./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1163100374 <...> Warning: Permanently added '10.128.0.184' (ED25519) to the list of known hosts. execve("./syz-executor1163100374", ["./syz-executor1163100374"], 0x7ffcf5c95640 /* 10 vars */) = 0 brk(NULL) = 0x555556ba1000 brk(0x555556ba1d40) = 0x555556ba1d40 arch_prctl(ARCH_SET_FS, 0x555556ba13c0) = 0 set_tid_address(0x555556ba1690) = 298 set_robust_list(0x555556ba16a0, 24) = 0 rseq(0x555556ba1ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1163100374", 4096) = 28 getrandom("\x66\x25\x34\x6f\x65\x49\x57\x05", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556ba1d40 brk(0x555556bc2d40) = 0x555556bc2d40 brk(0x555556bc3000) = 0x555556bc3000 mprotect(0x7f22001af000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ba1690) = 299 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ba1690) = 300 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ba1690) = 301 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ba1690) = 302 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ba1690) = 303 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x555556ba16a0, 24) = 0 ./strace-static-x86_64: Process 302 attached [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 302] set_robust_list(0x555556ba16a0, 24) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] <... clone resumed>, child_tidptr=0x555556ba1690) = 304 [pid 302] <... clone resumed>, child_tidptr=0x555556ba1690) = 305 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x555556ba16a0, 24) = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] write(1, "executing program\n", 18executing program ) = 18 [pid 304] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] rt_sigaction(SIGRT_1, {sa_handler=0x7f2200150c50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22001422d0}, NULL, 8) = 0 [pid 304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22000cb000 [pid 304] mprotect(0x7f22000cc000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 299 attached ) = 0 [pid 304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000eb990, parent_tid=0x7f22000eb990, exit_signal=0, stack=0x7f22000cb000, stack_size=0x20300, tls=0x7f22000eb6c0} => {parent_tid=[306]}, 88) = 306 [pid 304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 304] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000}./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x7f22000eb9a0, 24) = 0 [pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000000, license=NULL, log_level=4294967295, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_STRICT_ALIGNMENT|BPF_F_ANY_ALIGNMENT, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EINVAL (Invalid argument) [pid 306] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 306] <... futex resumed>) = 1 [pid 299] set_robust_list(0x555556ba16a0, 24./strace-static-x86_64: Process 305 attached ./strace-static-x86_64: Process 303 attached ./strace-static-x86_64: Process 301 attached ) = 0 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000000, license="syzkaller", log_level=0, log_size=0, log_buf=NULL}, 39 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 305] set_robust_list(0x555556ba16a0, 24 [pid 303] set_robust_list(0x555556ba16a0, 24 [pid 301] set_robust_list(0x555556ba16a0, 24) = 0 [pid 303] <... set_robust_list resumed>) = 0 [pid 305] <... set_robust_list resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x555556ba1690) = 307 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 306] <... bpf resumed>) = 3 [pid 306] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... prctl resumed>) = 0 [pid 301] <... clone resumed>, child_tidptr=0x555556ba1690) = 308 [pid 306] <... futex resumed>) = 1 [pid 305] setpgid(0, 0) = 0 [pid 303] <... clone resumed>, child_tidptr=0x555556ba1690) = 309 [pid 306] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=3, retval=0, data_size_in=14, data_size_out=0, data_in=0x20000100, data_out=NULL, repeat=4294967294, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 80 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x555556ba16a0, 24) = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] <... openat resumed>) = 3 [pid 308] write(3, "1000", 4) = 4 [pid 308] close(3) = 0 [pid 308] write(1, "executing program\n", 18executing program ) = 18 [pid 308] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] rt_sigaction(SIGRT_1, {sa_handler=0x7f2200150c50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22001422d0}, NULL, 8) = 0 [pid 308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 executing program [pid 305] write(1, "executing program\n", 18) = 18 [pid 305] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] rt_sigaction(SIGRT_1, {sa_handler=0x7f2200150c50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22001422d0}, NULL, 8) = 0 [pid 305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22000cb000 [pid 305] mprotect(0x7f22000cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 24.644571][ T28] audit: type=1400 audit(1727670525.592:66): avc: denied { execmem } for pid=298 comm="syz-executor116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000eb990, parent_tid=0x7f22000eb990, exit_signal=0, stack=0x7f22000cb000, stack_size=0x20300, tls=0x7f22000eb6c0} [pid 308] <... mmap resumed>) = 0x7f22000cb000 [pid 308] mprotect(0x7f22000cc000, 131072, PROT_READ|PROT_WRITE [pid 305] <... clone3 resumed> => {parent_tid=[310]}, 88) = 310 [pid 305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 308] <... mprotect resumed>) = 0 [pid 308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000eb990, parent_tid=0x7f22000eb990, exit_signal=0, stack=0x7f22000cb000, stack_size=0x20300, tls=0x7f22000eb6c0} => {parent_tid=[311]}, 88) = 311 [pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 308] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000) = 0 executing program executing program ./strace-static-x86_64: Process 311 attached ./strace-static-x86_64: Process 310 attached ./strace-static-x86_64: Process 309 attached ./strace-static-x86_64: Process 307 attached [pid 308] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 309] set_robust_list(0x555556ba16a0, 24 [pid 307] set_robust_list(0x555556ba16a0, 24 [pid 309] <... set_robust_list resumed>) = 0 [pid 307] <... set_robust_list resumed>) = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 309] <... prctl resumed>) = 0 [pid 307] <... prctl resumed>) = 0 [pid 309] setpgid(0, 0 [pid 307] setpgid(0, 0 [pid 309] <... setpgid resumed>) = 0 [pid 307] <... setpgid resumed>) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 309] <... openat resumed>) = 3 [pid 307] <... openat resumed>) = 3 [pid 309] write(3, "1000", 4 [pid 307] write(3, "1000", 4 [pid 309] <... write resumed>) = 4 [pid 307] <... write resumed>) = 4 [pid 309] close(3 [pid 307] close(3 [pid 309] <... close resumed>) = 0 [pid 307] <... close resumed>) = 0 [pid 309] write(1, "executing program\n", 18 [pid 307] write(1, "executing program\n", 18 [pid 309] <... write resumed>) = 18 [pid 307] <... write resumed>) = 18 [pid 309] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] set_robust_list(0x7f22000eb9a0, 24 [pid 309] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 0 [pid 310] <... set_robust_list resumed>) = 0 [pid 309] rt_sigaction(SIGRT_1, {sa_handler=0x7f2200150c50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22001422d0}, [pid 307] rt_sigaction(SIGRT_1, {sa_handler=0x7f2200150c50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22001422d0}, [pid 310] rt_sigprocmask(SIG_SETMASK, [], [pid 309] <... rt_sigaction resumed>NULL, 8) = 0 [pid 307] <... rt_sigaction resumed>NULL, 8) = 0 [pid 310] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000000, license=NULL, log_level=4294967295, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_STRICT_ALIGNMENT|BPF_F_ANY_ALIGNMENT, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148 [pid 309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 310] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 310] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... mmap resumed>) = 0x7f22000cb000 [pid 307] <... mmap resumed>) = 0x7f22000cb000 [pid 310] <... futex resumed>) = 1 [pid 309] mprotect(0x7f22000cc000, 131072, PROT_READ|PROT_WRITE [pid 307] mprotect(0x7f22000cc000, 131072, PROT_READ|PROT_WRITE [pid 305] <... futex resumed>) = 0 [pid 310] futex(0x7f22001b5348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... mprotect resumed>) = 0 [pid 307] <... mprotect resumed>) = 0 [pid 305] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] rt_sigprocmask(SIG_BLOCK, ~[], [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [pid 305] <... futex resumed>) = 0 [pid 310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000000, license="syzkaller", log_level=0, log_size=0, log_buf=NULL}, 39 [pid 309] <... rt_sigprocmask resumed>[], 8) = 0 [pid 307] <... rt_sigprocmask resumed>[], 8) = 0 [pid 305] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 310] <... bpf resumed>) = 3 [pid 309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000eb990, parent_tid=0x7f22000eb990, exit_signal=0, stack=0x7f22000cb000, stack_size=0x20300, tls=0x7f22000eb6c0} [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000eb990, parent_tid=0x7f22000eb990, exit_signal=0, stack=0x7f22000cb000, stack_size=0x20300, tls=0x7f22000eb6c0} [pid 310] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 309] <... clone3 resumed> => {parent_tid=[312]}, 88) = 312 [pid 307] <... clone3 resumed> => {parent_tid=[313]}, 88) = 313 [pid 305] <... futex resumed>) = 0 [pid 310] futex(0x7f22001b5348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] rt_sigprocmask(SIG_SETMASK, [], [pid 307] rt_sigprocmask(SIG_SETMASK, [], [pid 305] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 305] <... futex resumed>) = 0 [pid 310] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=3, retval=0, data_size_in=14, data_size_out=0, data_in=0x20000100, data_out=NULL, repeat=4294967294, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 80 [pid 309] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] set_robust_list(0x7f22000eb9a0, 24 [pid 309] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 0 [pid 311] <... set_robust_list resumed>) = 0 [pid 309] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 307] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000000, license=NULL, log_level=4294967295, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_STRICT_ALIGNMENT|BPF_F_ANY_ALIGNMENT, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EINVAL (Invalid argument) [pid 311] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000000, license="syzkaller", log_level=0, log_size=0, log_buf=NULL}, 39 [pid 308] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... bpf resumed>) = 3 [pid 308] <... futex resumed>) = 0 [pid 311] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 311] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 311] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=3, retval=0, data_size_in=14, data_size_out=0, data_in=0x20000100, data_out=NULL, repeat=4294967294, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 80 [pid 308] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 313 attached ./strace-static-x86_64: Process 312 attached ) = 0 [pid 308] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] set_robust_list(0x7f22000eb9a0, 24 [pid 312] set_robust_list(0x7f22000eb9a0, 24 [pid 313] <... set_robust_list resumed>) = 0 [pid 312] <... set_robust_list resumed>) = 0 [pid 313] rt_sigprocmask(SIG_SETMASK, [], [pid 312] rt_sigprocmask(SIG_SETMASK, [], [pid 304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 304] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000000, license=NULL, log_level=4294967295, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_STRICT_ALIGNMENT|BPF_F_ANY_ALIGNMENT, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148 [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000000, license=NULL, log_level=4294967295, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_STRICT_ALIGNMENT|BPF_F_ANY_ALIGNMENT, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148 [pid 304] <... futex resumed>) = 0 [pid 313] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 312] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 312] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... mmap resumed>) = 0x7f22000aa000 [pid 313] <... futex resumed>) = 1 [pid 312] <... futex resumed>) = 1 [pid 309] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 0 [pid 304] mprotect(0x7f22000ab000, 131072, PROT_READ|PROT_WRITE [pid 313] futex(0x7f22001b5348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] futex(0x7f22001b5348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... mprotect resumed>) = 0 [pid 313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 0 [pid 304] rt_sigprocmask(SIG_BLOCK, ~[], [pid 313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000000, license="syzkaller", log_level=0, log_size=0, log_buf=NULL}, 39 [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000000, license="syzkaller", log_level=0, log_size=0, log_buf=NULL}, 39 [pid 309] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 307] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 313] <... bpf resumed>) = 3 [pid 312] <... bpf resumed>) = 3 [pid 304] <... rt_sigprocmask resumed>[], 8) = 0 [pid 312] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000ca990, parent_tid=0x7f22000ca990, exit_signal=0, stack=0x7f22000aa000, stack_size=0x20300, tls=0x7f22000ca6c0} [pid 313] <... futex resumed>) = 1 [pid 312] <... futex resumed>) = 1 [pid 309] <... futex resumed>) = 0 [ 24.708989][ T28] audit: type=1400 audit(1727670525.632:67): avc: denied { bpf } for pid=304 comm="syz-executor116" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 307] <... futex resumed>) = 0 [pid 309] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 312] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=3, retval=0, data_size_in=14, data_size_out=0, data_in=0x20000100, data_out=NULL, repeat=4294967294, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 80 [pid 313] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=3, retval=0, data_size_in=14, data_size_out=0, data_in=0x20000100, data_out=NULL, repeat=4294967294, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 80 [pid 309] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 0 [pid 304] <... clone3 resumed> => {parent_tid=[314]}, 88) = 314 [pid 307] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 304] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 305] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22000aa000 [pid 305] mprotect(0x7f22000ab000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000ca990, parent_tid=0x7f22000ca990, exit_signal=0, stack=0x7f22000aa000, stack_size=0x20300, tls=0x7f22000ca6c0} => {parent_tid=[315]}, 88) = 315 [pid 305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 315 attached ./strace-static-x86_64: Process 314 attached [pid 315] set_robust_list(0x7f22000ca9a0, 24) = 0 [pid 315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 315] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 314] set_robust_list(0x7f22000ca9a0, 24 [pid 308] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 308] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 308] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] <... set_robust_list resumed>) = 0 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 314] rt_sigprocmask(SIG_SETMASK, [], [pid 308] <... mmap resumed>) = 0x7f22000aa000 [pid 308] mprotect(0x7f22000ab000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 308] rt_sigprocmask(SIG_BLOCK, ~[], [pid 314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 308] <... rt_sigprocmask resumed>[], 8) = 0 [pid 314] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000ca990, parent_tid=0x7f22000ca990, exit_signal=0, stack=0x7f22000aa000, stack_size=0x20300, tls=0x7f22000ca6c0} [pid 314] <... bpf resumed>) = 4 [pid 308] <... clone3 resumed> => {parent_tid=[316]}, 88) = 316 [pid 314] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 308] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 1 [pid 315] <... bpf resumed>) = 4 [pid 314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=13, insns=0x20000200, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 315] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... futex resumed>) = 1 [pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=13, insns=0x20000200, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 314] <... bpf resumed>) = 5 [pid 314] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 304] <... futex resumed>) = 0 [pid 314] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=4, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12 [pid 304] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... bpf resumed>) = 0 [pid 314] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... bpf resumed>) = 5 [pid 315] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... futex resumed>) = 1 [pid 315] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=4, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 315] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... futex resumed>) = 1 [pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x20000480, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = 6 [pid 315] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... futex resumed>) = 1 [pid 315] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=6, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80 [pid 309] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 307] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 314] <... futex resumed>) = 1 [pid 309] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 314] futex(0x7f22001b5358, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 0 [pid 304] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 304] <... futex resumed>) = 0 [pid 314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x20000480, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 [pid 309] <... mmap resumed>) = 0x7f22000aa000 [pid 307] <... mmap resumed>) = 0x7f22000aa000 [pid 304] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] mprotect(0x7f22000ab000, 131072, PROT_READ|PROT_WRITE [pid 307] mprotect(0x7f22000ab000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x7f22000ca9a0, 24 [pid 309] <... mprotect resumed>) = 0 [pid 307] <... mprotect resumed>) = 0 [pid 316] <... set_robust_list resumed>) = 0 [pid 309] rt_sigprocmask(SIG_BLOCK, ~[], [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [pid 309] <... rt_sigprocmask resumed>[], 8) = 0 [pid 307] <... rt_sigprocmask resumed>[], 8) = 0 [pid 309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000ca990, parent_tid=0x7f22000ca990, exit_signal=0, stack=0x7f22000aa000, stack_size=0x20300, tls=0x7f22000ca6c0} [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000ca990, parent_tid=0x7f22000ca990, exit_signal=0, stack=0x7f22000aa000, stack_size=0x20300, tls=0x7f22000ca6c0} [pid 316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 316] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 309] <... clone3 resumed> => {parent_tid=[317]}, 88) = 317 [pid 309] rt_sigprocmask(SIG_SETMASK, [], [pid 307] <... clone3 resumed> => {parent_tid=[318]}, 88) = 318 [pid 309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 307] rt_sigprocmask(SIG_SETMASK, [], [pid 309] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 309] <... futex resumed>) = 0 [pid 307] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 0 [pid 316] <... bpf resumed>) = 4 [pid 307] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=13, insns=0x20000200, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 318 attached [pid 318] set_robust_list(0x7f22000ca9a0, 24) = 0 [pid 318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 318] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 4 [pid 318] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = 1 [pid 318] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=13, insns=0x20000200, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x7f22000ca9a0, 24) = 0 [pid 317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 317] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 4 [pid 317] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 309] <... futex resumed>) = 0 [pid 309] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=13, insns=0x20000200, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 318] <... bpf resumed>) = 5 [pid 317] <... bpf resumed>) = 5 [pid 316] <... bpf resumed>) = 5 [pid 314] <... bpf resumed>) = 6 [pid 318] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = 1 [pid 316] <... futex resumed>) = 1 [pid 308] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 0 [pid 318] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=4, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12 [pid 316] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=4, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12 [pid 308] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... bpf resumed>) = 0 [pid 316] <... bpf resumed>) = 0 [pid 308] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 0 [pid 308] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 318] <... futex resumed>) = 0 [pid 317] <... futex resumed>) = 1 [pid 316] <... futex resumed>) = 1 [pid 314] <... futex resumed>) = 1 [pid 309] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = 0 [pid 307] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 318] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x20000480, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 [pid 316] futex(0x7f22001b5358, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 317] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=4, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12 [pid 314] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=6, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80 [pid 309] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... bpf resumed>) = 6 [pid 317] <... bpf resumed>) = 0 [pid 316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 308] <... futex resumed>) = 0 [pid 307] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x20000480, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 [pid 308] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 318] <... futex resumed>) = 0 [pid 316] <... bpf resumed>) = 6 [pid 307] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=6, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80 [pid 316] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 318] <... bpf resumed>) = 0 [pid 317] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... futex resumed>) = 1 [pid 314] <... bpf resumed>) = 0 [pid 309] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = 0 [pid 307] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 0 [pid 317] <... futex resumed>) = 0 [pid 316] futex(0x7f22001b5358, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] futex(0x7f22001b5358, FUTEX_WAIT_PRIVATE, 0, NULL [pid 316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 308] <... futex resumed>) = 0 [pid 304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 24.797358][ T28] audit: type=1400 audit(1727670525.632:68): avc: denied { prog_load } for pid=304 comm="syz-executor116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 316] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=6, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80 [pid 314] <... futex resumed>) = 0 [pid 309] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 317] <... futex resumed>) = 0 [pid 316] <... bpf resumed>) = 0 [pid 314] futex(0x7f22001b5358, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... futex resumed>) = 1 [pid 317] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x20000480, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 [pid 309] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 316] futex(0x7f22001b5358, FUTEX_WAIT_PRIVATE, 0, NULL [pid 317] <... bpf resumed>) = 6 [pid 317] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 309] <... futex resumed>) = 0 [pid 318] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] futex(0x7f22001b5358, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] <... futex resumed>) = 0 [pid 317] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=6, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80 [pid 309] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = 1 [pid 307] <... futex resumed>) = 0 [pid 318] futex(0x7f22001b5358, FUTEX_WAIT_PRIVATE, 0, NULL [pid 317] <... bpf resumed>) = 0 [pid 317] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 309] <... futex resumed>) = 0 [pid 317] futex(0x7f22001b5358, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] <... bpf resumed>) = 0 [pid 315] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 24.899272][ T28] audit: type=1400 audit(1727670525.642:69): avc: denied { perfmon } for pid=304 comm="syz-executor116" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 315] futex(0x7f22001b5358, FUTEX_WAIT_PRIVATE, 0, NULL [pid 305] exit_group(0 [pid 315] <... futex resumed>) = ? [pid 305] <... exit_group resumed>) = ? [pid 315] +++ exited with 0 +++ [pid 310] <... bpf resumed>) = ? [pid 308] exit_group(0 [pid 316] <... futex resumed>) = ? [pid 308] <... exit_group resumed>) = ? [pid 316] +++ exited with 0 +++ [pid 307] exit_group(0 [pid 318] <... futex resumed>) = ? [pid 307] <... exit_group resumed>) = ? [pid 318] +++ exited with 0 +++ [pid 311] <... bpf resumed>) = ? [pid 311] +++ exited with 0 +++ [pid 308] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 310] +++ exited with 0 +++ [pid 305] +++ exited with 0 +++ [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [ 24.983597][ T28] audit: type=1400 audit(1727670525.642:70): avc: denied { prog_run } for pid=304 comm="syz-executor116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 302] restart_syscall(<... resuming interrupted clone ...> [pid 313] <... bpf resumed>) = ? [pid 302] <... restart_syscall resumed>) = 0 [pid 301] <... restart_syscall resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 313] +++ exited with 0 +++ [pid 307] +++ exited with 0 +++ [pid 301] <... clone resumed>, child_tidptr=0x555556ba1690) = 319 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x555556ba16a0, 24) = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 302] <... clone resumed>, child_tidptr=0x555556ba1690) = 320 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 executing program [pid 319] write(1, "executing program\n", 18) = 18 [pid 319] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] rt_sigaction(SIGRT_1, {sa_handler=0x7f2200150c50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22001422d0}, NULL, 8) = 0 [pid 319] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22000cb000 [pid 319] mprotect(0x7f22000cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000eb990, parent_tid=0x7f22000eb990, exit_signal=0, stack=0x7f22000cb000, stack_size=0x20300, tls=0x7f22000eb6c0} => {parent_tid=[321]}, 88) = 321 [pid 319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 319] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000}./strace-static-x86_64: Process 321 attached [pid 321] set_robust_list(0x7f22000eb9a0, 24) = 0 [pid 321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000000, license=NULL, log_level=4294967295, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_STRICT_ALIGNMENT|BPF_F_ANY_ALIGNMENT, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EINVAL (Invalid argument) [pid 321] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 321] <... futex resumed>) = 1 [pid 321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000000, license="syzkaller", log_level=0, log_size=0, log_buf=NULL}, 39./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x555556ba16a0, 24) = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 321] <... bpf resumed>) = 3 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 321] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... restart_syscall resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 320] <... openat resumed>) = 3 [pid 299] <... clone resumed>, child_tidptr=0x555556ba1690) = 322 [pid 320] write(3, "1000", 4 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=3, retval=0, data_size_in=14, data_size_out=0, data_in=0x20000100, data_out=NULL, repeat=4294967294, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 80 [pid 320] <... write resumed>) = 4 [pid 320] close(3) = 0 [pid 320] write(1, "executing program\n", 18executing program ) = 18 [pid 320] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] rt_sigaction(SIGRT_1, {sa_handler=0x7f2200150c50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22001422d0}, NULL, 8) = 0 [pid 320] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 309] exit_group(0) = ? [pid 317] <... futex resumed>) = ? [pid 317] +++ exited with 0 +++ [pid 320] <... mmap resumed>) = 0x7f22000cb000 [pid 312] <... bpf resumed>) = ? [pid 320] mprotect(0x7f22000cc000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 322 attached [pid 320] rt_sigprocmask(SIG_BLOCK, ~[], [ 25.020813][ T28] audit: type=1400 audit(1727670525.742:72): avc: denied { map_read map_write } for pid=304 comm="syz-executor116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 25.062343][ T28] audit: type=1400 audit(1727670525.742:71): avc: denied { map_create } for pid=305 comm="syz-executor116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 304] exit_group(0 [pid 322] set_robust_list(0x555556ba16a0, 24 [pid 320] <... rt_sigprocmask resumed>[], 8) = 0 [pid 314] <... futex resumed>) = ? [pid 312] +++ exited with 0 +++ [pid 309] +++ exited with 0 +++ [pid 306] <... bpf resumed>) = ? [pid 304] <... exit_group resumed>) = ? [pid 322] <... set_robust_list resumed>) = 0 [pid 320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000eb990, parent_tid=0x7f22000eb990, exit_signal=0, stack=0x7f22000cb000, stack_size=0x20300, tls=0x7f22000eb6c0} [pid 314] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] <... clone3 resumed> => {parent_tid=[324]}, 88) = 324 [pid 322] setpgid(0, 0 [pid 320] rt_sigprocmask(SIG_SETMASK, [], [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 322] <... setpgid resumed>) = 0 [pid 320] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 320] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... clone resumed>, child_tidptr=0x555556ba1690) = 325 [pid 322] <... openat resumed>) = 3 [pid 320] <... futex resumed>) = 0 [pid 322] write(3, "1000", 4 [pid 320] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 322] <... write resumed>) = 4 [pid 322] close(3executing program ) = 0 [pid 322] write(1, "executing program\n", 18) = 18 [pid 322] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] rt_sigaction(SIGRT_1, {sa_handler=0x7f2200150c50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22001422d0}, NULL, 8) = 0 [pid 322] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22000cb000 [pid 322] mprotect(0x7f22000cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000eb990, parent_tid=0x7f22000eb990, exit_signal=0, stack=0x7f22000cb000, stack_size=0x20300, tls=0x7f22000eb6c0} => {parent_tid=[326]}, 88) = 326 [pid 322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 322] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000}./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x7f22000eb9a0, 24) = 0 [pid 326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 326] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000000, license=NULL, log_level=4294967295, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_STRICT_ALIGNMENT|BPF_F_ANY_ALIGNMENT, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EINVAL (Invalid argument) [pid 326] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... futex resumed>) = 0 [pid 322] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 326] <... futex resumed>) = 1 [pid 326] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000000, license="syzkaller", log_level=0, log_size=0, log_buf=NULL}, 39) = 3 [pid 326] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... futex resumed>) = 0 [pid 322] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] <... futex resumed>) = 1 [pid 326] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=3, retval=0, data_size_in=14, data_size_out=0, data_in=0x20000100, data_out=NULL, repeat=4294967294, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 80 [pid 322] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 319] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 322] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 319] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... futex resumed>) = 0 [pid 319] <... futex resumed>) = 0 [pid 322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 322] <... mmap resumed>) = 0x7f22000aa000 [pid 319] <... mmap resumed>) = 0x7f22000aa000 [pid 304] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 320] <... futex resumed>) = 0 [pid 322] mprotect(0x7f22000ab000, 131072, PROT_READ|PROT_WRITE [pid 320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 319] mprotect(0x7f22000ab000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 324 attached ./strace-static-x86_64: Process 325 attached [pid 324] set_robust_list(0x7f22000eb9a0, 24 [pid 322] <... mprotect resumed>) = 0 [pid 320] <... mmap resumed>) = 0x7f22000aa000 [pid 319] <... mprotect resumed>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 325] set_robust_list(0x555556ba16a0, 24 [pid 324] <... set_robust_list resumed>) = 0 [pid 320] mprotect(0x7f22000ab000, 131072, PROT_READ|PROT_WRITE [pid 322] rt_sigprocmask(SIG_BLOCK, ~[], [pid 319] rt_sigprocmask(SIG_BLOCK, ~[], [pid 325] <... set_robust_list resumed>) = 0 [pid 324] rt_sigprocmask(SIG_SETMASK, [], [pid 322] <... rt_sigprocmask resumed>[], 8) = 0 [pid 320] <... mprotect resumed>) = 0 [pid 319] <... rt_sigprocmask resumed>[], 8) = 0 [pid 324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000000, license=NULL, log_level=4294967295, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_STRICT_ALIGNMENT|BPF_F_ANY_ALIGNMENT, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148 [pid 322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000ca990, parent_tid=0x7f22000ca990, exit_signal=0, stack=0x7f22000aa000, stack_size=0x20300, tls=0x7f22000ca6c0} [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 320] rt_sigprocmask(SIG_BLOCK, ~[], [pid 319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000ca990, parent_tid=0x7f22000ca990, exit_signal=0, stack=0x7f22000aa000, stack_size=0x20300, tls=0x7f22000ca6c0} [pid 300] <... clone resumed>, child_tidptr=0x555556ba1690) = 328 [pid 325] <... prctl resumed>) = 0 [pid 324] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 320] <... rt_sigprocmask resumed>[], 8) = 0 [pid 322] <... clone3 resumed> => {parent_tid=[329]}, 88) = 329 [pid 319] <... clone3 resumed> => {parent_tid=[330]}, 88) = 330 [pid 325] setpgid(0, 0 [pid 324] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] rt_sigprocmask(SIG_SETMASK, [], [pid 320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000ca990, parent_tid=0x7f22000ca990, exit_signal=0, stack=0x7f22000aa000, stack_size=0x20300, tls=0x7f22000ca6c0} [pid 319] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 330 attached ./strace-static-x86_64: Process 329 attached ./strace-static-x86_64: Process 328 attached [pid 325] <... setpgid resumed>) = 0 [pid 324] <... futex resumed>) = 0 [pid 322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 322] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... futex resumed>) = 0 [pid 319] <... futex resumed>) = 0 [pid 322] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 324] futex(0x7f22001b5348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] <... clone3 resumed> => {parent_tid=[331]}, 88) = 331 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 325] <... openat resumed>) = 3 [pid 320] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] write(3, "1000", 4 [pid 320] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 325] <... write resumed>) = 4 [pid 325] close(3) = 0 [pid 325] write(1, "executing program\n", 18 [pid 328] set_robust_list(0x555556ba16a0, 24 [pid 329] set_robust_list(0x7f22000ca9a0, 24executing program [pid 325] <... write resumed>) = 18 [pid 328] <... set_robust_list resumed>) = 0 [pid 325] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] <... set_robust_list resumed>) = 0 [pid 330] set_robust_list(0x7f22000ca9a0, 24 [pid 325] <... futex resumed>) = 0 [pid 325] rt_sigaction(SIGRT_1, {sa_handler=0x7f2200150c50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22001422d0}, NULL, 8) = 0 [pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 331 attached [pid 330] <... set_robust_list resumed>) = 0 [pid 329] rt_sigprocmask(SIG_SETMASK, [], [pid 325] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22000cb000 [pid 325] mprotect(0x7f22000cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 328] <... prctl resumed>) = 0 [pid 329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 331] set_robust_list(0x7f22000ca9a0, 24 [pid 330] rt_sigprocmask(SIG_SETMASK, [], [pid 329] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 328] setpgid(0, 0 [pid 330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 331] <... set_robust_list resumed>) = 0 [pid 328] <... setpgid resumed>) = 0 [pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 328] write(3, "1000", 4 [pid 329] <... bpf resumed>) = 4 [pid 331] rt_sigprocmask(SIG_SETMASK, [], [pid 330] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=4, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 328] <... write resumed>) = 4 [pid 328] close(3 [pid 329] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... close resumed>) = 0 [pid 322] <... futex resumed>) = 0 [pid 322] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 329] <... futex resumed>) = 1 [pid 328] write(1, "executing program\n", 18executing program ) = 18 [pid 328] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=13, insns=0x20000200, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 330] <... bpf resumed>) = 4 [pid 328] <... futex resumed>) = 0 [pid 325] rt_sigprocmask(SIG_BLOCK, ~[], [pid 328] rt_sigaction(SIGRT_1, {sa_handler=0x7f2200150c50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22001422d0}, NULL, 8) = 0 [pid 328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22000cb000 [pid 328] mprotect(0x7f22000cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 330] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 330] <... futex resumed>) = 1 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000eb990, parent_tid=0x7f22000eb990, exit_signal=0, stack=0x7f22000cb000, stack_size=0x20300, tls=0x7f22000eb6c0} [pid 330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=13, insns=0x20000200, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 329] <... bpf resumed>) = 5 [pid 330] <... bpf resumed>) = 5 [pid 328] <... clone3 resumed> => {parent_tid=[332]}, 88) = 332 [pid 331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000000, license="syzkaller", log_level=0, log_size=0, log_buf=NULL}, 39 [pid 329] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... rt_sigprocmask resumed>[], 8) = 0 [pid 328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 331] <... bpf resumed>) = 3 [pid 328] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000 [pid 330] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] <... futex resumed>) = 1 [pid 322] <... futex resumed>) = 0 [pid 322] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 0 [pid 329] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=4, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x7f22000eb9a0, 24) = 0 [pid 328] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 329] <... bpf resumed>) = 0 [pid 325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22000eb990, parent_tid=0x7f22000eb990, exit_signal=0, stack=0x7f22000cb000, stack_size=0x20300, tls=0x7f22000eb6c0} [pid 332] rt_sigprocmask(SIG_SETMASK, [], [pid 319] <... futex resumed>) = 0 [pid 332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 319] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000000, license=NULL, log_level=4294967295, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_STRICT_ALIGNMENT|BPF_F_ANY_ALIGNMENT, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EINVAL (Invalid argument) [pid 330] <... futex resumed>) = 1 [pid 329] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] futex(0x7f22001b5348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000 [pid 330] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=5, retval=4, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12 [pid 329] <... futex resumed>) = 1 [pid 322] <... futex resumed>) = 0 [pid 322] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 1 [pid 332] <... futex resumed>) = 0 [pid 331] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 330] <... bpf resumed>) = 0 [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000000, license="syzkaller", log_level=0, log_size=0, log_buf=NULL}, 39 [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x20000480, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 [pid 328] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 325] <... clone3 resumed> => {parent_tid=[333]}, 88) = 333 [pid 332] <... bpf resumed>) = 3 [pid 329] <... bpf resumed>) = 6 [ 26.069796][ C1] sched: RT throttling activated [ 26.109985][ T329] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 26.121830][ T329] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 26.130069][ T329] CPU: 1 PID: 329 Comm: syz-executor116 Not tainted 6.1.99-syzkaller-00091-g110595418159 #0 [ 26.139965][ T329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 26.149945][ T329] RIP: 0010:dev_map_enqueue+0x31/0x340 [pid 332] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 331] <... futex resumed>) = 1 [pid 330] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 1 [pid 325] rt_sigprocmask(SIG_SETMASK, [], [pid 328] <... futex resumed>) = 0 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... futex resumed>) = 0 [pid 320] <... futex resumed>) = 1 [pid 324] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=3, retval=0, data_size_in=14, data_size_out=0, data_in=0x20000100, data_out=NULL, repeat=4294967294, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 80 [pid 320] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=3, retval=0, data_size_in=14, data_size_out=0, data_in=0x20000100, data_out=NULL, repeat=4294967294, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 80 [pid 330] <... futex resumed>) = 1 [pid 328] <... futex resumed>) = 0 [pid 319] <... futex resumed>) = 0 [pid 331] futex(0x7f22001b5358, FUTEX_WAIT_PRIVATE, 0, NULL [pid 325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 329] <... futex resumed>) = 1 [pid 328] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... futex resumed>) = 0 [pid 319] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] futex(0x7f22001b5358, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x20000480, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 [pid 322] <... futex resumed>) = 0 [pid 319] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] futex(0x7f22001b535c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... bpf resumed>) = 6 [pid 329] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=6, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80 [pid 325] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 330] futex(0x7f22001b535c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 26.155241][ T329] Code: 56 41 55 41 54 53 48 83 ec 18 48 89 55 c0 49 89 f7 48 89 fb 49 bc 00 00 00 00 00 fc ff df e8 76 18 de ff 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 f0 57 25 00 4c 8b 33 48 83 c3 20 [ 26.174774][ T329] RSP: 0018:ffffc900010275f8 EFLAGS: 00010246 [ 26.180672][ T329] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888109fa2880 [ 26.188487][ T329] RDX: 0000000000000000 RSI: ffff888125746070 RDI: 0000000000000000 [ 26.196298][ T329] RBP: ffffc90001027638 R08: ffffffff84136342 R09: ffffffff84136262 [pid 330] futex(0x7f22001b5358, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x7f22000eb9a0, 24) = 0 [pid 333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000000, license=NULL, log_level=4294967295, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_STRICT_ALIGNMENT|BPF_F_ANY_ALIGNMENT, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EINVAL (Invalid argument) [pid 333] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000000, license="syzkaller", log_level=0, log_size=0, log_buf=NULL}, 39) = 3 [pid 333] futex(0x7f22001b534c, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7f22001b5348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7f22001b534c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [ 26.204106][ T329] R10: 0000000000000004 R11: ffff888109fa2880 R12: dffffc0000000000 [ 26.211920][ T329] R13: 1ffff1103ede6e15 R14: 1ffff1103ede6e15 R15: ffff888125746070 [ 26.219736][ T329] FS: 00007f22000ca6c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 26.228496][ T329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.234913][ T329] CR2: 00007ffd494d87c0 CR3: 0000000124e11000 CR4: 00000000003506a0 [ 26.242729][ T329] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.250541][ T329] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.258351][ T329] Call Trace: [ 26.261475][ T329] [ 26.264264][ T329] ? __die_body+0x62/0xb0 [ 26.268419][ T329] ? die_addr+0x9f/0xd0 [ 26.272531][ T329] ? exc_general_protection+0x317/0x4c0 [ 26.277916][ T329] ? asm_exc_general_protection+0x27/0x30 [ 26.283474][ T329] ? xdp_do_redirect_frame+0x1b2/0x800 [ 26.288764][ T329] ? xdp_do_redirect_frame+0x292/0x800 [ 26.294053][ T329] ? dev_map_enqueue+0x31/0x340 [ 26.298740][ T329] ? dev_map_enqueue+0x2a/0x340 [ 26.303451][ T329] xdp_do_redirect_frame+0x2b5/0x800 [ 26.308553][ T329] bpf_test_run_xdp_live+0xc30/0x1f70 [ 26.313882][ T329] ? __kasan_check_write+0x14/0x20 [ 26.318839][ T329] ? bpf_test_run_xdp_live+0x7ae/0x1f70 [ 26.324213][ T329] ? xdp_convert_md_to_buff+0x360/0x360 [ 26.329717][ T329] ? bpf_dispatcher_change_prog+0xd9d/0xf20 [ 26.335462][ T329] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 26.341644][ T329] ? __kasan_check_write+0x14/0x20 [ 26.346585][ T329] ? _copy_from_user+0x90/0xc0 [ 26.351361][ T329] bpf_prog_test_run_xdp+0x7d1/0x1130 [ 26.356575][ T329] ? dev_put+0x80/0x80 [ 26.360486][ T329] ? __kasan_check_write+0x14/0x20 [ 26.365420][ T329] ? fput+0x15b/0x1b0 [ 26.369238][ T329] ? dev_put+0x80/0x80 [ 26.373153][ T329] bpf_prog_test_run+0x3b0/0x630 [ 26.377916][ T329] ? bpf_prog_query+0x260/0x260 [ 26.382789][ T329] ? selinux_bpf+0xd2/0x100 [ 26.387125][ T329] ? security_bpf+0x82/0xb0 [ 26.391459][ T329] __sys_bpf+0x59f/0x7f0 [ 26.395535][ T329] ? ptrace_stop+0x709/0x930 [ 26.400254][ T329] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 26.405463][ T329] ? do_notify_parent+0xa20/0xa20 [ 26.410320][ T329] ? fpregs_restore_userregs+0x130/0x290 [ 26.415799][ T329] __x64_sys_bpf+0x7c/0x90 [ 26.420044][ T329] x64_sys_call+0x87f/0x9a0 [ 26.425011][ T329] do_syscall_64+0x3b/0xb0 [ 26.429462][ T329] ? clear_bhb_loop+0x55/0xb0 [ 26.434234][ T329] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 26.439993][ T329] RIP: 0033:0x7f220012ad19 [ 26.444214][ T329] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 26.463649][ T329] RSP: 002b:00007f22000ca218 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 26.471990][ T329] RAX: ffffffffffffffda RBX: 00007f22001b5358 RCX: 00007f220012ad19 [ 26.479892][ T329] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a [ 26.487866][ T329] RBP: 00007f22001b5350 R08: 0000000000000000 R09: 0000000000000000 [ 26.495675][ T329] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2200182074 [ 26.503487][ T329] R13: 656c6c616b7a7973 R14: ec5b6f9bc8abe9db R15: e9db87d37e54b9e0 [ 26.511309][ T329] [ 26.514161][ T329] Modules linked in: [ 26.518000][ T329] ---[ end trace 0000000000000000 ]--- [ 26.523227][ T329] RIP: 0010:dev_map_enqueue+0x31/0x340 [ 26.528488][ T329] Code: 56 41 55 41 54 53 48 83 ec 18 48 89 55 c0 49 89 f7 48 89 fb 49 bc 00 00 00 00 00 fc ff df e8 76 18 de ff 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 f0 57 25 00 4c 8b 33 48 83 c3 20 [ 26.548244][ T329] RSP: 0018:ffffc900010275f8 EFLAGS: 00010246 [ 26.554135][ T329] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888109fa2880 [ 26.562030][ T329] RDX: 0000000000000000 RSI: ffff888125746070 RDI: 0000000000000000 [ 26.569949][ T329] RBP: ffffc90001027638 R08: ffffffff84136342 R09: ffffffff84136262 [ 26.577723][ T329] R10: 0000000000000004 R11: ffff888109fa2880 R12: dffffc0000000000 [ 26.585564][ T329] R13: 1ffff1103ede6e15 R14: 1ffff1103ede6e15 R15: ffff888125746070 [ 26.593723][ T329] FS: 00007f22000ca6c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 26.602500][ T329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.608888][ T329] CR2: 00007ffd494d87c0 CR3: 0000000124e11000 CR4: 00000000003506a0 [ 26.616738][ T329] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.624535][ T329] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.632447][ T329] Kernel panic - not syncing: Fatal exception in interrupt [ 26.639784][ T329] Kernel Offset: disabled [ 26.643946][ T329] Rebooting in 86400 seconds..