0
443 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x1f52068) = 456
443 close(5) = 0
443 close(3) = 0
443 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 5]) = 0
443 fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
443 fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR)
443 fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
443 fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0
443 clone( <unfinished ...>
456 rt_sigaction(SIGTERM, {sa_handler=SIG_IGN, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, <unfinished ...>
443 <... clone resumed> child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x1f52068) = 457
456 <... rt_sigaction resumed> {sa_handler=0x1043c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, 8) = 0
443 close(3 <unfinished ...>
456 close(0 <unfinished ...>
443 <... close resumed> ) = 0
456 <... close resumed> ) = 0
443 close(4 <unfinished ...>
456 close(1) = 0
457 rt_sigaction(SIGTERM, {sa_handler=SIG_IGN, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, <unfinished ...>
456 close(6 <unfinished ...>
457 <... rt_sigaction resumed> {sa_handler=0x1043c, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x351a0}, 8) = 0
456 <... close resumed> ) = 0
457 close(1 <unfinished ...>
456 close(4 <unfinished ...>
457 <... close resumed> ) = 0
456 <... close resumed> ) = 0
457 close(6 <unfinished ...>
456 prlimit64(0, RLIMIT_FSIZE, {rlim_cur=0, rlim_max=0}, <unfinished ...>
457 <... close resumed> ) = 0
457 close(5) = 0
457 prlimit64(0, RLIMIT_FSIZE, {rlim_cur=0, rlim_max=0}, NULL) = 0
457 prlimit64(0, RLIMIT_NPROC, {rlim_cur=0, rlim_max=0}, NULL) = 0
457 rt_sigaction(SIGSYS, {sa_handler=0x17d78, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x351b0}, NULL, 8) = 0
457 rt_sigprocmask(SIG_UNBLOCK, [SYS], NULL, 8) = 0
457 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
457 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=45, filter=[BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0x4), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x40000028, 0x1, 0), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP), BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO|0xd), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x14, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x107, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x11d, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x37, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x128, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x129, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x3, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x6, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x125, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x2d, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xa8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x8e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xdc, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xc0, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5b, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xf8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xaf, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP)]}) = 0
457 fcntl64(0, F_GETFL <unfinished ...>
457 --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x51d2c, si_syscall=__NR_fcntl64, si_arch=AUDIT_ARCH_ARM} ---
457 <... fcntl64 resumed> ) = 0x2 (flags O_RDWR)
457 write(86, "ssh_sandbox_violation: unexpected system call (arch:0x40000028,syscall:221 @ 0x51d2c)\n", 86) = 1
457 +++ exited with 1 +++
456 <... prlimit64 resumed> NULL) = 0
456 prlimit64(0, RLIMIT_NPROC, {rlim_cur=0, rlim_max=0}, NULL) = 0
456 rt_sigaction(SIGSYS, {sa_handler=0x17d78, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x351b0}, NULL, 8) = 0
456 rt_sigprocmask(SIG_UNBLOCK, [SYS], NULL, 8) = 0
456 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
456 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=39, filter=[BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0x4), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x40000028, 0x1, 0), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP), BPF_STMT(BPF_LD|BPF_W|BPF_ABS, 0), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO|0xd), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x14, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x107, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x3, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x4, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x6, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x125, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x2d, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xa8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x8e, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xdc, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xc0, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xa3, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0x5b, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xf8, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 0xaf, 0, 0x1), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP)]}) = 0
456 poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN|POLLHUP}])
456 read(3, "", 4) = 0
456 close(5) = 0
456 close(3) = 0
456 exit_group(0) = ?
456 +++ exited with 0 +++
443 <... close resumed> ) = 0
443 close(0) = 0
443 rt_sigprocmask(SIG_UNBLOCK, [TERM], NULL, 8) = 0
443 --- SIGTERM {si_signo=SIGTERM, si_code=SI_USER, si_pid=442, si_uid=0} ---
443 sigreturn({mask=[HUP CHLD]}) = 0
443 poll([{fd=5, events=POLLIN}], 1, 1000) = 1 ([{fd=5, revents=POLLIN|POLLHUP}])
443 rt_sigprocmask(SIG_UNBLOCK, [TERM], NULL, 8) = 0
443 close(5) = 0
443 close(6) = 0
443 wait4(456, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 456
443 wait4(457, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 457
443 write(2, "wrappers.c:181: child status 1\n", 31) = 31
443 exit_group(0) = ?
443 +++ exited with 0 +++
442 <... wait4 resumed> NULL, 0, NULL) = 443
442 wait4(444, NULL, 0, NULL) = 444
442 wait4(445, NULL, 0, NULL) = 445
442 wait4(446, NULL, 0, NULL) = 446
442 wait4(447, NULL, 0, NULL) = 447
442 rt_sigaction(SIGCHLD, {sa_handler=0x4e2190, sa_mask=[CHLD], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x76e998e0}, {sa_handler=SIG_DFL, sa_mask=[CHLD], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x76e998e0}, 8) = 0
442 exit_group(0) = ?
442 +++ exited with 0 +++
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment