./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor37019576 <...> Warning: Permanently added '10.128.0.139' (ED25519) to the list of known hosts. execve("./syz-executor37019576", ["./syz-executor37019576"], 0x7ffda9a797b0 /* 10 vars */) = 0 brk(NULL) = 0x555555e53000 brk(0x555555e53d00) = 0x555555e53d00 arch_prctl(ARCH_SET_FS, 0x555555e53380) = 0 set_tid_address(0x555555e53650) = 290 set_robust_list(0x555555e53660, 24) = 0 rseq(0x555555e53ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor37019576", 4096) = 26 getrandom("\x58\x1a\x6a\x4b\x9f\xb5\x4f\xad", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555e53d00 brk(0x555555e74d00) = 0x555555e74d00 brk(0x555555e75000) = 0x555555e75000 mprotect(0x7f42380d5000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e53650) = 291 ./strace-static-x86_64: Process 291 attached [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] set_robust_list(0x555555e53660, 24) = 0 ./strace-static-x86_64: Process 292 attached [pid 290] <... clone resumed>, child_tidptr=0x555555e53650) = 292 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] set_robust_list(0x555555e53660, 24) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e53650) = 293 ./strace-static-x86_64: Process 293 attached [pid 293] set_robust_list(0x555555e53660, 24) = 0 [pid 293] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 290] <... clone resumed>, child_tidptr=0x555555e53650) = 294 [pid 293] <... prctl resumed>) = 0 [pid 293] setpgid(0, 0) = 0 [pid 293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] <... openat resumed>) = 3 [pid 293] write(3, "1000", 4) = 4 [pid 293] close(3) = 0 [pid 293] write(1, "executing program\n", 18executing program ) = 18 [pid 293] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=2, max_entries=4, map_flags=BPF_F_NO_PREALLOC|BPF_F_NUMA_NODE, inner_map_fd=-1, numa_node=0, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 290] <... clone resumed>, child_tidptr=0x555555e53650) = 295 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... clone resumed>, child_tidptr=0x555555e53650) = 296 ./strace-static-x86_64: Process 294 attached [pid 293] <... bpf resumed>) = 3 [pid 293] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000040, value=0x20000500, flags=BPF_ANY}, 32) = 0 ./strace-static-x86_64: Process 297 attached ./strace-static-x86_64: Process 296 attached ./strace-static-x86_64: Process 295 attached [pid 290] <... clone resumed>, child_tidptr=0x555555e53650) = 297 [pid 294] set_robust_list(0x555555e53660, 24 [ 24.694358][ T24] audit: type=1400 audit(1721463904.840:66): avc: denied { execmem } for pid=290 comm="syz-executor370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 293] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 294] <... set_robust_list resumed>) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e53650) = 298 [pid 297] set_robust_list(0x555555e53660, 24) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] set_robust_list(0x555555e53660, 24) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 298 attached [pid 296] set_robust_list(0x555555e53660, 24) = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] setpgid(0, 0) = 0 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 297] <... clone resumed>, child_tidptr=0x555555e53650) = 299 [pid 295] <... clone resumed>, child_tidptr=0x555555e53650) = 300 [pid 296] write(3, "1000", 4) = 4 [pid 296] close(3) = 0 [pid 296] write(1, "executing program\n", 18executing program ) = 18 [pid 296] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=2, max_entries=4, map_flags=BPF_F_NO_PREALLOC|BPF_F_NUMA_NODE, inner_map_fd=-1, numa_node=0, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 296] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000040, value=0x20000500, flags=BPF_ANY}, 32) = 0 [pid 296] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 298] set_robust_list(0x555555e53660, 24./strace-static-x86_64: Process 300 attached ./strace-static-x86_64: Process 299 attached ) = 0 [pid 300] set_robust_list(0x555555e53660, 24 [pid 299] set_robust_list(0x555555e53660, 24 [pid 300] <... set_robust_list resumed>) = 0 [pid 299] <... set_robust_list resumed>) = 0 [ 24.730338][ T24] audit: type=1400 audit(1721463904.880:67): avc: denied { map_create } for pid=293 comm="syz-executor370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 24.749835][ T24] audit: type=1400 audit(1721463904.880:68): avc: denied { bpf } for pid=293 comm="syz-executor370" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 24.770917][ T24] audit: type=1400 audit(1721463904.880:69): avc: denied { map_read map_write } for pid=293 comm="syz-executor370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] <... prctl resumed>) = 0 [pid 300] setpgid(0, 0 [pid 299] <... prctl resumed>) = 0 [pid 298] setpgid(0, 0 [pid 300] <... setpgid resumed>) = 0 [pid 299] setpgid(0, 0 [pid 298] <... setpgid resumed>) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... setpgid resumed>) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] <... openat resumed>) = 3 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... openat resumed>) = 3 [pid 300] write(3, "1000", 4 [pid 299] <... openat resumed>) = 3 [pid 298] write(3, "1000", 4 [pid 300] <... write resumed>) = 4 [pid 299] write(3, "1000", 4 [pid 298] <... write resumed>) = 4 [pid 300] close(3 [pid 299] <... write resumed>) = 4 [pid 298] close(3 [pid 300] <... close resumed>) = 0 [pid 299] close(3 [pid 300] write(1, "executing program\n", 18 [pid 298] <... close resumed>) = 0 executing program [pid 300] <... write resumed>) = 18 [pid 299] <... close resumed>) = 0 [pid 298] write(1, "executing program\n", 18executing program [pid 300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=2, max_entries=4, map_flags=BPF_F_NO_PREALLOC|BPF_F_NUMA_NODE, inner_map_fd=-1, numa_node=0, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 299] write(1, "executing program\n", 18 [pid 298] <... write resumed>) = 18 executing program [pid 300] <... bpf resumed>) = 3 [pid 299] <... write resumed>) = 18 [pid 298] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=2, max_entries=4, map_flags=BPF_F_NO_PREALLOC|BPF_F_NUMA_NODE, inner_map_fd=-1, numa_node=0, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 300] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000040, value=0x20000500, flags=BPF_ANY}, 32 [pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=2, max_entries=4, map_flags=BPF_F_NO_PREALLOC|BPF_F_NUMA_NODE, inner_map_fd=-1, numa_node=0, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 300] <... bpf resumed>) = 0 [pid 298] <... bpf resumed>) = 3 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 299] <... bpf resumed>) = 3 [pid 298] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000040, value=0x20000500, flags=BPF_ANY}, 32 [pid 299] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000040, value=0x20000500, flags=BPF_ANY}, 32 [pid 298] <... bpf resumed>) = 0 [pid 299] <... bpf resumed>) = 0 [pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [ 24.791114][ T24] audit: type=1400 audit(1721463904.890:70): avc: denied { prog_load } for pid=293 comm="syz-executor370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 24.810699][ T24] audit: type=1400 audit(1721463904.890:71): avc: denied { perfmon } for pid=293 comm="syz-executor370" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000040, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 300] <... bpf resumed>) = 4 [pid 296] <... bpf resumed>) = 4 [pid 298] <... bpf resumed>) = 4 [pid 296] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16) = 5 executing program executing program executing program executing program executing program [ 24.934159][ T24] audit: type=1400 audit(1721463905.080:72): avc: denied { prog_run } for pid=300 comm="syz-executor370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 24.954344][ T24] audit: type=1400 audit(1721463905.080:73): avc: denied { prog_run } for pid=296 comm="syz-executor370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 25.317710][ T1] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000008 [ 25.326185][ T1] CPU: 1 PID: 1 Comm: init Not tainted 5.10.221-syzkaller-01371-g1240968f7644 #0 [ 25.335094][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 25.345044][ T1] Call Trace: [ 25.348135][ T1] dump_stack_lvl+0x1e2/0x24b [ 25.352631][ T1] ? panic+0x22b/0x812 [ 25.356642][ T1] ? bfq_pos_tree_add_move+0x43b/0x43b [ 25.361937][ T1] dump_stack+0x15/0x17 [ 25.365928][ T1] panic+0x2cf/0x812 [ 25.369661][ T1] ? do_exit+0x239a/0x2a50 [ 25.374034][ T1] ? fb_is_primary_device+0xd4/0xd4 [ 25.379035][ T1] ? __kasan_check_write+0x14/0x20 [ 25.383977][ T1] ? sync_mm_rss+0x28a/0x2e0 [ 25.388492][ T1] do_exit+0x23b4/0x2a50 [ 25.392745][ T1] ? sched_group_set_shares+0x490/0x490 [ 25.398129][ T1] ? put_task_struct+0x80/0x80 [ 25.402726][ T1] ? schedule+0x154/0x1d0 [ 25.406896][ T1] ? schedule_timeout+0xa9/0x360 [ 25.411774][ T1] ? __kasan_check_write+0x14/0x20 [ 25.416742][ T1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 25.421694][ T1] do_group_exit+0x141/0x310 [ 25.426108][ T1] get_signal+0x10a0/0x1410 [ 25.430440][ T1] arch_do_signal_or_restart+0xbd/0x17c0 [ 25.435902][ T1] ? put_pid+0xd7/0x110 [ 25.439891][ T1] ? kernel_clone+0x6ca/0x9e0 [ 25.444407][ T1] ? create_io_thread+0x1e0/0x1e0 [ 25.449353][ T1] ? get_timespec64+0x197/0x270 [ 25.454052][ T1] ? timespec64_add_safe+0x220/0x220 [ 25.459161][ T1] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 25.464451][ T1] ? __do_sys_vfork+0xcd/0x130 [ 25.469059][ T1] exit_to_user_mode_loop+0x9b/0xd0 [ 25.474109][ T1] syscall_exit_to_user_mode+0xa2/0x1a0 [ 25.479478][ T1] do_syscall_64+0x40/0x70 [ 25.483809][ T1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.489544][ T1] RIP: 0033:0x7f871f4e5a68 [ 25.493788][ T1] Code: 00 48 8d b8 e0 02 00 00 48 89 b8 d8 02 00 00 48 89 b8 e0 02 00 00 b8 11 01 00 00 0f 05 44 89 c0 c3 90 5f b8 3a 00 00 00 0f 05 <57> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 90 43 0f 00 f7 d8 64 89 01 48 [ 25.513238][ T1] RSP: 002b:00007ffe862c5af0 EFLAGS: 00000246 ORIG_RAX: 000000000000003a [ 25.521476][ T1] RAX: 000000000000015a RBX: 0000562773fd7a50 RCX: 00007f871f4e5a68 [ 25.529292][ T1] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00007f871f670bed [ 25.537100][ T1] RBP: 00007f871f6ab528 R08: 0000000000000007 R09: d9ae033737cc90b6 [ 25.544909][ T1] R10: 00007ffe862c5b30 R11: 0000000000000246 R12: 0000000000000000 [ 25.552731][ T1] R13: 0000000000000018 R14: 0000562772c07169 R15: 00007f871f6dca80 [ 25.560637][ T1] Kernel Offset: disabled [ 25.564706][ T1] Rebooting in 86400 seconds..