./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor937172893 <...> Warning: Permanently added '10.128.0.45' (ED25519) to the list of known hosts. execve("./syz-executor937172893", ["./syz-executor937172893"], 0x7fff868fe490 /* 10 vars */) = 0 brk(NULL) = 0x5555788b2000 brk(0x5555788b2d40) = 0x5555788b2d40 arch_prctl(ARCH_SET_FS, 0x5555788b23c0) = 0 set_tid_address(0x5555788b2690) = 297 set_robust_list(0x5555788b26a0, 24) = 0 rseq(0x5555788b2ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor937172893", 4096) = 27 getrandom("\x1b\x81\xb9\x2b\x88\x1a\xff\x35", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555788b2d40 brk(0x5555788d3d40) = 0x5555788d3d40 brk(0x5555788d4000) = 0x5555788d4000 mprotect(0x7fde9b705000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555788b2690) = 298 ./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x5555788b26a0, 24) = 0 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 298] setpgid(0, 0) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 298] write(3, "1000", 4) = 4 [pid 298] close(3) = 0 [pid 298] write(1, "executing program\n", 18executing program ) = 18 [pid 298] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] rt_sigaction(SIGRT_1, {sa_handler=0x7fde9b6a7760, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fde9b698de0}, NULL, 8) = 0 [pid 298] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fde9b60e000 [pid 298] mprotect(0x7fde9b60f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fde9b62e990, parent_tid=0x7fde9b62e990, exit_signal=0, stack=0x7fde9b60e000, stack_size=0x20300, tls=0x7fde9b62e6c0} => {parent_tid=[299]}, 88) = 299 [pid 298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x7fde9b62e9a0, 24) = 0 [pid 299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] mkdir("./file0", 000) = 0 [pid 299] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 299] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] <... futex resumed>) = 0 [pid 298] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 298] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... futex resumed>) = 0 [pid 299] pipe2([3, 4], 0) = 0 [pid 299] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 299] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] <... futex resumed>) = 0 [pid 299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] write(4, "\x15\x00\x00\x00\x65\xff\xff\x00\x10\x00\x00\x08\x00\x39\x50\x32\x30\x30\x30\x00\x00", 21 [pid 298] <... futex resumed>) = 0 [pid 298] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... write resumed>) = 21 [pid 299] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 299] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] <... futex resumed>) = 0 [pid 298] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 298] <... futex resumed>) = 1 [pid 298] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] dup(4) = 5 [pid 299] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 298] <... futex resumed>) = 0 [pid 299] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24 [pid 298] <... futex resumed>) = 0 [pid 299] <... write resumed>) = 24 [pid 298] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... futex resumed>) = 0 [pid 298] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] write(5, "\x58\x00\x00\x00\x00\x00\x00\x00\x9f\xed\x27\x88\xc5\x53\x29\x94\x41\x4b\x47\x03\x48\x01\xd5\x24\xfa\xf4\x16\x63\x82\x17\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 63 [pid 298] <... futex resumed>) = 0 [pid 299] <... write resumed>) = 63 [pid 298] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... futex resumed>) = 0 [pid 298] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000004" [pid 298] <... futex resumed>) = 0 [pid 298] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 298] futex(0x7fde9b70b3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fde9b5ed000 [pid 298] mprotect(0x7fde9b5ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fde9b60d990, parent_tid=0x7fde9b60d990, exit_signal=0, stack=0x7fde9b5ed000, stack_size=0x20300, tls=0x7fde9b60d6c0}./strace-static-x86_64: Process 301 attached => {parent_tid=[301]}, 88) = 301 [pid 298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] futex(0x7fde9b70b3f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] futex(0x7fde9b70b3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] set_robust_list(0x7fde9b60d9a0, 24) = 0 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] chdir("./file0") = 0 [pid 301] futex(0x7fde9b70b3fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 298] <... futex resumed>) = 0 [pid 301] futex(0x7fde9b70b3f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] futex(0x7fde9b70b3f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... futex resumed>) = 0 [pid 298] <... futex resumed>) = 1 [ 27.920322][ T36] audit: type=1400 audit(1752448328.110:64): avc: denied { execmem } for pid=297 comm="syz-executor937" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 27.943801][ T36] audit: type=1400 audit(1752448328.130:65): avc: denied { mounton } for pid=298 comm="syz-executor937" path="/root/file0" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 301] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 298] futex(0x7fde9b70b3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... openat resumed>) = 6 [pid 301] futex(0x7fde9b70b3fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 301] futex(0x7fde9b70b3f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] <... futex resumed>) = 0 [pid 298] futex(0x7fde9b70b3f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... futex resumed>) = 0 [pid 298] <... futex resumed>) = 1 [pid 301] mount(NULL, "./cgroup", NULL, MS_RELATIME, NULL [pid 298] futex(0x7fde9b70b3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 301] futex(0x7fde9b70b3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] futex(0x7fde9b70b3f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... mount resumed>) = -1 EIO (Input/output error) [pid 299] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] exit_group(0 [pid 301] <... futex resumed>) = ? [pid 299] <... futex resumed>) = ? [pid 298] <... exit_group resumed>) = ? [pid 301] +++ exited with 0 +++ [pid 299] +++ exited with 0 +++ [pid 298] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 302 attached , child_tidptr=0x5555788b2690) = 302 [pid 302] set_robust_list(0x5555788b26a0, 24) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] write(1, "executing program\n", 18executing program ) = 18 [pid 302] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] rt_sigaction(SIGRT_1, {sa_handler=0x7fde9b6a7760, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fde9b698de0}, NULL, 8) = 0 [pid 302] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fde9b60e000 [pid 302] mprotect(0x7fde9b60f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fde9b62e990, parent_tid=0x7fde9b62e990, exit_signal=0, stack=0x7fde9b60e000, stack_size=0x20300, tls=0x7fde9b62e6c0}./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x7fde9b62e9a0, 24) = 0 [pid 303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 303] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... clone3 resumed> => {parent_tid=[303]}, 88) = 303 [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 1 [pid 302] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] mkdir("./file0", 000) = -1 EEXIST (File exists) [pid 303] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 302] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] pipe2([3, 4], 0) = 0 [pid 303] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] <... futex resumed>) = 0 [pid 303] write(4, "\x15\x00\x00\x00\x65\xff\xff\x00\x10\x00\x00\x08\x00\x39\x50\x32\x30\x30\x30\x00\x00", 21 [pid 302] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... write resumed>) = 21 [pid 303] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] <... futex resumed>) = 0 [pid 303] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 1 [pid 303] dup(4 [pid 302] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... dup resumed>) = 5 [pid 303] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] <... futex resumed>) = 0 [pid 303] write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24 [pid 302] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... write resumed>) = 24 [pid 302] <... futex resumed>) = 0 [pid 303] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 1 [pid 303] write(5, "\x58\x00\x00\x00\x00\x00\x00\x00\x9f\xed\x27\x88\xc5\x53\x29\x94\x41\x4b\x47\x03\x48\x01\xd5\x24\xfa\xf4\x16\x63\x82\x17\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 63) = 63 [pid 303] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 1 [pid 303] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000004" [pid 302] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... mount resumed>) = -1 EIO (Input/output error) [pid 303] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 303] <... futex resumed>) = 1 [pid 302] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] chdir("./file0" [pid 302] <... futex resumed>) = 0 [pid 303] <... chdir resumed>) = 0 [pid 302] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 303] <... futex resumed>) = 1 [pid 302] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... openat resumed>) = 6 [pid 303] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] <... futex resumed>) = 0 [pid 303] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 1 [pid 302] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] mount(NULL, "./cgroup", NULL, MS_RELATIME, NULL) = -1 ENOENT (No such file or directory) [pid 303] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... futex resumed>) = 0 [pid 302] exit_group(0 [pid 303] <... futex resumed>) = ? [pid 303] +++ exited with 0 +++ [pid 302] <... exit_group resumed>) = ? [pid 302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 304 attached , child_tidptr=0x5555788b2690) = 304 [pid 304] set_robust_list(0x5555788b26a0, 24) = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 executing program [pid 304] write(1, "executing program\n", 18) = 18 [pid 304] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] rt_sigaction(SIGRT_1, {sa_handler=0x7fde9b6a7760, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fde9b698de0}, NULL, 8) = 0 [pid 304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fde9b60e000 [pid 304] mprotect(0x7fde9b60f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fde9b62e990, parent_tid=0x7fde9b62e990, exit_signal=0, stack=0x7fde9b60e000, stack_size=0x20300, tls=0x7fde9b62e6c0}./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x7fde9b62e9a0, 24) = 0 [pid 305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] <... clone3 resumed> => {parent_tid=[305]}, 88) = 305 [pid 304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 304] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 305] <... futex resumed>) = 0 [pid 304] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] mkdir("./file0", 000) = -1 EEXIST (File exists) [pid 305] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 304] <... futex resumed>) = 0 [pid 305] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 305] pipe2( [pid 304] <... futex resumed>) = 0 [pid 305] <... pipe2 resumed>[3, 4], 0) = 0 [pid 304] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] write(4, "\x15\x00\x00\x00\x65\xff\xff\x00\x10\x00\x00\x08\x00\x39\x50\x32\x30\x30\x30\x00\x00", 21 [pid 304] <... futex resumed>) = 0 [pid 305] <... write resumed>) = 21 [pid 305] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 304] <... futex resumed>) = 1 [pid 305] dup(4 [pid 304] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... dup resumed>) = 5 [pid 305] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 304] <... futex resumed>) = 0 [pid 305] write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24 [pid 304] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... write resumed>) = 24 [pid 305] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] <... futex resumed>) = 0 [pid 305] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 304] <... futex resumed>) = 1 [pid 305] write(5, "\x58\x00\x00\x00\x00\x00\x00\x00\x9f\xed\x27\x88\xc5\x53\x29\x94\x41\x4b\x47\x03\x48\x01\xd5\x24\xfa\xf4\x16\x63\x82\x17\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 63 [pid 304] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... write resumed>) = 63 [pid 305] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 304] <... futex resumed>) = 0 [pid 305] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000004" [pid 304] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... mount resumed>) = 0 [pid 305] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 304] <... futex resumed>) = 0 [pid 305] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] chdir("./file0" [pid 304] <... futex resumed>) = 0 [pid 305] <... chdir resumed>) = 0 [pid 304] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] futex(0x7fde9b70b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7fde9b70b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] futex(0x7fde9b70b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 305] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7fde9b70b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 304] futex(0x7fde9b70b3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fde9b5ed000 [pid 304] mprotect(0x7fde9b5ee000, 131072, PROT_READ|PROT_WRITE) = 0 [ 28.093758][ T36] audit: type=1400 audit(1752448328.280:66): avc: denied { mount } for pid=304 comm="syz-executor937" name="/" dev="9p" ino=1694025360095192279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 28.117560][ T36] audit: type=1400 audit(1752448328.280:67): avc: denied { write } for pid=304 comm="syz-executor937" name="/" dev="9p" ino=1694025360095192279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fde9b60d990, parent_tid=0x7fde9b60d990, exit_signal=0, stack=0x7fde9b5ed000, stack_size=0x20300, tls=0x7fde9b60d6c0}./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x7fde9b60d9a0, 24) = 0 [pid 304] <... clone3 resumed> => {parent_tid=[306]}, 88) = 306 [pid 306] rt_sigprocmask(SIG_SETMASK, [], [pid 304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 304] futex(0x7fde9b70b3f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] mount(NULL, "./cgroup", NULL, MS_RELATIME, NULL [pid 304] <... futex resumed>) = 0 [ 28.140711][ T36] audit: type=1400 audit(1752448328.280:68): avc: denied { add_name } for pid=304 comm="syz-executor937" name="net_prio.prioidx" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 28.162608][ T36] audit: type=1400 audit(1752448328.280:69): avc: denied { create } for pid=304 comm="syz-executor937" name="net_prio.prioidx" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 304] futex(0x7fde9b70b3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 28.184014][ T36] audit: type=1400 audit(1752448328.280:70): avc: denied { associate } for pid=304 comm="syz-executor937" name="net_prio.prioidx" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [pid 304] exit_group(0) = ? [pid 297] kill(-304, SIGKILL) = 0 [pid 297] kill(304, SIGKILL) = 0 [pid 297] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555788b3730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(3, 0x5555788b3730 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [ 83.860039][ T13] sched: DL replenish lagged too much [ 249.780077][ T37] INFO: task syz-executor937:306 blocked for more than 122 seconds. [ 249.788152][ T37] Not tainted 6.12.30-syzkaller-g21ed84930c16 #0 [ 249.795185][ T37] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 249.803913][ T37] task:syz-executor937 state:D stack:0 pid:306 tgid:304 ppid:297 flags:0x00004004 [ 249.814142][ T37] Call Trace: [ 249.817436][ T37] [ 249.820430][ T37] __schedule+0x132b/0x1e00 [ 249.824982][ T37] ? __sched_text_start+0x10/0x10 [ 249.830051][ T37] ? dequeue_entity+0xa9c/0x1750 [ 249.835011][ T37] ? __kasan_check_write+0x18/0x20 [ 249.840156][ T37] ? _raw_spin_lock_irq+0x8d/0x120 [ 249.845286][ T37] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 249.851030][ T37] schedule+0xc6/0x240 [ 249.855166][ T37] schedule_preempt_disabled+0x14/0x30 [ 249.860689][ T37] rwsem_down_read_slowpath+0x70d/0x1240 [ 249.866361][ T37] ? down_write_killable+0x2d0/0x2d0 [ 249.871696][ T37] ? rwsem_read_trylock+0x7e/0x660 [ 249.876834][ T37] ? downgrade_write+0x440/0x440 [ 249.881817][ T37] ? sb_prepare_remount_readonly+0x480/0x4a0 [ 249.887825][ T37] down_read+0x8f/0xe0 [ 249.891937][ T37] ? __cfi_down_read+0x10/0x10 [ 249.896813][ T37] ? lookup_fast+0x1a2/0x530 [ 249.901454][ T37] lookup_slow+0x4a/0x80 [ 249.905728][ T37] walk_component+0x302/0x440 [ 249.910496][ T37] path_lookupat+0x180/0x4a0 [ 249.915129][ T37] filename_lookup+0x1f5/0x520 [ 249.919960][ T37] ? __cfi_filename_lookup+0x10/0x10 [ 249.925314][ T37] ? strncpy_from_user+0x14c/0x270 [ 249.930475][ T37] ? getname_flags+0x209/0x710 [ 249.935275][ T37] user_path_at+0x42/0x60 [ 249.939612][ T37] __se_sys_mount+0x288/0x480 [ 249.944331][ T37] ? __x64_sys_mount+0xf0/0xf0 [ 249.949121][ T37] ? __kasan_check_write+0x18/0x20 [ 249.954281][ T37] __x64_sys_mount+0xc3/0xf0 [ 249.958894][ T37] x64_sys_call+0x2021/0x2ee0 [ 249.963620][ T37] do_syscall_64+0x58/0xf0 [ 249.968058][ T37] ? clear_bhb_loop+0x50/0xa0 [ 249.972789][ T37] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 249.978725][ T37] RIP: 0033:0x7fde9b681829 [ 249.983205][ T37] RSP: 002b:00007fde9b60d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 249.991660][ T37] RAX: ffffffffffffffda RBX: 00007fde9b70b3f8 RCX: 00007fde9b681829 [ 249.999633][ T37] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000000 [ 250.007631][ T37] RBP: 00007fde9b70b3f0 R08: 0000000000000000 R09: 0000000000000000 [ 250.015639][ T37] R10: 0000000000200000 R11: 0000000000000246 R12: 00007fde9b6d807c [ 250.023639][ T37] R13: 0000200000000100 R14: 0000200000000040 R15: 00007ffe2e062678 [ 250.031706][ T37] [ 250.034757][ T37] NMI backtrace for cpu 1 [ 250.034774][ T37] CPU: 1 UID: 0 PID: 37 Comm: khungtaskd Not tainted 6.12.30-syzkaller-g21ed84930c16 #0 fa4558fba7fa11aa57b2c84caea5bf67b39b1b5f [ 250.034804][ T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 250.034814][ T37] Call Trace: [ 250.034820][ T37] [ 250.034827][ T37] __dump_stack+0x21/0x30 [ 250.034851][ T37] dump_stack_lvl+0x10c/0x190 [ 250.034869][ T37] ? __cfi_dump_stack_lvl+0x10/0x10 [ 250.034889][ T37] dump_stack+0x19/0x20 [ 250.034906][ T37] nmi_cpu_backtrace+0x2bf/0x2d0 [ 250.034927][ T37] ? rcu_read_unlock_special+0xab/0x480 [ 250.034944][ T37] ? __cfi_nmi_cpu_backtrace+0x10/0x10 [ 250.034959][ T37] ? sched_show_task+0x379/0x560 [ 250.034976][ T37] ? __rcu_read_unlock+0xc0/0xc0 [ 250.034991][ T37] ? __cfi_nmi_raise_cpu_backtrace+0x10/0x10 [ 250.035008][ T37] ? __cfi_nmi_raise_cpu_backtrace+0x10/0x10 [ 250.035025][ T37] nmi_trigger_cpumask_backtrace+0x142/0x2c0 [ 250.035041][ T37] arch_trigger_cpumask_backtrace+0x14/0x20 [ 250.035060][ T37] watchdog+0xd8f/0xed0 [ 250.035079][ T37] ? __cfi_watchdog+0x10/0x10 [ 250.035096][ T37] ? __kasan_check_read+0x15/0x20 [ 250.035115][ T37] ? __kthread_parkme+0x138/0x180 [ 250.035136][ T37] ? schedule+0xc6/0x240 [ 250.035154][ T37] kthread+0x2c7/0x370 [ 250.035166][ T37] ? __cfi_watchdog+0x10/0x10 [ 250.035183][ T37] ? __cfi_kthread+0x10/0x10 [ 250.035196][ T37] ret_from_fork+0x64/0xa0 [ 250.035214][ T37] ? __cfi_kthread+0x10/0x10 [ 250.035227][ T37] ret_from_fork_asm+0x1a/0x30 [ 250.035249][ T37] [ 250.035255][ T37] Sending NMI from CPU 1 to CPUs 0: [ 250.195634][ C0] NMI backtrace for cpu 0 [ 250.195649][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.30-syzkaller-g21ed84930c16 #0 fa4558fba7fa11aa57b2c84caea5bf67b39b1b5f [ 250.195671][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 250.195681][ C0] RIP: 0010:pv_native_safe_halt+0x17/0x20 [ 250.195716][ C0] Code: cc cc cc b8 1e c2 3c 26 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 73 8c 41 00 f3 0f 1e fa 55 48 89 e5 fb f4 <5d> e9 83 57 02 00 cc cc cc b8 00 00 00 00 90 90 90 90 90 90 90 90 [ 250.195729][ C0] RSP: 0018:ffffffff87207da0 EFLAGS: 000002c6 [ 250.195744][ C0] RAX: ffff8881f6e00000 RBX: ffffffff87215540 RCX: ffffffff8585c00e [ 250.195757][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 000000000001f664 [ 250.195767][ C0] RBP: ffffffff87207da0 R08: ffff8881f6e39733 R09: 1ffff1103edc72e6 [ 250.195779][ C0] R10: dffffc0000000000 R11: ffffed103edc72e7 R12: 1ffffffff0e42aa8 [ 250.195793][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff87ca7b28 [ 250.195803][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 250.195816][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 250.195827][ C0] CR2: 00005555788b2370 CR3: 000000010bf6c000 CR4: 00000000003526b0 [ 250.195841][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 250.195851][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 250.195861][ C0] Call Trace: [ 250.195867][ C0] [ 250.195874][ C0] default_idle+0x17/0x30 [ 250.195889][ C0] arch_cpu_idle+0xd/0x20 [ 250.195903][ C0] default_idle_call+0x3f/0x80 [ 250.195916][ C0] do_idle+0x1a0/0x470 [ 250.195940][ C0] ? idle_inject_timer_fn+0x80/0x80 [ 250.195963][ C0] ? __cfi_set_cpus_allowed_ptr+0x10/0x10 [ 250.195987][ C0] ? radix_tree_lookup+0x250/0x2a0 [ 250.196006][ C0] cpu_startup_entry+0x48/0x70 [ 250.196036][ C0] rest_init+0x10b/0x130 [ 250.196050][ C0] ? __cfi_x86_late_time_init+0x10/0x10 [ 250.196065][ C0] start_kernel+0x46a/0x4bb [ 250.196086][ C0] x86_64_start_reservations+0x2e/0x30 [ 250.196110][ C0] x86_64_start_kernel+0x6a/0x7b [ 250.196133][ C0] common_startup_64+0x13b/0x157 [ 250.196154][ C0]