./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1181669827 <...> Warning: Permanently added '10.128.1.178' (ED25519) to the list of known hosts. execve("./syz-executor1181669827", ["./syz-executor1181669827"], 0x7fff87fbbb10 /* 10 vars */) = 0 brk(NULL) = 0x555556f79000 brk(0x555556f79d00) = 0x555556f79d00 arch_prctl(ARCH_SET_FS, 0x555556f79380) = 0 set_tid_address(0x555556f79650) = 298 set_robust_list(0x555556f79660, 24) = 0 rseq(0x555556f79ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1181669827", 4096) = 28 getrandom("\x62\xf7\xf9\xb7\x82\x25\x94\x3c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556f79d00 brk(0x555556f9ad00) = 0x555556f9ad00 brk(0x555556f9b000) = 0x555556f9b000 mprotect(0x7f5f696c8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f79650) = 299 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x555556f79660, 24) = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] setpgid(0, 0) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "1000", 4) = 4 [pid 299] close(3) = 0 [pid 299] write(1, "executing program\n", 18executing program ) = 18 [pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [ 27.420971][ T30] audit: type=1400 audit(1717466789.263:66): avc: denied { execmem } for pid=298 comm="syz-executor118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 27.427935][ T30] audit: type=1400 audit(1717466789.273:67): avc: denied { map_create } for pid=299 comm="syz-executor118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 27.430960][ T30] audit: type=1400 audit(1717466789.273:68): avc: denied { map_read map_write } for pid=299 comm="syz-executor118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 27.434158][ T30] audit: type=1400 audit(1717466789.273:69): avc: denied { prog_load } for pid=299 comm="syz-executor118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 27.438012][ T30] audit: type=1400 audit(1717466789.283:70): avc: denied { bpf } for pid=299 comm="syz-executor118" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 27.442630][ T30] audit: type=1400 audit(1717466789.283:71): avc: denied { perfmon } for pid=299 comm="syz-executor118" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=4}}, 16) = 5 [pid 299] exit_group(0) = ? [pid 299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f79650) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x555556f79660, 24) = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] write(1, "executing program\n", 18executing program ) = 18 [pid 300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=4}}, 16) = 5 [pid 300] exit_group(0) = ? [pid 300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x555556f79660, 24) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... clone resumed>, child_tidptr=0x555556f79650) = 301 [pid 301] <... openat resumed>) = 3 [pid 301] write(3, "1000", 4) = 4 executing program [pid 301] close(3) = 0 [pid 301] write(1, "executing program\n", 18) = 18 [pid 301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=4}}, 16) = 5 [pid 301] exit_group(0) = ? [pid 301] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x555556f79660, 24) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 executing program [pid 302] close(3) = 0 [pid 302] write(1, "executing program\n", 18) = 18 [pid 302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 298] <... clone resumed>, child_tidptr=0x555556f79650) = 302 [pid 302] <... bpf resumed>) = 3 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 27.626256][ T30] audit: type=1400 audit(1717466789.463:72): avc: denied { prog_run } for pid=299 comm="syz-executor118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=4}}, 16) = 5 [pid 302] exit_group(0) = ? [pid 302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f79650) = 303 ./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x555556f79660, 24) = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] write(1, "executing program\n", 18executing program ) = 18 [pid 303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=4}}, 16) = 5 [pid 303] exit_group(0) = ? [pid 303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f79650) = 304 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x555556f79660, 24) = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 executing program [pid 304] write(1, "executing program\n", 18) = 18 [pid 304] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=4}}, 16) = 5 [pid 304] exit_group(0) = ? [pid 304] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 305 attached , child_tidptr=0x555556f79650) = 305 [pid 305] set_robust_list(0x555556f79660, 24) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] write(1, "executing program\n", 18executing program ) = 18 [pid 305] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=4}}, 16) = 5 [pid 305] exit_group(0) = ? [pid 305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f79650) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x555556f79660, 24) = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] write(1, "executing program\n", 18executing program ) = 18 [pid 306] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=4}}, 16) = 5 [pid 306] exit_group(0) = ? [pid 306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 307 attached , child_tidptr=0x555556f79650) = 307 [pid 307] set_robust_list(0x555556f79660, 24) = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] write(1, "executing program\n", 18executing program ) = 18 [pid 307] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 307] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=4}}, 16) = 5 [pid 307] exit_group(0) = ? [pid 307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f79650) = 308 ./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x555556f79660, 24) = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 308] write(3, "1000", 4) = 4 executing program [pid 308] close(3) = 0 [pid 308] write(1, "executing program\n", 18) = 18 [pid 308] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 308] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=4}}, 16) = 5 [pid 308] exit_group(0) = ? [pid 308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 309 attached , child_tidptr=0x555556f79650) = 309 [pid 309] set_robust_list(0x555556f79660, 24) = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] write(1, "executing program\n", 18executing program ) = 18 [pid 309] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=4}}, 16) = 5 [ 27.837431][ C1] ------------[ cut here ]------------ [ 27.842703][ C1] WARNING: CPU: 1 PID: 309 at kernel/softirq.c:358 __local_bh_enable_ip+0x6c/0x80 [ 27.851741][ C1] Modules linked in: [ 27.855471][ C1] CPU: 1 PID: 309 Comm: syz-executor118 Not tainted 5.15.149-syzkaller-00131-g79bd336c7a94 #0 [ 27.865529][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 27.875515][ C1] RIP: 0010:__local_bh_enable_ip+0x6c/0x80 [ 27.881151][ C1] Code: 66 8b 05 27 89 c0 7e 66 85 c0 75 22 bf 01 00 00 00 e8 98 42 09 00 65 8b 05 99 86 bf 7e 85 c0 74 02 5d c3 e8 9a 9a bd ff 5d c3 <0f> 0b eb a2 e8 0b 00 00 00 eb d7 66 0f 1f 84 00 00 00 00 00 55 48 [ 27.900594][ C1] RSP: 0000:ffffc900001d0b00 EFLAGS: 00010006 [ 27.906499][ C1] RAX: 0000000080010203 RBX: ffff888120392528 RCX: dffffc0000000000 [ 27.914306][ C1] RDX: 0000000080010203 RSI: 0000000000000201 RDI: ffffffff83fe44cb [ 27.922115][ C1] RBP: ffffc900001d0b00 R08: dffffc0000000000 R09: ffffed1023c6b6f1 [ 27.929926][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888120392528 [ 27.937739][ C1] R13: ffff88811e35b780 R14: 0000000000000000 R15: ffff88811e35b780 [ 27.945550][ C1] FS: 0000555556f79380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 27.954316][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.960739][ C1] CR2: 00007f5f696cece8 CR3: 000000011e382000 CR4: 00000000003506a0 [ 27.968555][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.976362][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.984175][ C1] Call Trace: [ 27.987300][ C1] [ 27.989992][ C1] ? show_regs+0x58/0x60 [ 27.994068][ C1] ? __warn+0x160/0x2f0 [ 27.998062][ C1] ? __local_bh_enable_ip+0x6c/0x80 [ 28.003093][ C1] ? report_bug+0x3d9/0x5b0 [ 28.007434][ C1] ? __local_bh_enable_ip+0x6c/0x80 [ 28.012467][ C1] ? handle_bug+0x41/0x70 [ 28.016637][ C1] ? exc_invalid_op+0x1b/0x50 [ 28.021146][ C1] ? asm_exc_invalid_op+0x1b/0x20 [ 28.026012][ C1] ? sock_map_delete_elem+0xcb/0x130 [ 28.031130][ C1] ? __local_bh_enable_ip+0x6c/0x80 [ 28.036161][ C1] _raw_spin_unlock_bh+0x51/0x60 [ 28.040934][ C1] sock_map_delete_elem+0xcb/0x130 [ 28.045882][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0xd44 [ 28.051267][ C1] bpf_trace_run3+0x11e/0x250 [ 28.055775][ C1] ? __kasan_check_write+0x14/0x20 [ 28.060723][ C1] ? bpf_trace_run2+0x210/0x210 [ 28.065410][ C1] ? __raise_softirq_irqoff+0x1a/0xe0 [ 28.070629][ C1] __bpf_trace_timer_start+0x2b/0x40 [ 28.075738][ C1] enqueue_timer+0x351/0x4c0 [ 28.080167][ C1] add_timer_on+0x3f3/0x560 [ 28.084505][ C1] ? add_timer+0x80/0x80 [ 28.088585][ C1] ? __handle_irq_event_percpu+0x6c5/0x730 [ 28.094230][ C1] add_interrupt_randomness+0x40d/0x480 [ 28.099612][ C1] handle_irq_event+0x124/0x2b0 [ 28.104294][ C1] ? handle_irq_event_percpu+0x1a0/0x1a0 [ 28.109764][ C1] ? apic_ack_edge+0x10e/0x1b0 [ 28.114362][ C1] handle_edge_irq+0x2ea/0xda0 [ 28.118963][ C1] __common_interrupt+0x97/0x1b0 [ 28.123734][ C1] common_interrupt+0xaf/0xd0 [ 28.128251][ C1] [ 28.131023][ C1] [ 28.133805][ C1] asm_common_interrupt+0x27/0x40 [ 28.138669][ C1] RIP: 0010:do_handle_mm_fault+0x1af4/0x23a0 [ 28.144477][ C1] Code: 28 00 74 08 4c 89 ff e8 ea a4 0a 00 48 8b 9c 24 58 01 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 cc a4 0a 00 <48> 89 5c 24 18 4c 8b 33 4c 89 f6 48 83 e6 9f 31 ff e8 86 6f c8 ff [ 28.163917][ C1] RSP: 0000:ffffc90000997ae0 EFLAGS: 00000246 [ 28.169820][ C1] RAX: 1ffff11023c6ff4b RBX: ffff88811e37fa58 RCX: ffff888120180000 [ 28.177631][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 28.185445][ C1] RBP: ffffc90000997df8 R08: ffffffff81a7ca6f R09: ffffc90000997c28 [ 28.193254][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000997c00 [ 28.201065][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc90000997c38 [ 28.208880][ C1] ? do_handle_mm_fault+0x1a9f/0x23a0 [ 28.214095][ C1] ? numa_migrate_prep+0xe0/0xe0 [ 28.218864][ C1] ? __kasan_check_write+0x14/0x20 [ 28.223806][ C1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 28.228753][ C1] ? _raw_spin_lock_irqsave+0x210/0x210 [ 28.234166][ C1] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.239169][ C1] ? down_read_trylock+0x1f9/0x300 [ 28.244120][ C1] ? __init_rwsem+0x1c0/0x1c0 [ 28.248633][ C1] ? vmacache_find+0x21f/0x4d0 [ 28.253228][ C1] ? __find_vma+0x30/0x150 [ 28.257480][ C1] exc_page_fault+0x3b5/0x830 [ 28.261998][ C1] asm_exc_page_fault+0x27/0x30 [ 28.266685][ C1] RIP: 0033:0x7f5f6962b230 [ 28.270932][ C1] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d bd 0d 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 b0 3a 0a 00 0f 85 0f 02 00 00 4c 8d 25 a3 3a 0a 00 4c [ 28.290375][ C1] RSP: 002b:00007ffeddf19320 EFLAGS: 00010246 [ 28.296292][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001 [ 28.304089][ C1] RDX: 0000000000000001 RSI: 00007f5f696cc118 RDI: 0000000000000000 [ 28.312201][ C1] RBP: 00007f5f696cc118 R08: 0000000000000006 R09: 0000000000000006 [ 28.320013][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 28.327976][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 28.335790][ C1] [pid 309] exit_group(0) = ? [ 28.338654][ C1] ---[ end trace 86a7dfec7fb31adc ]--- [ 128.347062][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 128.353490][ C1] rcu: 1-...!: (9999 ticks this GP) idle=e99/1/0x4000000000000000 softirq=1963/1963 fqs=0 last_accelerate: 9599/bcaa dyntick_enabled: 1 [ 128.367278][ C1] (t=10000 jiffies g=577 q=56) [ 128.371965][ C1] rcu: rcu_preempt kthread starved for 10000 jiffies! g577 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 128.382984][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 128.392799][ C1] rcu: RCU grace-period kthread stack dump: [ 128.398529][ C1] task:rcu_preempt state:I stack:28328 pid: 14 ppid: 2 flags:0x00004000 [ 128.407567][ C1] Call Trace: [ 128.410673][ C1] [ 128.413453][ C1] rcu_gp_fqs_loop+0x2af/0xf80 [ 128.418050][ C1] ? debug_smp_processor_id+0x17/0x20 [ 128.423255][ C1] ? __note_gp_changes+0x4ab/0x920 [ 128.428205][ C1] ? rcu_gp_init+0xc30/0xc30 [ 128.432630][ C1] ? _raw_spin_unlock_irq+0x4e/0x70 [ 128.437662][ C1] ? rcu_gp_init+0x9cf/0xc30 [ 128.442090][ C1] rcu_gp_kthread+0xa4/0x350 [ 128.446515][ C1] ? _raw_spin_lock+0x1b0/0x1b0 [ 128.451204][ C1] ? wake_nocb_gp+0x1e0/0x1e0 [ 128.455718][ C1] ? __kasan_check_read+0x11/0x20 [ 128.460584][ C1] ? __kthread_parkme+0xb2/0x200 [ 128.465351][ C1] kthread+0x421/0x510 [ 128.469258][ C1] ? wake_nocb_gp+0x1e0/0x1e0 [ 128.473771][ C1] ? kthread_blkcg+0xd0/0xd0 [ 128.478202][ C1] ret_from_fork+0x1f/0x30 [ 128.482453][ C1] [ 128.485320][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 128.491475][ C1] Sending NMI from CPU 1 to CPUs 0: [ 128.496563][ C0] NMI backtrace for cpu 0 [ 128.496580][ C0] CPU: 0 PID: 14 Comm: rcu_preempt Tainted: G W 5.15.149-syzkaller-00131-g79bd336c7a94 #0 [ 128.496598][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 128.496607][ C0] RIP: 0010:kvm_wait+0x117/0x180 [ 128.496644][ C0] Code: 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 53 41 0f b6 45 00 44 38 f0 0f 85 63 ff ff ff 66 90 0f 00 2d fa 03 f3 03 f4 54 ff ff ff fa 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b [ 128.496657][ C0] RSP: 0018:ffffc900000076a0 EFLAGS: 00000046 [ 128.496671][ C0] RAX: 0000000000000003 RBX: 1ffff92000000ed8 RCX: ffffffff8154fa3f [ 128.496692][ C0] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff8881f7027900 [ 128.496703][ C0] RBP: ffffc90000007750 R08: dffffc0000000000 R09: ffffed103ee04f21 [ 128.496715][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 128.496725][ C0] R13: ffff8881f7027900 R14: 0000000000000003 R15: 1ffff92000000edc [ 128.496736][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 128.496750][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.496760][ C0] CR2: 00007ffeddf19278 CR3: 000000010b8b6000 CR4: 00000000003506b0 [ 128.496774][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 128.496783][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 128.496793][ C0] Call Trace: [ 128.496799][ C0] [ 128.496805][ C0] ? show_regs+0x58/0x60 [ 128.496821][ C0] ? nmi_cpu_backtrace+0x29f/0x300 [ 128.496839][ C0] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 128.496858][ C0] ? kvm_wait+0x117/0x180 [ 128.496872][ C0] ? kvm_wait+0x117/0x180 [ 128.496885][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 128.496903][ C0] ? nmi_handle+0xa8/0x280 [ 128.496918][ C0] ? kvm_wait+0x117/0x180 [ 128.496932][ C0] ? default_do_nmi+0x69/0x160 [ 128.496949][ C0] ? exc_nmi+0xaf/0x120 [ 128.496964][ C0] ? end_repeat_nmi+0x16/0x31 [ 128.496980][ C0] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 128.496998][ C0] ? kvm_wait+0x117/0x180 [ 128.497012][ C0] ? kvm_wait+0x117/0x180 [ 128.497026][ C0] ? kvm_wait+0x117/0x180 [ 128.497039][ C0] [ 128.497044][ C0] [ 128.497049][ C0] ? kvm_arch_para_hints+0x30/0x30 [ 128.497064][ C0] ? pv_hash+0x86/0x150 [ 128.497079][ C0] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 128.497099][ C0] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 128.497117][ C0] ? debug_smp_processor_id+0x17/0x20 [ 128.497134][ C0] _raw_spin_lock+0x139/0x1b0 [ 128.497152][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 128.497169][ C0] ? lock_timer_base+0x25c/0x270 [ 128.497184][ C0] __mod_timer+0x56e/0xcf0 [ 128.497200][ C0] ? ____kasan_slab_free+0x126/0x160 [ 128.497215][ C0] ? __kasan_slab_free+0x11/0x20 [ 128.497229][ C0] ? slab_free_freelist_hook+0xbd/0x190 [ 128.497248][ C0] ? _raw_spin_unlock_bh+0x51/0x60 [ 128.497261][ C0] ? sock_map_delete_elem+0xcb/0x130 [ 128.497278][ C0] ? mod_timer_pending+0x30/0x30 [ 128.497294][ C0] ? rcu_gp_fqs_loop+0x2af/0xf80 [ 128.497310][ C0] ? rcu_gp_kthread+0xa4/0x350 [ 128.497325][ C0] ? kthread+0x421/0x510 [ 128.497339][ C0] ? ret_from_fork+0x1f/0x30 [ 128.497355][ C0] add_timer+0x68/0x80 [ 128.497368][ C0] __queue_delayed_work+0x16d/0x1f0 [ 128.497386][ C0] queue_delayed_work_on+0x10f/0x180 [ 128.497402][ C0] ? delayed_work_timer_fn+0x80/0x80 [ 128.497419][ C0] ? _raw_spin_unlock+0x4d/0x70 [ 128.497436][ C0] ? srcu_gp_start+0x136/0x1c0 [ 128.497452][ C0] srcu_gp_start_if_needed+0x5e3/0x950 [ 128.497470][ C0] ? rcu_free_old_probes+0x30/0x30 [ 128.497486][ C0] call_srcu+0x46/0x50 [ 128.497499][ C0] ? android_rvh_probe_register+0x430/0x430 [ 128.497515][ C0] rcu_free_old_probes+0x23/0x30 [ 128.497529][ C0] rcu_do_batch+0x57a/0xc10 [ 128.497548][ C0] ? local_bh_enable+0x20/0x20 [ 128.497568][ C0] rcu_core+0x517/0x1020 [ 128.497586][ C0] ? rcu_cpu_kthread_park+0x90/0x90 [ 128.497602][ C0] ? sched_clock_cpu+0x18/0x3b0 [ 128.497619][ C0] ? irqtime_account_irq+0x79/0x3c0 [ 128.497635][ C0] rcu_core_si+0x9/0x10 [ 128.497649][ C0] __do_softirq+0x26d/0x5bf [ 128.497666][ C0] do_softirq+0xf6/0x150 [ 128.497687][ C0] [ 128.497691][ C0] [ 128.497696][ C0] ? __local_bh_enable_ip+0x80/0x80 [ 128.497712][ C0] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 128.497729][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 128.497747][ C0] __local_bh_enable_ip+0x75/0x80 [ 128.497763][ C0] _raw_spin_unlock_bh+0x51/0x60 [ 128.497776][ C0] sock_map_delete_elem+0xcb/0x130 [ 128.497793][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0xd44 [ 128.497806][ C0] bpf_trace_run3+0x11e/0x250 [ 128.497823][ C0] ? __kasan_check_write+0x14/0x20 [ 128.497839][ C0] ? bpf_trace_run2+0x210/0x210 [ 128.497855][ C0] ? debug_smp_processor_id+0x17/0x20 [ 128.497872][ C0] ? get_nohz_timer_target+0x79/0x750 [ 128.497890][ C0] __bpf_trace_timer_start+0x2b/0x40 [ 128.497907][ C0] enqueue_timer+0x351/0x4c0 [ 128.497922][ C0] __mod_timer+0x8d3/0xcf0 [ 128.497940][ C0] ? mod_timer_pending+0x30/0x30 [ 128.497957][ C0] ? __kasan_check_write+0x14/0x20 [ 128.497973][ C0] ? __kasan_check_write+0x14/0x20 [ 128.497988][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 128.498007][ C0] schedule_timeout+0x187/0x370 [ 128.498023][ C0] ? __update_idle_core+0x2a0/0x2a0 [ 128.498039][ C0] ? console_conditional_schedule+0x30/0x30 [ 128.498057][ C0] ? update_process_times+0x200/0x200 [ 128.498071][ C0] ? prepare_to_swait_event+0x308/0x320 [ 128.498089][ C0] rcu_gp_fqs_loop+0x2af/0xf80 [ 128.498106][ C0] ? debug_smp_processor_id+0x17/0x20 [ 128.498122][ C0] ? __note_gp_changes+0x4ab/0x920 [ 128.498139][ C0] ? rcu_gp_init+0xc30/0xc30 [ 128.498155][ C0] ? _raw_spin_unlock_irq+0x4e/0x70 [ 128.498168][ C0] ? rcu_gp_init+0x9cf/0xc30 [ 128.498186][ C0] rcu_gp_kthread+0xa4/0x350 [ 128.498202][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 128.498236][ C0] ? wake_nocb_gp+0x1e0/0x1e0 [ 128.498255][ C0] ? __kasan_check_read+0x11/0x20 [ 128.498272][ C0] ? __kthread_parkme+0xb2/0x200 [ 128.498289][ C0] kthread+0x421/0x510 [ 128.498305][ C0] ? wake_nocb_gp+0x1e0/0x1e0 [ 128.498323][ C0] ? kthread_blkcg+0xd0/0xd0 [ 128.498340][ C0] ret_from_fork+0x1f/0x30 [ 128.498358][ C0] [ 128.498364][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.808 msecs [ 128.498537][ C1] Sending NMI from CPU 1 to CPUs 0: [ 129.108726][ C0] NMI backtrace for cpu 0 [ 129.108740][ C0] CPU: 0 PID: 14 Comm: rcu_preempt Tainted: G W 5.15.149-syzkaller-00131-g79bd336c7a94 #0 [ 129.108761][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 129.108771][ C0] RIP: 0010:kvm_wait+0x117/0x180 [ 129.108795][ C0] Code: 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 53 41 0f b6 45 00 44 38 f0 0f 85 63 ff ff ff 66 90 0f 00 2d fa 03 f3 03 f4 54 ff ff ff fa 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b [ 129.108809][ C0] RSP: 0018:ffffc900000076a0 EFLAGS: 00000046 [ 129.108825][ C0] RAX: 0000000000000003 RBX: 1ffff92000000ed8 RCX: ffffffff8154fa3f [ 129.108838][ C0] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff8881f7027900 [ 129.108851][ C0] RBP: ffffc90000007750 R08: dffffc0000000000 R09: ffffed103ee04f21 [ 129.108864][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 129.108876][ C0] R13: ffff8881f7027900 R14: 0000000000000003 R15: 1ffff92000000edc [ 129.108888][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 129.108903][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.108915][ C0] CR2: 00007ffeddf19278 CR3: 000000010b8b6000 CR4: 00000000003506b0 [ 129.108931][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 129.108941][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 129.108951][ C0] Call Trace: [ 129.108957][ C0] [ 129.108965][ C0] ? show_regs+0x58/0x60 [ 129.108983][ C0] ? nmi_cpu_backtrace+0x29f/0x300 [ 129.109003][ C0] ? ___ratelimit+0x3c0/0x5a0 [ 129.109018][ C0] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 129.109040][ C0] ? kvm_wait+0x117/0x180 [ 129.109054][ C0] ? kvm_wait+0x117/0x180 [ 129.109070][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 129.109089][ C0] ? nmi_handle+0xa8/0x280 [ 129.109106][ C0] ? kvm_wait+0x117/0x180 [ 129.109121][ C0] ? kvm_wait+0x117/0x180 [ 129.109136][ C0] ? default_do_nmi+0x69/0x160 [ 129.109155][ C0] ? exc_nmi+0xaf/0x120 [ 129.109171][ C0] ? end_repeat_nmi+0x16/0x31 [ 129.109189][ C0] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 129.109210][ C0] ? kvm_wait+0x117/0x180 [ 129.109226][ C0] ? kvm_wait+0x117/0x180 [ 129.109241][ C0] ? kvm_wait+0x117/0x180 [ 129.109256][ C0] [ 129.109261][ C0] [ 129.109267][ C0] ? kvm_arch_para_hints+0x30/0x30 [ 129.109284][ C0] ? pv_hash+0x86/0x150 [ 129.109302][ C0] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 129.109323][ C0] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 129.109343][ C0] ? debug_smp_processor_id+0x17/0x20 [ 129.109376][ C0] _raw_spin_lock+0x139/0x1b0 [ 129.109395][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 129.109425][ C0] ? lock_timer_base+0x25c/0x270 [ 129.109439][ C0] __mod_timer+0x56e/0xcf0 [ 129.109456][ C0] ? ____kasan_slab_free+0x126/0x160 [ 129.109482][ C0] ? __kasan_slab_free+0x11/0x20 [ 129.109496][ C0] ? slab_free_freelist_hook+0xbd/0x190 [ 129.109514][ C0] ? _raw_spin_unlock_bh+0x51/0x60 [ 129.109526][ C0] ? sock_map_delete_elem+0xcb/0x130 [ 129.109544][ C0] ? mod_timer_pending+0x30/0x30 [ 129.109559][ C0] ? rcu_gp_fqs_loop+0x2af/0xf80 [ 129.109574][ C0] ? rcu_gp_kthread+0xa4/0x350 [ 129.109588][ C0] ? kthread+0x421/0x510 [ 129.109602][ C0] ? ret_from_fork+0x1f/0x30 [ 129.109618][ C0] add_timer+0x68/0x80 [ 129.109639][ C0] __queue_delayed_work+0x16d/0x1f0 [ 129.109655][ C0] queue_delayed_work_on+0x10f/0x180 [ 129.109671][ C0] ? delayed_work_timer_fn+0x80/0x80 [ 129.109687][ C0] ? _raw_spin_unlock+0x4d/0x70 [ 129.109702][ C0] ? srcu_gp_start+0x136/0x1c0 [ 129.109716][ C0] srcu_gp_start_if_needed+0x5e3/0x950 [ 129.109733][ C0] ? rcu_free_old_probes+0x30/0x30 [ 129.109748][ C0] call_srcu+0x46/0x50 [ 129.109760][ C0] ? android_rvh_probe_register+0x430/0x430 [ 129.109774][ C0] rcu_free_old_probes+0x23/0x30 [ 129.109788][ C0] rcu_do_batch+0x57a/0xc10 [ 129.109805][ C0] ? local_bh_enable+0x20/0x20 [ 129.109823][ C0] rcu_core+0x517/0x1020 [ 129.109840][ C0] ? rcu_cpu_kthread_park+0x90/0x90 [ 129.109855][ C0] ? sched_clock_cpu+0x18/0x3b0 [ 129.109871][ C0] ? irqtime_account_irq+0x79/0x3c0 [ 129.109886][ C0] rcu_core_si+0x9/0x10 [ 129.109900][ C0] __do_softirq+0x26d/0x5bf [ 129.109915][ C0] do_softirq+0xf6/0x150 [ 129.109931][ C0] [ 129.109935][ C0] [ 129.109939][ C0] ? __local_bh_enable_ip+0x80/0x80 [ 129.109953][ C0] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 129.109969][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 129.109986][ C0] __local_bh_enable_ip+0x75/0x80 [ 129.110001][ C0] _raw_spin_unlock_bh+0x51/0x60 [ 129.110013][ C0] sock_map_delete_elem+0xcb/0x130 [ 129.110029][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0xd44 [ 129.110041][ C0] bpf_trace_run3+0x11e/0x250 [ 129.110057][ C0] ? __kasan_check_write+0x14/0x20 [ 129.110072][ C0] ? bpf_trace_run2+0x210/0x210 [ 129.110087][ C0] ? debug_smp_processor_id+0x17/0x20 [ 129.110102][ C0] ? get_nohz_timer_target+0x79/0x750 [ 129.110119][ C0] __bpf_trace_timer_start+0x2b/0x40 [ 129.110136][ C0] enqueue_timer+0x351/0x4c0 [ 129.110149][ C0] __mod_timer+0x8d3/0xcf0 [ 129.110166][ C0] ? mod_timer_pending+0x30/0x30 [ 129.110182][ C0] ? __kasan_check_write+0x14/0x20 [ 129.110197][ C0] ? __kasan_check_write+0x14/0x20 [ 129.110211][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 129.110228][ C0] schedule_timeout+0x187/0x370 [ 129.110243][ C0] ? __update_idle_core+0x2a0/0x2a0 [ 129.110258][ C0] ? console_conditional_schedule+0x30/0x30 [ 129.110275][ C0] ? update_process_times+0x200/0x200 [ 129.110288][ C0] ? prepare_to_swait_event+0x308/0x320 [ 129.110304][ C0] rcu_gp_fqs_loop+0x2af/0xf80 [ 129.110320][ C0] ? debug_smp_processor_id+0x17/0x20 [ 129.110335][ C0] ? __note_gp_changes+0x4ab/0x920 [ 129.110351][ C0] ? rcu_gp_init+0xc30/0xc30 [ 129.110365][ C0] ? _raw_spin_unlock_irq+0x4e/0x70 [ 129.110379][ C0] ? rcu_gp_init+0x9cf/0xc30 [ 129.110395][ C0] rcu_gp_kthread+0xa4/0x350 [ 129.110410][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 129.110427][ C0] ? wake_nocb_gp+0x1e0/0x1e0 [ 129.110442][ C0] ? __kasan_check_read+0x11/0x20 [ 129.110457][ C0] ? __kthread_parkme+0xb2/0x200 [ 129.110472][ C0] kthread+0x421/0x510 [ 129.110485][ C0] ? wake_nocb_gp+0x1e0/0x1e0 [ 129.110500][ C0] ? kthread_blkcg+0xd0/0xd0 [ 129.110515][ C0] ret_from_fork+0x1f/0x30 [ 129.110530][ C0] [ 129.110535][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.811 msecs [ 129.110685][ C1] NMI backtrace for cpu 1 [ 129.728521][ C1] CPU: 1 PID: 309 Comm: syz-executor118 Tainted: G W 5.15.149-syzkaller-00131-g79bd336c7a94 #0 [ 129.739963][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 129.749856][ C1] Call Trace: [ 129.752982][ C1] [ 129.755677][ C1] dump_stack_lvl+0x151/0x1b7 [ 129.760185][ C1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 129.765653][ C1] ? cpumask_next+0x8a/0xb0 [ 129.769993][ C1] dump_stack+0x15/0x17 [ 129.773985][ C1] nmi_cpu_backtrace+0x2f7/0x300 [ 129.778759][ C1] ? init_x2apic_ldr+0x10/0x10 [ 129.783361][ C1] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 129.789351][ C1] ? irq_work_queue+0xd4/0x160 [ 129.793948][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 129.799854][ C1] nmi_trigger_cpumask_backtrace+0x15d/0x270 [ 129.805666][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 129.811569][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 129.817299][ C1] rcu_dump_cpu_stacks+0x1d8/0x330 [ 129.822240][ C1] print_cpu_stall+0x315/0x5f0 [ 129.826842][ C1] rcu_sched_clock_irq+0x989/0x12f0 [ 129.831877][ C1] ? rcu_boost_kthread_setaffinity+0x340/0x340 [ 129.837863][ C1] ? hrtimer_run_queues+0x15f/0x440 [ 129.842899][ C1] update_process_times+0x198/0x200 [ 129.847932][ C1] tick_sched_timer+0x188/0x240 [ 129.852618][ C1] ? tick_setup_sched_timer+0x480/0x480 [ 129.857999][ C1] __hrtimer_run_queues+0x41a/0xad0 [ 129.863037][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 129.867985][ C1] ? clockevents_program_event+0x22f/0x300 [ 129.873622][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 129.879525][ C1] hrtimer_interrupt+0x40c/0xaa0 [ 129.884301][ C1] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 129.890025][ C1] sysvec_apic_timer_interrupt+0x95/0xc0 [ 129.895495][ C1] [ 129.898273][ C1] [ 129.901048][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 129.906862][ C1] RIP: 0010:smp_call_function_many_cond+0x843/0x9b0 [ 129.913288][ C1] Code: 45 8b 7d 00 44 89 fe 83 e6 01 31 ff e8 76 a8 0a 00 41 83 e7 01 49 bf 00 00 00 00 00 fc ff df 75 07 e8 b1 a4 0a 00 eb 38 f3 90 <42> 0f b6 04 3b 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 95 a4 [ 129.932727][ C1] RSP: 0018:ffffc90000997700 EFLAGS: 00000293 [ 129.938630][ C1] RAX: ffffffff8165918b RBX: 1ffff1103ee07af1 RCX: ffff888120180000 [ 129.946438][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 129.954251][ C1] RBP: ffffc90000997818 R08: ffffffff8165915a R09: ffffed103ee271d3 [ 129.962060][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 129.969872][ C1] R13: ffff8881f703d788 R14: ffff8881f7138e80 R15: dffffc0000000000 [ 129.977685][ C1] ? smp_call_function_many_cond+0x82a/0x9b0 [ 129.983498][ C1] ? smp_call_function_many_cond+0x85b/0x9b0 [ 129.989320][ C1] ? text_poke_sync+0x30/0x30 [ 129.993828][ C1] ? smp_call_function_many+0x40/0x40 [ 129.999038][ C1] ? text_poke_loc_init+0x2c5/0x540 [ 130.004069][ C1] ? text_poke_sync+0x30/0x30 [ 130.008583][ C1] on_each_cpu_cond_mask+0x40/0x80 [ 130.013531][ C1] ? enqueue_timer+0x169/0x4c0 [ 130.018131][ C1] text_poke_bp_batch+0x1c4/0x5d0 [ 130.022990][ C1] ? text_poke_loc_init+0x540/0x540 [ 130.028024][ C1] ? mutex_lock+0xb6/0x1e0 [ 130.032276][ C1] ? __mutex_lock_slowpath+0x10/0x10 [ 130.037400][ C1] ? wait_for_completion_killable_timeout+0x10/0x10 [ 130.043822][ C1] ? text_poke_queue+0xe4/0x1a0 [ 130.048511][ C1] text_poke_finish+0x1a/0x30 [ 130.053020][ C1] arch_jump_label_transform_apply+0x15/0x30 [ 130.058838][ C1] __jump_label_update+0x36a/0x380 [ 130.063786][ C1] jump_label_update+0x3af/0x450 [ 130.068559][ C1] static_key_disable_cpuslocked+0xcd/0x1b0 [ 130.074285][ C1] static_key_disable+0x1a/0x30 [ 130.078973][ C1] tracepoint_probe_unregister+0x60a/0x900 [ 130.084612][ C1] ? __bpf_trace_timer_class+0x30/0x30 [ 130.089911][ C1] bpf_probe_unregister+0x61/0x70 [ 130.094856][ C1] bpf_raw_tp_link_release+0x63/0x90 [ 130.099974][ C1] bpf_link_free+0x129/0x3f0 [ 130.104489][ C1] ? bpf_link_put_deferred+0x20/0x20 [ 130.109608][ C1] ? debug_smp_processor_id+0x17/0x20 [ 130.114814][ C1] ? kasan_quarantine_put+0x34/0x1a0 [ 130.119935][ C1] bpf_link_release+0x170/0x180 [ 130.124626][ C1] ? bpf_prog_get_stats+0x2f0/0x2f0 [ 130.129658][ C1] __fput+0x3fe/0x910 [ 130.133476][ C1] ____fput+0x15/0x20 [ 130.137295][ C1] task_work_run+0x129/0x190 [ 130.141720][ C1] do_exit+0xc48/0x2ca0 [ 130.145714][ C1] ? put_task_struct+0x80/0x80 [ 130.150312][ C1] ? ptrace_notify+0x24c/0x350 [ 130.154912][ C1] ? do_notify_parent+0xa30/0xa30 [ 130.159773][ C1] do_group_exit+0x141/0x310 [ 130.164204][ C1] __x64_sys_exit_group+0x3f/0x40 [ 130.169061][ C1] do_syscall_64+0x3d/0xb0 [ 130.173313][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 130.179043][ C1] RIP: 0033:0x7f5f69652fc9 [ 130.183294][ C1] Code: Unable to access opcode bytes at RIP 0x7f5f69652f9f. [ 130.190496][ C1] RSP: 002b:00007ffeddf19318 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 130.198745][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5f69652fc9 [ 130.206554][ C1] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 130.214365][ C1] RBP: 00007f5f696ce2b0 R08: ffffffffffffffb8 R09: 0000000000000006 [ 130.222177][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5f696ce2b0 [ 130.229987][ C1] R13: 0000000000000000 R14: 00007f5f696ced00 R15: 00007f5f69624230 [ 130.237800][ C1] [ 264.998091][ C1] watchdog: BUG: soft lockup - CPU#1 stuck for 225s! [syz-executor118:309] [ 265.006604][ C1] Modules linked in: [ 265.010341][ C1] CPU: 1 PID: 309 Comm: syz-executor118 Tainted: G W 5.15.149-syzkaller-00131-g79bd336c7a94 #0 [ 265.021790][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 265.031689][ C1] RIP: 0010:smp_call_function_many_cond+0x843/0x9b0 [ 265.038111][ C1] Code: 45 8b 7d 00 44 89 fe 83 e6 01 31 ff e8 76 a8 0a 00 41 83 e7 01 49 bf 00 00 00 00 00 fc ff df 75 07 e8 b1 a4 0a 00 eb 38 f3 90 <42> 0f b6 04 3b 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 95 a4 [ 265.057983][ C1] RSP: 0018:ffffc90000997700 EFLAGS: 00000293 [ 265.063884][ C1] RAX: ffffffff8165918b RBX: 1ffff1103ee07af1 RCX: ffff888120180000 [ 265.071695][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 265.079507][ C1] RBP: ffffc90000997818 R08: ffffffff8165915a R09: ffffed103ee271d3 [ 265.087323][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 265.095128][ C1] R13: ffff8881f703d788 R14: ffff8881f7138e80 R15: dffffc0000000000 [ 265.102940][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 265.111705][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 265.118128][ C1] CR2: 00007f5f696cf110 CR3: 000000000680f000 CR4: 00000000003506a0 [ 265.125947][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 265.133750][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 265.141563][ C1] Call Trace: [ 265.144688][ C1] [ 265.147385][ C1] ? show_regs+0x58/0x60 [ 265.151459][ C1] ? watchdog_timer_fn+0x4b1/0x5f0 [ 265.156404][ C1] ? proc_watchdog_cpumask+0xd0/0xd0 [ 265.161524][ C1] ? __hrtimer_run_queues+0x41a/0xad0 [ 265.166734][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 265.171679][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 265.177582][ C1] ? hrtimer_interrupt+0x40c/0xaa0 [ 265.182533][ C1] ? __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 265.188432][ C1] ? sysvec_apic_timer_interrupt+0x95/0xc0 [ 265.194073][ C1] [ 265.196850][ C1] [ 265.199629][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 265.205615][ C1] ? smp_call_function_many_cond+0x82a/0x9b0 [ 265.211431][ C1] ? smp_call_function_many_cond+0x85b/0x9b0 [ 265.217245][ C1] ? smp_call_function_many_cond+0x843/0x9b0 [ 265.223061][ C1] ? text_poke_sync+0x30/0x30 [ 265.227575][ C1] ? smp_call_function_many+0x40/0x40 [ 265.232783][ C1] ? text_poke_loc_init+0x2c5/0x540 [ 265.237817][ C1] ? text_poke_sync+0x30/0x30 [ 265.242332][ C1] on_each_cpu_cond_mask+0x40/0x80 [ 265.247277][ C1] ? enqueue_timer+0x169/0x4c0 [ 265.251876][ C1] text_poke_bp_batch+0x1c4/0x5d0 [ 265.256737][ C1] ? text_poke_loc_init+0x540/0x540 [ 265.261768][ C1] ? mutex_lock+0xb6/0x1e0 [ 265.266021][ C1] ? __mutex_lock_slowpath+0x10/0x10 [ 265.271145][ C1] ? wait_for_completion_killable_timeout+0x10/0x10 [ 265.277565][ C1] ? text_poke_queue+0xe4/0x1a0 [ 265.282255][ C1] text_poke_finish+0x1a/0x30 [ 265.286767][ C1] arch_jump_label_transform_apply+0x15/0x30 [ 265.292579][ C1] __jump_label_update+0x36a/0x380 [ 265.297547][ C1] jump_label_update+0x3af/0x450 [ 265.302306][ C1] static_key_disable_cpuslocked+0xcd/0x1b0 [ 265.308029][ C1] static_key_disable+0x1a/0x30 [ 265.312716][ C1] tracepoint_probe_unregister+0x60a/0x900 [ 265.318359][ C1] ? __bpf_trace_timer_class+0x30/0x30 [ 265.323652][ C1] bpf_probe_unregister+0x61/0x70 [ 265.328513][ C1] bpf_raw_tp_link_release+0x63/0x90 [ 265.333636][ C1] bpf_link_free+0x129/0x3f0 [ 265.338058][ C1] ? bpf_link_put_deferred+0x20/0x20 [ 265.343180][ C1] ? debug_smp_processor_id+0x17/0x20 [ 265.348391][ C1] ? kasan_quarantine_put+0x34/0x1a0 [ 265.353508][ C1] bpf_link_release+0x170/0x180 [ 265.358194][ C1] ? bpf_prog_get_stats+0x2f0/0x2f0 [ 265.363228][ C1] __fput+0x3fe/0x910 [ 265.367051][ C1] ____fput+0x15/0x20 [ 265.370865][ C1] task_work_run+0x129/0x190 [ 265.375294][ C1] do_exit+0xc48/0x2ca0 [ 265.379289][ C1] ? put_task_struct+0x80/0x80 [ 265.383883][ C1] ? ptrace_notify+0x24c/0x350 [ 265.388489][ C1] ? do_notify_parent+0xa30/0xa30 [ 265.393347][ C1] do_group_exit+0x141/0x310 [ 265.397772][ C1] __x64_sys_exit_group+0x3f/0x40 [ 265.402631][ C1] do_syscall_64+0x3d/0xb0 [ 265.406883][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 265.412613][ C1] RIP: 0033:0x7f5f69652fc9 [ 265.416868][ C1] Code: Unable to access opcode bytes at RIP 0x7f5f69652f9f. [ 265.424072][ C1] RSP: 002b:00007ffeddf19318 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 265.432327][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5f69652fc9 [ 265.440126][ C1] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 265.447937][ C1] RBP: 00007f5f696ce2b0 R08: ffffffffffffffb8 R09: 0000000000000006 [ 265.455747][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5f696ce2b0 [ 265.463561][ C1] R13: 0000000000000000 R14: 00007f5f696ced00 R15: 00007f5f69624230 [ 265.471938][ C1]