./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2463161852 <...> Warning: Permanently added '10.128.1.177' (ED25519) to the list of known hosts. execve("./syz-executor2463161852", ["./syz-executor2463161852"], 0x7ffc3b49a780 /* 10 vars */) = 0 brk(NULL) = 0x5555571d4000 brk(0x5555571d4d00) = 0x5555571d4d00 arch_prctl(ARCH_SET_FS, 0x5555571d4380) = 0 set_tid_address(0x5555571d4650) = 300 set_robust_list(0x5555571d4660, 24) = 0 rseq(0x5555571d4ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2463161852", 4096) = 28 getrandom("\xcc\xf9\xde\x70\xcc\x45\x32\x23", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555571d4d00 brk(0x5555571f5d00) = 0x5555571f5d00 brk(0x5555571f6000) = 0x5555571f6000 mprotect(0x7fc150023000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 301 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 302 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 303 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 304 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 305 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x5555571d4660, 24) = 0 [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x5555571d4660, 24) = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73./strace-static-x86_64: Process 301 attached ./strace-static-x86_64: Process 302 attached ./strace-static-x86_64: Process 303 attached ./strace-static-x86_64: Process 304 attached [pid 303] set_robust_list(0x5555571d4660, 24 [pid 304] set_robust_list(0x5555571d4660, 24) = 0 [pid 303] <... set_robust_list resumed>) = 0 [pid 301] set_robust_list(0x5555571d4660, 24 [pid 302] set_robust_list(0x5555571d4660, 24 [pid 306] <... bpf resumed>) = 3 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 302] <... set_robust_list resumed>) = 0 [pid 301] <... set_robust_list resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 304] <... clone resumed>, child_tidptr=0x5555571d4650) = 308 [pid 303] <... clone resumed>, child_tidptr=0x5555571d4650) = 307 [pid 301] <... clone resumed>, child_tidptr=0x5555571d4650) = 309 [pid 302] <... clone resumed>, child_tidptr=0x5555571d4650) = 310 [pid 306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16) = 4 [pid 306] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 ./strace-static-x86_64: Process 308 attached ./strace-static-x86_64: Process 310 attached ./strace-static-x86_64: Process 309 attached ./strace-static-x86_64: Process 307 attached [ 25.736651][ T28] audit: type=1400 audit(1713663111.510:66): avc: denied { execmem } for pid=300 comm="syz-executor246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 25.757589][ T28] audit: type=1400 audit(1713663111.510:67): avc: denied { bpf } for pid=306 comm="syz-executor246" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 310] set_robust_list(0x5555571d4660, 24 [pid 309] set_robust_list(0x5555571d4660, 24 [pid 308] set_robust_list(0x5555571d4660, 24 [pid 307] set_robust_list(0x5555571d4660, 24 [pid 306] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 310] <... set_robust_list resumed>) = 0 [pid 309] <... set_robust_list resumed>) = 0 [pid 308] <... set_robust_list resumed>) = 0 [pid 307] <... set_robust_list resumed>) = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 306] <... bpf resumed>) = 7 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 308] <... prctl resumed>) = 0 [pid 307] <... prctl resumed>) = 0 [pid 309] <... prctl resumed>) = 0 [pid 306] exit_group(0) = ? [pid 310] <... prctl resumed>) = 0 [pid 309] setpgid(0, 0 [pid 308] setpgid(0, 0 [pid 307] setpgid(0, 0 [pid 310] setpgid(0, 0 [pid 309] <... setpgid resumed>) = 0 [pid 308] <... setpgid resumed>) = 0 [pid 307] <... setpgid resumed>) = 0 [pid 310] <... setpgid resumed>) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 308] <... openat resumed>) = 3 [pid 307] <... openat resumed>) = 3 [pid 310] <... openat resumed>) = 3 [pid 309] <... openat resumed>) = 3 [pid 307] write(3, "1000", 4 [pid 308] write(3, "1000", 4 [pid 310] write(3, "1000", 4 [ 25.780323][ T28] audit: type=1400 audit(1713663111.510:68): avc: denied { prog_load } for pid=306 comm="syz-executor246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 25.801003][ T28] audit: type=1400 audit(1713663111.510:69): avc: denied { perfmon } for pid=306 comm="syz-executor246" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 309] write(3, "1000", 4 [pid 307] <... write resumed>) = 4 [pid 310] <... write resumed>) = 4 [pid 308] <... write resumed>) = 4 [pid 310] close(3 [pid 309] <... write resumed>) = 4 [pid 308] close(3 [pid 307] close(3 [pid 310] <... close resumed>) = 0 [pid 309] close(3 [pid 308] <... close resumed>) = 0 [pid 307] <... close resumed>) = 0 [pid 306] +++ exited with 0 +++ [pid 310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 309] <... close resumed>) = 0 [pid 308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- [pid 310] <... bpf resumed>) = 3 [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 308] <... bpf resumed>) = 3 [pid 307] <... bpf resumed>) = 3 [pid 310] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 309] <... bpf resumed>) = 3 [pid 308] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 307] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 305] <... clone resumed>, child_tidptr=0x5555571d4650) = 311 ./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x5555571d4660, 24) = 0 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 308] <... bpf resumed>) = 4 [pid 310] <... bpf resumed>) = 4 [pid 309] <... bpf resumed>) = 4 [pid 308] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 307] <... bpf resumed>) = 4 [pid 310] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 309] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 308] <... bpf resumed>) = 5 [pid 307] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 310] <... bpf resumed>) = 5 [pid 309] <... bpf resumed>) = 5 [pid 308] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 307] <... bpf resumed>) = 5 [pid 310] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 309] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 308] <... bpf resumed>) = 0 [pid 307] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 310] <... bpf resumed>) = 0 [pid 309] <... bpf resumed>) = 0 [pid 308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 307] <... bpf resumed>) = 0 [pid 311] <... bpf resumed>) = 4 [pid 310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 308] <... bpf resumed>) = 6 [pid 307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 311] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 310] <... bpf resumed>) = 6 [ 25.823240][ T28] audit: type=1400 audit(1713663111.540:70): avc: denied { prog_run } for pid=306 comm="syz-executor246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 25.842545][ T28] audit: type=1400 audit(1713663111.560:71): avc: denied { map_create } for pid=306 comm="syz-executor246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 25.862000][ T28] audit: type=1400 audit(1713663111.560:72): avc: denied { map_read map_write } for pid=306 comm="syz-executor246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 311] <... bpf resumed>) = 5 [pid 310] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 309] <... bpf resumed>) = 6 [pid 308] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 307] <... bpf resumed>) = 6 [pid 311] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 310] <... bpf resumed>) = 7 [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 308] <... bpf resumed>) = 7 [pid 307] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 311] <... bpf resumed>) = 0 [pid 311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16) = 7 [pid 311] exit_group(0) = ? [pid 311] +++ exited with 0 +++ [pid 305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 305] restart_syscall(<... resuming interrupted clone ...> [pid 310] exit_group(0) = ? [pid 305] <... restart_syscall resumed>) = 0 [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 312 ./strace-static-x86_64: Process 312 attached [pid 312] set_robust_list(0x5555571d4660, 24) = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 312] setpgid(0, 0) = 0 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 312] write(3, "1000", 4) = 4 [pid 312] close(3) = 0 [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [ 25.890555][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 25.902001][ T301] BUG: scheduling while atomic: syz-executor246/301/0x00000002 [ 25.907362][ C0] softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000103, exited with 00000102? [ 25.909948][ T301] Modules linked in: [ 25.920461][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 25.920478][ T297] Modules linked in: [ 25.920494][ T297] Preemption disabled at: [ 25.920498][ T297] [] __lock_task_sighand+0x6b/0x100 [ 25.924149][ T301] [ 25.924154][ T301] Preemption disabled at: [ 25.931588][ T297] CPU: 0 PID: 297 Comm: strace-static-x Not tainted 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 25.935258][ T301] [] ptrace_stop+0x57e/0x930 [ 25.939425][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.939441][ T297] Call Trace: [ 25.939447][ T297] [ 25.984044][ T297] dump_stack_lvl+0x151/0x1b7 [ 25.988553][ T297] ? __lock_task_sighand+0x6b/0x100 [ 25.993584][ T297] ? __lock_task_sighand+0x6b/0x100 [ 25.998620][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 26.003923][ T297] ? __lock_task_sighand+0x6b/0x100 [ 26.008951][ T297] dump_stack+0x15/0x1b [ 26.012940][ T297] __schedule_bug+0x195/0x260 [ 26.017456][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 26.022747][ T297] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 26.028045][ T297] ? _raw_spin_lock+0x1b0/0x1b0 [ 26.032732][ T297] __schedule+0xcf7/0x1550 [ 26.036984][ T297] ? __lock_task_sighand+0xde/0x100 [ 26.042016][ T297] ? __sched_text_start+0x8/0x8 [ 26.046706][ T297] ? __kasan_check_write+0x14/0x20 [ 26.051651][ T297] ? __se_sys_ptrace+0x3b2/0x410 [ 26.056427][ T297] schedule+0xc3/0x180 [ 26.060332][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 26.065366][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.070659][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 26.076040][ T297] do_syscall_64+0x49/0xb0 [ 26.080295][ T297] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 26.085934][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 26.091665][ T297] RIP: 0033:0x4e6c1a [ 26.095396][ T297] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 26.114838][ T297] RSP: 002b:00007ffc3b49a300 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 26.123085][ T297] RAX: 0000000000000050 RBX: 00000000011c4f90 RCX: 00000000004e6c1a [ 26.130893][ T297] RDX: 0000000000000058 RSI: 000000000000012e RDI: 000000000000420e [pid 312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 308] exit_group(0) = ? [ 26.138704][ T297] RBP: 00007ffc3b49a400 R08: 000000000000420d R09: 0000000000000000 [ 26.146518][ T297] R10: 000000000063c820 R11: 0000000000000206 R12: 00000000011c4f90 [ 26.154450][ T297] R13: 00007ffc3b49a45c R14: 000000000000857f R15: 0000000000617180 [ 26.162269][ T297] [ 26.165123][ T301] CPU: 1 PID: 301 Comm: syz-executor246 Not tainted 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 26.175025][ T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.184913][ T301] Call Trace: [ 26.188046][ T301] [ 26.190825][ T301] dump_stack_lvl+0x151/0x1b7 [ 26.195330][ T301] ? ptrace_stop+0x57e/0x930 [ 26.199754][ T301] ? ptrace_stop+0x57e/0x930 [ 26.204183][ T301] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 26.209474][ T301] ? ptrace_stop+0x57e/0x930 [ 26.213899][ T301] dump_stack+0x15/0x1b [ 26.217899][ T301] __schedule_bug+0x195/0x260 [ 26.222497][ T301] ? __kasan_check_read+0x11/0x20 [ 26.227353][ T301] ? rb_commit+0x732/0x780 [ 26.231607][ T301] ? cpu_util_update_eff+0x10e0/0x10e0 [ 26.236907][ T301] ? ktime_get+0x12f/0x160 [ 26.241156][ T301] __schedule+0xcf7/0x1550 [ 26.245408][ T301] ? hrtimer_reprogram+0x389/0x430 [ 26.250358][ T301] ? __sched_text_start+0x8/0x8 [ 26.255066][ T301] schedule+0xc3/0x180 [ 26.258950][ T301] do_nanosleep+0x149/0x580 [ 26.263287][ T301] ? usleep_range_state+0x160/0x160 [ 26.268322][ T301] ? hrtimer_init_sleeper+0x3b/0x1a0 [ 26.273439][ T301] ? hrtimer_nanosleep+0x107/0x3f0 [ 26.278389][ T301] hrtimer_nanosleep+0x1c5/0x3f0 [ 26.283161][ T301] ? nanosleep_copyout+0x120/0x120 [ 26.288138][ T301] ? __remove_hrtimer+0x4d0/0x4d0 [ 26.292969][ T301] ? get_timespec64+0x197/0x270 [ 26.297656][ T301] ? timespec64_add_safe+0x220/0x220 [ 26.302777][ T301] common_nsleep+0x91/0xb0 [ 26.307031][ T301] __se_sys_clock_nanosleep+0x323/0x3b0 [ 26.312413][ T301] ? __x64_sys_clock_nanosleep+0xb0/0xb0 [ 26.317880][ T301] ? __bpf_trace_sys_enter+0x62/0x70 [ 26.323003][ T301] __x64_sys_clock_nanosleep+0x9b/0xb0 [ 26.328295][ T301] do_syscall_64+0x3d/0xb0 [ 26.332549][ T301] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 26.338276][ T301] RIP: 0033:0x7fc14ffd6483 [ 26.342532][ T301] Code: 00 00 00 00 00 66 90 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d fe 1b 05 00 00 74 14 b8 e6 00 00 00 0f 05 d8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 [ 26.361968][ T301] RSP: 002b:00007fff396dc1b8 EFLAGS: 00000202 ORIG_RAX: 00000000000000e6 [ 26.370213][ T301] RAX: ffffffffffffffda RBX: 0000000000000135 RCX: 00007fc14ffd6483 [ 26.378027][ T301] RDX: 00007fff396dc1d0 RSI: 0000000000000000 RDI: 0000000000000000 [pid 309] <... bpf resumed>) = 7 [pid 312] <... bpf resumed>) = 4 [pid 309] exit_group(0 [pid 312] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 309] <... exit_group resumed>) = ? [pid 312] <... bpf resumed>) = 5 [pid 312] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 308] +++ exited with 0 +++ [pid 307] <... bpf resumed>) = 7 [pid 310] +++ exited with 0 +++ [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 307] exit_group(0 [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 307] <... exit_group resumed>) = ? [pid 304] restart_syscall(<... resuming interrupted clone ...> [pid 302] <... clone resumed>, child_tidptr=0x5555571d4650) = 314 [pid 304] <... restart_syscall resumed>) = 0 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 314 attached [pid 314] set_robust_list(0x5555571d4660, 24) = 0 [pid 304] <... clone resumed>, child_tidptr=0x5555571d4650) = 315 [ 26.385843][ T301] RBP: 00000000000f4240 R08: 00007fff397f8080 R09: 00007fff397f80b0 [ 26.393649][ T301] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000648f [ 26.401459][ T301] R13: 00007fff396dc20c R14: 00007fff396dc220 R15: 00007fff396dc210 [ 26.409278][ T301] [ 26.430793][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 26.442292][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 26.449755][ T297] Modules linked in: [ 26.453369][ T297] Preemption disabled at: [ 26.453374][ T297] [] remove_wait_queue+0x26/0x140 [ 26.463962][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 26.475328][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.485222][ T297] Call Trace: [ 26.488347][ T297] [ 26.491124][ T297] dump_stack_lvl+0x151/0x1b7 [ 26.495635][ T297] ? remove_wait_queue+0x26/0x140 [ 26.500499][ T297] ? remove_wait_queue+0x26/0x140 [ 26.505358][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 26.510653][ T297] ? remove_wait_queue+0x26/0x140 [ 26.515513][ T297] dump_stack+0x15/0x1b [ 26.519592][ T297] __schedule_bug+0x195/0x260 [ 26.524106][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 26.529399][ T297] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 26.534696][ T297] ? _raw_spin_lock+0x1b0/0x1b0 [ 26.539382][ T297] __schedule+0xcf7/0x1550 [ 26.543635][ T297] ? __lock_task_sighand+0xde/0x100 [ 26.548673][ T297] ? __sched_text_start+0x8/0x8 [ 26.553382][ T297] ? __kasan_check_write+0x14/0x20 [ 26.558303][ T297] ? __se_sys_ptrace+0x3b2/0x410 [ 26.563092][ T297] schedule+0xc3/0x180 [ 26.566981][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 26.572016][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.577313][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 26.582692][ T297] do_syscall_64+0x49/0xb0 [ 26.586943][ T297] ? sysvec_call_function_single+0x52/0xb0 [ 26.592586][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 26.598316][ T297] RIP: 0033:0x4e6c1a [ 26.602050][ T297] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 26.621490][ T297] RSP: 002b:00007ffc3b49a300 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 26.629733][ T297] RAX: 0000000000000050 RBX: 00000000011c5230 RCX: 00000000004e6c1a ./strace-static-x86_64: Process 315 attached [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 312] <... bpf resumed>) = 7 [pid 312] exit_group(0) = ? [pid 315] set_robust_list(0x5555571d4660, 24) = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 314] <... prctl resumed>) = 0 [ 26.637549][ T297] RDX: 0000000000000058 RSI: 0000000000000130 RDI: 000000000000420e [ 26.645356][ T297] RBP: 00007ffc3b49a400 R08: 000000000000420d R09: 0000000000000000 [ 26.653169][ T297] R10: 000000000063c820 R11: 0000000000000206 R12: 00000000011c5230 [ 26.660980][ T297] R13: 00007ffc3b49a45c R14: 000000000000857f R15: 0000000000617180 [ 26.668797][ T297] [ 26.674403][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 26.686259][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 26.693840][ T297] Modules linked in: [ 26.697621][ T297] Preemption disabled at: [ 26.697628][ T297] [] remove_wait_queue+0x26/0x140 [ 26.708156][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 26.719488][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.729382][ T297] Call Trace: [ 26.732507][ T297] [ 26.735284][ T297] dump_stack_lvl+0x151/0x1b7 [ 26.739797][ T297] ? remove_wait_queue+0x26/0x140 [ 26.744664][ T297] ? remove_wait_queue+0x26/0x140 [ 26.749518][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 26.754816][ T297] ? remove_wait_queue+0x26/0x140 [ 26.759674][ T297] dump_stack+0x15/0x1b [ 26.763665][ T297] __schedule_bug+0x195/0x260 [ 26.768179][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 26.773475][ T297] __schedule+0xcf7/0x1550 [ 26.777728][ T297] ? _raw_spin_lock+0x1b0/0x1b0 [ 26.782414][ T297] ? __sched_text_start+0x8/0x8 [ 26.787102][ T297] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 26.792743][ T297] schedule+0xc3/0x180 [ 26.796647][ T297] do_wait+0x6e7/0xa10 [ 26.800554][ T297] kernel_wait4+0x29e/0x3d0 [ 26.804907][ T297] ? __ia32_sys_waitid+0xd0/0xd0 [ 26.809668][ T297] ? bpf_trace_printk+0x1be/0x300 [ 26.814535][ T297] ? kernel_waitid+0x520/0x520 [ 26.819131][ T297] __x64_sys_wait4+0x130/0x1e0 [ 26.823729][ T297] ? kernel_wait+0x230/0x230 [ 26.828153][ T297] ? bpf_trace_run2+0x138/0x290 [ 26.832847][ T297] ? __bpf_trace_sys_enter+0x62/0x70 [ 26.837963][ T297] ? __traceiter_sys_enter+0x2a/0x40 [ 26.843083][ T297] ? syscall_enter_from_user_mode+0x12c/0x190 [ 26.848987][ T297] do_syscall_64+0x3d/0xb0 [ 26.853237][ T297] ? sysvec_call_function_single+0x52/0xb0 [ 26.858881][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 26.864623][ T297] RIP: 0033:0x4d49a6 [ 26.868341][ T297] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [pid 315] setpgid(0, 0 [pid 314] setpgid(0, 0 [pid 307] +++ exited with 0 +++ [pid 312] +++ exited with 0 +++ [pid 315] <... setpgid resumed>) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 314] <... setpgid resumed>) = 0 [pid 315] close(3) = 0 [pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 309] +++ exited with 0 +++ [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- [pid 305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- [pid 315] <... bpf resumed>) = 3 [pid 314] <... openat resumed>) = 3 [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 315] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 314] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 317 attached ./strace-static-x86_64: Process 316 attached [pid 314] close(3 [pid 305] <... clone resumed>, child_tidptr=0x5555571d4650) = 316 [pid 303] <... clone resumed>, child_tidptr=0x5555571d4650) = 317 [pid 314] <... close resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73./strace-static-x86_64: Process 318 attached [pid 317] set_robust_list(0x5555571d4660, 24 [pid 316] set_robust_list(0x5555571d4660, 24 [pid 301] <... clone resumed>, child_tidptr=0x5555571d4650) = 318 [pid 318] set_robust_list(0x5555571d4660, 24) = 0 [pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 314] <... bpf resumed>) = 3 [pid 318] <... prctl resumed>) = 0 [pid 317] <... set_robust_list resumed>) = 0 [pid 316] <... set_robust_list resumed>) = 0 [pid 314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 318] setpgid(0, 0) = 0 [pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 317] <... prctl resumed>) = 0 [pid 318] write(3, "1000", 4) = 4 [pid 318] close(3) = 0 [pid 317] setpgid(0, 0 [pid 318] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 317] <... setpgid resumed>) = 0 [pid 317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 317] <... openat resumed>) = 3 [pid 316] <... prctl resumed>) = 0 [pid 317] write(3, "1000", 4 [pid 316] setpgid(0, 0 [pid 317] <... write resumed>) = 4 [pid 316] <... setpgid resumed>) = 0 [pid 317] close(3 [pid 318] <... bpf resumed>) = 3 [pid 317] <... close resumed>) = 0 [pid 318] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 317] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 316] <... openat resumed>) = 3 [pid 316] write(3, "1000", 4) = 4 [pid 316] close(3) = 0 [pid 316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 317] <... bpf resumed>) = 3 [pid 317] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 316] <... bpf resumed>) = 3 [pid 316] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 315] <... bpf resumed>) = 4 [pid 315] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 314] <... bpf resumed>) = 4 [pid 315] <... bpf resumed>) = 5 [pid 314] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 315] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 314] <... bpf resumed>) = 5 [pid 318] <... bpf resumed>) = 4 [pid 317] <... bpf resumed>) = 4 [pid 316] <... bpf resumed>) = 4 [pid 315] <... bpf resumed>) = 0 [pid 314] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 318] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 317] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 316] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 314] <... bpf resumed>) = 0 [pid 318] <... bpf resumed>) = 5 [pid 317] <... bpf resumed>) = 5 [pid 316] <... bpf resumed>) = 5 [pid 315] <... bpf resumed>) = 6 [pid 314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 318] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 317] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 316] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 315] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 318] <... bpf resumed>) = 0 [pid 317] <... bpf resumed>) = 0 [ 26.887781][ T297] RSP: 002b:00007ffc3b49a498 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 26.896027][ T297] RAX: ffffffffffffffda RBX: 00000000011c32f8 RCX: 00000000004d49a6 [ 26.903839][ T297] RDX: 0000000040000000 RSI: 00007ffc3b49a4bc RDI: 00000000ffffffff [ 26.911651][ T297] RBP: 0000000000000000 R08: 0000000000000017 R09: 0000000000000003 [ 26.919464][ T297] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000011cb5a0 [ 26.927276][ T297] R13: 0000000000000000 R14: 00007ffc3b49a4bc R15: 0000000000617180 [ 26.935104][ T297] [pid 316] <... bpf resumed>) = 0 [pid 314] <... bpf resumed>) = 6 [ 26.964872][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 26.976321][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 26.983864][ T297] Modules linked in: [ 26.988245][ T297] Preemption disabled at: [ 26.988252][ T297] [] up_read+0x16/0x170 [ 26.997983][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 27.009310][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 27.019205][ T297] Call Trace: [ 27.022327][ T297] [ 27.025105][ T297] dump_stack_lvl+0x151/0x1b7 [ 27.029620][ T297] ? up_read+0x16/0x170 [ 27.033611][ T297] ? up_read+0x16/0x170 [ 27.037603][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 27.042899][ T297] ? up_read+0x16/0x170 [ 27.046895][ T297] dump_stack+0x15/0x1b [ 27.050896][ T297] __schedule_bug+0x195/0x260 [ 27.055482][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 27.060777][ T297] ? alloc_file_pseudo+0x280/0x2f0 [ 27.065726][ T297] __schedule+0xcf7/0x1550 [ 27.069976][ T297] ? _raw_spin_unlock+0x4c/0x70 [ 27.074667][ T297] ? __sched_text_start+0x8/0x8 [ 27.079363][ T297] ? __sys_socket+0x1f7/0x3a0 [ 27.083864][ T297] schedule+0xc3/0x180 [ 27.087771][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 27.092803][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 27.098107][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 27.103485][ T297] do_syscall_64+0x49/0xb0 [ 27.107735][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 27.113469][ T297] RIP: 0033:0x4e8217 [ 27.117204][ T297] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 27.136640][ T297] RSP: 002b:00007ffc3b49a218 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 27.144884][ T297] RAX: 0000000000000003 RBX: 0000000000000000 RCX: 00000000004e8217 [ 27.152693][ T297] RDX: 0000000000000000 RSI: 0000000000080002 RDI: 0000000000000001 [pid 318] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 317] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 315] <... bpf resumed>) = 7 [pid 314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 315] exit_group(0 [pid 314] <... bpf resumed>) = 7 [pid 314] exit_group(0) = ? [pid 315] <... exit_group resumed>) = ? [pid 317] <... bpf resumed>) = 6 [pid 314] +++ exited with 0 +++ [ 27.160506][ T297] RBP: 00007ffc3b49a2e0 R08: 00000000ffffffff R09: 000000000000000d [ 27.168316][ T297] R10: 00000000005549d3 R11: 0000000000000246 R12: 00007ffc3b49a2e0 [ 27.176130][ T297] R13: 00000000011ca2c0 R14: 0000000000427210 R15: 0000000000617180 [ 27.183948][ T297] [ 27.190330][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 27.201728][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 27.209141][ T297] Modules linked in: [ 27.212812][ T297] Preemption disabled at: [ 27.212820][ T297] [] remove_wait_queue+0x26/0x140 [ 27.223416][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 27.234755][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 27.244649][ T297] Call Trace: [ 27.247771][ T297] [ 27.250549][ T297] dump_stack_lvl+0x151/0x1b7 [ 27.255060][ T297] ? remove_wait_queue+0x26/0x140 [ 27.259922][ T297] ? remove_wait_queue+0x26/0x140 [ 27.264785][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 27.270079][ T297] ? remove_wait_queue+0x26/0x140 [ 27.274939][ T297] dump_stack+0x15/0x1b [ 27.278930][ T297] __schedule_bug+0x195/0x260 [ 27.283442][ T297] ? __ia32_sys_waitid+0xd0/0xd0 [ 27.288215][ T297] ? bpf_trace_printk+0x1be/0x300 [ 27.293077][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 27.298371][ T297] ? kernel_waitid+0x520/0x520 [ 27.302972][ T297] __schedule+0xcf7/0x1550 [ 27.307228][ T297] ? __x64_sys_wait4+0x181/0x1e0 [ 27.312000][ T297] ? bpf_trace_run2+0x138/0x290 [ 27.316685][ T297] ? __sched_text_start+0x8/0x8 [ 27.321373][ T297] schedule+0xc3/0x180 [ 27.325278][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 27.330312][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 27.335607][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 27.340991][ T297] do_syscall_64+0x49/0xb0 [ 27.345240][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 27.350969][ T297] RIP: 0033:0x4d49a6 [ 27.354701][ T297] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 27.374143][ T297] RSP: 002b:00007ffc3b49a498 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 27.382390][ T297] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004d49a6 [ 27.390200][ T297] RDX: 0000000040000001 RSI: 00007ffc3b49a4bc RDI: 00000000ffffffff [ 27.398011][ T297] RBP: 00000000011c4e40 R08: 0000000000000000 R09: 0000000000000000 [ 27.405824][ T297] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000011cb510 [pid 318] <... bpf resumed>) = 6 [pid 317] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [ 27.413633][ T297] R13: 000000000000012d R14: 00007ffc3b49a4bc R15: 0000000000617180 [ 27.421451][ T297] [ 27.425954][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 27.437390][ T295] BUG: scheduling while atomic: sshd/295/0x00000002 [ 27.443760][ T295] Modules linked in: [ 27.447537][ T295] Preemption disabled at: [ 27.447544][ T295] [] __set_current_blocked+0x11b/0x2f0 [ 27.458523][ T295] CPU: 1 PID: 295 Comm: sshd Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 27.468909][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 27.478805][ T295] Call Trace: [ 27.481930][ T295] [ 27.484704][ T295] dump_stack_lvl+0x151/0x1b7 [ 27.489220][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 27.494510][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 27.499806][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 27.505101][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 27.510395][ T295] dump_stack+0x15/0x1b [ 27.514387][ T295] __schedule_bug+0x195/0x260 [ 27.518904][ T295] ? cpu_util_update_eff+0x10e0/0x10e0 [ 27.524198][ T295] __schedule+0xcf7/0x1550 [ 27.528451][ T295] ? __kasan_check_read+0x11/0x20 [ 27.533307][ T295] ? _copy_to_user+0x74/0x90 [ 27.537738][ T295] ? __sched_text_start+0x8/0x8 [ 27.542421][ T295] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 27.547890][ T295] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 27.553274][ T295] schedule+0xc3/0x180 [ 27.557177][ T295] exit_to_user_mode_loop+0x4e/0xa0 [ 27.562220][ T295] exit_to_user_mode_prepare+0x5a/0xa0 [ 27.567516][ T295] syscall_exit_to_user_mode+0x26/0x140 [ 27.572888][ T295] do_syscall_64+0x49/0xb0 [ 27.577140][ T295] ? sysvec_call_function_single+0x52/0xb0 [ 27.582782][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 27.588512][ T295] RIP: 0033:0x7f00be6c2773 [ 27.592765][ T295] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [pid 316] <... bpf resumed>) = 6 [pid 315] +++ exited with 0 +++ [pid 318] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 317] <... bpf resumed>) = 7 [pid 316] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 317] exit_group(0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 317] <... exit_group resumed>) = ? [pid 302] <... clone resumed>, child_tidptr=0x5555571d4650) = 320 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 321 ./strace-static-x86_64: Process 321 attached [pid 321] set_robust_list(0x5555571d4660, 24) = 0 [pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 321] setpgid(0, 0) = 0 [pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 321] write(3, "1000", 4) = 4 [pid 321] close(3) = 0 [pid 321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 316] <... bpf resumed>) = 7 ./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x5555571d4660, 24 [pid 317] +++ exited with 0 +++ [pid 321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 318] <... bpf resumed>) = 7 [pid 316] exit_group(0 [pid 321] <... bpf resumed>) = 4 [pid 316] <... exit_group resumed>) = ? [pid 321] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 318] exit_group(0 [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 321] <... bpf resumed>) = 5 [pid 318] <... exit_group resumed>) = ? [pid 321] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 303] restart_syscall(<... resuming interrupted clone ...> [ 27.612292][ T295] RSP: 002b:00007ffde7539ae0 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 27.620536][ T295] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007f00be6c2773 [ 27.628348][ T295] RDX: 00007ffde7539bc8 RSI: 00007ffde7539b48 RDI: 0000000000000001 [ 27.636160][ T295] RBP: 00005653f5b0b3d0 R08: 0000000000000001 R09: 0000000000000000 [ 27.643971][ T295] R10: 0000000000000008 R11: 0000000000000246 R12: 00005653f4adcaa4 [ 27.651784][ T295] R13: 000000000000001b R14: 00005653f4add3e8 R15: 00007ffde7539b48 [ 27.659600][ T295] [ 27.667286][ C1] softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000103, exited with 00000102? [ 27.667897][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 27.678415][ T302] BUG: scheduling while atomic: syz-executor246/302/0x00000002 [ 27.689783][ T295] BUG: scheduling while atomic: sshd/295/0x00000002 [ 27.689795][ T295] Modules linked in: [ 27.689803][ T295] Preemption disabled at: [ 27.689807][ T295] [] __set_current_blocked+0x11b/0x2f0 [ 27.689835][ T295] CPU: 0 PID: 295 Comm: sshd Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 27.697123][ T302] Modules linked in: [ 27.703548][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 27.703557][ T295] Call Trace: [ 27.703562][ T295] [ 27.703568][ T295] dump_stack_lvl+0x151/0x1b7 [ 27.707290][ T302] Preemption disabled at: [ 27.711445][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 27.718318][ T302] [] ptrace_stop+0x57e/0x930 [ 27.728719][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 27.728740][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 27.778803][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 27.784095][ T295] dump_stack+0x15/0x1b [ 27.788086][ T295] __schedule_bug+0x195/0x260 [ 27.792600][ T295] ? cpu_util_update_eff+0x10e0/0x10e0 [ 27.797897][ T295] ? pollwake+0x280/0x280 [ 27.802061][ T295] __schedule+0xcf7/0x1550 [ 27.806316][ T295] ? __se_sys_ppoll+0x2b3/0x330 [ 27.811001][ T295] ? __sched_text_start+0x8/0x8 [ 27.815687][ T295] ? __x64_sys_ppoll+0xd0/0xd0 [ 27.820289][ T295] schedule+0xc3/0x180 [ 27.824197][ T295] exit_to_user_mode_loop+0x4e/0xa0 [ 27.829228][ T295] exit_to_user_mode_prepare+0x5a/0xa0 [ 27.834524][ T295] syscall_exit_to_user_mode+0x26/0x140 [ 27.839905][ T295] do_syscall_64+0x49/0xb0 [ 27.844157][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 27.849887][ T295] RIP: 0033:0x7f00be719ad5 [ 27.854137][ T295] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 [ 27.873581][ T295] RSP: 002b:00007ffde7539ac0 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 27.881824][ T295] RAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f00be719ad5 [ 27.889635][ T295] RDX: 00007ffde7539ae0 RSI: 0000000000000004 RDI: 00005653f5b0c800 [ 27.897448][ T295] RBP: 00005653f5b0b3d0 R08: 0000000000000008 R09: 0000000000000000 [ 27.905258][ T295] R10: 00007ffde7539bc8 R11: 0000000000000246 R12: 00005653f4adcaa4 [ 27.913069][ T295] R13: 0000000000000001 R14: 00005653f4add3e8 R15: 00007ffde7539b48 [ 27.920886][ T295] [ 27.923748][ T302] CPU: 1 PID: 302 Comm: syz-executor246 Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 27.935117][ T302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 27.945013][ T302] Call Trace: [ 27.948135][ T302] [ 27.950914][ T302] dump_stack_lvl+0x151/0x1b7 [ 27.955426][ T302] ? ptrace_stop+0x57e/0x930 [ 27.959852][ T302] ? ptrace_stop+0x57e/0x930 [ 27.964277][ T302] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 27.969575][ T302] ? ptrace_stop+0x57e/0x930 [ 27.974002][ T302] dump_stack+0x15/0x1b [ 27.977993][ T302] __schedule_bug+0x195/0x260 [ 27.982507][ T302] ? __kasan_check_read+0x11/0x20 [ 27.987363][ T302] ? rb_commit+0x732/0x780 [ 27.991619][ T302] ? cpu_util_update_eff+0x10e0/0x10e0 [ 27.996914][ T302] ? ktime_get+0x12f/0x160 [ 28.001168][ T302] __schedule+0xcf7/0x1550 [ 28.005427][ T302] ? hrtimer_reprogram+0x389/0x430 [ 28.010375][ T302] ? __sched_text_start+0x8/0x8 [ 28.015055][ T302] schedule+0xc3/0x180 [ 28.018961][ T302] do_nanosleep+0x149/0x580 [ 28.023300][ T302] ? usleep_range_state+0x160/0x160 [ 28.028334][ T302] ? hrtimer_init_sleeper+0x3b/0x1a0 [ 28.033465][ T302] ? hrtimer_nanosleep+0x107/0x3f0 [ 28.038400][ T302] hrtimer_nanosleep+0x1c5/0x3f0 [ 28.043175][ T302] ? nanosleep_copyout+0x120/0x120 [ 28.048123][ T302] ? __remove_hrtimer+0x4d0/0x4d0 [ 28.052982][ T302] ? get_timespec64+0x197/0x270 [ 28.057671][ T302] ? timespec64_add_safe+0x220/0x220 [ 28.062791][ T302] common_nsleep+0x91/0xb0 [ 28.067044][ T302] __se_sys_clock_nanosleep+0x323/0x3b0 [ 28.072432][ T302] ? __x64_sys_clock_nanosleep+0xb0/0xb0 [ 28.077891][ T302] ? __bpf_trace_sys_enter+0x62/0x70 [ 28.083015][ T302] __x64_sys_clock_nanosleep+0x9b/0xb0 [ 28.088308][ T302] do_syscall_64+0x3d/0xb0 [ 28.092563][ T302] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 28.098290][ T302] RIP: 0033:0x7fc14ffd6483 [ 28.102542][ T302] Code: 00 00 00 00 00 66 90 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d fe 1b 05 00 00 74 14 b8 e6 00 00 00 0f 05 d8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 [ 28.121984][ T302] RSP: 002b:00007fff396dc1b8 EFLAGS: 00000202 ORIG_RAX: 00000000000000e6 [ 28.130230][ T302] RAX: ffffffffffffffda RBX: 0000000000000140 RCX: 00007fc14ffd6483 [ 28.138170][ T302] RDX: 00007fff396dc1d0 RSI: 0000000000000000 RDI: 0000000000000000 [ 28.145975][ T302] RBP: 00000000000f4240 R08: 00007fff397f8080 R09: 00007fff397f80b0 [ 28.153786][ T302] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000006b1e [ 28.161595][ T302] R13: 00007fff396dc20c R14: 00007fff396dc220 R15: 00007fff396dc210 [pid 321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 303] <... restart_syscall resumed>) = 0 [pid 321] <... bpf resumed>) = 6 [pid 320] <... set_robust_list resumed>) = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 320] <... prctl resumed>) = 0 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4 [pid 303] <... clone resumed>, child_tidptr=0x5555571d4650) = 323 [pid 320] <... write resumed>) = 4 [pid 320] close(3) = 0 [pid 320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 318] +++ exited with 0 +++ [pid 320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- [pid 301] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x5555571d4660, 24 [pid 301] <... restart_syscall resumed>) = 0 [pid 323] <... set_robust_list resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 323] setpgid(0, 0) = 0 [pid 301] <... clone resumed>, child_tidptr=0x5555571d4650) = 324 [pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x5555571d4660, 24) = 0 [pid 323] <... openat resumed>) = 3 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 324] setpgid(0, 0 [pid 323] write(3, "1000", 4 [pid 324] <... setpgid resumed>) = 0 [pid 323] <... write resumed>) = 4 [pid 323] close(3 [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 323] <... close resumed>) = 0 [pid 323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 324] <... openat resumed>) = 3 [pid 324] write(3, "1000", 4) = 4 [pid 324] close(3 [pid 323] <... bpf resumed>) = 3 [pid 324] <... close resumed>) = 0 [pid 324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 324] <... bpf resumed>) = 3 [pid 324] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 321] <... bpf resumed>) = 7 [pid 324] <... bpf resumed>) = 4 [pid 323] <... bpf resumed>) = 4 [pid 320] <... bpf resumed>) = 4 [pid 316] +++ exited with 0 +++ [ 28.169413][ T302] [ 28.208485][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 28.219923][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 28.227361][ T297] Modules linked in: [ 28.231056][ T297] Preemption disabled at: [ 28.231061][ T297] [] __lock_task_sighand+0x6b/0x100 [ 28.242151][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 28.253493][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.263390][ T297] Call Trace: [ 28.266511][ T297] [ 28.269291][ T297] dump_stack_lvl+0x151/0x1b7 [ 28.273814][ T297] ? __lock_task_sighand+0x6b/0x100 [ 28.278835][ T297] ? __lock_task_sighand+0x6b/0x100 [ 28.283882][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 28.289165][ T297] ? __lock_task_sighand+0x6b/0x100 [ 28.294198][ T297] dump_stack+0x15/0x1b [ 28.298192][ T297] __schedule_bug+0x195/0x260 [ 28.302702][ T297] ? bpf_trace_printk+0x1be/0x300 [ 28.307563][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 28.312859][ T297] __schedule+0xcf7/0x1550 [ 28.317115][ T297] ? __sched_text_start+0x8/0x8 [ 28.321798][ T297] ? __se_sys_ptrace+0x3b2/0x410 [ 28.326570][ T297] schedule+0xc3/0x180 [ 28.330571][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 28.335597][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 28.340922][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 28.346280][ T297] do_syscall_64+0x49/0xb0 [ 28.350527][ T297] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 28.356187][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 28.361905][ T297] RIP: 0033:0x4e815a [ 28.365628][ T297] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 78 0c 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 36 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 b8 ff ff ff f7 [ 28.385072][ T297] RSP: 002b:00007ffc3b49a2e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 28.393317][ T297] RAX: 0000000000001000 RBX: 0000000020000000 RCX: 00000000004e815a [ 28.401129][ T297] RDX: 0000000000000001 RSI: 00007ffc3b49a310 RDI: 0000000000000144 [pid 324] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 323] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 321] exit_group(0 [ 28.408949][ T297] RBP: 000000000063c8a0 R08: 0000000000000001 R09: 0000000000000000 [ 28.416750][ T297] R10: 00007ffc3b49a320 R11: 0000000000000246 R12: 0000000000000000 [ 28.424561][ T297] R13: 0000000020000340 R14: 00000000011c7010 R15: 00000000011ca2c0 [ 28.432379][ T297] [ 28.436756][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 28.448171][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 28.455495][ T297] Modules linked in: [ 28.459348][ T297] Preemption disabled at: [ 28.459356][ T297] [] remove_wait_queue+0x26/0x140 [ 28.469946][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 28.481289][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.491188][ T297] Call Trace: [ 28.494307][ T297] [ 28.497087][ T297] dump_stack_lvl+0x151/0x1b7 [ 28.501599][ T297] ? remove_wait_queue+0x26/0x140 [ 28.506461][ T297] ? remove_wait_queue+0x26/0x140 [ 28.511826][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 28.517116][ T297] ? remove_wait_queue+0x26/0x140 [ 28.521976][ T297] dump_stack+0x15/0x1b [ 28.525970][ T297] __schedule_bug+0x195/0x260 [ 28.530480][ T297] ? __ia32_sys_waitid+0xd0/0xd0 [ 28.535252][ T297] ? bpf_trace_printk+0x1be/0x300 [ 28.540115][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 28.545405][ T297] ? kernel_waitid+0x520/0x520 [ 28.550008][ T297] __schedule+0xcf7/0x1550 [ 28.554261][ T297] ? __x64_sys_wait4+0x181/0x1e0 [ 28.559033][ T297] ? bpf_trace_run2+0x138/0x290 [ 28.563720][ T297] ? __sched_text_start+0x8/0x8 [ 28.568412][ T297] schedule+0xc3/0x180 [ 28.572313][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 28.577348][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 28.582643][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 28.588024][ T297] do_syscall_64+0x49/0xb0 [ 28.592276][ T297] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 28.597930][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 28.603731][ T297] RIP: 0033:0x4d49a6 [ 28.607464][ T297] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 28.627080][ T297] RSP: 002b:00007ffc3b49a498 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 28.635325][ T297] RAX: 0000000000000141 RBX: 0000000000000002 RCX: 00000000004d49a6 [ 28.643136][ T297] RDX: 0000000040000001 RSI: 00007ffc3b49a4bc RDI: 00000000ffffffff [ 28.650953][ T297] RBP: 00000000011c4cf0 R08: 0000000000000000 R09: 0000000000000000 [pid 320] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 324] <... bpf resumed>) = 5 [pid 323] <... bpf resumed>) = 5 [pid 321] <... exit_group resumed>) = ? [pid 320] <... bpf resumed>) = 5 [pid 305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- [pid 324] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 323] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 321] +++ exited with 0 +++ [pid 320] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 305] restart_syscall(<... resuming interrupted clone ...> [pid 324] <... bpf resumed>) = 0 [pid 323] <... bpf resumed>) = 0 [pid 320] <... bpf resumed>) = 0 [pid 324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 305] <... restart_syscall resumed>) = 0 [pid 324] <... bpf resumed>) = 6 [pid 323] <... bpf resumed>) = 6 [pid 320] <... bpf resumed>) = 6 [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 324] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 326 attached ./strace-static-x86_64: Process 327 attached [pid 304] <... clone resumed>, child_tidptr=0x5555571d4650) = 326 [pid 305] <... clone resumed>, child_tidptr=0x5555571d4650) = 327 [pid 327] set_robust_list(0x5555571d4660, 24 [pid 326] set_robust_list(0x5555571d4660, 24) = 0 [pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 326] setpgid(0, 0 [pid 327] <... set_robust_list resumed>) = 0 [pid 326] <... setpgid resumed>) = 0 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 327] setpgid(0, 0) = 0 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 327] write(3, "1000", 4 [pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 327] <... write resumed>) = 4 [pid 327] close(3) = 0 [pid 327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 326] <... openat resumed>) = 3 [pid 326] write(3, "1000", 4) = 4 [pid 326] close(3 [pid 327] <... bpf resumed>) = 3 [pid 326] <... close resumed>) = 0 [pid 327] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 326] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 326] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 324] <... bpf resumed>) = 7 [pid 323] <... bpf resumed>) = 7 [pid 320] <... bpf resumed>) = 7 [pid 324] exit_group(0 [pid 323] exit_group(0 [pid 324] <... exit_group resumed>) = ? [pid 323] <... exit_group resumed>) = ? [pid 320] exit_group(0 [pid 327] <... bpf resumed>) = 4 [pid 326] <... bpf resumed>) = 4 [pid 327] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 326] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 327] <... bpf resumed>) = 5 [pid 326] <... bpf resumed>) = 5 [pid 324] +++ exited with 0 +++ [pid 327] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 326] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 320] <... exit_group resumed>) = ? [pid 327] <... bpf resumed>) = 0 [pid 326] <... bpf resumed>) = 0 [pid 327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 326] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 327] <... bpf resumed>) = 6 [pid 326] <... bpf resumed>) = 6 [pid 327] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 326] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 328 ./strace-static-x86_64: Process 328 attached [pid 328] set_robust_list(0x5555571d4660, 24) = 0 [pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 328] setpgid(0, 0) = 0 [pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 28.658766][ T297] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000011cb360 [ 28.666574][ T297] R13: 0000000000000143 R14: 00007ffc3b49a4bc R15: 0000000000617180 [ 28.674392][ T297] [ 28.699482][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [pid 328] write(3, "1000", 4) = 4 [pid 328] close(3) = 0 [ 28.710926][ T303] BUG: scheduling while atomic: syz-executor246/303/0x00000002 [ 28.718831][ T303] Modules linked in: [ 28.722617][ T303] Preemption disabled at: [ 28.722626][ T303] [] ptrace_stop+0x57e/0x930 [ 28.732893][ T303] CPU: 1 PID: 303 Comm: syz-executor246 Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 28.744239][ T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.754130][ T303] Call Trace: [ 28.757252][ T303] [ 28.760031][ T303] dump_stack_lvl+0x151/0x1b7 [ 28.764543][ T303] ? ptrace_stop+0x57e/0x930 [ 28.768968][ T303] ? ptrace_stop+0x57e/0x930 [ 28.773395][ T303] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 28.778692][ T303] ? ptrace_stop+0x57e/0x930 [ 28.783114][ T303] dump_stack+0x15/0x1b [ 28.787106][ T303] __schedule_bug+0x195/0x260 [ 28.791627][ T303] ? cpu_util_update_eff+0x10e0/0x10e0 [ 28.796919][ T303] __schedule+0xcf7/0x1550 [ 28.801175][ T303] ? __kasan_check_write+0x14/0x20 [ 28.806118][ T303] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 28.811152][ T303] ? __sched_text_start+0x8/0x8 [ 28.815924][ T303] ? __kasan_check_read+0x11/0x20 [ 28.820785][ T303] ? cgroup_update_frozen+0x15f/0x980 [ 28.825993][ T303] schedule+0xc3/0x180 [ 28.829919][ T303] ptrace_stop+0x54f/0x930 [ 28.834328][ T303] ptrace_notify+0x225/0x350 [ 28.838754][ T303] ? do_notify_parent+0xa20/0xa20 [ 28.843706][ T303] ? __bpf_trace_sys_enter+0x62/0x70 [ 28.848826][ T303] ? __traceiter_sys_enter+0x2a/0x40 [ 28.853946][ T303] syscall_exit_to_user_mode+0xa2/0x140 [ 28.859328][ T303] do_syscall_64+0x49/0xb0 [ 28.863582][ T303] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 28.869317][ T303] RIP: 0033:0x7fc14ffac933 [ 28.873563][ T303] Code: fe ff e9 41 ff ff ff 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 80 3d 51 b7 07 00 00 49 89 ca 74 14 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5d c3 0f 1f 40 00 48 83 ec 28 89 54 24 14 48 [ 28.893004][ T303] RSP: 002b:00007fff396dc1f8 EFLAGS: 00000202 ORIG_RAX: 000000000000003d [ 28.901249][ T303] RAX: 0000000000000000 RBX: 0000000000000143 RCX: 00007fc14ffac933 [pid 328] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 323] +++ exited with 0 +++ [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 328] <... bpf resumed>) = 3 [pid 327] <... bpf resumed>) = 7 [pid 326] <... bpf resumed>) = 7 [pid 320] +++ exited with 0 +++ [pid 326] exit_group(0 [pid 327] exit_group(0 [pid 326] <... exit_group resumed>) = ? [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 327] <... exit_group resumed>) = ? [pid 303] <... clone resumed>, child_tidptr=0x5555571d4650) = 329 ./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x5555571d4660, 24 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 329] <... set_robust_list resumed>) = 0 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 329] setpgid(0, 0) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 330 attached ) = 3 [pid 328] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 302] <... clone resumed>, child_tidptr=0x5555571d4650) = 330 [ 28.909061][ T303] RDX: 0000000040000001 RSI: 00007fff396dc20c RDI: 00000000ffffffff [ 28.916874][ T303] RBP: 00000000000f4240 R08: 00007fff397f8080 R09: 00007fff397f80b0 [ 28.924682][ T303] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000006dfe [ 28.932501][ T303] R13: 00007fff396dc20c R14: 00007fff396dc220 R15: 00007fff396dc210 [ 28.940312][ T303] [ 28.948946][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 28.960757][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 28.968459][ T297] Modules linked in: [ 28.972163][ T297] Preemption disabled at: [ 28.972172][ T297] [] remove_wait_queue+0x26/0x140 [ 28.982777][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 28.994296][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.004185][ T297] Call Trace: [ 29.007310][ T297] [ 29.010089][ T297] dump_stack_lvl+0x151/0x1b7 [ 29.014602][ T297] ? remove_wait_queue+0x26/0x140 [ 29.019461][ T297] ? remove_wait_queue+0x26/0x140 [ 29.024323][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 29.029616][ T297] ? remove_wait_queue+0x26/0x140 [ 29.034477][ T297] dump_stack+0x15/0x1b [ 29.038468][ T297] __schedule_bug+0x195/0x260 [ 29.042983][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 29.048278][ T297] __schedule+0xcf7/0x1550 [ 29.052531][ T297] ? _raw_spin_lock+0x1b0/0x1b0 [ 29.057219][ T297] ? __sched_text_start+0x8/0x8 [ 29.061904][ T297] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 29.067546][ T297] schedule+0xc3/0x180 [ 29.071455][ T297] do_wait+0x6e7/0xa10 [ 29.075360][ T297] kernel_wait4+0x29e/0x3d0 [ 29.079698][ T297] ? __ia32_sys_waitid+0xd0/0xd0 [ 29.084470][ T297] ? bpf_trace_printk+0x1be/0x300 [ 29.089332][ T297] ? kernel_waitid+0x520/0x520 [ 29.093933][ T297] __x64_sys_wait4+0x130/0x1e0 [ 29.098549][ T297] ? kernel_wait+0x230/0x230 [ 29.103044][ T297] ? bpf_trace_run2+0x138/0x290 [ 29.107735][ T297] ? __bpf_trace_sys_enter+0x62/0x70 [ 29.112854][ T297] ? __traceiter_sys_enter+0x2a/0x40 [ 29.117975][ T297] ? syscall_enter_from_user_mode+0x12c/0x190 [ 29.123885][ T297] do_syscall_64+0x3d/0xb0 [ 29.128129][ T297] ? sysvec_call_function_single+0x52/0xb0 [ 29.133770][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 29.139498][ T297] RIP: 0033:0x4d49a6 [ 29.143231][ T297] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [pid 330] set_robust_list(0x5555571d4660, 24 [pid 329] write(3, "1000", 4 [pid 326] +++ exited with 0 +++ [pid 327] +++ exited with 0 +++ [pid 330] <... set_robust_list resumed>) = 0 [pid 329] <... write resumed>) = 4 [pid 305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=326, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 329] close(3 [pid 330] <... prctl resumed>) = 0 [pid 329] <... close resumed>) = 0 [pid 330] setpgid(0, 0 [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 330] <... setpgid resumed>) = 0 [pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 330] write(3, "1000", 4) = 4 [pid 330] close(3) = 0 [pid 330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 329] <... bpf resumed>) = 3 [pid 330] <... bpf resumed>) = 3 [pid 330] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 331 attached ./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x5555571d4660, 24 [pid 305] <... clone resumed>, child_tidptr=0x5555571d4650) = 332 [pid 332] <... set_robust_list resumed>) = 0 [pid 331] set_robust_list(0x5555571d4660, 24 [pid 304] <... clone resumed>, child_tidptr=0x5555571d4650) = 331 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 332] setpgid(0, 0 [pid 331] <... set_robust_list resumed>) = 0 [pid 332] <... setpgid resumed>) = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 331] setpgid(0, 0) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] write(3, "1000", 4) = 4 [pid 331] close(3) = 0 [pid 331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 332] write(3, "1000", 4) = 4 [pid 332] close(3 [pid 331] <... bpf resumed>) = 3 [pid 332] <... close resumed>) = 0 [pid 331] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 328] <... bpf resumed>) = 4 [pid 330] <... bpf resumed>) = 4 [pid 329] <... bpf resumed>) = 4 [pid 330] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 329] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 332] <... bpf resumed>) = 4 [pid 331] <... bpf resumed>) = 4 [pid 330] <... bpf resumed>) = 5 [pid 329] <... bpf resumed>) = 5 [pid 328] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 332] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 331] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 330] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 329] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 328] <... bpf resumed>) = 5 [pid 332] <... bpf resumed>) = 5 [pid 331] <... bpf resumed>) = 5 [pid 330] <... bpf resumed>) = 0 [pid 329] <... bpf resumed>) = 0 [pid 328] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 331] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 328] <... bpf resumed>) = 0 [pid 332] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 331] <... bpf resumed>) = 0 [pid 330] <... bpf resumed>) = 6 [pid 328] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 332] <... bpf resumed>) = 0 [pid 331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 330] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 329] <... bpf resumed>) = 6 [pid 328] <... bpf resumed>) = 6 [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 331] <... bpf resumed>) = 6 [pid 330] <... bpf resumed>) = 7 [pid 329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 328] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 330] exit_group(0 [pid 329] <... bpf resumed>) = 7 [pid 332] <... bpf resumed>) = 6 [pid 331] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 330] <... exit_group resumed>) = ? [pid 329] exit_group(0 [pid 328] <... bpf resumed>) = 7 [pid 332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 331] <... bpf resumed>) = 7 [pid 330] +++ exited with 0 +++ [pid 329] <... exit_group resumed>) = ? [pid 328] exit_group(0 [pid 332] <... bpf resumed>) = 7 [pid 331] exit_group(0 [pid 328] <... exit_group resumed>) = ? [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 332] exit_group(0 [pid 331] <... exit_group resumed>) = ? [pid 329] +++ exited with 0 +++ [pid 328] +++ exited with 0 +++ [pid 302] restart_syscall(<... resuming interrupted clone ...> [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 302] <... restart_syscall resumed>) = 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 332] <... exit_group resumed>) = ? [pid 303] restart_syscall(<... resuming interrupted clone ...> [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 303] <... restart_syscall resumed>) = 0 [pid 301] <... restart_syscall resumed>) = 0 [ 29.162679][ T297] RSP: 002b:00007ffc3b49a498 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 29.170926][ T297] RAX: ffffffffffffffda RBX: 00000000011c32f8 RCX: 00000000004d49a6 [ 29.178731][ T297] RDX: 0000000040000000 RSI: 00007ffc3b49a4bc RDI: 00000000ffffffff [ 29.186546][ T297] RBP: 0000000000000000 R08: 0000000000000017 R09: 0000000000000003 [ 29.194354][ T297] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000011cb630 [ 29.202167][ T297] R13: 0000000000000000 R14: 00007ffc3b49a4bc R15: 0000000000617180 [ 29.210012][ T297] [ 29.243214][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 29.254650][ T295] BUG: scheduling while atomic: sshd/295/0x00000002 [ 29.261195][ T295] Modules linked in: [ 29.264901][ T295] Preemption disabled at: [ 29.264910][ T295] [] __set_current_blocked+0x11b/0x2f0 [ 29.275924][ T295] CPU: 1 PID: 295 Comm: sshd Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 29.286426][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.296403][ T295] Call Trace: [ 29.299528][ T295] [ 29.302306][ T295] dump_stack_lvl+0x151/0x1b7 [ 29.306817][ T295] ? asm_sysvec_call_function_single+0x1b/0x20 [ 29.312807][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 29.318102][ T295] ? check_panic_on_warn+0x4b/0xb0 [ 29.323046][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 29.328341][ T295] dump_stack+0x15/0x1b [ 29.332334][ T295] __schedule_bug+0x195/0x260 [ 29.336849][ T295] ? cpu_util_update_eff+0x10e0/0x10e0 [ 29.342141][ T295] ? pollwake+0x280/0x280 [ 29.346319][ T295] __schedule+0xcf7/0x1550 [ 29.350565][ T295] ? __se_sys_ppoll+0x2b3/0x330 [ 29.355247][ T295] ? __sched_text_start+0x8/0x8 [ 29.359943][ T295] ? __x64_sys_ppoll+0xd0/0xd0 [ 29.364536][ T295] schedule+0xc3/0x180 [ 29.368448][ T295] exit_to_user_mode_loop+0x4e/0xa0 [ 29.373477][ T295] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.378771][ T295] syscall_exit_to_user_mode+0x26/0x140 [ 29.384151][ T295] do_syscall_64+0x49/0xb0 [ 29.388402][ T295] ? sysvec_call_function_single+0x52/0xb0 [ 29.394145][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 29.399872][ T295] RIP: 0033:0x7f00be719ad5 [ 29.404132][ T295] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 [ 29.423570][ T295] RSP: 002b:00007ffde7539ac0 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 29.431815][ T295] RAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f00be719ad5 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 302] <... clone resumed>, child_tidptr=0x5555571d4650) = 333 [pid 303] <... clone resumed>, child_tidptr=0x5555571d4650) = 334 ./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x5555571d4660, 24) = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 [pid 334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 334] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x5555571d4660, 24) = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 333] setpgid(0, 0) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 333] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 335 ./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x5555571d4660, 24) = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 334] <... bpf resumed>) = 4 [pid 333] <... bpf resumed>) = 4 [pid 332] +++ exited with 0 +++ [pid 334] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 333] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 334] <... bpf resumed>) = 5 [pid 333] <... bpf resumed>) = 5 [pid 334] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 333] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 334] <... bpf resumed>) = 0 [pid 333] <... bpf resumed>) = 0 [pid 335] <... bpf resumed>) = 4 [pid 334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 331] +++ exited with 0 +++ [pid 335] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 334] <... bpf resumed>) = 6 [pid 333] <... bpf resumed>) = 6 [pid 305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- [pid 335] <... bpf resumed>) = 5 [pid 334] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 333] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 305] restart_syscall(<... resuming interrupted clone ...> [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 335] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 305] <... restart_syscall resumed>) = 0 [pid 335] <... bpf resumed>) = 0 [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 335] <... bpf resumed>) = 6 [pid 335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 337 attached , child_tidptr=0x5555571d4650) = 338 [pid 304] <... clone resumed>, child_tidptr=0x5555571d4650) = 337 ./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x5555571d4660, 24) = 0 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 338] setpgid(0, 0) = 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 338] write(3, "1000", 4) = 4 [pid 338] close(3) = 0 [pid 338] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 337] set_robust_list(0x5555571d4660, 24 [pid 338] <... bpf resumed>) = 3 [pid 337] <... set_robust_list resumed>) = 0 [pid 338] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] <... bpf resumed>) = 7 [pid 334] <... bpf resumed>) = 7 [pid 333] <... bpf resumed>) = 7 [pid 337] setpgid(0, 0 [pid 335] exit_group(0 [pid 334] exit_group(0 [pid 333] exit_group(0 [pid 337] <... setpgid resumed>) = 0 [pid 335] <... exit_group resumed>) = ? [pid 334] <... exit_group resumed>) = ? [pid 333] <... exit_group resumed>) = ? [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] +++ exited with 0 +++ [pid 337] write(3, "1000", 4 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 337] <... write resumed>) = 4 [pid 337] close(3) = 0 [pid 337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 333] +++ exited with 0 +++ [pid 334] +++ exited with 0 +++ [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 337] <... bpf resumed>) = 3 ./strace-static-x86_64: Process 339 attached [pid 337] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 303] <... clone resumed>, child_tidptr=0x5555571d4650) = 339 [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 339] set_robust_list(0x5555571d4660, 24 [pid 302] restart_syscall(<... resuming interrupted clone ...> [pid 339] <... set_robust_list resumed>) = 0 [pid 302] <... restart_syscall resumed>) = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 339] setpgid(0, 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 339] <... setpgid resumed>) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 341 attached ./strace-static-x86_64: Process 340 attached [pid 339] write(3, "1000", 4 [pid 301] <... clone resumed>, child_tidptr=0x5555571d4650) = 340 [pid 341] set_robust_list(0x5555571d4660, 24 [pid 339] <... write resumed>) = 4 [pid 302] <... clone resumed>, child_tidptr=0x5555571d4650) = 341 [pid 341] <... set_robust_list resumed>) = 0 [pid 339] close(3) = 0 [pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 341] <... prctl resumed>) = 0 [pid 340] set_robust_list(0x5555571d4660, 24 [pid 341] setpgid(0, 0 [pid 340] <... set_robust_list resumed>) = 0 [pid 341] <... setpgid resumed>) = 0 [pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 339] <... bpf resumed>) = 3 [pid 339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 341] <... openat resumed>) = 3 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 341] write(3, "1000", 4) = 4 [pid 340] <... prctl resumed>) = 0 [pid 341] close(3) = 0 [pid 340] setpgid(0, 0) = 0 [pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 340] write(3, "1000", 4) = 4 [pid 340] close(3 [pid 341] <... bpf resumed>) = 3 [pid 340] <... close resumed>) = 0 [pid 341] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 338] <... bpf resumed>) = 4 [pid 341] <... bpf resumed>) = 4 [pid 340] <... bpf resumed>) = 4 [pid 339] <... bpf resumed>) = 4 [pid 338] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 337] <... bpf resumed>) = 4 [pid 341] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 340] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 339] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 338] <... bpf resumed>) = 5 [pid 337] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 341] <... bpf resumed>) = 5 [pid 340] <... bpf resumed>) = 5 [pid 339] <... bpf resumed>) = 5 [pid 338] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 337] <... bpf resumed>) = 5 [pid 341] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 340] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 339] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 338] <... bpf resumed>) = 0 [pid 337] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 341] <... bpf resumed>) = 0 [pid 340] <... bpf resumed>) = 0 [pid 339] <... bpf resumed>) = 0 [pid 338] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 337] <... bpf resumed>) = 0 [pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 338] <... bpf resumed>) = 6 [pid 337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 341] <... bpf resumed>) = 6 [pid 340] <... bpf resumed>) = 6 [pid 339] <... bpf resumed>) = 6 [pid 338] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 341] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [ 29.439624][ T295] RDX: 00007ffde7539ae0 RSI: 0000000000000004 RDI: 00005653f5b0c800 [ 29.447432][ T295] RBP: 00005653f5b0b3d0 R08: 0000000000000008 R09: 0000000000000000 [ 29.455249][ T295] R10: 00007ffde7539bc8 R11: 0000000000000246 R12: 00005653f4adcaa4 [ 29.463056][ T295] R13: 0000000000000001 R14: 00005653f4add3e8 R15: 00007ffde7539b48 [ 29.470881][ T295] [ 29.517189][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 29.528627][ T295] BUG: scheduling while atomic: sshd/295/0x00000002 [ 29.535010][ T295] Modules linked in: [ 29.538798][ T295] Preemption disabled at: [ 29.538806][ T295] [] pipe_read+0x5b3/0x1040 [ 29.548911][ T295] CPU: 1 PID: 295 Comm: sshd Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 29.559220][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.569125][ T295] Call Trace: [ 29.572240][ T295] [ 29.575025][ T295] dump_stack_lvl+0x151/0x1b7 [ 29.579534][ T295] ? pipe_read+0x5b3/0x1040 [ 29.583887][ T295] ? pipe_read+0x5b3/0x1040 [ 29.588213][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 29.593509][ T295] ? pipe_read+0x5b3/0x1040 [ 29.597850][ T295] dump_stack+0x15/0x1b [ 29.601839][ T295] __schedule_bug+0x195/0x260 [ 29.606351][ T295] ? try_to_wake_up+0x670/0x1220 [ 29.611128][ T295] ? cpu_util_update_eff+0x10e0/0x10e0 [ 29.616856][ T295] ? cpu_curr_snapshot+0x90/0x90 [ 29.621631][ T295] __schedule+0xcf7/0x1550 [ 29.625891][ T295] ? wake_up_process+0x10/0x20 [ 29.630482][ T295] ? raise_softirq_irqoff+0x37/0x40 [ 29.635512][ T295] ? rcu_read_unlock_special+0x3f2/0x4e0 [ 29.640982][ T295] ? __sched_text_start+0x8/0x8 [ 29.645665][ T295] ? __rcu_read_unlock+0xd0/0xd0 [ 29.650530][ T295] ? ksys_read+0x24f/0x2c0 [ 29.654786][ T295] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 29.660165][ T295] schedule+0xc3/0x180 [ 29.664072][ T295] exit_to_user_mode_loop+0x4e/0xa0 [ 29.669101][ T295] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.674399][ T295] syscall_exit_to_user_mode+0x26/0x140 [ 29.679783][ T295] do_syscall_64+0x49/0xb0 [ 29.684030][ T295] ? sysvec_call_function_single+0x52/0xb0 [ 29.689674][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 29.695399][ T295] RIP: 0033:0x7f00be6fd587 [ 29.699652][ T295] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 29.719102][ T295] RSP: 002b:00007ffde7535318 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 29.727338][ T295] RAX: 0000000000000127 RBX: 0000000000000000 RCX: 00007f00be6fd587 [ 29.735156][ T295] RDX: 000000000000085c RSI: 00005653f4ae8480 RDI: 00005653f4ae5937 [ 29.742973][ T295] RBP: 00005653f4ae6856 R08: 0000000000000006 R09: 0000000000000000 [ 29.750774][ T295] R10: 00005653f4ae6856 R11: 0000000000000246 R12: 00005653f4ae5937 [ 29.758587][ T295] R13: 00005653f4ae8480 R14: 00005653f4ae8480 R15: 00007ffde75358a0 [pid 340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 338] <... bpf resumed>) = 7 [pid 337] <... bpf resumed>) = 6 [pid 341] <... bpf resumed>) = 7 [pid 340] <... bpf resumed>) = 7 [pid 339] <... bpf resumed>) = 7 [pid 338] exit_group(0 [pid 340] exit_group(0 [pid 339] exit_group(0 [pid 338] <... exit_group resumed>) = ? [pid 340] <... exit_group resumed>) = ? [pid 339] <... exit_group resumed>) = ? [pid 338] +++ exited with 0 +++ [pid 340] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 342 ./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x5555571d4660, 24) = 0 [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 342] setpgid(0, 0) = 0 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 342] write(3, "1000", 4) = 4 [pid 342] close(3) = 0 [pid 342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 342] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 337] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 343 [pid 341] exit_group(0) = ? ./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x5555571d4660, 24) = 0 [pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 343] setpgid(0, 0) = 0 [pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 343] write(3, "1000", 4) = 4 [pid 343] close(3) = 0 [pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 343] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 342] <... bpf resumed>) = 4 [pid 339] +++ exited with 0 +++ [pid 337] <... bpf resumed>) = 7 [ 29.766402][ T295] [ 29.772330][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 29.783839][ T295] BUG: scheduling while atomic: sshd/295/0x00000002 [ 29.790368][ T295] Modules linked in: [ 29.794066][ T295] Preemption disabled at: [ 29.794075][ T295] [] __set_current_blocked+0x11b/0x2f0 [ 29.805090][ T295] CPU: 1 PID: 295 Comm: sshd Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 29.815501][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.825400][ T295] Call Trace: [ 29.828524][ T295] [ 29.831303][ T295] dump_stack_lvl+0x151/0x1b7 [ 29.835886][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 29.841103][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 29.846407][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 29.851700][ T295] ? fsnotify_perm+0x6a/0x5d0 [ 29.856214][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 29.861506][ T295] dump_stack+0x15/0x1b [ 29.865499][ T295] __schedule_bug+0x195/0x260 [ 29.870014][ T295] ? cpu_util_update_eff+0x10e0/0x10e0 [ 29.875301][ T295] ? file_end_write+0x1c0/0x1c0 [ 29.879994][ T295] __schedule+0xcf7/0x1550 [ 29.884249][ T295] ? __kasan_check_read+0x11/0x20 [ 29.889107][ T295] ? __fdget_pos+0x204/0x390 [ 29.893530][ T295] ? __sched_text_start+0x8/0x8 [ 29.898218][ T295] ? ksys_write+0x24f/0x2c0 [ 29.902557][ T295] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 29.907950][ T295] schedule+0xc3/0x180 [ 29.911857][ T295] exit_to_user_mode_loop+0x4e/0xa0 [ 29.916884][ T295] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.922175][ T295] syscall_exit_to_user_mode+0x26/0x140 [ 29.927552][ T295] do_syscall_64+0x49/0xb0 [ 29.931805][ T295] ? sysvec_call_function_single+0x52/0xb0 [ 29.937456][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 29.943269][ T295] RIP: 0033:0x7f00be716bf2 [ 29.947525][ T295] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [pid 342] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 337] exit_group(0 [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 342] <... bpf resumed>) = 5 [pid 337] <... exit_group resumed>) = ? [pid 342] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 303] <... clone resumed>, child_tidptr=0x5555571d4650) = 344 [pid 342] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x5555571d4660, 24) = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 344] setpgid(0, 0) = 0 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 344] write(3, "1000", 4) = 4 [pid 344] close(3) = 0 [pid 344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 344] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 343] <... bpf resumed>) = 4 [pid 341] +++ exited with 0 +++ [pid 337] +++ exited with 0 +++ [pid 343] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 343] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 302] restart_syscall(<... resuming interrupted clone ...> [pid 343] <... bpf resumed>) = 0 [pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 302] <... restart_syscall resumed>) = 0 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 345 attached [pid 343] <... bpf resumed>) = 6 [pid 343] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 304] <... clone resumed>, child_tidptr=0x5555571d4650) = 345 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 345] set_robust_list(0x5555571d4660, 24) = 0 [pid 302] <... clone resumed>, child_tidptr=0x5555571d4650) = 346 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 346 attached [pid 345] write(3, "1000", 4 [pid 346] set_robust_list(0x5555571d4660, 24) = 0 [pid 346] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 345] <... write resumed>) = 4 [pid 345] close(3) = 0 [pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 346] <... prctl resumed>) = 0 [pid 346] setpgid(0, 0) = 0 [pid 346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 345] <... bpf resumed>) = 3 [pid 345] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 346] <... openat resumed>) = 3 [pid 346] write(3, "1000", 4) = 4 [pid 346] close(3) = 0 [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 342] <... bpf resumed>) = 7 [pid 344] <... bpf resumed>) = 4 [ 29.966966][ T295] RSP: 002b:00007ffde7539ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 29.975210][ T295] RAX: 0000000000000054 RBX: 0000000000000054 RCX: 00007f00be716bf2 [ 29.983020][ T295] RDX: 0000000000000054 RSI: 00005653f5b174c0 RDI: 0000000000000004 [ 29.990834][ T295] RBP: 00005653f5b06400 R08: 0000000000000000 R09: 0000000000000000 [ 29.998650][ T295] R10: 0000000000000000 R11: 0000000000000246 R12: 00005653f4adcaa4 [ 30.006466][ T295] R13: 000000000000001d R14: 00005653f4add3e8 R15: 00007ffde7539b48 [ 30.014277][ T295] [pid 346] <... bpf resumed>) = 4 [pid 345] <... bpf resumed>) = 4 [ 30.038144][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 30.049586][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 30.057048][ T297] Modules linked in: [ 30.060791][ T297] Preemption disabled at: [ 30.060800][ T297] [] __lock_task_sighand+0x6b/0x100 [ 30.071637][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 30.082965][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 30.092858][ T297] Call Trace: [ 30.095983][ T297] [ 30.098765][ T297] dump_stack_lvl+0x151/0x1b7 [ 30.103277][ T297] ? __lock_task_sighand+0x6b/0x100 [ 30.108307][ T297] ? __lock_task_sighand+0x6b/0x100 [ 30.113349][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 30.118638][ T297] ? fsnotify_perm+0x6a/0x5d0 [ 30.123153][ T297] ? __lock_task_sighand+0x6b/0x100 [ 30.128184][ T297] dump_stack+0x15/0x1b [ 30.132177][ T297] __schedule_bug+0x195/0x260 [ 30.136691][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 30.141987][ T297] ? file_end_write+0x1c0/0x1c0 [ 30.146672][ T297] __schedule+0xcf7/0x1550 [ 30.150927][ T297] ? __kasan_check_read+0x11/0x20 [ 30.155790][ T297] ? __fdget_pos+0x204/0x390 [ 30.160209][ T297] ? __sched_text_start+0x8/0x8 [ 30.164898][ T297] ? ksys_write+0x24f/0x2c0 [ 30.169239][ T297] schedule+0xc3/0x180 [ 30.173142][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 30.178176][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.183480][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 30.188857][ T297] do_syscall_64+0x49/0xb0 [ 30.193112][ T297] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 30.198751][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 30.204484][ T297] RIP: 0033:0x4e5c73 [ 30.208208][ T297] Code: c7 c0 b8 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18 [ 30.227655][ T297] RSP: 002b:00007ffc3b49a2d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 344] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 343] <... bpf resumed>) = 7 [pid 342] exit_group(0 [pid 346] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 344] <... bpf resumed>) = 5 [pid 343] exit_group(0 [pid 342] <... exit_group resumed>) = ? [pid 345] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 344] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 343] <... exit_group resumed>) = ? [pid 345] <... bpf resumed>) = 5 [pid 344] <... bpf resumed>) = 0 [pid 345] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 345] <... bpf resumed>) = 0 [pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 344] <... bpf resumed>) = 6 [pid 346] <... bpf resumed>) = 5 [pid 345] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [ 30.235921][ T297] RAX: 000000000000002c RBX: 000000000000002c RCX: 00000000004e5c73 [ 30.243709][ T297] RDX: 000000000000002c RSI: 00000000011c6000 RDI: 0000000000000002 [ 30.251521][ T297] RBP: 00000000011c6000 R08: 0000000000000000 R09: 0000000000000003 [ 30.259328][ T297] R10: 00007ffc3b49a2b7 R11: 0000000000000246 R12: 000000000000002c [ 30.267142][ T297] R13: 0000000000617480 R14: 000000000000002c R15: 0000000000000001 [ 30.275044][ T297] [ 30.284225][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 30.295671][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 30.303199][ T297] Modules linked in: [ 30.306894][ T297] Preemption disabled at: [ 30.306899][ T297] [] up_read+0x16/0x170 [ 30.316635][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 30.327988][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 30.337976][ T297] Call Trace: [ 30.341092][ T297] [ 30.343874][ T297] dump_stack_lvl+0x151/0x1b7 [ 30.348383][ T297] ? sysvec_call_function_single+0x52/0xb0 [ 30.354025][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 30.359320][ T297] ? up_read+0x16/0x170 [ 30.363314][ T297] ? up_read+0x16/0x170 [ 30.367304][ T297] dump_stack+0x15/0x1b [ 30.371297][ T297] __schedule_bug+0x195/0x260 [ 30.375810][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 30.381107][ T297] ? file_end_write+0x1c0/0x1c0 [ 30.385790][ T297] __schedule+0xcf7/0x1550 [ 30.390046][ T297] ? __kasan_check_read+0x11/0x20 [ 30.394904][ T297] ? __fdget_pos+0x204/0x390 [ 30.399332][ T297] ? __sched_text_start+0x8/0x8 [ 30.404018][ T297] ? ksys_write+0x24f/0x2c0 [ 30.408359][ T297] schedule+0xc3/0x180 [ 30.412264][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 30.417299][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.422596][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 30.427973][ T297] do_syscall_64+0x49/0xb0 [ 30.432226][ T297] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 30.437867][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 30.443595][ T297] RIP: 0033:0x4e5c73 [ 30.447329][ T297] Code: c7 c0 b8 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18 [ 30.466771][ T297] RSP: 002b:00007ffc3b49a328 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 30.475016][ T297] RAX: 0000000000000057 RBX: 0000000000000057 RCX: 00000000004e5c73 [pid 344] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 346] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 342] +++ exited with 0 +++ [pid 346] <... bpf resumed>) = 0 [pid 343] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=19} --- [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 346] <... bpf resumed>) = 6 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 305] <... clone resumed>, child_tidptr=0x5555571d4650) = 348 [pid 346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 301] <... clone resumed>, child_tidptr=0x5555571d4650) = 349 ./strace-static-x86_64: Process 348 attached ./strace-static-x86_64: Process 349 attached [pid 348] set_robust_list(0x5555571d4660, 24 [pid 349] set_robust_list(0x5555571d4660, 24) = 0 [pid 348] <... set_robust_list resumed>) = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 349] <... openat resumed>) = 3 [pid 348] <... prctl resumed>) = 0 [pid 349] write(3, "1000", 4 [pid 348] setpgid(0, 0 [pid 349] <... write resumed>) = 4 [pid 349] close(3) = 0 [pid 348] <... setpgid resumed>) = 0 [pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 349] <... bpf resumed>) = 3 [pid 348] <... openat resumed>) = 3 [pid 349] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 348] write(3, "1000", 4) = 4 [pid 348] close(3) = 0 [pid 348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 348] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [ 30.482828][ T297] RDX: 0000000000000057 RSI: 00000000011c6000 RDI: 0000000000000002 [ 30.490638][ T297] RBP: 00000000011c6000 R08: 0000000000000000 R09: 0000000000000002 [ 30.498450][ T297] R10: 00007ffc3b49a296 R11: 0000000000000246 R12: 0000000000000057 [ 30.506261][ T297] R13: 0000000000617480 R14: 0000000000000057 R15: 0000000000617180 [ 30.514094][ T297] [ 30.538002][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 30.549422][ T295] BUG: scheduling while atomic: sshd/295/0x00000002 [ 30.555799][ T295] Modules linked in: [ 30.559569][ T295] Preemption disabled at: [ 30.559574][ T295] [] __set_current_blocked+0x11b/0x2f0 [ 30.570576][ T295] CPU: 1 PID: 295 Comm: sshd Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 30.580965][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 30.590862][ T295] Call Trace: [ 30.593986][ T295] [ 30.596772][ T295] dump_stack_lvl+0x151/0x1b7 [ 30.601277][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 30.606572][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 30.611864][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 30.617165][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 30.622458][ T295] dump_stack+0x15/0x1b [ 30.626447][ T295] __schedule_bug+0x195/0x260 [ 30.630962][ T295] ? cpu_util_update_eff+0x10e0/0x10e0 [ 30.636260][ T295] __schedule+0xcf7/0x1550 [ 30.640512][ T295] ? __kasan_check_read+0x11/0x20 [ 30.645370][ T295] ? _copy_to_user+0x74/0x90 [ 30.649797][ T295] ? __sched_text_start+0x8/0x8 [ 30.654479][ T295] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 30.659950][ T295] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 30.665333][ T295] schedule+0xc3/0x180 [ 30.669238][ T295] exit_to_user_mode_loop+0x4e/0xa0 [ 30.674272][ T295] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.679565][ T295] syscall_exit_to_user_mode+0x26/0x140 [ 30.684951][ T295] do_syscall_64+0x49/0xb0 [ 30.689200][ T295] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 30.694843][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 30.700571][ T295] RIP: 0033:0x7f00be6c2773 [ 30.704824][ T295] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 30.724268][ T295] RSP: 002b:00007ffde7539ae0 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 30.732509][ T295] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007f00be6c2773 [pid 345] <... bpf resumed>) = 7 [pid 346] <... bpf resumed>) = 7 [ 30.740319][ T295] RDX: 00007ffde7539bc8 RSI: 00007ffde7539b48 RDI: 0000000000000001 [ 30.748131][ T295] RBP: 00005653f5b0b3d0 R08: 0000000000000001 R09: 0000000000000000 [ 30.755942][ T295] R10: 0000000000000008 R11: 0000000000000246 R12: 00005653f4adcaa4 [ 30.763773][ T295] R13: 000000000000001e R14: 00005653f4add3e8 R15: 00007ffde7539b48 [ 30.771573][ T295] [ 30.774880][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 30.786289][ T295] BUG: scheduling while atomic: sshd/295/0x00000002 [ 30.792867][ T295] Modules linked in: [ 30.796786][ T295] Preemption disabled at: [ 30.796794][ T295] [] irq_enter_rcu+0x11/0x80 [ 30.806894][ T295] CPU: 1 PID: 295 Comm: sshd Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 30.817257][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 30.827144][ T295] Call Trace: [ 30.830274][ T295] [ 30.833052][ T295] dump_stack_lvl+0x151/0x1b7 [ 30.837560][ T295] ? irq_enter_rcu+0x11/0x80 [ 30.841986][ T295] ? irq_enter_rcu+0x11/0x80 [ 30.846415][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 30.851708][ T295] ? irq_enter_rcu+0x11/0x80 [ 30.856135][ T295] dump_stack+0x15/0x1b [ 30.860129][ T295] __schedule_bug+0x195/0x260 [ 30.864641][ T295] ? cpu_util_update_eff+0x10e0/0x10e0 [ 30.869935][ T295] __schedule+0xcf7/0x1550 [ 30.874195][ T295] ? __kasan_check_read+0x11/0x20 [ 30.879047][ T295] ? _copy_to_user+0x74/0x90 [ 30.883473][ T295] ? __sched_text_start+0x8/0x8 [ 30.888161][ T295] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 30.893628][ T295] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 30.899010][ T295] schedule+0xc3/0x180 [ 30.902916][ T295] exit_to_user_mode_loop+0x4e/0xa0 [ 30.907950][ T295] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.913243][ T295] syscall_exit_to_user_mode+0x26/0x140 [ 30.918624][ T295] do_syscall_64+0x49/0xb0 [ 30.922878][ T295] ? sysvec_call_function_single+0x52/0xb0 [ 30.928519][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 30.934251][ T295] RIP: 0033:0x7f00be6c2773 [ 30.938502][ T295] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 30.957945][ T295] RSP: 002b:00007ffde7539ae0 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 30.966188][ T295] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f00be6c2773 [ 30.974003][ T295] RDX: 00007ffde7539bc8 RSI: 00007ffde7539b48 RDI: 0000000000000000 [ 30.981811][ T295] RBP: 00005653f5b0b3d0 R08: 0000000000000000 R09: 0000000000000000 [pid 344] <... bpf resumed>) = 7 [pid 349] <... bpf resumed>) = 4 [pid 348] <... bpf resumed>) = 4 [pid 346] exit_group(0 [pid 345] exit_group(0 [pid 344] exit_group(0 [pid 348] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 346] <... exit_group resumed>) = ? [pid 344] <... exit_group resumed>) = ? [pid 348] <... bpf resumed>) = 5 [pid 346] +++ exited with 0 +++ [pid 348] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 348] <... bpf resumed>) = 6 [pid 348] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 302] <... clone resumed>, child_tidptr=0x5555571d4650) = 350 [pid 349] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 349] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 349] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 345] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x5555571d4660, 24) = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 350] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16) = 4 [pid 349] <... bpf resumed>) = 7 [pid 348] <... bpf resumed>) = 7 [pid 345] +++ exited with 0 +++ [pid 344] +++ exited with 0 +++ [pid 350] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 349] exit_group(0 [pid 348] exit_group(0 [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 350] <... bpf resumed>) = 5 [pid 349] <... exit_group resumed>) = ? [pid 348] <... exit_group resumed>) = ? [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 350] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 350] <... bpf resumed>) = 0 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 303] <... clone resumed>, child_tidptr=0x5555571d4650) = 351 [pid 350] <... bpf resumed>) = 6 [pid 304] <... clone resumed>, child_tidptr=0x5555571d4650) = 352 [pid 350] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 352 attached [pid 352] set_robust_list(0x5555571d4660, 24) = 0 [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 352] setpgid(0, 0) = 0 [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 352] write(3, "1000", 4) = 4 [pid 352] close(3) = 0 [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16./strace-static-x86_64: Process 351 attached [pid 351] set_robust_list(0x5555571d4660, 24) = 0 [pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 351] setpgid(0, 0) = 0 [pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 351] write(3, "1000", 4) = 4 [pid 351] close(3) = 0 [ 30.989624][ T295] R10: 0000000000000008 R11: 0000000000000246 R12: 00005653f4adcaa4 [ 30.997433][ T295] R13: 000000000000001e R14: 00005653f4add3e8 R15: 00007ffde7539b48 [ 31.005252][ T295] [ 31.010327][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 31.021754][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 31.029159][ T297] Modules linked in: [ 31.032794][ T297] Preemption disabled at: [ 31.032799][ T297] [] remove_wait_queue+0x26/0x140 [ 31.043471][ T297] CPU: 0 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 31.054755][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 31.064647][ T297] Call Trace: [ 31.067772][ T297] [ 31.070548][ T297] dump_stack_lvl+0x151/0x1b7 [ 31.075060][ T297] ? remove_wait_queue+0x26/0x140 [ 31.079923][ T297] ? remove_wait_queue+0x26/0x140 [ 31.084782][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 31.090078][ T297] ? remove_wait_queue+0x26/0x140 [ 31.094939][ T297] dump_stack+0x15/0x1b [ 31.098931][ T297] __schedule_bug+0x195/0x260 [ 31.103442][ T297] ? __ia32_sys_waitid+0xd0/0xd0 [ 31.108217][ T297] ? bpf_trace_printk+0x1be/0x300 [ 31.113076][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 31.118372][ T297] ? kernel_waitid+0x520/0x520 [ 31.122972][ T297] __schedule+0xcf7/0x1550 [ 31.127227][ T297] ? __x64_sys_wait4+0x181/0x1e0 [ 31.131998][ T297] ? bpf_trace_run2+0x138/0x290 [ 31.136683][ T297] ? __sched_text_start+0x8/0x8 [ 31.141373][ T297] schedule+0xc3/0x180 [ 31.145278][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 31.150313][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 31.155607][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 31.160988][ T297] do_syscall_64+0x49/0xb0 [ 31.165242][ T297] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 31.170882][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 31.176611][ T297] RIP: 0033:0x4d49a6 [ 31.180344][ T297] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 31.199784][ T297] RSP: 002b:00007ffc3b49a498 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 31.208034][ T297] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00000000004d49a6 [ 31.215846][ T297] RDX: 0000000040000001 RSI: 00007ffc3b49a4bc RDI: 00000000ffffffff [ 31.223655][ T297] RBP: 00000000011c4ba0 R08: 0000000000000000 R09: 0000000000000000 [ 31.231465][ T297] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000011cb2d0 [pid 351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 349] +++ exited with 0 +++ [pid 351] <... bpf resumed>) = 3 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 351] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 355 attached , child_tidptr=0x5555571d4650) = 355 [pid 355] set_robust_list(0x5555571d4660, 24) = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 355] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 348] +++ exited with 0 +++ [pid 350] <... bpf resumed>) = 7 [pid 305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 350] exit_group(0) = ? [pid 352] <... bpf resumed>) = 4 [pid 351] <... bpf resumed>) = 4 [pid 352] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 351] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 350] +++ exited with 0 +++ [pid 355] <... bpf resumed>) = 4 [pid 352] <... bpf resumed>) = 5 [pid 351] <... bpf resumed>) = 5 [pid 352] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 351] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 352] <... bpf resumed>) = 0 [pid 351] <... bpf resumed>) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 356 attached [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 355] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 352] <... bpf resumed>) = 6 [pid 351] <... bpf resumed>) = 6 [pid 302] <... clone resumed>, child_tidptr=0x5555571d4650) = 356 [pid 352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 351] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 355] <... bpf resumed>) = 5 [pid 355] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 356] set_robust_list(0x5555571d4660, 24 [pid 355] <... bpf resumed>) = 6 [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 355] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 305] <... clone resumed>, child_tidptr=0x5555571d4650) = 357 [pid 356] <... set_robust_list resumed>) = 0 [pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 356] setpgid(0, 0) = 0 [pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 356] write(3, "1000", 4) = 4 [pid 356] close(3) = 0 [pid 356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x5555571d4660, 24 [pid 356] <... bpf resumed>) = 3 [pid 356] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 357] <... set_robust_list resumed>) = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 357] setpgid(0, 0) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 357] write(3, "1000", 4) = 4 [pid 357] close(3) = 0 [pid 357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 357] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 352] <... bpf resumed>) = 7 [pid 351] <... bpf resumed>) = 7 [pid 355] <... bpf resumed>) = 7 [pid 356] <... bpf resumed>) = 4 [pid 357] <... bpf resumed>) = 4 [pid 356] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 357] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 355] exit_group(0 [pid 352] exit_group(0 [pid 351] exit_group(0 [pid 355] <... exit_group resumed>) = ? [pid 352] <... exit_group resumed>) = ? [pid 351] <... exit_group resumed>) = ? [pid 356] <... bpf resumed>) = 5 [pid 357] <... bpf resumed>) = 5 [pid 355] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 351] +++ exited with 0 +++ [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 303] restart_syscall(<... resuming interrupted clone ...> [pid 357] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 356] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 352] +++ exited with 0 +++ [pid 303] <... restart_syscall resumed>) = 0 [pid 301] <... restart_syscall resumed>) = 0 [pid 357] <... bpf resumed>) = 0 [pid 356] <... bpf resumed>) = 0 [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 357] <... bpf resumed>) = 6 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 356] <... bpf resumed>) = 6 [pid 356] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 360 attached ./strace-static-x86_64: Process 359 attached ./strace-static-x86_64: Process 358 attached [pid 304] <... clone resumed>, child_tidptr=0x5555571d4650) = 358 [pid 303] <... clone resumed>, child_tidptr=0x5555571d4650) = 359 [pid 360] set_robust_list(0x5555571d4660, 24 [pid 301] <... clone resumed>, child_tidptr=0x5555571d4650) = 360 [pid 360] <... set_robust_list resumed>) = 0 [pid 359] set_robust_list(0x5555571d4660, 24 [pid 358] set_robust_list(0x5555571d4660, 24 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 359] <... set_robust_list resumed>) = 0 [pid 358] <... set_robust_list resumed>) = 0 [pid 360] <... prctl resumed>) = 0 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 360] setpgid(0, 0) = 0 [pid 359] <... prctl resumed>) = 0 [pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 359] setpgid(0, 0 [pid 358] <... prctl resumed>) = 0 [pid 360] <... openat resumed>) = 3 [pid 359] <... setpgid resumed>) = 0 [pid 358] setpgid(0, 0 [pid 360] write(3, "1000", 4) = 4 [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 360] close(3 [pid 358] <... setpgid resumed>) = 0 [pid 360] <... close resumed>) = 0 [pid 360] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 359] <... openat resumed>) = 3 [pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 359] write(3, "1000", 4) = 4 [pid 359] close(3 [pid 360] <... bpf resumed>) = 3 [pid 359] <... close resumed>) = 0 [pid 358] <... openat resumed>) = 3 [pid 360] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 358] write(3, "1000", 4) = 4 [pid 359] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 358] close(3) = 0 [pid 359] <... bpf resumed>) = 3 [pid 358] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 359] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 358] <... bpf resumed>) = 3 [ 31.239277][ T297] R13: 0000000000000131 R14: 00007ffc3b49a4bc R15: 0000000000617180 [ 31.247095][ T297] [pid 358] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 357] <... bpf resumed>) = 7 [pid 356] <... bpf resumed>) = 7 [pid 360] <... bpf resumed>) = 4 [pid 359] <... bpf resumed>) = 4 [pid 358] <... bpf resumed>) = 4 [ 31.319088][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 31.330481][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 31.337947][ T297] Modules linked in: [ 31.341641][ T297] Preemption disabled at: [ 31.341646][ T297] [] up_read+0x16/0x170 [ 31.351426][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 31.362735][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 31.372628][ T297] Call Trace: [ 31.375751][ T297] [ 31.378530][ T297] dump_stack_lvl+0x151/0x1b7 [ 31.383044][ T297] ? up_read+0x16/0x170 [ 31.387034][ T297] ? up_read+0x16/0x170 [ 31.391028][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 31.396323][ T297] ? up_read+0x16/0x170 [ 31.400315][ T297] dump_stack+0x15/0x1b [ 31.404306][ T297] __schedule_bug+0x195/0x260 [ 31.408822][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 31.414116][ T297] __schedule+0xcf7/0x1550 [ 31.418370][ T297] ? __ia32_sys_pidfd_getfd+0x90/0x90 [ 31.423576][ T297] ? __sched_text_start+0x8/0x8 [ 31.428263][ T297] ? fput+0x162/0x1b0 [ 31.432082][ T297] schedule+0xc3/0x180 [ 31.435988][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 31.441024][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 31.446315][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 31.451702][ T297] do_syscall_64+0x49/0xb0 [ 31.455953][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 31.461677][ T297] RIP: 0033:0x4e65f7 [ 31.465413][ T297] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 31.484852][ T297] RSP: 002b:00007ffc3b49a2a8 EFLAGS: 00000286 ORIG_RAX: 0000000000000003 [ 31.493097][ T297] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: 00000000004e65f7 [ 31.500909][ T297] RDX: 00007ffc3b49a2b0 RSI: 0000000000008910 RDI: 0000000000000003 [ 31.508719][ T297] RBP: 0000000000000003 R08: 00000000ffffffff R09: 000000000000000c [pid 360] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 359] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 358] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 357] exit_group(0 [ 31.516536][ T297] R10: 0000000000554612 R11: 0000000000000286 R12: 00007ffc3b49a310 [ 31.524344][ T297] R13: 00007ffc3b49a2b0 R14: 0000000000423160 R15: 0000000000617180 [ 31.532159][ T297] [ 31.536605][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 31.548083][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 31.555514][ T297] Modules linked in: [ 31.559237][ T297] Preemption disabled at: [ 31.559243][ T297] [] __lock_task_sighand+0x6b/0x100 [ 31.569952][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 31.581289][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 31.591189][ T297] Call Trace: [ 31.594306][ T297] [ 31.597081][ T297] dump_stack_lvl+0x151/0x1b7 [ 31.601594][ T297] ? __lock_task_sighand+0x6b/0x100 [ 31.606625][ T297] ? __lock_task_sighand+0x6b/0x100 [ 31.611664][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 31.616957][ T297] ? __lock_task_sighand+0x6b/0x100 [ 31.621992][ T297] dump_stack+0x15/0x1b [ 31.625982][ T297] __schedule_bug+0x195/0x260 [ 31.630502][ T297] ? __ia32_sys_waitid+0xd0/0xd0 [ 31.635270][ T297] ? bpf_trace_printk+0x1be/0x300 [ 31.640132][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 31.645528][ T297] ? kernel_waitid+0x520/0x520 [ 31.650118][ T297] __schedule+0xcf7/0x1550 [ 31.654376][ T297] ? __x64_sys_wait4+0x181/0x1e0 [ 31.659173][ T297] ? bpf_trace_run2+0x138/0x290 [ 31.663831][ T297] ? __sched_text_start+0x8/0x8 [ 31.668533][ T297] schedule+0xc3/0x180 [ 31.672437][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 31.677468][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 31.682754][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 31.688134][ T297] do_syscall_64+0x49/0xb0 [ 31.692386][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 31.698121][ T297] RIP: 0033:0x4d49a6 [ 31.701850][ T297] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 31.721305][ T297] RSP: 002b:00007ffc3b49a498 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 31.729534][ T297] RAX: 0000000000000168 RBX: 00000000011c32f8 RCX: 00000000004d49a6 [ 31.737346][ T297] RDX: 0000000040000000 RSI: 00007ffc3b49a4bc RDI: 00000000ffffffff [ 31.745155][ T297] RBP: 0000000000000000 R08: 0000000000000017 R09: 0000000000000001 [ 31.752969][ T297] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000011cb7e0 [ 31.760779][ T297] R13: 0000000000000000 R14: 00007ffc3b49a4bc R15: 0000000000617180 [pid 356] exit_group(0 [pid 360] <... bpf resumed>) = 5 [pid 359] <... bpf resumed>) = 5 [pid 358] <... bpf resumed>) = 5 [pid 357] <... exit_group resumed>) = ? [pid 356] <... exit_group resumed>) = ? [pid 360] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 359] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 358] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 360] <... bpf resumed>) = 0 [pid 359] <... bpf resumed>) = 0 [pid 358] <... bpf resumed>) = 0 [pid 360] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 359] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 358] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 360] <... bpf resumed>) = 6 [pid 359] <... bpf resumed>) = 6 [pid 358] <... bpf resumed>) = 6 [pid 360] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 359] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [ 31.768617][ T297] [ 31.777999][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 31.789517][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 31.796824][ T297] Modules linked in: [ 31.800947][ T297] Preemption disabled at: [ 31.800955][ T297] [] __lock_task_sighand+0x6b/0x100 [ 31.811777][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 31.823071][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 31.832960][ T297] Call Trace: [ 31.836078][ T297] [ 31.838859][ T297] dump_stack_lvl+0x151/0x1b7 [ 31.843371][ T297] ? __lock_task_sighand+0x6b/0x100 [ 31.848402][ T297] ? __lock_task_sighand+0x6b/0x100 [ 31.853436][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 31.858735][ T297] ? task_rq_lock+0xd2/0x2b0 [ 31.863158][ T297] ? __lock_task_sighand+0x6b/0x100 [ 31.868193][ T297] dump_stack+0x15/0x1b [ 31.872185][ T297] __schedule_bug+0x195/0x260 [ 31.876700][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 31.881993][ T297] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 31.887294][ T297] ? _raw_spin_lock+0x1b0/0x1b0 [ 31.891984][ T297] __schedule+0xcf7/0x1550 [ 31.896230][ T297] ? __lock_task_sighand+0xde/0x100 [ 31.901261][ T297] ? __sched_text_start+0x8/0x8 [ 31.905948][ T297] ? __kasan_check_write+0x14/0x20 [ 31.910898][ T297] ? __se_sys_ptrace+0x3b2/0x410 [ 31.915674][ T297] schedule+0xc3/0x180 [ 31.919574][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 31.924610][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 31.929904][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 31.935286][ T297] do_syscall_64+0x49/0xb0 [ 31.939538][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 31.945266][ T297] RIP: 0033:0x4e6c1a [ 31.948999][ T297] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [pid 358] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 360] <... bpf resumed>) = 7 [pid 359] <... bpf resumed>) = 7 [pid 360] exit_group(0 [pid 359] exit_group(0 [pid 358] <... bpf resumed>) = 7 [pid 357] +++ exited with 0 +++ [pid 356] +++ exited with 0 +++ [pid 360] <... exit_group resumed>) = ? [pid 359] <... exit_group resumed>) = ? [pid 358] exit_group(0 [pid 360] +++ exited with 0 +++ [pid 305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=21} --- [pid 358] <... exit_group resumed>) = ? [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 302] restart_syscall(<... resuming interrupted clone ...> [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 302] <... restart_syscall resumed>) = 0 [pid 305] <... clone resumed>, child_tidptr=0x5555571d4650) = 362 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x5555571d4660, 24) = 0 [pid 302] <... clone resumed>, child_tidptr=0x5555571d4650) = 363 ./strace-static-x86_64: Process 363 attached [ 31.968440][ T297] RSP: 002b:00007ffc3b49a380 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 31.976697][ T297] RAX: 0000000000000000 RBX: 00000000011c32f8 RCX: 00000000004e6c1a [ 31.984503][ T297] RDX: 0000000000000000 RSI: 000000000000012d RDI: 0000000000000018 [ 31.992315][ T297] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000002 [ 32.000120][ T297] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000011c4e40 [ 32.008218][ T297] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [ 32.016037][ T297] [pid 362] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 363] set_robust_list(0x5555571d4660, 24) = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 362] <... prctl resumed>) = 0 [pid 362] setpgid(0, 0) = 0 [pid 362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 363] <... prctl resumed>) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 362] <... openat resumed>) = 3 [pid 363] <... openat resumed>) = 3 [pid 362] write(3, "1000", 4) = 4 [pid 363] write(3, "1000", 4 [pid 362] close(3 [pid 363] <... write resumed>) = 4 [pid 363] close(3 [pid 362] <... close resumed>) = 0 [pid 363] <... close resumed>) = 0 [pid 362] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 363] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 362] <... bpf resumed>) = 3 [ 32.042909][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 32.054329][ T303] BUG: scheduling while atomic: syz-executor246/303/0x00000002 [ 32.062184][ T303] Modules linked in: [ 32.065891][ T303] Preemption disabled at: [ 32.065897][ T303] [] ptrace_stop+0x57e/0x930 [ 32.076149][ T303] CPU: 1 PID: 303 Comm: syz-executor246 Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 32.087415][ T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 32.097307][ T303] Call Trace: [ 32.100435][ T303] [ 32.103212][ T303] dump_stack_lvl+0x151/0x1b7 [ 32.107729][ T303] ? ptrace_stop+0x57e/0x930 [ 32.112153][ T303] ? ptrace_stop+0x57e/0x930 [ 32.116576][ T303] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 32.121872][ T303] ? ptrace_stop+0x57e/0x930 [ 32.126296][ T303] dump_stack+0x15/0x1b [ 32.130292][ T303] __schedule_bug+0x195/0x260 [ 32.134802][ T303] ? cpu_util_update_eff+0x10e0/0x10e0 [ 32.140098][ T303] __schedule+0xcf7/0x1550 [ 32.144350][ T303] ? __kasan_check_write+0x14/0x20 [ 32.149297][ T303] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 32.154246][ T303] ? __sched_text_start+0x8/0x8 [ 32.158935][ T303] ? __kasan_check_read+0x11/0x20 [ 32.163789][ T303] ? cgroup_update_frozen+0x15f/0x980 [ 32.169009][ T303] schedule+0xc3/0x180 [ 32.172925][ T303] ptrace_stop+0x54f/0x930 [ 32.177162][ T303] ptrace_notify+0x225/0x350 [ 32.181584][ T303] ? do_notify_parent+0xa20/0xa20 [ 32.186457][ T303] ? __bpf_trace_sys_enter+0x62/0x70 [ 32.191568][ T303] ? __traceiter_sys_enter+0x2a/0x40 [ 32.196775][ T303] syscall_exit_to_user_mode+0xa2/0x140 [ 32.202154][ T303] do_syscall_64+0x49/0xb0 [ 32.206406][ T303] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 32.212136][ T303] RIP: 0033:0x7fc14ffac933 [ 32.216389][ T303] Code: fe ff e9 41 ff ff ff 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 80 3d 51 b7 07 00 00 49 89 ca 74 14 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5d c3 0f 1f 40 00 48 83 ec 28 89 54 24 14 48 [pid 363] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 362] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 364 [ 32.235832][ T303] RSP: 002b:00007fff396dc1f8 EFLAGS: 00000202 ORIG_RAX: 000000000000003d [ 32.244077][ T303] RAX: 0000000000000000 RBX: 0000000000000167 RCX: 00007fc14ffac933 [ 32.251887][ T303] RDX: 0000000040000001 RSI: 00007fff396dc20c RDI: 00000000ffffffff [ 32.259699][ T303] RBP: 00000000000f4240 R08: 00007fff397f8080 R09: 00007fff397f80b0 [ 32.267511][ T303] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000007a2d [ 32.275320][ T303] R13: 00007fff396dc20c R14: 00007fff396dc220 R15: 00007fff396dc210 [ 32.283142][ T303] [ 32.287297][ C0] softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000103, exited with 00000102? [ 32.289426][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 32.298854][ T84] BUG: scheduling while atomic: syslogd/84/0x00000002 [ 32.309898][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 32.309912][ T297] Modules linked in: [ 32.309921][ T297] Preemption disabled at: [ 32.309925][ T297] [] __lock_task_sighand+0x6b/0x100 [ 32.309953][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 32.309972][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 32.309981][ T297] Call Trace: [ 32.316445][ T84] Modules linked in: [ 32.323822][ T297] [ 32.323829][ T297] dump_stack_lvl+0x151/0x1b7 [ 32.323845][ T297] ? __lock_task_sighand+0x6b/0x100 [ 32.323862][ T297] ? __lock_task_sighand+0x6b/0x100 [ 32.327564][ T84] Preemption disabled at: [ 32.331721][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 32.338328][ T84] [] is_module_text_address+0x1f/0x360 [ 32.349689][ T297] ? __lock_task_sighand+0x6b/0x100 [ 32.349709][ T297] dump_stack+0x15/0x1b [ 32.409149][ T297] __schedule_bug+0x195/0x260 [ 32.413658][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 32.418952][ T297] __schedule+0xcf7/0x1550 [ 32.423206][ T297] ? _raw_spin_lock+0x1b0/0x1b0 [ 32.427894][ T297] ? __sched_text_start+0x8/0x8 [ 32.432579][ T297] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 32.438219][ T297] schedule+0xc3/0x180 [ 32.442124][ T297] do_wait+0x6e7/0xa10 [ 32.446033][ T297] kernel_wait4+0x29e/0x3d0 [ 32.450372][ T297] ? __ia32_sys_waitid+0xd0/0xd0 [ 32.455145][ T297] ? bpf_trace_printk+0x1be/0x300 [ 32.460005][ T297] ? kernel_waitid+0x520/0x520 [ 32.464605][ T297] __x64_sys_wait4+0x130/0x1e0 [ 32.469206][ T297] ? kernel_wait+0x230/0x230 [ 32.473632][ T297] ? bpf_trace_run2+0x138/0x290 [ 32.478319][ T297] ? __bpf_trace_sys_enter+0x62/0x70 [ 32.483438][ T297] ? __traceiter_sys_enter+0x2a/0x40 [ 32.488559][ T297] ? syscall_enter_from_user_mode+0x12c/0x190 [ 32.494463][ T297] do_syscall_64+0x3d/0xb0 [ 32.498714][ T297] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 32.504355][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 32.510086][ T297] RIP: 0033:0x4d49a6 [ 32.513816][ T297] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 32.533260][ T297] RSP: 002b:00007ffc3b49a498 EFLAGS: 00000246 ORIG_RAX: 000000000000003d ./strace-static-x86_64: Process 364 attached [ 32.541506][ T297] RAX: ffffffffffffffda RBX: 00000000011c32f8 RCX: 00000000004d49a6 [ 32.549313][ T297] RDX: 0000000040000000 RSI: 00007ffc3b49a4bc RDI: 00000000ffffffff [ 32.557127][ T297] RBP: 0000000000000000 R08: 0000000000000017 R09: 0000000000000000 [ 32.564939][ T297] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000011cb360 [ 32.572751][ T297] R13: 0000000000000000 R14: 00007ffc3b49a4bc R15: 0000000000617180 [ 32.580565][ T297] [ 32.583428][ T84] CPU: 0 PID: 84 Comm: syslogd Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 32.585119][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 32.594014][ T84] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 32.594026][ T84] Call Trace: [ 32.594031][ T84] [ 32.594037][ T84] dump_stack_lvl+0x151/0x1b7 [ 32.594056][ T84] ? is_module_text_address+0x1f/0x360 [ 32.605423][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 32.615363][ T84] ? is_module_text_address+0x1f/0x360 [ 32.615387][ T84] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 32.615403][ T84] ? is_module_text_address+0x1f/0x360 [ 32.618503][ T297] Modules linked in: [ 32.621269][ T84] dump_stack+0x15/0x1b [ 32.625778][ T297] [ 32.625783][ T297] Preemption disabled at: [ 32.631075][ T84] __schedule_bug+0x195/0x260 [ 32.631094][ T84] ? cpu_util_update_eff+0x10e0/0x10e0 [ 32.638470][ T297] [] __lock_task_sighand+0x6b/0x100 [ 32.643745][ T84] ? __stack_depot_save+0x36/0x480 [ 32.690289][ T84] __schedule+0xcf7/0x1550 [ 32.694618][ T84] ? ____kasan_slab_free+0x131/0x180 [ 32.699736][ T84] ? __kasan_slab_free+0x11/0x20 [ 32.704511][ T84] ? kmem_cache_free+0x291/0x510 [ 32.709286][ T84] ? kfree_skbmem+0x104/0x170 [ 32.713799][ T84] ? consume_skb+0xb4/0x250 [ 32.718145][ T84] ? xas_start+0x32c/0x3f0 [ 32.722399][ T84] ? __sched_text_start+0x8/0x8 [ 32.727083][ T84] ? __kasan_check_write+0x14/0x20 [ 32.732031][ T84] schedule+0xc3/0x180 [ 32.736289][ T84] schedule_timeout+0xa9/0x380 [ 32.740877][ T84] ? __kasan_check_write+0x14/0x20 [ 32.745824][ T84] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 32.751121][ T84] ? console_conditional_schedule+0x10/0x10 [ 32.756853][ T84] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 32.762493][ T84] ? prepare_to_wait_exclusive+0x1ac/0x1f0 [ 32.768221][ T84] __skb_wait_for_more_packets+0x394/0x5f0 [ 32.773865][ T84] ? skb_gso_transport_seglen+0x4f0/0x4f0 [ 32.779413][ T84] ? mutex_unlock+0xb2/0x260 [ 32.783841][ T84] ? __skb_wait_for_more_packets+0x5f0/0x5f0 [ 32.789658][ T84] ? __mutex_lock_slowpath+0x10/0x10 [ 32.794782][ T84] ? avc_has_perm+0x16f/0x260 [ 32.799407][ T84] __unix_dgram_recvmsg+0x350/0x12b0 [ 32.804526][ T84] ? unix_unhash+0x10/0x10 [ 32.808770][ T84] ? avc_has_perm+0x16f/0x260 [ 32.813285][ T84] ? ring_buffer_unlock_commit+0x4b6/0x610 [ 32.819373][ T84] unix_dgram_recvmsg+0xb7/0xd0 [ 32.824050][ T84] ? unix_dgram_sendmsg+0x2050/0x2050 [ 32.829346][ T84] sock_read_iter+0x3b2/0x4b0 [ 32.833857][ T84] ? kernel_sock_ip_overhead+0x280/0x280 [ 32.839325][ T84] ? __kasan_check_read+0x11/0x20 [ 32.844182][ T84] ? fsnotify_perm+0x470/0x5d0 [ 32.848794][ T84] vfs_read+0x771/0xad0 [ 32.852776][ T84] ? bpf_bprintf_cleanup+0x48/0x60 [ 32.857733][ T84] ? kernel_read+0x1f0/0x1f0 [ 32.862152][ T84] ? __kasan_check_read+0x11/0x20 [ 32.867011][ T84] ? __fdget_pos+0x204/0x390 [ 32.871437][ T84] ksys_read+0x199/0x2c0 [ 32.875517][ T84] ? vfs_write+0xeb0/0xeb0 [ 32.879777][ T84] ? __bpf_trace_sys_enter+0x62/0x70 [ 32.884892][ T84] __x64_sys_read+0x7b/0x90 [ 32.889229][ T84] do_syscall_64+0x3d/0xb0 [ 32.893481][ T84] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 32.899230][ T84] RIP: 0033:0x7f09fbb11b6a [ 32.903465][ T84] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 32.922906][ T84] RSP: 002b:00007ffdf2e00968 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 32.931151][ T84] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f09fbb11b6a [ 32.938961][ T84] RDX: 00000000000000ff RSI: 0000563c5382f300 RDI: 0000000000000000 [ 32.946780][ T84] RBP: 0000563c5382f2c0 R08: 0000000000000001 R09: 0000000000000000 [ 32.954671][ T84] R10: 00007f09fbcb03a3 R11: 0000000000000246 R12: 0000563c5382f351 [ 32.962570][ T84] R13: 0000563c5382f300 R14: 0000000000000000 R15: 00007f09fbceea80 [ 32.970386][ T84] [ 32.973256][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 32.984729][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 32.994611][ T297] Call Trace: [ 32.997737][ T297] [ 33.000517][ T297] dump_stack_lvl+0x151/0x1b7 [ 33.005036][ T297] ? __lock_task_sighand+0x6b/0x100 [ 33.010060][ T297] ? __lock_task_sighand+0x6b/0x100 [ 33.015100][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 33.020397][ T297] ? __lock_task_sighand+0x6b/0x100 [ 33.025433][ T297] dump_stack+0x15/0x1b [ 33.029416][ T297] __schedule_bug+0x195/0x260 [ 33.033928][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 33.039227][ T297] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 33.044523][ T297] ? _raw_spin_lock+0x1b0/0x1b0 [ 33.049215][ T297] __schedule+0xcf7/0x1550 [ 33.053473][ T297] ? __lock_task_sighand+0xde/0x100 [ 33.058497][ T297] ? __sched_text_start+0x8/0x8 [ 33.063181][ T297] ? __kasan_check_write+0x14/0x20 [ 33.068131][ T297] ? __se_sys_ptrace+0x3b2/0x410 [ 33.072987][ T297] schedule+0xc3/0x180 [ 33.076890][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 33.081926][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 33.087219][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 33.092614][ T297] do_syscall_64+0x49/0xb0 [ 33.096855][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 33.102580][ T297] RIP: 0033:0x4e6c1a [ 33.106322][ T297] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 33.125759][ T297] RSP: 002b:00007ffc3b49a300 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 33.134018][ T297] RAX: 0000000000000050 RBX: 00000000011c50e0 RCX: 00000000004e6c1a [ 33.141812][ T297] RDX: 0000000000000058 RSI: 000000000000012f RDI: 000000000000420e [ 33.149710][ T297] RBP: 00007ffc3b49a400 R08: 000000000000420d R09: 0000000000000002 [ 33.157521][ T297] R10: 000000000063c820 R11: 0000000000000206 R12: 00000000011c50e0 [ 33.165333][ T297] R13: 00007ffc3b49a45c R14: 000000000000857f R15: 0000000000617180 [ 33.173151][ T297] [ 33.176075][ T28] audit: type=1400 audit(1713663118.750:73): avc: denied { remove_name } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [pid 364] set_robust_list(0x5555571d4660, 24) = 0 [pid 359] +++ exited with 0 +++ [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 358] +++ exited with 0 +++ [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 364] <... prctl resumed>) = 0 [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=358, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 364] setpgid(0, 0 [pid 304] restart_syscall(<... resuming interrupted clone ...> [pid 364] <... setpgid resumed>) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "1000", 4) = 4 [pid 364] close(3) = 0 [pid 364] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 304] <... restart_syscall resumed>) = 0 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 366 ./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x5555571d4660, 24) = 0 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 366] setpgid(0, 0) = 0 [pid 364] <... bpf resumed>) = 3 [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 364] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 366] <... openat resumed>) = 3 [pid 366] write(3, "1000", 4) = 4 [pid 366] close(3) = 0 [pid 366] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 367 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x5555571d4660, 24) = 0 [pid 366] <... bpf resumed>) = 3 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 366] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 367] <... prctl resumed>) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 367] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 363] <... bpf resumed>) = 4 [pid 364] <... bpf resumed>) = 4 [pid 363] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 362] <... bpf resumed>) = 4 [pid 367] <... bpf resumed>) = 4 [pid 366] <... bpf resumed>) = 4 [pid 364] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 363] <... bpf resumed>) = 5 [pid 362] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 364] <... bpf resumed>) = 5 [pid 363] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 362] <... bpf resumed>) = 5 [pid 366] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 367] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 364] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 363] <... bpf resumed>) = 0 [pid 362] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 366] <... bpf resumed>) = 5 [pid 367] <... bpf resumed>) = 5 [pid 364] <... bpf resumed>) = 0 [pid 363] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 362] <... bpf resumed>) = 0 [pid 367] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 366] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 364] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 367] <... bpf resumed>) = 0 [pid 366] <... bpf resumed>) = 0 [pid 363] <... bpf resumed>) = 6 [pid 362] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 367] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 366] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 364] <... bpf resumed>) = 6 [pid 363] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 367] <... bpf resumed>) = 6 [pid 366] <... bpf resumed>) = 6 [pid 364] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 363] <... bpf resumed>) = 7 [pid 362] <... bpf resumed>) = 6 [ 33.198763][ T28] audit: type=1400 audit(1713663118.750:74): avc: denied { rename } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.248158][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 33.259745][ T295] BUG: scheduling while atomic: sshd/295/0x00000002 [ 33.266118][ T295] Modules linked in: [ 33.269930][ T295] Preemption disabled at: [ 33.269938][ T295] [] pipe_read+0x5b3/0x1040 [ 33.279962][ T295] CPU: 1 PID: 295 Comm: sshd Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 33.290307][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 33.300206][ T295] Call Trace: [ 33.303344][ T295] [ 33.306107][ T295] dump_stack_lvl+0x151/0x1b7 [ 33.310641][ T295] ? pipe_read+0x5b3/0x1040 [ 33.314962][ T295] ? pipe_read+0x5b3/0x1040 [ 33.319386][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 33.324678][ T295] ? pipe_read+0x5b3/0x1040 [ 33.329014][ T295] dump_stack+0x15/0x1b [ 33.333016][ T295] __schedule_bug+0x195/0x260 [ 33.337518][ T295] ? bpf_bprintf_cleanup+0x48/0x60 [ 33.342465][ T295] ? bpf_trace_printk+0x1be/0x300 [ 33.347328][ T295] ? cpu_util_update_eff+0x10e0/0x10e0 [ 33.352635][ T295] ? bpf_probe_write_user+0xf0/0xf0 [ 33.357658][ T295] ? bpf_trace_run2+0xe9/0x290 [ 33.362258][ T295] __schedule+0xcf7/0x1550 [ 33.366514][ T295] ? bpf_trace_run2+0x138/0x290 [ 33.371198][ T295] ? __sched_text_start+0x8/0x8 [ 33.375883][ T295] ? bpf_trace_run1+0x240/0x240 [ 33.380571][ T295] ? ksys_read+0x24f/0x2c0 [ 33.384829][ T295] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 33.390209][ T295] schedule+0xc3/0x180 [ 33.394109][ T295] exit_to_user_mode_loop+0x4e/0xa0 [ 33.399144][ T295] exit_to_user_mode_prepare+0x5a/0xa0 [ 33.404699][ T295] syscall_exit_to_user_mode+0x26/0x140 [ 33.410080][ T295] do_syscall_64+0x49/0xb0 [ 33.414332][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 33.420060][ T295] RIP: 0033:0x7f00be6fd587 [ 33.424317][ T295] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [pid 367] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 366] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 364] <... bpf resumed>) = 7 [pid 363] exit_group(0 [pid 362] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 367] <... bpf resumed>) = 7 [pid 366] <... bpf resumed>) = 7 [pid 367] exit_group(0 [pid 366] exit_group(0 [pid 367] <... exit_group resumed>) = ? [pid 366] <... exit_group resumed>) = ? [pid 367] +++ exited with 0 +++ [pid 366] +++ exited with 0 +++ [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 364] exit_group(0) = ? [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 304] <... clone resumed>, child_tidptr=0x5555571d4650) = 368 [pid 303] <... clone resumed>, child_tidptr=0x5555571d4650) = 369 [pid 363] <... exit_group resumed>) = ? [pid 362] <... bpf resumed>) = 7 [ 33.443755][ T295] RSP: 002b:00007ffde7539928 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 33.452038][ T295] RAX: 0000000000000127 RBX: 000000000000000b RCX: 00007f00be6fd587 [ 33.459822][ T295] RDX: 0000000000000000 RSI: 000000000000000b RDI: 000000000000000b [ 33.467624][ T295] RBP: 00005653f5b0d7c9 R08: 0000000000000000 R09: 0000000000000000 [ 33.475453][ T295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000400 [ 33.483256][ T295] R13: 000000000000000b R14: 0000000000000000 R15: 00005653f5b06400 [ 33.491063][ T295] [ 33.496261][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 33.507735][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 33.515165][ T297] Modules linked in: [ 33.519112][ T297] Preemption disabled at: [ 33.519120][ T297] [] __lock_task_sighand+0x6b/0x100 [ 33.530008][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 33.541322][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 33.551217][ T297] Call Trace: [ 33.554340][ T297] [ 33.557118][ T297] dump_stack_lvl+0x151/0x1b7 [ 33.561633][ T297] ? __lock_task_sighand+0x6b/0x100 [ 33.566675][ T297] ? __lock_task_sighand+0x6b/0x100 [ 33.571719][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 33.577002][ T297] ? __lock_task_sighand+0x6b/0x100 [ 33.582033][ T297] dump_stack+0x15/0x1b [ 33.586023][ T297] __schedule_bug+0x195/0x260 [ 33.590534][ T297] ? __ia32_sys_waitid+0xd0/0xd0 [ 33.595416][ T297] ? bpf_trace_printk+0x1be/0x300 [ 33.600277][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 33.605571][ T297] ? kernel_waitid+0x520/0x520 [ 33.610174][ T297] __schedule+0xcf7/0x1550 [ 33.614424][ T297] ? __x64_sys_wait4+0x181/0x1e0 [ 33.619199][ T297] ? bpf_trace_run2+0x138/0x290 [ 33.623885][ T297] ? __sched_text_start+0x8/0x8 [ 33.628582][ T297] schedule+0xc3/0x180 [ 33.632490][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 33.637513][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 33.642917][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 33.648316][ T297] do_syscall_64+0x49/0xb0 [ 33.652699][ T297] ? sysvec_call_function_single+0x52/0xb0 [ 33.658326][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 33.664060][ T297] RIP: 0033:0x4d49a6 [ 33.667790][ T297] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 33.687581][ T297] RSP: 002b:00007ffc3b49a498 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [pid 362] exit_group(0./strace-static-x86_64: Process 369 attached ./strace-static-x86_64: Process 368 attached [pid 363] +++ exited with 0 +++ [pid 362] <... exit_group resumed>) = ? [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 302] restart_syscall(<... resuming interrupted clone ...> [pid 364] +++ exited with 0 +++ [pid 302] <... restart_syscall resumed>) = 0 [pid 362] +++ exited with 0 +++ [pid 305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=362, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=364, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 369] set_robust_list(0x5555571d4660, 24 [pid 368] set_robust_list(0x5555571d4660, 24./strace-static-x86_64: Process 370 attached [pid 369] <... set_robust_list resumed>) = 0 [pid 302] <... clone resumed>, child_tidptr=0x5555571d4650) = 370 [pid 370] set_robust_list(0x5555571d4660, 24 [pid 368] <... set_robust_list resumed>) = 0 [pid 370] <... set_robust_list resumed>) = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 370] <... prctl resumed>) = 0 [pid 370] setpgid(0, 0) = 0 [pid 369] <... prctl resumed>) = 0 [pid 368] <... prctl resumed>) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 369] setpgid(0, 0 [pid 368] setpgid(0, 0 [pid 370] <... openat resumed>) = 3 [pid 370] write(3, "1000", 4 [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 370] <... write resumed>) = 4 [pid 370] close(3) = 0 [pid 370] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73./strace-static-x86_64: Process 372 attached ./strace-static-x86_64: Process 371 attached [pid 369] <... setpgid resumed>) = 0 [pid 368] <... setpgid resumed>) = 0 [pid 305] <... clone resumed>, child_tidptr=0x5555571d4650) = 371 [pid 372] set_robust_list(0x5555571d4660, 24 [pid 371] set_robust_list(0x5555571d4660, 24 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] <... clone resumed>, child_tidptr=0x5555571d4650) = 372 [pid 372] <... set_robust_list resumed>) = 0 [pid 370] <... bpf resumed>) = 3 [pid 370] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 368] <... openat resumed>) = 3 [pid 369] <... openat resumed>) = 3 [pid 368] write(3, "1000", 4 [pid 371] <... set_robust_list resumed>) = 0 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 369] write(3, "1000", 4 [pid 368] <... write resumed>) = 4 [pid 371] <... prctl resumed>) = 0 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 369] <... write resumed>) = 4 [pid 368] close(3 [pid 371] setpgid(0, 0 [pid 368] <... close resumed>) = 0 [pid 371] <... setpgid resumed>) = 0 [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 372] <... prctl resumed>) = 0 [pid 369] close(3 [pid 371] <... openat resumed>) = 3 [pid 371] write(3, "1000", 4) = 4 [pid 371] close(3) = 0 [pid 371] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 368] <... bpf resumed>) = 3 [pid 372] setpgid(0, 0 [pid 369] <... close resumed>) = 0 [pid 368] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 372] <... setpgid resumed>) = 0 [pid 369] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 371] <... bpf resumed>) = 3 [pid 371] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 372] write(3, "1000", 4) = 4 [pid 369] <... bpf resumed>) = 3 [pid 372] close(3) = 0 [pid 372] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 369] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 372] <... bpf resumed>) = 3 [pid 372] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 370] <... bpf resumed>) = 4 [pid 372] <... bpf resumed>) = 4 [pid 371] <... bpf resumed>) = 4 [pid 369] <... bpf resumed>) = 4 [pid 368] <... bpf resumed>) = 4 [pid 372] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 371] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 370] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 369] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 368] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 372] <... bpf resumed>) = 5 [pid 371] <... bpf resumed>) = 5 [pid 370] <... bpf resumed>) = 5 [pid 369] <... bpf resumed>) = 5 [pid 368] <... bpf resumed>) = 5 [pid 372] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 371] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 370] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 369] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 368] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 372] <... bpf resumed>) = 0 [pid 371] <... bpf resumed>) = 0 [pid 370] <... bpf resumed>) = 0 [pid 369] <... bpf resumed>) = 0 [pid 368] <... bpf resumed>) = 0 [pid 372] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 371] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 370] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 369] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 372] <... bpf resumed>) = 6 [pid 371] <... bpf resumed>) = 6 [pid 370] <... bpf resumed>) = 6 [pid 369] <... bpf resumed>) = 6 [pid 372] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 371] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 370] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 369] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 368] <... bpf resumed>) = 6 [pid 372] <... bpf resumed>) = 7 [pid 371] <... bpf resumed>) = 7 [pid 370] <... bpf resumed>) = 7 [pid 369] <... bpf resumed>) = 7 [pid 368] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 372] exit_group(0 [pid 371] exit_group(0 [pid 370] exit_group(0 [pid 369] exit_group(0 [pid 368] <... bpf resumed>) = 7 [pid 372] <... exit_group resumed>) = ? [pid 371] <... exit_group resumed>) = ? [pid 370] <... exit_group resumed>) = ? [pid 369] <... exit_group resumed>) = ? [pid 368] exit_group(0 [pid 372] +++ exited with 0 +++ [pid 370] +++ exited with 0 +++ [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 302] restart_syscall(<... resuming interrupted clone ...> [pid 371] +++ exited with 0 +++ [pid 302] <... restart_syscall resumed>) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 373 attached [pid 368] <... exit_group resumed>) = ? [pid 302] <... clone resumed>, child_tidptr=0x5555571d4650) = 373 [pid 305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 373] set_robust_list(0x5555571d4660, 24 [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 373] <... set_robust_list resumed>) = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 373] setpgid(0, 0 [ 33.695828][ T297] RAX: 0000000000000171 RBX: 00000000011c32f8 RCX: 00000000004d49a6 [ 33.703637][ T297] RDX: 0000000040000000 RSI: 00007ffc3b49a4bc RDI: 00000000ffffffff [ 33.711456][ T297] RBP: 0000000000000000 R08: 0000000000000017 R09: 0000000000000001 [ 33.719258][ T297] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000011cb5a0 [ 33.727073][ T297] R13: 0000000000000000 R14: 00007ffc3b49a4bc R15: 0000000000617180 [ 33.734901][ T297] [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 373] <... setpgid resumed>) = 0 [ 33.773724][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 33.785141][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 33.792781][ T297] Modules linked in: [ 33.796556][ T297] Preemption disabled at: [ 33.796561][ T297] [] remove_wait_queue+0x26/0x140 [ 33.807081][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 33.818448][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 33.828334][ T297] Call Trace: [ 33.831459][ T297] [ 33.834236][ T297] dump_stack_lvl+0x151/0x1b7 [ 33.838750][ T297] ? remove_wait_queue+0x26/0x140 [ 33.843613][ T297] ? remove_wait_queue+0x26/0x140 [ 33.848481][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 33.853767][ T297] ? remove_wait_queue+0x26/0x140 [ 33.858638][ T297] dump_stack+0x15/0x1b [ 33.862617][ T297] __schedule_bug+0x195/0x260 [ 33.867135][ T297] ? __ia32_sys_waitid+0xd0/0xd0 [ 33.871904][ T297] ? bpf_trace_printk+0x1be/0x300 [ 33.876768][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 33.882061][ T297] ? kernel_waitid+0x520/0x520 [ 33.886666][ T297] __schedule+0xcf7/0x1550 [ 33.890914][ T297] ? __x64_sys_wait4+0x181/0x1e0 [ 33.895688][ T297] ? bpf_trace_run2+0x138/0x290 [ 33.900384][ T297] ? __sched_text_start+0x8/0x8 [ 33.905067][ T297] schedule+0xc3/0x180 [ 33.908971][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 33.914001][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 33.919405][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 33.924794][ T297] do_syscall_64+0x49/0xb0 [ 33.929038][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 33.934775][ T297] RIP: 0033:0x4d49a6 [ 33.938499][ T297] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 33.958044][ T297] RSP: 002b:00007ffc3b49a498 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 33.966289][ T297] RAX: 0000000000000177 RBX: 0000000000000003 RCX: 00000000004d49a6 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 375 attached ./strace-static-x86_64: Process 374 attached ) = 3 [pid 305] <... clone resumed>, child_tidptr=0x5555571d4650) = 374 [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3) = 0 [pid 373] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 301] <... clone resumed>, child_tidptr=0x5555571d4650) = 375 [pid 368] +++ exited with 0 +++ [pid 373] <... bpf resumed>) = 3 [pid 373] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16) = 4 [pid 373] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 375] set_robust_list(0x5555571d4660, 24 [pid 374] set_robust_list(0x5555571d4660, 24 [pid 373] <... bpf resumed>) = 5 [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 373] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 373] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 375] <... set_robust_list resumed>) = 0 [pid 374] <... set_robust_list resumed>) = 0 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 373] <... bpf resumed>) = 6 [pid 373] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 304] <... clone resumed>, child_tidptr=0x5555571d4650) = 376 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 374] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 376 attached [pid 375] <... prctl resumed>) = 0 [pid 374] setpgid(0, 0) = 0 [pid 376] set_robust_list(0x5555571d4660, 24 [pid 375] setpgid(0, 0 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 376] <... set_robust_list resumed>) = 0 [pid 375] <... setpgid resumed>) = 0 [pid 374] <... openat resumed>) = 3 [pid 374] write(3, "1000", 4) = 4 [pid 374] close(3) = 0 [pid 374] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 376] <... prctl resumed>) = 0 [pid 375] <... openat resumed>) = 3 [pid 374] <... bpf resumed>) = 3 [pid 376] setpgid(0, 0 [pid 375] write(3, "1000", 4 [pid 374] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 376] <... setpgid resumed>) = 0 [pid 375] <... write resumed>) = 4 [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 375] close(3 [pid 376] <... openat resumed>) = 3 [pid 375] <... close resumed>) = 0 [pid 376] write(3, "1000", 4 [pid 375] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 376] <... write resumed>) = 4 [pid 376] close(3) = 0 [pid 375] <... bpf resumed>) = 3 [pid 376] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 375] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 376] <... bpf resumed>) = 3 [pid 376] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 369] +++ exited with 0 +++ [pid 373] <... bpf resumed>) = 7 [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 374] <... bpf resumed>) = 4 [pid 303] restart_syscall(<... resuming interrupted clone ...> [pid 375] <... bpf resumed>) = 4 [pid 374] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 373] exit_group(0 [pid 376] <... bpf resumed>) = 4 [pid 375] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 374] <... bpf resumed>) = 5 [pid 373] <... exit_group resumed>) = ? [pid 303] <... restart_syscall resumed>) = 0 [pid 376] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 374] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 373] +++ exited with 0 +++ [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 376] <... bpf resumed>) = 5 [pid 375] <... bpf resumed>) = 5 [pid 374] <... bpf resumed>) = 0 ./strace-static-x86_64: Process 377 attached [pid 376] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 375] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 374] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 377] set_robust_list(0x5555571d4660, 24 [pid 376] <... bpf resumed>) = 0 [pid 375] <... bpf resumed>) = 0 [pid 303] <... clone resumed>, child_tidptr=0x5555571d4650) = 377 [pid 374] <... bpf resumed>) = 6 [pid 376] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 375] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 377] <... set_robust_list resumed>) = 0 [pid 374] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 376] <... bpf resumed>) = 6 [pid 302] <... clone resumed>, child_tidptr=0x5555571d4650) = 378 [pid 376] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 375] <... bpf resumed>) = 6 [pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 375] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 377] <... prctl resumed>) = 0 [pid 377] setpgid(0, 0) = 0 [pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 378 attached ) = 3 [pid 378] set_robust_list(0x5555571d4660, 24 [pid 377] write(3, "1000", 4 [pid 378] <... set_robust_list resumed>) = 0 [pid 377] <... write resumed>) = 4 [pid 377] close(3) = 0 [pid 377] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setpgid(0, 0) = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 377] <... bpf resumed>) = 3 [pid 378] write(3, "1000", 4) = 4 [pid 377] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 378] close(3) = 0 [pid 378] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 378] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 374] <... bpf resumed>) = 7 [pid 376] <... bpf resumed>) = 7 [ 33.974107][ T297] RDX: 0000000040000001 RSI: 00007ffc3b49a4bc RDI: 00000000ffffffff [ 33.981916][ T297] RBP: 00000000011c50e0 R08: 0000000000000000 R09: 0000000000000000 [ 33.989848][ T297] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000011cb3f0 [ 33.997667][ T297] R13: 000000000000012f R14: 00007ffc3b49a4bc R15: 0000000000617180 [ 34.005476][ T297] [pid 375] <... bpf resumed>) = 7 [ 34.048911][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 34.060358][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 34.067945][ T297] Modules linked in: [ 34.071643][ T297] Preemption disabled at: [ 34.071649][ T297] [] remove_wait_queue+0x26/0x140 [ 34.082363][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 34.093722][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 34.103602][ T297] Call Trace: [ 34.106724][ T297] [ 34.109504][ T297] dump_stack_lvl+0x151/0x1b7 [ 34.114013][ T297] ? remove_wait_queue+0x26/0x140 [ 34.118874][ T297] ? remove_wait_queue+0x26/0x140 [ 34.123737][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 34.129038][ T297] ? remove_wait_queue+0x26/0x140 [ 34.133920][ T297] dump_stack+0x15/0x1b [ 34.137885][ T297] __schedule_bug+0x195/0x260 [ 34.142397][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 34.147781][ T297] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 34.153262][ T297] ? _raw_spin_lock+0x1b0/0x1b0 [ 34.157932][ T297] __schedule+0xcf7/0x1550 [ 34.162199][ T297] ? __lock_task_sighand+0xde/0x100 [ 34.167224][ T297] ? __sched_text_start+0x8/0x8 [ 34.171908][ T297] ? __kasan_check_write+0x14/0x20 [ 34.176958][ T297] ? __se_sys_ptrace+0x3b2/0x410 [ 34.181725][ T297] schedule+0xc3/0x180 [ 34.185660][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 34.190670][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 34.195958][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 34.201343][ T297] do_syscall_64+0x49/0xb0 [ 34.205600][ T297] ? sysvec_call_function_single+0x52/0xb0 [ 34.211243][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 34.216971][ T297] RIP: 0033:0x4e6c1a [ 34.220697][ T297] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 34.240140][ T297] RSP: 002b:00007ffc3b49a370 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [pid 378] <... bpf resumed>) = 4 [pid 377] <... bpf resumed>) = 4 [pid 376] exit_group(0 [pid 374] exit_group(0 [pid 375] exit_group(0 [pid 376] <... exit_group resumed>) = ? [pid 374] <... exit_group resumed>) = ? [pid 378] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 377] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 376] +++ exited with 0 +++ [pid 375] <... exit_group resumed>) = ? [pid 378] <... bpf resumed>) = 5 [pid 377] <... bpf resumed>) = 5 [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 378] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 378] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [ 34.248380][ T297] RAX: 0000000000000021 RBX: 00000000011c5380 RCX: 00000000004e6c1a [ 34.256194][ T297] RDX: 0000000000000058 RSI: 000000000000017a RDI: 000000000000420e [ 34.264092][ T297] RBP: 00000000011c5380 R08: 000000000000420d R09: 0000000000000000 [ 34.271903][ T297] R10: 000000000063c820 R11: 0000000000000206 R12: 00000000011c5380 [ 34.279714][ T297] R13: 00007ffc3b49a410 R14: 000000000000857f R15: 0000000000617180 [ 34.287532][ T297] [ 34.293896][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 34.297885][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 34.305400][ T305] BUG: scheduling while atomic: syz-executor246/305/0x00000002 [ 34.316777][ T297] BUG: scheduling while atomic: strace-static-x/297/0x00000002 [ 34.324109][ T305] Modules linked in: [ 34.324118][ T305] Preemption disabled at: [ 34.324122][ T305] [] ptrace_stop+0x57e/0x930 [ 34.331478][ T297] Modules linked in: [ 34.335198][ T305] CPU: 0 PID: 305 Comm: syz-executor246 Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 34.339378][ T297] Preemption disabled at: [ 34.345350][ T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 34.349093][ T297] [] __lock_task_sighand+0x6b/0x100 [ 34.360453][ T305] Call Trace: [ 34.360460][ T305] [ 34.360467][ T305] dump_stack_lvl+0x151/0x1b7 [ 34.391533][ T305] ? ptrace_stop+0x57e/0x930 [ 34.395955][ T305] ? ptrace_stop+0x57e/0x930 [ 34.400381][ T305] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 34.405678][ T305] ? ptrace_stop+0x57e/0x930 [ 34.410104][ T305] dump_stack+0x15/0x1b [ 34.414095][ T305] __schedule_bug+0x195/0x260 [ 34.418614][ T305] ? __kasan_check_read+0x11/0x20 [ 34.423467][ T305] ? rb_commit+0x732/0x780 [ 34.427725][ T305] ? cpu_util_update_eff+0x10e0/0x10e0 [ 34.433024][ T305] ? ktime_get+0x12f/0x160 [ 34.437271][ T305] __schedule+0xcf7/0x1550 [ 34.441528][ T305] ? hrtimer_reprogram+0x389/0x430 [ 34.446472][ T305] ? __sched_text_start+0x8/0x8 [ 34.451170][ T305] schedule+0xc3/0x180 [ 34.455061][ T305] do_nanosleep+0x149/0x580 [ 34.459410][ T305] ? usleep_range_state+0x160/0x160 [ 34.464435][ T305] ? hrtimer_init_sleeper+0x3b/0x1a0 [ 34.469557][ T305] ? hrtimer_nanosleep+0x107/0x3f0 [ 34.474504][ T305] hrtimer_nanosleep+0x1c5/0x3f0 [ 34.479278][ T305] ? nanosleep_copyout+0x120/0x120 [ 34.484227][ T305] ? __remove_hrtimer+0x4d0/0x4d0 [ 34.489089][ T305] ? get_timespec64+0x197/0x270 [ 34.493775][ T305] ? timespec64_add_safe+0x220/0x220 [ 34.498894][ T305] common_nsleep+0x91/0xb0 [ 34.503149][ T305] __se_sys_clock_nanosleep+0x323/0x3b0 [ 34.508540][ T305] ? __x64_sys_clock_nanosleep+0xb0/0xb0 [ 34.513994][ T305] ? __bpf_trace_sys_enter+0x62/0x70 [ 34.519124][ T305] __x64_sys_clock_nanosleep+0x9b/0xb0 [ 34.524586][ T305] do_syscall_64+0x3d/0xb0 [ 34.528839][ T305] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 34.534570][ T305] RIP: 0033:0x7fc14ffd6483 [ 34.538821][ T305] Code: 00 00 00 00 00 66 90 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d fe 1b 05 00 00 74 14 b8 e6 00 00 00 0f 05 d8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 [ 34.558348][ T305] RSP: 002b:00007fff396dc1b8 EFLAGS: 00000202 ORIG_RAX: 00000000000000e6 [ 34.566593][ T305] RAX: ffffffffffffffda RBX: 0000000000000176 RCX: 00007fc14ffd6483 [ 34.574402][ T305] RDX: 00007fff396dc1d0 RSI: 0000000000000000 RDI: 0000000000000000 [ 34.582213][ T305] RBP: 00000000000f4240 R08: 00007fff397f8080 R09: 00007fff397f80b0 [ 34.590025][ T305] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000000084c8 [ 34.597844][ T305] R13: 00007fff396dc20c R14: 00007fff396dc220 R15: 00007fff396dc210 [ 34.605656][ T305] [ 34.608519][ T297] CPU: 1 PID: 297 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 34.619887][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 34.629786][ T297] Call Trace: [ 34.632903][ T297] [ 34.635681][ T297] dump_stack_lvl+0x151/0x1b7 [ 34.640195][ T297] ? __lock_task_sighand+0x6b/0x100 [ 34.645313][ T297] ? __lock_task_sighand+0x6b/0x100 [ 34.650436][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 34.655733][ T297] ? __lock_task_sighand+0x6b/0x100 [ 34.660764][ T297] dump_stack+0x15/0x1b [ 34.664763][ T297] __schedule_bug+0x195/0x260 [ 34.669270][ T297] ? bpf_trace_printk+0x1be/0x300 [ 34.674131][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 34.679425][ T297] __schedule+0xcf7/0x1550 [ 34.683680][ T297] ? __sched_text_start+0x8/0x8 [ 34.688365][ T297] ? __se_sys_ptrace+0x3b2/0x410 [ 34.693136][ T297] schedule+0xc3/0x180 [ 34.697043][ T297] exit_to_user_mode_loop+0x4e/0xa0 [ 34.702078][ T297] exit_to_user_mode_prepare+0x5a/0xa0 [ 34.707382][ T297] syscall_exit_to_user_mode+0x26/0x140 [ 34.713275][ T297] do_syscall_64+0x49/0xb0 [ 34.717527][ T297] ? sysvec_call_function_single+0x52/0xb0 [ 34.723172][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 34.728895][ T297] RIP: 0033:0x4e815a [ 34.732629][ T297] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 78 0c 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 36 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 b8 ff ff ff f7 [ 34.752590][ T297] RSP: 002b:00007ffc3b49a2e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 34.760837][ T297] RAX: 0000000000001000 RBX: 0000000020000000 RCX: 00000000004e815a [ 34.768652][ T297] RDX: 0000000000000001 RSI: 00007ffc3b49a310 RDI: 000000000000017a [ 34.776459][ T297] RBP: 000000000063c8a0 R08: 0000000000000001 R09: 0000000000000000 [ 34.784271][ T297] R10: 00007ffc3b49a320 R11: 0000000000000246 R12: 0000000000000000 [ 34.792081][ T297] R13: 00000000200001c0 R14: 00000000011c7010 R15: 00000000011ca2c0 [pid 378] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 377] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 375] +++ exited with 0 +++ [pid 374] +++ exited with 0 +++ [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 377] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 380 attached ) = 6 [pid 305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=374, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 304] <... clone resumed>, child_tidptr=0x5555571d4650) = 380 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 377] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 381 attached [pid 380] set_robust_list(0x5555571d4660, 24) = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 305] <... clone resumed>, child_tidptr=0x5555571d4650) = 381 ./strace-static-x86_64: Process 382 attached [pid 381] set_robust_list(0x5555571d4660, 24 [pid 380] <... openat resumed>) = 3 [pid 301] <... clone resumed>, child_tidptr=0x5555571d4650) = 382 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 382] set_robust_list(0x5555571d4660, 24 [pid 381] <... set_robust_list resumed>) = 0 [pid 382] <... set_robust_list resumed>) = 0 [pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 381] <... prctl resumed>) = 0 [pid 382] <... prctl resumed>) = 0 [pid 381] setpgid(0, 0 [pid 380] <... bpf resumed>) = 3 [pid 380] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 382] setpgid(0, 0 [pid 381] <... setpgid resumed>) = 0 [pid 382] <... setpgid resumed>) = 0 [pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 381] write(3, "1000", 4) = 4 [pid 381] close(3) = 0 [pid 381] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 382] <... openat resumed>) = 3 [pid 382] write(3, "1000", 4 [pid 381] <... bpf resumed>) = 3 [pid 382] <... write resumed>) = 4 [pid 381] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 382] close(3 [pid 378] <... bpf resumed>) = 7 [pid 377] <... bpf resumed>) = 7 [pid 378] exit_group(0 [pid 382] <... close resumed>) = 0 [pid 380] <... bpf resumed>) = 4 [ 34.799897][ T297] [ 34.818315][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000102, exited with 00000101? [ 34.829732][ T295] BUG: scheduling while atomic: sshd/295/0x00000002 [ 34.836104][ T295] Modules linked in: [ 34.839999][ T295] Preemption disabled at: [ 34.840007][ T295] [] release_sock+0x30/0x1b0 [ 34.850169][ T295] CPU: 1 PID: 295 Comm: sshd Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 34.860655][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 34.870544][ T295] Call Trace: [ 34.873666][ T295] [ 34.876446][ T295] dump_stack_lvl+0x151/0x1b7 [ 34.880955][ T295] ? release_sock+0x30/0x1b0 [ 34.885378][ T295] ? release_sock+0x30/0x1b0 [ 34.889985][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 34.895283][ T295] ? release_sock+0x30/0x1b0 [ 34.899713][ T295] dump_stack+0x15/0x1b [ 34.903702][ T295] __schedule_bug+0x195/0x260 [ 34.908206][ T295] ? try_to_wake_up+0x670/0x1220 [ 34.912984][ T295] ? cpu_util_update_eff+0x10e0/0x10e0 [ 34.918279][ T295] ? cpu_curr_snapshot+0x90/0x90 [ 34.923054][ T295] __schedule+0xcf7/0x1550 [ 34.927307][ T295] ? wake_up_process+0x10/0x20 [ 34.931903][ T295] ? raise_softirq_irqoff+0x37/0x40 [ 34.936937][ T295] ? rcu_read_unlock_special+0x3f2/0x4e0 [ 34.942409][ T295] ? __sched_text_start+0x8/0x8 [ 34.947094][ T295] ? __rcu_read_unlock+0xd0/0xd0 [ 34.951867][ T295] ? ksys_write+0x24f/0x2c0 [ 34.956209][ T295] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 34.961585][ T295] schedule+0xc3/0x180 [ 34.965496][ T295] exit_to_user_mode_loop+0x4e/0xa0 [ 34.970530][ T295] exit_to_user_mode_prepare+0x5a/0xa0 [ 34.975833][ T295] syscall_exit_to_user_mode+0x26/0x140 [ 34.981199][ T295] do_syscall_64+0x49/0xb0 [ 34.985457][ T295] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 34.991114][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 34.996824][ T295] RIP: 0033:0x7f00be6fd587 [ 35.001081][ T295] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 35.020522][ T295] RSP: 002b:00007ffde7539408 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 35.028768][ T295] RAX: 0000000000000127 RBX: 0000000000000000 RCX: 00007f00be6fd587 [ 35.036578][ T295] RDX: 0000000000000b29 RSI: 00005653f4ae7fe0 RDI: 00005653f4ae5937 [ 35.044386][ T295] RBP: 00005653f4ae6e06 R08: 0000000000000006 R09: 0000000000000000 [pid 378] <... exit_group resumed>) = ? [pid 377] exit_group(0 [pid 382] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 380] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 377] <... exit_group resumed>) = ? [pid 382] <... bpf resumed>) = 3 [pid 380] <... bpf resumed>) = 5 [pid 382] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 380] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 380] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 380] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 382] <... bpf resumed>) = 4 [pid 381] <... bpf resumed>) = 4 [pid 377] +++ exited with 0 +++ [pid 382] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 381] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=377, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 382] <... bpf resumed>) = 5 [pid 382] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 381] <... bpf resumed>) = 5 [pid 382] <... bpf resumed>) = 0 [pid 381] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 382] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 381] <... bpf resumed>) = 0 [pid 382] <... bpf resumed>) = 6 [pid 381] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 382] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 381] <... bpf resumed>) = 6 ./strace-static-x86_64: Process 383 attached [pid 381] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 383] set_robust_list(0x5555571d4660, 24 [pid 303] <... clone resumed>, child_tidptr=0x5555571d4650) = 383 [pid 383] <... set_robust_list resumed>) = 0 [pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 383] setpgid(0, 0) = 0 [pid 383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 383] write(3, "1000", 4) = 4 [pid 383] close(3) = 0 [pid 383] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 383] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [ 35.052205][ T295] R10: 00005653f4ae6e06 R11: 0000000000000246 R12: 00005653f4ae5937 [ 35.060102][ T295] R13: 00005653f4ae7fe0 R14: 00005653f5b05e30 R15: 00007ffde7539990 [ 35.067914][ T295] [ 35.088177][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 35.099606][ T295] BUG: scheduling while atomic: sshd/295/0x00000002 [ 35.105979][ T295] Modules linked in: [ 35.109776][ T295] Preemption disabled at: [ 35.109786][ T295] [] schedule+0xbc/0x180 [ 35.119608][ T295] CPU: 1 PID: 295 Comm: sshd Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 35.129935][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 35.139828][ T295] Call Trace: [ 35.142962][ T295] [ 35.145737][ T295] dump_stack_lvl+0x151/0x1b7 [ 35.150242][ T295] ? schedule+0xbc/0x180 [ 35.154324][ T295] ? schedule+0xbc/0x180 [ 35.158404][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 35.163697][ T295] ? schedule+0xbc/0x180 [ 35.167775][ T295] dump_stack+0x15/0x1b [ 35.171765][ T295] __schedule_bug+0x195/0x260 [ 35.176281][ T295] ? try_to_wake_up+0x670/0x1220 [ 35.181054][ T295] ? cpu_util_update_eff+0x10e0/0x10e0 [ 35.186352][ T295] ? cpu_curr_snapshot+0x90/0x90 [ 35.191128][ T295] __schedule+0xcf7/0x1550 [ 35.195372][ T295] ? wake_up_process+0x10/0x20 [ 35.199976][ T295] ? raise_softirq_irqoff+0x37/0x40 [ 35.205010][ T295] ? rcu_read_unlock_special+0x3f2/0x4e0 [ 35.210567][ T295] ? __sched_text_start+0x8/0x8 [ 35.215252][ T295] ? __rcu_read_unlock+0xd0/0xd0 [ 35.220019][ T295] ? ksys_read+0x24f/0x2c0 [ 35.224280][ T295] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 35.229656][ T295] schedule+0xc3/0x180 [ 35.233567][ T295] exit_to_user_mode_loop+0x4e/0xa0 [ 35.238605][ T295] exit_to_user_mode_prepare+0x5a/0xa0 [ 35.243975][ T295] syscall_exit_to_user_mode+0x26/0x140 [ 35.249358][ T295] do_syscall_64+0x49/0xb0 [ 35.253612][ T295] ? sysvec_call_function_single+0x52/0xb0 [ 35.259257][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 35.264982][ T295] RIP: 0033:0x7f00be6fd587 [ 35.269240][ T295] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 35.288682][ T295] RSP: 002b:00007ffde7539408 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 35.296922][ T295] RAX: 0000000000000127 RBX: 0000000000000000 RCX: 00007f00be6fd587 [pid 380] <... bpf resumed>) = 7 [pid 383] <... bpf resumed>) = 4 [pid 382] <... bpf resumed>) = 7 [pid 381] <... bpf resumed>) = 7 [pid 380] exit_group(0 [pid 378] +++ exited with 0 +++ [pid 383] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 382] exit_group(0 [pid 381] exit_group(0 [pid 380] <... exit_group resumed>) = ? [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 383] <... bpf resumed>) = 5 [pid 382] <... exit_group resumed>) = ? [pid 381] <... exit_group resumed>) = ? [pid 380] +++ exited with 0 +++ [pid 383] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 383] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 302] <... clone resumed>, child_tidptr=0x5555571d4650) = 384 [pid 383] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=380, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 385 ./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x5555571d4660, 24) = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 385] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16./strace-static-x86_64: Process 384 attached [pid 384] set_robust_list(0x5555571d4660, 24) = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] setpgid(0, 0) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 384] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 382] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 387 attached , child_tidptr=0x5555571d4650) = 387 [pid 387] set_robust_list(0x5555571d4660, 24) = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 387] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 381] +++ exited with 0 +++ [pid 387] <... bpf resumed>) = 4 [pid 385] <... bpf resumed>) = 4 [ 35.304731][ T295] RDX: 0000000000000b29 RSI: 00005653f4ae7fe0 RDI: 00005653f4ae5937 [ 35.312543][ T295] RBP: 00005653f4ae6e06 R08: 0000000000000006 R09: 0000000000000000 [ 35.320354][ T295] R10: 00005653f4ae6e06 R11: 0000000000000246 R12: 00005653f4ae5937 [ 35.328164][ T295] R13: 00005653f4ae7fe0 R14: 00005653f5b05e30 R15: 00007ffde7539990 [ 35.335985][ T295] [pid 384] <... bpf resumed>) = 4 [pid 383] <... bpf resumed>) = 7 [pid 305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=381, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 385] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 384] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 383] exit_group(0 [pid 385] <... bpf resumed>) = 5 [pid 384] <... bpf resumed>) = 5 [pid 383] <... exit_group resumed>) = ? [pid 385] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 384] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [ 35.358438][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 35.370912][ T295] BUG: scheduling while atomic: sshd/295/0x00000002 [ 35.377364][ T295] Modules linked in: [ 35.381053][ T295] Preemption disabled at: [ 35.381062][ T295] [] __set_current_blocked+0x11b/0x2f0 [ 35.392116][ T295] CPU: 1 PID: 295 Comm: sshd Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 35.402498][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 35.412386][ T295] Call Trace: [ 35.415509][ T295] [ 35.418290][ T295] dump_stack_lvl+0x151/0x1b7 [ 35.422799][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 35.428096][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 35.433386][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 35.438686][ T295] ? __set_current_blocked+0x11b/0x2f0 [ 35.443976][ T295] dump_stack+0x15/0x1b [ 35.447969][ T295] __schedule_bug+0x195/0x260 [ 35.452489][ T295] ? cpu_util_update_eff+0x10e0/0x10e0 [ 35.458037][ T295] ? __kasan_check_write+0x14/0x20 [ 35.462983][ T295] __schedule+0xcf7/0x1550 [ 35.467237][ T295] ? timerqueue_add+0x250/0x270 [ 35.471924][ T295] ? __sched_text_start+0x8/0x8 [ 35.476613][ T295] schedule+0xc3/0x180 [ 35.480517][ T295] schedule_hrtimeout_range_clock+0x1ef/0x360 [ 35.486422][ T295] ? hrtimer_nanosleep_restart+0x170/0x170 [ 35.492059][ T295] ? add_wait_queue+0x189/0x1c0 [ 35.496750][ T295] ? __remove_hrtimer+0x4d0/0x4d0 [ 35.501606][ T295] ? __pollwait+0x2f5/0x3f0 [ 35.505946][ T295] ? poll_initwait+0x160/0x160 [ 35.510547][ T295] schedule_hrtimeout_range+0x2a/0x40 [ 35.515759][ T295] do_sys_poll+0xdd7/0x1230 [ 35.520099][ T295] ? poll_select_finish+0x7b0/0x7b0 [ 35.525132][ T295] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 35.530946][ T295] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 35.536759][ T295] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 35.542575][ T295] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 35.548396][ T295] ? _raw_spin_lock_irqsave+0x210/0x210 [ 35.553771][ T295] ? __kasan_check_write+0x14/0x20 [ 35.558718][ T295] ? recalc_sigpending+0x164/0x1c0 [ 35.563667][ T295] ? _raw_spin_unlock_irq+0x4d/0x70 [ 35.568706][ T295] ? sigprocmask+0x280/0x280 [ 35.573126][ T295] __se_sys_ppoll+0x29c/0x330 [ 35.577640][ T295] ? __x64_sys_ppoll+0xd0/0xd0 [ 35.582241][ T295] ? __bpf_trace_sys_enter+0x62/0x70 [ 35.587360][ T295] __x64_sys_ppoll+0xbf/0xd0 [ 35.591787][ T295] do_syscall_64+0x3d/0xb0 [ 35.596039][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 35.601767][ T295] RIP: 0033:0x7f00be719ad5 [ 35.606021][ T295] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 [ 35.625462][ T295] RSP: 002b:00007ffde7539ac0 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 35.633709][ T295] RAX: ffffffffffffffda RBX: 00000000000668a0 RCX: 00007f00be719ad5 [ 35.641518][ T295] RDX: 00007ffde7539ae0 RSI: 0000000000000004 RDI: 00005653f5b0c800 [ 35.649329][ T295] RBP: 00005653f5b0b3d0 R08: 0000000000000008 R09: 0000000000000000 [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 385] <... bpf resumed>) = 0 [pid 384] <... bpf resumed>) = 0 [pid 385] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 384] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 305] <... clone resumed>, child_tidptr=0x5555571d4650) = 388 ./strace-static-x86_64: Process 388 attached [pid 388] set_robust_list(0x5555571d4660, 24) = 0 [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 388] setpgid(0, 0) = 0 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 388] write(3, "1000", 4) = 4 [pid 388] close(3) = 0 [pid 388] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 385] <... bpf resumed>) = 6 [pid 384] <... bpf resumed>) = 6 [pid 388] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 385] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 384] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 387] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 383] +++ exited with 0 +++ [pid 387] <... bpf resumed>) = 5 [pid 387] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=383, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 387] <... bpf resumed>) = 0 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 387] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 389 attached [pid 389] set_robust_list(0x5555571d4660, 24 [pid 387] <... bpf resumed>) = 6 [pid 303] <... clone resumed>, child_tidptr=0x5555571d4650) = 389 [pid 389] <... set_robust_list resumed>) = 0 [pid 387] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 389] setpgid(0, 0) = 0 [pid 389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 389] write(3, "1000", 4) = 4 [pid 389] close(3) = 0 [pid 389] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 389] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 385] <... bpf resumed>) = 7 [pid 388] <... bpf resumed>) = 4 [pid 389] <... bpf resumed>) = 4 [pid 388] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 387] <... bpf resumed>) = 7 [pid 385] exit_group(0 [pid 384] <... bpf resumed>) = 7 [pid 389] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 388] <... bpf resumed>) = 5 [pid 387] exit_group(0 [pid 385] <... exit_group resumed>) = ? [pid 384] exit_group(0 [pid 389] <... bpf resumed>) = 5 [pid 388] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 387] <... exit_group resumed>) = ? [pid 389] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 388] <... bpf resumed>) = 0 [pid 385] +++ exited with 0 +++ [pid 384] <... exit_group resumed>) = ? [ 35.657140][ T295] R10: 00007ffde7539bc8 R11: 0000000000000246 R12: 00005653f4adcaa4 [ 35.664954][ T295] R13: 0000000000000001 R14: 00005653f4add3e8 R15: 00007ffde7539b48 [ 35.672770][ T295] [ 35.701541][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 35.712960][ T295] BUG: scheduling while atomic: sshd/295/0x00000002 [ 35.719474][ T295] Modules linked in: [ 35.723179][ T295] Preemption disabled at: [ 35.723189][ T295] [] release_sock+0x30/0x1b0 [ 35.733340][ T295] CPU: 1 PID: 295 Comm: sshd Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 35.743740][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 35.753641][ T295] Call Trace: [ 35.756760][ T295] [ 35.759537][ T295] dump_stack_lvl+0x151/0x1b7 [ 35.764050][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 35.769345][ T295] ? kasan_check_range+0x266/0x2a0 [ 35.774294][ T295] ? release_sock+0x30/0x1b0 [ 35.778718][ T295] dump_stack+0x15/0x1b [ 35.782712][ T295] __schedule_bug+0x195/0x260 [ 35.787225][ T295] ? cpu_util_update_eff+0x10e0/0x10e0 [ 35.792530][ T295] __schedule+0xcf7/0x1550 [ 35.796774][ T295] ? __kasan_check_read+0x11/0x20 [ 35.801631][ T295] ? _copy_to_user+0x74/0x90 [ 35.806064][ T295] ? __sched_text_start+0x8/0x8 [ 35.810745][ T295] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 35.816213][ T295] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 35.821598][ T295] schedule+0xc3/0x180 [ 35.825502][ T295] exit_to_user_mode_loop+0x4e/0xa0 [ 35.830622][ T295] exit_to_user_mode_prepare+0x5a/0xa0 [ 35.835915][ T295] syscall_exit_to_user_mode+0x26/0x140 [ 35.841296][ T295] do_syscall_64+0x49/0xb0 [ 35.845549][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 35.851277][ T295] RIP: 0033:0x7f00be6c2773 [ 35.855531][ T295] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 35.875153][ T295] RSP: 002b:00007ffde7539ae0 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 35.883399][ T295] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f00be6c2773 [ 35.891209][ T295] RDX: 00007ffde7539bc8 RSI: 00007ffde7539b48 RDI: 0000000000000000 [pid 389] <... bpf resumed>) = 0 [pid 388] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 388] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d4650) = 390 ./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x5555571d4660, 24) = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 390] setpgid(0, 0) = 0 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 390] write(3, "1000", 4) = 4 [pid 390] close(3) = 0 [pid 390] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 390] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 389] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 389] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 384] +++ exited with 0 +++ [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=384, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 302] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 391 attached , child_tidptr=0x5555571d4650) = 391 [pid 391] set_robust_list(0x5555571d4660, 24) = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 391] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 390] <... bpf resumed>) = 4 [pid 388] <... bpf resumed>) = 7 [pid 389] <... bpf resumed>) = 7 [pid 387] +++ exited with 0 +++ [pid 391] <... bpf resumed>) = 4