./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2803255409 <...> Warning: Permanently added '10.128.1.108' (ED25519) to the list of known hosts. execve("./syz-executor2803255409", ["./syz-executor2803255409"], 0x7ffea551c510 /* 10 vars */) = 0 brk(NULL) = 0x55556a57d000 brk(0x55556a57dd00) = 0x55556a57dd00 arch_prctl(ARCH_SET_FS, 0x55556a57d380) = 0 set_tid_address(0x55556a57d650) = 290 set_robust_list(0x55556a57d660, 24) = 0 rseq(0x55556a57dca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2803255409", 4096) = 28 getrandom("\xb9\x14\x7b\x47\xeb\xd1\x06\x5f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556a57dd00 brk(0x55556a59ed00) = 0x55556a59ed00 brk(0x55556a59f000) = 0x55556a59f000 mprotect(0x7f3d2583c000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556a57d650) = 291 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556a57d650) = 292 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556a57d650) = 293 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556a57d650) = 294 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556a57d650) = 295 ./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x55556a57d660, 24) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556a57d650) = 296 ./strace-static-x86_64: Process 294 attached [pid 294] set_robust_list(0x55556a57d660, 24) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556a57d650) = 297 ./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x55556a57d660, 24) = 0 [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 297] setpgid(0, 0) = 0 [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 297] write(3, "1000", 4) = 4 [pid 297] close(3) = 0 [pid 297] write(1, "executing program\n", 18executing program ) = 18 [pid 297] seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=1, filter=0x200000000100}./strace-static-x86_64: Process 293 attached ./strace-static-x86_64: Process 296 attached ./strace-static-x86_64: Process 292 attached ./strace-static-x86_64: Process 291 attached [pid 296] set_robust_list(0x55556a57d660, 24 [pid 293] set_robust_list(0x55556a57d660, 24 [pid 292] set_robust_list(0x55556a57d660, 24 [pid 291] set_robust_list(0x55556a57d660, 24 [pid 296] <... set_robust_list resumed>) = 0 [pid 293] <... set_robust_list resumed>) = 0 [pid 292] <... set_robust_list resumed>) = 0 [pid 291] <... set_robust_list resumed>) = 0 [pid 297] <... seccomp resumed>) = 0 [pid 297] socket(AF_VSOCK, SOCK_STREAM, 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... socket resumed>) = 3 [pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000140, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... bpf resumed>) = 4 [pid 297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="virtio_transport_alloc_pkt", prog_fd=4}}, 16executing program ./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x55556a57d660, 24) = 0 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 298] setpgid(0, 0) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 298] write(3, "1000", 4) = 4 [pid 298] close(3) = 0 [pid 298] write(1, "executing program\n", 18) = 18 [pid 298] seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=1, filter=0x200000000100} [pid 292] <... clone resumed>, child_tidptr=0x55556a57d650) = 299 [pid 291] <... clone resumed>, child_tidptr=0x55556a57d650) = 298 [pid 298] <... seccomp resumed>) = 0 [pid 298] socket(AF_VSOCK, SOCK_STREAM, 0) = 3 [ 21.746705][ T28] audit: type=1400 audit(1754895310.383:64): avc: denied { execmem } for pid=290 comm="syz-executor280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.768414][ T28] audit: type=1400 audit(1754895310.403:65): avc: denied { create } for pid=297 comm="syz-executor280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000140, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 299 attached ) = 4 [pid 296] <... prctl resumed>) = 0 [pid 293] <... clone resumed>, child_tidptr=0x55556a57d650) = 300 [pid 298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="virtio_transport_alloc_pkt", prog_fd=4}}, 16 [pid 299] set_robust_list(0x55556a57d660, 24 [pid 296] setpgid(0, 0./strace-static-x86_64: Process 300 attached [pid 299] <... set_robust_list resumed>) = 0 [pid 296] <... setpgid resumed>) = 0 [pid 300] set_robust_list(0x55556a57d660, 24) = 0 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] <... openat resumed>) = 3 [pid 299] <... prctl resumed>) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] setpgid(0, 0 [pid 296] write(3, "1000", 4 [pid 300] <... openat resumed>) = 3 [pid 299] <... setpgid resumed>) = 0 [pid 296] <... write resumed>) = 4 [pid 300] write(3, "1000", 4) = 4 [ 21.790560][ T28] audit: type=1400 audit(1754895310.403:66): avc: denied { bpf } for pid=297 comm="syz-executor280" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 21.812669][ T28] audit: type=1400 audit(1754895310.403:67): avc: denied { prog_load } for pid=297 comm="syz-executor280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 executing program [pid 300] close(3 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] close(3 [pid 300] <... close resumed>) = 0 [pid 300] write(1, "executing program\n", 18) = 18 [pid 300] seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=1, filter=0x200000000100}) = 0 [pid 300] socket(AF_VSOCK, SOCK_STREAM, 0) = 3 [pid 299] <... openat resumed>) = 3 [pid 296] <... close resumed>) = 0 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000140, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 299] write(3, "1000", 4 [pid 296] write(1, "executing program\n", 18 [pid 300] <... bpf resumed>) = 4 [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="virtio_transport_alloc_pkt", prog_fd=4}}, 16executing program [pid 299] <... write resumed>) = 4 [pid 296] <... write resumed>) = 18 [pid 299] close(3 [pid 296] seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=1, filter=0x200000000100} [pid 300] <... bpf resumed>) = 5 [pid 298] <... bpf resumed>) = 5 [pid 299] <... close resumed>) = 0 [pid 300] bind(3, {sa_family=AF_VSOCK, svm_cid=VMADDR_CID_LOCAL, svm_port=0, svm_flags=0}, 16 [pid 298] bind(3, {sa_family=AF_VSOCK, svm_cid=VMADDR_CID_LOCAL, svm_port=0, svm_flags=0}, 16 [pid 299] write(1, "executing program\n", 18 [pid 296] <... seccomp resumed>) = 0 executing program [ 21.832316][ T28] audit: type=1400 audit(1754895310.403:68): avc: denied { perfmon } for pid=297 comm="syz-executor280" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 21.854018][ T28] audit: type=1400 audit(1754895310.403:69): avc: denied { prog_run } for pid=297 comm="syz-executor280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 21.874575][ T28] audit: type=1400 audit(1754895310.513:70): avc: denied { bind } for pid=300 comm="syz-executor280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [pid 300] <... bind resumed>) = 0 [pid 299] <... write resumed>) = 18 [pid 298] <... bind resumed>) = -1 EADDRINUSE (Address already in use) [pid 296] socket(AF_VSOCK, SOCK_STREAM, 0 [pid 300] listen(3, 10 [pid 298] listen(3, 10 [pid 300] <... listen resumed>) = 0 [pid 298] <... listen resumed>) = -1 EINVAL (Invalid argument) [pid 300] socket(AF_VSOCK, SOCK_STREAM, 0 [pid 298] socket(AF_VSOCK, SOCK_STREAM, 0 [pid 300] <... socket resumed>) = 6 [pid 298] <... socket resumed>) = 6 [pid 300] connect(6, {sa_family=AF_VSOCK, svm_cid=VMADDR_CID_LOCAL, svm_port=0, svm_flags=0}, 16 [pid 298] connect(6, {sa_family=AF_VSOCK, svm_cid=VMADDR_CID_LOCAL, svm_port=0, svm_flags=0}, 16 [pid 300] <... connect resumed>) = 0 [pid 298] <... connect resumed>) = 0 [pid 300] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 298] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 300] <... openat resumed>) = 7 [pid 298] <... openat resumed>) = 7 [pid 300] write(7, "2", 1 [pid 298] write(7, "2", 1 [pid 300] <... write resumed>) = 1 [pid 298] <... write resumed>) = 1 [pid 300] close_range(0, 6, 0 [pid 298] close_range(0, 6, 0 [pid 299] seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=1, filter=0x200000000100} [pid 296] <... socket resumed>) = 3 [pid 297] <... bpf resumed>) = 5 [pid 297] bind(3, {sa_family=AF_VSOCK, svm_cid=VMADDR_CID_LOCAL, svm_port=0, svm_flags=0}, 16) = -1 EADDRINUSE (Address already in use) [pid 297] listen(3, 10) = -1 EINVAL (Invalid argument) [pid 297] socket(AF_VSOCK, SOCK_STREAM, 0) = 6 [pid 297] connect(6, {sa_family=AF_VSOCK, svm_cid=VMADDR_CID_LOCAL, svm_port=0, svm_flags=0}, 16) = 0 [pid 297] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 297] write(7, "2", 1) = 1 [ 21.876316][ T298] FAULT_INJECTION: forcing a failure. [ 21.876316][ T298] name failslab, interval 1, probability 0, space 0, times 1 [ 21.894432][ T28] audit: type=1400 audit(1754895310.513:71): avc: denied { listen } for pid=298 comm="syz-executor280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 21.910889][ T298] CPU: 1 PID: 298 Comm: syz-executor280 Not tainted 6.1.145-syzkaller-00002-gc750dc582629 #0 [pid 297] close_range(0, 6, 0 [pid 299] <... seccomp resumed>) = 0 [pid 296] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000140, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 299] socket(AF_VSOCK, SOCK_STREAM, 0 [pid 296] <... bpf resumed>) = 4 [pid 299] <... socket resumed>) = 3 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000140, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 296] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="virtio_transport_alloc_pkt", prog_fd=4}}, 16 [pid 299] <... bpf resumed>) = 4 [ 21.926899][ T28] audit: type=1400 audit(1754895310.513:72): avc: denied { connect } for pid=298 comm="syz-executor280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 21.936582][ T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 21.936607][ T298] Call Trace: [ 21.936611][ T298] [ 21.936617][ T298] __dump_stack+0x21/0x24 [ 21.976906][ T298] dump_stack_lvl+0xee/0x150 [ 21.981502][ T298] ? __cfi_dump_stack_lvl+0x8/0x8 [ 21.986504][ T298] ? ____fput+0x15/0x20 [ 21.990633][ T298] ? ptrace_notify+0x221/0x250 [ 21.995371][ T298] ? syscall_exit_work+0x84/0x140 [ 22.000371][ T298] ? syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 22.006672][ T298] ? do_syscall_64+0x58/0xa0 [ 22.011242][ T298] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 22.017286][ T298] dump_stack+0x15/0x24 [ 22.021424][ T298] should_fail_ex+0x3d4/0x520 [ 22.026077][ T298] __should_failslab+0xac/0xf0 [ 22.030823][ T298] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 22.036797][ T298] should_failslab+0x9/0x20 [ 22.041284][ T298] __kmem_cache_alloc_node+0x3d/0x2c0 [ 22.046635][ T298] ? __cfi_mutex_lock+0x10/0x10 [ 22.051463][ T298] ? delete_node+0x3dc/0xa60 [ 22.056038][ T298] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 22.062015][ T298] __kmalloc+0xa1/0x1e0 [ 22.066167][ T298] ? __cfi___bpf_trace_virtio_transport_alloc_pkt+0x10/0x10 [ 22.073433][ T298] tracepoint_probe_unregister+0x1e6/0x8b0 [ 22.079249][ T298] bpf_probe_unregister+0x61/0x70 [ 22.084263][ T298] bpf_raw_tp_link_release+0x63/0x90 [ 22.089544][ T298] bpf_link_free+0x13a/0x390 [ 22.094112][ T298] ? bpf_link_put_deferred+0x20/0x20 [ 22.099376][ T298] ? security_file_free+0xd8/0xf0 [ 22.104379][ T298] bpf_link_release+0x15f/0x170 [ 22.109204][ T298] ? __cfi_bpf_link_release+0x10/0x10 [ 22.114555][ T298] __fput+0x1fc/0x8f0 [ 22.118517][ T298] ____fput+0x15/0x20 [ 22.122474][ T298] task_work_run+0x1db/0x240 [ 22.127041][ T298] ? __cfi_task_work_run+0x10/0x10 [ 22.132166][ T298] ? fput+0x15b/0x1a0 [ 22.136149][ T298] ? filp_close+0x111/0x160 [ 22.140695][ T298] ptrace_notify+0x221/0x250 [ 22.145286][ T298] ? __cfi_ptrace_notify+0x10/0x10 [ 22.150375][ T298] ? __cfi___close_range+0x10/0x10 [ 22.155467][ T298] ? __secure_computing+0xea/0x290 [ 22.160556][ T298] syscall_exit_work+0x84/0x140 [ 22.165387][ T298] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 22.171515][ T298] syscall_exit_to_user_mode+0xd/0x30 [ 22.176864][ T298] do_syscall_64+0x58/0xa0 [ 22.181257][ T298] ? clear_bhb_loop+0x30/0x80 [ 22.185911][ T298] ? clear_bhb_loop+0x30/0x80 [ 22.190560][ T298] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 22.196427][ T298] RIP: 0033:0x7f3d257d0a19 [ 22.200828][ T298] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 22.220411][ T298] RSP: 002b:00007ffcfa949dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 22.228818][ T298] RAX: 0000000000000000 RBX: 00007ffcfa949de0 RCX: 00007f3d257d0a19 [ 22.236781][ T298] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="virtio_transport_alloc_pkt", prog_fd=4}}, 16 [pid 298] <... close_range resumed>) = 0 [pid 298] exit_group(0) = ? [pid 298] +++ exited with 0 +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556a57d650) = 301 ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x55556a57d660, 24) = 0 executing program [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 [pid 301] write(1, "executing program\n", 18) = 18 [pid 301] seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=1, filter=0x200000000100}) = 0 [pid 301] socket(AF_VSOCK, SOCK_STREAM, 0) = 3 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000140, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 22.244732][ T298] RBP: 0000000000000001 R08: 00007ffcfa949b67 R09: 0000000000000140 [ 22.252688][ T298] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 22.260648][ T298] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 22.268615][ T298] [ 22.273017][ T300] FAULT_INJECTION: forcing a failure. [ 22.273017][ T300] name failslab, interval 1, probability 0, space 0, times 0 [ 22.286382][ T300] CPU: 1 PID: 300 Comm: syz-executor280 Not tainted 6.1.145-syzkaller-00002-gc750dc582629 #0 [ 22.296545][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 22.306582][ T300] Call Trace: [ 22.309839][ T300] [ 22.312749][ T300] __dump_stack+0x21/0x24 [ 22.317069][ T300] dump_stack_lvl+0xee/0x150 [ 22.321644][ T300] ? __cfi_dump_stack_lvl+0x8/0x8 [ 22.326648][ T300] ? ____fput+0x15/0x20 [ 22.330784][ T300] ? ptrace_notify+0x221/0x250 [ 22.335525][ T300] ? syscall_exit_work+0x84/0x140 [ 22.340529][ T300] ? syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 22.346956][ T300] ? do_syscall_64+0x58/0xa0 [ 22.351529][ T300] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 22.357572][ T300] dump_stack+0x15/0x24 [ 22.361706][ T300] should_fail_ex+0x3d4/0x520 [ 22.366361][ T300] __should_failslab+0xac/0xf0 [ 22.371100][ T300] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 22.377057][ T300] should_failslab+0x9/0x20 [ 22.381540][ T300] __kmem_cache_alloc_node+0x3d/0x2c0 [ 22.386885][ T300] ? __cfi_mutex_lock+0x10/0x10 [ 22.391708][ T300] ? delete_node+0x3e6/0xa60 [ 22.396274][ T300] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 22.402230][ T300] __kmalloc+0xa1/0x1e0 [ 22.406366][ T300] ? __cfi___bpf_trace_virtio_transport_alloc_pkt+0x10/0x10 [ 22.413627][ T300] tracepoint_probe_unregister+0x1e6/0x8b0 [ 22.419431][ T300] bpf_probe_unregister+0x61/0x70 [ 22.424433][ T300] bpf_raw_tp_link_release+0x63/0x90 [ 22.429694][ T300] bpf_link_free+0x13a/0x390 [ 22.434267][ T300] ? bpf_link_put_deferred+0x20/0x20 [ 22.439525][ T300] ? security_file_free+0xd8/0xf0 [ 22.444526][ T300] bpf_link_release+0x15f/0x170 [ 22.449350][ T300] ? __cfi_bpf_link_release+0x10/0x10 [ 22.454697][ T300] __fput+0x1fc/0x8f0 [ 22.458683][ T300] ____fput+0x15/0x20 [ 22.462667][ T300] task_work_run+0x1db/0x240 [ 22.467235][ T300] ? __cfi_task_work_run+0x10/0x10 [ 22.472325][ T300] ? fput+0x15b/0x1a0 [ 22.476282][ T300] ? filp_close+0x111/0x160 [ 22.480767][ T300] ptrace_notify+0x221/0x250 [ 22.485354][ T300] ? __cfi_ptrace_notify+0x10/0x10 [ 22.490454][ T300] ? __cfi___close_range+0x10/0x10 [ 22.495550][ T300] ? __secure_computing+0xea/0x290 [ 22.500637][ T300] syscall_exit_work+0x84/0x140 [ 22.505468][ T300] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 22.511599][ T300] syscall_exit_to_user_mode+0xd/0x30 [ 22.516962][ T300] do_syscall_64+0x58/0xa0 [ 22.521359][ T300] ? clear_bhb_loop+0x30/0x80 [ 22.526015][ T300] ? clear_bhb_loop+0x30/0x80 [ 22.530667][ T300] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 22.536545][ T300] RIP: 0033:0x7f3d257d0a19 [ 22.540938][ T300] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 22.560524][ T300] RSP: 002b:00007ffcfa949dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 22.568941][ T300] RAX: 0000000000000000 RBX: 00007ffcfa949de0 RCX: 00007f3d257d0a19 [ 22.576900][ T300] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [ 22.584936][ T300] RBP: 0000000000000001 R08: 00007ffcfa949b67 R09: 0000000000000140 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="virtio_transport_alloc_pkt", prog_fd=4}}, 16 [pid 300] <... close_range resumed>) = 0 [pid 297] <... close_range resumed>) = 0 [pid 300] exit_group(0) = ? [pid 300] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 293] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556a57d650) = 302 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x55556a57d660, 24) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] write(1, "executing program\n", 18executing program ) = 18 [pid 302] seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=1, filter=0x200000000100}) = 0 [pid 302] socket(AF_VSOCK, SOCK_STREAM, 0) = 3 [ 22.592885][ T300] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 22.600835][ T300] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 22.608791][ T300] [ 22.612601][ T297] FAULT_INJECTION: forcing a failure. [ 22.612601][ T297] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 22.626197][ T297] CPU: 1 PID: 297 Comm: syz-executor280 Not tainted 6.1.145-syzkaller-00002-gc750dc582629 #0 [ 22.636354][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 22.646389][ T297] Call Trace: [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000140, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 22.649649][ T297] [ 22.652559][ T297] __dump_stack+0x21/0x24 [ 22.656873][ T297] dump_stack_lvl+0xee/0x150 [ 22.661445][ T297] ? __cfi_dump_stack_lvl+0x8/0x8 [ 22.666444][ T297] dump_stack+0x15/0x24 [ 22.670584][ T297] should_fail_ex+0x3d4/0x520 [ 22.675253][ T297] should_fail_alloc_page+0x61/0x90 [ 22.680452][ T297] prepare_alloc_pages+0x148/0x5f0 [ 22.685554][ T297] ? __alloc_pages_bulk+0x9c0/0x9c0 [ 22.690762][ T297] ? __cfi____update_load_sum+0x10/0x10 [ 22.696295][ T297] __alloc_pages+0x124/0x450 [ 22.700861][ T297] ? __cfi___alloc_pages+0x10/0x10 [ 22.705948][ T297] ? update_load_avg+0x4c2/0x13f0 [ 22.710954][ T297] ? kvm_sched_clock_read+0x18/0x40 [ 22.716131][ T297] ? __this_cpu_preempt_check+0x13/0x20 [ 22.721651][ T297] ? xfd_validate_state+0x70/0x150 [ 22.726746][ T297] __folio_alloc+0x12/0x40 [ 22.731139][ T297] wp_page_copy+0x280/0x15b0 [ 22.735731][ T297] ? __switch_to+0x51f/0xe30 [ 22.740314][ T297] ? fault_dirty_shared_page+0x310/0x310 [ 22.745952][ T297] ? _raw_spin_unlock+0x4c/0x70 [ 22.750782][ T297] ? finish_task_switch+0x16b/0x7b0 [ 22.755961][ T297] ? vm_normal_page+0x99/0x200 [ 22.760708][ T297] do_wp_page+0x9f2/0xfc0 [ 22.765027][ T297] handle_mm_fault+0x10e4/0x2640 [ 22.769944][ T297] ? __cfi_handle_mm_fault+0x10/0x10 [ 22.775215][ T297] ? lock_vma_under_rcu+0x3eb/0x4d0 [ 22.780401][ T297] ? __this_cpu_preempt_check+0x13/0x20 [ 22.785934][ T297] ? xfd_validate_state+0x70/0x150 [ 22.791027][ T297] do_user_addr_fault+0x905/0x1050 [ 22.796144][ T297] exc_page_fault+0x51/0xb0 [ 22.800626][ T297] asm_exc_page_fault+0x27/0x30 [ 22.805463][ T297] RIP: 0033:0x7f3d2579f180 [ 22.809854][ T297] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 0e 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 60 3c 0a 00 0f 85 0f 02 00 00 4c 8d 25 53 3c 0a 00 4c [ 22.829435][ T297] RSP: 002b:00007ffcfa949d70 EFLAGS: 00010246 [ 22.835483][ T297] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001 [ 22.843466][ T297] RDX: 0000000000000001 RSI: 00007f3d25840138 RDI: 0000000000000000 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="virtio_transport_alloc_pkt", prog_fd=4}}, 16 [pid 297] exit_group(0 [pid 296] <... bpf resumed>) = 5 [pid 297] <... exit_group resumed>) = ? [pid 296] bind(3, {sa_family=AF_VSOCK, svm_cid=VMADDR_CID_LOCAL, svm_port=0, svm_flags=0}, 16 [pid 301] <... bpf resumed>) = 5 [pid 299] <... bpf resumed>) = 5 [pid 297] +++ exited with 0 +++ [pid 296] <... bind resumed>) = 0 [pid 296] listen(3, 10) = 0 [pid 296] socket(AF_VSOCK, SOCK_STREAM, 0 [pid 301] bind(3, {sa_family=AF_VSOCK, svm_cid=VMADDR_CID_LOCAL, svm_port=0, svm_flags=0}, 16 [pid 299] bind(3, {sa_family=AF_VSOCK, svm_cid=VMADDR_CID_LOCAL, svm_port=0, svm_flags=0}, 16 [pid 296] <... socket resumed>) = 6 [pid 296] connect(6, {sa_family=AF_VSOCK, svm_cid=VMADDR_CID_LOCAL, svm_port=0, svm_flags=0}, 16) = 0 [pid 296] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 296] write(7, "2", 1) = 1 [pid 296] close_range(0, 6, 0 [pid 301] <... bind resumed>) = -1 EADDRINUSE (Address already in use) [pid 299] <... bind resumed>) = -1 EADDRINUSE (Address already in use) [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- [pid 301] listen(3, 10 [pid 299] listen(3, 10 [ 22.851439][ T297] RBP: 00007f3d25840138 R08: 00007ffcfa949b67 R09: 0000000000000140 [ 22.859391][ T297] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 22.867346][ T297] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 22.875312][ T297] [ 22.878931][ T297] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 22.888494][ T296] FAULT_INJECTION: forcing a failure. [ 22.888494][ T296] name failslab, interval 1, probability 0, space 0, times 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] <... listen resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... listen resumed>) = -1 EINVAL (Invalid argument) [pid 301] socket(AF_VSOCK, SOCK_STREAM, 0 [pid 299] socket(AF_VSOCK, SOCK_STREAM, 0 [pid 294] <... clone resumed>, child_tidptr=0x55556a57d650) = 303 [pid 301] <... socket resumed>) = 6 [pid 299] <... socket resumed>) = 6 [pid 301] connect(6, {sa_family=AF_VSOCK, svm_cid=VMADDR_CID_LOCAL, svm_port=0, svm_flags=0}, 16 [pid 299] connect(6, {sa_family=AF_VSOCK, svm_cid=VMADDR_CID_LOCAL, svm_port=0, svm_flags=0}, 16 [pid 301] <... connect resumed>) = 0 [pid 299] <... connect resumed>) = 0 [pid 301] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 299] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 301] <... openat resumed>) = 7 [pid 299] <... openat resumed>) = 7 [pid 301] write(7, "2", 1 [pid 299] write(7, "2", 1 [pid 301] <... write resumed>) = 1 [pid 299] <... write resumed>) = 1 [pid 301] close_range(0, 6, 0 [pid 299] close_range(0, 6, 0./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x55556a57d660, 24) = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] write(1, "executing program\n", 18executing program ) = 18 [pid 303] seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=1, filter=0x200000000100}) = 0 [pid 303] socket(AF_VSOCK, SOCK_STREAM, 0) = 3 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000140, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 22.901324][ T296] CPU: 1 PID: 296 Comm: syz-executor280 Not tainted 6.1.145-syzkaller-00002-gc750dc582629 #0 [ 22.911481][ T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 22.921536][ T296] Call Trace: [ 22.924814][ T296] [ 22.927724][ T296] __dump_stack+0x21/0x24 [ 22.932052][ T296] dump_stack_lvl+0xee/0x150 [ 22.936619][ T296] ? __cfi_dump_stack_lvl+0x8/0x8 [ 22.941622][ T296] ? ____fput+0x15/0x20 [ 22.945755][ T296] ? ptrace_notify+0x221/0x250 [ 22.950515][ T296] ? syscall_exit_work+0x84/0x140 [ 22.955520][ T296] ? syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 22.961837][ T296] ? do_syscall_64+0x58/0xa0 [ 22.966405][ T296] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 22.972458][ T296] dump_stack+0x15/0x24 [ 22.976597][ T296] should_fail_ex+0x3d4/0x520 [ 22.981267][ T296] __should_failslab+0xac/0xf0 [ 22.986004][ T296] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 22.991960][ T296] should_failslab+0x9/0x20 [ 22.996444][ T296] __kmem_cache_alloc_node+0x3d/0x2c0 [ 23.001793][ T296] ? __cfi_mutex_lock+0x10/0x10 [ 23.006618][ T296] ? delete_node+0x3dc/0xa60 [ 23.011184][ T296] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 23.017154][ T296] __kmalloc+0xa1/0x1e0 [ 23.021305][ T296] ? __cfi___bpf_trace_virtio_transport_alloc_pkt+0x10/0x10 [ 23.028568][ T296] tracepoint_probe_unregister+0x1e6/0x8b0 [ 23.034365][ T296] bpf_probe_unregister+0x61/0x70 [ 23.039375][ T296] bpf_raw_tp_link_release+0x63/0x90 [ 23.044654][ T296] bpf_link_free+0x13a/0x390 [ 23.049221][ T296] ? bpf_link_put_deferred+0x20/0x20 [ 23.054480][ T296] ? security_file_free+0xd8/0xf0 [ 23.059483][ T296] bpf_link_release+0x15f/0x170 [ 23.064306][ T296] ? __cfi_bpf_link_release+0x10/0x10 [ 23.069654][ T296] __fput+0x1fc/0x8f0 [ 23.073615][ T296] ____fput+0x15/0x20 [ 23.077570][ T296] task_work_run+0x1db/0x240 [ 23.082133][ T296] ? __cfi_task_work_run+0x10/0x10 [ 23.087219][ T296] ? fput+0x15b/0x1a0 [ 23.091175][ T296] ? filp_close+0x111/0x160 [ 23.095670][ T296] ptrace_notify+0x221/0x250 [ 23.100239][ T296] ? __cfi_ptrace_notify+0x10/0x10 [ 23.105326][ T296] ? __cfi___close_range+0x10/0x10 [ 23.110416][ T296] ? __secure_computing+0xea/0x290 [ 23.115504][ T296] syscall_exit_work+0x84/0x140 [ 23.120329][ T296] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 23.126455][ T296] syscall_exit_to_user_mode+0xd/0x30 [ 23.131805][ T296] do_syscall_64+0x58/0xa0 [ 23.136197][ T296] ? clear_bhb_loop+0x30/0x80 [ 23.140853][ T296] ? clear_bhb_loop+0x30/0x80 [ 23.145511][ T296] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 23.151378][ T296] RIP: 0033:0x7f3d257d0a19 [ 23.155768][ T296] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 23.175349][ T296] RSP: 002b:00007ffcfa949dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 23.183742][ T296] RAX: 0000000000000000 RBX: 00007ffcfa949de0 RCX: 00007f3d257d0a19 [ 23.191696][ T296] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="virtio_transport_alloc_pkt", prog_fd=4}}, 16 [pid 302] <... bpf resumed>) = 5 [pid 302] bind(3, {sa_family=AF_VSOCK, svm_cid=VMADDR_CID_LOCAL, svm_port=0, svm_flags=0}, 16) = 0 [pid 302] listen(3, 10) = 0 [pid 302] socket(AF_VSOCK, SOCK_STREAM, 0) = 6 [pid 302] connect(6, {sa_family=AF_VSOCK, svm_cid=VMADDR_CID_LOCAL, svm_port=0, svm_flags=0}, 16) = 0 [pid 302] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 302] write(7, "2", 1) = 1 [ 23.199666][ T296] RBP: 0000000000000001 R08: 00007ffcfa949b67 R09: 0000000000000140 [ 23.207614][ T296] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 23.215557][ T296] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 23.223509][ T296] [ 23.227833][ T301] FAULT_INJECTION: forcing a failure. [ 23.227833][ T301] name failslab, interval 1, probability 0, space 0, times 0 [ 23.228028][ T296] CFI failure at __traceiter_virtio_transport_alloc_pkt+0xac/0x110 (target: 0xffffc90000eb77a8; expected type: 0x7d8401ab) [ 23.244088][ T301] CPU: 0 PID: 301 Comm: syz-executor280 Not tainted 6.1.145-syzkaller-00002-gc750dc582629 #0 [ 23.253278][ T296] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 23.263311][ T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 23.269352][ T296] CPU: 1 PID: 296 Comm: syz-executor280 Not tainted 6.1.145-syzkaller-00002-gc750dc582629 #0 [ 23.279379][ T301] Call Trace: [ 23.279388][ T301] [ 23.289492][ T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 23.292753][ T301] __dump_stack+0x21/0x24 [ 23.295657][ T296] RIP: 0010:__traceiter_virtio_transport_alloc_pkt+0xac/0x110 [ 23.305688][ T301] dump_stack_lvl+0xee/0x150 [ 23.309991][ T296] Code: 8b 7e 08 8b 75 d4 8b 55 d0 8b 4d cc 44 8b 45 c8 44 8b 4d c4 8b 45 20 50 ff 75 b8 41 55 41 ba 55 fe 7b 82 45 03 54 24 fc 74 02 <0f> 0b 41 ff d4 48 83 c4 18 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80 [ 23.317408][ T301] ? __cfi_dump_stack_lvl+0x8/0x8 [ 23.321967][ T296] RSP: 0018:ffffc90000eb77a8 EFLAGS: 00010a13 [ 23.341540][ T301] ? ____fput+0x15/0x20 [ 23.346536][ T296] [ 23.346542][ T296] RAX: 0000000000000000 RBX: ffff88810f51ef10 RCX: 0000000000000001 [ 23.352574][ T301] ? ptrace_notify+0x221/0x250 [ 23.356698][ T296] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffc9000011b000 [ 23.358998][ T301] ? syscall_exit_work+0x84/0x140 [ 23.366940][ T296] RBP: ffffc90000eb7808 R08: 00000000374f51a5 R09: 0000000000000000 [ 23.371677][ T301] ? syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 23.379630][ T296] R10: 0000000027bc6561 R11: 1ffffffff0ee4a7d R12: ffffffff81711ed0 [ 23.384641][ T301] ? do_syscall_64+0x58/0xa0 [ 23.392654][ T296] R13: 0000000000000001 R14: ffff88810f51ef10 R15: dffffc0000000000 [ 23.398957][ T301] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 23.406902][ T296] FS: 000055556a57d380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 23.411465][ T301] dump_stack+0x15/0x24 [ 23.419408][ T296] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.425443][ T301] should_fail_ex+0x3d4/0x520 [ 23.434339][ T296] CR2: 000000002000ffff CR3: 000000010754f000 CR4: 00000000003506a0 [ 23.438475][ T301] __should_failslab+0xac/0xf0 [ 23.445041][ T296] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.449694][ T301] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 23.457637][ T296] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.462368][ T301] should_failslab+0x9/0x20 [ 23.470309][ T296] Call Trace: [ 23.470316][ T296] [ 23.476256][ T301] __kmem_cache_alloc_node+0x3d/0x2c0 [ 23.484204][ T296] virtio_transport_alloc_pkt+0x9ad/0xa00 [ 23.488678][ T301] ? __cfi_mutex_lock+0x10/0x10 [ 23.491940][ T296] ? __kasan_check_write+0x14/0x20 [ 23.494850][ T301] ? delete_node+0x3dc/0xa60 [ 23.500188][ T296] ? _raw_spin_lock_bh+0x8e/0xe0 [ 23.505878][ T301] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 23.510700][ T296] virtio_transport_send_pkt_info+0x2d5/0x650 [ 23.515776][ T301] __kmalloc+0xa1/0x1e0 [ 23.520337][ T296] virtio_transport_release+0x1de/0xb40 [ 23.525239][ T301] ? __cfi___bpf_trace_virtio_transport_alloc_pkt+0x10/0x10 [ 23.531184][ T296] ? _raw_spin_lock_bh+0x8e/0xe0 [ 23.537218][ T301] tracepoint_probe_unregister+0x1e6/0x8b0 [ 23.541341][ T296] ? __cfi__raw_spin_lock_bh+0x10/0x10 [ 23.546856][ T301] bpf_probe_unregister+0x61/0x70 [ 23.554103][ T296] ? __cfi_virtio_transport_release+0x10/0x10 [ 23.559011][ T301] bpf_raw_tp_link_release+0x63/0x90 [ 23.564784][ T296] ? __local_bh_enable_ip+0x58/0x80 [ 23.570209][ T301] bpf_link_free+0x13a/0x390 [ 23.575198][ T296] ? _raw_spin_unlock_bh+0x50/0x60 [ 23.581232][ T301] ? bpf_link_put_deferred+0x20/0x20 [ 23.586482][ T296] ? lock_sock_nested+0x1ec/0x280 [ 23.591646][ T301] ? security_file_free+0xd8/0xf0 [ 23.596204][ T296] ? __kasan_check_write+0x14/0x20 [ 23.601284][ T301] bpf_link_release+0x15f/0x170 [ 23.606532][ T296] ? __cfi_lock_sock_nested+0x10/0x10 [ 23.611526][ T301] ? __cfi_bpf_link_release+0x10/0x10 [ 23.616518][ T296] ? __kasan_check_write+0x14/0x20 [ 23.621595][ T301] __fput+0x1fc/0x8f0 [ 23.626412][ T296] ? _raw_spin_lock_bh+0x8e/0xe0 [ 23.631755][ T301] ____fput+0x15/0x20 [ 23.637094][ T296] ? __kasan_check_write+0x14/0x20 [ 23.642172][ T301] task_work_run+0x1db/0x240 [ 23.646123][ T296] ? _raw_spin_unlock_irqrestore+0x5a/0x80 [ 23.651030][ T301] ? __cfi_task_work_run+0x10/0x10 [ 23.654977][ T296] __vsock_release+0xad/0x510 [ 23.660056][ T301] ? fput+0x15b/0x1a0 [ 23.664615][ T296] __vsock_release+0x384/0x510 [ 23.670386][ T301] ? filp_close+0x111/0x160 [ 23.675466][ T296] vsock_release+0xb5/0x120 [ 23.680110][ T301] ptrace_notify+0x221/0x250 [ 23.684062][ T296] sock_close+0xf1/0x290 [ 23.688792][ T301] ? __cfi_ptrace_notify+0x10/0x10 [ 23.693261][ T296] ? __cfi_sock_close+0x10/0x10 [ 23.697735][ T301] ? __cfi___close_range+0x10/0x10 [ 23.702293][ T296] __fput+0x1fc/0x8f0 [ 23.706503][ T301] ? __secure_computing+0xea/0x290 [ 23.711581][ T296] ____fput+0x15/0x20 [ 23.716400][ T301] syscall_exit_work+0x84/0x140 [ 23.721478][ T296] task_work_run+0x1db/0x240 [ 23.725429][ T301] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 23.730505][ T296] ? __cfi_task_work_run+0x10/0x10 [ 23.734458][ T301] syscall_exit_to_user_mode+0xd/0x30 [ 23.739276][ T296] ? fput+0x15b/0x1a0 [ 23.743835][ T301] do_syscall_64+0x58/0xa0 [ 23.749954][ T296] ? filp_close+0x111/0x160 [ 23.755030][ T301] ? clear_bhb_loop+0x30/0x80 [ 23.760371][ T296] ptrace_notify+0x221/0x250 [ 23.764322][ T301] ? clear_bhb_loop+0x30/0x80 [ 23.768710][ T296] ? __cfi_ptrace_notify+0x10/0x10 [ 23.773183][ T301] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 23.777828][ T296] ? __cfi___close_range+0x10/0x10 [ 23.782386][ T301] RIP: 0033:0x7f3d257d0a19 [ 23.787027][ T296] ? __secure_computing+0xea/0x290 [ 23.792109][ T301] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 23.797975][ T296] syscall_exit_work+0x84/0x140 [ 23.803052][ T301] RSP: 002b:00007ffcfa949dc8 EFLAGS: 00000246 [ 23.807435][ T296] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 23.812511][ T301] ORIG_RAX: 00000000000001b4 [ 23.832088][ T296] syscall_exit_to_user_mode+0xd/0x30 [ 23.836909][ T301] RAX: 0000000000000000 RBX: 00007ffcfa949de0 RCX: 00007f3d257d0a19 [ 23.842947][ T296] do_syscall_64+0x58/0xa0 [ 23.849069][ T301] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [ 23.853711][ T296] ? clear_bhb_loop+0x30/0x80 [ 23.859050][ T301] RBP: 0000000000000001 R08: 00007ffcfa949b67 R09: 0000000000000140 [ 23.866991][ T296] ? clear_bhb_loop+0x30/0x80 [ 23.871373][ T301] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [pid 302] close_range(0, 6, 0 [pid 301] <... close_range resumed>) = 0 [pid 301] exit_group(0) = ? [pid 301] +++ exited with 0 +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [ 23.879314][ T296] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 23.883959][ T301] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 23.891900][ T296] RIP: 0033:0x7f3d257d0a19 [ 23.896549][ T301] [ 23.904489][ T296] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 23.915165][ T299] FAULT_INJECTION: forcing a failure. [ 23.915165][ T299] name failslab, interval 1, probability 0, space 0, times 0 [ 23.918287][ T296] RSP: 002b:00007ffcfa949dc8 EFLAGS: 00000246 [ 23.924702][ T299] CPU: 0 PID: 299 Comm: syz-executor280 Not tainted 6.1.145-syzkaller-00002-gc750dc582629 #0 [ 23.925677][ T296] ORIG_RAX: 00000000000001b4 [ 23.925686][ T296] RAX: 0000000000000000 RBX: 00007ffcfa949de0 RCX: 00007f3d257d0a19 [ 23.945258][ T299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 23.957807][ T296] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [ 23.963841][ T299] Call Trace: [ 23.963847][ T299] [ 23.973951][ T296] RBP: 0000000000000001 R08: 00007ffcfa949b67 R09: 0000000000000140 [ 23.978598][ T299] __dump_stack+0x21/0x24 [ 23.986536][ T296] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 23.996564][ T299] dump_stack_lvl+0xee/0x150 [ 24.004506][ T296] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 24.007763][ T299] ? __cfi_dump_stack_lvl+0x8/0x8 [ 24.010676][ T296] [ 24.018612][ T299] ? ____fput+0x15/0x20 [ 24.022910][ T296] Modules linked in: [ 24.030852][ T299] ? ptrace_notify+0x221/0x250 [ 24.036156][ T296] ---[ end trace 0000000000000000 ]--- [ 24.043354][ T299] ? syscall_exit_work+0x84/0x140 [ 24.043376][ T299] ? syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 24.043392][ T299] ? do_syscall_64+0x58/0xa0 [ 24.048389][ T296] RIP: 0010:__traceiter_virtio_transport_alloc_pkt+0xac/0x110 [ 24.051385][ T299] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 24.051404][ T299] dump_stack+0x15/0x24 [ 24.055529][ T296] Code: 8b 7e 08 8b 75 d4 8b 55 d0 8b 4d cc 44 8b 45 c8 44 8b 4d c4 8b 45 20 50 ff 75 b8 41 55 41 ba 55 fe 7b 82 45 03 54 24 fc 74 02 <0f> 0b 41 ff d4 48 83 c4 18 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80 [ 24.059390][ T299] should_fail_ex+0x3d4/0x520 [ 24.064138][ T296] RSP: 0018:ffffc90000eb77a8 EFLAGS: 00010a13 [ 24.069549][ T299] __should_failslab+0xac/0xf0 [ 24.074552][ T296] [ 24.080831][ T299] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 24.085405][ T296] RAX: 0000000000000000 RBX: ffff88810f51ef10 RCX: 0000000000000001 [ 24.092832][ T299] should_failslab+0x9/0x20 [ 24.092856][ T299] __kmem_cache_alloc_node+0x3d/0x2c0 [ 24.098894][ T296] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffc9000011b000 [ 24.103016][ T299] ? __cfi_mutex_lock+0x10/0x10 [ 24.103034][ T299] ? delete_node+0x3e6/0xa60 [ 24.122623][ T296] RBP: ffffc90000eb7808 R08: 00000000374f51a5 R09: 0000000000000000 [ 24.127263][ T299] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 24.133314][ T296] R10: 0000000027bc6561 R11: 1ffffffff0ee4a7d R12: ffffffff81711ed0 [ 24.138032][ T299] __kmalloc+0xa1/0x1e0 [ 24.140332][ T296] R13: 0000000000000001 R14: ffff88810f51ef10 R15: dffffc0000000000 [ 24.146280][ T299] ? __cfi___bpf_trace_virtio_transport_alloc_pkt+0x10/0x10 [ 24.146301][ T299] tracepoint_probe_unregister+0x1e6/0x8b0 [ 24.154268][ T296] FS: 000055556a57d380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 24.158719][ T299] bpf_probe_unregister+0x61/0x70 [ 24.164072][ T296] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.172001][ T299] bpf_raw_tp_link_release+0x63/0x90 [ 24.172020][ T299] bpf_link_free+0x13a/0x390 [ 24.176831][ T296] CR2: 000000002000ffff CR3: 000000010754f000 CR4: 00000000003506a0 [ 24.181390][ T299] ? bpf_link_put_deferred+0x20/0x20 [ 24.189346][ T296] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.195292][ T299] ? security_file_free+0xd8/0xf0 [ 24.195313][ T299] bpf_link_release+0x15f/0x170 [ 24.203266][ T296] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.207382][ T299] ? __cfi_bpf_link_release+0x10/0x10 [ 24.215354][ T296] Kernel panic - not syncing: Fatal exception [ 24.222685][ T299] __fput+0x1fc/0x8f0 [ 24.222707][ T299] ____fput+0x15/0x20 [ 24.222721][ T299] task_work_run+0x1db/0x240 [ 24.222739][ T299] ? __cfi_task_work_run+0x10/0x10 [ 24.222756][ T299] ? fput+0x15b/0x1a0 [ 24.222771][ T299] ? filp_close+0x111/0x160 [ 24.222787][ T299] ptrace_notify+0x221/0x250 [ 24.222807][ T299] ? __cfi_ptrace_notify+0x10/0x10 [ 24.222826][ T299] ? __cfi___close_range+0x10/0x10 [ 24.222846][ T299] ? __secure_computing+0xea/0x290 [ 24.222862][ T299] syscall_exit_work+0x84/0x140 [ 24.222877][ T299] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 24.222893][ T299] syscall_exit_to_user_mode+0xd/0x30 [ 24.222911][ T299] do_syscall_64+0x58/0xa0 [ 24.222930][ T299] ? clear_bhb_loop+0x30/0x80 [ 24.222946][ T299] ? clear_bhb_loop+0x30/0x80 [ 24.222962][ T299] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 24.222978][ T299] RIP: 0033:0x7f3d257d0a19 [ 24.222991][ T299] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 24.223004][ T299] RSP: 002b:00007ffcfa949dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 24.223020][ T299] RAX: 0000000000000000 RBX: 00007ffcfa949de0 RCX: 00007f3d257d0a19 [ 24.223031][ T299] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [ 24.223040][ T299] RBP: 0000000000000001 R08: 00007ffcfa949b67 R09: 0000000000000140 [ 24.223050][ T299] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 24.223059][ T299] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 24.223071][ T299] [ 24.223279][ T296] Kernel Offset: disabled [ 24.470302][ T296] Rebooting in 86400 seconds..