./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1397591175 <...> [ 3.615495][ T28] audit: type=1400 audit(1735640805.111:10): avc: denied { getattr } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.917130][ T102] udevd[102]: starting version 3.2.11 [ 3.961734][ T103] udevd[103]: starting eudev-3.2.11 [ 3.962748][ T102] udevd (102) used greatest stack depth: 22216 bytes left [ 12.557291][ T28] kauditd_printk_skb: 50 callbacks suppressed [ 12.557304][ T28] audit: type=1400 audit(1735640814.071:61): avc: denied { transition } for pid=227 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.561480][ T28] audit: type=1400 audit(1735640814.071:62): avc: denied { noatsecure } for pid=227 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.564200][ T28] audit: type=1400 audit(1735640814.071:63): avc: denied { write } for pid=227 comm="sh" path="pipe:[14694]" dev="pipefs" ino=14694 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 12.567600][ T28] audit: type=1400 audit(1735640814.071:64): avc: denied { rlimitinh } for pid=227 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.570113][ T28] audit: type=1400 audit(1735640814.071:65): avc: denied { siginh } for pid=227 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.10.51' (ED25519) to the list of known hosts. execve("./syz-executor1397591175", ["./syz-executor1397591175"], 0x7fff02cdc480 /* 10 vars */) = 0 brk(NULL) = 0x555590c28000 brk(0x555590c28d00) = 0x555590c28d00 arch_prctl(ARCH_SET_FS, 0x555590c28380) = 0 set_tid_address(0x555590c28650) = 296 set_robust_list(0x555590c28660, 24) = 0 rseq(0x555590c28ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1397591175", 4096) = 28 getrandom("\x0a\xd2\xdf\x1a\x43\x65\x6e\x06", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555590c28d00 brk(0x555590c49d00) = 0x555590c49d00 brk(0x555590c4a000) = 0x555590c4a000 mprotect(0x7f98fa585000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555590c28650) = 297 ./strace-static-x86_64: Process 297 attached [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] set_robust_list(0x555590c28660, 24) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone resumed>, child_tidptr=0x555590c28650) = 298 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 299 attached ./strace-static-x86_64: Process 298 attached , child_tidptr=0x555590c28650) = 300 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 300 attached ./strace-static-x86_64: Process 301 attached [pid 299] set_robust_list(0x555590c28660, 24 [pid 298] set_robust_list(0x555590c28660, 24 [pid 297] <... clone resumed>, child_tidptr=0x555590c28650) = 299 [pid 296] <... clone resumed>, child_tidptr=0x555590c28650) = 301 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] set_robust_list(0x555590c28660, 24 [pid 300] set_robust_list(0x555590c28660, 24 [pid 299] <... set_robust_list resumed>) = 0 [pid 298] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 302 attached [pid 296] <... clone resumed>, child_tidptr=0x555590c28650) = 302 [pid 301] <... set_robust_list resumed>) = 0 [pid 300] <... set_robust_list resumed>) = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 302] set_robust_list(0x555590c28660, 24 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 303 attached [pid 302] <... set_robust_list resumed>) = 0 [pid 299] setpgid(0, 0 [pid 298] <... clone resumed>, child_tidptr=0x555590c28650) = 303 [pid 303] set_robust_list(0x555590c28660, 24 [pid 299] <... setpgid resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555590c28650) = 304 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] <... clone resumed>, child_tidptr=0x555590c28650) = 305 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x555590c28660, 24) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 299] <... openat resumed>) = 3 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "1000", 4 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] write(1, "executing program\n", 18executing program ) = 18 [pid 305] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72./strace-static-x86_64: Process 304 attached [pid 303] <... set_robust_list resumed>) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... write resumed>) = 4 [pid 299] close(3) = 0 executing program [pid 299] write(1, "executing program\n", 18./strace-static-x86_64: Process 306 attached [pid 305] <... bpf resumed>) = 3 [pid 304] set_robust_list(0x555590c28660, 24 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] <... write resumed>) = 18 [pid 304] <... set_robust_list resumed>) = 0 [pid 303] <... prctl resumed>) = 0 [pid 302] <... clone resumed>, child_tidptr=0x555590c28650) = 306 [pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 303] setpgid(0, 0 [pid 299] <... bpf resumed>) = 3 [pid 304] <... prctl resumed>) = 0 [pid 303] <... setpgid resumed>) = 0 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x20000400, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 [pid 304] setpgid(0, 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... bpf resumed>) = 4 [pid 306] set_robust_list(0x555590c28660, 24 [pid 304] <... setpgid resumed>) = 0 [pid 303] <... openat resumed>) = 3 [pid 299] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x200002c0, data_out=0x20000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 303] write(3, "1000", 4 [pid 299] <... bpf resumed>) = 0 [pid 304] <... openat resumed>) = 3 [pid 303] <... write resumed>) = 4 [pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 304] write(3, "1000", 4 [pid 303] close(3 [pid 299] <... bpf resumed>) = 5 [pid 306] <... set_robust_list resumed>) = 0 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x20000400, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 [pid 304] <... write resumed>) = 4 [pid 303] <... close resumed>) = 0 [pid 299] perf_event_open( [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 304] close(3executing program [pid 303] write(1, "executing program\n", 18 [pid 299] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=409, sample_period=3, sample_type=PERF_SAMPLE_STACK_USER|PERF_SAMPLE_DATA_SRC, read_format=PERF_FORMAT_TOTAL_TIME_RUNNING, precise_ip=0 /* arbitrary skid */, ...}, 0, -1, -1, 0) = 6 [pid 306] <... prctl resumed>) = 0 [pid 305] <... bpf resumed>) = 4 [pid 304] <... close resumed>) = 0 [pid 303] <... write resumed>) = 18 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=13, insns=0x20000200, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148executing program [pid 304] write(1, "executing program\n", 18 [pid 303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 299] <... bpf resumed>) = 7 [pid 304] <... write resumed>) = 18 [pid 303] <... bpf resumed>) = 3 [pid 304] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x20000400, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 [pid 299] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12 [pid 304] <... bpf resumed>) = 3 [pid 303] <... bpf resumed>) = 4 [pid 299] <... bpf resumed>) = 0 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x20000400, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 [pid 303] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x200002c0, data_out=0x20000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x20000480, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148 [pid 304] <... bpf resumed>) = 4 [pid 303] <... bpf resumed>) = 0 [pid 299] <... bpf resumed>) = 8 [pid 304] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x200002c0, data_out=0x20000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76 [pid 303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 299] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=8, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80 [pid 304] <... bpf resumed>) = 0 [pid 303] <... bpf resumed>) = 5 [pid 304] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 303] perf_event_open( [pid 306] setpgid(0, 0 [pid 305] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x200002c0, data_out=0x20000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76 [pid 304] <... bpf resumed>) = 5 [pid 303] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=409, sample_period=3, sample_type=PERF_SAMPLE_STACK_USER|PERF_SAMPLE_DATA_SRC, read_format=PERF_FORMAT_TOTAL_TIME_RUNNING, precise_ip=0 /* arbitrary skid */, ...}, 0, -1, -1, 0) = 6 [pid 304] perf_event_open( [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=13, insns=0x20000200, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 [pid 304] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=409, sample_period=3, sample_type=PERF_SAMPLE_STACK_USER|PERF_SAMPLE_DATA_SRC, read_format=PERF_FORMAT_TOTAL_TIME_RUNNING, precise_ip=0 /* arbitrary skid */, ...}, 0, -1, -1, 0) = 6 [ 21.554113][ T28] audit: type=1400 audit(1735640823.061:66): avc: denied { execmem } for pid=296 comm="syz-executor139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.564151][ T28] audit: type=1400 audit(1735640823.071:67): avc: denied { bpf } for pid=305 comm="syz-executor139" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 21.567444][ T28] audit: type=1400 audit(1735640823.071:68): avc: denied { map_create } for pid=305 comm="syz-executor139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 21.570313][ T28] audit: type=1400 audit(1735640823.071:69): avc: denied { map_read map_write } for pid=305 comm="syz-executor139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 21.573121][ T28] audit: type=1400 audit(1735640823.081:70): avc: denied { prog_load } for pid=299 comm="syz-executor139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 21.576547][ T28] audit: type=1400 audit(1735640823.081:71): avc: denied { perfmon } for pid=299 comm="syz-executor139" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=13, insns=0x20000200, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 [pid 306] <... setpgid resumed>) = 0 [pid 305] <... bpf resumed>) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 305] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 306] <... openat resumed>) = 3 [pid 305] <... bpf resumed>) = 5 [pid 305] perf_event_open( [pid 306] write(3, "1000", 4 [pid 304] <... bpf resumed>) = 7 [pid 303] <... bpf resumed>) = 7 [pid 304] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 303] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x20000480, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148 [pid 303] <... bpf resumed>) = 0 [pid 304] <... bpf resumed>) = 8 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x20000480, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148 [pid 304] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=8, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80 [pid 303] <... bpf resumed>) = 8 [ 21.598263][ T28] audit: type=1400 audit(1735640823.081:72): avc: denied { prog_run } for pid=299 comm="syz-executor139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 21.617555][ T28] audit: type=1400 audit(1735640823.081:73): avc: denied { open } for pid=299 comm="syz-executor139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [pid 303] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=8, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80 [pid 305] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=409, sample_period=3, sample_type=PERF_SAMPLE_STACK_USER|PERF_SAMPLE_DATA_SRC, read_format=PERF_FORMAT_TOTAL_TIME_RUNNING, precise_ip=0 /* arbitrary skid */, ...}, 0, -1, -1, 0) = 6 [pid 306] <... write resumed>) = 4 [pid 306] close(3 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=13, insns=0x20000200, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 [pid 306] <... close resumed>) = 0 executing program [pid 306] write(1, "executing program\n", 18) = 18 [pid 306] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_LWT_XMIT, insn_cnt=23, insns=0x20000400, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 4 [pid 306] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=4, retval=4238869664, data_size_in=16, data_size_out=56, data_in=0x200002c0, data_out=0x20000300, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0, cpu=0}}, 76) = 0 [ 21.637131][ T28] audit: type=1400 audit(1735640823.081:74): avc: denied { kernel } for pid=299 comm="syz-executor139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 21.660676][ T304] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 21.672204][ T304] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 21.680446][ T304] CPU: 0 PID: 304 Comm: syz-executor139 Not tainted 6.1.118-syzkaller-00078-ge2b9748880b9 #0 [ 21.690429][ T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 21.700323][ T304] RIP: 0010:dev_map_enqueue+0x31/0x340 [ 21.705616][ T304] Code: 56 41 55 41 54 53 48 83 ec 18 48 89 55 c0 49 89 f7 48 89 fb 49 bc 00 00 00 00 00 fc ff df e8 16 ff dd ff 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 60 72 25 00 4c 8b 33 48 83 c3 20 [ 21.725060][ T304] RSP: 0018:ffffc90000ee75f8 EFLAGS: 00010246 [ 21.730966][ T304] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881115c5100 [ 21.738770][ T304] RDX: 0000000000000000 RSI: ffff88811db02070 RDI: 0000000000000000 [ 21.746583][ T304] RBP: ffffc90000ee7638 R08: ffffffff8414b892 R09: ffffffff8414b7b2 [ 21.754397][ T304] R10: 0000000000000004 R11: ffff8881115c5100 R12: dffffc0000000000 [ 21.762205][ T304] R13: 1ffff1103edc6e15 R14: 1ffff1103edc6e15 R15: ffff88811db02070 [ 21.770018][ T304] FS: 0000555590c28380(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 21.778784][ T304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.785208][ T304] CR2: 00007f98fa5890e0 CR3: 00000001264b6000 CR4: 00000000003506b0 [ 21.793026][ T304] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.800828][ T304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.808640][ T304] Call Trace: [ 21.811765][ T304] [ 21.814546][ T304] ? __die_body+0x62/0xb0 [ 21.818708][ T304] ? die_addr+0x9f/0xd0 [ 21.822701][ T304] ? exc_general_protection+0x317/0x4c0 [ 21.828087][ T304] ? asm_exc_general_protection+0x27/0x30 [ 21.833637][ T304] ? xdp_do_redirect_frame+0x1b2/0x800 [ 21.838937][ T304] ? xdp_do_redirect_frame+0x292/0x800 [ 21.844230][ T304] ? dev_map_enqueue+0x31/0x340 [ 21.848915][ T304] ? dev_map_enqueue+0x2a/0x340 [ 21.853602][ T304] xdp_do_redirect_frame+0x2b5/0x800 [ 21.858723][ T304] bpf_test_run_xdp_live+0xc30/0x1f70 [ 21.863933][ T304] ? bpf_test_run_xdp_live+0x7ae/0x1f70 [ 21.869309][ T304] ? xdp_convert_md_to_buff+0x360/0x360 [ 21.874690][ T304] ? bpf_dispatcher_change_prog+0xd86/0xf10 [ 21.880420][ T304] ? bpf_dispatcher_xdp+0x800/0x1000 [ 21.885547][ T304] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 21.891620][ T304] ? __kasan_check_write+0x14/0x20 [ 21.896564][ T304] ? _copy_from_user+0x90/0xc0 [ 21.901166][ T304] bpf_prog_test_run_xdp+0x7d1/0x1130 [ 21.906467][ T304] ? dev_put+0x80/0x80 [ 21.910363][ T304] ? selinux_capable+0x2f1/0x430 [ 21.915139][ T304] ? __kasan_check_read+0x11/0x20 [ 21.920000][ T304] ? dev_put+0x80/0x80 [ 21.923908][ T304] bpf_prog_test_run+0x3b0/0x630 [ 21.928683][ T304] ? bpf_prog_query+0x260/0x260 [ 21.933365][ T304] ? selinux_bpf+0xd2/0x100 [ 21.937705][ T304] ? security_bpf+0x82/0xb0 [ 21.942046][ T304] __sys_bpf+0x59f/0x7f0 [ 21.946123][ T304] ? ptrace_stop+0x709/0x930 [ 21.950551][ T304] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 21.955760][ T304] ? do_notify_parent+0xa20/0xa20 [ 21.960621][ T304] ? fpregs_restore_userregs+0x130/0x290 [ 21.966089][ T304] __x64_sys_bpf+0x7c/0x90 [ 21.970341][ T304] x64_sys_call+0x87f/0x9a0 [ 21.974680][ T304] do_syscall_64+0x3b/0xb0 [ 21.978942][ T304] ? clear_bhb_loop+0x55/0xb0 [ 21.983447][ T304] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 21.989174][ T304] RIP: 0033:0x7f98fa512369 [ 21.993430][ T304] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 22.012876][ T304] RSP: 002b:00007ffebf850428 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 22.021115][ T304] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f98fa512369 [ 22.028925][ T304] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a [ 22.036737][ T304] RBP: 0000000000000000 R08: 00000000000000a0 R09: 00000000000000a0 [ 22.044551][ T304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [pid 306] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 305] <... bpf resumed>) = 7 [pid 305] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x20000480, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 8 [pid 305] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=8, retval=39, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=5120, duration=4076863487, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=0x2 /* BPF_F_??? */, cpu=0}}, 80 [pid 306] <... bpf resumed>) = 5 [pid 306] perf_event_open({type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=409, sample_period=3, sample_type=PERF_SAMPLE_STACK_USER|PERF_SAMPLE_DATA_SRC, read_format=PERF_FORMAT_TOTAL_TIME_RUNNING, precise_ip=0 /* arbitrary skid */, ...}, 0, -1, -1, 0) = 6 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=13, insns=0x20000200, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 7 [pid 306] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=7, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0}}, 12) = 0 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=6, insns=0x20000480, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 8 [ 22.052362][ T304] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 22.060179][ T304] [ 22.063037][ T304] Modules linked in: [ 22.066832][ T304] ---[ end trace 0000000000000000 ]--- [ 22.072075][ T304] RIP: 0010:dev_map_enqueue+0x31/0x340 [ 22.077390][ T304] Code: 56 41 55 41 54 53 48 83 ec 18 48 89 55 c0 49 89 f7 48 89 fb 49 bc 00 00 00 00 00 fc ff df e8 16 ff dd ff 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 60 72 25 00 4c 8b 33 48 83 c3 20 [ 22.096821][ T304] RSP: 0018:ffffc90000ee75f8 EFLAGS: 00010246 [ 22.102716][ T304] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881115c5100 [ 22.110539][ T304] RDX: 0000000000000000 RSI: ffff88811db02070 RDI: 0000000000000000 [ 22.118340][ T304] RBP: ffffc90000ee7638 R08: ffffffff8414b892 R09: ffffffff8414b7b2 [ 22.126167][ T304] R10: 0000000000000004 R11: ffff8881115c5100 R12: dffffc0000000000 [ 22.133954][ T304] R13: 1ffff1103edc6e15 R14: 1ffff1103edc6e15 R15: ffff88811db02070 [ 22.141785][ T304] FS: 0000555590c28380(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 22.150540][ T304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.156970][ T304] CR2: 00007f98fa5890e0 CR3: 00000001264b6000 CR4: 00000000003506b0 [ 22.164764][ T304] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.172593][ T304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.180397][ T304] Kernel panic - not syncing: Fatal exception in interrupt [ 22.187631][ T304] Kernel Offset: disabled [ 22.191748][ T304] Rebooting in 86400 seconds..