./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2096157788 <...> [ 86.830489][ T1222] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.150' (ED25519) to the list of known hosts. execve("./syz-executor2096157788", ["./syz-executor2096157788"], 0x7ffc37387640 /* 10 vars */) = 0 brk(NULL) = 0x555567a3d000 brk(0x555567a3dd00) = 0x555567a3dd00 arch_prctl(ARCH_SET_FS, 0x555567a3d380) = 0 set_tid_address(0x555567a3d650) = 5877 set_robust_list(0x555567a3d660, 24) = 0 rseq(0x555567a3dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2096157788", 4096) = 28 getrandom("\xe0\x43\x24\x83\x01\x96\x21\x09", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555567a3dd00 brk(0x555567a5ed00) = 0x555567a5ed00 brk(0x555567a5f000) = 0x555567a5f000 mprotect(0x7feb7559e000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached [pid 5878] set_robust_list(0x555567a3d660, 24 [pid 5877] <... clone resumed>, child_tidptr=0x555567a3d650) = 5878 [pid 5878] <... set_robust_list resumed>) = 0 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5878] setpgid(0, 0) = 0 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5878] write(3, "1000", 4) = 4 [pid 5878] close(3) = 0 [pid 5878] write(1, "executing program\n", 18executing program ) = 18 [pid 5878] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5878] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5878] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5878] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5878] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5878] write(7, "2", 1) = 1 [ 88.834719][ T5878] FAULT_INJECTION: forcing a failure. [ 88.834719][ T5878] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 88.835019][ T5878] [ 88.835026][ T5878] ====================================================== [ 88.835032][ T5878] WARNING: possible circular locking dependency detected [ 88.835050][ T5878] 6.16.0-syzkaller-g561c80369df0 #0 Not tainted [ 88.835058][ T5878] ------------------------------------------------------ [ 88.835063][ T5878] syz-executor209/5878 is trying to acquire lock: [ 88.835070][ T5878] ffffffff8e12e120 (console_owner){-...}-{0:0}, at: console_flush_all+0x13a/0xc40 [ 88.835134][ T5878] [ 88.835134][ T5878] but task is already holding lock: [ 88.835139][ T5878] ffff8880b8739718 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x809/0xfb0 [ 88.835173][ T5878] [ 88.835173][ T5878] which lock already depends on the new lock. [ 88.835173][ T5878] [ 88.835179][ T5878] [ 88.835179][ T5878] the existing dependency chain (in reverse order) is: [ 88.835184][ T5878] [ 88.835184][ T5878] -> #3 (&pool->lock){-.-.}-{2:2}: [ 88.835206][ T5878] lock_acquire+0x120/0x360 [ 88.835227][ T5878] _raw_spin_lock+0x2e/0x40 [ 88.835249][ T5878] __queue_work+0x809/0xfb0 [ 88.835263][ T5878] queue_work_on+0x181/0x270 [ 88.835277][ T5878] rpm_suspend+0xe54/0x1720 [ 88.835294][ T5878] __pm_runtime_idle+0x12f/0x1a0 [ 88.835306][ T5878] __device_attach+0x342/0x400 [ 88.835317][ T5878] bus_probe_device+0x185/0x260 [ 88.835329][ T5878] device_add+0x7b6/0xb50 [ 88.835336][ T5878] serial_base_port_add+0x2e3/0x410 [ 88.835346][ T5878] serial_core_register_port+0x369/0x27c0 [ 88.835359][ T5878] serial8250_register_8250_port+0x16db/0x2050 [ 88.835370][ T5878] serial_pnp_probe+0x527/0x790 [ 88.835381][ T5878] pnp_device_probe+0x308/0x4c0 [ 88.835393][ T5878] really_probe+0x26d/0x9e0 [ 88.835402][ T5878] __driver_probe_device+0x18c/0x2f0 [ 88.835410][ T5878] driver_probe_device+0x4f/0x430 [ 88.835420][ T5878] __driver_attach+0x452/0x700 [ 88.835428][ T5878] bus_for_each_dev+0x233/0x2b0 [ 88.835439][ T5878] bus_add_driver+0x345/0x640 [ 88.835451][ T5878] driver_register+0x23a/0x320 [ 88.835463][ T5878] serial8250_init+0x8f/0x160 [ 88.835477][ T5878] do_one_initcall+0x233/0x820 [ 88.835489][ T5878] do_initcall_level+0x104/0x190 [ 88.835499][ T5878] do_initcalls+0x59/0xa0 [ 88.835507][ T5878] kernel_init_freeable+0x334/0x4b0 [ 88.835515][ T5878] kernel_init+0x1d/0x1d0 [ 88.835523][ T5878] ret_from_fork+0x3fc/0x770 [ 88.835532][ T5878] ret_from_fork_asm+0x1a/0x30 [ 88.835544][ T5878] [ 88.835544][ T5878] -> #2 (&dev->power.lock){-.-.}-{3:3}: [ 88.835556][ T5878] lock_acquire+0x120/0x360 [ 88.835570][ T5878] _raw_spin_lock_irqsave+0xa7/0xf0 [ 88.835585][ T5878] __pm_runtime_resume+0x10f/0x180 [ 88.835597][ T5878] __uart_start+0x171/0x460 [ 88.835615][ T5878] uart_write+0xdc/0x130 [ 88.835628][ T5878] n_tty_write+0xd2c/0x1200 [ 88.835637][ T5878] file_tty_write+0x554/0xa20 [ 88.835648][ T5878] vfs_write+0x5c6/0xb30 [ 88.835659][ T5878] ksys_write+0x145/0x250 [ 88.835669][ T5878] do_syscall_64+0xfa/0x3b0 [ 88.835682][ T5878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.835691][ T5878] [ 88.835691][ T5878] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 88.835703][ T5878] lock_acquire+0x120/0x360 [ 88.835742][ T5878] _raw_spin_lock_irqsave+0xa7/0xf0 [ 88.835752][ T5878] serial8250_console_write+0x17e/0x1ba0 [ 88.835761][ T5878] console_flush_all+0x728/0xc40 [ 88.835771][ T5878] console_unlock+0xc4/0x270 [ 88.835779][ T5878] vprintk_emit+0x5b7/0x7a0 [ 88.835787][ T5878] _printk+0xcf/0x120 [ 88.835799][ T5878] register_console+0xa8b/0xf90 [ 88.835808][ T5878] univ8250_console_init+0x3a/0x70 [ 88.835819][ T5878] console_init+0x10e/0x430 [ 88.835829][ T5878] start_kernel+0x254/0x410 [ 88.835836][ T5878] x86_64_start_reservations+0x24/0x30 [ 88.835848][ T5878] x86_64_start_kernel+0x143/0x1c0 [ 88.835858][ T5878] common_startup_64+0x13e/0x147 [ 88.835870][ T5878] [ 88.835870][ T5878] -> #0 (console_owner){-...}-{0:0}: [ 88.835881][ T5878] validate_chain+0xb9b/0x2140 [ 88.835890][ T5878] __lock_acquire+0xab9/0xd20 [ 88.835901][ T5878] lock_acquire+0x120/0x360 [ 88.835913][ T5878] console_flush_all+0x6d2/0xc40 [ 88.835922][ T5878] console_unlock+0xc4/0x270 [ 88.835930][ T5878] vprintk_emit+0x5b7/0x7a0 [ 88.835938][ T5878] _printk+0xcf/0x120 [ 88.835949][ T5878] should_fail_ex+0x3f5/0x560 [ 88.835960][ T5878] strncpy_from_user+0x36/0x290 [ 88.835970][ T5878] strncpy_from_user_nofault+0x72/0x150 [ 88.835980][ T5878] bpf_probe_read_compat_str+0xe2/0x180 [ 88.835989][ T5878] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 88.836001][ T5878] bpf_trace_run1+0x27f/0x4b0 [ 88.836011][ T5878] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 88.836020][ T5878] trace_workqueue_activate_work+0x170/0x1d0 [ 88.836033][ T5878] __queue_work+0xcc2/0xfb0 [ 88.836041][ T5878] queue_work_on+0x181/0x270 [ 88.836049][ T5878] net_enable_timestamp+0x145/0x190 [ 88.836062][ T5878] sk_setsockopt+0x1adb/0x2dc0 [ 88.836075][ T5878] do_sock_setsockopt+0x11b/0x1b0 [ 88.836088][ T5878] __x64_sys_setsockopt+0x13f/0x1b0 [ 88.836100][ T5878] do_syscall_64+0xfa/0x3b0 [ 88.836112][ T5878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.836120][ T5878] [ 88.836120][ T5878] other info that might help us debug this: [ 88.836120][ T5878] [ 88.836123][ T5878] Chain exists of: [ 88.836123][ T5878] console_owner --> &dev->power.lock --> &pool->lock [ 88.836123][ T5878] [ 88.836138][ T5878] Possible unsafe locking scenario: [ 88.836138][ T5878] [ 88.836140][ T5878] CPU0 CPU1 [ 88.836143][ T5878] ---- ---- [ 88.836146][ T5878] lock(&pool->lock); [ 88.836151][ T5878] lock(&dev->power.lock); [ 88.836158][ T5878] lock(&pool->lock); [ 88.836164][ T5878] lock(console_owner); [ 88.836170][ T5878] [ 88.836170][ T5878] *** DEADLOCK *** [ 88.836170][ T5878] [ 88.836172][ T5878] 6 locks held by syz-executor209/5878: [ 88.836178][ T5878] #0: ffff888032c60258 (sk_lock-AF_TIPC){+.+.}-{0:0}, at: sk_setsockopt+0xe10/0x2dc0 [ 88.836203][ T5878] #1: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: __queue_work+0x102/0xfb0 [ 88.836224][ T5878] #2: ffff8880b8739718 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x809/0xfb0 [ 88.836245][ T5878] #3: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run1+0x181/0x4b0 [ 88.836267][ T5878] #4: ffffffff8e12e180 (console_lock){+.+.}-{0:0}, at: _printk+0xcf/0x120 [ 88.836290][ T5878] #5: ffffffff8e015a50 (console_srcu){....}-{0:0}, at: console_flush_all+0x13a/0xc40 [ 88.836312][ T5878] [ 88.836312][ T5878] stack backtrace: [ 88.836326][ T5878] CPU: 1 UID: 0 PID: 5878 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 88.836338][ T5878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 88.836349][ T5878] Call Trace: [ 88.836354][ T5878] [ 88.836358][ T5878] dump_stack_lvl+0x189/0x250 [ 88.836371][ T5878] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.836381][ T5878] ? __pfx__printk+0x10/0x10 [ 88.836394][ T5878] ? print_lock_name+0xde/0x100 [ 88.836406][ T5878] print_circular_bug+0x2ee/0x310 [ 88.836417][ T5878] check_noncircular+0x134/0x160 [ 88.836428][ T5878] validate_chain+0xb9b/0x2140 [ 88.836442][ T5878] __lock_acquire+0xab9/0xd20 [ 88.836458][ T5878] ? console_flush_all+0x13a/0xc40 [ 88.836469][ T5878] lock_acquire+0x120/0x360 [ 88.836482][ T5878] ? console_flush_all+0x13a/0xc40 [ 88.836494][ T5878] ? do_raw_spin_unlock+0x122/0x240 [ 88.836505][ T5878] ? console_flush_all+0x13a/0xc40 [ 88.836515][ T5878] console_flush_all+0x6d2/0xc40 [ 88.836525][ T5878] ? console_flush_all+0x13a/0xc40 [ 88.836536][ T5878] ? console_flush_all+0x13a/0xc40 [ 88.836547][ T5878] ? __pfx_console_flush_all+0x10/0x10 [ 88.836560][ T5878] ? is_printk_cpu_sync_owner+0x32/0x40 [ 88.836573][ T5878] console_unlock+0xc4/0x270 [ 88.836582][ T5878] ? __pfx_console_unlock+0x10/0x10 [ 88.836592][ T5878] ? is_printk_cpu_sync_owner+0x32/0x40 [ 88.836605][ T5878] vprintk_emit+0x5b7/0x7a0 [ 88.836614][ T5878] ? __pfx_vprintk_emit+0x10/0x10 [ 88.836623][ T5878] ? rcu_is_watching+0x15/0xb0 [ 88.836633][ T5878] ? lock_release+0x4b/0x3e0 [ 88.836645][ T5878] ? lock_release+0x4b/0x3e0 [ 88.836660][ T5878] _printk+0xcf/0x120 [ 88.836671][ T5878] ? __pfx____ratelimit+0x10/0x10 [ 88.836683][ T5878] ? __pfx__printk+0x10/0x10 [ 88.836698][ T5878] should_fail_ex+0x3f5/0x560 [ 88.836715][ T5878] strncpy_from_user+0x36/0x290 [ 88.836726][ T5878] strncpy_from_user_nofault+0x72/0x150 [ 88.836738][ T5878] bpf_probe_read_compat_str+0xe2/0x180 [ 88.836747][ T5878] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 88.836755][ T5878] bpf_trace_run1+0x27f/0x4b0 [ 88.836766][ T5878] ? bpf_trace_run1+0x181/0x4b0 [ 88.836778][ T5878] ? __pfx_bpf_trace_run1+0x10/0x10 [ 88.836789][ T5878] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 88.836800][ T5878] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 88.836810][ T5878] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 88.836820][ T5878] ? do_raw_spin_lock+0x121/0x290 [ 88.836831][ T5878] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 88.836846][ T5878] trace_workqueue_activate_work+0x170/0x1d0 [ 88.836860][ T5878] __queue_work+0xcc2/0xfb0 [ 88.836870][ T5878] ? __queue_work+0x102/0xfb0 [ 88.836880][ T5878] queue_work_on+0x181/0x270 [ 88.836890][ T5878] ? __pfx_queue_work_on+0x10/0x10 [ 88.836901][ T5878] ? __local_bh_enable_ip+0x12d/0x1c0 [ 88.836911][ T5878] net_enable_timestamp+0x145/0x190 [ 88.836924][ T5878] ? __pfx_net_enable_timestamp+0x10/0x10 [ 88.836937][ T5878] ? __sock_set_timestamps+0x16a/0x1b0 [ 88.836950][ T5878] sk_setsockopt+0x1adb/0x2dc0 [ 88.836963][ T5878] ? __pfx___might_resched+0x10/0x10 [ 88.836973][ T5878] ? __pfx_sk_setsockopt+0x10/0x10 [ 88.836987][ T5878] ? aa_sk_perm+0x81e/0x950 [ 88.837001][ T5878] ? __pfx_aa_sk_perm+0x10/0x10 [ 88.837013][ T5878] ? _raw_spin_unlock_irq+0x2e/0x50 [ 88.837023][ T5878] ? ptrace_notify+0x22d/0x2c0 [ 88.837032][ T5878] ? aa_sock_opt_perm+0xff/0x1b0 [ 88.837046][ T5878] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 88.837057][ T5878] do_sock_setsockopt+0x11b/0x1b0 [ 88.837071][ T5878] __x64_sys_setsockopt+0x13f/0x1b0 [ 88.837086][ T5878] do_syscall_64+0xfa/0x3b0 [ 88.837098][ T5878] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.837110][ T5878] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.837119][ T5878] ? clear_bhb_loop+0x60/0xb0 [ 88.837129][ T5878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.837138][ T5878] RIP: 0033:0x7feb755329e9 [ 88.837147][ T5878] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 88.837155][ T5878] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 88.837165][ T5878] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 88.837172][ T5878] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 88.837178][ T5878] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [ 88.837183][ T5878] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 88.837189][ T5878] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 88.837198][ T5878] [ 89.955298][ T5878] CPU: 1 UID: 0 PID: 5878 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 89.955319][ T5878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 89.955327][ T5878] Call Trace: [ 89.955335][ T5878] [ 89.955341][ T5878] dump_stack_lvl+0x189/0x250 [ 89.955362][ T5878] ? __pfx____ratelimit+0x10/0x10 [ 89.955379][ T5878] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.955394][ T5878] ? __pfx__printk+0x10/0x10 [ 89.955414][ T5878] should_fail_ex+0x414/0x560 [ 89.955432][ T5878] strncpy_from_user+0x36/0x290 [ 89.955448][ T5878] strncpy_from_user_nofault+0x72/0x150 [ 89.955465][ T5878] bpf_probe_read_compat_str+0xe2/0x180 [ 89.955480][ T5878] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 89.955491][ T5878] bpf_trace_run1+0x27f/0x4b0 [ 89.955508][ T5878] ? bpf_trace_run1+0x181/0x4b0 [ 89.955528][ T5878] ? __pfx_bpf_trace_run1+0x10/0x10 [ 89.955545][ T5878] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 89.955561][ T5878] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 89.955575][ T5878] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 89.955588][ T5878] ? do_raw_spin_lock+0x121/0x290 [ 89.955605][ T5878] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 89.955626][ T5878] trace_workqueue_activate_work+0x170/0x1d0 [ 89.955646][ T5878] __queue_work+0xcc2/0xfb0 [ 89.955659][ T5878] ? __queue_work+0x102/0xfb0 [ 89.955673][ T5878] queue_work_on+0x181/0x270 [ 89.955688][ T5878] ? __pfx_queue_work_on+0x10/0x10 [ 89.955702][ T5878] ? __local_bh_enable_ip+0x12d/0x1c0 [ 89.955716][ T5878] net_enable_timestamp+0x145/0x190 [ 89.955736][ T5878] ? __pfx_net_enable_timestamp+0x10/0x10 [ 89.955755][ T5878] ? __sock_set_timestamps+0x16a/0x1b0 [ 89.955773][ T5878] sk_setsockopt+0x1adb/0x2dc0 [ 89.955791][ T5878] ? __pfx___might_resched+0x10/0x10 [ 89.955805][ T5878] ? __pfx_sk_setsockopt+0x10/0x10 [ 89.955825][ T5878] ? aa_sk_perm+0x81e/0x950 [ 89.955844][ T5878] ? __pfx_aa_sk_perm+0x10/0x10 [ 89.955861][ T5878] ? _raw_spin_unlock_irq+0x2e/0x50 [ 89.955876][ T5878] ? ptrace_notify+0x22d/0x2c0 [ 89.955888][ T5878] ? aa_sock_opt_perm+0xff/0x1b0 [ 89.955908][ T5878] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 89.955923][ T5878] do_sock_setsockopt+0x11b/0x1b0 [ 89.955944][ T5878] __x64_sys_setsockopt+0x13f/0x1b0 [ 89.955965][ T5878] do_syscall_64+0xfa/0x3b0 [ 89.955982][ T5878] ? lockdep_hardirqs_on+0x9c/0x150 [ 89.955998][ T5878] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.956011][ T5878] ? clear_bhb_loop+0x60/0xb0 [ 89.956025][ T5878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.956038][ T5878] RIP: 0033:0x7feb755329e9 [ 89.956051][ T5878] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 89.956062][ T5878] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 89.956077][ T5878] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [pid 5878] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5878] exit_group(0) = ? [pid 5878] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 89.956087][ T5878] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 89.956095][ T5878] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [ 89.956102][ T5878] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 89.956111][ T5878] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 89.956123][ T5878] restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5880 attached , child_tidptr=0x555567a3d650) = 5880 [pid 5880] set_robust_list(0x555567a3d660, 24) = 0 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5880] setpgid(0, 0) = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5880] write(3, "1000", 4) = 4 [pid 5880] close(3) = 0 executing program [pid 5880] write(1, "executing program\n", 18) = 18 [pid 5880] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5880] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5880] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5880] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5880] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5880] write(7, "2", 1) = 1 [ 90.409838][ T5880] FAULT_INJECTION: forcing a failure. [ 90.409838][ T5880] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 90.422931][ T5880] CPU: 0 UID: 0 PID: 5880 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 90.422947][ T5880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 90.422953][ T5880] Call Trace: [ 90.422958][ T5880] [ 90.422963][ T5880] dump_stack_lvl+0x189/0x250 [ 90.422979][ T5880] ? __pfx____ratelimit+0x10/0x10 [ 90.422992][ T5880] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.423003][ T5880] ? __pfx__printk+0x10/0x10 [ 90.423015][ T5880] ? kvm_sched_clock_read+0x11/0x20 [ 90.423028][ T5880] ? arch_scale_cpu_capacity+0x18/0xb0 [ 90.423039][ T5880] should_fail_ex+0x414/0x560 [ 90.423053][ T5880] strncpy_from_user+0x36/0x290 [ 90.423064][ T5880] ? bpf_trace_run1+0x181/0x4b0 [ 90.423075][ T5880] ? rcu_is_watching+0x15/0xb0 [ 90.423086][ T5880] strncpy_from_user_nofault+0x72/0x150 [ 90.423098][ T5880] bpf_probe_read_compat_str+0xe2/0x180 [ 90.423108][ T5880] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 90.423117][ T5880] bpf_trace_run1+0x27f/0x4b0 [ 90.423128][ T5880] ? bpf_trace_run1+0x181/0x4b0 [ 90.423139][ T5880] ? __pfx_bpf_trace_run1+0x10/0x10 [ 90.423151][ T5880] ? rcu_is_watching+0x15/0xb0 [ 90.423160][ T5880] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 90.423171][ T5880] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 90.423182][ T5880] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 90.423191][ T5880] ? do_raw_spin_lock+0x121/0x290 [ 90.423203][ T5880] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 90.423218][ T5880] ? finish_task_switch+0x18b/0x950 [ 90.423231][ T5880] trace_workqueue_activate_work+0x170/0x1d0 [ 90.423246][ T5880] __queue_work+0xcc2/0xfb0 [ 90.423256][ T5880] ? __queue_work+0x102/0xfb0 [ 90.423266][ T5880] queue_work_on+0x181/0x270 [ 90.423274][ T5880] ? trace_sched_exit_tp+0x36/0x110 [ 90.423287][ T5880] ? __pfx_queue_work_on+0x10/0x10 [ 90.423297][ T5880] ? rcu_is_watching+0x15/0xb0 [ 90.423307][ T5880] net_enable_timestamp+0x145/0x190 [ 90.423321][ T5880] ? __pfx_net_enable_timestamp+0x10/0x10 [ 90.423335][ T5880] ? __sock_set_timestamps+0x16a/0x1b0 [ 90.423348][ T5880] sk_setsockopt+0x1adb/0x2dc0 [ 90.423362][ T5880] ? __pfx___might_resched+0x10/0x10 [ 90.423372][ T5880] ? __pfx_sk_setsockopt+0x10/0x10 [ 90.423385][ T5880] ? aa_sk_perm+0x81e/0x950 [ 90.423400][ T5880] ? __pfx_aa_sk_perm+0x10/0x10 [ 90.423411][ T5880] ? _raw_spin_unlock_irq+0x2e/0x50 [ 90.423423][ T5880] ? ptrace_notify+0x22d/0x2c0 [ 90.423431][ T5880] ? aa_sock_opt_perm+0xff/0x1b0 [ 90.423446][ T5880] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 90.423458][ T5880] do_sock_setsockopt+0x11b/0x1b0 [ 90.423473][ T5880] __x64_sys_setsockopt+0x13f/0x1b0 [ 90.423509][ T5880] do_syscall_64+0xfa/0x3b0 [ 90.423523][ T5880] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.423532][ T5880] ? clear_bhb_loop+0x60/0xb0 [ 90.423543][ T5880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.423552][ T5880] RIP: 0033:0x7feb755329e9 [ 90.423561][ T5880] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 90.423569][ T5880] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 90.423581][ T5880] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 90.423588][ T5880] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 90.423594][ T5880] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [pid 5880] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5880] exit_group(0) = ? [pid 5880] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5880, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5881 attached , child_tidptr=0x555567a3d650) = 5881 [pid 5881] set_robust_list(0x555567a3d660, 24) = 0 [ 90.423600][ T5880] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 90.423606][ T5880] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 90.423614][ T5880] [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5881] setpgid(0, 0) = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5881] write(3, "1000", 4) = 4 [pid 5881] close(3) = 0 executing program [pid 5881] write(1, "executing program\n", 18) = 18 [pid 5881] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5881] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5881] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5881] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5881] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5881] write(7, "2", 1) = 1 [ 90.890619][ T5881] FAULT_INJECTION: forcing a failure. [ 90.890619][ T5881] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 90.903709][ T5881] CPU: 1 UID: 0 PID: 5881 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 90.903725][ T5881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 90.903733][ T5881] Call Trace: [ 90.903738][ T5881] [ 90.903743][ T5881] dump_stack_lvl+0x189/0x250 [ 90.903759][ T5881] ? __pfx____ratelimit+0x10/0x10 [ 90.903772][ T5881] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.903783][ T5881] ? __pfx__printk+0x10/0x10 [ 90.903794][ T5881] ? kvm_sched_clock_read+0x11/0x20 [ 90.903809][ T5881] should_fail_ex+0x414/0x560 [ 90.903822][ T5881] strncpy_from_user+0x36/0x290 [ 90.903835][ T5881] ? bpf_trace_run1+0x181/0x4b0 [ 90.903847][ T5881] ? rcu_is_watching+0x15/0xb0 [ 90.903857][ T5881] strncpy_from_user_nofault+0x72/0x150 [ 90.903869][ T5881] bpf_probe_read_compat_str+0xe2/0x180 [ 90.903879][ T5881] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 90.903888][ T5881] bpf_trace_run1+0x27f/0x4b0 [ 90.903899][ T5881] ? bpf_trace_run1+0x181/0x4b0 [ 90.903910][ T5881] ? __pfx_bpf_trace_run1+0x10/0x10 [ 90.903922][ T5881] ? rcu_is_watching+0x15/0xb0 [ 90.903930][ T5881] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 90.903942][ T5881] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 90.903952][ T5881] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 90.903961][ T5881] ? do_raw_spin_lock+0x121/0x290 [ 90.903973][ T5881] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 90.903989][ T5881] trace_workqueue_activate_work+0x170/0x1d0 [ 90.904003][ T5881] __queue_work+0xcc2/0xfb0 [ 90.904013][ T5881] ? __queue_work+0x102/0xfb0 [ 90.904023][ T5881] queue_work_on+0x181/0x270 [ 90.904032][ T5881] ? trace_sched_exit_tp+0x36/0x110 [ 90.904045][ T5881] ? __pfx_queue_work_on+0x10/0x10 [ 90.904056][ T5881] ? rcu_is_watching+0x15/0xb0 [ 90.904065][ T5881] net_enable_timestamp+0x145/0x190 [ 90.904079][ T5881] ? __pfx_net_enable_timestamp+0x10/0x10 [ 90.904093][ T5881] ? __sock_set_timestamps+0x16a/0x1b0 [ 90.904106][ T5881] sk_setsockopt+0x1adb/0x2dc0 [ 90.904119][ T5881] ? __pfx___might_resched+0x10/0x10 [ 90.904130][ T5881] ? __pfx_sk_setsockopt+0x10/0x10 [ 90.904144][ T5881] ? aa_sk_perm+0x81e/0x950 [ 90.904162][ T5881] ? __pfx_aa_sk_perm+0x10/0x10 [ 90.904174][ T5881] ? _raw_spin_unlock_irq+0x2e/0x50 [ 90.904186][ T5881] ? ptrace_notify+0x22d/0x2c0 [ 90.904194][ T5881] ? aa_sock_opt_perm+0xff/0x1b0 [ 90.904209][ T5881] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 90.904220][ T5881] do_sock_setsockopt+0x11b/0x1b0 [ 90.904236][ T5881] __x64_sys_setsockopt+0x13f/0x1b0 [ 90.904251][ T5881] do_syscall_64+0xfa/0x3b0 [ 90.904264][ T5881] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.904273][ T5881] ? clear_bhb_loop+0x60/0xb0 [ 90.904284][ T5881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.904293][ T5881] RIP: 0033:0x7feb755329e9 [ 90.904302][ T5881] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 90.904310][ T5881] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 90.904322][ T5881] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 90.904329][ T5881] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 90.904335][ T5881] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [ 90.904340][ T5881] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 90.904346][ T5881] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [pid 5881] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5881] exit_group(0) = ? [pid 5881] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 90.904355][ T5881] restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5882 attached , child_tidptr=0x555567a3d650) = 5882 [pid 5882] set_robust_list(0x555567a3d660, 24) = 0 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5882] setpgid(0, 0) = 0 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5882] write(3, "1000", 4) = 4 [pid 5882] close(3) = 0 [pid 5882] write(1, "executing program\n", 18executing program ) = 18 [pid 5882] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5882] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5882] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5882] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5882] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5882] write(7, "2", 1) = 1 [ 91.349488][ T5882] FAULT_INJECTION: forcing a failure. [ 91.349488][ T5882] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 91.362649][ T5882] CPU: 1 UID: 0 PID: 5882 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 91.362665][ T5882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 91.362671][ T5882] Call Trace: [ 91.362676][ T5882] [ 91.362681][ T5882] dump_stack_lvl+0x189/0x250 [ 91.362697][ T5882] ? __pfx____ratelimit+0x10/0x10 [ 91.362711][ T5882] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.362721][ T5882] ? __pfx__printk+0x10/0x10 [ 91.362733][ T5882] ? kvm_sched_clock_read+0x11/0x20 [ 91.362746][ T5882] ? arch_scale_cpu_capacity+0x18/0xb0 [ 91.362757][ T5882] should_fail_ex+0x414/0x560 [ 91.362771][ T5882] strncpy_from_user+0x36/0x290 [ 91.362782][ T5882] ? bpf_trace_run1+0x181/0x4b0 [ 91.362793][ T5882] ? rcu_is_watching+0x15/0xb0 [ 91.362803][ T5882] strncpy_from_user_nofault+0x72/0x150 [ 91.362815][ T5882] bpf_probe_read_compat_str+0xe2/0x180 [ 91.362825][ T5882] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 91.362834][ T5882] bpf_trace_run1+0x27f/0x4b0 [ 91.362846][ T5882] ? bpf_trace_run1+0x181/0x4b0 [ 91.362857][ T5882] ? __pfx_bpf_trace_run1+0x10/0x10 [ 91.362868][ T5882] ? rcu_is_watching+0x15/0xb0 [ 91.362877][ T5882] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 91.362888][ T5882] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 91.362898][ T5882] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 91.362908][ T5882] ? do_raw_spin_lock+0x121/0x290 [ 91.362920][ T5882] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 91.362935][ T5882] trace_workqueue_activate_work+0x170/0x1d0 [ 91.362950][ T5882] __queue_work+0xcc2/0xfb0 [ 91.362960][ T5882] ? __queue_work+0x102/0xfb0 [ 91.362970][ T5882] queue_work_on+0x181/0x270 [ 91.362979][ T5882] ? trace_sched_exit_tp+0x36/0x110 [ 91.362992][ T5882] ? __pfx_queue_work_on+0x10/0x10 [ 91.363003][ T5882] ? rcu_is_watching+0x15/0xb0 [ 91.363012][ T5882] net_enable_timestamp+0x145/0x190 [ 91.363026][ T5882] ? __pfx_net_enable_timestamp+0x10/0x10 [ 91.363040][ T5882] ? __sock_set_timestamps+0x16a/0x1b0 [ 91.363053][ T5882] sk_setsockopt+0x1adb/0x2dc0 [ 91.363066][ T5882] ? __pfx___might_resched+0x10/0x10 [ 91.363076][ T5882] ? __pfx_sk_setsockopt+0x10/0x10 [ 91.363090][ T5882] ? aa_sk_perm+0x81e/0x950 [ 91.363104][ T5882] ? __pfx_aa_sk_perm+0x10/0x10 [ 91.363115][ T5882] ? _raw_spin_unlock_irq+0x2e/0x50 [ 91.363127][ T5882] ? ptrace_notify+0x22d/0x2c0 [ 91.363135][ T5882] ? aa_sock_opt_perm+0xff/0x1b0 [ 91.363149][ T5882] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 91.363160][ T5882] do_sock_setsockopt+0x11b/0x1b0 [ 91.363175][ T5882] __x64_sys_setsockopt+0x13f/0x1b0 [ 91.363190][ T5882] do_syscall_64+0xfa/0x3b0 [ 91.363204][ T5882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.363213][ T5882] ? clear_bhb_loop+0x60/0xb0 [ 91.363223][ T5882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.363233][ T5882] RIP: 0033:0x7feb755329e9 [ 91.363242][ T5882] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 91.363250][ T5882] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 91.363263][ T5882] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 91.363270][ T5882] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 91.363275][ T5882] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [ 91.363281][ T5882] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [pid 5882] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5882] exit_group(0) = ? [pid 5882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5882, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 91.363287][ T5882] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 91.363296][ T5882] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5883 attached , child_tidptr=0x555567a3d650) = 5883 [pid 5883] set_robust_list(0x555567a3d660, 24) = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] setpgid(0, 0) = 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5883] write(3, "1000", 4) = 4 [pid 5883] close(3) = 0 executing program [pid 5883] write(1, "executing program\n", 18) = 18 [pid 5883] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5883] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5883] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5883] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5883] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5883] write(7, "2", 1) = 1 [ 91.862533][ T5883] FAULT_INJECTION: forcing a failure. [ 91.862533][ T5883] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 91.875607][ T5883] CPU: 0 UID: 0 PID: 5883 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 91.875623][ T5883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 91.875629][ T5883] Call Trace: [ 91.875635][ T5883] [ 91.875639][ T5883] dump_stack_lvl+0x189/0x250 [ 91.875656][ T5883] ? __pfx____ratelimit+0x10/0x10 [ 91.875668][ T5883] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.875679][ T5883] ? __pfx__printk+0x10/0x10 [ 91.875691][ T5883] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 91.875705][ T5883] should_fail_ex+0x414/0x560 [ 91.875719][ T5883] strncpy_from_user+0x36/0x290 [ 91.875729][ T5883] ? bpf_trace_run1+0x181/0x4b0 [ 91.875740][ T5883] ? rcu_is_watching+0x15/0xb0 [ 91.875750][ T5883] strncpy_from_user_nofault+0x72/0x150 [ 91.875762][ T5883] bpf_probe_read_compat_str+0xe2/0x180 [ 91.875773][ T5883] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 91.875782][ T5883] bpf_trace_run1+0x27f/0x4b0 [ 91.875793][ T5883] ? bpf_trace_run1+0x181/0x4b0 [ 91.875804][ T5883] ? __pfx_bpf_trace_run1+0x10/0x10 [ 91.875815][ T5883] ? rcu_is_watching+0x15/0xb0 [ 91.875824][ T5883] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 91.875835][ T5883] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 91.875845][ T5883] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 91.875855][ T5883] ? do_raw_spin_lock+0x121/0x290 [ 91.875866][ T5883] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 91.875880][ T5883] ? finish_task_switch+0x18b/0x950 [ 91.875894][ T5883] trace_workqueue_activate_work+0x170/0x1d0 [ 91.875908][ T5883] __queue_work+0xcc2/0xfb0 [ 91.875918][ T5883] ? __queue_work+0x102/0xfb0 [ 91.875928][ T5883] queue_work_on+0x181/0x270 [ 91.875937][ T5883] ? trace_sched_exit_tp+0x36/0x110 [ 91.875950][ T5883] ? __pfx_queue_work_on+0x10/0x10 [ 91.875960][ T5883] ? rcu_is_watching+0x15/0xb0 [ 91.875969][ T5883] net_enable_timestamp+0x145/0x190 [ 91.875984][ T5883] ? __pfx_net_enable_timestamp+0x10/0x10 [ 91.875997][ T5883] ? __sock_set_timestamps+0x16a/0x1b0 [ 91.876011][ T5883] sk_setsockopt+0x1adb/0x2dc0 [ 91.876024][ T5883] ? __pfx___might_resched+0x10/0x10 [ 91.876034][ T5883] ? __pfx_sk_setsockopt+0x10/0x10 [ 91.876048][ T5883] ? aa_sk_perm+0x81e/0x950 [ 91.876062][ T5883] ? __pfx_aa_sk_perm+0x10/0x10 [ 91.876074][ T5883] ? _raw_spin_unlock_irq+0x2e/0x50 [ 91.876087][ T5883] ? ptrace_notify+0x22d/0x2c0 [ 91.876096][ T5883] ? aa_sock_opt_perm+0xff/0x1b0 [ 91.876111][ T5883] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 91.876122][ T5883] do_sock_setsockopt+0x11b/0x1b0 [ 91.876137][ T5883] __x64_sys_setsockopt+0x13f/0x1b0 [ 91.876152][ T5883] do_syscall_64+0xfa/0x3b0 [ 91.876167][ T5883] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.876176][ T5883] ? clear_bhb_loop+0x60/0xb0 [ 91.876186][ T5883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.876195][ T5883] RIP: 0033:0x7feb755329e9 [ 91.876204][ T5883] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 91.876212][ T5883] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 91.876224][ T5883] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 91.876231][ T5883] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 91.876237][ T5883] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [ 91.876242][ T5883] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [pid 5883] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5883] exit_group(0) = ? [pid 5883] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 91.876248][ T5883] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 91.876257][ T5883] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5884 attached , child_tidptr=0x555567a3d650) = 5884 [pid 5884] set_robust_list(0x555567a3d660, 24) = 0 [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5884] setpgid(0, 0) = 0 [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5884] write(3, "1000", 4) = 4 [pid 5884] close(3) = 0 executing program [pid 5884] write(1, "executing program\n", 18) = 18 [pid 5884] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5884] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5884] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5884] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5884] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5884] write(7, "2", 1) = 1 [ 92.344838][ T5884] FAULT_INJECTION: forcing a failure. [ 92.344838][ T5884] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 92.357963][ T5884] CPU: 1 UID: 0 PID: 5884 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 92.357980][ T5884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 92.357986][ T5884] Call Trace: [ 92.357992][ T5884] [ 92.357998][ T5884] dump_stack_lvl+0x189/0x250 [ 92.358014][ T5884] ? __pfx____ratelimit+0x10/0x10 [ 92.358081][ T5884] ? __pfx_dump_stack_lvl+0x10/0x10 [ 92.358092][ T5884] ? __pfx__printk+0x10/0x10 [ 92.358104][ T5884] ? kvm_sched_clock_read+0x11/0x20 [ 92.358118][ T5884] should_fail_ex+0x414/0x560 [ 92.358131][ T5884] strncpy_from_user+0x36/0x290 [ 92.358142][ T5884] ? bpf_trace_run1+0x181/0x4b0 [ 92.358153][ T5884] ? rcu_is_watching+0x15/0xb0 [ 92.358163][ T5884] strncpy_from_user_nofault+0x72/0x150 [ 92.358176][ T5884] bpf_probe_read_compat_str+0xe2/0x180 [ 92.358186][ T5884] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 92.358195][ T5884] bpf_trace_run1+0x27f/0x4b0 [ 92.358206][ T5884] ? bpf_trace_run1+0x181/0x4b0 [ 92.358217][ T5884] ? __pfx_bpf_trace_run1+0x10/0x10 [ 92.358229][ T5884] ? rcu_is_watching+0x15/0xb0 [ 92.358238][ T5884] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 92.358250][ T5884] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 92.358260][ T5884] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 92.358269][ T5884] ? do_raw_spin_lock+0x121/0x290 [ 92.358286][ T5884] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 92.358302][ T5884] ? finish_task_switch+0x18b/0x950 [ 92.358315][ T5884] trace_workqueue_activate_work+0x170/0x1d0 [ 92.358330][ T5884] __queue_work+0xcc2/0xfb0 [ 92.358340][ T5884] ? __queue_work+0x102/0xfb0 [ 92.358350][ T5884] queue_work_on+0x181/0x270 [ 92.358360][ T5884] ? trace_sched_exit_tp+0x36/0x110 [ 92.358373][ T5884] ? __pfx_queue_work_on+0x10/0x10 [ 92.358383][ T5884] ? rcu_is_watching+0x15/0xb0 [ 92.358393][ T5884] net_enable_timestamp+0x145/0x190 [ 92.358408][ T5884] ? __pfx_net_enable_timestamp+0x10/0x10 [ 92.358421][ T5884] ? __sock_set_timestamps+0x16a/0x1b0 [ 92.358438][ T5884] sk_setsockopt+0x1adb/0x2dc0 [ 92.358452][ T5884] ? __pfx___might_resched+0x10/0x10 [ 92.358462][ T5884] ? __pfx_sk_setsockopt+0x10/0x10 [ 92.358476][ T5884] ? aa_sk_perm+0x81e/0x950 [ 92.358489][ T5884] ? __pfx_aa_sk_perm+0x10/0x10 [ 92.358501][ T5884] ? _raw_spin_unlock_irq+0x2e/0x50 [ 92.358513][ T5884] ? ptrace_notify+0x22d/0x2c0 [ 92.358521][ T5884] ? aa_sock_opt_perm+0xff/0x1b0 [ 92.358536][ T5884] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 92.358547][ T5884] do_sock_setsockopt+0x11b/0x1b0 [ 92.358563][ T5884] __x64_sys_setsockopt+0x13f/0x1b0 [ 92.358578][ T5884] do_syscall_64+0xfa/0x3b0 [ 92.358591][ T5884] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.358601][ T5884] ? clear_bhb_loop+0x60/0xb0 [ 92.358611][ T5884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.358620][ T5884] RIP: 0033:0x7feb755329e9 [ 92.358630][ T5884] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 92.358638][ T5884] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 92.358650][ T5884] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 92.358657][ T5884] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 92.358665][ T5884] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [ 92.358675][ T5884] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [pid 5884] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5884] exit_group(0) = ? [pid 5884] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5884, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5885 attached , child_tidptr=0x555567a3d650) = 5885 [pid 5885] set_robust_list(0x555567a3d660, 24) = 0 [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 92.358683][ T5884] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 92.358698][ T5884] [pid 5885] setpgid(0, 0) = 0 [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5885] write(3, "1000", 4) = 4 [pid 5885] close(3) = 0 [pid 5885] write(1, "executing program\n", 18executing program ) = 18 [pid 5885] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5885] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5885] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5885] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5885] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5885] write(7, "2", 1) = 1 [ 92.838896][ T5885] FAULT_INJECTION: forcing a failure. [ 92.838896][ T5885] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 92.851975][ T5885] CPU: 0 UID: 0 PID: 5885 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 92.851992][ T5885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 92.851999][ T5885] Call Trace: [ 92.852014][ T5885] [ 92.852019][ T5885] dump_stack_lvl+0x189/0x250 [ 92.852035][ T5885] ? __pfx____ratelimit+0x10/0x10 [ 92.852049][ T5885] ? __pfx_dump_stack_lvl+0x10/0x10 [ 92.852059][ T5885] ? __pfx__printk+0x10/0x10 [ 92.852071][ T5885] ? kvm_sched_clock_read+0x11/0x20 [ 92.852084][ T5885] ? arch_scale_cpu_capacity+0x18/0xb0 [ 92.852095][ T5885] should_fail_ex+0x414/0x560 [ 92.852108][ T5885] strncpy_from_user+0x36/0x290 [ 92.852119][ T5885] ? bpf_trace_run1+0x181/0x4b0 [ 92.852131][ T5885] ? rcu_is_watching+0x15/0xb0 [ 92.852140][ T5885] strncpy_from_user_nofault+0x72/0x150 [ 92.852153][ T5885] bpf_probe_read_compat_str+0xe2/0x180 [ 92.852163][ T5885] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 92.852172][ T5885] bpf_trace_run1+0x27f/0x4b0 [ 92.852183][ T5885] ? lock_acquire+0x5f/0x360 [ 92.852195][ T5885] ? bpf_trace_run1+0x181/0x4b0 [ 92.852206][ T5885] ? __pfx_bpf_trace_run1+0x10/0x10 [ 92.852218][ T5885] ? rcu_is_watching+0x15/0xb0 [ 92.852227][ T5885] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 92.852238][ T5885] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 92.852248][ T5885] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 92.852259][ T5885] ? do_raw_spin_lock+0x121/0x290 [ 92.852271][ T5885] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 92.852285][ T5885] ? finish_task_switch+0x18b/0x950 [ 92.852300][ T5885] trace_workqueue_activate_work+0x170/0x1d0 [ 92.852314][ T5885] __queue_work+0xcc2/0xfb0 [ 92.852324][ T5885] ? __queue_work+0x102/0xfb0 [ 92.852334][ T5885] queue_work_on+0x181/0x270 [ 92.852343][ T5885] ? trace_sched_exit_tp+0x36/0x110 [ 92.852355][ T5885] ? __pfx_queue_work_on+0x10/0x10 [ 92.852366][ T5885] ? rcu_is_watching+0x15/0xb0 [ 92.852375][ T5885] net_enable_timestamp+0x145/0x190 [ 92.852390][ T5885] ? __pfx_net_enable_timestamp+0x10/0x10 [ 92.852404][ T5885] ? __sock_set_timestamps+0x16a/0x1b0 [ 92.852417][ T5885] sk_setsockopt+0x1adb/0x2dc0 [ 92.852430][ T5885] ? __pfx___might_resched+0x10/0x10 [ 92.852439][ T5885] ? __pfx_sk_setsockopt+0x10/0x10 [ 92.852453][ T5885] ? aa_sk_perm+0x81e/0x950 [ 92.852467][ T5885] ? __pfx_aa_sk_perm+0x10/0x10 [ 92.852479][ T5885] ? _raw_spin_unlock_irq+0x2e/0x50 [ 92.852492][ T5885] ? ptrace_notify+0x22d/0x2c0 [ 92.852501][ T5885] ? aa_sock_opt_perm+0xff/0x1b0 [ 92.852516][ T5885] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 92.852527][ T5885] do_sock_setsockopt+0x11b/0x1b0 [ 92.852542][ T5885] __x64_sys_setsockopt+0x13f/0x1b0 [ 92.852557][ T5885] do_syscall_64+0xfa/0x3b0 [ 92.852570][ T5885] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.852579][ T5885] ? clear_bhb_loop+0x60/0xb0 [ 92.852590][ T5885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.852599][ T5885] RIP: 0033:0x7feb755329e9 [ 92.852608][ T5885] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 92.852616][ T5885] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 92.852628][ T5885] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 92.852635][ T5885] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 92.852641][ T5885] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [pid 5885] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5885] exit_group(0) = ? [pid 5885] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5885, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5886 attached , child_tidptr=0x555567a3d650) = 5886 [ 92.852646][ T5885] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 92.852652][ T5885] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 92.852661][ T5885] [pid 5886] set_robust_list(0x555567a3d660, 24) = 0 [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5886] setpgid(0, 0) = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5886] write(3, "1000", 4) = 4 [pid 5886] close(3) = 0 [pid 5886] write(1, "executing program\n", 18executing program ) = 18 [pid 5886] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5886] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5886] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5886] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5886] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5886] write(7, "2", 1) = 1 [ 93.301588][ T5886] FAULT_INJECTION: forcing a failure. [ 93.301588][ T5886] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 93.314914][ T5886] CPU: 0 UID: 0 PID: 5886 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 93.314937][ T5886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 93.314943][ T5886] Call Trace: [ 93.314949][ T5886] [ 93.314954][ T5886] dump_stack_lvl+0x189/0x250 [ 93.314970][ T5886] ? __pfx____ratelimit+0x10/0x10 [ 93.314983][ T5886] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.314993][ T5886] ? __pfx__printk+0x10/0x10 [ 93.315005][ T5886] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 93.315020][ T5886] should_fail_ex+0x414/0x560 [ 93.315033][ T5886] strncpy_from_user+0x36/0x290 [ 93.315043][ T5886] ? bpf_trace_run1+0x181/0x4b0 [ 93.315055][ T5886] ? rcu_is_watching+0x15/0xb0 [ 93.315065][ T5886] strncpy_from_user_nofault+0x72/0x150 [ 93.315077][ T5886] bpf_probe_read_compat_str+0xe2/0x180 [ 93.315087][ T5886] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 93.315096][ T5886] bpf_trace_run1+0x27f/0x4b0 [ 93.315107][ T5886] ? bpf_trace_run1+0x181/0x4b0 [ 93.315118][ T5886] ? __pfx_bpf_trace_run1+0x10/0x10 [ 93.315130][ T5886] ? rcu_is_watching+0x15/0xb0 [ 93.315139][ T5886] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 93.315150][ T5886] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 93.315161][ T5886] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 93.315170][ T5886] ? do_raw_spin_lock+0x121/0x290 [ 93.315182][ T5886] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 93.315196][ T5886] ? finish_task_switch+0x18b/0x950 [ 93.315209][ T5886] trace_workqueue_activate_work+0x170/0x1d0 [ 93.315223][ T5886] __queue_work+0xcc2/0xfb0 [ 93.315233][ T5886] ? __queue_work+0x102/0xfb0 [ 93.315243][ T5886] queue_work_on+0x181/0x270 [ 93.315252][ T5886] ? trace_sched_exit_tp+0x36/0x110 [ 93.315265][ T5886] ? __pfx_queue_work_on+0x10/0x10 [ 93.315275][ T5886] ? rcu_is_watching+0x15/0xb0 [ 93.315289][ T5886] net_enable_timestamp+0x145/0x190 [ 93.315304][ T5886] ? __pfx_net_enable_timestamp+0x10/0x10 [ 93.315318][ T5886] ? __sock_set_timestamps+0x16a/0x1b0 [ 93.315332][ T5886] sk_setsockopt+0x1adb/0x2dc0 [ 93.315345][ T5886] ? __pfx___might_resched+0x10/0x10 [ 93.315355][ T5886] ? __pfx_sk_setsockopt+0x10/0x10 [ 93.315368][ T5886] ? aa_sk_perm+0x81e/0x950 [ 93.315383][ T5886] ? __pfx_aa_sk_perm+0x10/0x10 [ 93.315395][ T5886] ? _raw_spin_unlock_irq+0x2e/0x50 [ 93.315406][ T5886] ? ptrace_notify+0x22d/0x2c0 [ 93.315414][ T5886] ? aa_sock_opt_perm+0xff/0x1b0 [ 93.315430][ T5886] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 93.315441][ T5886] do_sock_setsockopt+0x11b/0x1b0 [ 93.315456][ T5886] __x64_sys_setsockopt+0x13f/0x1b0 [ 93.315471][ T5886] do_syscall_64+0xfa/0x3b0 [ 93.315485][ T5886] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.315494][ T5886] ? clear_bhb_loop+0x60/0xb0 [ 93.315504][ T5886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.315514][ T5886] RIP: 0033:0x7feb755329e9 [ 93.315524][ T5886] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 93.315532][ T5886] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 93.315544][ T5886] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 93.315551][ T5886] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 93.315557][ T5886] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [ 93.315562][ T5886] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [pid 5886] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5886] exit_group(0) = ? [pid 5886] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5886, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5888 attached , child_tidptr=0x555567a3d650) = 5888 [pid 5888] set_robust_list(0x555567a3d660, 24) = 0 [pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5888] setpgid(0, 0) = 0 [pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5888] write(3, "1000", 4) = 4 [pid 5888] close(3) = 0 [pid 5888] write(1, "executing program\n", 18executing program ) = 18 [pid 5888] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [ 93.315568][ T5886] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 93.315577][ T5886] [pid 5888] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5888] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5888] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5888] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5888] write(7, "2", 1) = 1 [ 93.717871][ T5888] FAULT_INJECTION: forcing a failure. [ 93.717871][ T5888] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 93.730943][ T5888] CPU: 1 UID: 0 PID: 5888 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 93.730959][ T5888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 93.730965][ T5888] Call Trace: [ 93.730970][ T5888] [ 93.730975][ T5888] dump_stack_lvl+0x189/0x250 [ 93.730992][ T5888] ? __pfx____ratelimit+0x10/0x10 [ 93.731005][ T5888] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.731015][ T5888] ? __pfx__printk+0x10/0x10 [ 93.731027][ T5888] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 93.731042][ T5888] should_fail_ex+0x414/0x560 [ 93.731055][ T5888] strncpy_from_user+0x36/0x290 [ 93.731065][ T5888] ? bpf_trace_run1+0x181/0x4b0 [ 93.731076][ T5888] ? rcu_is_watching+0x15/0xb0 [ 93.731086][ T5888] strncpy_from_user_nofault+0x72/0x150 [ 93.731098][ T5888] bpf_probe_read_compat_str+0xe2/0x180 [ 93.731108][ T5888] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 93.731117][ T5888] bpf_trace_run1+0x27f/0x4b0 [ 93.731128][ T5888] ? bpf_trace_run1+0x181/0x4b0 [ 93.731140][ T5888] ? __pfx_bpf_trace_run1+0x10/0x10 [ 93.731151][ T5888] ? rcu_is_watching+0x15/0xb0 [ 93.731160][ T5888] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 93.731173][ T5888] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 93.731184][ T5888] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 93.731193][ T5888] ? do_raw_spin_lock+0x121/0x290 [ 93.731205][ T5888] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 93.731219][ T5888] ? finish_task_switch+0x18b/0x950 [ 93.731232][ T5888] trace_workqueue_activate_work+0x170/0x1d0 [ 93.731246][ T5888] __queue_work+0xcc2/0xfb0 [ 93.731256][ T5888] ? __queue_work+0x102/0xfb0 [ 93.731266][ T5888] queue_work_on+0x181/0x270 [ 93.731275][ T5888] ? trace_sched_exit_tp+0x36/0x110 [ 93.731288][ T5888] ? __pfx_queue_work_on+0x10/0x10 [ 93.731298][ T5888] ? rcu_is_watching+0x15/0xb0 [ 93.731307][ T5888] net_enable_timestamp+0x145/0x190 [ 93.731322][ T5888] ? __pfx_net_enable_timestamp+0x10/0x10 [ 93.731335][ T5888] ? __sock_set_timestamps+0x16a/0x1b0 [ 93.731349][ T5888] sk_setsockopt+0x1adb/0x2dc0 [ 93.731362][ T5888] ? __pfx___might_resched+0x10/0x10 [ 93.731371][ T5888] ? __pfx_sk_setsockopt+0x10/0x10 [ 93.731385][ T5888] ? aa_sk_perm+0x81e/0x950 [ 93.731399][ T5888] ? __pfx_aa_sk_perm+0x10/0x10 [ 93.731411][ T5888] ? _raw_spin_unlock_irq+0x2e/0x50 [ 93.731422][ T5888] ? ptrace_notify+0x22d/0x2c0 [ 93.731430][ T5888] ? aa_sock_opt_perm+0xff/0x1b0 [ 93.731445][ T5888] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 93.731456][ T5888] do_sock_setsockopt+0x11b/0x1b0 [ 93.731472][ T5888] __x64_sys_setsockopt+0x13f/0x1b0 [ 93.731487][ T5888] do_syscall_64+0xfa/0x3b0 [ 93.731500][ T5888] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.731509][ T5888] ? clear_bhb_loop+0x60/0xb0 [ 93.731520][ T5888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.731529][ T5888] RIP: 0033:0x7feb755329e9 [ 93.731538][ T5888] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 93.731546][ T5888] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 93.731562][ T5888] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 93.731571][ T5888] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 93.731577][ T5888] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [ 93.731582][ T5888] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [pid 5888] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5888] exit_group(0) = ? [pid 5888] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5888, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5889 attached , child_tidptr=0x555567a3d650) = 5889 [pid 5889] set_robust_list(0x555567a3d660, 24) = 0 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5889] setpgid(0, 0) = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5889] write(3, "1000", 4) = 4 [pid 5889] close(3) = 0 executing program [pid 5889] write(1, "executing program\n", 18) = 18 [pid 5889] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5889] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5889] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5889] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [ 93.731588][ T5888] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 93.731597][ T5888] [pid 5889] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5889] write(7, "2", 1) = 1 [ 94.139181][ T5889] FAULT_INJECTION: forcing a failure. [ 94.139181][ T5889] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 94.152267][ T5889] CPU: 1 UID: 0 PID: 5889 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 94.152283][ T5889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 94.152290][ T5889] Call Trace: [ 94.152296][ T5889] [ 94.152302][ T5889] dump_stack_lvl+0x189/0x250 [ 94.152318][ T5889] ? __pfx____ratelimit+0x10/0x10 [ 94.152331][ T5889] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.152341][ T5889] ? __pfx__printk+0x10/0x10 [ 94.152353][ T5889] ? kvm_sched_clock_read+0x11/0x20 [ 94.152367][ T5889] ? arch_scale_cpu_capacity+0x18/0xb0 [ 94.152378][ T5889] should_fail_ex+0x414/0x560 [ 94.152391][ T5889] strncpy_from_user+0x36/0x290 [ 94.152402][ T5889] ? bpf_trace_run1+0x181/0x4b0 [ 94.152413][ T5889] ? rcu_is_watching+0x15/0xb0 [ 94.152423][ T5889] strncpy_from_user_nofault+0x72/0x150 [ 94.152435][ T5889] bpf_probe_read_compat_str+0xe2/0x180 [ 94.152445][ T5889] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 94.152454][ T5889] bpf_trace_run1+0x27f/0x4b0 [ 94.152465][ T5889] ? bpf_trace_run1+0x181/0x4b0 [ 94.152476][ T5889] ? __pfx_bpf_trace_run1+0x10/0x10 [ 94.152488][ T5889] ? rcu_is_watching+0x15/0xb0 [ 94.152496][ T5889] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 94.152508][ T5889] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 94.152518][ T5889] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 94.152527][ T5889] ? do_raw_spin_lock+0x121/0x290 [ 94.152540][ T5889] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 94.152555][ T5889] trace_workqueue_activate_work+0x170/0x1d0 [ 94.152570][ T5889] __queue_work+0xcc2/0xfb0 [ 94.152580][ T5889] ? __queue_work+0x102/0xfb0 [ 94.152590][ T5889] queue_work_on+0x181/0x270 [ 94.152599][ T5889] ? trace_sched_exit_tp+0x36/0x110 [ 94.152613][ T5889] ? __pfx_queue_work_on+0x10/0x10 [ 94.152623][ T5889] ? rcu_is_watching+0x15/0xb0 [ 94.152632][ T5889] net_enable_timestamp+0x145/0x190 [ 94.152647][ T5889] ? __pfx_net_enable_timestamp+0x10/0x10 [ 94.152661][ T5889] ? __sock_set_timestamps+0x16a/0x1b0 [ 94.152675][ T5889] sk_setsockopt+0x1adb/0x2dc0 [ 94.152688][ T5889] ? __pfx___might_resched+0x10/0x10 [ 94.152706][ T5889] ? __pfx_sk_setsockopt+0x10/0x10 [ 94.152720][ T5889] ? aa_sk_perm+0x81e/0x950 [ 94.152735][ T5889] ? __pfx_aa_sk_perm+0x10/0x10 [ 94.152746][ T5889] ? _raw_spin_unlock_irq+0x2e/0x50 [ 94.152758][ T5889] ? ptrace_notify+0x22d/0x2c0 [ 94.152766][ T5889] ? aa_sock_opt_perm+0xff/0x1b0 [ 94.152781][ T5889] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 94.152793][ T5889] do_sock_setsockopt+0x11b/0x1b0 [ 94.152808][ T5889] __x64_sys_setsockopt+0x13f/0x1b0 [ 94.152823][ T5889] do_syscall_64+0xfa/0x3b0 [ 94.152896][ T5889] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.152905][ T5889] ? clear_bhb_loop+0x60/0xb0 [ 94.152915][ T5889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.152925][ T5889] RIP: 0033:0x7feb755329e9 [ 94.152935][ T5889] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 94.152943][ T5889] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 94.152956][ T5889] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 94.152963][ T5889] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 94.152968][ T5889] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [ 94.152974][ T5889] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [pid 5889] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5889] exit_group(0) = ? [pid 5889] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5889, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5890 attached , child_tidptr=0x555567a3d650) = 5890 [ 94.152980][ T5889] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 94.152989][ T5889] [pid 5890] set_robust_list(0x555567a3d660, 24) = 0 [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5890] setpgid(0, 0) = 0 [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5890] write(3, "1000", 4) = 4 [pid 5890] close(3) = 0 [pid 5890] write(1, "executing program\n", 18executing program ) = 18 [pid 5890] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5890] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5890] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5890] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5890] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5890] write(7, "2", 1) = 1 [ 94.631713][ T5890] FAULT_INJECTION: forcing a failure. [ 94.631713][ T5890] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 94.644780][ T5890] CPU: 1 UID: 0 PID: 5890 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 94.644797][ T5890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 94.644803][ T5890] Call Trace: [ 94.644807][ T5890] [ 94.644812][ T5890] dump_stack_lvl+0x189/0x250 [ 94.644830][ T5890] ? __pfx____ratelimit+0x10/0x10 [ 94.644843][ T5890] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.644854][ T5890] ? __pfx__printk+0x10/0x10 [ 94.644865][ T5890] ? kvm_sched_clock_read+0x11/0x20 [ 94.644879][ T5890] ? arch_scale_cpu_capacity+0x18/0xb0 [ 94.644890][ T5890] should_fail_ex+0x414/0x560 [ 94.644903][ T5890] strncpy_from_user+0x36/0x290 [ 94.644914][ T5890] ? bpf_trace_run1+0x181/0x4b0 [ 94.644926][ T5890] ? rcu_is_watching+0x15/0xb0 [ 94.644936][ T5890] strncpy_from_user_nofault+0x72/0x150 [ 94.644949][ T5890] bpf_probe_read_compat_str+0xe2/0x180 [ 94.644959][ T5890] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 94.644968][ T5890] bpf_trace_run1+0x27f/0x4b0 [ 94.644978][ T5890] ? lock_acquire+0x5f/0x360 [ 94.644991][ T5890] ? bpf_trace_run1+0x181/0x4b0 [ 94.645002][ T5890] ? __pfx_bpf_trace_run1+0x10/0x10 [ 94.645014][ T5890] ? rcu_is_watching+0x15/0xb0 [ 94.645023][ T5890] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 94.645034][ T5890] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 94.645044][ T5890] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 94.645053][ T5890] ? do_raw_spin_lock+0x121/0x290 [ 94.645065][ T5890] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 94.645086][ T5890] trace_workqueue_activate_work+0x170/0x1d0 [ 94.645100][ T5890] __queue_work+0xcc2/0xfb0 [ 94.645110][ T5890] ? __queue_work+0x102/0xfb0 [ 94.645120][ T5890] queue_work_on+0x181/0x270 [ 94.645129][ T5890] ? trace_sched_exit_tp+0x36/0x110 [ 94.645141][ T5890] ? __pfx_queue_work_on+0x10/0x10 [ 94.645152][ T5890] ? rcu_is_watching+0x15/0xb0 [ 94.645161][ T5890] net_enable_timestamp+0x145/0x190 [ 94.645176][ T5890] ? __pfx_net_enable_timestamp+0x10/0x10 [ 94.645190][ T5890] ? __sock_set_timestamps+0x16a/0x1b0 [ 94.645203][ T5890] sk_setsockopt+0x1adb/0x2dc0 [ 94.645216][ T5890] ? __pfx___might_resched+0x10/0x10 [ 94.645226][ T5890] ? __pfx_sk_setsockopt+0x10/0x10 [ 94.645240][ T5890] ? aa_sk_perm+0x81e/0x950 [ 94.645254][ T5890] ? __pfx_aa_sk_perm+0x10/0x10 [ 94.645266][ T5890] ? _raw_spin_unlock_irq+0x2e/0x50 [ 94.645277][ T5890] ? ptrace_notify+0x22d/0x2c0 [ 94.645286][ T5890] ? aa_sock_opt_perm+0xff/0x1b0 [ 94.645300][ T5890] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 94.645311][ T5890] do_sock_setsockopt+0x11b/0x1b0 [ 94.645327][ T5890] __x64_sys_setsockopt+0x13f/0x1b0 [ 94.645341][ T5890] do_syscall_64+0xfa/0x3b0 [ 94.645355][ T5890] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.645364][ T5890] ? clear_bhb_loop+0x60/0xb0 [ 94.645374][ T5890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.645383][ T5890] RIP: 0033:0x7feb755329e9 [ 94.645393][ T5890] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 94.645401][ T5890] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 94.645413][ T5890] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 94.645420][ T5890] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 94.645425][ T5890] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [pid 5890] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5890] exit_group(0) = ? [pid 5890] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5890, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5891 attached , child_tidptr=0x555567a3d650) = 5891 [pid 5891] set_robust_list(0x555567a3d660, 24) = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5891] setpgid(0, 0) = 0 [ 94.645431][ T5890] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 94.645437][ T5890] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 94.645446][ T5890] [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5891] write(3, "1000", 4) = 4 [pid 5891] close(3) = 0 executing program [pid 5891] write(1, "executing program\n", 18) = 18 [pid 5891] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5891] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5891] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5891] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5891] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5891] write(7, "2", 1) = 1 [ 95.107289][ T5891] FAULT_INJECTION: forcing a failure. [ 95.107289][ T5891] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 95.120456][ T5891] CPU: 0 UID: 0 PID: 5891 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 95.120473][ T5891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 95.120479][ T5891] Call Trace: [ 95.120483][ T5891] [ 95.120489][ T5891] dump_stack_lvl+0x189/0x250 [ 95.120505][ T5891] ? __pfx____ratelimit+0x10/0x10 [ 95.120519][ T5891] ? __pfx_dump_stack_lvl+0x10/0x10 [ 95.120530][ T5891] ? __pfx__printk+0x10/0x10 [ 95.120541][ T5891] ? kvm_sched_clock_read+0x11/0x20 [ 95.120555][ T5891] ? arch_scale_cpu_capacity+0x18/0xb0 [ 95.120566][ T5891] should_fail_ex+0x414/0x560 [ 95.120579][ T5891] strncpy_from_user+0x36/0x290 [ 95.120590][ T5891] ? bpf_trace_run1+0x181/0x4b0 [ 95.120601][ T5891] ? rcu_is_watching+0x15/0xb0 [ 95.120611][ T5891] strncpy_from_user_nofault+0x72/0x150 [ 95.120623][ T5891] bpf_probe_read_compat_str+0xe2/0x180 [ 95.120634][ T5891] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 95.120642][ T5891] bpf_trace_run1+0x27f/0x4b0 [ 95.120654][ T5891] ? bpf_trace_run1+0x181/0x4b0 [ 95.120665][ T5891] ? __pfx_bpf_trace_run1+0x10/0x10 [ 95.120676][ T5891] ? rcu_is_watching+0x15/0xb0 [ 95.120685][ T5891] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 95.120696][ T5891] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 95.120707][ T5891] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 95.120716][ T5891] ? do_raw_spin_lock+0x121/0x290 [ 95.120728][ T5891] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 95.120743][ T5891] trace_workqueue_activate_work+0x170/0x1d0 [ 95.120758][ T5891] __queue_work+0xcc2/0xfb0 [ 95.120768][ T5891] ? __queue_work+0x102/0xfb0 [ 95.120778][ T5891] queue_work_on+0x181/0x270 [ 95.120787][ T5891] ? trace_sched_exit_tp+0x36/0x110 [ 95.120800][ T5891] ? __pfx_queue_work_on+0x10/0x10 [ 95.120827][ T5891] ? rcu_is_watching+0x15/0xb0 [ 95.120837][ T5891] net_enable_timestamp+0x145/0x190 [ 95.120851][ T5891] ? __pfx_net_enable_timestamp+0x10/0x10 [ 95.120864][ T5891] ? __sock_set_timestamps+0x16a/0x1b0 [ 95.120878][ T5891] sk_setsockopt+0x1adb/0x2dc0 [ 95.120891][ T5891] ? __pfx___might_resched+0x10/0x10 [ 95.120901][ T5891] ? __pfx_sk_setsockopt+0x10/0x10 [ 95.120915][ T5891] ? aa_sk_perm+0x81e/0x950 [ 95.120929][ T5891] ? __pfx_aa_sk_perm+0x10/0x10 [ 95.120941][ T5891] ? _raw_spin_unlock_irq+0x2e/0x50 [ 95.120952][ T5891] ? ptrace_notify+0x22d/0x2c0 [ 95.120961][ T5891] ? aa_sock_opt_perm+0xff/0x1b0 [ 95.120975][ T5891] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 95.120986][ T5891] do_sock_setsockopt+0x11b/0x1b0 [ 95.121002][ T5891] __x64_sys_setsockopt+0x13f/0x1b0 [ 95.121016][ T5891] do_syscall_64+0xfa/0x3b0 [ 95.121030][ T5891] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.121039][ T5891] ? clear_bhb_loop+0x60/0xb0 [ 95.121049][ T5891] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.121059][ T5891] RIP: 0033:0x7feb755329e9 [ 95.121068][ T5891] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 95.121076][ T5891] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 95.121089][ T5891] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 95.121096][ T5891] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 95.121102][ T5891] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [ 95.121107][ T5891] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [pid 5891] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5891] exit_group(0) = ? [pid 5891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 95.121113][ T5891] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 95.121122][ T5891] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5892 attached , child_tidptr=0x555567a3d650) = 5892 [pid 5892] set_robust_list(0x555567a3d660, 24) = 0 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5892] setpgid(0, 0) = 0 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5892] write(3, "1000", 4) = 4 [pid 5892] close(3) = 0 executing program [pid 5892] write(1, "executing program\n", 18) = 18 [pid 5892] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5892] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5892] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5892] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5892] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5892] write(7, "2", 1) = 1 [ 95.592361][ T5892] FAULT_INJECTION: forcing a failure. [ 95.592361][ T5892] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 95.605477][ T5892] CPU: 1 UID: 0 PID: 5892 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 95.605494][ T5892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 95.605500][ T5892] Call Trace: [ 95.605506][ T5892] [ 95.605511][ T5892] dump_stack_lvl+0x189/0x250 [ 95.605528][ T5892] ? __pfx____ratelimit+0x10/0x10 [ 95.605541][ T5892] ? __pfx_dump_stack_lvl+0x10/0x10 [ 95.605551][ T5892] ? __pfx__printk+0x10/0x10 [ 95.605563][ T5892] ? kvm_sched_clock_read+0x11/0x20 [ 95.605578][ T5892] should_fail_ex+0x414/0x560 [ 95.605591][ T5892] strncpy_from_user+0x36/0x290 [ 95.605602][ T5892] ? bpf_trace_run1+0x181/0x4b0 [ 95.605613][ T5892] ? rcu_is_watching+0x15/0xb0 [ 95.605623][ T5892] strncpy_from_user_nofault+0x72/0x150 [ 95.605635][ T5892] bpf_probe_read_compat_str+0xe2/0x180 [ 95.605646][ T5892] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 95.605654][ T5892] bpf_trace_run1+0x27f/0x4b0 [ 95.605666][ T5892] ? bpf_trace_run1+0x181/0x4b0 [ 95.605677][ T5892] ? __pfx_bpf_trace_run1+0x10/0x10 [ 95.605732][ T5892] ? rcu_is_watching+0x15/0xb0 [ 95.605741][ T5892] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 95.605753][ T5892] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 95.605763][ T5892] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 95.605772][ T5892] ? do_raw_spin_lock+0x121/0x290 [ 95.605784][ T5892] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 95.605798][ T5892] ? finish_task_switch+0x18b/0x950 [ 95.605811][ T5892] trace_workqueue_activate_work+0x170/0x1d0 [ 95.605826][ T5892] __queue_work+0xcc2/0xfb0 [ 95.605836][ T5892] ? __queue_work+0x102/0xfb0 [ 95.605846][ T5892] queue_work_on+0x181/0x270 [ 95.605855][ T5892] ? trace_sched_exit_tp+0x36/0x110 [ 95.605867][ T5892] ? __pfx_queue_work_on+0x10/0x10 [ 95.605877][ T5892] ? rcu_is_watching+0x15/0xb0 [ 95.605887][ T5892] net_enable_timestamp+0x145/0x190 [ 95.605902][ T5892] ? __pfx_net_enable_timestamp+0x10/0x10 [ 95.605915][ T5892] ? __sock_set_timestamps+0x16a/0x1b0 [ 95.605929][ T5892] sk_setsockopt+0x1adb/0x2dc0 [ 95.605942][ T5892] ? __pfx___might_resched+0x10/0x10 [ 95.605952][ T5892] ? __pfx_sk_setsockopt+0x10/0x10 [ 95.605966][ T5892] ? aa_sk_perm+0x81e/0x950 [ 95.605979][ T5892] ? __pfx_aa_sk_perm+0x10/0x10 [ 95.605991][ T5892] ? _raw_spin_unlock_irq+0x2e/0x50 [ 95.606003][ T5892] ? ptrace_notify+0x22d/0x2c0 [ 95.606011][ T5892] ? aa_sock_opt_perm+0xff/0x1b0 [ 95.606025][ T5892] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 95.606037][ T5892] do_sock_setsockopt+0x11b/0x1b0 [ 95.606052][ T5892] __x64_sys_setsockopt+0x13f/0x1b0 [ 95.606067][ T5892] do_syscall_64+0xfa/0x3b0 [ 95.606080][ T5892] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.606090][ T5892] ? clear_bhb_loop+0x60/0xb0 [ 95.606100][ T5892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.606110][ T5892] RIP: 0033:0x7feb755329e9 [ 95.606119][ T5892] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 95.606127][ T5892] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 95.606139][ T5892] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 95.606147][ T5892] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 95.606152][ T5892] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [ 95.606158][ T5892] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [pid 5892] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5892] exit_group(0) = ? [pid 5892] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5892, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 95.606164][ T5892] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 95.606172][ T5892] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5893 attached , child_tidptr=0x555567a3d650) = 5893 [pid 5893] set_robust_list(0x555567a3d660, 24) = 0 [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5893] setpgid(0, 0) = 0 [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5893] write(3, "1000", 4) = 4 [pid 5893] close(3) = 0 executing program [pid 5893] write(1, "executing program\n", 18) = 18 [pid 5893] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5893] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5893] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5893] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5893] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5893] write(7, "2", 1) = 1 [ 96.085218][ T5893] FAULT_INJECTION: forcing a failure. [ 96.085218][ T5893] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 96.098366][ T5893] CPU: 0 UID: 0 PID: 5893 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 96.098383][ T5893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 96.098389][ T5893] Call Trace: [ 96.098396][ T5893] [ 96.098401][ T5893] dump_stack_lvl+0x189/0x250 [ 96.098418][ T5893] ? __pfx____ratelimit+0x10/0x10 [ 96.098431][ T5893] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.098441][ T5893] ? __pfx__printk+0x10/0x10 [ 96.098453][ T5893] ? kvm_sched_clock_read+0x11/0x20 [ 96.098465][ T5893] ? xfd_validate_state+0x6d/0x150 [ 96.098476][ T5893] should_fail_ex+0x414/0x560 [ 96.098490][ T5893] strncpy_from_user+0x36/0x290 [ 96.098500][ T5893] ? bpf_trace_run1+0x181/0x4b0 [ 96.098511][ T5893] ? rcu_is_watching+0x15/0xb0 [ 96.098521][ T5893] strncpy_from_user_nofault+0x72/0x150 [ 96.098534][ T5893] bpf_probe_read_compat_str+0xe2/0x180 [ 96.098544][ T5893] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 96.098553][ T5893] bpf_trace_run1+0x27f/0x4b0 [ 96.098564][ T5893] ? bpf_trace_run1+0x181/0x4b0 [ 96.098575][ T5893] ? __pfx_bpf_trace_run1+0x10/0x10 [ 96.098587][ T5893] ? rcu_is_watching+0x15/0xb0 [ 96.098595][ T5893] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 96.098607][ T5893] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 96.098617][ T5893] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 96.098636][ T5893] ? do_raw_spin_lock+0x121/0x290 [ 96.098648][ T5893] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 96.098664][ T5893] ? finish_task_switch+0x18b/0x950 [ 96.098683][ T5893] trace_workqueue_activate_work+0x170/0x1d0 [ 96.098706][ T5893] __queue_work+0xcc2/0xfb0 [ 96.098721][ T5893] ? __queue_work+0x102/0xfb0 [ 96.098736][ T5893] queue_work_on+0x181/0x270 [ 96.098751][ T5893] ? trace_sched_exit_tp+0x36/0x110 [ 96.098771][ T5893] ? __pfx_queue_work_on+0x10/0x10 [ 96.098790][ T5893] ? rcu_is_watching+0x15/0xb0 [ 96.098807][ T5893] net_enable_timestamp+0x145/0x190 [ 96.098829][ T5893] ? __pfx_net_enable_timestamp+0x10/0x10 [ 96.098845][ T5893] ? __sock_set_timestamps+0x16a/0x1b0 [ 96.098859][ T5893] sk_setsockopt+0x1adb/0x2dc0 [ 96.098875][ T5893] ? __pfx___might_resched+0x10/0x10 [ 96.098888][ T5893] ? __pfx_sk_setsockopt+0x10/0x10 [ 96.098902][ T5893] ? aa_sk_perm+0x81e/0x950 [ 96.098916][ T5893] ? __pfx_aa_sk_perm+0x10/0x10 [ 96.098928][ T5893] ? _raw_spin_unlock_irq+0x2e/0x50 [ 96.098940][ T5893] ? ptrace_notify+0x22d/0x2c0 [ 96.098948][ T5893] ? aa_sock_opt_perm+0xff/0x1b0 [ 96.098963][ T5893] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 96.098974][ T5893] do_sock_setsockopt+0x11b/0x1b0 [ 96.098990][ T5893] __x64_sys_setsockopt+0x13f/0x1b0 [ 96.099005][ T5893] do_syscall_64+0xfa/0x3b0 [ 96.099018][ T5893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.099027][ T5893] ? clear_bhb_loop+0x60/0xb0 [ 96.099038][ T5893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.099047][ T5893] RIP: 0033:0x7feb755329e9 [ 96.099057][ T5893] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 96.099065][ T5893] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 96.099077][ T5893] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 96.099084][ T5893] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 96.099090][ T5893] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [pid 5893] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5893] exit_group(0) = ? [pid 5893] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5893, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5894 attached , child_tidptr=0x555567a3d650) = 5894 [ 96.099095][ T5893] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 96.099101][ T5893] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 96.099110][ T5893] [pid 5894] set_robust_list(0x555567a3d660, 24) = 0 [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5894] setpgid(0, 0) = 0 [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5894] write(3, "1000", 4) = 4 [pid 5894] close(3) = 0 [pid 5894] write(1, "executing program\n", 18executing program ) = 18 [pid 5894] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5894] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5894] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5894] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5894] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5894] write(7, "2", 1) = 1 [ 96.623996][ T5894] FAULT_INJECTION: forcing a failure. [ 96.623996][ T5894] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 96.637056][ T5894] CPU: 0 UID: 0 PID: 5894 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 96.637072][ T5894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 96.637078][ T5894] Call Trace: [ 96.637084][ T5894] [ 96.637089][ T5894] dump_stack_lvl+0x189/0x250 [ 96.637105][ T5894] ? __pfx____ratelimit+0x10/0x10 [ 96.637119][ T5894] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.637129][ T5894] ? __pfx__printk+0x10/0x10 [ 96.637141][ T5894] ? kvm_sched_clock_read+0x11/0x20 [ 96.637154][ T5894] ? arch_scale_cpu_capacity+0x18/0xb0 [ 96.637166][ T5894] should_fail_ex+0x414/0x560 [ 96.637179][ T5894] strncpy_from_user+0x36/0x290 [ 96.637189][ T5894] ? bpf_trace_run1+0x181/0x4b0 [ 96.637200][ T5894] ? rcu_is_watching+0x15/0xb0 [ 96.637210][ T5894] strncpy_from_user_nofault+0x72/0x150 [ 96.637223][ T5894] bpf_probe_read_compat_str+0xe2/0x180 [ 96.637233][ T5894] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 96.637242][ T5894] bpf_trace_run1+0x27f/0x4b0 [ 96.637253][ T5894] ? bpf_trace_run1+0x181/0x4b0 [ 96.637264][ T5894] ? __pfx_bpf_trace_run1+0x10/0x10 [ 96.637276][ T5894] ? rcu_is_watching+0x15/0xb0 [ 96.637284][ T5894] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 96.637296][ T5894] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 96.637306][ T5894] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 96.637316][ T5894] ? do_raw_spin_lock+0x121/0x290 [ 96.637327][ T5894] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 96.637341][ T5894] ? finish_task_switch+0x18b/0x950 [ 96.637354][ T5894] trace_workqueue_activate_work+0x170/0x1d0 [ 96.637369][ T5894] __queue_work+0xcc2/0xfb0 [ 96.637379][ T5894] ? __queue_work+0x102/0xfb0 [ 96.637389][ T5894] queue_work_on+0x181/0x270 [ 96.637398][ T5894] ? trace_sched_exit_tp+0x36/0x110 [ 96.637410][ T5894] ? __pfx_queue_work_on+0x10/0x10 [ 96.637421][ T5894] ? rcu_is_watching+0x15/0xb0 [ 96.637430][ T5894] net_enable_timestamp+0x145/0x190 [ 96.637445][ T5894] ? __pfx_net_enable_timestamp+0x10/0x10 [ 96.637458][ T5894] ? __sock_set_timestamps+0x16a/0x1b0 [ 96.637477][ T5894] sk_setsockopt+0x1adb/0x2dc0 [ 96.637490][ T5894] ? __pfx___might_resched+0x10/0x10 [ 96.637500][ T5894] ? __pfx_sk_setsockopt+0x10/0x10 [ 96.637513][ T5894] ? aa_sk_perm+0x81e/0x950 [ 96.637527][ T5894] ? __pfx_aa_sk_perm+0x10/0x10 [ 96.637539][ T5894] ? _raw_spin_unlock_irq+0x2e/0x50 [ 96.637551][ T5894] ? ptrace_notify+0x22d/0x2c0 [ 96.637559][ T5894] ? aa_sock_opt_perm+0xff/0x1b0 [ 96.637573][ T5894] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 96.637585][ T5894] do_sock_setsockopt+0x11b/0x1b0 [ 96.637600][ T5894] __x64_sys_setsockopt+0x13f/0x1b0 [ 96.637615][ T5894] do_syscall_64+0xfa/0x3b0 [ 96.637634][ T5894] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.637643][ T5894] ? clear_bhb_loop+0x60/0xb0 [ 96.637653][ T5894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.637663][ T5894] RIP: 0033:0x7feb755329e9 [ 96.637673][ T5894] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 96.637681][ T5894] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 96.637693][ T5894] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 96.637700][ T5894] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 96.637706][ T5894] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [pid 5894] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5894] exit_group(0) = ? [pid 5894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 96.637711][ T5894] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 96.637717][ T5894] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 96.637726][ T5894] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5895 attached , child_tidptr=0x555567a3d650) = 5895 [pid 5895] set_robust_list(0x555567a3d660, 24) = 0 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5895] setpgid(0, 0) = 0 [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5895] write(3, "1000", 4) = 4 [pid 5895] close(3) = 0 executing program [pid 5895] write(1, "executing program\n", 18) = 18 [pid 5895] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5895] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5895] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5895] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5895] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5895] write(7, "2", 1) = 1 [ 97.144698][ T5895] FAULT_INJECTION: forcing a failure. [ 97.144698][ T5895] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 97.157772][ T5895] CPU: 1 UID: 0 PID: 5895 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 97.157788][ T5895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 97.157795][ T5895] Call Trace: [ 97.157801][ T5895] [ 97.157807][ T5895] dump_stack_lvl+0x189/0x250 [ 97.157823][ T5895] ? __pfx____ratelimit+0x10/0x10 [ 97.157836][ T5895] ? __pfx_dump_stack_lvl+0x10/0x10 [ 97.157846][ T5895] ? __pfx__printk+0x10/0x10 [ 97.157858][ T5895] ? kvm_sched_clock_read+0x11/0x20 [ 97.157872][ T5895] ? arch_scale_cpu_capacity+0x18/0xb0 [ 97.157883][ T5895] should_fail_ex+0x414/0x560 [ 97.157896][ T5895] strncpy_from_user+0x36/0x290 [ 97.157916][ T5895] ? bpf_trace_run1+0x181/0x4b0 [ 97.157928][ T5895] ? rcu_is_watching+0x15/0xb0 [ 97.157938][ T5895] strncpy_from_user_nofault+0x72/0x150 [ 97.157950][ T5895] bpf_probe_read_compat_str+0xe2/0x180 [ 97.157960][ T5895] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 97.157969][ T5895] bpf_trace_run1+0x27f/0x4b0 [ 97.157980][ T5895] ? bpf_trace_run1+0x181/0x4b0 [ 97.157992][ T5895] ? __pfx_bpf_trace_run1+0x10/0x10 [ 97.158003][ T5895] ? rcu_is_watching+0x15/0xb0 [ 97.158012][ T5895] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 97.158023][ T5895] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 97.158033][ T5895] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 97.158043][ T5895] ? do_raw_spin_lock+0x121/0x290 [ 97.158055][ T5895] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 97.158070][ T5895] ? finish_task_switch+0x18b/0x950 [ 97.158083][ T5895] trace_workqueue_activate_work+0x170/0x1d0 [ 97.158097][ T5895] __queue_work+0xcc2/0xfb0 [ 97.158108][ T5895] ? __queue_work+0x102/0xfb0 [ 97.158118][ T5895] queue_work_on+0x181/0x270 [ 97.158127][ T5895] ? trace_sched_exit_tp+0x36/0x110 [ 97.158139][ T5895] ? __pfx_queue_work_on+0x10/0x10 [ 97.158149][ T5895] ? rcu_is_watching+0x15/0xb0 [ 97.158159][ T5895] net_enable_timestamp+0x145/0x190 [ 97.158173][ T5895] ? __pfx_net_enable_timestamp+0x10/0x10 [ 97.158186][ T5895] ? __sock_set_timestamps+0x16a/0x1b0 [ 97.158200][ T5895] sk_setsockopt+0x1adb/0x2dc0 [ 97.158213][ T5895] ? __pfx___might_resched+0x10/0x10 [ 97.158223][ T5895] ? __pfx_sk_setsockopt+0x10/0x10 [ 97.158237][ T5895] ? aa_sk_perm+0x81e/0x950 [ 97.158251][ T5895] ? __pfx_aa_sk_perm+0x10/0x10 [ 97.158262][ T5895] ? _raw_spin_unlock_irq+0x2e/0x50 [ 97.158274][ T5895] ? ptrace_notify+0x22d/0x2c0 [ 97.158282][ T5895] ? aa_sock_opt_perm+0xff/0x1b0 [ 97.158299][ T5895] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 97.158311][ T5895] do_sock_setsockopt+0x11b/0x1b0 [ 97.158326][ T5895] __x64_sys_setsockopt+0x13f/0x1b0 [ 97.158341][ T5895] do_syscall_64+0xfa/0x3b0 [ 97.158354][ T5895] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.158363][ T5895] ? clear_bhb_loop+0x60/0xb0 [ 97.158374][ T5895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.158383][ T5895] RIP: 0033:0x7feb755329e9 [ 97.158393][ T5895] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 97.158401][ T5895] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 97.158414][ T5895] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 97.158421][ T5895] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 97.158426][ T5895] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [pid 5895] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5895] exit_group(0) = ? [pid 5895] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5895, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 97.158432][ T5895] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 97.158438][ T5895] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 97.158451][ T5895] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567a3d650) = 5896 ./strace-static-x86_64: Process 5896 attached [pid 5896] set_robust_list(0x555567a3d660, 24) = 0 [pid 5896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5896] setpgid(0, 0) = 0 [pid 5896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5896] write(3, "1000", 4) = 4 [pid 5896] close(3) = 0 executing program [pid 5896] write(1, "executing program\n", 18) = 18 [pid 5896] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5896] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5896] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5896] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5896] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5896] write(7, "2", 1) = 1 [ 97.652087][ T5896] FAULT_INJECTION: forcing a failure. [ 97.652087][ T5896] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 97.665176][ T5896] CPU: 0 UID: 0 PID: 5896 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 97.665192][ T5896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 97.665199][ T5896] Call Trace: [ 97.665204][ T5896] [ 97.665209][ T5896] dump_stack_lvl+0x189/0x250 [ 97.665225][ T5896] ? __pfx____ratelimit+0x10/0x10 [ 97.665238][ T5896] ? __pfx_dump_stack_lvl+0x10/0x10 [ 97.665248][ T5896] ? __pfx__printk+0x10/0x10 [ 97.665260][ T5896] ? kvm_sched_clock_read+0x11/0x20 [ 97.665273][ T5896] ? arch_scale_cpu_capacity+0x18/0xb0 [ 97.665284][ T5896] should_fail_ex+0x414/0x560 [ 97.665298][ T5896] strncpy_from_user+0x36/0x290 [ 97.665308][ T5896] ? bpf_trace_run1+0x181/0x4b0 [ 97.665320][ T5896] ? rcu_is_watching+0x15/0xb0 [ 97.665330][ T5896] strncpy_from_user_nofault+0x72/0x150 [ 97.665342][ T5896] bpf_probe_read_compat_str+0xe2/0x180 [ 97.665353][ T5896] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 97.665361][ T5896] bpf_trace_run1+0x27f/0x4b0 [ 97.665372][ T5896] ? lock_acquire+0x5f/0x360 [ 97.665386][ T5896] ? bpf_trace_run1+0x181/0x4b0 [ 97.665397][ T5896] ? __pfx_bpf_trace_run1+0x10/0x10 [ 97.665409][ T5896] ? rcu_is_watching+0x15/0xb0 [ 97.665417][ T5896] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 97.665428][ T5896] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 97.665438][ T5896] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 97.665448][ T5896] ? do_raw_spin_lock+0x121/0x290 [ 97.665459][ T5896] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 97.665473][ T5896] ? finish_task_switch+0x18b/0x950 [ 97.665486][ T5896] trace_workqueue_activate_work+0x170/0x1d0 [ 97.665500][ T5896] __queue_work+0xcc2/0xfb0 [ 97.665545][ T5896] ? __queue_work+0x102/0xfb0 [ 97.665555][ T5896] queue_work_on+0x181/0x270 [ 97.665564][ T5896] ? trace_sched_exit_tp+0x36/0x110 [ 97.665577][ T5896] ? __pfx_queue_work_on+0x10/0x10 [ 97.665587][ T5896] ? rcu_is_watching+0x15/0xb0 [ 97.665597][ T5896] net_enable_timestamp+0x145/0x190 [ 97.665611][ T5896] ? __pfx_net_enable_timestamp+0x10/0x10 [ 97.665625][ T5896] ? __sock_set_timestamps+0x16a/0x1b0 [ 97.665638][ T5896] sk_setsockopt+0x1adb/0x2dc0 [ 97.665652][ T5896] ? __pfx___might_resched+0x10/0x10 [ 97.665662][ T5896] ? __pfx_sk_setsockopt+0x10/0x10 [ 97.665675][ T5896] ? aa_sk_perm+0x81e/0x950 [ 97.665689][ T5896] ? __pfx_aa_sk_perm+0x10/0x10 [ 97.665701][ T5896] ? _raw_spin_unlock_irq+0x2e/0x50 [ 97.665713][ T5896] ? ptrace_notify+0x22d/0x2c0 [ 97.665721][ T5896] ? aa_sock_opt_perm+0xff/0x1b0 [ 97.665736][ T5896] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 97.665748][ T5896] do_sock_setsockopt+0x11b/0x1b0 [ 97.665764][ T5896] __x64_sys_setsockopt+0x13f/0x1b0 [ 97.665779][ T5896] do_syscall_64+0xfa/0x3b0 [ 97.665792][ T5896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.665801][ T5896] ? clear_bhb_loop+0x60/0xb0 [ 97.665812][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.665821][ T5896] RIP: 0033:0x7feb755329e9 [ 97.665831][ T5896] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 97.665839][ T5896] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 97.665851][ T5896] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 97.665858][ T5896] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 97.665864][ T5896] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [pid 5896] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5896] exit_group(0) = ? [pid 5896] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5896, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5897 attached , child_tidptr=0x555567a3d650) = 5897 [ 97.665869][ T5896] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 97.665875][ T5896] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 97.665884][ T5896] [pid 5897] set_robust_list(0x555567a3d660, 24) = 0 [pid 5897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5897] setpgid(0, 0) = 0 [pid 5897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5897] write(3, "1000", 4) = 4 [pid 5897] close(3) = 0 executing program [pid 5897] write(1, "executing program\n", 18) = 18 [pid 5897] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5897] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5897] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5897] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5897] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5897] write(7, "2", 1) = 1 [ 98.123036][ T5897] FAULT_INJECTION: forcing a failure. [ 98.123036][ T5897] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 98.136110][ T5897] CPU: 1 UID: 0 PID: 5897 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 98.136131][ T5897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 98.136140][ T5897] Call Trace: [ 98.136146][ T5897] [ 98.136151][ T5897] dump_stack_lvl+0x189/0x250 [ 98.136172][ T5897] ? __pfx____ratelimit+0x10/0x10 [ 98.136189][ T5897] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.136204][ T5897] ? __pfx__printk+0x10/0x10 [ 98.136220][ T5897] ? kvm_sched_clock_read+0x11/0x20 [ 98.136238][ T5897] ? arch_scale_cpu_capacity+0x18/0xb0 [ 98.136253][ T5897] should_fail_ex+0x414/0x560 [ 98.136271][ T5897] strncpy_from_user+0x36/0x290 [ 98.136286][ T5897] ? bpf_trace_run1+0x181/0x4b0 [ 98.136301][ T5897] ? rcu_is_watching+0x15/0xb0 [ 98.136314][ T5897] strncpy_from_user_nofault+0x72/0x150 [ 98.136331][ T5897] bpf_probe_read_compat_str+0xe2/0x180 [ 98.136345][ T5897] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 98.136362][ T5897] bpf_trace_run1+0x27f/0x4b0 [ 98.136378][ T5897] ? bpf_trace_run1+0x181/0x4b0 [ 98.136394][ T5897] ? __pfx_bpf_trace_run1+0x10/0x10 [ 98.136408][ T5897] ? update_load_avg+0x572/0x1880 [ 98.136421][ T5897] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 98.136443][ T5897] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 98.136457][ T5897] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 98.136470][ T5897] ? do_raw_spin_lock+0x121/0x290 [ 98.136486][ T5897] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 98.136508][ T5897] trace_workqueue_activate_work+0x170/0x1d0 [ 98.136528][ T5897] __queue_work+0xcc2/0xfb0 [ 98.136542][ T5897] ? __queue_work+0x102/0xfb0 [ 98.136556][ T5897] queue_work_on+0x181/0x270 [ 98.136568][ T5897] ? trace_sched_exit_tp+0x36/0x110 [ 98.136593][ T5897] ? __pfx_queue_work_on+0x10/0x10 [ 98.136608][ T5897] ? rcu_is_watching+0x15/0xb0 [ 98.136621][ T5897] net_enable_timestamp+0x145/0x190 [ 98.136641][ T5897] ? __pfx_net_enable_timestamp+0x10/0x10 [ 98.136660][ T5897] ? __sock_set_timestamps+0x16a/0x1b0 [ 98.136679][ T5897] sk_setsockopt+0x1adb/0x2dc0 [ 98.136697][ T5897] ? __pfx___might_resched+0x10/0x10 [ 98.136711][ T5897] ? __pfx_sk_setsockopt+0x10/0x10 [ 98.136731][ T5897] ? aa_sk_perm+0x81e/0x950 [ 98.136749][ T5897] ? __pfx_aa_sk_perm+0x10/0x10 [ 98.136766][ T5897] ? _raw_spin_unlock_irq+0x2e/0x50 [ 98.136781][ T5897] ? ptrace_notify+0x22d/0x2c0 [ 98.136793][ T5897] ? aa_sock_opt_perm+0xff/0x1b0 [ 98.136812][ T5897] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 98.136828][ T5897] do_sock_setsockopt+0x11b/0x1b0 [ 98.136849][ T5897] __x64_sys_setsockopt+0x13f/0x1b0 [ 98.136869][ T5897] do_syscall_64+0xfa/0x3b0 [ 98.136887][ T5897] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.136900][ T5897] ? clear_bhb_loop+0x60/0xb0 [ 98.136914][ T5897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.136927][ T5897] RIP: 0033:0x7feb755329e9 [ 98.136938][ T5897] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 98.136949][ T5897] RSP: 002b:00007ffe51f7ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 98.136965][ T5897] RAX: ffffffffffffffda RBX: 00007ffe51f7eab0 RCX: 00007feb755329e9 [ 98.136975][ T5897] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000005 [ 98.136982][ T5897] RBP: 0000000000000001 R08: 0000000000000004 R09: 0000000000000140 [ 98.136990][ T5897] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [pid 5897] setsockopt(5, SOL_SOCKET, SO_TIMESTAMP_OLD, [-1], 4) = 0 [pid 5897] exit_group(0) = ? [pid 5897] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5897, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5898 attached , child_tidptr=0x555567a3d650) = 5898 [pid 5898] set_robust_list(0x555567a3d660, 24) = 0 [pid 5898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5898] setpgid(0, 0) = 0 [ 98.136998][ T5897] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 98.137010][ T5897] [pid 5898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5898] write(3, "1000", 4) = 4 [pid 5898] close(3) = 0 executing program [pid 5898] write(1, "executing program\n", 18) = 18 [pid 5898] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 17, 0), prog_flags=BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ, prog_name="", prog_ifindex=0, expected_attach_type=0x34 /* BPF_??? */, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 EFAULT (Bad address) [pid 5898] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 5898] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=3}}, 16) = 4 [pid 5898] socketpair(AF_TIPC, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5898] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5898] write(7, "2", 1) = 1 [ 98.618207][ T5898] FAULT_INJECTION: forcing a failure. [ 98.618207][ T5898] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 98.631297][ T5898] CPU: 0 UID: 0 PID: 5898 Comm: syz-executor209 Not tainted 6.16.0-syzkaller-g561c80369df0 #0 PREEMPT(full) [ 98.631313][ T5898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 98.631319][ T5898] Call Trace: [ 98.631324][ T5898] [ 98.631328][ T5898] dump_stack_lvl+0x189/0x250 [ 98.631344][ T5898] ? __pfx____ratelimit+0x10/0x10 [ 98.631390][ T5898] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.631400][ T5898] ? __pfx__printk+0x10/0x10 [ 98.631412][ T5898] ? kvm_sched_clock_read+0x11/0x20 [ 98.631425][ T5898] ? arch_scale_cpu_capacity+0x18/0xb0 [ 98.631436][ T5898] should_fail_ex+0x414/0x560 [ 98.631450][ T5898] strncpy_from_user+0x36/0x290 [ 98.631461][ T5898] ? bpf_trace_run1+0x181/0x4b0 [ 98.631472][ T5898] ? rcu_is_watching+0x15/0xb0 [ 98.631482][ T5898] strncpy_from_user_nofault+0x72/0x150 [ 98.631494][ T5898] bpf_probe_read_compat_str+0xe2/0x180 [ 98.631504][ T5898] bpf_prog_9bca56546c9b26d5+0x46/0x4c [ 98.631513][ T5898] bpf_trace_run1+0x27f/0x4b0 [ 98.631524][ T5898] ? lock_acquire+0x5f/0x360 [ 98.631537][ T5898] ? bpf_trace_run1+0x181/0x4b0 [ 98.631548][ T5898] ? __pfx_bpf_trace_run1+0x10/0x10 [ 98.631560][ T5898] ? __bpf_trace_workqueue_activate_work+0xa1/0x100 [ 98.631571][ T5898] __bpf_trace_workqueue_activate_work+0xae/0x100 [ 98.631581][ T5898] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 98.631591][ T5898] ? do_raw_spin_lock+0x121/0x290 [ 98.631602][ T5898] ? __pfx_pwq_tryinc_nr_active+0x10/0x10 [ 98.631616][ T5898] ? finish_task_switch+0x18b/0x950 [ 98.631629][ T5898] trace_workqueue_activate_work+0x170/0x1d0 [ 98.631643][ T5898] __queue_work+0xcc2/0xfb0 [ 98.631653][ T5898] ? __queue_work+0x102/0xfb0 [ 98.631663][ T5898] queue_work_on+0x181/0x270 [ 98.631672][ T5898] ? trace_sched_exit_tp+0x36/0x110 [ 98.631684][ T5898] ? __pfx_queue_work_on+0x10/0x10 [ 98.631695][ T5898] ? rcu_is_watching+0x15/0xb0 [ 98.631704][ T5898] net_enable_timestamp+0x145/0x190 [ 98.631719][ T5898] ? __pfx_net_enable_timestamp+0x10/0x10 [ 98.631733][ T5898] ? __sock_set_timestamps+0x16a/0x1b0 [ 98.631746][ T5898] sk_setsockopt+0x1adb/0x2dc0 [ 98.631759][ T5898] ? __pfx___might_resched+0x10/0x10 [ 98.631769][ T5898] ? __pfx_sk_setsockopt+0x10/0x10 [ 98.631782][ T5898] ? aa_sk_perm+0x81e/0x950 [ 98.631796][ T5898] ? __pfx_aa_sk_perm+0x10/0x10 [ 98.631808][ T5898] ? _raw_spin_unlock_irq+0x2e/0x50 [ 98.631820][ T5898] ? ptrace_notify+0x22d/0x2c0