./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor501732339 <...> [ 4.565980][ T100] udevd[100]: starting eudev-3.2.11 [ 4.567412][ T99] udevd (99) used greatest stack depth: 23120 bytes left [ 8.311240][ T104] udevd (104) used greatest stack depth: 22576 bytes left [ 13.727338][ T30] kauditd_printk_skb: 50 callbacks suppressed [ 13.727354][ T30] audit: type=1400 audit(1721605313.579:61): avc: denied { transition } for pid=224 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.738225][ T30] audit: type=1400 audit(1721605313.579:62): avc: denied { noatsecure } for pid=224 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.742261][ T30] audit: type=1400 audit(1721605313.579:63): avc: denied { write } for pid=224 comm="sh" path="pipe:[12368]" dev="pipefs" ino=12368 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 13.755678][ T30] audit: type=1400 audit(1721605313.579:64): avc: denied { rlimitinh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.774538][ T30] audit: type=1400 audit(1721605313.579:65): avc: denied { siginh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.455660][ T225] sshd (225) used greatest stack depth: 22096 bytes left Warning: Permanently added '10.128.0.142' (ED25519) to the list of known hosts. execve("./syz-executor501732339", ["./syz-executor501732339"], 0x7ffdfabba0b0 /* 10 vars */) = 0 brk(NULL) = 0x555555d95000 brk(0x555555d95d00) = 0x555555d95d00 arch_prctl(ARCH_SET_FS, 0x555555d95380) = 0 set_tid_address(0x555555d95650) = 293 set_robust_list(0x555555d95660, 24) = 0 rseq(0x555555d95ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor501732339", 4096) = 27 getrandom("\x86\x70\xa6\x14\xdd\x04\xa3\x7b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555d95d00 brk(0x555555db6d00) = 0x555555db6d00 brk(0x555555db7000) = 0x555555db7000 mprotect(0x7f0eee044000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 294 attached [pid 294] set_robust_list(0x555555d95660, 24) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] <... clone resumed>, child_tidptr=0x555555d95650) = 294 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] <... clone resumed>, child_tidptr=0x555555d95650) = 295 ./strace-static-x86_64: Process 296 attached ./strace-static-x86_64: Process 295 attached [pid 293] <... clone resumed>, child_tidptr=0x555555d95650) = 296 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] set_robust_list(0x555555d95660, 24) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555555d95650) = 297 [pid 295] set_robust_list(0x555555d95660, 24./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x555555d95660, 24) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... set_robust_list resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555555d95650) = 298 ./strace-static-x86_64: Process 299 attached [pid 293] <... clone resumed>, child_tidptr=0x555555d95650) = 299 [pid 299] set_robust_list(0x555555d95660, 24 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... set_robust_list resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] <... clone resumed>, child_tidptr=0x555555d95650) = 300 [pid 299] <... clone resumed>, child_tidptr=0x555555d95650) = 301 ./strace-static-x86_64: Process 300 attached [pid 296] <... clone resumed>, child_tidptr=0x555555d95650) = 302 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 302 attached [pid 300] set_robust_list(0x555555d95660, 24) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 301 attached [pid 302] set_robust_list(0x555555d95660, 24) = 0 [pid 295] setpgid(0, 0 [pid 301] set_robust_list(0x555555d95660, 24 [pid 300] <... clone resumed>, child_tidptr=0x555555d95650) = 303 [pid 295] <... setpgid resumed>) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x555555d95660, 24./strace-static-x86_64: Process 298 attached [pid 302] <... prctl resumed>) = 0 [pid 301] <... set_robust_list resumed>) = 0 [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 303] <... set_robust_list resumed>) = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] <... openat resumed>) = 3 [pid 303] <... openat resumed>) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] write(1, "executing program\n", 18 [pid 302] setpgid(0, 0 [pid 295] write(3, "1000", 4executing program [pid 303] <... write resumed>) = 18 [pid 303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 302] <... setpgid resumed>) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] set_robust_list(0x555555d95660, 24 [pid 295] <... write resumed>) = 4 [pid 295] close(3 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] <... close resumed>) = 0 executing program [pid 295] write(1, "executing program\n", 18 [pid 302] <... openat resumed>) = 3 [pid 295] <... write resumed>) = 18 [ 23.125421][ T30] audit: type=1400 audit(1721605322.969:66): avc: denied { execmem } for pid=293 comm="syz-executor501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 303] <... bpf resumed>) = 3 [pid 302] write(3, "1000", 4 [pid 301] <... prctl resumed>) = 0 [pid 298] <... set_robust_list resumed>) = 0 [pid 295] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 302] <... write resumed>) = 4 [pid 295] <... bpf resumed>) = 3 [pid 301] setpgid(0, 0 [pid 302] close(3 [pid 301] <... setpgid resumed>) = 0 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 302] <... close resumed>) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... prctl resumed>) = 0 [pid 302] write(1, "executing program\n", 18 [pid 301] <... openat resumed>) = 3 executing program [pid 298] setpgid(0, 0 [pid 302] <... write resumed>) = 18 [pid 301] write(3, "1000", 4 [pid 298] <... setpgid resumed>) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] <... write resumed>) = 4 [pid 302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 301] close(3 [pid 298] <... openat resumed>) = 3 [pid 302] <... bpf resumed>) = 3 [pid 301] <... close resumed>) = 0 [pid 298] write(3, "1000", 4 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 301] write(1, "executing program\n", 18 [pid 298] <... write resumed>) = 4 executing program [pid 301] <... write resumed>) = 18 [pid 298] close(3 [pid 301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 298] <... close resumed>) = 0 [ 23.158084][ T30] audit: type=1400 audit(1721605323.009:67): avc: denied { map_create } for pid=303 comm="syz-executor501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 23.180573][ T30] audit: type=1400 audit(1721605323.009:68): avc: denied { map_read map_write } for pid=303 comm="syz-executor501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 23.202943][ T30] audit: type=1400 audit(1721605323.029:69): avc: denied { prog_load } for pid=295 comm="syz-executor501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 301] <... bpf resumed>) = 3 [pid 298] write(1, "executing program\n", 18executing program [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 298] <... write resumed>) = 18 [pid 298] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [ 23.223888][ T30] audit: type=1400 audit(1721605323.029:70): avc: denied { bpf } for pid=295 comm="syz-executor501" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 23.246408][ T30] audit: type=1400 audit(1721605323.029:71): avc: denied { perfmon } for pid=295 comm="syz-executor501" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 303] <... bpf resumed>) = 4 [pid 295] <... bpf resumed>) = 4 [pid 295] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16) = 5 executing program executing program executing program executing program executing program [ 23.415073][ T30] audit: type=1400 audit(1721605323.259:72): avc: denied { prog_run } for pid=303 comm="syz-executor501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 23.437053][ T30] audit: type=1400 audit(1721605323.259:73): avc: denied { prog_run } for pid=295 comm="syz-executor501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 27.205649][ T1] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000008 [ 27.213967][ T1] CPU: 1 PID: 1 Comm: init Not tainted 5.15.151-syzkaller-00415-gdb06c48ab67e #0 [ 27.222910][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 27.233463][ T1] Call Trace: [ 27.236838][ T1] [ 27.239616][ T1] dump_stack_lvl+0x151/0x1b7 [ 27.244137][ T1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.249604][ T1] dump_stack+0x15/0x17 [ 27.253729][ T1] panic+0x287/0x751 [ 27.257812][ T1] ? do_exit+0x240b/0x2ca0 [ 27.262072][ T1] ? fb_is_primary_device+0xd4/0xd4 [ 27.267095][ T1] ? __kasan_check_write+0x14/0x20 [ 27.272040][ T1] ? sync_mm_rss+0x28a/0x2e0 [ 27.276466][ T1] do_exit+0x2425/0x2ca0 [ 27.280798][ T1] ? __sched_text_start+0x8/0x8 [ 27.285482][ T1] ? put_task_struct+0x80/0x80 [ 27.290085][ T1] ? schedule+0x136/0x1e0 [ 27.294242][ T1] ? __kasan_check_write+0x14/0x20 [ 27.299198][ T1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 27.304136][ T1] ? _raw_spin_lock_irqsave+0x210/0x210 [ 27.309520][ T1] do_group_exit+0x141/0x310 [ 27.313955][ T1] get_signal+0x7a3/0x1630 [ 27.318287][ T1] ? wait_for_common+0x366/0x420 [ 27.323150][ T1] arch_do_signal_or_restart+0xbd/0x1680 [ 27.328613][ T1] ? __kasan_check_write+0x14/0x20 [ 27.333558][ T1] ? put_pid+0xd7/0x110 [ 27.337561][ T1] ? kernel_clone+0x6cf/0x9e0 [ 27.342066][ T1] ? create_io_thread+0x1e0/0x1e0 [ 27.346930][ T1] ? get_sigframe_size+0x10/0x10 [ 27.351697][ T1] ? timespec64_add_safe+0x220/0x220 [ 27.356838][ T1] exit_to_user_mode_loop+0xa0/0xe0 [ 27.361868][ T1] exit_to_user_mode_prepare+0x5a/0xa0 [ 27.367324][ T1] syscall_exit_to_user_mode+0x26/0x160 [ 27.372705][ T1] do_syscall_64+0x49/0xb0 [ 27.376958][ T1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.382693][ T1] RIP: 0033:0x7f932a737a68 [ 27.386940][ T1] Code: 00 48 8d b8 e0 02 00 00 48 89 b8 d8 02 00 00 48 89 b8 e0 02 00 00 b8 11 01 00 00 0f 05 44 89 c0 c3 90 5f b8 3a 00 00 00 0f 05 <57> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 90 43 0f 00 f7 d8 64 89 01 48 [ 27.406380][ T1] RSP: 002b:00007ffdda1a7dd0 EFLAGS: 00000246 ORIG_RAX: 000000000000003a [ 27.414796][ T1] RAX: 0000000000000240 RBX: 00005602b1987a50 RCX: 00007f932a737a68 [ 27.422613][ T1] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00007f932a8c2bed [ 27.430421][ T1] RBP: 00007f932a8fd528 R08: 0000000000000007 R09: 27473bc67aaeab92 [ 27.438234][ T1] R10: 00007ffdda1a7e10 R11: 0000000000000246 R12: 0000000000000000 [ 27.446044][ T1] R13: 0000000000000018 R14: 00005602b147b169 R15: 00007f932a92ea80 [ 27.453897][ T1] [ 27.456981][ T1] Kernel Offset: disabled [ 27.461122][ T1] Rebooting in 86400 seconds..