./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1848802484 <...> syzkaller syzkaller login: [ 15.413093][ T28] kauditd_printk_skb: 31 callbacks suppressed [ 15.413108][ T28] audit: type=1400 audit(1746844737.854:59): avc: denied { transition } for pid=224 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.417584][ T28] audit: type=1400 audit(1746844737.854:60): avc: denied { noatsecure } for pid=224 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.420392][ T28] audit: type=1400 audit(1746844737.864:61): avc: denied { write } for pid=224 comm="sh" path="pipe:[14971]" dev="pipefs" ino=14971 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 15.423557][ T28] audit: type=1400 audit(1746844737.864:62): avc: denied { rlimitinh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.426477][ T28] audit: type=1400 audit(1746844737.864:63): avc: denied { siginh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.117' (ED25519) to the list of known hosts. execve("./syz-executor1848802484", ["./syz-executor1848802484"], 0x7ffd9a21ce60 /* 10 vars */) = 0 brk(NULL) = 0x55558f916000 brk(0x55558f916d00) = 0x55558f916d00 arch_prctl(ARCH_SET_FS, 0x55558f916380) = 0 set_tid_address(0x55558f916650) = 289 set_robust_list(0x55558f916660, 24) = 0 rseq(0x55558f916ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1848802484", 4096) = 28 getrandom("\xcd\x86\xab\xc9\x45\x2d\x2a\xec", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558f916d00 brk(0x55558f937d00) = 0x55558f937d00 brk(0x55558f938000) = 0x55558f938000 mprotect(0x7f956bc40000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558f916650) = 290 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 290 attached [pid 290] set_robust_list(0x55558f916660, 24) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 291 attached [pid 289] <... clone resumed>, child_tidptr=0x55558f916650) = 291 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] set_robust_list(0x55558f916660, 24 [pid 290] <... clone resumed>, child_tidptr=0x55558f916650) = 292 ./strace-static-x86_64: Process 292 attached [pid 291] <... set_robust_list resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x55558f916650) = 293 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] set_robust_list(0x55558f916660, 24./strace-static-x86_64: Process 293 attached [pid 293] set_robust_list(0x55558f916660, 24) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558f916650) = 295 ./strace-static-x86_64: Process 294 attached [pid 294] set_robust_list(0x55558f916660, 24) = 0 [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 294] setpgid(0, 0) = 0 [pid 294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 296 attached [pid 289] <... clone resumed>, child_tidptr=0x55558f916650) = 296 [pid 292] <... set_robust_list resumed>) = 0 [pid 291] <... clone resumed>, child_tidptr=0x55558f916650) = 294 ./strace-static-x86_64: Process 295 attached [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] write(3, "1000", 4 [pid 292] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] set_robust_list(0x55558f916660, 24) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] <... prctl resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x55558f916650) = 297 [pid 292] setpgid(0, 0) = 0 [pid 294] <... write resumed>) = 4 [pid 295] set_robust_list(0x55558f916660, 24) = 0 [pid 294] close(3 [pid 292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 292] write(3, "1000", 4) = 4 [pid 292] close(3) = 0 [pid 292] write(1, "executing program\n", 18executing program [pid 294] <... close resumed>) = 0 [pid 292] <... write resumed>) = 18 [pid 296] <... clone resumed>, child_tidptr=0x55558f916650) = 298 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 294] write(1, "executing program\n", 18 [pid 292] pipe2(./strace-static-x86_64: Process 297 attached [3, 4], 0) = 0 executing program [pid 292] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=11, insns=0x2000000006c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_SK_REUSEPORT_SELECT, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148./strace-static-x86_64: Process 298 attached [pid 297] set_robust_list(0x55558f916660, 24 [pid 295] <... prctl resumed>) = 0 [pid 294] <... write resumed>) = 18 [pid 298] set_robust_list(0x55558f916660, 24) = 0 [pid 297] <... set_robust_list resumed>) = 0 [pid 295] setpgid(0, 0 [pid 294] pipe2( [pid 292] <... bpf resumed>) = 5 [pid 292] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=5}}, 16 [pid 295] <... setpgid resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 295] write(3, "1000", 4 [pid 297] <... clone resumed>, child_tidptr=0x55558f916650) = 299 [pid 294] <... pipe2 resumed>[3, 4], 0) = 0 [pid 294] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=11, insns=0x2000000006c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_SK_REUSEPORT_SELECT, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 [pid 295] <... write resumed>) = 4 ./strace-static-x86_64: Process 299 attached [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL [ 25.070702][ T28] audit: type=1400 audit(1746844747.514:64): avc: denied { execmem } for pid=289 comm="syz-executor184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 295] close(3 [pid 299] set_robust_list(0x55558f916660, 24 [pid 298] <... prctl resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 299] <... set_robust_list resumed>) = 0 [pid 298] setpgid(0, 0 [pid 295] write(1, "executing program\n", 18 [pid 294] <... bpf resumed>) = 5 [pid 294] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=5}}, 16executing program [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] <... setpgid resumed>) = 0 [pid 295] <... write resumed>) = 18 [pid 295] pipe2( [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... prctl resumed>) = 0 [pid 299] setpgid(0, 0 [pid 298] <... openat resumed>) = 3 [pid 295] <... pipe2 resumed>[3, 4], 0) = 0 [pid 299] <... setpgid resumed>) = 0 [pid 298] write(3, "1000", 4 [pid 292] <... bpf resumed>) = 6 [pid 295] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=11, insns=0x2000000006c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_SK_REUSEPORT_SELECT, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... write resumed>) = 4 [pid 298] close(3 [pid 294] <... bpf resumed>) = 6 [pid 294] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 298] <... close resumed>) = 0 [pid 295] <... bpf resumed>) = 5 [pid 294] <... openat resumed>) = 7 [pid 299] <... openat resumed>) = 3 [pid 298] write(1, "executing program\n", 18 [pid 295] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=5}}, 16 [pid 294] write(7, "1", 1) = 1 [pid 294] close_range(4, 4294967295, 0executing program [pid 299] write(3, "1000", 4 [pid 298] <... write resumed>) = 18 [pid 292] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 299] <... write resumed>) = 4 [pid 298] pipe2( [pid 292] <... openat resumed>) = 7 [pid 299] close(3 [pid 298] <... pipe2 resumed>[3, 4], 0) = 0 [pid 292] write(7, "1", 1 [pid 299] <... close resumed>) = 0 [pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=11, insns=0x2000000006c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_SK_REUSEPORT_SELECT, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148executing program [pid 292] <... write resumed>) = 1 [pid 299] write(1, "executing program\n", 18 [pid 298] <... bpf resumed>) = 5 [pid 299] <... write resumed>) = 18 [pid 298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=5}}, 16 [pid 292] close_range(4, 4294967295, 0 [ 25.100603][ T28] audit: type=1400 audit(1746844747.544:65): avc: denied { bpf } for pid=292 comm="syz-executor184" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 25.122468][ T28] audit: type=1400 audit(1746844747.544:66): avc: denied { prog_load } for pid=292 comm="syz-executor184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 25.142196][ T28] audit: type=1400 audit(1746844747.544:67): avc: denied { perfmon } for pid=292 comm="syz-executor184" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 299] pipe2([3, 4], 0) = 0 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=11, insns=0x2000000006c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_SK_REUSEPORT_SELECT, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 5 [ 25.163641][ T28] audit: type=1400 audit(1746844747.544:68): avc: denied { prog_run } for pid=292 comm="syz-executor184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 25.185400][ T294] FAULT_INJECTION: forcing a failure. [ 25.185400][ T294] name failslab, interval 1, probability 0, space 0, times 1 [ 25.198156][ T294] CPU: 0 PID: 294 Comm: syz-executor184 Not tainted 6.1.134-syzkaller-00012-g646380b087a5 #0 [ 25.208337][ T294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 25.218417][ T294] Call Trace: [ 25.221703][ T294] [ 25.224621][ T294] __dump_stack+0x21/0x24 [ 25.229014][ T294] dump_stack_lvl+0xee/0x150 [ 25.233612][ T294] ? __cfi_dump_stack_lvl+0x8/0x8 [ 25.238644][ T294] ? ____fput+0x15/0x20 [ 25.242800][ T294] ? ptrace_notify+0x221/0x250 [ 25.247565][ T294] ? syscall_exit_work+0x84/0x140 [ 25.252588][ T294] ? syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 25.258924][ T294] ? do_syscall_64+0x58/0xa0 [ 25.263523][ T294] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 25.269608][ T294] dump_stack+0x15/0x24 [ 25.273775][ T294] should_fail_ex+0x3d4/0x520 [ 25.278453][ T294] __should_failslab+0xac/0xf0 [ 25.283208][ T294] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 25.289183][ T294] should_failslab+0x9/0x20 [ 25.293684][ T294] __kmem_cache_alloc_node+0x3d/0x2c0 [ 25.299058][ T294] ? __cfi_mutex_lock+0x10/0x10 [ 25.303906][ T294] ? delete_node+0x3e6/0xa60 [ 25.308525][ T294] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 25.314494][ T294] __kmalloc+0xa1/0x1e0 [ 25.318653][ T294] ? __cfi___bpf_trace_kfree+0x10/0x10 [ 25.324109][ T294] tracepoint_probe_unregister+0x1e6/0x8b0 [ 25.329928][ T294] bpf_probe_unregister+0x61/0x70 [ 25.334954][ T294] bpf_raw_tp_link_release+0x63/0x90 [ 25.340233][ T294] bpf_link_free+0x13a/0x390 [ 25.344822][ T294] ? bpf_link_put_deferred+0x20/0x20 [ 25.350105][ T294] ? security_file_free+0xd8/0xf0 [ 25.355127][ T294] bpf_link_release+0x15f/0x170 [ 25.359980][ T294] ? __cfi_bpf_link_release+0x10/0x10 [ 25.365353][ T294] __fput+0x1fc/0x8f0 [ 25.369334][ T294] ____fput+0x15/0x20 [ 25.373308][ T294] task_work_run+0x1db/0x240 [ 25.377901][ T294] ? __cfi_task_work_run+0x10/0x10 [ 25.383012][ T294] ? fput+0x15b/0x1a0 [ 25.386996][ T294] ? filp_close+0x111/0x160 [ 25.391513][ T294] ptrace_notify+0x221/0x250 [ 25.396111][ T294] ? _raw_spin_unlock_irq+0x4d/0x70 [ 25.401320][ T294] ? __cfi_ptrace_notify+0x10/0x10 [ 25.406445][ T294] ? __cfi___close_range+0x10/0x10 [ 25.411558][ T294] ? fpregs_restore_userregs+0x128/0x260 [ 25.417193][ T294] syscall_exit_work+0x84/0x140 [ 25.422041][ T294] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 25.428189][ T294] syscall_exit_to_user_mode+0xd/0x30 [ 25.433558][ T294] do_syscall_64+0x58/0xa0 [ 25.437973][ T294] ? clear_bhb_loop+0x15/0x70 [ 25.442642][ T294] ? clear_bhb_loop+0x15/0x70 [ 25.447313][ T294] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 25.453211][ T294] RIP: 0033:0x7f956bbd4919 [ 25.457658][ T294] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 25.477258][ T294] RSP: 002b:00007ffc715b16e8 EFLAGS: 00000286 ORIG_RAX: 00000000000001b4 [ 25.485688][ T294] RAX: 0000000000000000 RBX: 00007ffc715b1700 RCX: 00007f956bbd4919 [ 25.493679][ T294] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000004 [ 25.501683][ T294] RBP: 0000000000000001 R08: 00007ffc715b1487 R09: 0000000000000140 [ 25.509661][ T294] R10: 0000000000000001 R11: 0000000000000286 R12: 0000000000000000 [ 25.517638][ T294] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.525635][ T294] [ 25.529474][ T294] CFI failure at __traceiter_kfree+0x34/0x50 (target: tp_stub_func+0x0/0x10; expected type: 0x8682d211) [ 25.529660][ C0] CFI failure at __traceiter_kfree+0x34/0x50 (target: tp_stub_func+0x0/0x10; expected type: 0x8682d211) [ 25.540737][ T294] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 25.557841][ T294] CPU: 1 PID: 294 Comm: syz-executor184 Not tainted 6.1.134-syzkaller-00012-g646380b087a5 #0 [ 25.567987][ T294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 25.578043][ T294] RIP: 0010:__traceiter_kfree+0x34/0x50 [ 25.583597][ T294] Code: 8b 3d 80 5c ca 05 4d 85 ff 74 2e 48 89 d3 49 89 f6 49 8b 07 49 8b 7f 08 4c 89 f6 48 89 da 41 ba ef 2d 7d 79 44 03 50 fc 74 02 <0f> 0b ff d0 49 83 7f 18 00 4d 8d 7f 18 75 d8 31 c0 5b 41 5e 41 5f [ 25.603212][ T294] RSP: 0018:ffffc90000e37b00 EFLAGS: 00010213 [ 25.609285][ T294] RAX: ffffffff81710320 RBX: ffff88810cdfcb80 RCX: 0000000000000000 [ 25.617255][ T294] RDX: ffff88810cdfcb80 RSI: ffffffff8180d9f5 RDI: ffffc900000dd000 [ 25.625225][ T294] RBP: ffffc90000e37b18 R08: dffffc0000000000 R09: ffffc90000e379e0 [ 25.633209][ T294] R10: 000000001ebd94fb R11: 1ffff920001c6f3c R12: 1ffff110219bf973 [ 25.641190][ T294] R13: dffffc0000000000 R14: ffffffff8180d9f5 R15: ffff88810cdfc1a8 [ 25.649159][ T294] FS: 000055558f916380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 25.658090][ T294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.664666][ T294] CR2: 00007f956bc440d0 CR3: 0000000123900000 CR4: 00000000003506a0 [ 25.672636][ T294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.680619][ T294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.688584][ T294] Call Trace: [ 25.691848][ T294] [ 25.694770][ T294] ? bpf_raw_tp_link_dealloc+0x15/0x20 [ 25.700217][ T294] kfree+0xc9/0xf0 [ 25.703940][ T294] bpf_raw_tp_link_dealloc+0x15/0x20 [ 25.709230][ T294] bpf_link_free+0x321/0x390 [ 25.713829][ T294] ? bpf_link_put_deferred+0x20/0x20 [ 25.719132][ T294] ? security_file_free+0xd8/0xf0 [ 25.724151][ T294] bpf_link_release+0x15f/0x170 [ 25.729017][ T294] ? __cfi_bpf_link_release+0x10/0x10 [ 25.734398][ T294] __fput+0x1fc/0x8f0 [ 25.738388][ T294] ____fput+0x15/0x20 [ 25.742363][ T294] task_work_run+0x1db/0x240 [ 25.747140][ T294] ? __cfi_task_work_run+0x10/0x10 [ 25.752260][ T294] ? fput+0x15b/0x1a0 [ 25.756246][ T294] ? filp_close+0x111/0x160 [ 25.760738][ T294] ptrace_notify+0x221/0x250 [ 25.765320][ T294] ? _raw_spin_unlock_irq+0x4d/0x70 [ 25.770510][ T294] ? __cfi_ptrace_notify+0x10/0x10 [ 25.775614][ T294] ? __cfi___close_range+0x10/0x10 [ 25.780757][ T294] ? fpregs_restore_userregs+0x128/0x260 [ 25.786379][ T294] syscall_exit_work+0x84/0x140 [ 25.791218][ T294] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 25.797382][ T294] syscall_exit_to_user_mode+0xd/0x30 [ 25.802741][ T294] do_syscall_64+0x58/0xa0 [ 25.807146][ T294] ? clear_bhb_loop+0x15/0x70 [ 25.811808][ T294] ? clear_bhb_loop+0x15/0x70 [ 25.816469][ T294] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 25.822352][ T294] RIP: 0033:0x7f956bbd4919 [ 25.826750][ T294] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 25.846343][ T294] RSP: 002b:00007ffc715b16e8 EFLAGS: 00000286 ORIG_RAX: 00000000000001b4 [ 25.854744][ T294] RAX: 0000000000000000 RBX: 00007ffc715b1700 RCX: 00007f956bbd4919 [ 25.862705][ T294] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000004 [ 25.870660][ T294] RBP: 0000000000000001 R08: 00007ffc715b1487 R09: 0000000000000140 [ 25.878613][ T294] R10: 0000000000000001 R11: 0000000000000286 R12: 0000000000000000 [ 25.886567][ T294] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.894531][ T294] [ 25.897533][ T294] Modules linked in: [ 25.901467][ C0] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 25.901477][ T294] ---[ end trace 0000000000000000 ]--- [ 25.901489][ T294] RIP: 0010:__traceiter_kfree+0x34/0x50 [ 25.907550][ C0] CPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G D 6.1.134-syzkaller-00012-g646380b087a5 #0 [ 25.913036][ T294] Code: 8b 3d 80 5c ca 05 4d 85 ff 74 2e 48 89 d3 49 89 f6 49 8b 07 49 8b 7f 08 4c 89 f6 48 89 da 41 ba ef 2d 7d 79 44 03 50 fc 74 02 <0f> 0b ff d0 49 83 7f 18 00 4d 8d 7f 18 75 d8 31 c0 5b 41 5e 41 5f [ 25.918580][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 25.918593][ C0] RIP: 0010:__traceiter_kfree+0x34/0x50 [ 25.918618][ C0] Code: 8b 3d 80 5c ca 05 4d 85 ff 74 2e 48 89 d3 49 89 f6 49 8b 07 49 8b 7f 08 4c 89 f6 48 89 da 41 ba ef 2d 7d 79 44 03 50 fc 74 02 <0f> 0b ff d0 49 83 7f 18 00 4d 8d 7f 18 75 d8 31 c0 5b 41 5e 41 5f [ 25.918635][ C0] RSP: 0018:ffffc900000d79f8 EFLAGS: 00010213 [ 25.929852][ T294] RSP: 0018:ffffc90000e37b00 EFLAGS: 00010213 [ 25.949454][ C0] [ 25.949461][ C0] RAX: ffffffff81710320 RBX: ffff888120072000 RCX: 0000000000000000 [ 25.949477][ C0] RDX: ffff888120072000 RSI: ffffffff83decf7f RDI: ffffc900000dd000 [ 25.959623][ T294] [ 25.965083][ C0] RBP: ffffc900000d7a10 R08: dffffc0000000000 R09: ffffc900000d78e0 [ 25.965102][ C0] R10: 000000001ebd94fb R11: 1ffff9200001af1c R12: ffff888124f5ade0 [ 25.984714][ T294] RAX: ffffffff81710320 RBX: ffff88810cdfcb80 RCX: 0000000000000000 [ 25.990747][ C0] R13: ffff888120072288 R14: ffffffff83decf7f R15: ffff88810cdfc1a8 [ 25.996812][ T294] RDX: ffff88810cdfcb80 RSI: ffffffff8180d9f5 RDI: ffffc900000dd000 [ 25.999126][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 26.007095][ T294] RBP: ffffc90000e37b18 R08: dffffc0000000000 R09: ffffc90000e379e0 [ 26.015042][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.015060][ C0] CR2: 00007f956bc440d0 CR3: 0000000123914000 CR4: 00000000003506b0 [ 26.015077][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.017391][ T294] R10: 000000001ebd94fb R11: 1ffff920001c6f3c R12: 1ffff110219bf973 [ 26.025347][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.025362][ C0] Call Trace: [ 26.025369][ C0] [ 26.033318][ T294] R13: dffffc0000000000 R14: ffffffff8180d9f5 R15: ffff88810cdfc1a8 [ 26.041283][ C0] ? skb_release_data+0x63f/0x890 [ 26.049299][ T294] FS: 000055558f916380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 26.057245][ C0] kfree+0xc9/0xf0 [ 26.066196][ T294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.074130][ C0] skb_release_data+0x63f/0x890 [ 26.080714][ T294] CR2: 00007f956bc440d0 CR3: 0000000123900000 CR4: 00000000003506a0 [ 26.088679][ C0] napi_consume_skb+0x121/0x2c0 [ 26.096668][ T294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.104614][ C0] free_old_xmit_skbs+0x108/0x270 [ 26.112590][ T294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.115861][ C0] ? virtqueue_napi_schedule+0x40/0x40 [ 26.115889][ C0] ? __cfi_sched_clock_cpu+0x10/0x10 [ 26.118813][ T294] Kernel panic - not syncing: Fatal exception [ 26.126773][ C0] ? virtqueue_disable_cb+0x141/0x390 [ 26.126800][ C0] virtnet_poll_tx+0x22b/0x540 [ 26.126826][ C0] __napi_poll+0xd0/0x5e0 [ 26.126850][ C0] net_rx_action+0x49b/0xaa0 [ 26.126872][ C0] ? __cfi_net_rx_action+0x10/0x10 [ 26.126891][ C0] ? __schedule+0xb8f/0x14e0 [ 26.126915][ C0] ? irqtime_account_irq+0x75/0x240 [ 26.126939][ C0] handle_softirqs+0x1d7/0x600 [ 26.126958][ C0] ? __cfi_run_ksoftirqd+0x10/0x10 [ 26.126976][ C0] run_ksoftirqd+0x28/0x30 [ 26.126994][ C0] smpboot_thread_fn+0x4a0/0x910 [ 26.127019][ C0] kthread+0x281/0x320 [ 26.127035][ C0] ? __cfi_smpboot_thread_fn+0x10/0x10 [ 26.127058][ C0] ? __cfi_kthread+0x10/0x10 [ 26.127074][ C0] ret_from_fork+0x1f/0x30 [ 26.127098][ C0] [ 26.127104][ C0] Modules linked in: [ 26.132391][ T294] Kernel Offset: disabled [ 26.289326][ T294] Rebooting in 86400 seconds..