./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3456636706 <...> Warning: Permanently added '10.128.10.5' (ED25519) to the list of known hosts. execve("./syz-executor3456636706", ["./syz-executor3456636706"], 0x7fff04786960 /* 10 vars */) = 0 brk(NULL) = 0x555556c94000 brk(0x555556c94d00) = 0x555556c94d00 arch_prctl(ARCH_SET_FS, 0x555556c94380) = 0 set_tid_address(0x555556c94650) = 290 set_robust_list(0x555556c94660, 24) = 0 rseq(0x555556c94ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3456636706", 4096) = 28 getrandom("\xff\x38\xd0\x83\xdf\x34\xad\x5d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556c94d00 brk(0x555556cb5d00) = 0x555556cb5d00 brk(0x555556cb6000) = 0x555556cb6000 mprotect(0x7f0c7b779000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c94650) = 291 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c94650) = 292 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c94650) = 293 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c94650) = 294 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c94650) = 295 ./strace-static-x86_64: Process 292 attached ./strace-static-x86_64: Process 294 attached ./strace-static-x86_64: Process 293 attached ./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x555556c94660, 24) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] set_robust_list(0x555556c94660, 24./strace-static-x86_64: Process 291 attached [pid 294] set_robust_list(0x555556c94660, 24 [pid 293] set_robust_list(0x555556c94660, 24 [pid 292] <... set_robust_list resumed>) = 0 [pid 291] set_robust_list(0x555556c94660, 24) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] <... set_robust_list resumed>) = 0 [pid 294] <... set_robust_list resumed>) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... clone resumed>, child_tidptr=0x555556c94650) = 298 [pid 292] <... clone resumed>, child_tidptr=0x555556c94650) = 297 [pid 295] <... clone resumed>, child_tidptr=0x555556c94650) = 296 ./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x555556c94660, 24) = 0 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 298] setpgid(0, 0) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] <... clone resumed>, child_tidptr=0x555556c94650) = 299 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... openat resumed>) = 3 [pid 298] write(3, "1000", 4) = 4 [pid 298] close(3) = 0 executing program [pid 294] <... clone resumed>, child_tidptr=0x555556c94650) = 300 [pid 298] write(1, "executing program\n", 18) = 18 [pid 298] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72./strace-static-x86_64: Process 300 attached ./strace-static-x86_64: Process 299 attached ./strace-static-x86_64: Process 297 attached [pid 299] set_robust_list(0x555556c94660, 24 [pid 300] set_robust_list(0x555556c94660, 24./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x555556c94660, 24 [pid 299] <... set_robust_list resumed>) = 0 [pid 296] <... set_robust_list resumed>) = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program [pid 298] <... bpf resumed>) = 3 [pid 296] <... prctl resumed>) = 0 [pid 296] setpgid(0, 0) = 0 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "1000", 4) = 4 [pid 296] close(3) = 0 [pid 296] write(1, "executing program\n", 18) = 18 [pid 296] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 296] <... bpf resumed>) = 3 [pid 296] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 300] <... set_robust_list resumed>) = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 24.660722][ T24] audit: type=1400 audit(1721253256.640:66): avc: denied { execmem } for pid=290 comm="syz-executor345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 24.688382][ T24] audit: type=1400 audit(1721253256.670:67): avc: denied { map_create } for pid=298 comm="syz-executor345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 300] <... prctl resumed>) = 0 [pid 299] setpgid(0, 0 [pid 297] set_robust_list(0x555556c94660, 24 [pid 300] setpgid(0, 0 [pid 299] <... setpgid resumed>) = 0 [pid 297] <... set_robust_list resumed>) = 0 [pid 300] <... setpgid resumed>) = 0 [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] <... prctl resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 [pid 299] write(3, "1000", 4 [pid 297] setpgid(0, 0 [pid 300] write(3, "1000", 4 [pid 297] <... setpgid resumed>) = 0 [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] <... write resumed>) = 4 [pid 299] <... write resumed>) = 4 [ 24.711174][ T24] audit: type=1400 audit(1721253256.670:68): avc: denied { perfmon } for pid=298 comm="syz-executor345" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 24.734794][ T24] audit: type=1400 audit(1721253256.670:69): avc: denied { map_read map_write } for pid=298 comm="syz-executor345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 297] <... openat resumed>) = 3 [pid 297] write(3, "1000", 4) = 4 [pid 297] close(3) = 0 executing program [pid 297] write(1, "executing program\n", 18) = 18 [pid 297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 300] close(3 [pid 299] close(3 [pid 300] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 300] write(1, "executing program\n", 18 [pid 299] write(1, "executing program\n", 18executing program executing program [pid 300] <... write resumed>) = 18 [pid 299] <... write resumed>) = 18 [pid 300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 300] <... bpf resumed>) = 3 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [ 24.755815][ T24] audit: type=1400 audit(1721253256.670:70): avc: denied { prog_load } for pid=298 comm="syz-executor345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 24.776273][ T24] audit: type=1400 audit(1721253256.670:71): avc: denied { bpf } for pid=298 comm="syz-executor345" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 296] <... bpf resumed>) = 4 [pid 296] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 13 [pid 298] <... bpf resumed>) = 4 [pid 296] <... bpf resumed>) = 5 [pid 296] --- SIGILL {si_signo=SIGILL, si_code=SI_KERNEL, si_addr=NULL} --- executing program executing program executing program executing program [ 24.835675][ T24] audit: type=1400 audit(1721253256.820:72): avc: denied { prog_run } for pid=296 comm="syz-executor345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 24.855489][ T24] audit: type=1400 audit(1721253256.820:73): avc: denied { prog_run } for pid=298 comm="syz-executor345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 25.824750][ T1] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004 [ 25.833182][ T1] CPU: 1 PID: 1 Comm: init Not tainted 5.10.220-syzkaller-01084-gc4f41ad97060 #0 [ 25.842278][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 25.852347][ T1] Call Trace: [ 25.855497][ T1] dump_stack_lvl+0x1e2/0x24b [ 25.860073][ T1] ? panic+0x22b/0x812 [ 25.863978][ T1] ? bfq_pos_tree_add_move+0x43b/0x43b [ 25.870055][ T1] dump_stack+0x15/0x17 [ 25.874218][ T1] panic+0x2cf/0x812 [ 25.878218][ T1] ? do_exit+0x239a/0x2a50 [ 25.882770][ T1] ? fb_is_primary_device+0xd4/0xd4 [ 25.887884][ T1] ? __kasan_check_write+0x14/0x20 [ 25.892921][ T1] ? sync_mm_rss+0x28a/0x2e0 [ 25.897603][ T1] do_exit+0x23b4/0x2a50 [ 25.901945][ T1] ? sched_group_set_shares+0x490/0x490 [ 25.907935][ T1] ? put_task_struct+0x80/0x80 [ 25.912532][ T1] ? schedule+0x154/0x1d0 [ 25.916698][ T1] ? schedule_timeout+0xa9/0x360 [ 25.921471][ T1] ? __kasan_check_write+0x14/0x20 [ 25.926594][ T1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 25.931804][ T1] do_group_exit+0x141/0x310 [ 25.936337][ T1] get_signal+0x10a0/0x1410 [ 25.941014][ T1] arch_do_signal_or_restart+0xbd/0x17c0 [ 25.946511][ T1] ? put_pid+0xd7/0x110 [ 25.950681][ T1] ? kernel_clone+0x6ca/0x9e0 [ 25.955304][ T1] ? create_io_thread+0x1e0/0x1e0 [ 25.960178][ T1] ? get_timespec64+0x197/0x270 [ 25.965024][ T1] ? timespec64_add_safe+0x220/0x220 [ 25.970226][ T1] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 25.975608][ T1] ? __do_sys_vfork+0xcd/0x130 [ 25.981597][ T1] exit_to_user_mode_loop+0x9b/0xd0 [ 25.986632][ T1] syscall_exit_to_user_mode+0xa2/0x1a0 [ 25.992099][ T1] do_syscall_64+0x40/0x70 [ 25.996448][ T1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.002346][ T1] RIP: 0033:0x7f1ab01b5a68 [ 26.006610][ T1] Code: 00 48 8d b8 e0 02 00 00 48 89 b8 d8 02 00 00 48 89 b8 e0 02 00 00 b8 11 01 00 00 0f 05 44 89 c0 c3 90 5f b8 3a 00 00 00 0f 05 <57> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 90 43 0f 00 f7 d8 64 89 01 48 [ 26.026660][ T1] RSP: 002b:00007ffdd79248e0 EFLAGS: 00000246 ORIG_RAX: 000000000000003a [ 26.035087][ T1] RAX: 00000000000001e7 RBX: 0000562977b0da50 RCX: 00007f1ab01b5a68 [ 26.043260][ T1] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00007f1ab0340bed [ 26.051329][ T1] RBP: 00007f1ab037b528 R08: 0000000000000007 R09: bfb88ed6b257f292 [ 26.059489][ T1] R10: 00007ffdd7924920 R11: 0000000000000246 R12: 0000000000000000 [ 26.067392][ T1] R13: 0000000000000018 R14: 00005629772bf169 R15: 00007f1ab03aca80 [ 26.075441][ T1] Kernel Offset: disabled [ 26.079538][ T1] Rebooting in 86400 seconds..