./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2419828698 <...> Warning: Permanently added '10.128.0.65' (ED25519) to the list of known hosts. execve("./syz-executor2419828698", ["./syz-executor2419828698"], 0x7fffa3480e20 /* 10 vars */) = 0 brk(NULL) = 0x5555797bd000 brk(0x5555797bdd00) = 0x5555797bdd00 arch_prctl(ARCH_SET_FS, 0x5555797bd380) = 0 set_tid_address(0x5555797bd650) = 295 set_robust_list(0x5555797bd660, 24) = 0 rseq(0x5555797bdca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2419828698", 4096) = 28 getrandom("\x3a\x8f\x1f\x20\x1e\xb9\xfb\x91", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555797bdd00 brk(0x5555797ded00) = 0x5555797ded00 brk(0x5555797df000) = 0x5555797df000 mprotect(0x7ff4b53c3000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0executing program ) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555797bd650) = 296 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555797bd650) = 297 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555797bd650) = 298 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555797bd650) = 299 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555797bd650) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x5555797bd660, 24) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555797bd650) = 301 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x5555797bd660, 24) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555797bd650) = 302 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x5555797bd660, 24) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] write(1, "executing program\n", 18) = 18 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL}, 148) = -1 EFAULT (Bad address) [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET6_BIND, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 3 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=3}}, 16) = 4 [pid 302] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 302] write(5, "1", 1) = 1 [pid 302] close(4) = 0 [pid 302] exit_group(0) = ? ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x5555797bd660, 24./strace-static-x86_64: Process 297 attached ) = 0 [pid 302] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 298 attached ./strace-static-x86_64: Process 296 attached [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] set_robust_list(0x5555797bd660, 24 [pid 301] <... prctl resumed>) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 [pid 301] write(1, "executing program\n", 18executing program ) = 18 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL}, 148) = -1 EFAULT (Bad address) [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET6_BIND, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 3 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=3}}, 16 [pid 298] set_robust_list(0x5555797bd660, 24 [pid 296] set_robust_list(0x5555797bd660, 24 [pid 297] <... set_robust_list resumed>) = 0 [pid 296] <... set_robust_list resumed>) = 0 [pid 298] <... set_robust_list resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555797bd650) = 304 [pid 296] <... clone resumed>, child_tidptr=0x5555797bd650) = 305 [pid 297] <... clone resumed>, child_tidptr=0x5555797bd650) = 303 ./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x5555797bd660, 24) = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] write(1, "executing program\n", 18executing program ) = 18 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL}, 148) = -1 EFAULT (Bad address) [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET6_BIND, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 3 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=3}}, 16./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x5555797bd660, 24) = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [ 23.588941][ T28] audit: type=1400 audit(1745673314.075:66): avc: denied { execmem } for pid=295 comm="syz-executor241" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.610422][ T28] audit: type=1400 audit(1745673314.075:67): avc: denied { bpf } for pid=302 comm="syz-executor241" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 304] close(3) = 0 ./strace-static-x86_64: Process 305 attached [pid 299] <... restart_syscall resumed>) = 0 [pid 305] set_robust_list(0x5555797bd660, 24) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 305] <... prctl resumed>) = 0 [pid 304] write(1, "executing program\n", 18executing program ) = 18 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL}, 148) = -1 EFAULT (Bad address) [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET6_BIND, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 [pid 303] <... bpf resumed>) = 4 [pid 305] setpgid(0, 0 [pid 304] <... bpf resumed>) = 3 [pid 303] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR./strace-static-x86_64: Process 306 attached [pid 305] <... setpgid resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x5555797bd650) = 306 [pid 306] set_robust_list(0x5555797bd660, 24) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=3}}, 16 [pid 303] <... openat resumed>) = 5 [pid 304] <... bpf resumed>) = 4 [pid 303] write(5, "1", 1 [pid 304] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 303] <... write resumed>) = 1 [ 23.631393][ T28] audit: type=1400 audit(1745673314.075:68): avc: denied { prog_load } for pid=302 comm="syz-executor241" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 23.651052][ T28] audit: type=1400 audit(1745673314.075:69): avc: denied { perfmon } for pid=302 comm="syz-executor241" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 304] <... openat resumed>) = 5 [pid 303] close(4 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 305] <... openat resumed>) = 3 [pid 304] write(5, "1", 1 [pid 301] <... bpf resumed>) = 4 [pid 306] <... prctl resumed>) = 0 [pid 305] write(3, "1000", 4 [pid 304] <... write resumed>) = 1 [pid 306] setpgid(0, 0 [pid 305] <... write resumed>) = 4 [pid 304] close(4 [pid 306] <... setpgid resumed>) = 0 [pid 305] close(3executing program [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 305] <... close resumed>) = 0 [pid 306] <... openat resumed>) = 3 [pid 305] write(1, "executing program\n", 18 [pid 306] write(3, "1000", 4 [pid 305] <... write resumed>) = 18 [pid 306] <... write resumed>) = 4 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 306] close(3 [pid 305] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 306] <... close resumed>) = 0 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL}, 148executing program [pid 306] write(1, "executing program\n", 18 [pid 305] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 306] <... write resumed>) = 18 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET6_BIND, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 305] <... bpf resumed>) = 3 [pid 306] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL}, 148 [pid 305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=3}}, 16 [pid 306] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET6_BIND, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 3 [pid 301] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 301] write(5, "1", 1) = 1 [pid 301] close(4 [ 23.673147][ T28] audit: type=1400 audit(1745673314.075:70): avc: denied { prog_run } for pid=302 comm="syz-executor241" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 23.674618][ T303] FAULT_INJECTION: forcing a failure. [ 23.674618][ T303] name failslab, interval 1, probability 0, space 0, times 1 [ 23.704845][ T303] CPU: 0 PID: 303 Comm: syz-executor241 Not tainted 6.1.129-syzkaller-00022-g25fc41bbde8e #0 [ 23.714826][ T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 23.724733][ T303] Call Trace: [ 23.727841][ T303] [ 23.730621][ T303] __dump_stack+0x21/0x24 [ 23.734793][ T303] dump_stack_lvl+0xee/0x150 [ 23.739211][ T303] ? __cfi_dump_stack_lvl+0x8/0x8 [ 23.744073][ T303] ? 0xffffffffa0001adc [ 23.748071][ T303] ? is_bpf_text_address+0x177/0x190 [ 23.753188][ T303] dump_stack+0x15/0x24 [ 23.757409][ T303] should_fail_ex+0x3d4/0x520 [ 23.761920][ T303] __should_failslab+0xac/0xf0 [ 23.766515][ T303] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 23.772330][ T303] should_failslab+0x9/0x20 [ 23.776667][ T303] __kmem_cache_alloc_node+0x3d/0x2c0 [ 23.781874][ T303] ? __cfi_mutex_lock+0x10/0x10 [ 23.786560][ T303] ? delete_node+0x3dc/0xa60 [ 23.790987][ T303] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 23.796806][ T303] __kmalloc+0xa1/0x1e0 [ 23.800794][ T303] ? __cfi___bpf_trace_timer_start+0x10/0x10 [ 23.806611][ T303] tracepoint_probe_unregister+0x1e6/0x8b0 [ 23.812254][ T303] bpf_probe_unregister+0x61/0x70 [ 23.817115][ T303] bpf_raw_tp_link_release+0x63/0x90 [ 23.822232][ T303] bpf_link_free+0x13a/0x390 [ 23.826659][ T303] ? bpf_link_put_deferred+0x20/0x20 [ 23.831780][ T303] bpf_link_release+0x15f/0x170 [ 23.836463][ T303] ? __cfi_bpf_link_release+0x10/0x10 [ 23.841671][ T303] __fput+0x1fc/0x8f0 [ 23.845493][ T303] ____fput+0x15/0x20 [ 23.849312][ T303] task_work_run+0x1db/0x240 [ 23.853737][ T303] ? __cfi_task_work_run+0x10/0x10 [ 23.858683][ T303] ? task_work_add+0x2b1/0x330 [ 23.863285][ T303] ptrace_notify+0x221/0x250 [ 23.867709][ T303] ? __cfi_ptrace_notify+0x10/0x10 [ 23.872656][ T303] ? fput+0x15b/0x1a0 [ 23.876475][ T303] ? filp_close+0x111/0x160 [ 23.880815][ T303] ? close_fd+0x28b/0x300 [ 23.884981][ T303] syscall_exit_work+0x84/0x140 [ 23.889671][ T303] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 23.895656][ T303] syscall_exit_to_user_mode+0xd/0x30 [ 23.900862][ T303] do_syscall_64+0x58/0xa0 [ 23.905114][ T303] ? clear_bhb_loop+0x15/0x70 [ 23.909629][ T303] ? clear_bhb_loop+0x15/0x70 [ 23.914142][ T303] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 23.919875][ T303] RIP: 0033:0x7ff4b5357b59 [ 23.924135][ T303] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 23.943568][ T303] RSP: 002b:00007ffde7b01ca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 23.951811][ T303] RAX: 0000000000000000 RBX: 00007ffde7b01cc0 RCX: 00007ff4b5357b59 [ 23.959622][ T303] RDX: 00007ff4b5356d90 RSI: 00007ffde7b01cc0 RDI: 0000000000000004 [ 23.967430][ T303] RBP: 0000000000000001 R08: 00007ffde7b01a47 R09: 0000000000000140 [ 23.975243][ T303] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 23.983054][ T303] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [pid 306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=3}}, 16 [pid 305] <... bpf resumed>) = 4 [pid 303] <... close resumed>) = 0 [pid 305] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 305] write(5, "1", 1) = 1 [pid 305] close(4 [pid 303] exit_group(0) = ? [pid 303] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555797bd650) = 309 ./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x5555797bd660, 24) = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 executing program [pid 309] write(1, "executing program\n", 18) = 18 [ 23.990875][ T303] [ 23.994250][ T304] FAULT_INJECTION: forcing a failure. [ 23.994250][ T304] name failslab, interval 1, probability 0, space 0, times 0 [ 24.007305][ T304] CPU: 1 PID: 304 Comm: syz-executor241 Not tainted 6.1.129-syzkaller-00022-g25fc41bbde8e #0 [ 24.017298][ T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 24.027178][ T304] Call Trace: [ 24.030299][ T304] [ 24.033079][ T304] __dump_stack+0x21/0x24 [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL}, 148) = -1 EFAULT (Bad address) [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET6_BIND, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 3 [ 24.037243][ T304] dump_stack_lvl+0xee/0x150 [ 24.041669][ T304] ? __cfi_dump_stack_lvl+0x8/0x8 [ 24.046527][ T304] ? 0xffffffffa0001adc [ 24.050524][ T304] ? is_bpf_text_address+0x177/0x190 [ 24.055642][ T304] dump_stack+0x15/0x24 [ 24.059635][ T304] should_fail_ex+0x3d4/0x520 [ 24.064148][ T304] __should_failslab+0xac/0xf0 [ 24.068751][ T304] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 24.074563][ T304] should_failslab+0x9/0x20 [ 24.078906][ T304] __kmem_cache_alloc_node+0x3d/0x2c0 [ 24.084112][ T304] ? __cfi_mutex_lock+0x10/0x10 [ 24.088803][ T304] ? delete_node+0x3e6/0xa60 [ 24.093223][ T304] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 24.099053][ T304] __kmalloc+0xa1/0x1e0 [ 24.103030][ T304] ? __cfi___bpf_trace_timer_start+0x10/0x10 [ 24.108859][ T304] tracepoint_probe_unregister+0x1e6/0x8b0 [ 24.114491][ T304] bpf_probe_unregister+0x61/0x70 [ 24.119354][ T304] bpf_raw_tp_link_release+0x63/0x90 [ 24.124469][ T304] bpf_link_free+0x13a/0x390 [ 24.128899][ T304] ? bpf_link_put_deferred+0x20/0x20 [ 24.134021][ T304] bpf_link_release+0x15f/0x170 [ 24.138699][ T304] ? __cfi_bpf_link_release+0x10/0x10 [ 24.143912][ T304] __fput+0x1fc/0x8f0 [ 24.147738][ T304] ____fput+0x15/0x20 [ 24.151544][ T304] task_work_run+0x1db/0x240 [ 24.155974][ T304] ? __cfi_task_work_run+0x10/0x10 [ 24.160920][ T304] ? task_work_add+0x2b1/0x330 [ 24.165521][ T304] ptrace_notify+0x221/0x250 [ 24.169943][ T304] ? __cfi_ptrace_notify+0x10/0x10 [ 24.174893][ T304] ? fput+0x15b/0x1a0 [ 24.178713][ T304] ? filp_close+0x111/0x160 [ 24.183051][ T304] ? close_fd+0x28b/0x300 [ 24.187217][ T304] syscall_exit_work+0x84/0x140 [ 24.191901][ T304] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 24.197892][ T304] syscall_exit_to_user_mode+0xd/0x30 [ 24.203371][ T304] do_syscall_64+0x58/0xa0 [ 24.207610][ T304] ? clear_bhb_loop+0x15/0x70 [ 24.212123][ T304] ? clear_bhb_loop+0x15/0x70 [ 24.216642][ T304] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 24.222365][ T304] RIP: 0033:0x7ff4b5357b59 [ 24.226622][ T304] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 24.246063][ T304] RSP: 002b:00007ffde7b01ca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 24.254308][ T304] RAX: 0000000000000000 RBX: 00007ffde7b01cc0 RCX: 00007ff4b5357b59 [ 24.262117][ T304] RDX: 00007ff4b5356d90 RSI: 00007ffde7b01cc0 RDI: 0000000000000004 [ 24.269931][ T304] RBP: 0000000000000001 R08: 00007ffde7b01a47 R09: 0000000000000140 [ 24.277738][ T304] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 24.285551][ T304] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 24.293394][ T304] [ 24.296864][ T301] FAULT_INJECTION: forcing a failure. [ 24.296864][ T301] name failslab, interval 1, probability 0, space 0, times 0 [ 24.297498][ T14] CFI failure at __traceiter_timer_start+0x87/0xe0 (target: tp_stub_func+0x0/0x10; expected type: 0x82fbfa63) [ 24.309397][ T301] CPU: 1 PID: 301 Comm: syz-executor241 Not tainted 6.1.129-syzkaller-00022-g25fc41bbde8e #0 [ 24.320744][ T14] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 24.330700][ T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 24.336602][ T14] CPU: 0 PID: 14 Comm: rcu_preempt Not tainted 6.1.129-syzkaller-00022-g25fc41bbde8e #0 [ 24.346494][ T301] Call Trace: [ 24.346503][ T301] [ 24.356039][ T14] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 24.359166][ T301] __dump_stack+0x21/0x24 [ 24.361942][ T14] RIP: 0010:__traceiter_timer_start+0x87/0xe0 [ 24.371838][ T301] dump_stack_lvl+0xee/0x150 [ 24.376002][ T14] Code: f8 48 c1 e8 03 80 3c 18 00 74 05 e8 43 3d 53 00 49 8b 7d 08 4c 89 fe 48 8b 55 c8 8b 4d d4 41 ba 9d 05 04 7d 45 03 56 fc 74 02 <0f> 0b 41 ff d6 49 83 c4 18 4c 89 e0 48 c1 e8 03 80 3c 18 00 74 08 [ 24.381904][ T301] ? __cfi_dump_stack_lvl+0x8/0x8 [ 24.386330][ T14] RSP: 0018:ffffc900000e7ac0 EFLAGS: 00010017 [ 24.405773][ T301] ? 0xffffffffa0001adc [ 24.410632][ T14] [ 24.410638][ T14] RAX: 1ffff11021ca0086 RBX: dffffc0000000000 RCX: 000000000f800000 [ 24.416533][ T301] ? is_bpf_text_address+0x177/0x190 [ 24.420525][ T14] RDX: 00000000ffff93fd RSI: ffffc900000e7c20 RDI: ffffc900000f9000 [ 24.422701][ T301] dump_stack+0x15/0x24 [ 24.430508][ T14] RBP: ffffc900000e7af8 R08: dffffc0000000000 R09: ffffc900000e7988 [ 24.435628][ T301] should_fail_ex+0x3d4/0x520 [ 24.443440][ T14] R10: 0000000022446ca9 R11: 1ffff9200001cf31 R12: ffff88810e500428 [ 24.447432][ T301] __should_failslab+0xac/0xf0 [ 24.455240][ T14] R13: ffff88810e500428 R14: ffffffff8170fe20 R15: ffffc900000e7c20 [ 24.459756][ T301] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 24.467566][ T14] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 24.472167][ T301] should_failslab+0x9/0x20 [ 24.479985][ T14] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.485793][ T301] __kmem_cache_alloc_node+0x3d/0x2c0 [ 24.494557][ T14] CR2: 0000000000000000 CR3: 00000001100e5000 CR4: 00000000003506b0 [ 24.498985][ T301] ? __cfi_mutex_lock+0x10/0x10 [ 24.505411][ T14] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.510624][ T301] ? delete_node+0x3e6/0xa60 [ 24.518427][ T14] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.523116][ T301] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 24.530935][ T14] Call Trace: [ 24.530945][ T14] [ 24.535352][ T301] __kmalloc+0xa1/0x1e0 [ 24.543167][ T14] ? __die_body+0xa3/0xb0 [ 24.548987][ T301] ? __cfi___bpf_trace_timer_start+0x10/0x10 [ 24.552109][ T14] ? __die+0x25/0x30 [ 24.554877][ T301] tracepoint_probe_unregister+0x1e6/0x8b0 [ 24.558872][ T14] ? die+0x2a/0x50 [ 24.563041][ T301] bpf_probe_unregister+0x61/0x70 [ 24.568850][ T14] ? do_trap+0xf0/0x2f0 [ 24.572599][ T301] bpf_raw_tp_link_release+0x63/0x90 [ 24.578225][ T14] ? __traceiter_timer_start+0x87/0xe0 [ 24.581783][ T301] bpf_link_free+0x13a/0x390 [ 24.586644][ T14] ? handle_invalid_op+0x95/0xc0 [ 24.590635][ T301] ? bpf_link_put_deferred+0x20/0x20 [ 24.595756][ T14] ? __traceiter_timer_start+0x87/0xe0 [ 24.601053][ T301] bpf_link_release+0x15f/0x170 [ 24.605478][ T14] ? exc_invalid_op+0x32/0x50 [ 24.610267][ T301] ? __cfi_bpf_link_release+0x10/0x10 [ 24.615486][ T14] ? asm_exc_invalid_op+0x1b/0x20 [ 24.620753][ T301] __fput+0x1fc/0x8f0 [ 24.625440][ T14] ? __cfi_tp_stub_func+0x10/0x10 [ 24.629954][ T301] ____fput+0x15/0x20 [ 24.635162][ T14] ? __traceiter_timer_start+0x87/0xe0 [ 24.640021][ T301] task_work_run+0x1db/0x240 [ 24.643840][ T14] enqueue_timer+0x337/0x480 [ 24.648698][ T301] ? __cfi_task_work_run+0x10/0x10 [ 24.652606][ T14] __mod_timer+0x79f/0xb30 [ 24.657984][ T301] ? task_work_add+0x2b1/0x330 [ 24.662412][ T14] ? detach_if_pending+0xf4/0x300 [ 24.666837][ T301] ptrace_notify+0x221/0x250 [ 24.671791][ T14] schedule_timeout+0x127/0x2e0 [ 24.676039][ T301] ? __cfi_ptrace_notify+0x10/0x10 [ 24.680637][ T14] ? __cfi_schedule_timeout+0x10/0x10 [ 24.685499][ T301] ? fput+0x15b/0x1a0 [ 24.689924][ T14] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 24.694609][ T301] ? filp_close+0x111/0x160 [ 24.699561][ T14] ? __cfi_process_timeout+0x10/0x10 [ 24.704765][ T301] ? close_fd+0x28b/0x300 [ 24.708595][ T14] ? prepare_to_swait_event+0x308/0x320 [ 24.713878][ T301] syscall_exit_work+0x84/0x140 [ 24.718228][ T14] rcu_gp_fqs_loop+0x2d8/0x10a0 [ 24.723346][ T301] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 24.727505][ T14] ? __cfi_rcu_implicit_dynticks_qs+0x10/0x10 [ 24.732885][ T301] syscall_exit_to_user_mode+0xd/0x30 [ 24.737573][ T14] ? rcu_gp_init+0xf10/0xf10 [ 24.742256][ T301] do_syscall_64+0x58/0xa0 [ 24.748249][ T14] rcu_gp_kthread+0x95/0x370 [ 24.754152][ T301] ? clear_bhb_loop+0x15/0x70 [ 24.759367][ T14] ? __cfi_rcu_gp_kthread+0x10/0x10 [ 24.763781][ T301] ? clear_bhb_loop+0x15/0x70 [ 24.768038][ T14] ? __kasan_check_read+0x11/0x20 [ 24.772463][ T301] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 24.776980][ T14] ? __kthread_parkme+0x142/0x180 [ 24.782095][ T301] RIP: 0033:0x7ff4b5357b59 [ 24.786527][ T14] kthread+0x281/0x320 [ 24.791386][ T301] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 24.797112][ T14] ? __cfi_rcu_gp_kthread+0x10/0x10 [ 24.801971][ T301] RSP: 002b:00007ffde7b01ca8 EFLAGS: 00000246 [ 24.806223][ T14] ? __cfi_kthread+0x10/0x10 [ 24.810134][ T301] ORIG_RAX: 0000000000000003 [ 24.829770][ T14] ret_from_fork+0x1f/0x30 [ 24.834800][ T301] RAX: 0000000000000000 RBX: 00007ffde7b01cc0 RCX: 00007ff4b5357b59 [ 24.840710][ T14] [ 24.845129][ T301] RDX: 00007ff4b5356d90 RSI: 00007ffde7b01cc0 RDI: 0000000000000004 [ 24.849644][ T14] Modules linked in: [ 24.853893][ T301] RBP: 0000000000000001 R08: 00007ffde7b01a47 R09: 0000000000000140 [ 24.861721][ T14] ---[ end trace 0000000000000000 ]--- [ 24.864569][ T301] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 24.872383][ T14] RIP: 0010:__traceiter_timer_start+0x87/0xe0 [ 24.876116][ T301] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 24.883925][ T14] Code: f8 48 c1 e8 03 80 3c 18 00 74 05 e8 43 3d 53 00 49 8b 7d 08 4c 89 fe 48 8b 55 c8 8b 4d d4 41 ba 9d 05 04 7d 45 03 56 fc 74 02 <0f> 0b 41 ff d6 49 83 c4 18 4c 89 e0 48 c1 e8 03 80 3c 18 00 74 08 [ 24.889226][ T301] [ 24.897029][ T14] RSP: 0018:ffffc900000e7ac0 EFLAGS: 00010017 [ 24.903354][ C1] CFI failure at __traceiter_timer_start+0x87/0xe0 (target: tp_stub_func+0x0/0x10; expected type: 0x82fbfa63) [ 24.910743][ T14] [ 24.910749][ T14] RAX: 1ffff11021ca0086 RBX: dffffc0000000000 RCX: 000000000f800000 [ 24.930214][ C1] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 24.933045][ T14] RDX: 00000000ffff93fd RSI: ffffc900000e7c20 RDI: ffffc900000f9000 [ 24.938952][ C1] CPU: 1 PID: 301 Comm: syz-executor241 Tainted: G D 6.1.129-syzkaller-00022-g25fc41bbde8e #0 [ 24.950405][ T14] RBP: ffffc900000e7af8 R08: dffffc0000000000 R09: ffffc900000e7988 [ 24.952574][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 24.960394][ T14] R10: 0000000022446ca9 R11: 1ffff9200001cf31 R12: ffff88810e500428 [ 24.966291][ C1] RIP: 0010:__traceiter_timer_start+0x87/0xe0 [ 24.974102][ T14] R13: ffff88810e500428 R14: ffffffff8170fe20 R15: ffffc900000e7c20 [ 24.985556][ C1] Code: f8 48 c1 e8 03 80 3c 18 00 74 05 e8 43 3d 53 00 49 8b 7d 08 4c 89 fe 48 8b 55 c8 8b 4d d4 41 ba 9d 05 04 7d 45 03 56 fc 74 02 <0f> 0b 41 ff d6 49 83 c4 18 4c 89 e0 48 c1 e8 03 80 3c 18 00 74 08 [ 24.993368][ T14] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 25.003259][ C1] RSP: 0018:ffffc900001b0b60 EFLAGS: 00010017 [ 25.011250][ T14] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.017147][ C1] [ 25.017155][ C1] RAX: 1ffff11021ca0086 RBX: dffffc0000000000 RCX: 0000000014c00001 [ 25.024959][ T14] CR2: 0000000000000000 CR3: 00000001100e5000 CR4: 00000000003506b0 [ 25.044401][ C1] RDX: 00000000ffff9495 RSI: ffffffff87a17e68 RDI: ffffc900000f9000 [ 25.053171][ T14] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.059066][ C1] RBP: ffffc900001b0b98 R08: dffffc0000000000 R09: ffffc900001b0a28 [ 25.065488][ T14] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.067659][ C1] R10: 0000000022446ca9 R11: 1ffff92000036145 R12: ffff88810e500428 [ 25.075471][ T14] Kernel panic - not syncing: Fatal exception [ 25.083282][ C1] R13: ffff88810e500428 R14: ffffffff8170fe20 R15: ffffffff87a17e68 [ 25.083298][ C1] FS: 00005555797bd380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 25.083313][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.083325][ C1] CR2: 0000000000000000 CR3: 00000001255de000 CR4: 00000000003506a0 [ 25.083340][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.083349][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.083360][ C1] Call Trace: [ 25.083365][ C1] [ 25.083373][ C1] ? __die_body+0xa3/0xb0 [ 25.083395][ C1] ? __die+0x25/0x30 [ 25.083419][ C1] ? die+0x2a/0x50 [ 25.083442][ C1] ? do_trap+0xf0/0x2f0 [ 25.083462][ C1] ? __traceiter_timer_start+0x87/0xe0 [ 25.083486][ C1] ? handle_invalid_op+0x95/0xc0 [ 25.083505][ C1] ? __traceiter_timer_start+0x87/0xe0 [ 25.083529][ C1] ? exc_invalid_op+0x32/0x50 [ 25.083551][ C1] ? asm_exc_invalid_op+0x1b/0x20 [ 25.083574][ C1] ? __cfi_tp_stub_func+0x10/0x10 [ 25.083596][ C1] ? __traceiter_timer_start+0x87/0xe0 [ 25.083622][ C1] enqueue_timer+0x337/0x480 [ 25.083645][ C1] __mod_timer+0x79f/0xb30 [ 25.083665][ C1] mod_timer+0x1f/0x30 [ 25.083682][ C1] can_stat_update+0xb1a/0xbb0 [ 25.083703][ C1] ? __cfi_can_stat_update+0x10/0x10 [ 25.083721][ C1] call_timer_fn+0x46/0x2a0 [ 25.083740][ C1] ? __cfi_can_stat_update+0x10/0x10 [ 25.083758][ C1] __run_timers+0x639/0x9a0 [ 25.083782][ C1] ? calc_index+0x200/0x200 [ 25.083804][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 25.083830][ C1] run_timer_softirq+0x6a/0xf0 [ 25.083849][ C1] handle_softirqs+0x1d7/0x600 [ 25.083869][ C1] __irq_exit_rcu+0x52/0xf0 [ 25.083885][ C1] irq_exit_rcu+0x9/0x10 [ 25.083900][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 25.083927][ C1] [ 25.083932][ C1] [ 25.083937][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 25.083963][ C1] RIP: 0010:dump_stack_lvl+0x122/0x150 [ 25.083991][ C1] Code: e6 00 02 00 00 31 ff e8 fc 8f 87 fc 49 81 e5 00 02 00 00 75 07 e8 2e 8b 87 fc eb 06 e8 27 8b 87 fc fb 48 c7 04 24 0e 36 e0 45 <4b> c7 04 27 00 00 00 00 65 48 8b 04 25 28 00 00 00 48 3b 44 24 40 [ 25.084005][ C1] RSP: 0018:ffffc90000f378a0 EFLAGS: 00000293 [ 25.084020][ C1] RAX: ffffffff84e856a9 RBX: ffffffff85ea1e40 RCX: ffff88811fb66540 [ 25.084032][ C1] RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000 [ 25.084042][ C1] RBP: ffffc90000f37928 R08: 0000000000000004 R09: 0000000000000003 [ 25.084053][ C1] R10: fffffbfff0de37f0 R11: 1ffffffff0de37f0 R12: dffffc0000000000 [ 25.084066][ C1] R13: 0000000000000200 R14: 0000000000000001 R15: 1ffff920001e6f14 [ 25.084079][ C1] ? dump_stack_lvl+0x119/0x150 [ 25.084101][ C1] ? __cfi_dump_stack_lvl+0x8/0x8 [ 25.084122][ C1] ? 0xffffffffa0001adc [ 25.084133][ C1] ? is_bpf_text_address+0x177/0x190 [ 25.084155][ C1] dump_stack+0x15/0x24 [ 25.084174][ C1] should_fail_ex+0x3d4/0x520 [ 25.084194][ C1] __should_failslab+0xac/0xf0 [ 25.084212][ C1] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 25.084232][ C1] should_failslab+0x9/0x20 [ 25.084256][ C1] __kmem_cache_alloc_node+0x3d/0x2c0 [ 25.084275][ C1] ? __cfi_mutex_lock+0x10/0x10 [ 25.084297][ C1] ? delete_node+0x3e6/0xa60 [ 25.084320][ C1] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 25.084339][ C1] __kmalloc+0xa1/0x1e0 [ 25.084361][ C1] ? __cfi___bpf_trace_timer_start+0x10/0x10 [ 25.084378][ C1] tracepoint_probe_unregister+0x1e6/0x8b0 [ 25.084399][ C1] bpf_probe_unregister+0x61/0x70 [ 25.084423][ C1] bpf_raw_tp_link_release+0x63/0x90 [ 25.084441][ C1] bpf_link_free+0x13a/0x390 [ 25.084463][ C1] ? bpf_link_put_deferred+0x20/0x20 [ 25.084488][ C1] bpf_link_release+0x15f/0x170 [ 25.084512][ C1] ? __cfi_bpf_link_release+0x10/0x10 [ 25.084536][ C1] __fput+0x1fc/0x8f0 [ 25.084556][ C1] ____fput+0x15/0x20 [ 25.084571][ C1] task_work_run+0x1db/0x240 [ 25.084592][ C1] ? __cfi_task_work_run+0x10/0x10 [ 25.084612][ C1] ? task_work_add+0x2b1/0x330 [ 25.084632][ C1] ptrace_notify+0x221/0x250 [ 25.084655][ C1] ? __cfi_ptrace_notify+0x10/0x10 [ 25.084677][ C1] ? fput+0x15b/0x1a0 [ 25.084693][ C1] ? filp_close+0x111/0x160 [ 25.084712][ C1] ? close_fd+0x28b/0x300 [ 25.084734][ C1] syscall_exit_work+0x84/0x140 [ 25.084751][ C1] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 25.084768][ C1] syscall_exit_to_user_mode+0xd/0x30 [ 25.084784][ C1] do_syscall_64+0x58/0xa0 [ 25.084804][ C1] ? clear_bhb_loop+0x15/0x70 [ 25.084828][ C1] ? clear_bhb_loop+0x15/0x70 [ 25.084852][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 25.084875][ C1] RIP: 0033:0x7ff4b5357b59 [ 25.084887][ C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 25.084900][ C1] RSP: 002b:00007ffde7b01ca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 25.084916][ C1] RAX: 0000000000000000 RBX: 00007ffde7b01cc0 RCX: 00007ff4b5357b59 [ 25.084928][ C1] RDX: 00007ff4b5356d90 RSI: 00007ffde7b01cc0 RDI: 0000000000000004 [ 25.084939][ C1] RBP: 0000000000000001 R08: 00007ffde7b01a47 R09: 0000000000000140 [ 25.084949][ C1] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 25.084959][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.084978][ C1] [ 25.084983][ C1] Modules linked in: [ 25.092757][ C1] ---[ end trace 0000000000000000 ]--- [ 25.092765][ C1] RIP: 0010:__traceiter_timer_start+0x87/0xe0 [ 25.092793][ C1] Code: f8 48 c1 e8 03 80 3c 18 00 74 05 e8 43 3d 53 00 49 8b 7d 08 4c 89 fe 48 8b 55 c8 8b 4d d4 41 ba 9d 05 04 7d 45 03 56 fc 74 02 <0f> 0b 41 ff d6 49 83 c4 18 4c 89 e0 48 c1 e8 03 80 3c 18 00 74 08 [ 25.092806][ C1] RSP: 0018:ffffc900000e7ac0 EFLAGS: 00010017 [ 25.092821][ C1] RAX: 1ffff11021ca0086 RBX: dffffc0000000000 RCX: 000000000f800000 [ 25.092833][ C1] RDX: 00000000ffff93fd RSI: ffffc900000e7c20 RDI: ffffc900000f9000 [ 25.092845][ C1] RBP: ffffc900000e7af8 R08: dffffc0000000000 R09: ffffc900000e7988 [ 25.092858][ C1] R10: 0000000022446ca9 R11: 1ffff9200001cf31 R12: ffff88810e500428 [ 25.092870][ C1] R13: ffff88810e500428 R14: ffffffff8170fe20 R15: ffffc900000e7c20 [ 25.092883][ C1] FS: 00005555797bd380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 25.092898][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.092910][ C1] CR2: 0000000000000000 CR3: 00000001255de000 CR4: 00000000003506a0 [ 25.092924][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.092934][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.265757][ T14] Shutting down cpus with NMI [ 26.937254][ T14] Kernel Offset: disabled [ 26.941299][ T14] Rebooting in 86400 seconds..