./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1244371526
<...>
Warning: Permanently added '10.128.0.212' (ED25519) to the list of known hosts.
execve("./syz-executor1244371526", ["./syz-executor1244371526"], 0x7fff19ef79f0 /* 10 vars */) = 0
brk(NULL) = 0x555581c8a000
brk(0x555581c8ae00) = 0x555581c8ae00
arch_prctl(ARCH_SET_FS, 0x555581c8a480) = 0
set_tid_address(0x555581c8a750) = 288
set_robust_list(0x555581c8a760, 24) = 0
rseq(0x555581c8ada0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1244371526", 4096) = 28
getrandom("\xb9\x86\x89\x53\xb9\x30\xd5\xb1", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555581c8ae00
brk(0x555581cabe00) = 0x555581cabe00
brk(0x555581cac000) = 0x555581cac000
mprotect(0x7f7874a9c000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f78749f94a0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f7874a00680}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f78749f94a0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f7874a00680}, NULL, 8) = 0
write(1, "executing program\n", 18executing program
) = 18
[ 27.607737][ T30] audit: type=1400 audit(1753296992.922:64): avc: denied { execmem } for pid=288 comm="syz-executor124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 27.641441][ T30] audit: type=1400 audit(1753296992.962:65): avc: denied { prog_load } for pid=288 comm="syz-executor124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 27.660833][ T30] audit: type=1400 audit(1753296992.962:66): avc: denied { bpf } for pid=288 comm="syz-executor124" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_MSG, insn_cnt=4, insns=0x200000000040, license="GPL", log_level=2, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 3
close(3) = 0
socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0
bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x200000000540, license="GPL", log_level=4, log_size=64912, log_buf="func#0 @0\n0: R1=ctx(id=0,off=0,imm=0) R10=fp0\n0: (b4) w0 = 0\n1: R0_w=inv0 R1=ctx(id=0,off=0,imm=0) R"..., kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 5
[ 27.848408][ T30] audit: type=1400 audit(1753296993.162:67): avc: denied { perfmon } for pid=288 comm="syz-executor124" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 27.869707][ T30] audit: type=1400 audit(1753296993.192:68): avc: denied { prog_run } for pid=288 comm="syz-executor124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 6
bpf(BPF_PROG_ATTACH, {target_fd=6, attach_bpf_fd=5, attach_type=BPF_SK_SKB_VERDICT, attach_flags=0}, 16) = 0
bpf(BPF_MAP_UPDATE_ELEM, {map_fd=6, key=0x200000000000, value=0x200000000080, flags=BPF_ANY}, 32) = 0
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7
write(7, "9", 1) = 1
[ 27.891192][ T30] audit: type=1400 audit(1753296993.212:69): avc: denied { map_create } for pid=288 comm="syz-executor124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 27.892124][ T288] FAULT_INJECTION: forcing a failure.
[ 27.892124][ T288] name failslab, interval 1, probability 0, space 0, times 1
[ 27.910895][ T30] audit: type=1400 audit(1753296993.212:70): avc: denied { map_read map_write } for pid=288 comm="syz-executor124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 27.923326][ T288] CPU: 1 PID: 288 Comm: syz-executor124 Not tainted 5.15.189-syzkaller-00079-ga71626bd56a5 #0
[ 27.953533][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 27.963596][ T288] Call Trace:
[ 27.966871][ T288]
[ 27.969797][ T288] __dump_stack+0x21/0x30
[ 27.974146][ T288] dump_stack_lvl+0xee/0x150
[ 27.978728][ T288] ? show_regs_print_info+0x20/0x20
[ 27.984025][ T288] dump_stack+0x15/0x20
[ 27.988177][ T288] should_fail+0x3c1/0x510
[ 27.992600][ T288] __should_failslab+0xa4/0xe0
[ 27.997365][ T288] should_failslab+0x9/0x20
[ 28.001860][ T288] slab_pre_alloc_hook+0x3b/0xe0
[ 28.006801][ T288] kmem_cache_alloc_trace+0x48/0x270
[ 28.012122][ T288] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 28.018004][ T288] ? migrate_disable+0x180/0x180
[ 28.022966][ T288] sk_psock_skb_ingress_self+0x5f/0x330
[ 28.028532][ T288] ? migrate_disable+0xd6/0x180
[ 28.033379][ T288] sk_psock_verdict_recv+0x636/0x800
[ 28.038845][ T288] unix_read_sock+0x10a/0x2c0
[ 28.043517][ T288] ? sk_psock_skb_redirect+0x440/0x440
[ 28.048968][ T288] ? unix_stream_splice_actor+0x120/0x120
[ 28.054700][ T288] ? copy_page_from_iter+0x261/0x680
[ 28.059981][ T288] ? copy_user_enhanced_fast_string+0xe/0x40
[ 28.065996][ T288] ? sk_psock_skb_redirect+0x440/0x440
[ 28.071474][ T288] ? unix_set_peek_off+0xa0/0xa0
[ 28.076420][ T288] unix_stream_read_sock+0x61/0x90
[ 28.081531][ T288] sk_psock_verdict_data_ready+0x115/0x170
[ 28.087371][ T288] ? sk_psock_start_verdict+0xc0/0xc0
[ 28.093043][ T288] ? _raw_spin_lock+0x8e/0xe0
[ 28.097724][ T288] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 28.103530][ T288] ? skb_queue_tail+0xcb/0xf0
[ 28.108205][ T288] unix_stream_sendmsg+0x7c4/0xc80
[ 28.113318][ T288] ? unix_show_fdinfo+0xa0/0xa0
[ 28.118168][ T288] ? __update_load_avg_cfs_rq+0xaf/0x2f0
[ 28.123794][ T288] ? security_socket_sendmsg+0x82/0xa0
[ 28.129253][ T288] ? unix_show_fdinfo+0xa0/0xa0
[ 28.134096][ T288] ____sys_sendmsg+0x5a2/0x8c0
[ 28.138853][ T288] ? __sys_sendmsg_sock+0x40/0x40
[ 28.143869][ T288] ? import_iovec+0x7c/0xb0
[ 28.148381][ T288] ___sys_sendmsg+0x1f0/0x260
[ 28.153056][ T288] ? _raw_spin_unlock+0x4d/0x70
[ 28.157987][ T288] ? __sys_sendmsg+0x250/0x250
[ 28.162741][ T288] ? __schedule+0xb76/0x14c0
[ 28.167334][ T288] ? _raw_spin_lock_irqsave+0x110/0x110
[ 28.172935][ T288] ? cgroup_update_frozen+0x15c/0x970
[ 28.178320][ T288] ? ptrace_stop+0x6f4/0xa80
[ 28.182915][ T288] ? __kasan_check_read+0x11/0x20
[ 28.187944][ T288] ? __fdget+0x15b/0x230
[ 28.192198][ T288] __x64_sys_sendmsg+0x1e2/0x2a0
[ 28.197152][ T288] ? ___sys_sendmsg+0x260/0x260
[ 28.202030][ T288] ? __kasan_check_write+0x14/0x20
[ 28.207141][ T288] ? switch_fpu_return+0x15d/0x2c0
[ 28.212252][ T288] x64_sys_call+0x4b/0x9a0
[ 28.216672][ T288] do_syscall_64+0x4c/0xa0
[ 28.221089][ T288] ? clear_bhb_loop+0x50/0xa0
[ 28.225761][ T288] ? clear_bhb_loop+0x50/0xa0
[ 28.230434][ T288] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 28.236321][ T288] RIP: 0033:0x7f7874a312e9
[ 28.240729][ T288] Code: 48 83 c4 28 c3 e8 17 1a 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 28.260327][ T288] RSP: 002b:00007fff27b85ba8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 28.268735][ T288] RAX: ffffffffffffffda RBX: 00007fff27b85bb0 RCX: 00007f7874a312e9
[ 28.276698][ T288] RDX: 0000000000000000 RSI: 0000200000000500 RDI: 0000000000000004
[ 28.284663][ T288] RBP: 0000000000000001 R08: 00007fff27b85947 R09: 00007f78749f0039
[ 28.292626][ T288] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 28.300696][ T288] R13: 00007fff27b85e18 R14: 0000000000000001 R15: 0000000000000001
[ 28.308674][ T288]
[ 28.312044][ T39] ------------[ cut here ]------------
[ 28.317552][ T39] kernel BUG at net/core/skbuff.c:1727!
[ 28.323379][ T39] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 28.329480][ T39] CPU: 1 PID: 39 Comm: kworker/1:1 Not tainted 5.15.189-syzkaller-00079-ga71626bd56a5 #0
[ 28.339302][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
sendmsg(4, {msg_name=NULL, msg_namelen=67124864, msg_iov=[{iov_base="\x3e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=536871553}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 16744320
exit_group(0) = ?
[ 28.349406][ T39] Workqueue: events sk_psock_backlog
[ 28.354743][ T39] RIP: 0010:pskb_expand_head+0x11a5/0x11d0
[ 28.360580][ T39] Code: 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c de f3 ff ff 4c 89 e7 e8 8c 9a f6 fd e9 d1 f3 ff ff e8 42 22 b8 fd 0f 0b e8 3b 22 b8 fd <0f> 0b 48 8b 4d d0 80 e1 07 80 c1 03 38 c1 0f 8c b2 fa ff ff 48 8b
[ 28.380211][ T39] RSP: 0018:ffffc9000028fa08 EFLAGS: 00010293
[ 28.386306][ T39] RAX: ffffffff83b08d95 RBX: dffffc0000000000 RCX: ffff8881087862c0
[ 28.394423][ T39] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001
[ 28.402526][ T39] RBP: ffffc9000028faa8 R08: dffffc0000000000 R09: ffffed1024290a6e
[ 28.410502][ T39] R10: ffffed1024290a6e R11: 1ffff11024290a6d R12: 0000000000000e80
[ 28.418470][ T39] R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000008080
[ 28.426437][ T39] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 28.435364][ T39] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 28.442074][ T39] CR2: 0000200000009000 CR3: 000000010d8d9000 CR4: 00000000003506a0
[ 28.450059][ T39] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 28.458043][ T39] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 28.466019][ T39] Call Trace:
[ 28.469294][ T39]
[ 28.472234][ T39] __pskb_pull_tail+0xb1/0x1480
[ 28.477237][ T39] sk_psock_skb_ingress_enqueue+0x67/0x410
[ 28.483139][ T39] ? kmem_cache_alloc_trace+0x119/0x270
[ 28.488699][ T39] ? sk_psock_backlog+0x876/0x1230
[ 28.493899][ T39] sk_psock_backlog+0xa72/0x1230
[ 28.498944][ T39] ? sk_psock_init+0x6f0/0x6f0
[ 28.503733][ T39] ? __schedule+0xb76/0x14c0
[ 28.508333][ T39] process_one_work+0x6be/0xba0
[ 28.513211][ T39] worker_thread+0xa59/0x1200
[ 28.517981][ T39] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 28.523551][ T39] kthread+0x411/0x500
[ 28.527621][ T39] ? worker_clr_flags+0x190/0x190
[ 28.532668][ T39] ? kthread_blkcg+0xd0/0xd0
[ 28.537255][ T39] ret_from_fork+0x1f/0x30
[ 28.541669][ T39]
[ 28.544688][ T39] Modules linked in:
[ 28.548790][ T39] ---[ end trace d7ef24e870b91c11 ]---
[ 28.554631][ T39] RIP: 0010:pskb_expand_head+0x11a5/0x11d0
[ 28.560503][ T39] Code: 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c de f3 ff ff 4c 89 e7 e8 8c 9a f6 fd e9 d1 f3 ff ff e8 42 22 b8 fd 0f 0b e8 3b 22 b8 fd <0f> 0b 48 8b 4d d0 80 e1 07 80 c1 03 38 c1 0f 8c b2 fa ff ff 48 8b
[ 28.580141][ T39] RSP: 0018:ffffc9000028fa08 EFLAGS: 00010293
[ 28.586224][ T39] RAX: ffffffff83b08d95 RBX: dffffc0000000000 RCX: ffff8881087862c0
[ 28.594224][ T39] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001
[ 28.602231][ T39] RBP: ffffc9000028faa8 R08: dffffc0000000000 R09: ffffed1024290a6e
[ 28.610225][ T39] R10: ffffed1024290a6e R11: 1ffff11024290a6d R12: 0000000000000e80
[ 28.618207][ T39] R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000008080
[ 28.626205][ T39] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 28.635164][ T39] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 28.641765][ T39] CR2: 0000200000009000 CR3: 000000000660f000 CR4: 00000000003506a0
[ 28.649776][ T39] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 28.657745][ T39] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 28.665753][ T39] Kernel panic - not syncing: Fatal exception
[ 28.667111][ T30] audit: type=1400 audit(1753296993.982:71): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 28.672047][ T39] Kernel Offset: disabled
[ 28.697977][ T39] Rebooting in 86400 seconds..