./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2646330686 <...> Warning: Permanently added '10.128.0.237' (ED25519) to the list of known hosts. execve("./syz-executor2646330686", ["./syz-executor2646330686"], 0x7ffe33ccdf50 /* 10 vars */) = 0 brk(NULL) = 0x555583dd5000 brk(0x555583dd5e00) = 0x555583dd5e00 arch_prctl(ARCH_SET_FS, 0x555583dd5480) = 0 set_tid_address(0x555583dd5750) = 293 set_robust_list(0x555583dd5760, 24) = 0 rseq(0x555583dd5da0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2646330686", 4096) = 28 getrandom("\x94\x6b\x39\x5b\x6a\x52\xef\xde", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555583dd5e00 brk(0x555583df6e00) = 0x555583df6e00 brk(0x555583df7000) = 0x555583df7000 mprotect(0x7f9eb6118000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f9eb6073920, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f9eb607bbc0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f9eb6073920, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f9eb607bbc0}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583dd5750) = 294 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583dd5750) = 295 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583dd5750) = 296 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583dd5750) = 297 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583dd5750) = 298 ./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x555583dd5760, 24) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583dd5750) = 299 ./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x555583dd5760, 24) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583dd5750) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x555583dd5760, 24) = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 294 attached ./strace-static-x86_64: Process 295 attached [pid 300] close(3./strace-static-x86_64: Process 296 attached ./strace-static-x86_64: Process 299 attached [pid 296] set_robust_list(0x555583dd5760, 24 [pid 295] set_robust_list(0x555583dd5760, 24 [pid 294] set_robust_list(0x555583dd5760, 24 [pid 300] <... close resumed>) = 0 [pid 296] <... set_robust_list resumed>) = 0 [pid 295] <... set_robust_list resumed>) = 0 [pid 294] <... set_robust_list resumed>) = 0 [pid 299] set_robust_list(0x555583dd5760, 24 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] write(1, "executing program\n", 18executing program ) = 18 [pid 300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=2, max_entries=4, map_flags=BPF_F_NO_PREALLOC|BPF_F_NUMA_NODE, inner_map_fd=-1, numa_node=0, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72./strace-static-x86_64: Process 303 attached ./strace-static-x86_64: Process 301 attached [pid 299] <... set_robust_list resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555583dd5750) = 301 [pid 294] <... clone resumed>, child_tidptr=0x555583dd5750) = 302 [pid 295] <... clone resumed>, child_tidptr=0x555583dd5750) = 303 executing program [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] <... bpf resumed>) = 3 [pid 300] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000040, value=0x20000500, flags=BPF_ANY}, 32) = 0 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x555583dd5760, 24) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] write(1, "executing program\n", 18) = 18 [pid 302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=2, max_entries=4, map_flags=BPF_F_NO_PREALLOC|BPF_F_NUMA_NODE, inner_map_fd=-1, numa_node=0, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 302] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000040, value=0x20000500, flags=BPF_ANY}, 32) = 0 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 299] <... prctl resumed>) = 0 [pid 299] setpgid(0, 0 [pid 303] set_robust_list(0x555583dd5760, 24 [pid 299] <... setpgid resumed>) = 0 [pid 303] <... set_robust_list resumed>) = 0 [ 22.527481][ T30] audit: type=1400 audit(1735199988.832:66): avc: denied { execmem } for pid=293 comm="syz-executor264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.550419][ T30] audit: type=1400 audit(1735199988.852:67): avc: denied { map_create } for pid=300 comm="syz-executor264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 301] set_robust_list(0x555583dd5760, 24 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 301] <... set_robust_list resumed>) = 0 [pid 303] <... prctl resumed>) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] <... openat resumed>) = 3 [pid 303] setpgid(0, 0 [pid 301] <... prctl resumed>) = 0 [pid 303] <... setpgid resumed>) = 0 [pid 299] write(3, "1000", 4 [pid 301] setpgid(0, 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] <... setpgid resumed>) = 0 [pid 299] <... write resumed>) = 4 [pid 303] <... openat resumed>) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 executing program [pid 303] write(1, "executing program\n", 18) = 18 [pid 303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=2, max_entries=4, map_flags=BPF_F_NO_PREALLOC|BPF_F_NUMA_NODE, inner_map_fd=-1, numa_node=0, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 303] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000040, value=0x20000500, flags=BPF_ANY}, 32) = 0 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] close(3 [pid 301] <... openat resumed>) = 3 [pid 299] <... close resumed>) = 0 [ 22.570770][ T30] audit: type=1400 audit(1735199988.852:68): avc: denied { bpf } for pid=300 comm="syz-executor264" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 22.592469][ T30] audit: type=1400 audit(1735199988.852:69): avc: denied { map_read map_write } for pid=300 comm="syz-executor264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 executing program [pid 301] write(3, "1000", 4 [pid 299] write(1, "executing program\n", 18 [pid 301] <... write resumed>) = 4 [pid 299] <... write resumed>) = 18 [pid 301] close(3 [pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=2, max_entries=4, map_flags=BPF_F_NO_PREALLOC|BPF_F_NUMA_NODE, inner_map_fd=-1, numa_node=0, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 301] <... close resumed>) = 0 executing program [pid 301] write(1, "executing program\n", 18 [pid 299] <... bpf resumed>) = 3 [pid 301] <... write resumed>) = 18 [pid 299] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000040, value=0x20000500, flags=BPF_ANY}, 32 [pid 301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=2, max_entries=4, map_flags=BPF_F_NO_PREALLOC|BPF_F_NUMA_NODE, inner_map_fd=-1, numa_node=0, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 299] <... bpf resumed>) = 0 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 301] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000040, value=0x20000500, flags=BPF_ANY}, 32) = 0 [ 22.613371][ T30] audit: type=1400 audit(1735199988.852:70): avc: denied { prog_load } for pid=300 comm="syz-executor264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 22.632787][ T30] audit: type=1400 audit(1735199988.852:71): avc: denied { perfmon } for pid=300 comm="syz-executor264" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 302] <... bpf resumed>) = 4 [pid 300] <... bpf resumed>) = 4 [pid 303] <... bpf resumed>) = 4 [pid 299] <... bpf resumed>) = 4 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 303] <... bpf resumed>) = 5 [pid 302] <... bpf resumed>) = 5 [pid 299] <... bpf resumed>) = 5 [pid 301] <... bpf resumed>) = 4 [pid 300] <... bpf resumed>) = 5 [pid 303] exit_group(0 [pid 302] exit_group(0 [pid 299] exit_group(0executing program executing program executing program executing program executing program [ 22.803926][ T30] audit: type=1400 audit(1735199989.112:73): avc: denied { prog_run } for pid=302 comm="syz-executor264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 22.822927][ T30] audit: type=1400 audit(1735199989.112:72): avc: denied { prog_run } for pid=300 comm="syz-executor264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 23.129120][ T1] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000008 [ 23.137438][ T1] CPU: 1 PID: 1 Comm: init Not tainted 5.15.173-syzkaller-00161-gb4bd207b0380 #0 [ 23.146368][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 23.156266][ T1] Call Trace: [ 23.159450][ T1] [ 23.162169][ T1] dump_stack_lvl+0x151/0x1c0 [ 23.166681][ T1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 23.172145][ T1] ? __percpu_down_read+0xc2/0x300 [ 23.177095][ T1] dump_stack+0x15/0x20 [ 23.181083][ T1] panic+0x287/0x760 [ 23.184822][ T1] ? do_exit+0x240b/0x2ca0 [ 23.189073][ T1] ? fb_is_primary_device+0xe0/0xe0 [ 23.194109][ T1] ? __kasan_check_write+0x14/0x20 [ 23.199059][ T1] ? sync_mm_rss+0x28a/0x2e0 [ 23.203483][ T1] do_exit+0x2425/0x2ca0 [ 23.207572][ T1] ? put_task_struct+0x80/0x80 [ 23.212160][ T1] ? schedule_timeout+0xa9/0x370 [ 23.216931][ T1] ? __kasan_check_write+0x14/0x20 [ 23.221878][ T1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.226828][ T1] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.232209][ T1] do_group_exit+0x141/0x310 [ 23.236636][ T1] get_signal+0x7a3/0x1630 [ 23.240894][ T1] arch_do_signal_or_restart+0xbd/0x1680 [ 23.246353][ T1] ? __kasan_check_write+0x14/0x20 [ 23.251303][ T1] ? put_pid+0xd7/0x110 [ 23.255296][ T1] ? kernel_clone+0x6cf/0x9e0 [ 23.259901][ T1] ? create_io_thread+0x1e0/0x1e0 [ 23.264844][ T1] ? get_timespec64+0x197/0x270 [ 23.269626][ T1] ? get_sigframe_size+0x10/0x10 [ 23.274387][ T1] ? __x64_sys_wait4+0x181/0x1e0 [ 23.279169][ T1] exit_to_user_mode_loop+0xa0/0xe0 [ 23.284196][ T1] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.289494][ T1] syscall_exit_to_user_mode+0x26/0x160 [ 23.294959][ T1] do_syscall_64+0x47/0xb0 [ 23.299209][ T1] ? clear_bhb_loop+0x35/0x90 [ 23.303819][ T1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 23.309539][ T1] RIP: 0033:0x7f4079c09a68 [ 23.313793][ T1] Code: 00 48 8d b8 e0 02 00 00 48 89 b8 d8 02 00 00 48 89 b8 e0 02 00 00 b8 11 01 00 00 0f 05 44 89 c0 c3 90 5f b8 3a 00 00 00 0f 05 <57> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 90 43 0f 00 f7 d8 64 89 01 48 [ 23.333234][ T1] RSP: 002b:00007ffc5bff4010 EFLAGS: 00000246 ORIG_RAX: 000000000000003a [ 23.341570][ T1] RAX: 0000000000000161 RBX: 000055b5e3ef9ab0 RCX: 00007f4079c09a68 [ 23.349379][ T1] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00007f4079d94bed [ 23.357187][ T1] RBP: 00007f4079dcf528 R08: 0000000000000007 R09: 692ed2ea8b9ca3b9 [ 23.365001][ T1] R10: 00007ffc5bff4050 R11: 0000000000000246 R12: 0000000000000000 [ 23.372810][ T1] R13: 0000000000000018 R14: 000055b5cc955169 R15: 00007f4079e00a80 [ 23.380713][ T1] [ 23.383820][ T1] Kernel Offset: disabled [ 23.387953][ T1] Rebooting in 86400 seconds..