./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3916149554 <...> [ 6.653693][ T30] audit: type=1400 audit(1738005120.455:28): avc: denied { write open } for pid=122 comm="dbus-daemon" path="/run/messagebus.pid" dev="tmpfs" ino=407 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 6.660682][ T30] audit: type=1400 audit(1738005120.455:29): avc: denied { getattr } for pid=122 comm="dbus-daemon" path="/run/messagebus.pid" dev="tmpfs" ino=407 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 6.776181][ T30] audit: type=1400 audit(1738005120.605:30): avc: denied { search } for pid=136 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 17.981268][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 17.981309][ T30] audit: type=1400 audit(1738005131.795:61): avc: denied { transition } for pid=242 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 17.989179][ T30] audit: type=1400 audit(1738005131.795:62): avc: denied { noatsecure } for pid=242 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 17.996534][ T30] audit: type=1400 audit(1738005131.805:63): avc: denied { write } for pid=242 comm="sh" path="pipe:[14089]" dev="pipefs" ino=14089 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 18.009610][ T30] audit: type=1400 audit(1738005131.805:64): avc: denied { rlimitinh } for pid=242 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 18.028586][ T30] audit: type=1400 audit(1738005131.805:65): avc: denied { siginh } for pid=242 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.675943][ T273] sftp-server (273) used greatest stack depth: 22064 bytes left Warning: Permanently added '10.128.10.17' (ED25519) to the list of known hosts. execve("./syz-executor3916149554", ["./syz-executor3916149554"], 0x7ffe25e949a0 /* 10 vars */) = 0 brk(NULL) = 0x555562f31000 brk(0x555562f31d40) = 0x555562f31d40 arch_prctl(ARCH_SET_FS, 0x555562f313c0) = 0 set_tid_address(0x555562f31690) = 297 set_robust_list(0x555562f316a0, 24) = 0 rseq(0x555562f31ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3916149554", 4096) = 28 getrandom("\xde\x5a\xc1\xcd\x0c\xd3\x35\x22", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555562f31d40 brk(0x555562f52d40) = 0x555562f52d40 brk(0x555562f53000) = 0x555562f53000 mprotect(0x7fa6a0071000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562f31690) = 298 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 298 attached , child_tidptr=0x555562f31690) = 299 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] set_robust_list(0x555562f316a0, 24./strace-static-x86_64: Process 300 attached [pid 297] <... clone resumed>, child_tidptr=0x555562f31690) = 300 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] set_robust_list(0x555562f316a0, 24 [pid 298] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 301 attached [pid 297] <... clone resumed>, child_tidptr=0x555562f31690) = 301 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562f31690) = 302 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x555562f316a0, 24) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562f31690) = 303 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x555562f316a0, 24) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... clone resumed>, child_tidptr=0x555562f31690) = 304 [pid 300] <... set_robust_list resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x555562f31690) = 305 ./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x555562f316a0, 24) = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 305 attached [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3 [pid 305] set_robust_list(0x555562f316a0, 24 [pid 303] <... close resumed>) = 0 executing program [pid 303] write(1, "executing program\n", 18 [pid 305] <... set_robust_list resumed>) = 0 [pid 303] <... write resumed>) = 18 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 303] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6a00135d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6a0004c50}, NULL, 8) = 0 [pid 305] <... prctl resumed>) = 0 [pid 303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 305] setpgid(0, 0 [pid 303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa69ff8e000 [pid 305] <... setpgid resumed>) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 303] mprotect(0x7fa69ff8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 303] rt_sigprocmask(SIG_BLOCK, ~[], [pid 305] <... openat resumed>) = 3 [pid 303] <... rt_sigprocmask resumed>[], 8) = 0 [pid 303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa69ffae990, parent_tid=0x7fa69ffae990, exit_signal=0, stack=0x7fa69ff8e000, stack_size=0x20300, tls=0x7fa69ffae6c0} [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3executing program ) = 0 [pid 305] write(1, "executing program\n", 18) = 18 [pid 305] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... clone3 resumed> => {parent_tid=[307]}, 88) = 307 [pid 303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] <... futex resumed>) = 0 [pid 303] futex(0x7fa6a0077328, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6a00135d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6a0004c50}, [pid 303] <... futex resumed>) = 0 [pid 305] <... rt_sigaction resumed>NULL, 8) = 0 [pid 303] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa69ff8e000 [pid 305] mprotect(0x7fa69ff8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555562f31690) = 306 [pid 301] set_robust_list(0x555562f316a0, 24 [pid 305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa69ffae990, parent_tid=0x7fa69ffae990, exit_signal=0, stack=0x7fa69ff8e000, stack_size=0x20300, tls=0x7fa69ffae6c0} => {parent_tid=[308]}, 88) = 308 ./strace-static-x86_64: Process 304 attached [pid 301] <... set_robust_list resumed>) = 0 [pid 305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] futex(0x7fa6a0077328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x7fa69ffae9a0, 24) = 0 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=2, max_entries=12, map_flags=BPF_F_MMAPABLE|BPF_F_INNER_MAP, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72./strace-static-x86_64: Process 308 attached ./strace-static-x86_64: Process 306 attached [pid 304] set_robust_list(0x555562f316a0, 24 [ 27.364213][ T30] audit: type=1400 audit(1738005141.195:66): avc: denied { execmem } for pid=297 comm="syz-executor391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 307] <... bpf resumed>) = 3 [pid 307] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 303] futex(0x7fa6a0077328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 1 [pid 307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x555562f316a0, 24) = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] write(1, "executing program\n", 18) = 18 [pid 309] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6a00135d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6a0004c50}, NULL, 8) = 0 [pid 309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa69ff8e000 [pid 309] mprotect(0x7fa69ff8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa69ffae990, parent_tid=0x7fa69ffae990, exit_signal=0, stack=0x7fa69ff8e000, stack_size=0x20300, tls=0x7fa69ffae6c0} => {parent_tid=[310]}, 88) = 310 [pid 309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 309] futex(0x7fa6a0077328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x7fa69ffae9a0, 24) = 0 [pid 310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 310] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=2, max_entries=12, map_flags=BPF_F_MMAPABLE|BPF_F_INNER_MAP, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 310] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 309] futex(0x7fa6a0077328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] <... futex resumed>) = 1 [pid 310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 301] <... clone resumed>, child_tidptr=0x555562f31690) = 309 [pid 306] set_robust_list(0x555562f316a0, 24) = 0 [pid 304] <... set_robust_list resumed>) = 0 [pid 308] set_robust_list(0x7fa69ffae9a0, 24 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 308] <... set_robust_list resumed>) = 0 [pid 306] <... prctl resumed>) = 0 [pid 308] rt_sigprocmask(SIG_SETMASK, [], [pid 304] <... prctl resumed>) = 0 [pid 308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 306] setpgid(0, 0 [pid 304] setpgid(0, 0 [pid 308] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=2, max_entries=12, map_flags=BPF_F_MMAPABLE|BPF_F_INNER_MAP, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 306] <... setpgid resumed>) = 0 [pid 304] <... setpgid resumed>) = 0 [pid 308] <... bpf resumed>) = 3 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 308] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 308] <... futex resumed>) = 1 [pid 305] <... futex resumed>) = 0 [pid 306] <... openat resumed>) = 3 [pid 308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 305] futex(0x7fa6a0077328, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] write(3, "1000", 4 [pid 304] <... openat resumed>) = 3 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... write resumed>) = 4 [pid 304] write(3, "1000", 4) = 4 [pid 306] close(3 [pid 304] close(3 [pid 306] <... close resumed>) = 0 [pid 304] <... close resumed>) = 0 [pid 306] write(1, "executing program\n", 18 [pid 304] write(1, "executing program\n", 18executing program executing program [pid 306] <... write resumed>) = 18 [pid 304] <... write resumed>) = 18 [pid 304] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000 [ 27.396663][ T30] audit: type=1400 audit(1738005141.225:67): avc: denied { map_create } for pid=303 comm="syz-executor391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 27.417946][ T30] audit: type=1400 audit(1738005141.225:68): avc: denied { perfmon } for pid=303 comm="syz-executor391" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 306] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] <... futex resumed>) = 0 [pid 303] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 303] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 303] futex(0x7fa6a007733c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa69ff6d000 [pid 303] mprotect(0x7fa69ff6e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa69ff8d990, parent_tid=0x7fa69ff8d990, exit_signal=0, stack=0x7fa69ff6d000, stack_size=0x20300, tls=0x7fa69ff8d6c0} => {parent_tid=[311]}, 88) = 311 [pid 303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 303] futex(0x7fa6a0077338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fa6a007733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000}./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x7fa69ff8d9a0, 24) = 0 [pid 311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 311] futex(0x7fa6a007733c, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 311] <... futex resumed>) = 1 [pid 311] futex(0x7fa6a0077338, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 309] futex(0x7fa6a007733c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa69ff6d000 [pid 309] mprotect(0x7fa69ff6e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa69ff8d990, parent_tid=0x7fa69ff8d990, exit_signal=0, stack=0x7fa69ff6d000, stack_size=0x20300, tls=0x7fa69ff8d6c0} => {parent_tid=[312]}, 88) = 312 [pid 309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 309] futex(0x7fa6a0077338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7fa6a007733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 306] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6a00135d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6a0004c50}, [pid 304] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6a00135d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6a0004c50}, [pid 306] <... rt_sigaction resumed>NULL, 8) = 0 [pid 304] <... rt_sigaction resumed>NULL, 8) = 0 [pid 306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 306] <... mmap resumed>) = 0x7fa69ff8e000 [pid 304] <... mmap resumed>) = 0x7fa69ff8e000 [pid 305] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 305] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 305] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 305] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}./strace-static-x86_64: Process 312 attached ) = -1 ETIMEDOUT (Connection timed out) [pid 305] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 312] set_robust_list(0x7fa69ff8d9a0, 24 [pid 305] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 305] futex(0x7fa6a007733c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa69ff6d000 [pid 305] mprotect(0x7fa69ff6e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa69ff8d990, parent_tid=0x7fa69ff8d990, exit_signal=0, stack=0x7fa69ff6d000, stack_size=0x20300, tls=0x7fa69ff8d6c0} => {parent_tid=[313]}, 88) = 313 [pid 305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] futex(0x7fa6a0077338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7fa6a007733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 312] <... set_robust_list resumed>) = 0 [pid 312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 312] futex(0x7fa6a007733c, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 312] <... futex resumed>) = 1 [pid 312] futex(0x7fa6a0077338, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 313 attached [pid 313] set_robust_list(0x7fa69ff8d9a0, 24) = 0 [pid 313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 313] futex(0x7fa6a007733c, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 313] <... futex resumed>) = 1 [pid 313] futex(0x7fa6a0077338, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] mprotect(0x7fa69ff8f000, 131072, PROT_READ|PROT_WRITE [pid 304] mprotect(0x7fa69ff8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] <... mprotect resumed>) = 0 [pid 304] rt_sigprocmask(SIG_BLOCK, ~[], [pid 306] rt_sigprocmask(SIG_BLOCK, ~[], [pid 304] <... rt_sigprocmask resumed>[], 8) = 0 [pid 306] <... rt_sigprocmask resumed>[], 8) = 0 [pid 304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa69ffae990, parent_tid=0x7fa69ffae990, exit_signal=0, stack=0x7fa69ff8e000, stack_size=0x20300, tls=0x7fa69ffae6c0} [pid 306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa69ffae990, parent_tid=0x7fa69ffae990, exit_signal=0, stack=0x7fa69ff8e000, stack_size=0x20300, tls=0x7fa69ffae6c0} => {parent_tid=[315]}, 88) = 315 [pid 304] <... clone3 resumed> => {parent_tid=[314]}, 88) = 314 ./strace-static-x86_64: Process 314 attached [pid 314] set_robust_list(0x7fa69ffae9a0, 24) = 0 [pid 314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 314] futex(0x7fa6a0077328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] rt_sigprocmask(SIG_SETMASK, [], [pid 304] rt_sigprocmask(SIG_SETMASK, [], [pid 306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 306] futex(0x7fa6a0077328, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] futex(0x7fa6a0077328, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 ./strace-static-x86_64: Process 315 attached [pid 314] <... futex resumed>) = 0 [pid 314] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=2, max_entries=12, map_flags=BPF_F_MMAPABLE|BPF_F_INNER_MAP, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 315] set_robust_list(0x7fa69ffae9a0, 24 [pid 306] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... bpf resumed>) = 3 [pid 314] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7fa6a0077328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] <... set_robust_list resumed>) = 0 [pid 304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] futex(0x7fa6a0077328, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 314] <... futex resumed>) = 0 [pid 304] <... futex resumed>) = 1 [pid 314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 315] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=2, max_entries=12, map_flags=BPF_F_MMAPABLE|BPF_F_INNER_MAP, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 304] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... bpf resumed>) = 3 [pid 315] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7fa6a0077328, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 306] <... futex resumed>) = 0 [ 27.445167][ T30] audit: type=1400 audit(1738005141.225:69): avc: denied { map_read map_write } for pid=303 comm="syz-executor391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 27.467841][ T30] audit: type=1400 audit(1738005141.225:70): avc: denied { prog_load } for pid=303 comm="syz-executor391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 27.489659][ T30] audit: type=1400 audit(1738005141.225:71): avc: denied { bpf } for pid=303 comm="syz-executor391" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 306] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 304] futex(0x7fa6a007733c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa69ff6d000 [pid 304] mprotect(0x7fa69ff6e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa69ff8d990, parent_tid=0x7fa69ff8d990, exit_signal=0, stack=0x7fa69ff6d000, stack_size=0x20300, tls=0x7fa69ff8d6c0} [pid 306] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 304] <... clone3 resumed> => {parent_tid=[317]}, 88) = 317 [pid 306] futex(0x7fa6a007733c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] rt_sigprocmask(SIG_SETMASK, [], [pid 306] <... futex resumed>) = 0 [pid 304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 304] futex(0x7fa6a0077338, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... mmap resumed>) = 0x7fa69ff6d000 [pid 304] <... futex resumed>) = 0 [pid 306] mprotect(0x7fa69ff6e000, 131072, PROT_READ|PROT_WRITE [pid 304] futex(0x7fa6a007733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 306] <... mprotect resumed>) = 0 [pid 306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa69ff8d990, parent_tid=0x7fa69ff8d990, exit_signal=0, stack=0x7fa69ff6d000, stack_size=0x20300, tls=0x7fa69ff8d6c0} => {parent_tid=[318]}, 88) = 318 ./strace-static-x86_64: Process 318 attached [pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 306] futex(0x7fa6a0077338, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] set_robust_list(0x7fa69ff8d9a0, 24 [pid 306] <... futex resumed>) = 0 [pid 318] <... set_robust_list resumed>) = 0 [pid 306] futex(0x7fa6a007733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 318] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 318] futex(0x7fa6a007733c, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 318] <... futex resumed>) = 1 [pid 318] futex(0x7fa6a0077338, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x7fa69ff8d9a0, 24) = 0 [pid 317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 317] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 317] futex(0x7fa6a007733c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 317] <... futex resumed>) = 1 [pid 317] futex(0x7fa6a0077338, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] exit_group(0) = ? [pid 311] <... futex resumed>) = ? [pid 311] +++ exited with 0 +++ [pid 309] exit_group(0 [pid 312] <... futex resumed>) = ? [pid 309] <... exit_group resumed>) = ? [pid 312] +++ exited with 0 +++ [pid 305] exit_group(0 [pid 313] <... futex resumed>) = ? [pid 305] <... exit_group resumed>) = ? [pid 313] +++ exited with 0 +++ [pid 315] <... bpf resumed>) = 4 [pid 314] <... bpf resumed>) = 4 [pid 310] <... bpf resumed>) = ? [pid 307] <... bpf resumed>) = ? [pid 314] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] +++ exited with 0 +++ [pid 309] +++ exited with 0 +++ [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7fa6a0077328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] +++ exited with 0 +++ [pid 303] +++ exited with 0 +++ [pid 308] <... bpf resumed>) = ? [pid 308] +++ exited with 0 +++ [pid 305] +++ exited with 0 +++ [pid 315] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7fa6a0077328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] exit_group(0 [pid 315] <... futex resumed>) = ? [pid 306] <... exit_group resumed>) = ? [pid 315] +++ exited with 0 +++ [pid 304] exit_group(0 [pid 314] <... futex resumed>) = ? [pid 304] <... exit_group resumed>) = ? [pid 314] +++ exited with 0 +++ [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 318] <... futex resumed>) = ? [pid 317] <... futex resumed>) = ? [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- ./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x555562f316a0, 24 [pid 318] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ [pid 319] <... set_robust_list resumed>) = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 319] <... prctl resumed>) = 0 [pid 317] +++ exited with 0 +++ [pid 304] +++ exited with 0 +++ [pid 302] <... clone resumed>, child_tidptr=0x555562f31690) = 319 [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- executing program [pid 319] <... openat resumed>) = 3 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] write(1, "executing program\n", 18) = 18 [pid 319] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6a00135d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6a0004c50}, NULL, 8) = 0 [pid 319] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa69ff8e000 [pid 319] mprotect(0x7fa69ff8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 319] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... clone resumed>, child_tidptr=0x555562f31690) = 321 [pid 301] <... clone resumed>, child_tidptr=0x555562f31690) = 320 [pid 319] <... rt_sigprocmask resumed>[], 8) = 0 [pid 319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa69ffae990, parent_tid=0x7fa69ffae990, exit_signal=0, stack=0x7fa69ff8e000, stack_size=0x20300, tls=0x7fa69ffae6c0} => {parent_tid=[323]}, 88) = 323 [pid 298] <... clone resumed>, child_tidptr=0x555562f31690) = 322 [pid 319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 319] futex(0x7fa6a0077328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x555562f316a0, 24) = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3executing program ) = 0 [pid 320] write(1, "executing program\n", 18) = 18 [pid 320] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6a00135d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6a0004c50}, NULL, 8) = 0 [pid 320] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa69ff8e000 [pid 320] mprotect(0x7fa69ff8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 320] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa69ffae990, parent_tid=0x7fa69ffae990, exit_signal=0, stack=0x7fa69ff8e000, stack_size=0x20300, tls=0x7fa69ffae6c0} => {parent_tid=[324]}, 88) = 324 [pid 320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 320] futex(0x7fa6a0077328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x7fa69ffae9a0, 24) = 0 [pid 323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 323] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=2, max_entries=12, map_flags=BPF_F_MMAPABLE|BPF_F_INNER_MAP, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 323] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7fa6a0077328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 324 attached ./strace-static-x86_64: Process 322 attached ./strace-static-x86_64: Process 321 attached ) = 4 [pid 324] set_robust_list(0x7fa69ffae9a0, 24 [pid 322] set_robust_list(0x555562f316a0, 24 [pid 321] set_robust_list(0x555562f316a0, 24 [pid 323] futex(0x7fa6a007732c, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... set_robust_list resumed>) = 0 [pid 321] <... set_robust_list resumed>) = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 322] <... prctl resumed>) = 0 [pid 321] <... prctl resumed>) = 0 [pid 322] setpgid(0, 0 [pid 321] setpgid(0, 0 [pid 322] <... setpgid resumed>) = 0 [pid 321] <... setpgid resumed>) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 323] <... futex resumed>) = 1 [pid 319] <... futex resumed>) = 0 [pid 300] <... restart_syscall resumed>) = 0 [pid 324] <... set_robust_list resumed>) = 0 [pid 323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 322] <... openat resumed>) = 3 [pid 321] <... openat resumed>) = 3 [pid 319] futex(0x7fa6a0077328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7fa6a007732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} executing program executing program executing program executing program [ 27.687394][ T30] audit: type=1400 audit(1738005141.515:72): avc: denied { prog_run } for pid=306 comm="syz-executor391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 28.524832][ T1] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000008 [ 28.533146][ T1] CPU: 1 PID: 1 Comm: init Not tainted 5.15.176-syzkaller-00066-gd1a25a6a4b3b #0 [ 28.542099][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 28.551984][ T1] Call Trace: [ 28.555097][ T1] [ 28.557877][ T1] dump_stack_lvl+0x151/0x1c0 [ 28.562393][ T1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 28.567876][ T1] ? __percpu_down_read+0xc2/0x300 [ 28.572810][ T1] dump_stack+0x15/0x20 [ 28.576799][ T1] panic+0x287/0x760 [ 28.580535][ T1] ? do_exit+0x240b/0x2ca0 [ 28.584784][ T1] ? fb_is_primary_device+0xe0/0xe0 [ 28.589820][ T1] ? __kasan_check_write+0x14/0x20 [ 28.594950][ T1] ? sync_mm_rss+0x28a/0x2e0 [ 28.599371][ T1] do_exit+0x2425/0x2ca0 [ 28.603455][ T1] ? put_task_struct+0x80/0x80 [ 28.608052][ T1] ? schedule_timeout+0xa9/0x370 [ 28.612829][ T1] ? __kasan_check_write+0x14/0x20 [ 28.617769][ T1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 28.622722][ T1] ? _raw_spin_lock_irqsave+0x210/0x210 [ 28.628102][ T1] do_group_exit+0x141/0x310 [ 28.632527][ T1] get_signal+0x7a3/0x1630 [ 28.636785][ T1] arch_do_signal_or_restart+0xbd/0x1680 [ 28.642247][ T1] ? __kasan_check_write+0x14/0x20 [ 28.647194][ T1] ? put_pid+0xd7/0x110 [ 28.651186][ T1] ? kernel_clone+0x6cf/0x9e0 [ 28.655702][ T1] ? create_io_thread+0x1e0/0x1e0 [ 28.660559][ T1] ? get_timespec64+0x197/0x270 [ 28.665251][ T1] ? get_sigframe_size+0x10/0x10 [ 28.670020][ T1] ? __x64_sys_wait4+0x181/0x1e0 [ 28.674797][ T1] exit_to_user_mode_loop+0xa0/0xe0 [ 28.679830][ T1] exit_to_user_mode_prepare+0x5a/0xa0 [ 28.685121][ T1] syscall_exit_to_user_mode+0x26/0x160 [ 28.690526][ T1] do_syscall_64+0x47/0xb0 [ 28.694762][ T1] ? clear_bhb_loop+0x35/0x90 [ 28.699274][ T1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 28.705007][ T1] RIP: 0033:0x7f60bfcc6a68 [ 28.709253][ T1] Code: 00 48 8d b8 e0 02 00 00 48 89 b8 d8 02 00 00 48 89 b8 e0 02 00 00 b8 11 01 00 00 0f 05 44 89 c0 c3 90 5f b8 3a 00 00 00 0f 05 <57> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 90 43 0f 00 f7 d8 64 89 01 48 [ 28.728702][ T1] RSP: 002b:00007ffc965a1370 EFLAGS: 00000246 ORIG_RAX: 000000000000003a [ 28.736940][ T1] RAX: 00000000000001f8 RBX: 0000559ed361dab0 RCX: 00007f60bfcc6a68 [ 28.744757][ T1] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00007f60bfe51bed [ 28.752572][ T1] RBP: 00007f60bfe8c528 R08: 0000000000000007 R09: 52d792d84e1cfbcc [ 28.760374][ T1] R10: 00007ffc965a13b0 R11: 0000000000000246 R12: 0000000000000000 [ 28.768188][ T1] R13: 0000000000000018 R14: 0000559ea6ff2169 R15: 00007f60bfebda80 [ 28.775998][ T1] [ 28.779228][ T1] Kernel Offset: disabled [ 28.783370][ T1] Rebooting in 86400 seconds..