./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1570947209 <...> Warning: Permanently added '10.128.0.69' (ED25519) to the list of known hosts. execve("./syz-executor1570947209", ["./syz-executor1570947209"], 0x7ffc1294b3d0 /* 10 vars */) = 0 brk(NULL) = 0x5555558ef000 brk(0x5555558efd00) = 0x5555558efd00 arch_prctl(ARCH_SET_FS, 0x5555558ef380) = 0 set_tid_address(0x5555558ef650) = 294 set_robust_list(0x5555558ef660, 24) = 0 rseq(0x5555558efca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1570947209", 4096) = 28 getrandom("\x19\x48\x5a\x89\x15\x0d\x90\xeb", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555558efd00 brk(0x555555910d00) = 0x555555910d00 brk(0x555555911000) = 0x555555911000 mprotect(0x7fbf22af3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558ef650) = 295 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558ef650) = 296 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558ef650) = 297 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558ef650) = 298 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558ef650) = 299 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x5555558ef660, 24) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558ef650) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x5555558ef660, 24) = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] write(1, "executing program\n", 18executing program ) = 18 [pid 300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 295 attached ./strace-static-x86_64: Process 296 attached ./strace-static-x86_64: Process 297 attached ./strace-static-x86_64: Process 298 attached [pid 297] set_robust_list(0x5555558ef660, 24 [pid 296] set_robust_list(0x5555558ef660, 24 [pid 295] set_robust_list(0x5555558ef660, 24 [pid 298] set_robust_list(0x5555558ef660, 24 [pid 296] <... set_robust_list resumed>) = 0 [pid 295] <... set_robust_list resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... clone resumed>, child_tidptr=0x5555558ef650) = 302 [pid 298] <... set_robust_list resumed>) = 0 [pid 297] <... set_robust_list resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x5555558ef650) = 303 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... clone resumed>, child_tidptr=0x5555558ef650) = 305 [pid 297] <... clone resumed>, child_tidptr=0x5555558ef650) = 304 [ 23.482552][ T30] audit: type=1400 audit(1721468415.792:66): avc: denied { execmem } for pid=294 comm="syz-executor157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.502254][ T30] audit: type=1400 audit(1721468415.792:67): avc: denied { map_create } for pid=300 comm="syz-executor157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x5555558ef660, 24) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0./strace-static-x86_64: Process 303 attached ) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 303] set_robust_list(0x5555558ef660, 24) = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 302] <... openat resumed>) = 3 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x5555558ef660, 24 [pid 303] <... prctl resumed>) = 0 [pid 303] setpgid(0, 0 [pid 305] <... set_robust_list resumed>) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 303] <... setpgid resumed>) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3 [pid 305] <... prctl resumed>) = 0 [pid 305] setpgid(0, 0 [pid 303] <... openat resumed>) = 3 [pid 305] <... setpgid resumed>) = 0 [pid 302] <... close resumed>) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 302] write(1, "executing program\n", 18executing program ) = 18 [pid 302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 305] <... openat resumed>) = 3 [pid 303] write(3, "1000", 4./strace-static-x86_64: Process 304 attached ) = 4 [pid 303] close(3) = 0 [pid 303] write(1, "executing program\n", 18executing program ) = 18 [pid 302] <... bpf resumed>) = 3 [pid 303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 305] write(3, "1000", 4) = 4 [pid 303] <... bpf resumed>) = 3 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 305] close(3) = 0 [pid 305] write(1, "executing program\n", 18executing program ) = 18 [pid 305] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [ 23.523099][ T30] audit: type=1400 audit(1721468415.792:68): avc: denied { perfmon } for pid=300 comm="syz-executor157" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 23.545475][ T30] audit: type=1400 audit(1721468415.792:69): avc: denied { map_read map_write } for pid=300 comm="syz-executor157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 304] set_robust_list(0x5555558ef660, 24) = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] write(1, "executing program\n", 18executing program ) = 18 [pid 304] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [ 23.565611][ T30] audit: type=1400 audit(1721468415.792:70): avc: denied { prog_load } for pid=300 comm="syz-executor157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 23.585081][ T30] audit: type=1400 audit(1721468415.792:71): avc: denied { bpf } for pid=300 comm="syz-executor157" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 302] <... bpf resumed>) = 4 [pid 300] <... bpf resumed>) = 4 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 13executing program [ 23.752261][ T30] audit: type=1400 audit(1721468416.062:73): avc: denied { prog_run } for pid=300 comm="syz-executor157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 23.771668][ T30] audit: type=1400 audit(1721468416.062:72): avc: denied { prog_run } for pid=302 comm="syz-executor157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 25.517080][ T1] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004 [ 25.525509][ T1] CPU: 0 PID: 1 Comm: init Not tainted 5.15.151-syzkaller-00415-gdb06c48ab67e #0 [ 25.534440][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 25.544346][ T1] Call Trace: [ 25.547460][ T1] [ 25.550234][ T1] dump_stack_lvl+0x151/0x1b7 [ 25.554747][ T1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.560221][ T1] dump_stack+0x15/0x17 [ 25.564209][ T1] panic+0x287/0x751 [ 25.567944][ T1] ? do_exit+0x240b/0x2ca0 [ 25.572195][ T1] ? fb_is_primary_device+0xd4/0xd4 [ 25.577229][ T1] ? __kasan_check_write+0x14/0x20 [ 25.582176][ T1] ? sync_mm_rss+0x28a/0x2e0 [ 25.586603][ T1] do_exit+0x2425/0x2ca0 [ 25.590684][ T1] ? __sched_text_start+0x8/0x8 [ 25.595370][ T1] ? put_task_struct+0x80/0x80 [ 25.599968][ T1] ? schedule+0x136/0x1e0 [ 25.604133][ T1] ? __kasan_check_write+0x14/0x20 [ 25.609080][ T1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 25.614029][ T1] ? _raw_spin_lock_irqsave+0x210/0x210 [ 25.619411][ T1] do_group_exit+0x141/0x310 [ 25.623837][ T1] get_signal+0x7a3/0x1630 [ 25.628112][ T1] ? wait_for_common+0x366/0x420 [ 25.632867][ T1] arch_do_signal_or_restart+0xbd/0x1680 [ 25.638335][ T1] ? __kasan_check_write+0x14/0x20 [ 25.643278][ T1] ? put_pid+0xd7/0x110 [ 25.647270][ T1] ? kernel_clone+0x6cf/0x9e0 [ 25.651791][ T1] ? create_io_thread+0x1e0/0x1e0 [ 25.656646][ T1] ? get_sigframe_size+0x10/0x10 [ 25.661419][ T1] ? timespec64_add_safe+0x220/0x220 [ 25.666544][ T1] exit_to_user_mode_loop+0xa0/0xe0 [ 25.671571][ T1] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.676867][ T1] syscall_exit_to_user_mode+0x26/0x160 [ 25.682248][ T1] do_syscall_64+0x49/0xb0 [ 25.686503][ T1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.692237][ T1] RIP: 0033:0x7f6cdf09ea68 [ 25.696485][ T1] Code: 00 48 8d b8 e0 02 00 00 48 89 b8 d8 02 00 00 48 89 b8 e0 02 00 00 b8 11 01 00 00 0f 05 44 89 c0 c3 90 5f b8 3a 00 00 00 0f 05 <57> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 90 43 0f 00 f7 d8 64 89 01 48 [ 25.715931][ T1] RSP: 002b:00007ffd61b8c120 EFLAGS: 00000246 ORIG_RAX: 000000000000003a [ 25.724169][ T1] RAX: 0000000000000201 RBX: 000055ad37590a50 RCX: 00007f6cdf09ea68 [ 25.731982][ T1] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00007f6cdf229bed [ 25.739793][ T1] RBP: 00007f6cdf264528 R08: 0000000000000007 R09: e5c810e7f11600c7 [ 25.747609][ T1] R10: 00007ffd61b8c160 R11: 0000000000000246 R12: 0000000000000000 [ 25.755415][ T1] R13: 0000000000000018 R14: 000055ad3585d169 R15: 00007f6cdf295a80 [ 25.763230][ T1] [ 25.766383][ T1] Kernel Offset: disabled [ 25.770516][ T1] Rebooting in 86400 seconds..