./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor888808266 <...> Warning: Permanently added '10.128.0.93' (ED25519) to the list of known hosts. execve("./syz-executor888808266", ["./syz-executor888808266"], 0x7ffd9a65cd80 /* 10 vars */) = 0 brk(NULL) = 0x555579e90000 brk(0x555579e90d00) = 0x555579e90d00 arch_prctl(ARCH_SET_FS, 0x555579e90380) = 0 set_tid_address(0x555579e90650) = 5835 set_robust_list(0x555579e90660, 24) = 0 rseq(0x555579e90ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor888808266", 4096) = 27 getrandom("\x13\x3e\xe5\xfb\x54\xc2\x1c\x44", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555579e90d00 brk(0x555579eb1d00) = 0x555579eb1d00 brk(0x555579eb2000) = 0x555579eb2000 mprotect(0x7fd1dcf6b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555579e90650) = 5836 ./strace-static-x86_64: Process 5836 attached [pid 5836] set_robust_list(0x555579e90660, 24) = 0 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5836] setpgid(0, 0) = 0 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5836] write(3, "1000", 4) = 4 [pid 5836] close(3) = 0 executing program [pid 5836] write(1, "executing program\n", 18) = 18 [pid 5836] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3 [pid 5836] ioctl(3, SIOCSIFFLAGS, {ifr_name="lo", ifr_flags=0}) = 0 [pid 5836] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 4 [ 70.649803][ T30] audit: type=1400 audit(1732618276.165:88): avc: denied { execmem } for pid=5835 comm="syz-executor888" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 5836] socketpair(AF_UNIX, SOCK_STREAM, 0, [5, 6]) = 0 [pid 5836] ioctl(6, SIOCGIFINDEX, {ifr_name="lo", ifr_ifindex=1}) = 0 [pid 5836] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x34\x00\x00\x00\x14\x00\xb5\x95\x2c\xbc\x70\x00\xff\xdb\xdf\x25\x0a\x00\x80\xc8\x01\x00\x00\x00\x14\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x08\x00\x09\x00\xff\xff\xff\xff", iov_len=52}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_MORE|MSG_FASTOPEN}, MSG_DONTWAIT|MSG_BATCH) = 52 [pid 5836] exit_group(0) = ? [pid 5836] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5837 attached , child_tidptr=0x555579e90650) = 5837 [pid 5837] set_robust_list(0x555579e90660, 24) = 0 [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5837] setpgid(0, 0) = 0 [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5837] write(3, "1000", 4) = 4 [pid 5837] close(3) = 0 executing program [pid 5837] write(1, "executing program\n", 18) = 18 [pid 5837] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3 [pid 5837] ioctl(3, SIOCSIFFLAGS, {ifr_name="lo", ifr_flags=0}) = 0 [pid 5837] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 4 [pid 5837] socketpair(AF_UNIX, SOCK_STREAM, 0, [5, 6]) = 0 [pid 5837] ioctl(6, SIOCGIFINDEX, {ifr_name="lo", ifr_ifindex=1}) = 0 [ 70.756961][ T5837] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 70.769924][ T5837] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 70.778324][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: syz-executor888 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 70.789054][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 70.799082][ T5837] RIP: 0010:__lock_acquire+0xe4/0x3c40 [ 70.804676][ T5837] Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d ca 98 f5 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 07 7f 93 0f 84 [ 70.824264][ T5837] RSP: 0018:ffffc900035d7268 EFLAGS: 00010006 [ 70.830314][ T5837] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 70.838258][ T5837] RDX: 0000000000000006 RSI: 1ffff920006bae5f RDI: 0000000000000030 [ 70.846208][ T5837] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 70.854160][ T5837] R10: ffffffff90608e17 R11: 0000000000000001 R12: 0000000000000030 [ 70.862104][ T5837] R13: ffff888036334880 R14: 0000000000000000 R15: 0000000000000000 [ 70.870053][ T5837] FS: 0000555579e90380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 70.878960][ T5837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.885533][ T5837] CR2: 00007ffc59cc4278 CR3: 0000000072b54000 CR4: 00000000003526f0 [ 70.893481][ T5837] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.901433][ T5837] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.909387][ T5837] Call Trace: [ 70.912639][ T5837] [ 70.915554][ T5837] ? die_addr+0x3b/0xa0 [ 70.919767][ T5837] ? exc_general_protection+0x155/0x230 [ 70.925604][ T5837] ? asm_exc_general_protection+0x26/0x30 [ 70.931340][ T5837] ? __lock_acquire+0xe4/0x3c40 [ 70.936175][ T5837] ? netlink_broadcast_filtered+0x47a/0xef0 [ 70.942131][ T5837] ? find_held_lock+0x2d/0x110 [ 70.946895][ T5837] ? __pfx___lock_acquire+0x10/0x10 [ 70.952084][ T5837] ? addrconf_get_prefix_route+0x5d8/0x980 [ 70.957927][ T5837] ? __pfx_lock_release+0x10/0x10 [ 70.962931][ T5837] lock_acquire.part.0+0x11b/0x380 [ 70.968021][ T5837] ? modify_prefix_route+0x30b/0x8b0 [ 70.973289][ T5837] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 70.978899][ T5837] ? rcu_is_watching+0x12/0xc0 [ 70.983652][ T5837] ? trace_lock_acquire+0x146/0x1e0 [ 70.988829][ T5837] ? modify_prefix_route+0x30b/0x8b0 [ 70.994178][ T5837] ? lock_acquire+0x2f/0xb0 [ 70.998654][ T5837] ? modify_prefix_route+0x30b/0x8b0 [ 71.003925][ T5837] _raw_spin_lock_bh+0x33/0x40 [ 71.008674][ T5837] ? modify_prefix_route+0x30b/0x8b0 [ 71.013938][ T5837] modify_prefix_route+0x30b/0x8b0 [ 71.019046][ T5837] inet6_rtm_newaddr+0x12c7/0x1ab0 [ 71.024146][ T5837] ? __pfx_inet6_rtm_newaddr+0x10/0x10 [ 71.029589][ T5837] ? __mutex_lock+0x1cc/0xa60 [ 71.034242][ T5837] ? __pfx_cred_has_capability.isra.0+0x10/0x10 [ 71.040560][ T5837] ? __pfx___mutex_lock+0x10/0x10 [ 71.045580][ T5837] ? __pfx_inet6_rtm_newaddr+0x10/0x10 [ 71.051023][ T5837] rtnetlink_rcv_msg+0x3c7/0xea0 [ 71.056018][ T5837] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 71.061452][ T5837] ? __pfx___lock_acquire+0x10/0x10 [ 71.066628][ T5837] ? __pfx___lock_acquire+0x10/0x10 [ 71.071801][ T5837] ? __pfx_sock_has_perm+0x10/0x10 [ 71.076894][ T5837] ? __lock_acquire+0xcc5/0x3c40 [ 71.081806][ T5837] netlink_rcv_skb+0x16b/0x440 [ 71.086581][ T5837] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 71.092043][ T5837] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 71.097319][ T5837] ? netlink_deliver_tap+0x1ae/0xd30 [ 71.102589][ T5837] netlink_unicast+0x53c/0x7f0 [ 71.107334][ T5837] ? __pfx_netlink_unicast+0x10/0x10 [ 71.112598][ T5837] netlink_sendmsg+0x8b8/0xd70 [ 71.117341][ T5837] ? __pfx_netlink_sendmsg+0x10/0x10 [ 71.122615][ T5837] ____sys_sendmsg+0xaaf/0xc90 [ 71.127367][ T5837] ? copy_msghdr_from_user+0x10b/0x160 [ 71.132804][ T5837] ? __pfx_____sys_sendmsg+0x10/0x10 [ 71.138067][ T5837] ___sys_sendmsg+0x135/0x1e0 [ 71.142724][ T5837] ? __pfx____sys_sendmsg+0x10/0x10 [ 71.147902][ T5837] ? rcu_is_watching+0x12/0xc0 [ 71.152647][ T5837] ? ptrace_stop.part.0+0x722/0x940 [ 71.157885][ T5837] __sys_sendmsg+0x16e/0x220 [ 71.162451][ T5837] ? __pfx___sys_sendmsg+0x10/0x10 [ 71.167537][ T5837] ? __pfx_lock_release+0x10/0x10 [ 71.172538][ T5837] ? lockdep_hardirqs_on+0x7c/0x110 [ 71.177711][ T5837] ? _raw_spin_unlock_irq+0x2e/0x50 [ 71.182880][ T5837] ? ptrace_notify+0xf1/0x130 [ 71.187541][ T5837] do_syscall_64+0xcd/0x250 [ 71.192023][ T5837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.197901][ T5837] RIP: 0033:0x7fd1dcef8b79 [ 71.202293][ T5837] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 71.221880][ T5837] RSP: 002b:00007ffc59cc4378 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 71.230282][ T5837] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd1dcef8b79 [ 71.238228][ T5837] RDX: 0000000000040040 RSI: 0000000020000140 RDI: 0000000000000004 [ 71.246180][ T5837] RBP: 00000000000113fd R08: 0000000000000006 R09: 0000000000000006 [ 71.254120][ T5837] R10: 0000000000000006 R11: 0000000000000246 R12: 00007ffc59cc438c [ 71.262063][ T5837] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 71.270011][ T5837] [ 71.273035][ T5837] Modules linked in: [ 71.276938][ T5837] ---[ end trace 0000000000000000 ]--- [ 71.282362][ T5837] RIP: 0010:__lock_acquire+0xe4/0x3c40 [ 71.287806][ T5837] Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d ca 98 f5 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 07 7f 93 0f 84 [ 71.307483][ T5837] RSP: 0018:ffffc900035d7268 EFLAGS: 00010006 [ 71.313518][ T5837] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 71.321474][ T5837] RDX: 0000000000000006 RSI: 1ffff920006bae5f RDI: 0000000000000030 [ 71.329421][ T5837] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 71.337378][ T5837] R10: ffffffff90608e17 R11: 0000000000000001 R12: 0000000000000030 [ 71.345319][ T5837] R13: ffff888036334880 R14: 0000000000000000 R15: 0000000000000000 [ 71.353272][ T5837] FS: 0000555579e90380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 71.362179][ T5837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.368741][ T5837] CR2: 00007ffc59cc4278 CR3: 0000000072b54000 CR4: 00000000003526f0 [ 71.376689][ T5837] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.384630][ T5837] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.392573][ T5837] Kernel panic - not syncing: Fatal exception in interrupt [ 71.400007][ T5837] Kernel Offset: disabled [ 71.404326][ T5837] Rebooting in 86400 seconds..