./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2935075651 <...> Warning: Permanently added '10.128.1.180' (ED25519) to the list of known hosts. execve("./syz-executor2935075651", ["./syz-executor2935075651"], 0x7ffef7715b40 /* 10 vars */) = 0 brk(NULL) = 0x55556e01f000 brk(0x55556e01fe00) = 0x55556e01fe00 arch_prctl(ARCH_SET_FS, 0x55556e01f480) = 0 set_tid_address(0x55556e01f750) = 282 set_robust_list(0x55556e01f760, 24) = 0 rseq(0x55556e01fda0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2935075651", 4096) = 28 getrandom("\xb3\x5b\x98\x7f\xe0\x04\x1a\x4a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556e01fe00 brk(0x55556e040e00) = 0x55556e040e00 brk(0x55556e041000) = 0x55556e041000 mprotect(0x7f1c12501000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f1c12444c30, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f1c1244e2c0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f1c12444c30, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f1c1244e2c0}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556e01f750) = 283 ./strace-static-x86_64: Process 283 attached [pid 283] set_robust_list(0x55556e01f760, 24) = 0 [pid 283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 283] setpgid(0, 0) = 0 [pid 283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 283] write(3, "1000", 4) = 4 [pid 283] close(3) = 0 [pid 283] write(1, "executing program\n", 18executing program ) = 18 [pid 283] futex(0x7f1c1250732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] rt_sigaction(SIGRT_1, {sa_handler=0x7f1c124a16c0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f1c1244e2c0}, NULL, 8) = 0 [pid 283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1c1241a000 [pid 283] mprotect(0x7f1c1241b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f1c1243a990, parent_tid=0x7f1c1243a990, exit_signal=0, stack=0x7f1c1241a000, stack_size=0x20240, tls=0x7f1c1243a6c0}./strace-static-x86_64: Process 284 attached [pid 284] set_robust_list(0x7f1c1243a9a0, 24) = 0 [pid 284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 284] futex(0x7f1c12507328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 283] <... clone3 resumed> => {parent_tid=[284]}, 88) = 284 [pid 283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 283] futex(0x7f1c12507328, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 284] <... futex resumed>) = 0 [pid 284] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 283] futex(0x7f1c1250732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... socketpair resumed>[3, 4]) = 0 [pid 284] futex(0x7f1c1250732c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 284] futex(0x7f1c12507328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f1c12507328, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 284] <... futex resumed>) = 0 [pid 284] sendmsg(3, {msg_name={sa_family=AF_TIPC, sa_data="\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, msg_namelen=16, msg_iov=[{iov_base="\xc3\xe9\x72\xbd\x85\xa6\xd8\x41\x36\xd6\xdd\x55\x04\x8d\x35\x93\xa7\x4f\x33\x8c\xe6\x77\x2a\xb9\xa6\xf6\x40\x41\xc2\xf6\xfb\xbe\xcd\xc0\x8e\xbc\xd3\x19\x2b\x6a\x53\x66\x2d\xae\x7c\x8e\x9c\x66\x5e\x80\xa5\xd0\x92\x5f\x72\x8d\xca\xc3\x0c\x29\x79\x39\x92\xe5\x88\x95\x26\x53\xd4\x14\xcb\x8c\xcd\xab\xc3\x87\x67\xfe\xe8\x19\xec\x5a\xf0\xc5\xee\x93\x68\x80\xfe\x85\x49\xb4\xed\x34\x77\x79\xca\xb4\xff\xd4", iov_len=100}, {iov_base="V", iov_len=1}, {iov_base="\x3e\xed\x50\xd0\x12\x57\x19\xa8\x10\xf8\x8e\x3f\x47\x18\x6f\xe4\xda\xe7\x41\x82\xdf\xd1\x09\xa2\x58\x7c\x47\x97\x41\x0c\x9b\x8e\x39\xbd\x3d\x9a\xa1\x44\xd5\x90\x86\x47\xc3\x0c\x8d\xb6\x9b\x5c\x17\x08\x4c\x9b\x1b\xfb\xb8\x68\x07\x37\xc4\xf8\x8a\xbc\xdb\xc7\xd2\x94\xd7\x2a\xb1\xb3\x44\x27\x09\x15\xdf\x9d\xdf\x56\x35\x64\x4c\x35\x1c\x22\xb2\x9d\x94\x8a\xc4\x10\x6b\xce\x71\x07\x57\x0b\xee\xd6\x30\x77"..., iov_len=4096}, {iov_base="\xb7\x68\xeb\x20\x30\x4f\x2f\xdc\x5a\x96\x94\xa4\x86\x78\x40\xd9\x31\x70\xca\x1a\x86\x40\x6f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04\x00\x00\x00\x20\x00\x00\x64\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x20\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\x00"..., iov_len=4294966976}], msg_iovlen=4, msg_controllen=0, msg_flags=MSG_PROBE|MSG_MORE}, 0 [ 191.617014][ T24] audit: type=1400 audit(1748001885.040:64): avc: denied { execmem } for pid=282 comm="syz-executor293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 283] futex(0x7f1c1250732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 283] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1c123f9000 [pid 283] mprotect(0x7f1c123fa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f1c12419990, parent_tid=0x7f1c12419990, exit_signal=0, stack=0x7f1c123f9000, stack_size=0x20240, tls=0x7f1c124196c0}./strace-static-x86_64: Process 285 attached => {parent_tid=[285]}, 88) = 285 [pid 285] set_robust_list(0x7f1c124199a0, 24) = 0 [pid 285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 285] futex(0x7f1c12507338, FUTEX_WAIT_PRIVATE, 0, NULL [pid 283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 283] futex(0x7f1c12507338, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 283] futex(0x7f1c1250733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... futex resumed>) = 0 [pid 285] dup2(4, 3) = 3 [pid 285] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f1c12507338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7f1c1250733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] setsockopt(4, SOL_SOCKET, SO_RCVBUFFORCE, [-1], 4) = 0 [pid 285] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f1c12507338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7f1c1250733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] sendmmsg(3, [pid 284] <... sendmsg resumed>) = 132000 [pid 284] futex(0x7f1c1250732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 284] futex(0x7f1c12507328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 285] <... sendmmsg resumed>[{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base="\xc0\x00\x7c\xfa\x07\xbc\xc5\x9d\x03\x2a\xda\x6d\x41\xb6\x40\x1a\x98\x66\x4f\x2c\x98\xb9\x1d\x54\x8a\xa1\x5d\x56\xc8\xc6\xb3\xae\x28\x58\x93\x0f\x71\x32\x5d\x67\xd1\xc4\xd2\x9f\x0e\x41\xd9\x04\x7f\x17\x20\x32\xf1\xc9\xde\xe9\x88\x76\x8b\x71\x76\x2c\x72\xe3\xfe\x14\xb9\x41\x00\xee\x07\x2f\x91\xc7\x76\x8b\x3e\xc9\xb7\xa3\x87\xb2\x49\x48\x71\x71\x27\x7c\x6d\xd8\x9f\x36\x66\x31\x21\x16\xb0\xca\x0f\x22"..., iov_len=4096}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], msg_iovlen=7, msg_controllen=0, msg_flags=0}, msg_len=4096}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 11, MSG_OOB|MSG_PROBE|MSG_DONTWAIT|MSG_EOR|MSG_NOSIGNAL|MSG_FASTOPEN) = 11 [pid 285] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 283] <... futex resumed>) = 0 [pid 283] exit_group(0 [pid 284] <... futex resumed>) = ? [pid 284] +++ exited with 0 +++ [pid 283] <... exit_group resumed>) = ? [pid 285] +++ exited with 0 +++ [pid 283] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=283, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556e01f750) = 286 ./strace-static-x86_64: Process 286 attached [pid 286] set_robust_list(0x55556e01f760, 24) = 0 [pid 286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 286] setpgid(0, 0) = 0 [pid 286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 286] write(3, "1000", 4) = 4 [pid 286] close(3executing program ) = 0 [pid 286] write(1, "executing program\n", 18) = 18 [pid 286] futex(0x7f1c1250732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 286] rt_sigaction(SIGRT_1, {sa_handler=0x7f1c124a16c0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f1c1244e2c0}, NULL, 8) = 0 [pid 286] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1c1241a000 [pid 286] mprotect(0x7f1c1241b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 191.647739][ T24] audit: type=1400 audit(1748001885.070:65): avc: denied { create } for pid=283 comm="syz-executor293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 191.668742][ T24] audit: type=1400 audit(1748001885.070:66): avc: denied { write } for pid=283 comm="syz-executor293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [pid 286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f1c1243a990, parent_tid=0x7f1c1243a990, exit_signal=0, stack=0x7f1c1241a000, stack_size=0x20240, tls=0x7f1c1243a6c0} => {parent_tid=[287]}, 88) = 287 [pid 286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 286] futex(0x7f1c12507328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 286] futex(0x7f1c1250732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 287 attached [pid 287] set_robust_list(0x7f1c1243a9a0, 24) = 0 [pid 287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 287] socketpair(AF_TIPC, SOCK_STREAM, 0, [3, 4]) = 0 [pid 287] futex(0x7f1c1250732c, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... futex resumed>) = 0 [pid 286] futex(0x7f1c12507328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 286] futex(0x7f1c1250732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... futex resumed>) = 1 [pid 287] sendmsg(3, {msg_name={sa_family=AF_TIPC, sa_data="\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, msg_namelen=16, msg_iov=[{iov_base="\xc3\xe9\x72\xbd\x85\xa6\xd8\x41\x36\xd6\xdd\x55\x04\x8d\x35\x93\xa7\x4f\x33\x8c\xe6\x77\x2a\xb9\xa6\xf6\x40\x41\xc2\xf6\xfb\xbe\xcd\xc0\x8e\xbc\xd3\x19\x2b\x6a\x53\x66\x2d\xae\x7c\x8e\x9c\x66\x5e\x80\xa5\xd0\x92\x5f\x72\x8d\xca\xc3\x0c\x29\x79\x39\x92\xe5\x88\x95\x26\x53\xd4\x14\xcb\x8c\xcd\xab\xc3\x87\x67\xfe\xe8\x19\xec\x5a\xf0\xc5\xee\x93\x68\x80\xfe\x85\x49\xb4\xed\x34\x77\x79\xca\xb4\xff\xd4", iov_len=100}, {iov_base="V", iov_len=1}, {iov_base="\x3e\xed\x50\xd0\x12\x57\x19\xa8\x10\xf8\x8e\x3f\x47\x18\x6f\xe4\xda\xe7\x41\x82\xdf\xd1\x09\xa2\x58\x7c\x47\x97\x41\x0c\x9b\x8e\x39\xbd\x3d\x9a\xa1\x44\xd5\x90\x86\x47\xc3\x0c\x8d\xb6\x9b\x5c\x17\x08\x4c\x9b\x1b\xfb\xb8\x68\x07\x37\xc4\xf8\x8a\xbc\xdb\xc7\xd2\x94\xd7\x2a\xb1\xb3\x44\x27\x09\x15\xdf\x9d\xdf\x56\x35\x64\x4c\x35\x1c\x22\xb2\x9d\x94\x8a\xc4\x10\x6b\xce\x71\x07\x57\x0b\xee\xd6\x30\x77"..., iov_len=4096}, {iov_base="\xb7\x68\xeb\x20\x30\x4f\x2f\xdc\x5a\x96\x94\xa4\x86\x78\x40\xd9\x31\x70\xca\x1a\x86\x40\x6f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04\x00\x00\x00\x20\x00\x00\x64\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x20\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\x00"..., iov_len=4294966976}], msg_iovlen=4, msg_controllen=0, msg_flags=MSG_PROBE|MSG_MORE}, 0 [pid 286] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 286] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1c123f9000 [pid 286] mprotect(0x7f1c123fa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f1c12419990, parent_tid=0x7f1c12419990, exit_signal=0, stack=0x7f1c123f9000, stack_size=0x20240, tls=0x7f1c124196c0} => {parent_tid=[288]}, 88) = 288 ./strace-static-x86_64: Process 288 attached [pid 286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 286] futex(0x7f1c12507338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 286] futex(0x7f1c1250733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] set_robust_list(0x7f1c124199a0, 24) = 0 [pid 288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 288] dup2(4, 3) = 3 [pid 288] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... futex resumed>) = 0 [pid 286] futex(0x7f1c12507338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 286] futex(0x7f1c1250733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... futex resumed>) = 1 [pid 288] setsockopt(4, SOL_SOCKET, SO_RCVBUFFORCE, [-1], 4) = 0 [pid 288] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... futex resumed>) = 0 [pid 286] futex(0x7f1c12507338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 286] futex(0x7f1c1250733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... futex resumed>) = 1 [pid 288] sendmmsg(3, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base="\xc0\x00\x7c\xfa\x07\xbc\xc5\x9d\x03\x2a\xda\x6d\x41\xb6\x40\x1a\x98\x66\x4f\x2c\x98\xb9\x1d\x54\x8a\xa1\x5d\x56\xc8\xc6\xb3\xae\x28\x58\x93\x0f\x71\x32\x5d\x67\xd1\xc4\xd2\x9f\x0e\x41\xd9\x04\x7f\x17\x20\x32\xf1\xc9\xde\xe9\x88\x76\x8b\x71\x76\x2c\x72\xe3\xfe\x14\xb9\x41\x00\xee\x07\x2f\x91\xc7\x76\x8b\x3e\xc9\xb7\xa3\x87\xb2\x49\x48\x71\x71\x27\x7c\x6d\xd8\x9f\x36\x66\x31\x21\x16\xb0\xca\x0f\x22"..., iov_len=4096}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], msg_iovlen=7, msg_controllen=0, msg_flags=0}, msg_len=4096}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 11, MSG_OOB|MSG_PROBE|MSG_DONTWAIT|MSG_EOR|MSG_NOSIGNAL|MSG_FASTOPEN) = 11 [pid 287] <... sendmsg resumed>) = 132000 [pid 288] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] futex(0x7f1c1250732c, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... futex resumed>) = 1 [pid 288] futex(0x7f1c12507338, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] <... futex resumed>) = 0 [pid 287] futex(0x7f1c12507328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 286] <... futex resumed>) = 0 [pid 286] exit_group(0 [pid 287] <... futex resumed>) = ? [pid 286] <... exit_group resumed>) = ? [pid 287] +++ exited with 0 +++ [pid 288] <... futex resumed>) = ? [pid 288] +++ exited with 0 +++ [pid 286] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=286, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 289 attached [pid 289] set_robust_list(0x55556e01f760, 24) = 0 [pid 289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 289] setpgid(0, 0) = 0 [pid 282] <... clone resumed>, child_tidptr=0x55556e01f750) = 289 [ 191.704504][ T24] audit: type=1400 audit(1748001885.130:67): avc: denied { setopt } for pid=283 comm="syz-executor293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [pid 289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 289] write(3, "1000", 4) = 4 [pid 289] close(3) = 0 [pid 289] write(1, "executing program\n", 18executing program ) = 18 [pid 289] futex(0x7f1c1250732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] rt_sigaction(SIGRT_1, {sa_handler=0x7f1c124a16c0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f1c1244e2c0}, NULL, 8) = 0 [pid 289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1c1241a000 [pid 289] mprotect(0x7f1c1241b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f1c1243a990, parent_tid=0x7f1c1243a990, exit_signal=0, stack=0x7f1c1241a000, stack_size=0x20240, tls=0x7f1c1243a6c0}./strace-static-x86_64: Process 290 attached => {parent_tid=[290]}, 88) = 290 [pid 290] set_robust_list(0x7f1c1243a9a0, 24 [pid 289] rt_sigprocmask(SIG_SETMASK, [], [pid 290] <... set_robust_list resumed>) = 0 [pid 289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 289] futex(0x7f1c12507328, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] rt_sigprocmask(SIG_SETMASK, [], [pid 289] <... futex resumed>) = 0 [pid 290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 289] futex(0x7f1c1250732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] socketpair(AF_TIPC, SOCK_STREAM, 0, [3, 4]) = 0 [pid 290] futex(0x7f1c1250732c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 289] <... futex resumed>) = 0 [pid 290] futex(0x7f1c12507328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 289] futex(0x7f1c12507328, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 289] <... futex resumed>) = 0 [pid 289] futex(0x7f1c1250732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] sendmsg(3, {msg_name={sa_family=AF_TIPC, sa_data="\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, msg_namelen=16, msg_iov=[{iov_base="\xc3\xe9\x72\xbd\x85\xa6\xd8\x41\x36\xd6\xdd\x55\x04\x8d\x35\x93\xa7\x4f\x33\x8c\xe6\x77\x2a\xb9\xa6\xf6\x40\x41\xc2\xf6\xfb\xbe\xcd\xc0\x8e\xbc\xd3\x19\x2b\x6a\x53\x66\x2d\xae\x7c\x8e\x9c\x66\x5e\x80\xa5\xd0\x92\x5f\x72\x8d\xca\xc3\x0c\x29\x79\x39\x92\xe5\x88\x95\x26\x53\xd4\x14\xcb\x8c\xcd\xab\xc3\x87\x67\xfe\xe8\x19\xec\x5a\xf0\xc5\xee\x93\x68\x80\xfe\x85\x49\xb4\xed\x34\x77\x79\xca\xb4\xff\xd4", iov_len=100}, {iov_base="V", iov_len=1}, {iov_base="\x3e\xed\x50\xd0\x12\x57\x19\xa8\x10\xf8\x8e\x3f\x47\x18\x6f\xe4\xda\xe7\x41\x82\xdf\xd1\x09\xa2\x58\x7c\x47\x97\x41\x0c\x9b\x8e\x39\xbd\x3d\x9a\xa1\x44\xd5\x90\x86\x47\xc3\x0c\x8d\xb6\x9b\x5c\x17\x08\x4c\x9b\x1b\xfb\xb8\x68\x07\x37\xc4\xf8\x8a\xbc\xdb\xc7\xd2\x94\xd7\x2a\xb1\xb3\x44\x27\x09\x15\xdf\x9d\xdf\x56\x35\x64\x4c\x35\x1c\x22\xb2\x9d\x94\x8a\xc4\x10\x6b\xce\x71\x07\x57\x0b\xee\xd6\x30\x77"..., iov_len=4096}, {iov_base="\xb7\x68\xeb\x20\x30\x4f\x2f\xdc\x5a\x96\x94\xa4\x86\x78\x40\xd9\x31\x70\xca\x1a\x86\x40\x6f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04\x00\x00\x00\x20\x00\x00\x64\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x20\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\x00"..., iov_len=4294966976}], msg_iovlen=4, msg_controllen=0, msg_flags=MSG_PROBE|MSG_MORE}, 0 [pid 289] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 289] futex(0x7f1c1250732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 289] futex(0x7f1c1250732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 289] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1c123f9000 [pid 289] mprotect(0x7f1c123fa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f1c12419990, parent_tid=0x7f1c12419990, exit_signal=0, stack=0x7f1c123f9000, stack_size=0x20240, tls=0x7f1c124196c0}./strace-static-x86_64: Process 291 attached [pid 291] set_robust_list(0x7f1c124199a0, 24 [pid 289] <... clone3 resumed> => {parent_tid=[291]}, 88) = 291 [pid 289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 289] futex(0x7f1c12507338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] futex(0x7f1c1250733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... set_robust_list resumed>) = 0 [pid 291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 291] dup2(4, 3) = 3 [pid 291] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... futex resumed>) = 0 [pid 289] futex(0x7f1c12507338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] futex(0x7f1c1250733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... futex resumed>) = 1 [pid 291] setsockopt(4, SOL_SOCKET, SO_RCVBUFFORCE, [-1], 4) = 0 [pid 291] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... futex resumed>) = 0 [pid 289] futex(0x7f1c12507338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] futex(0x7f1c1250733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... futex resumed>) = 1 [pid 291] sendmmsg(3, [pid 290] <... sendmsg resumed>) = 132000 [pid 290] futex(0x7f1c1250732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f1c12507328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] <... sendmmsg resumed>[{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base="\xc0\x00\x7c\xfa\x07\xbc\xc5\x9d\x03\x2a\xda\x6d\x41\xb6\x40\x1a\x98\x66\x4f\x2c\x98\xb9\x1d\x54\x8a\xa1\x5d\x56\xc8\xc6\xb3\xae\x28\x58\x93\x0f\x71\x32\x5d\x67\xd1\xc4\xd2\x9f\x0e\x41\xd9\x04\x7f\x17\x20\x32\xf1\xc9\xde\xe9\x88\x76\x8b\x71\x76\x2c\x72\xe3\xfe\x14\xb9\x41\x00\xee\x07\x2f\x91\xc7\x76\x8b\x3e\xc9\xb7\xa3\x87\xb2\x49\x48\x71\x71\x27\x7c\x6d\xd8\x9f\x36\x66\x31\x21\x16\xb0\xca\x0f\x22"..., iov_len=4096}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], msg_iovlen=7, msg_controllen=0, msg_flags=0}, msg_len=4096}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 11, MSG_OOB|MSG_PROBE|MSG_DONTWAIT|MSG_EOR|MSG_NOSIGNAL|MSG_FASTOPEN) = 11 [pid 291] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 289] <... futex resumed>) = 0 [pid 289] exit_group(0 [pid 290] <... futex resumed>) = ? [pid 289] <... exit_group resumed>) = ? [pid 290] +++ exited with 0 +++ [pid 291] +++ exited with 0 +++ [pid 289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556e01f750) = 292 ./strace-static-x86_64: Process 292 attached [pid 292] set_robust_list(0x55556e01f760, 24) = 0 [pid 292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 292] setpgid(0, 0) = 0 [pid 292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 292] write(3, "1000", 4) = 4 executing program [pid 292] close(3) = 0 [pid 292] write(1, "executing program\n", 18) = 18 [pid 292] futex(0x7f1c1250732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 292] rt_sigaction(SIGRT_1, {sa_handler=0x7f1c124a16c0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f1c1244e2c0}, NULL, 8) = 0 [pid 292] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1c1241a000 [pid 292] mprotect(0x7f1c1241b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f1c1243a990, parent_tid=0x7f1c1243a990, exit_signal=0, stack=0x7f1c1241a000, stack_size=0x20240, tls=0x7f1c1243a6c0}./strace-static-x86_64: Process 293 attached [pid 293] set_robust_list(0x7f1c1243a9a0, 24 [pid 292] <... clone3 resumed> => {parent_tid=[293]}, 88) = 293 [pid 293] <... set_robust_list resumed>) = 0 [pid 293] rt_sigprocmask(SIG_SETMASK, [], [pid 292] rt_sigprocmask(SIG_SETMASK, [], [pid 293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 293] futex(0x7f1c12507328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 292] futex(0x7f1c12507328, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 293] <... futex resumed>) = 0 [pid 293] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 292] futex(0x7f1c1250732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 293] <... socketpair resumed>[3, 4]) = 0 [pid 293] futex(0x7f1c1250732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7f1c12507328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 292] futex(0x7f1c12507328, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 293] <... futex resumed>) = 0 [pid 293] sendmsg(3, {msg_name={sa_family=AF_TIPC, sa_data="\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, msg_namelen=16, msg_iov=[{iov_base="\xc3\xe9\x72\xbd\x85\xa6\xd8\x41\x36\xd6\xdd\x55\x04\x8d\x35\x93\xa7\x4f\x33\x8c\xe6\x77\x2a\xb9\xa6\xf6\x40\x41\xc2\xf6\xfb\xbe\xcd\xc0\x8e\xbc\xd3\x19\x2b\x6a\x53\x66\x2d\xae\x7c\x8e\x9c\x66\x5e\x80\xa5\xd0\x92\x5f\x72\x8d\xca\xc3\x0c\x29\x79\x39\x92\xe5\x88\x95\x26\x53\xd4\x14\xcb\x8c\xcd\xab\xc3\x87\x67\xfe\xe8\x19\xec\x5a\xf0\xc5\xee\x93\x68\x80\xfe\x85\x49\xb4\xed\x34\x77\x79\xca\xb4\xff\xd4", iov_len=100}, {iov_base="V", iov_len=1}, {iov_base="\x3e\xed\x50\xd0\x12\x57\x19\xa8\x10\xf8\x8e\x3f\x47\x18\x6f\xe4\xda\xe7\x41\x82\xdf\xd1\x09\xa2\x58\x7c\x47\x97\x41\x0c\x9b\x8e\x39\xbd\x3d\x9a\xa1\x44\xd5\x90\x86\x47\xc3\x0c\x8d\xb6\x9b\x5c\x17\x08\x4c\x9b\x1b\xfb\xb8\x68\x07\x37\xc4\xf8\x8a\xbc\xdb\xc7\xd2\x94\xd7\x2a\xb1\xb3\x44\x27\x09\x15\xdf\x9d\xdf\x56\x35\x64\x4c\x35\x1c\x22\xb2\x9d\x94\x8a\xc4\x10\x6b\xce\x71\x07\x57\x0b\xee\xd6\x30\x77"..., iov_len=4096}, {iov_base="\xb7\x68\xeb\x20\x30\x4f\x2f\xdc\x5a\x96\x94\xa4\x86\x78\x40\xd9\x31\x70\xca\x1a\x86\x40\x6f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04\x00\x00\x00\x20\x00\x00\x64\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x20\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\x00"..., iov_len=4294966976}], msg_iovlen=4, msg_controllen=0, msg_flags=MSG_PROBE|MSG_MORE}, 0 [pid 292] futex(0x7f1c1250732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 292] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1c123f9000 [pid 292] mprotect(0x7f1c123fa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f1c12419990, parent_tid=0x7f1c12419990, exit_signal=0, stack=0x7f1c123f9000, stack_size=0x20240, tls=0x7f1c124196c0} => {parent_tid=[294]}, 88) = 294 ./strace-static-x86_64: Process 294 attached [pid 292] rt_sigprocmask(SIG_SETMASK, [], [pid 294] set_robust_list(0x7f1c124199a0, 24 [pid 292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 292] futex(0x7f1c12507338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 292] futex(0x7f1c1250733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] <... set_robust_list resumed>) = 0 [pid 294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 294] dup2(4, 3) = 3 [pid 294] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 292] <... futex resumed>) = 0 [pid 292] futex(0x7f1c12507338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 292] futex(0x7f1c1250733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] setsockopt(4, SOL_SOCKET, SO_RCVBUFFORCE, [-1], 4) = 0 [pid 294] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 292] <... futex resumed>) = 0 [pid 292] futex(0x7f1c12507338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 292] futex(0x7f1c1250733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] sendmmsg(3, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base="\xc0\x00\x7c\xfa\x07\xbc\xc5\x9d\x03\x2a\xda\x6d\x41\xb6\x40\x1a\x98\x66\x4f\x2c\x98\xb9\x1d\x54\x8a\xa1\x5d\x56\xc8\xc6\xb3\xae\x28\x58\x93\x0f\x71\x32\x5d\x67\xd1\xc4\xd2\x9f\x0e\x41\xd9\x04\x7f\x17\x20\x32\xf1\xc9\xde\xe9\x88\x76\x8b\x71\x76\x2c\x72\xe3\xfe\x14\xb9\x41\x00\xee\x07\x2f\x91\xc7\x76\x8b\x3e\xc9\xb7\xa3\x87\xb2\x49\x48\x71\x71\x27\x7c\x6d\xd8\x9f\x36\x66\x31\x21\x16\xb0\xca\x0f\x22"..., iov_len=4096}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], msg_iovlen=7, msg_controllen=0, msg_flags=0}, msg_len=4096}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 11, MSG_OOB|MSG_PROBE|MSG_DONTWAIT|MSG_EOR|MSG_NOSIGNAL|MSG_FASTOPEN) = 11 [pid 293] <... sendmsg resumed>) = 132000 [pid 294] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000 [pid 293] futex(0x7f1c1250732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7f1c12507328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 294] <... futex resumed>) = 1 [pid 292] <... futex resumed>) = 0 [pid 292] exit_group(0) = ? [pid 293] <... futex resumed>) = ? [pid 293] +++ exited with 0 +++ [pid 294] +++ exited with 0 +++ [pid 292] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=292, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 295 attached , child_tidptr=0x55556e01f750) = 295 [pid 295] set_robust_list(0x55556e01f760, 24) = 0 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 295] setpgid(0, 0) = 0 [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 295] write(3, "1000", 4executing program ) = 4 [pid 295] close(3) = 0 [pid 295] write(1, "executing program\n", 18) = 18 [pid 295] futex(0x7f1c1250732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] rt_sigaction(SIGRT_1, {sa_handler=0x7f1c124a16c0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f1c1244e2c0}, NULL, 8) = 0 [pid 295] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1c1241a000 [pid 295] mprotect(0x7f1c1241b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f1c1243a990, parent_tid=0x7f1c1243a990, exit_signal=0, stack=0x7f1c1241a000, stack_size=0x20240, tls=0x7f1c1243a6c0}./strace-static-x86_64: Process 296 attached => {parent_tid=[296]}, 88) = 296 [pid 296] set_robust_list(0x7f1c1243a9a0, 24) = 0 [pid 296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 296] futex(0x7f1c12507328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 295] futex(0x7f1c12507328, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] <... futex resumed>) = 0 [pid 296] socketpair(AF_TIPC, SOCK_STREAM, 0, [3, 4]) = 0 [pid 296] futex(0x7f1c1250732c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f1c12507328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] futex(0x7f1c1250732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 295] futex(0x7f1c12507328, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] <... futex resumed>) = 0 [pid 296] sendmsg(3, {msg_name={sa_family=AF_TIPC, sa_data="\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, msg_namelen=16, msg_iov=[{iov_base="\xc3\xe9\x72\xbd\x85\xa6\xd8\x41\x36\xd6\xdd\x55\x04\x8d\x35\x93\xa7\x4f\x33\x8c\xe6\x77\x2a\xb9\xa6\xf6\x40\x41\xc2\xf6\xfb\xbe\xcd\xc0\x8e\xbc\xd3\x19\x2b\x6a\x53\x66\x2d\xae\x7c\x8e\x9c\x66\x5e\x80\xa5\xd0\x92\x5f\x72\x8d\xca\xc3\x0c\x29\x79\x39\x92\xe5\x88\x95\x26\x53\xd4\x14\xcb\x8c\xcd\xab\xc3\x87\x67\xfe\xe8\x19\xec\x5a\xf0\xc5\xee\x93\x68\x80\xfe\x85\x49\xb4\xed\x34\x77\x79\xca\xb4\xff\xd4", iov_len=100}, {iov_base="V", iov_len=1}, {iov_base="\x3e\xed\x50\xd0\x12\x57\x19\xa8\x10\xf8\x8e\x3f\x47\x18\x6f\xe4\xda\xe7\x41\x82\xdf\xd1\x09\xa2\x58\x7c\x47\x97\x41\x0c\x9b\x8e\x39\xbd\x3d\x9a\xa1\x44\xd5\x90\x86\x47\xc3\x0c\x8d\xb6\x9b\x5c\x17\x08\x4c\x9b\x1b\xfb\xb8\x68\x07\x37\xc4\xf8\x8a\xbc\xdb\xc7\xd2\x94\xd7\x2a\xb1\xb3\x44\x27\x09\x15\xdf\x9d\xdf\x56\x35\x64\x4c\x35\x1c\x22\xb2\x9d\x94\x8a\xc4\x10\x6b\xce\x71\x07\x57\x0b\xee\xd6\x30\x77"..., iov_len=4096}, {iov_base="\xb7\x68\xeb\x20\x30\x4f\x2f\xdc\x5a\x96\x94\xa4\x86\x78\x40\xd9\x31\x70\xca\x1a\x86\x40\x6f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04\x00\x00\x00\x20\x00\x00\x64\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x20\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\x00"..., iov_len=4294966976}], msg_iovlen=4, msg_controllen=0, msg_flags=MSG_PROBE|MSG_MORE}, 0 [pid 295] futex(0x7f1c1250732c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 295] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1c123f9000 [pid 295] mprotect(0x7f1c123fa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f1c12419990, parent_tid=0x7f1c12419990, exit_signal=0, stack=0x7f1c123f9000, stack_size=0x20240, tls=0x7f1c124196c0} => {parent_tid=[297]}, 88) = 297 ./strace-static-x86_64: Process 297 attached [pid 295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 295] futex(0x7f1c12507338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7f1c1250733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] set_robust_list(0x7f1c124199a0, 24) = 0 [pid 297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] dup2(4, 3) = 3 [pid 297] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 295] <... futex resumed>) = 0 [pid 295] futex(0x7f1c12507338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7f1c1250733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] setsockopt(4, SOL_SOCKET, SO_RCVBUFFORCE, [-1], 4) = 0 [pid 297] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 295] <... futex resumed>) = 0 [pid 295] futex(0x7f1c12507338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7f1c1250733c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] sendmmsg(3, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base="\xc0\x00\x7c\xfa\x07\xbc\xc5\x9d\x03\x2a\xda\x6d\x41\xb6\x40\x1a\x98\x66\x4f\x2c\x98\xb9\x1d\x54\x8a\xa1\x5d\x56\xc8\xc6\xb3\xae\x28\x58\x93\x0f\x71\x32\x5d\x67\xd1\xc4\xd2\x9f\x0e\x41\xd9\x04\x7f\x17\x20\x32\xf1\xc9\xde\xe9\x88\x76\x8b\x71\x76\x2c\x72\xe3\xfe\x14\xb9\x41\x00\xee\x07\x2f\x91\xc7\x76\x8b\x3e\xc9\xb7\xa3\x87\xb2\x49\x48\x71\x71\x27\x7c\x6d\xd8\x9f\x36\x66\x31\x21\x16\xb0\xca\x0f\x22"..., iov_len=4096}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], msg_iovlen=7, msg_controllen=0, msg_flags=0}, msg_len=4096}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 11, MSG_OOB|MSG_PROBE|MSG_DONTWAIT|MSG_EOR|MSG_NOSIGNAL|MSG_FASTOPEN) = 11 [pid 297] futex(0x7f1c1250733c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 295] <... futex resumed>) = 0 [pid 297] futex(0x7f1c12507338, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] exit_group(0 [pid 297] <... futex resumed>) = ? [pid 297] +++ exited with 0 +++ [pid 295] <... exit_group resumed>) = ? [pid 282] kill(-295, SIGKILL) = 0 [pid 282] kill(295, SIGKILL) = 0 [pid 282] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 282] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [ 292.104104][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 292.110731][ C0] rcu: 0-....: (1 GPs behind) idle=2b2/1/0x4000000000000000 softirq=1120/1122 fqs=5000 last_accelerate: d582/fc9f dyntick_enabled: 1 [ 292.124524][ C0] (t=10002 jiffies g=261 q=9) [ 292.129378][ C0] NMI backtrace for cpu 0 [ 292.133790][ C0] CPU: 0 PID: 296 Comm: syz-executor293 Not tainted 5.10.237-syzkaller #0 [ 292.142532][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 292.152697][ C0] Call Trace: [ 292.156075][ C0] [ 292.158927][ C0] __dump_stack+0x21/0x24 [ 292.163345][ C0] dump_stack_lvl+0x169/0x1d8 [ 292.168015][ C0] ? show_regs_print_info+0x18/0x18 [ 292.173277][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 292.178982][ C0] ? _raw_spin_lock+0xe0/0xe0 [ 292.183995][ C0] ? printk+0xcc/0x110 [ 292.188057][ C0] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 292.194103][ C0] dump_stack+0x15/0x1c [ 292.198582][ C0] nmi_trigger_cpumask_backtrace+0x27f/0x2c0 [ 292.204586][ C0] arch_trigger_cpumask_backtrace+0x10/0x20 [ 292.210457][ C0] rcu_dump_cpu_stacks+0x19c/0x2c0 [ 292.215717][ C0] rcu_sched_clock_irq+0xf79/0x1870 [ 292.221043][ C0] ? rcutree_dead_cpu+0x2f0/0x2f0 [ 292.226761][ C0] ? hrtimer_run_queues+0x166/0x430 [ 292.232782][ C0] update_process_times+0x198/0x200 [ 292.238994][ C0] tick_sched_timer+0x17c/0x240 [ 292.244082][ C0] ? tick_setup_sched_timer+0x450/0x450 [ 292.249618][ C0] __hrtimer_run_queues+0x37a/0x960 [ 292.254797][ C0] ? hrtimer_interrupt+0xdc0/0xdc0 [ 292.259884][ C0] ? ktime_get_update_offsets_now+0x293/0x2b0 [ 292.266113][ C0] hrtimer_interrupt+0x3a6/0xdc0 [ 292.271125][ C0] __sysvec_apic_timer_interrupt+0xfa/0x3f0 [ 292.277015][ C0] asm_call_irq_on_stack+0xf/0x20 [ 292.282008][ C0] [ 292.284925][ C0] sysvec_apic_timer_interrupt+0x85/0xe0 [ 292.290553][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 292.296530][ C0] RIP: 0010:bcmp+0x24/0xd0 [ 292.301011][ C0] Code: 5f 5d c3 0f 1f 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 50 48 85 d2 0f 84 a5 00 00 00 48 bb 00 00 00 00 00 fc ff df 45 31 f6 <4a> 8d 04 37 48 89 c1 48 c1 e9 03 0f b6 0c 19 84 c9 75 2d 42 0f b6 [ 292.320933][ C0] RSP: 0018:ffffc90000be6880 EFLAGS: 00000202 [ 292.327089][ C0] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000077 [ 292.335046][ C0] RDX: 0000000000000004 RSI: ffffc90000be6940 RDI: ffff88810c10885c [ 292.343171][ C0] RBP: ffffc90000be68b0 R08: 0000000000000004 R09: 0000000000be6901 [ 292.351337][ C0] R10: fffff5200017cd28 R11: 1ffff9200017cd28 R12: 0000000000000004 [ 292.359303][ C0] R13: ffff88810c1088e8 R14: 0000000000000002 R15: fffffffffffffc18 [ 292.367378][ C0] tipc_sk_lookup+0x2f3/0x5f0 [ 292.372057][ C0] ? tipc_sk_rcv+0x1ef0/0x1ef0 [ 292.376813][ C0] tipc_sk_rcv+0x3eb/0x1ef0 [ 292.381305][ C0] ? __stack_depot_save+0x479/0x4c0 [ 292.387394][ C0] ? kasan_set_track+0x5b/0x70 [ 292.392136][ C0] ? kasan_set_track+0x4a/0x70 [ 292.397415][ C0] ? kasan_set_free_info+0x23/0x40 [ 292.402954][ C0] ? ____kasan_slab_free+0x125/0x160 [ 292.408235][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 292.414023][ C0] ? kmem_cache_free+0x100/0x2d0 [ 292.418986][ C0] ? kfree_skbmem+0x10c/0x180 [ 292.423881][ C0] ? kfree_skb+0xc1/0x2f0 [ 292.428217][ C0] ? tipc_msg_reverse+0x698/0x900 [ 292.433224][ C0] ? tipc_node_xmit+0x256/0xcd0 [ 292.438585][ C0] ? tipc_sk_filter_rcv+0x1581/0x3850 [ 292.444021][ C0] ? tipc_node_xmit+0x256/0xcd0 [ 292.448961][ C0] ? tipc_node_distr_xmit+0x292/0x390 [ 292.454315][ C0] ? tipc_sk_backlog_rcv+0x16f/0x1f0 [ 292.459665][ C0] ? syscall_exit_to_user_mode+0x5b/0x90 [ 292.465270][ C0] ? do_syscall_64+0x3d/0x40 [ 292.469920][ C0] ? __skb_queue_purge+0x170/0x170 [ 292.475333][ C0] tipc_node_xmit+0x256/0xcd0 [ 292.480394][ C0] ? ____kasan_slab_free+0x130/0x160 [ 292.485919][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 292.491466][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 292.497000][ C0] ? kfree_skbmem+0x10c/0x180 [ 292.501673][ C0] ? kmem_cache_free+0x100/0x2d0 [ 292.506601][ C0] tipc_node_xmit_skb+0xe9/0x130 [ 292.511534][ C0] ? kfree_skb+0xc1/0x2f0 [ 292.515844][ C0] ? __skb_queue_purge+0x170/0x170 [ 292.521127][ C0] ? trace_tipc_sk_rej_msg+0x2c/0x6d0 [ 292.526782][ C0] tipc_sk_rcv+0x1d77/0x1ef0 [ 292.531545][ C0] ? memcpy+0x56/0x70 [ 292.535532][ C0] ? load_balance+0x1193/0x4320 [ 292.540376][ C0] ? __kernel_text_address+0xa0/0x100 [ 292.545723][ C0] ? __skb_queue_purge+0x170/0x170 [ 292.550994][ C0] tipc_node_xmit+0x256/0xcd0 [ 292.555655][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 292.561178][ C0] ? sysvec_reschedule_ipi+0x69/0x70 [ 292.566722][ C0] ? asm_sysvec_reschedule_ipi+0x12/0x20 [ 292.572466][ C0] tipc_sk_filter_rcv+0x1581/0x3850 [ 292.577752][ C0] ? tipc_sk_dump+0xfc0/0xfc0 [ 292.582421][ C0] ? __kasan_check_write+0x14/0x20 [ 292.587691][ C0] ? _raw_spin_lock_bh+0x8e/0xe0 [ 292.592693][ C0] tipc_sk_rcv+0x7cc/0x1ef0 [ 292.597181][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 292.602795][ C0] ? kmem_cache_free+0x100/0x2d0 [ 292.607819][ C0] ? __skb_queue_purge+0x170/0x170 [ 292.612906][ C0] ? tipc_sk_filter_rcv+0x3034/0x3850 [ 292.618256][ C0] ? ____fput+0x15/0x20 [ 292.622398][ C0] ? task_work_run+0x127/0x190 [ 292.627137][ C0] tipc_node_xmit+0x256/0xcd0 [ 292.631790][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 292.637331][ C0] tipc_node_distr_xmit+0x292/0x390 [ 292.642697][ C0] ? tipc_node_xmit_skb+0x130/0x130 [ 292.647893][ C0] ? kfree_skbmem+0x10c/0x180 [ 292.652642][ C0] tipc_sk_backlog_rcv+0x16f/0x1f0 [ 292.657730][ C0] ? tipc_sk_timeout+0x970/0x970 [ 292.662731][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 292.668253][ C0] __release_sock+0x146/0x360 [ 292.673225][ C0] release_sock+0x60/0x1b0 [ 292.677676][ C0] tipc_release+0xbd4/0x1490 [ 292.682275][ C0] sock_close+0xe0/0x270 [ 292.686602][ C0] ? sock_mmap+0xa0/0xa0 [ 292.691324][ C0] __fput+0x2fb/0x770 [ 292.695400][ C0] ____fput+0x15/0x20 [ 292.699665][ C0] task_work_run+0x127/0x190 [ 292.704259][ C0] ptrace_notify+0x212/0x250 [ 292.708995][ C0] ? fput+0x1a/0x20 [ 292.712799][ C0] ? __x64_sys_sendmsg+0x24b/0x2a0 [ 292.717906][ C0] ? do_notify_parent+0x7e0/0x7e0 [ 292.723169][ C0] ? ___sys_sendmsg+0x260/0x260 [ 292.728084][ C0] syscall_exit_work+0x6e/0x140 [ 292.733024][ C0] syscall_exit_to_user_mode+0x5b/0x90 [ 292.738929][ C0] do_syscall_64+0x3d/0x40 [ 292.743407][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 292.749287][ C0] RIP: 0033:0x7f1c1247ba29 [ 292.753692][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 292.773982][ C0] RSP: 002b:00007f1c1243a168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 292.782399][ C0] RAX: 00000000000203a0 RBX: 00007f1c12507328 RCX: 00007f1c1247ba29 [ 292.790358][ C0] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003 [ 292.798497][ C0] RBP: 00007f1c12507320 R08: 00007f1c1243a6c0 R09: 0000000000000000 [ 292.806466][ C0] R10: 00007f1c1243a6c0 R11: 0000000000000246 R12: 00007f1c1250732c [ 292.814720][ C0] R13: 0000000000000000 R14: 00007ffff3fb3080 R15: 00007ffff3fb3168 [ 440.934890][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 123s! [syz-executor293:296] [ 440.943689][ C0] Modules linked in: [ 440.947693][ C0] CPU: 0 PID: 296 Comm: syz-executor293 Not tainted 5.10.237-syzkaller #0 [ 440.956176][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 440.966426][ C0] RIP: 0010:_raw_spin_lock_bh+0x9b/0xe0 [ 440.972059][ C0] Code: 00 00 00 48 89 df be 04 00 00 00 e8 4f f3 28 fd 4c 89 f7 be 04 00 00 00 e8 42 f3 28 fd 8b 44 24 20 b9 01 00 00 00 f0 0f b1 0b <75> 2d 48 c7 04 24 0e 36 e0 45 4b c7 04 27 00 00 00 00 65 48 8b 04 [ 440.992712][ C0] RSP: 0018:ffffc90000be6920 EFLAGS: 00000246 [ 440.998762][ C0] RAX: 0000000000000000 RBX: ffffc90000be6df4 RCX: 0000000000000001 [ 441.006728][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000be6940 [ 441.014693][ C0] RBP: ffffc90000be69b0 R08: 0000000000000004 R09: 0000000000000003 [ 441.023047][ C0] R10: fffff5200017cd28 R11: 1ffff9200017cd28 R12: dffffc0000000000 [ 441.031424][ C0] R13: ffffc90000be6df0 R14: ffffc90000be6940 R15: 1ffff9200017cd24 [ 441.039941][ C0] FS: 00007f1c1243a6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 441.048861][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 441.055522][ C0] CR2: 00007ffff3fd2750 CR3: 000000011de51000 CR4: 00000000003506b0 [ 441.063655][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 441.071623][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 441.079751][ C0] Call Trace: [ 441.083142][ C0] ? _raw_spin_lock_irq+0xe0/0xe0 [ 441.088285][ C0] tipc_sk_rcv+0x221/0x1ef0 [ 441.092793][ C0] ? __stack_depot_save+0x479/0x4c0 [ 441.098083][ C0] ? kasan_set_track+0x5b/0x70 [ 441.102841][ C0] ? kasan_set_track+0x4a/0x70 [ 441.107827][ C0] ? kasan_set_free_info+0x23/0x40 [ 441.113021][ C0] ? ____kasan_slab_free+0x125/0x160 [ 441.118382][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 441.123906][ C0] ? kmem_cache_free+0x100/0x2d0 [ 441.129095][ C0] ? kfree_skbmem+0x10c/0x180 [ 441.133749][ C0] ? kfree_skb+0xc1/0x2f0 [ 441.138142][ C0] ? tipc_msg_reverse+0x698/0x900 [ 441.143229][ C0] ? tipc_node_xmit+0x256/0xcd0 [ 441.148056][ C0] ? tipc_sk_filter_rcv+0x1581/0x3850 [ 441.153404][ C0] ? tipc_node_xmit+0x256/0xcd0 [ 441.158315][ C0] ? tipc_node_distr_xmit+0x292/0x390 [ 441.163667][ C0] ? tipc_sk_backlog_rcv+0x16f/0x1f0 [ 441.168947][ C0] ? syscall_exit_to_user_mode+0x5b/0x90 [ 441.174623][ C0] ? do_syscall_64+0x3d/0x40 [ 441.179381][ C0] ? __skb_queue_purge+0x170/0x170 [ 441.184474][ C0] tipc_node_xmit+0x256/0xcd0 [ 441.189644][ C0] ? ____kasan_slab_free+0x130/0x160 [ 441.194915][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 441.200436][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 441.206106][ C0] ? kfree_skbmem+0x10c/0x180 [ 441.210871][ C0] ? kmem_cache_free+0x100/0x2d0 [ 441.215806][ C0] tipc_node_xmit_skb+0xe9/0x130 [ 441.220899][ C0] ? kfree_skb+0xc1/0x2f0 [ 441.225234][ C0] ? __skb_queue_purge+0x170/0x170 [ 441.230359][ C0] ? trace_tipc_sk_rej_msg+0x2c/0x6d0 [ 441.236014][ C0] tipc_sk_rcv+0x1d77/0x1ef0 [ 441.240783][ C0] ? memcpy+0x56/0x70 [ 441.244753][ C0] ? load_balance+0x1193/0x4320 [ 441.249594][ C0] ? __kernel_text_address+0xa0/0x100 [ 441.255068][ C0] ? __skb_queue_purge+0x170/0x170 [ 441.260242][ C0] tipc_node_xmit+0x256/0xcd0 [ 441.264913][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 441.270742][ C0] ? sysvec_reschedule_ipi+0x69/0x70 [ 441.276065][ C0] ? asm_sysvec_reschedule_ipi+0x12/0x20 [ 441.281888][ C0] tipc_sk_filter_rcv+0x1581/0x3850 [ 441.287208][ C0] ? tipc_sk_dump+0xfc0/0xfc0 [ 441.291889][ C0] ? __kasan_check_write+0x14/0x20 [ 441.297079][ C0] ? _raw_spin_lock_bh+0x8e/0xe0 [ 441.301998][ C0] tipc_sk_rcv+0x7cc/0x1ef0 [ 441.306514][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 441.312039][ C0] ? kmem_cache_free+0x100/0x2d0 [ 441.317204][ C0] ? __skb_queue_purge+0x170/0x170 [ 441.322655][ C0] ? tipc_sk_filter_rcv+0x3034/0x3850 [ 441.328047][ C0] ? ____fput+0x15/0x20 [ 441.332501][ C0] ? task_work_run+0x127/0x190 [ 441.337269][ C0] tipc_node_xmit+0x256/0xcd0 [ 441.342036][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 441.347572][ C0] tipc_node_distr_xmit+0x292/0x390 [ 441.352847][ C0] ? tipc_node_xmit_skb+0x130/0x130 [ 441.358022][ C0] ? kfree_skbmem+0x10c/0x180 [ 441.362690][ C0] tipc_sk_backlog_rcv+0x16f/0x1f0 [ 441.367789][ C0] ? tipc_sk_timeout+0x970/0x970 [ 441.372866][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 441.378339][ C0] __release_sock+0x146/0x360 [ 441.383028][ C0] release_sock+0x60/0x1b0 [ 441.387445][ C0] tipc_release+0xbd4/0x1490 [ 441.392375][ C0] sock_close+0xe0/0x270 [ 441.396784][ C0] ? sock_mmap+0xa0/0xa0 [ 441.401252][ C0] __fput+0x2fb/0x770 [ 441.405239][ C0] ____fput+0x15/0x20 [ 441.409462][ C0] task_work_run+0x127/0x190 [ 441.414298][ C0] ptrace_notify+0x212/0x250 [ 441.418897][ C0] ? fput+0x1a/0x20 [ 441.422960][ C0] ? __x64_sys_sendmsg+0x24b/0x2a0 [ 441.428217][ C0] ? do_notify_parent+0x7e0/0x7e0 [ 441.433393][ C0] ? ___sys_sendmsg+0x260/0x260 [ 441.438334][ C0] syscall_exit_work+0x6e/0x140 [ 441.443174][ C0] syscall_exit_to_user_mode+0x5b/0x90 [ 441.448612][ C0] do_syscall_64+0x3d/0x40 [ 441.453185][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 441.459059][ C0] RIP: 0033:0x7f1c1247ba29 [ 441.463539][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 441.483575][ C0] RSP: 002b:00007f1c1243a168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 441.492340][ C0] RAX: 00000000000203a0 RBX: 00007f1c12507328 RCX: 00007f1c1247ba29 [ 441.500405][ C0] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003 [ 441.508513][ C0] RBP: 00007f1c12507320 R08: 00007f1c1243a6c0 R09: 0000000000000000 [ 441.516816][ C0] R10: 00007f1c1243a6c0 R11: 0000000000000246 R12: 00007f1c1250732c [ 441.525056][ C0] R13: 0000000000000000 R14: 00007ffff3fb3080 R15: 00007ffff3fb3168 [ 441.536358][ T24] audit: type=1400 audit(1748002134.960:68): avc: denied { read } for pid=77 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 441.565688][ T24] audit: type=1400 audit(1748002134.980:69): avc: denied { search } for pid=77 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 441.588087][ T24] audit: type=1400 audit(1748002134.980:70): avc: denied { write } for pid=77 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 441.609490][ T24] audit: type=1400 audit(1748002134.980:71): avc: denied { add_name } for pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 441.630501][ T24] audit: type=1400 audit(1748002134.980:72): avc: denied { create } for pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 441.651104][ T24] audit: type=1400 audit(1748002134.980:73): avc: denied { append open } for pid=77 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 441.674487][ T24] audit: type=1400 audit(1748002134.980:74): avc: denied { getattr } for pid=77 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1