./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2616492054 <...> Warning: Permanently added '10.128.0.192' (ED25519) to the list of known hosts. execve("./syz-executor2616492054", ["./syz-executor2616492054"], 0x7fff46419640 /* 10 vars */) = 0 brk(NULL) = 0x55558508d000 brk(0x55558508dd00) = 0x55558508dd00 arch_prctl(ARCH_SET_FS, 0x55558508d380) = 0 set_tid_address(0x55558508d650) = 5833 set_robust_list(0x55558508d660, 24) = 0 rseq(0x55558508dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2616492054", 4096) = 28 getrandom("\x67\x6e\xa2\xae\x1c\x0f\x1e\xa9", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558508dd00 brk(0x5555850aed00) = 0x5555850aed00 brk(0x5555850af000) = 0x5555850af000 mprotect(0x7fc6c75a1000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 [ 68.473862][ T30] audit: type=1400 audit(1752579534.037:62): avc: denied { write } for pid=5830 comm="strace-static-x" path="pipe:[4398]" dev="pipefs" ino=4398 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 write(1, "executing program\n", 18executing program ) = 18 bpf(BPF_PROG_LOAD, {prog_type=0x20 /* BPF_PROG_TYPE_??? */, insn_cnt=3, insns=0x200000000200, license="syzkaller", log_level=5, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x2d /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = 3 [ 68.505272][ T30] audit: type=1400 audit(1752579534.067:63): avc: denied { execmem } for pid=5833 comm="syz-executor261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 68.530139][ T30] audit: type=1400 audit(1752579534.097:64): avc: denied { prog_load } for pid=5833 comm="syz-executor261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 68.549690][ T30] audit: type=1400 audit(1752579534.097:65): avc: denied { bpf } for pid=5833 comm="syz-executor261" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 68.570750][ T5829] BUG: assuming non migratable context at ./include/linux/filter.h:703 [ 68.570946][ T30] audit: type=1400 audit(1752579534.097:66): avc: denied { perfmon } for pid=5833 comm="syz-executor261" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 68.600722][ T30] audit: type=1400 audit(1752579534.097:67): avc: denied { prog_run } for pid=5833 comm="syz-executor261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 68.601209][ T5829] in_atomic(): 0, irqs_disabled(): 0, migration_disabled() 0 pid: 5829, name: sshd-session [ 68.630683][ T5829] 3 locks held by sshd-session/5829: [ 68.636214][ T5829] #0: ffff88807b4e4218 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x20/0x50 [ 68.645414][ T5829] #1: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: __ip_queue_xmit+0x69/0x26c0 [ 68.655288][ T5829] #2: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: nf_hook+0xb2/0x680 [ 68.664189][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: sshd-session Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 68.664213][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 68.664223][ T5829] Call Trace: [ 68.664228][ T5829] [ 68.664235][ T5829] dump_stack_lvl+0x16c/0x1f0 [ 68.664262][ T5829] __cant_migrate+0x1c7/0x250 [ 68.664286][ T5829] ? __lock_acquire+0x622/0x1c90 [ 68.664304][ T5829] ? __pfx___cant_migrate+0x10/0x10 [ 68.664332][ T5829] nf_hook_run_bpf+0x83/0x1e0 [ 68.664352][ T5829] ? __pfx_nf_hook_run_bpf+0x10/0x10 [ 68.664376][ T5829] ? __pfx_nf_hook_run_bpf+0x10/0x10 [ 68.664392][ T5829] nf_hook_slow+0xbb/0x200 [ 68.664417][ T5829] nf_hook+0x370/0x680 [ 68.664434][ T5829] ? __pfx_ip_finish_output+0x10/0x10 [ 68.664453][ T5829] ? __pfx_nf_hook+0x10/0x10 [ 68.664473][ T5829] ? __pfx_ip_finish_output+0x10/0x10 [ 68.664498][ T5829] ip_output+0x1bc/0x2a0 [ 68.664515][ T5829] ? __pfx_ip_finish_output+0x10/0x10 [ 68.664531][ T5829] ? __pfx_ip_output+0x10/0x10 [ 68.664549][ T5829] __ip_queue_xmit+0x1d7d/0x26c0 [ 68.664574][ T5829] ? __pfx_ip_queue_xmit+0x10/0x10 [ 68.664592][ T5829] __tcp_transmit_skb+0x2686/0x3e90 [ 68.664635][ T5829] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 68.664676][ T5829] ? ktime_get+0x200/0x310 [ 68.664701][ T5829] ? lockdep_hardirqs_on+0x7c/0x110 [ 68.664730][ T5829] tcp_write_xmit+0x1274/0x84e0 [ 68.664770][ T5829] ? __alloc_skb+0x200/0x380 [ 68.664793][ T5829] ? __pfx___alloc_skb+0x10/0x10 [ 68.664814][ T5829] ? __pfx__copy_from_iter+0x10/0x10 [ 68.664855][ T5829] __tcp_push_pending_frames+0xaf/0x390 [ 68.664877][ T5829] ? skb_page_frag_refill+0x11d/0x5a0 [ 68.664896][ T5829] tcp_push+0x225/0x700 [ 68.664920][ T5829] tcp_sendmsg_locked+0x1870/0x42b0 [ 68.664959][ T5829] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 68.664983][ T5829] ? do_raw_spin_lock+0x12c/0x2b0 [ 68.665003][ T5829] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 68.665029][ T5829] ? __local_bh_enable_ip+0xa4/0x120 [ 68.665055][ T5829] tcp_sendmsg+0x2e/0x50 [ 68.665073][ T5829] ? __pfx_tcp_sendmsg+0x10/0x10 [ 68.665094][ T5829] inet_sendmsg+0xb9/0x140 [ 68.665116][ T5829] sock_write_iter+0x4aa/0x5b0 [ 68.665134][ T5829] ? __pfx_sock_write_iter+0x10/0x10 [ 68.665151][ T5829] ? __might_fault+0xe3/0x190 [ 68.665172][ T5829] ? __might_fault+0x13b/0x190 [ 68.665206][ T5829] ? bpf_lsm_file_permission+0x9/0x10 [ 68.665222][ T5829] ? security_file_permission+0x71/0x210 [ 68.665248][ T5829] ? rw_verify_area+0xcf/0x680 [ 68.665270][ T5829] vfs_write+0x6c7/0x1150 [ 68.665293][ T5829] ? __pfx_sock_write_iter+0x10/0x10 [ 68.665314][ T5829] ? __pfx_vfs_write+0x10/0x10 [ 68.665337][ T5829] ? _raw_spin_unlock_irq+0x2e/0x50 [ 68.665359][ T5829] ? sigprocmask+0xef/0x330 [ 68.665391][ T5829] ksys_write+0x1f8/0x250 [ 68.665412][ T5829] ? __pfx_ksys_write+0x10/0x10 [ 68.665443][ T5829] do_syscall_64+0xcd/0x4c0 [ 68.665469][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.665488][ T5829] RIP: 0033:0x7fe7d365d407 [ 68.665502][ T5829] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff bpf(BPF_LINK_CREATE, {link_create={prog_fd=3, target_fd=0, attach_type=0x2d /* BPF_??? */, flags=0}, ...}, 32) = 4 socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 5 sendto(5, NULL, 0, MSG_DONTWAIT|MSG_MORE|MSG_BATCH|MSG_FASTOPEN, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("172.20.20.40")}, 16) = -1 EINPROGRESS (Operation now in progress) exit_group(0) = ? +++ exited with 0 +++ [ 68.665517][ T5829] RSP: