./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3948916995 <...> ve=1 [ 12.731001][ T28] kauditd_printk_skb: 29 callbacks suppressed [ 12.731017][ T28] audit: type=1400 audit(1745679874.123:61): avc: denied { transition } for pid=222 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.739224][ T28] audit: type=1400 audit(1745679874.123:62): avc: denied { noatsecure } for pid=222 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.745083][ T28] audit: type=1400 audit(1745679874.133:63): avc: denied { write } for pid=222 comm="sh" path="pipe:[13627]" dev="pipefs" ino=13627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 12.748731][ T28] audit: type=1400 audit(1745679874.133:64): avc: denied { rlimitinh } for pid=222 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.754537][ T28] audit: type=1400 audit(1745679874.133:65): avc: denied { siginh } for pid=222 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.10.46' (ED25519) to the list of known hosts. execve("./syz-executor3948916995", ["./syz-executor3948916995"], 0x7ffede879720 /* 10 vars */) = 0 brk(NULL) = 0x55555f966000 brk(0x55555f966d00) = 0x55555f966d00 arch_prctl(ARCH_SET_FS, 0x55555f966380) = 0 set_tid_address(0x55555f966650) = 295 set_robust_list(0x55555f966660, 24) = 0 rseq(0x55555f966ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3948916995", 4096) = 28 getrandom("\xf6\xdb\x36\xbd\x49\x74\x02\xb5", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555f966d00 brk(0x55555f987d00) = 0x55555f987d00 brk(0x55555f988000) = 0x55555f988000 mprotect(0x7fe596159000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555f966650) = 296 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555f966650) = 297 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555f966650) = 298 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555f966650) = 299 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555f966650) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x55555f966660, 24) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555f966650) = 301 ./strace-static-x86_64: Process 301 attached ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x55555f966660, 24) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] set_robust_list(0x55555f966660, 24./strace-static-x86_64: Process 297 attached ) = 0 ./strace-static-x86_64: Process 298 attached [pid 299] <... clone resumed>, child_tidptr=0x55555f966650) = 302 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x55555f966660, 24) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] write(1, "executing program\n", 18) = 18 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 296 attached [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] set_robust_list(0x55555f966660, 24 [pid 297] set_robust_list(0x55555f966660, 24 [pid 301] <... prctl resumed>) = 0 [pid 301] setpgid(0, 0 [pid 302] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL}, 148) = -1 EFAULT (Bad address) [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET6_BIND, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 3 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=3}}, 16) = 4 [pid 302] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 301] <... setpgid resumed>) = 0 [pid 298] <... set_robust_list resumed>) = 0 [pid 296] set_robust_list(0x55555f966660, 24 [pid 302] <... openat resumed>) = 5 [pid 302] write(5, "1", 1) = 1 [pid 302] close(4) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... set_robust_list resumed>) = 0 [pid 296] <... set_robust_list resumed>) = 0 [ 22.460419][ T28] audit: type=1400 audit(1745679883.853:66): avc: denied { execmem } for pid=295 comm="syz-executor394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.470148][ T28] audit: type=1400 audit(1745679883.863:67): avc: denied { bpf } for pid=302 comm="syz-executor394" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 22.478111][ T302] FAULT_INJECTION: forcing a failure. [ 22.478111][ T302] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 22.478530][ T28] audit: type=1400 audit(1745679883.863:68): avc: denied { prog_load } for pid=302 comm="syz-executor394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 301] <... openat resumed>) = 3 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] write(3, "1000", 4 [pid 298] <... clone resumed>, child_tidptr=0x55555f966650) = 303 [pid 301] <... write resumed>) = 4 executing program [pid 301] close(3) = 0 [pid 301] write(1, "executing program\n", 18) = 18 [pid 296] <... clone resumed>, child_tidptr=0x55555f966650) = 305 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 297] <... clone resumed>, child_tidptr=0x55555f966650) = 304 [pid 301] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL}, 148) = -1 EFAULT (Bad address) [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET6_BIND, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 3 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=3}}, 16./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x55555f966660, 24) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] write(1, "executing program\n", 18executing program ) = 18 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL}, 148) = -1 EFAULT (Bad address) [ 22.486530][ T302] CPU: 1 PID: 302 Comm: syz-executor394 Not tainted 6.1.129-syzkaller-00022-g25fc41bbde8e #0 [ 22.507825][ T28] audit: type=1400 audit(1745679883.863:69): avc: denied { perfmon } for pid=302 comm="syz-executor394" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 22.515525][ T302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 22.515553][ T302] Call Trace: [ 22.515559][ T302] [ 22.515567][ T302] __dump_stack+0x21/0x24 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET6_BIND, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 3 [pid 305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=3}}, 16./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x55555f966660, 24) = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] write(1, "executing program\n", 18executing program ) = 18 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL}, 148) = -1 EFAULT (Bad address) [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET6_BIND, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 3 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=3}}, 16./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x55555f966660, 24) = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] write(1, "executing program\n", 18executing program ) = 18 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL}, 148) = -1 EFAULT (Bad address) [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET6_BIND, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 3 [ 22.536385][ T28] audit: type=1400 audit(1745679883.863:70): avc: denied { prog_run } for pid=302 comm="syz-executor394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 22.546247][ T302] dump_stack_lvl+0xee/0x150 [ 22.579669][ T302] ? __cfi_dump_stack_lvl+0x8/0x8 [ 22.584524][ T302] ? resched_curr+0x10e/0x380 [ 22.589036][ T302] ? __cfi_resched_curr+0x10/0x10 [ 22.594437][ T302] dump_stack+0x15/0x24 [ 22.598424][ T302] should_fail_ex+0x3d4/0x520 [ 22.602946][ T302] should_fail_alloc_page+0x61/0x90 [ 22.607973][ T302] prepare_alloc_pages+0x148/0x5f0 [ 22.612919][ T302] ? __alloc_pages_bulk+0x9c0/0x9c0 [ 22.617955][ T302] ? __cfi_sched_clock_cpu+0x10/0x10 [ 22.623073][ T302] __alloc_pages+0x115/0x3a0 [ 22.627499][ T302] ? __cfi___alloc_pages+0x10/0x10 [ 22.632452][ T302] ? kvm_sched_clock_read+0x18/0x40 [ 22.637482][ T302] ? __this_cpu_preempt_check+0x13/0x20 [ 22.642863][ T302] ? xfd_validate_state+0x70/0x150 [ 22.647807][ T302] __folio_alloc+0x12/0x40 [ 22.652060][ T302] wp_page_copy+0x280/0x15b0 [ 22.656490][ T302] ? __switch_to+0x51f/0xe30 [ 22.660936][ T302] ? fault_dirty_shared_page+0x310/0x310 [ 22.666383][ T302] ? _raw_spin_unlock+0x4c/0x70 [ 22.671069][ T302] ? finish_task_switch+0x16b/0x7b0 [ 22.676102][ T302] ? vm_normal_page+0x99/0x200 [ 22.680701][ T302] do_wp_page+0x9f2/0xfc0 [ 22.684871][ T302] handle_mm_fault+0x10e4/0x2640 [ 22.689646][ T302] ? __cfi_handle_mm_fault+0x10/0x10 [ 22.694762][ T302] ? lock_vma_under_rcu+0x3eb/0x4d0 [ 22.699802][ T302] ? __this_cpu_preempt_check+0x13/0x20 [ 22.705182][ T302] ? xfd_validate_state+0x70/0x150 [ 22.710127][ T302] do_user_addr_fault+0x905/0x1050 [ 22.715074][ T302] exc_page_fault+0x51/0xb0 [ 22.719412][ T302] asm_exc_page_fault+0x27/0x30 [ 22.724099][ T302] RIP: 0033:0x7fe5960bc290 [ 22.728359][ T302] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 5d 0d 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 10 3b 0a 00 0f 85 0f 02 00 00 4c 8d 25 03 3b 0a 00 4c [ 22.747793][ T302] RSP: 002b:00007ffc0642a970 EFLAGS: 00010246 [ 22.753692][ T302] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001 [pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=3}}, 16 [pid 302] exit_group(0) = ? [pid 302] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 301] <... bpf resumed>) = 4 [pid 301] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 305] <... bpf resumed>) = 4 [pid 301] <... openat resumed>) = 5 [pid 301] write(5, "1", 1) = 1 [pid 301] close(4 [ 22.761506][ T302] RDX: 0000000000000001 RSI: 00007fe59615d110 RDI: 0000000000000000 [ 22.769316][ T302] RBP: 00007fe59615d110 R08: 00007ffc0642a767 R09: 0000000000000140 [ 22.777130][ T302] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 22.784941][ T302] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 22.792758][ T302] [ 22.795795][ T302] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 22.805224][ T301] FAULT_INJECTION: forcing a failure. [pid 305] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWRexecuting program ) = 5 [pid 299] <... restart_syscall resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555f966650) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x55555f966660, 24) = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] write(1, "executing program\n", 18) = 18 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL}, 148) = -1 EFAULT (Bad address) [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET6_BIND, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 3 [pid 306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=3}}, 16 [pid 305] write(5, "1", 1) = 1 [ 22.805224][ T301] name failslab, interval 1, probability 0, space 0, times 1 [ 22.817736][ T301] CPU: 0 PID: 301 Comm: syz-executor394 Not tainted 6.1.129-syzkaller-00022-g25fc41bbde8e #0 [ 22.827715][ T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 22.837607][ T301] Call Trace: [ 22.840727][ T301] [ 22.843512][ T301] __dump_stack+0x21/0x24 [ 22.847672][ T301] dump_stack_lvl+0xee/0x150 [ 22.852123][ T301] ? __cfi_dump_stack_lvl+0x8/0x8 [ 22.856962][ T301] ? 0xffffffffa00006dc [ 22.860950][ T301] ? is_bpf_text_address+0x177/0x190 [ 22.866071][ T301] dump_stack+0x15/0x24 [ 22.870063][ T301] should_fail_ex+0x3d4/0x520 [ 22.874690][ T301] __should_failslab+0xac/0xf0 [ 22.879288][ T301] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 22.885102][ T301] should_failslab+0x9/0x20 [ 22.889439][ T301] __kmem_cache_alloc_node+0x3d/0x2c0 [ 22.894648][ T301] ? __cfi_mutex_lock+0x10/0x10 [ 22.899367][ T301] ? delete_node+0x3dc/0xa60 [ 22.903772][ T301] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 22.909577][ T301] __kmalloc+0xa1/0x1e0 [ 22.913572][ T301] ? __cfi___bpf_trace_timer_start+0x10/0x10 [ 22.919384][ T301] tracepoint_probe_unregister+0x1e6/0x8b0 [ 22.925030][ T301] bpf_probe_unregister+0x61/0x70 [ 22.929973][ T301] bpf_raw_tp_link_release+0x63/0x90 [ 22.935108][ T301] bpf_link_free+0x13a/0x390 [ 22.939521][ T301] ? bpf_link_put_deferred+0x20/0x20 [ 22.944643][ T301] bpf_link_release+0x15f/0x170 [ 22.949328][ T301] ? __cfi_bpf_link_release+0x10/0x10 [ 22.954537][ T301] __fput+0x1fc/0x8f0 [ 22.958357][ T301] ____fput+0x15/0x20 [ 22.962173][ T301] task_work_run+0x1db/0x240 [ 22.966600][ T301] ? __cfi_task_work_run+0x10/0x10 [ 22.971545][ T301] ? task_work_add+0x2b1/0x330 [ 22.976149][ T301] ptrace_notify+0x221/0x250 [ 22.980573][ T301] ? __cfi_ptrace_notify+0x10/0x10 [ 22.985532][ T301] ? fput+0x15b/0x1a0 [ 22.989339][ T301] ? filp_close+0x111/0x160 [ 22.993679][ T301] ? close_fd+0x28b/0x300 [ 22.997852][ T301] syscall_exit_work+0x84/0x140 [ 23.002536][ T301] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 23.008522][ T301] syscall_exit_to_user_mode+0xd/0x30 [ 23.013816][ T301] do_syscall_64+0x58/0xa0 [ 23.018072][ T301] ? clear_bhb_loop+0x15/0x70 [ 23.022580][ T301] ? clear_bhb_loop+0x15/0x70 [ 23.027103][ T301] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 23.032829][ T301] RIP: 0033:0x7fe5960edb59 [ 23.037075][ T301] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 305] close(4 [pid 301] <... close resumed>) = 0 [ 23.056525][ T301] RSP: 002b:00007ffc0642a9c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 23.064851][ T301] RAX: 0000000000000000 RBX: 00007ffc0642a9e0 RCX: 00007fe5960edb59 [ 23.072659][ T301] RDX: 00007fe5960ecd90 RSI: 00007ffc0642a9e0 RDI: 0000000000000004 [ 23.080472][ T301] RBP: 0000000000000001 R08: 00007ffc0642a767 R09: 0000000000000140 [ 23.088284][ T301] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 23.096093][ T301] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 23.103913][ T301] [ 23.107716][ C0] CFI failure at __traceiter_timer_start+0x87/0xe0 (target: tp_stub_func+0x0/0x10; expected type: 0x82fbfa63) [ 23.119218][ C0] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 23.125093][ C0] CPU: 0 PID: 19 Comm: kworker/0:1 Not tainted 6.1.129-syzkaller-00022-g25fc41bbde8e #0 [ 23.134637][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 23.144549][ C0] Workqueue: rcu_gp srcu_invoke_callbacks [ 23.150086][ C0] RIP: 0010:__traceiter_timer_start+0x87/0xe0 [ 23.155988][ C0] Code: f8 48 c1 e8 03 80 3c 18 00 74 05 e8 43 3d 53 00 49 8b 7d 08 4c 89 fe 48 8b 55 c8 8b 4d d4 41 ba 9d 05 04 7d 45 03 56 fc 74 02 <0f> 0b 41 ff d6 49 83 c4 18 4c 89 e0 48 c1 e8 03 80 3c 18 00 74 08 [ 23.175435][ C0] RSP: 0018:ffffc90000007838 EFLAGS: 00010017 [ 23.181332][ C0] RAX: 1ffff11021e1a383 RBX: dffffc0000000000 RCX: 0000000002600000 [ 23.189144][ C0] RDX: 00000000ffff9388 RSI: ffffffff86fe6d40 RDI: ffffc900000d9000 [ 23.196954][ C0] RBP: ffffc90000007870 R08: dffffc0000000000 R09: fffffbfff0ee41b6 [ 23.204771][ C0] R10: 0000000022446ca9 R11: 1ffffffff0ee41b5 R12: ffff88810f0d1c10 [ 23.212577][ C0] R13: ffff88810f0d1c10 R14: ffffffff8170fe20 R15: ffffffff86fe6d40 [ 23.220390][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.229156][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.235575][ C0] CR2: 0000000000000000 CR3: 0000000124ceb000 CR4: 00000000003506b0 [ 23.243390][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.251213][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.259018][ C0] Call Trace: [ 23.262135][ C0] [ 23.264828][ C0] ? __die_body+0xa3/0xb0 [ 23.268993][ C0] ? __die+0x25/0x30 [ 23.272723][ C0] ? die+0x2a/0x50 [ 23.276286][ C0] ? do_trap+0xf0/0x2f0 [ 23.280274][ C0] ? __traceiter_timer_start+0x87/0xe0 [ 23.285568][ C0] ? handle_invalid_op+0x95/0xc0 [ 23.290340][ C0] ? __traceiter_timer_start+0x87/0xe0 [ 23.295636][ C0] ? exc_invalid_op+0x32/0x50 [ 23.300151][ C0] ? asm_exc_invalid_op+0x1b/0x20 [ 23.305009][ C0] ? __cfi_tp_stub_func+0x10/0x10 [ 23.309871][ C0] ? __traceiter_timer_start+0x87/0xe0 [ 23.315165][ C0] ? __traceiter_timer_start+0x20/0xe0 [ 23.320460][ C0] enqueue_timer+0x337/0x480 [ 23.324888][ C0] __mod_timer+0x79f/0xb30 [ 23.329140][ C0] ? __kasan_slab_free+0x11/0x20 [ 23.333915][ C0] add_timer+0x68/0x80 [ 23.337841][ C0] __queue_delayed_work+0x173/0x200 [ 23.342856][ C0] queue_delayed_work_on+0xdb/0x150 [ 23.347887][ C0] ? __cfi_queue_delayed_work_on+0x10/0x10 [ 23.353530][ C0] ? _raw_spin_unlock+0x4c/0x70 [ 23.358214][ C0] ? srcu_gp_start+0x195/0x2f0 [ 23.362815][ C0] srcu_gp_start_if_needed+0xbd8/0xfe0 [ 23.368232][ C0] ? start_poll_synchronize_srcu+0x20/0x20 [ 23.373867][ C0] ? file_free_rcu+0x93/0xa0 [ 23.378285][ C0] ? kmem_cache_free+0x12d/0x300 [ 23.383060][ C0] ? __cfi_srcu_free_old_probes+0x10/0x10 [ 23.388614][ C0] ? __cfi_rcu_free_old_probes+0x10/0x10 [ 23.394081][ C0] call_srcu+0x49/0x50 [ 23.397986][ C0] rcu_free_old_probes+0x23/0x30 [ 23.402763][ C0] rcu_do_batch+0x515/0xb90 [ 23.407102][ C0] ? rcu_core+0xe70/0xe70 [ 23.411266][ C0] ? __napi_poll+0x107/0x5e0 [ 23.415693][ C0] rcu_core+0x5a5/0xe70 [ 23.419685][ C0] ? rcu_cpu_kthread_park+0x90/0x90 [ 23.424719][ C0] ? __cfi_net_rx_action+0x10/0x10 [ 23.429665][ C0] ? _raw_spin_unlock_irqrestore+0x5a/0x80 [ 23.435309][ C0] ? irqtime_account_irq+0x75/0x240 [ 23.440342][ C0] rcu_core_si+0x9/0x10 [ 23.444338][ C0] handle_softirqs+0x1d7/0x600 [ 23.448956][ C0] __do_softirq+0xb/0xd [ 23.452927][ C0] do_softirq+0xc6/0x120 [ 23.457004][ C0] [ 23.459786][ C0] [ 23.462559][ C0] ? __cfi_do_softirq+0x10/0x10 [ 23.467248][ C0] ? srcu_invoke_callbacks+0x210/0x410 [ 23.472540][ C0] __local_bh_enable_ip+0x75/0x80 [ 23.477401][ C0] srcu_invoke_callbacks+0x1cf/0x410 [ 23.482522][ C0] ? _raw_spin_unlock+0x4c/0x70 [ 23.487210][ C0] ? __cfi_srcu_invoke_callbacks+0x10/0x10 [ 23.492854][ C0] ? __schedule+0xb8f/0x14e0 [ 23.497278][ C0] process_one_work+0x71f/0xc40 [ 23.501975][ C0] worker_thread+0xa29/0x11f0 [ 23.506477][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 23.511778][ C0] kthread+0x281/0x320 [ 23.515680][ C0] ? __cfi_worker_thread+0x10/0x10 [ 23.520632][ C0] ? __cfi_kthread+0x10/0x10 [ 23.525054][ C0] ret_from_fork+0x1f/0x30 [ 23.529306][ C0] [ 23.532165][ C0] Modules linked in: [ 23.535912][ C0] ---[ end trace 0000000000000000 ]--- [ 23.541194][ C0] RIP: 0010:__traceiter_timer_start+0x87/0xe0 [ 23.547094][ C0] Code: f8 48 c1 e8 03 80 3c 18 00 74 05 e8 43 3d 53 00 49 8b 7d 08 4c 89 fe 48 8b 55 c8 8b 4d d4 41 ba 9d 05 04 7d 45 03 56 fc 74 02 <0f> 0b 41 ff d6 49 83 c4 18 4c 89 e0 48 c1 e8 03 80 3c 18 00 74 08 [ 23.566536][ C0] RSP: 0018:ffffc90000007838 EFLAGS: 00010017 [ 23.572441][ C0] RAX: 1ffff11021e1a383 RBX: dffffc0000000000 RCX: 0000000002600000 [ 23.580250][ C0] RDX: 00000000ffff9388 RSI: ffffffff86fe6d40 RDI: ffffc900000d9000 [ 23.588061][ C0] RBP: ffffc90000007870 R08: dffffc0000000000 R09: fffffbfff0ee41b6 [ 23.595880][ C0] R10: 0000000022446ca9 R11: 1ffffffff0ee41b5 R12: ffff88810f0d1c10 [ 23.603686][ C0] R13: ffff88810f0d1c10 R14: ffffffff8170fe20 R15: ffffffff86fe6d40 [ 23.611495][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.620263][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.626683][ C0] CR2: 0000000000000000 CR3: 0000000124ceb000 CR4: 00000000003506b0 [ 23.634499][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.642305][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.650119][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 24.805875][ C0] Shutting down cpus with NMI [ 24.810685][ C0] Kernel Offset: disabled [ 24.814810][ C0] Rebooting in 86400 seconds..