./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor303404587 <...> Warning: Permanently added '10.128.0.18' (ED25519) to the list of known hosts. execve("./syz-executor303404587", ["./syz-executor303404587"], 0x7ffc90176940 /* 10 vars */) = 0 brk(NULL) = 0x555557135000 brk(0x555557135d00) = 0x555557135d00 arch_prctl(ARCH_SET_FS, 0x555557135380) = 0 set_tid_address(0x555557135650) = 303 set_robust_list(0x555557135660, 24) = 0 rseq(0x555557135ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor303404587", 4096) = 27 getrandom("\x0d\x7d\x67\x29\xfb\x0c\x5e\x55", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557135d00 brk(0x555557156d00) = 0x555557156d00 brk(0x555557157000) = 0x555557157000 mprotect(0x7fd637c0b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557135650) = 304 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x555557135660, 24) = 0 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 303] <... clone resumed>, child_tidptr=0x555557135650) = 306 [pid 304] <... clone resumed>, child_tidptr=0x555557135650) = 305 ./strace-static-x86_64: Process 306 attached ./strace-static-x86_64: Process 305 attached [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 306] set_robust_list(0x555557135660, 24 [pid 305] set_robust_list(0x555557135660, 24) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 303] <... clone resumed>, child_tidptr=0x555557135650) = 307 [pid 306] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 307 attached [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 308 attached [pid 307] set_robust_list(0x555557135660, 24 [pid 305] <... openat resumed>) = 3 [pid 303] <... clone resumed>, child_tidptr=0x555557135650) = 308 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 309 attached [pid 308] set_robust_list(0x555557135660, 24 [pid 307] <... set_robust_list resumed>) = 0 [pid 305] write(3, "1000", 4 [pid 306] <... clone resumed>, child_tidptr=0x555557135650) = 309 [pid 303] <... clone resumed>, child_tidptr=0x555557135650) = 310 [pid 305] <... write resumed>) = 4 ./strace-static-x86_64: Process 310 attached [pid 305] close(3) = 0 [pid 305] write(1, "executing program\n", 18 [pid 310] set_robust_list(0x555557135660, 24 [pid 309] set_robust_list(0x555557135660, 24 [pid 308] <... set_robust_list resumed>) = 0 executing program [pid 308] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 307] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 310] <... set_robust_list resumed>) = 0 [pid 309] <... set_robust_list resumed>) = 0 [pid 305] <... write resumed>) = 18 [pid 305] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x555557135660, 24 [pid 309] <... prctl resumed>) = 0 [pid 307] <... clone resumed>, child_tidptr=0x555557135650) = 311 [pid 305] <... bpf resumed>) = 3 [pid 305] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 308] <... clone resumed>, child_tidptr=0x555557135650) = 312 [pid 305] <... bpf resumed>) = 5 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 311] <... set_robust_list resumed>) = 0 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 309] <... openat resumed>) = 3 [pid 311] <... prctl resumed>) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 309] write(3, "1000", 4) = 4 [pid 311] <... openat resumed>) = 3 [pid 310] <... clone resumed>, child_tidptr=0x555557135650) = 313 [pid 309] close(3./strace-static-x86_64: Process 312 attached ./strace-static-x86_64: Process 313 attached [pid 312] set_robust_list(0x555557135660, 24 [pid 309] <... close resumed>) = 0 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 executing program [pid 311] write(1, "executing program\n", 18) = 18 [pid 311] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 311] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 313] set_robust_list(0x555557135660, 24 [pid 312] <... set_robust_list resumed>) = 0 [pid 309] write(1, "executing program\n", 18executing program [pid 313] <... set_robust_list resumed>) = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 309] <... write resumed>) = 18 [pid 311] <... bpf resumed>) = 4 [pid 311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 312] <... prctl resumed>) = 0 [pid 309] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 313] <... prctl resumed>) = 0 [pid 312] setpgid(0, 0 [pid 309] <... bpf resumed>) = 3 [pid 313] setpgid(0, 0 [pid 312] <... setpgid resumed>) = 0 [pid 313] <... setpgid resumed>) = 0 [pid 309] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 309] <... bpf resumed>) = 0 [pid 312] <... openat resumed>) = 3 [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 313] <... openat resumed>) = 3 [pid 312] write(3, "1000", 4 [pid 311] <... bpf resumed>) = 5 [pid 311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 309] <... bpf resumed>) = 4 [pid 313] write(3, "1000", 4 [pid 312] <... write resumed>) = 4 [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 313] <... write resumed>) = 4 [pid 312] close(3 [pid 313] close(3 [pid 309] <... bpf resumed>) = 5 [pid 312] <... close resumed>) = 0 [pid 313] <... close resumed>) = 0 [pid 312] write(1, "executing program\n", 18 [pid 313] write(1, "executing program\n", 18 executing program executing program [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 313] <... write resumed>) = 18 [pid 312] <... write resumed>) = 18 [ 30.856534][ T28] audit: type=1400 audit(1716235056.559:66): avc: denied { execmem } for pid=303 comm="syz-executor303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 30.866349][ T28] audit: type=1400 audit(1716235056.569:67): avc: denied { bpf } for pid=305 comm="syz-executor303" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 30.871025][ T28] audit: type=1400 audit(1716235056.569:68): avc: denied { map_create } for pid=305 comm="syz-executor303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 30.874245][ T28] audit: type=1400 audit(1716235056.569:69): avc: denied { perfmon } for pid=305 comm="syz-executor303" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 30.884753][ T28] audit: type=1400 audit(1716235056.569:70): avc: denied { map_read map_write } for pid=305 comm="syz-executor303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 313] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 312] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 311] <... bpf resumed>) = 6 [pid 309] <... bpf resumed>) = 6 [pid 311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 313] <... bpf resumed>) = 3 [pid 312] <... bpf resumed>) = 3 [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 312] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 313] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 312] <... bpf resumed>) = 0 [pid 313] <... bpf resumed>) = 0 [pid 313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 305] <... bpf resumed>) = 6 [pid 313] <... bpf resumed>) = 4 [pid 305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 311] <... bpf resumed>) = 7 [pid 313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 312] <... bpf resumed>) = 4 [pid 309] <... bpf resumed>) = 7 [pid 311] exit_group(0 [pid 305] <... bpf resumed>) = 7 [pid 313] <... bpf resumed>) = 5 [ 30.909999][ T28] audit: type=1400 audit(1716235056.569:71): avc: denied { prog_load } for pid=305 comm="syz-executor303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 30.930267][ T28] audit: type=1400 audit(1716235056.569:72): avc: denied { prog_run } for pid=305 comm="syz-executor303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 30.952156][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 30.963605][ T298] BUG: scheduling while atomic: sshd/298/0x00000002 [ 30.969958][ T298] Modules linked in: [ 30.973900][ T298] Preemption disabled at: [ 30.973917][ T298] [] __set_current_blocked+0x11b/0x2f0 [ 30.984964][ T298] CPU: 0 PID: 298 Comm: sshd Not tainted 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 30.993888][ T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 31.003785][ T298] Call Trace: [ 31.006908][ T298] [ 31.009682][ T298] dump_stack_lvl+0x151/0x1b7 [ 31.014190][ T298] ? __set_current_blocked+0x11b/0x2f0 [ 31.019486][ T298] ? __set_current_blocked+0x11b/0x2f0 [ 31.024786][ T298] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 31.030080][ T298] ? __set_current_blocked+0x11b/0x2f0 [ 31.035375][ T298] dump_stack+0x15/0x1b [ 31.039362][ T298] __schedule_bug+0x195/0x260 [ 31.043875][ T298] ? cpu_util_update_eff+0x10e0/0x10e0 [ 31.049175][ T298] __schedule+0xcf7/0x1550 [ 31.053431][ T298] ? __kasan_check_read+0x11/0x20 [ 31.058279][ T298] ? _copy_to_user+0x74/0x90 [ 31.062708][ T298] ? __sched_text_start+0x8/0x8 [ 31.067402][ T298] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 31.072870][ T298] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 31.078252][ T298] schedule+0xc3/0x180 [ 31.082150][ T298] exit_to_user_mode_loop+0x4e/0xa0 [ 31.087188][ T298] exit_to_user_mode_prepare+0x5a/0xa0 [ 31.092477][ T298] syscall_exit_to_user_mode+0x26/0x140 [ 31.097873][ T298] do_syscall_64+0x49/0xb0 [ 31.102119][ T298] ? sysvec_call_function_single+0x52/0xb0 [ 31.107758][ T298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 31.113565][ T298] RIP: 0033:0x7f69280c2773 [ 31.117821][ T298] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 31.137274][ T298] RSP: 002b:00007fff39fd7520 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 31.145504][ T298] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007f69280c2773 [ 31.153317][ T298] RDX: 00007fff39fd7608 RSI: 00007fff39fd7588 RDI: 0000000000000001 [pid 312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 305] exit_group(0executing program ) = ? [pid 305] +++ exited with 0 +++ [pid 309] exit_group(0) = ? [pid 311] <... exit_group resumed>) = ? [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557135650) = 314 [pid 313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 6 [pid 313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16./strace-static-x86_64: Process 314 attached [pid 314] set_robust_list(0x555557135660, 24) = 0 [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 314] setpgid(0, 0) = 0 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 314] write(3, "1000", 4) = 4 [pid 314] close(3) = 0 [pid 314] write(1, "executing program\n", 18) = 18 [pid 314] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 314] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 309] +++ exited with 0 +++ [pid 306] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 315 attached , child_tidptr=0x555557135650) = 315 [pid 315] set_robust_list(0x555557135660, 24) = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 executing program [pid 315] write(1, "executing program\n", 18) = 18 [pid 315] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 315] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 315] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 311] +++ exited with 0 +++ [pid 315] <... bpf resumed>) = 5 [pid 314] <... bpf resumed>) = 5 [ 31.161130][ T298] RBP: 000056294104d5e0 R08: 0000000000000001 R09: 0000000000000000 [ 31.169122][ T298] R10: 0000000000000008 R11: 0000000000000246 R12: 000056293f314aa4 [ 31.176929][ T298] R13: 000000000000001e R14: 000056293f3153e8 R15: 00007fff39fd7588 [ 31.184843][ T298] [ 31.201251][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000102, exited with 00000101? [ 31.212960][ T298] BUG: scheduling while atomic: sshd/298/0x00000002 [ 31.219365][ T298] Modules linked in: [ 31.223143][ T298] Preemption disabled at: [ 31.223152][ T298] [] __set_current_blocked+0x11b/0x2f0 [ 31.234143][ T298] CPU: 0 PID: 298 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 31.244532][ T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 31.254424][ T298] Call Trace: [ 31.257553][ T298] [ 31.260337][ T298] dump_stack_lvl+0x151/0x1b7 [ 31.264941][ T298] ? __set_current_blocked+0x11b/0x2f0 [ 31.270238][ T298] ? __set_current_blocked+0x11b/0x2f0 [ 31.275632][ T298] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 31.280920][ T298] ? trace_event_raw_event_bpf_trace_printk+0x14f/0x210 [ 31.287692][ T298] ? __set_current_blocked+0x11b/0x2f0 [ 31.293003][ T298] dump_stack+0x15/0x1b [ 31.297082][ T298] __schedule_bug+0x195/0x260 [ 31.301600][ T298] ? cpu_util_update_eff+0x10e0/0x10e0 [ 31.306989][ T298] __schedule+0xcf7/0x1550 [ 31.311238][ T298] ? __kasan_check_read+0x11/0x20 [ 31.316096][ T298] ? _copy_to_user+0x74/0x90 [ 31.320521][ T298] ? __sched_text_start+0x8/0x8 [ 31.325220][ T298] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 31.330958][ T298] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 31.336342][ T298] schedule+0xc3/0x180 [ 31.340244][ T298] exit_to_user_mode_loop+0x4e/0xa0 [ 31.345402][ T298] exit_to_user_mode_prepare+0x5a/0xa0 [ 31.350701][ T298] syscall_exit_to_user_mode+0x26/0x140 [ 31.356073][ T298] do_syscall_64+0x49/0xb0 [ 31.360329][ T298] ? sysvec_call_function_single+0x52/0xb0 [ 31.365975][ T298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 31.371741][ T298] RIP: 0033:0x7f69280c2773 [ 31.376209][ T298] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 31.395651][ T298] RSP: 002b:00007fff39fd7520 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 31.403903][ T298] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007f69280c2773 [pid 313] <... bpf resumed>) = 7 [pid 312] <... bpf resumed>) = 5 [pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 313] exit_group(0 [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 307] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 315] <... bpf resumed>) = 6 [pid 314] <... bpf resumed>) = 6 [pid 313] <... exit_group resumed>) = ? [pid 312] <... bpf resumed>) = 6 [pid 307] restart_syscall(<... resuming interrupted clone ...> [pid 315] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 313] +++ exited with 0 +++ [pid 312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 307] <... restart_syscall resumed>) = 0 [pid 310] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 307] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557135650) = 316 ./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x555557135660, 24) = 0 [pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557135650) = 317 [pid 316] setpgid(0, 0) = 0 [pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 316] write(3, "1000", 4) = 4 [pid 316] close(3) = 0 [pid 316] write(1, "executing program\n", 18) = 18 [pid 316] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 316] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 316] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x555557135660, 24) = 0 [pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 317] setpgid(0, 0) = 0 [pid 317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 317] write(3, "1000", 4) = 4 [pid 317] close(3) = 0 [pid 317] write(1, "executing program\n", 18) = 18 [pid 317] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 317] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 317] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 317] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16) = 5 [pid 316] <... bpf resumed>) = 5 [pid 315] <... bpf resumed>) = 7 [pid 314] <... bpf resumed>) = 7 [pid 312] <... bpf resumed>) = 7 [pid 317] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73executing program executing program [ 31.411705][ T298] RDX: 00007fff39fd7608 RSI: 00007fff39fd7588 RDI: 0000000000000001 [ 31.419520][ T298] RBP: 000056294104d5e0 R08: 0000000000000001 R09: 0000000000000000 [ 31.427329][ T298] R10: 0000000000000008 R11: 0000000000000246 R12: 000056293f314aa4 [ 31.435143][ T298] R13: 000000000000001f R14: 000056293f3153e8 R15: 00007fff39fd7588 [ 31.442952][ T298] [ 31.449189][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 31.460606][ T298] BUG: scheduling while atomic: sshd/298/0x00000002 [ 31.467073][ T298] Modules linked in: [ 31.470947][ T298] Preemption disabled at: [ 31.470956][ T298] [] release_sock+0x30/0x1b0 [ 31.481198][ T298] CPU: 0 PID: 298 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 31.491510][ T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 31.501412][ T298] Call Trace: [ 31.504532][ T298] [ 31.507314][ T298] dump_stack_lvl+0x151/0x1b7 [ 31.511828][ T298] ? release_sock+0x30/0x1b0 [ 31.516245][ T298] ? release_sock+0x30/0x1b0 [ 31.520673][ T298] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 31.525973][ T298] ? release_sock+0x30/0x1b0 [ 31.530399][ T298] dump_stack+0x15/0x1b [ 31.534386][ T298] __schedule_bug+0x195/0x260 [ 31.538903][ T298] ? cpu_util_update_eff+0x10e0/0x10e0 [ 31.544199][ T298] __schedule+0xcf7/0x1550 [ 31.548455][ T298] ? __kasan_check_read+0x11/0x20 [ 31.553312][ T298] ? _copy_to_user+0x74/0x90 [ 31.557736][ T298] ? __sched_text_start+0x8/0x8 [ 31.562423][ T298] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 31.567978][ T298] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 31.573360][ T298] schedule+0xc3/0x180 [ 31.577263][ T298] exit_to_user_mode_loop+0x4e/0xa0 [ 31.582306][ T298] exit_to_user_mode_prepare+0x5a/0xa0 [ 31.587602][ T298] syscall_exit_to_user_mode+0x26/0x140 [ 31.592977][ T298] do_syscall_64+0x49/0xb0 [ 31.597232][ T298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 31.602953][ T298] RIP: 0033:0x7f69280c2773 [ 31.607207][ T298] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 31.626652][ T298] RSP: 002b:00007fff39fd7520 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 31.634896][ T298] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f69280c2773 [ 31.642792][ T298] RDX: 00007fff39fd7608 RSI: 00007fff39fd7588 RDI: 0000000000000000 [ 31.650600][ T298] RBP: 000056294104d5e0 R08: 0000000000000000 R09: 0000000000000000 [pid 316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73executing program [pid 315] exit_group(0 [pid 314] exit_group(0 [pid 312] exit_group(0 [pid 317] <... bpf resumed>) = 6 [pid 316] <... bpf resumed>) = 6 [pid 315] <... exit_group resumed>) = ? [pid 314] <... exit_group resumed>) = ? [pid 312] <... exit_group resumed>) = ? [pid 317] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 316] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 315] +++ exited with 0 +++ [pid 306] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557135650) = 319 ./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x555557135660, 24) = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] write(1, "executing program\n", 18) = 18 [pid 319] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 319] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 314] +++ exited with 0 +++ [pid 312] +++ exited with 0 +++ [pid 308] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 308] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 320 attached [pid 308] <... clone resumed>, child_tidptr=0x555557135650) = 320 [pid 304] <... clone resumed>, child_tidptr=0x555557135650) = 321 [pid 320] set_robust_list(0x555557135660, 24) = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 321 attached [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 321] set_robust_list(0x555557135660, 24) = 0 [pid 320] <... openat resumed>) = 3 [pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3 [pid 321] <... prctl resumed>) = 0 [pid 320] <... close resumed>) = 0 executing program [pid 320] write(1, "executing program\n", 18 [pid 321] setpgid(0, 0 [pid 320] <... write resumed>) = 18 [pid 320] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 321] <... setpgid resumed>) = 0 [pid 320] <... bpf resumed>) = 3 [pid 320] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 320] <... bpf resumed>) = 0 [pid 320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144executing program [pid 321] <... openat resumed>) = 3 [pid 321] write(3, "1000", 4) = 4 [pid 321] close(3) = 0 [pid 321] write(1, "executing program\n", 18) = 18 [pid 320] <... bpf resumed>) = 4 [pid 320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 321] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 321] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 317] <... bpf resumed>) = 7 [ 31.658409][ T298] R10: 0000000000000008 R11: 0000000000000246 R12: 000056293f314aa4 [ 31.666223][ T298] R13: 000000000000001f R14: 000056293f3153e8 R15: 00007fff39fd7588 [ 31.674037][ T298] [ 31.691100][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 31.702506][ T298] BUG: scheduling while atomic: sshd/298/0x00000002 [ 31.708898][ T298] Modules linked in: [ 31.712696][ T298] Preemption disabled at: [ 31.712705][ T298] [] try_to_wake_up+0x85/0x1220 [ 31.723065][ T298] CPU: 0 PID: 298 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 31.733467][ T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 31.743356][ T298] Call Trace: [ 31.746478][ T298] [ 31.749257][ T298] dump_stack_lvl+0x151/0x1b7 [ 31.753772][ T298] ? try_to_wake_up+0x85/0x1220 [ 31.758460][ T298] ? try_to_wake_up+0x85/0x1220 [ 31.763147][ T298] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 31.768438][ T298] ? try_to_wake_up+0x85/0x1220 [ 31.773125][ T298] dump_stack+0x15/0x1b [ 31.777121][ T298] __schedule_bug+0x195/0x260 [ 31.781633][ T298] ? try_to_wake_up+0x670/0x1220 [ 31.786489][ T298] ? cpu_util_update_eff+0x10e0/0x10e0 [ 31.791873][ T298] ? cpu_curr_snapshot+0x90/0x90 [ 31.796674][ T298] __schedule+0xcf7/0x1550 [ 31.800899][ T298] ? wake_up_process+0x10/0x20 [ 31.805499][ T298] ? raise_softirq_irqoff+0x37/0x40 [ 31.810529][ T298] ? rcu_read_unlock_special+0x3f2/0x4e0 [ 31.815998][ T298] ? __sched_text_start+0x8/0x8 [ 31.820685][ T298] ? __rcu_read_unlock+0xd0/0xd0 [ 31.825455][ T298] ? ksys_read+0x24f/0x2c0 [ 31.829709][ T298] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 31.835093][ T298] schedule+0xc3/0x180 [ 31.838998][ T298] exit_to_user_mode_loop+0x4e/0xa0 [ 31.844034][ T298] exit_to_user_mode_prepare+0x5a/0xa0 [ 31.849325][ T298] syscall_exit_to_user_mode+0x26/0x140 [ 31.854708][ T298] do_syscall_64+0x49/0xb0 [ 31.858973][ T298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 31.864692][ T298] RIP: 0033:0x7f69280fd587 [ 31.868963][ T298] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 31.888392][ T298] RSP: 002b:00007fff39fd7368 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 31.896628][ T298] RAX: 000000000000012a RBX: 000000000000000a RCX: 00007f69280fd587 [ 31.904442][ T298] RDX: 0000000000000000 RSI: 000000000000000a RDI: 000000000000000a [pid 321] <... bpf resumed>) = 5 [pid 320] <... bpf resumed>) = 5 [pid 319] <... bpf resumed>) = 5 [pid 317] exit_group(0 [pid 316] <... bpf resumed>) = 7 [pid 321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 317] <... exit_group resumed>) = ? [pid 316] exit_group(0 [pid 321] <... bpf resumed>) = 6 [pid 319] <... bpf resumed>) = 6 [pid 316] <... exit_group resumed>) = ? [pid 321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 320] <... bpf resumed>) = 6 [pid 320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 317] +++ exited with 0 +++ [pid 316] +++ exited with 0 +++ [pid 310] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 307] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 307] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x555557135660, 24 [pid 310] <... clone resumed>, child_tidptr=0x555557135650) = 322 [pid 322] <... set_robust_list resumed>) = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] <... clone resumed>, child_tidptr=0x555557135650) = 323 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 executing program [pid 322] write(1, "executing program\n", 18) = 18 [pid 322] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 322] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 ./strace-static-x86_64: Process 323 attached [pid 322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 323] set_robust_list(0x555557135660, 24) = 0 [pid 322] <... bpf resumed>) = 4 [pid 322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 323] setpgid(0, 0) = 0 [pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 323] write(3, "1000", 4) = 4 [pid 323] close(3) = 0 [pid 323] write(1, "executing program\n", 18executing program ) = 18 [pid 323] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 323] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 319] <... bpf resumed>) = 7 [pid 323] <... bpf resumed>) = 5 [pid 322] <... bpf resumed>) = 5 [pid 321] <... bpf resumed>) = 7 [pid 320] <... bpf resumed>) = 7 [pid 319] exit_group(0 [pid 321] exit_group(0 [pid 320] exit_group(0 [pid 319] <... exit_group resumed>) = ? [ 31.912250][ T298] RBP: 000056294104856a R08: 0000000000000000 R09: 0000000000000000 [ 31.920093][ T298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000400 [ 31.927870][ T298] R13: 000000000000000a R14: 0000000000000000 R15: 000056294104d290 [ 31.935695][ T298] [ 31.951624][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 31.963051][ T300] BUG: scheduling while atomic: strace-static-x/300/0x00000002 [ 31.970529][ T300] Modules linked in: [ 31.974298][ T300] Preemption disabled at: [ 31.974305][ T300] [] pipe_write+0x14b2/0x1990 [ 31.984584][ T300] CPU: 0 PID: 300 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 31.995916][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 32.005890][ T300] Call Trace: [ 32.009013][ T300] [ 32.011793][ T300] dump_stack_lvl+0x151/0x1b7 [ 32.016303][ T300] ? pipe_write+0x14b2/0x1990 [ 32.020819][ T300] ? pipe_write+0x14b2/0x1990 [ 32.025329][ T300] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 32.030624][ T300] ? task_rq_lock+0xd2/0x2b0 [ 32.035049][ T300] ? pipe_write+0x14b2/0x1990 [ 32.039564][ T300] dump_stack+0x15/0x1b [ 32.043556][ T300] __schedule_bug+0x195/0x260 [ 32.048068][ T300] ? cpu_util_update_eff+0x10e0/0x10e0 [ 32.053361][ T300] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 32.058658][ T300] ? _raw_spin_lock+0x1b0/0x1b0 [ 32.063343][ T300] __schedule+0xcf7/0x1550 [ 32.067599][ T300] ? __lock_task_sighand+0xde/0x100 [ 32.072646][ T300] ? __sched_text_start+0x8/0x8 [ 32.077319][ T300] ? __kasan_check_write+0x14/0x20 [ 32.082266][ T300] ? __se_sys_ptrace+0x3b2/0x410 [ 32.087037][ T300] schedule+0xc3/0x180 [ 32.090943][ T300] exit_to_user_mode_loop+0x4e/0xa0 [ 32.095977][ T300] exit_to_user_mode_prepare+0x5a/0xa0 [ 32.101273][ T300] syscall_exit_to_user_mode+0x26/0x140 [ 32.106653][ T300] do_syscall_64+0x49/0xb0 [ 32.110903][ T300] ? sysvec_call_function_single+0x52/0xb0 [ 32.116549][ T300] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 32.122273][ T300] RIP: 0033:0x4e6c1a [ 32.126006][ T300] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 32.145450][ T300] RSP: 002b:00007ffc90176540 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 32.153692][ T300] RAX: 0000000000000000 RBX: 00000000007462f8 RCX: 00000000004e6c1a [pid 322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 321] <... exit_group resumed>) = ? [pid 320] <... exit_group resumed>) = ? [pid 319] +++ exited with 0 +++ [pid 306] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 322] <... bpf resumed>) = 6 [ 32.161512][ T300] RDX: 0000000000000000 RSI: 000000000000013f RDI: 0000000000000018 [ 32.169316][ T300] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000018 [ 32.177343][ T300] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000748230 [ 32.185127][ T300] R13: 0000000000000000 R14: 000000000006057f R15: 0000000000617180 [ 32.193191][ T300] [ 32.199770][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 32.211180][ T300] BUG: scheduling while atomic: strace-static-x/300/0x00000002 [ 32.218516][ T300] Modules linked in: [ 32.222470][ T300] Preemption disabled at: [ 32.222477][ T300] [] __lock_task_sighand+0x6b/0x100 [ 32.233223][ T300] CPU: 0 PID: 300 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 32.244555][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 32.254677][ T300] Call Trace: [ 32.257806][ T300] [ 32.260549][ T300] dump_stack_lvl+0x151/0x1b7 [ 32.265064][ T300] ? __lock_task_sighand+0x6b/0x100 [ 32.270097][ T300] ? __lock_task_sighand+0x6b/0x100 [ 32.275133][ T300] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 32.280425][ T300] ? task_rq_lock+0xd2/0x2b0 [ 32.284850][ T300] ? __lock_task_sighand+0x6b/0x100 [ 32.289882][ T300] dump_stack+0x15/0x1b [ 32.293877][ T300] __schedule_bug+0x195/0x260 [ 32.298385][ T300] ? cpu_util_update_eff+0x10e0/0x10e0 [ 32.303681][ T300] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 32.308976][ T300] ? _raw_spin_lock+0x1b0/0x1b0 [ 32.313663][ T300] __schedule+0xcf7/0x1550 [ 32.317918][ T300] ? __lock_task_sighand+0xde/0x100 [ 32.323124][ T300] ? __sched_text_start+0x8/0x8 [ 32.327809][ T300] ? __kasan_check_write+0x14/0x20 [ 32.332773][ T300] ? __se_sys_ptrace+0x3b2/0x410 [ 32.337530][ T300] schedule+0xc3/0x180 [ 32.341439][ T300] exit_to_user_mode_loop+0x4e/0xa0 [ 32.346470][ T300] exit_to_user_mode_prepare+0x5a/0xa0 [ 32.351763][ T300] syscall_exit_to_user_mode+0x26/0x140 [ 32.357147][ T300] do_syscall_64+0x49/0xb0 [ 32.361397][ T300] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 32.367125][ T300] RIP: 0033:0x4e6c1a [ 32.370872][ T300] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 32.390306][ T300] RSP: 002b:00007ffc90176540 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 32.398544][ T300] RAX: 0000000000000000 RBX: 00000000007462f8 RCX: 00000000004e6c1a [ 32.406355][ T300] RDX: 0000000000000000 RSI: 0000000000000132 RDI: 0000000000000018 [pid 322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 323] <... bpf resumed>) = 6 [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 321] +++ exited with 0 +++ [pid 320] +++ exited with 0 +++ [pid 308] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 308] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 325 attached [pid 306] <... clone resumed>, child_tidptr=0x555557135650) = 325 [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 308] <... restart_syscall resumed>) = 0 [pid 304] restart_syscall(<... resuming interrupted clone ...> [pid 325] set_robust_list(0x555557135660, 24 [pid 304] <... restart_syscall resumed>) = 0 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 325] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 326 attached [pid 304] <... clone resumed>, child_tidptr=0x555557135650) = 326 [pid 326] set_robust_list(0x555557135660, 24) = 0 [pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 326] setpgid(0, 0 [pid 308] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 326] <... setpgid resumed>) = 0 [pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 326] write(3, "1000", 4executing program ) = 4 [pid 326] close(3) = 0 [pid 326] write(1, "executing program\n", 18) = 18 [pid 326] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 308] <... clone resumed>, child_tidptr=0x555557135650) = 327 [pid 326] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 326] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 327 attached [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0 [pid 327] set_robust_list(0x555557135660, 24 [pid 325] <... setpgid resumed>) = 0 [pid 326] <... bpf resumed>) = 4 [pid 326] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 327] <... set_robust_list resumed>) = 0 [pid 325] <... openat resumed>) = 3 [pid 325] write(3, "1000", 4 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 325] <... write resumed>) = 4 [pid 325] close(3) = 0 [pid 327] <... prctl resumed>) = 0 [pid 325] write(1, "executing program\n", 18executing program ) = 18 [pid 325] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 327] setpgid(0, 0 [pid 325] <... bpf resumed>) = 3 [pid 325] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 327] <... setpgid resumed>) = 0 [pid 325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 325] <... bpf resumed>) = 4 [pid 327] <... openat resumed>) = 3 [pid 325] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 327] write(3, "1000", 4) = 4 [pid 327] close(3) = 0 [pid 327] write(1, "executing program\n", 18executing program ) = 18 [pid 327] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 327] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 327] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [ 32.414167][ T300] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000002 [ 32.421977][ T300] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000747cf0 [ 32.429788][ T300] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [ 32.437609][ T300] [ 32.461232][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 32.472660][ T298] BUG: scheduling while atomic: sshd/298/0x00000002 [ 32.479038][ T298] Modules linked in: [ 32.482829][ T298] Preemption disabled at: [ 32.482839][ T298] [] schedule+0xbc/0x180 [ 32.492687][ T298] CPU: 0 PID: 298 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 32.503092][ T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 32.512992][ T298] Call Trace: [ 32.516113][ T298] [ 32.518897][ T298] dump_stack_lvl+0x151/0x1b7 [ 32.523405][ T298] ? schedule+0xbc/0x180 [ 32.527485][ T298] ? schedule+0xbc/0x180 [ 32.531587][ T298] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 32.536855][ T298] ? schedule+0xbc/0x180 [ 32.540930][ T298] dump_stack+0x15/0x1b [ 32.544926][ T298] __schedule_bug+0x195/0x260 [ 32.549445][ T298] ? cpu_util_update_eff+0x10e0/0x10e0 [ 32.554738][ T298] __schedule+0xcf7/0x1550 [ 32.558994][ T298] ? __kasan_check_read+0x11/0x20 [ 32.563846][ T298] ? _copy_to_user+0x74/0x90 [ 32.568271][ T298] ? __sched_text_start+0x8/0x8 [ 32.572962][ T298] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 32.578433][ T298] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 32.583847][ T298] schedule+0xc3/0x180 [ 32.587719][ T298] exit_to_user_mode_loop+0x4e/0xa0 [ 32.592750][ T298] exit_to_user_mode_prepare+0x5a/0xa0 [ 32.598045][ T298] syscall_exit_to_user_mode+0x26/0x140 [ 32.603558][ T298] do_syscall_64+0x49/0xb0 [ 32.607803][ T298] ? sysvec_call_function_single+0x52/0xb0 [ 32.613443][ T298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 32.619175][ T298] RIP: 0033:0x7f69280c2773 [ 32.623428][ T298] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 32.642866][ T298] RSP: 002b:00007fff39fd7520 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 32.651112][ T298] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f69280c2773 [pid 322] <... bpf resumed>) = 7 [pid 326] <... bpf resumed>) = 5 [pid 325] <... bpf resumed>) = 5 [pid 323] <... bpf resumed>) = 7 [pid 322] exit_group(0 [pid 326] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 323] exit_group(0 [pid 322] <... exit_group resumed>) = ? [pid 326] <... bpf resumed>) = 6 [pid 325] <... bpf resumed>) = 6 [pid 323] <... exit_group resumed>) = ? [pid 326] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 325] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 327] <... bpf resumed>) = 5 [pid 327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 323] +++ exited with 0 +++ [pid 307] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 307] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557135650) = 328 [pid 327] <... bpf resumed>) = 6 ./strace-static-x86_64: Process 328 attached [pid 327] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 328] set_robust_list(0x555557135660, 24) = 0 [pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 328] setpgid(0, 0) = 0 [pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 328] write(3, "1000", 4) = 4 [pid 328] close(3) = 0 [pid 328] write(1, "executing program\n", 18executing program ) = 18 [pid 328] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 328] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 328] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 328] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 326] <... bpf resumed>) = 7 [pid 328] <... bpf resumed>) = 5 [pid 327] <... bpf resumed>) = 7 [pid 326] exit_group(0 [pid 325] <... bpf resumed>) = 7 [pid 322] +++ exited with 0 +++ [pid 328] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 327] exit_group(0 [pid 326] <... exit_group resumed>) = ? [pid 327] <... exit_group resumed>) = ? [pid 326] +++ exited with 0 +++ [pid 325] exit_group(0 [pid 310] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 325] <... exit_group resumed>) = ? [pid 310] restart_syscall(<... resuming interrupted clone ...> [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=326, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 310] <... restart_syscall resumed>) = 0 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 328] <... bpf resumed>) = 6 [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 328] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16./strace-static-x86_64: Process 329 attached [pid 304] <... clone resumed>, child_tidptr=0x555557135650) = 329 [pid 310] <... clone resumed>, child_tidptr=0x555557135650) = 330 ./strace-static-x86_64: Process 330 attached [ 32.658920][ T298] RDX: 00007fff39fd7608 RSI: 00007fff39fd7588 RDI: 0000000000000000 [ 32.666742][ T298] RBP: 000056294104d5e0 R08: 0000000000000000 R09: 0000000000000000 [ 32.674547][ T298] R10: 0000000000000008 R11: 0000000000000246 R12: 000056293f314aa4 [ 32.682367][ T298] R13: 0000000000000020 R14: 000056293f3153e8 R15: 00007fff39fd7588 [ 32.690172][ T298] [ 32.715657][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000102, exited with 00000101? [ 32.727268][ T298] BUG: scheduling while atomic: sshd/298/0x00000002 [ 32.730388][ C1] softirq: huh, entered softirq 9 RCU ffffffff8160d2f0 with preempt_count 00000102, exited with 00000101? [ 32.733983][ T298] Modules linked in: [ 32.745046][ T300] BUG: scheduling while atomic: strace-static-x/300/0x00000002 [ 32.745066][ T300] Modules linked in: [ 32.745076][ T300] Preemption disabled at: [ 32.745080][ T300] [] __lock_task_sighand+0x6b/0x100 [ 32.745108][ T300] CPU: 1 PID: 300 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 32.748819][ T298] [ 32.748824][ T298] Preemption disabled at: [ 32.756205][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 32.756224][ T300] Call Trace: [ 32.756230][ T300] [ 32.756238][ T300] dump_stack_lvl+0x151/0x1b7 [ 32.759932][ T298] [] pipe_read+0x5b3/0x1040 [ 32.764098][ T300] ? __lock_task_sighand+0x6b/0x100 [ 32.764117][ T300] ? __lock_task_sighand+0x6b/0x100 [ 32.824686][ T300] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 32.829974][ T300] ? task_rq_lock+0xd2/0x2b0 [ 32.834401][ T300] ? __lock_task_sighand+0x6b/0x100 [ 32.839436][ T300] dump_stack+0x15/0x1b [ 32.843428][ T300] __schedule_bug+0x195/0x260 [ 32.847942][ T300] ? cpu_util_update_eff+0x10e0/0x10e0 [ 32.853234][ T300] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 32.858531][ T300] ? _raw_spin_lock+0x1b0/0x1b0 [ 32.863216][ T300] __schedule+0xcf7/0x1550 [ 32.867468][ T300] ? __lock_task_sighand+0xde/0x100 [ 32.872502][ T300] ? __sched_text_start+0x8/0x8 [ 32.877192][ T300] ? __kasan_check_write+0x14/0x20 [ 32.882137][ T300] ? __se_sys_ptrace+0x3b2/0x410 [ 32.886911][ T300] schedule+0xc3/0x180 [ 32.890814][ T300] exit_to_user_mode_loop+0x4e/0xa0 [ 32.895849][ T300] exit_to_user_mode_prepare+0x5a/0xa0 [ 32.901141][ T300] syscall_exit_to_user_mode+0x26/0x140 [ 32.906530][ T300] do_syscall_64+0x49/0xb0 [ 32.910865][ T300] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 32.916505][ T300] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 32.922231][ T300] RIP: 0033:0x4e6c1a [ 32.925966][ T300] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 32.945408][ T300] RSP: 002b:00007ffc90176540 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 32.953650][ T300] RAX: 0000000000000000 RBX: 00000000007462f8 RCX: 00000000004e6c1a [ 32.961463][ T300] RDX: 0000000000000000 RSI: 0000000000000133 RDI: 0000000000000018 [ 32.969274][ T300] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000000 [ 32.977085][ T300] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000747f90 [ 32.984893][ T300] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [ 32.992715][ T300] [ 32.995572][ T298] CPU: 0 PID: 298 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 33.005987][ T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 33.015881][ T298] Call Trace: [ 33.019004][ T298] [ 33.021779][ T298] dump_stack_lvl+0x151/0x1b7 [ 33.026292][ T298] ? pipe_read+0x5b3/0x1040 [ 33.030633][ T298] ? pipe_read+0x5b3/0x1040 [ 33.034973][ T298] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 33.040266][ T298] ? fsnotify_perm+0x6a/0x5d0 [ 33.044783][ T298] ? pipe_read+0x5b3/0x1040 [ 33.049159][ T298] dump_stack+0x15/0x1b [ 33.053111][ T298] __schedule_bug+0x195/0x260 [ 33.057628][ T298] ? cpu_util_update_eff+0x10e0/0x10e0 [ 33.062944][ T298] ? file_end_write+0x1c0/0x1c0 [ 33.067608][ T298] __schedule+0xcf7/0x1550 [ 33.071862][ T298] ? __kasan_check_read+0x11/0x20 [ 33.076716][ T298] ? __fdget_pos+0x204/0x390 [ 33.081144][ T298] ? __sched_text_start+0x8/0x8 [ 33.085834][ T298] ? ksys_write+0x24f/0x2c0 [ 33.090171][ T298] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 33.095551][ T298] schedule+0xc3/0x180 [ 33.099462][ T298] exit_to_user_mode_loop+0x4e/0xa0 [ 33.104490][ T298] exit_to_user_mode_prepare+0x5a/0xa0 [ 33.109784][ T298] syscall_exit_to_user_mode+0x26/0x140 [ 33.115167][ T298] do_syscall_64+0x49/0xb0 [ 33.119420][ T298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 33.125148][ T298] RIP: 0033:0x7f6928116bf2 [ 33.129399][ T298] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 33.149189][ T298] RSP: 002b:00007fff39fd7518 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 33.157586][ T298] RAX: 0000000000000054 RBX: 0000000000000054 RCX: 00007f6928116bf2 [pid 329] set_robust_list(0x555557135660, 24executing program executing program ) = 0 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 329] setpgid(0, 0) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 329] write(3, "1000", 4) = 4 [pid 329] close(3) = 0 [pid 329] write(1, "executing program\n", 18) = 18 [pid 329] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 329] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 330] set_robust_list(0x555557135660, 24) = 0 [pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 330] setpgid(0, 0) = 0 [pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 330] write(3, "1000", 4) = 4 [pid 330] close(3) = 0 [pid 330] write(1, "executing program\n", 18) = 18 [pid 330] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 330] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 330] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 327] +++ exited with 0 +++ [pid 308] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 308] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557135650) = 332 ./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x555557135660, 24) = 0 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 332] setpgid(0, 0) = 0 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 332] write(3, "1000", 4) = 4 [pid 332] close(3) = 0 executing program [pid 332] write(1, "executing program\n", 18) = 18 [pid 332] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 332] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 328] <... bpf resumed>) = 7 [pid 329] <... bpf resumed>) = 5 [ 33.165368][ T298] RDX: 0000000000000054 RSI: 0000562941063930 RDI: 0000000000000004 [ 33.173181][ T298] RBP: 000056294104d290 R08: 0000000000000000 R09: 0000000000000000 [ 33.180989][ T298] R10: 0000000000000000 R11: 0000000000000246 R12: 000056293f314aa4 [ 33.188809][ T298] R13: 0000000000000020 R14: 000056293f3153e8 R15: 00007fff39fd7588 [ 33.196619][ T298] [ 33.221358][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 33.232783][ T298] BUG: scheduling while atomic: sshd/298/0x00000002 [ 33.239300][ T298] Modules linked in: [ 33.243046][ T298] Preemption disabled at: [ 33.243055][ T298] [] release_sock+0x30/0x1b0 [ 33.253194][ T298] CPU: 0 PID: 298 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 33.263588][ T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 33.273564][ T298] Call Trace: [ 33.276686][ T298] [ 33.279463][ T298] dump_stack_lvl+0x151/0x1b7 [ 33.283985][ T298] ? release_sock+0x30/0x1b0 [ 33.288402][ T298] ? release_sock+0x30/0x1b0 [ 33.292832][ T298] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 33.298125][ T298] ? release_sock+0x30/0x1b0 [ 33.302548][ T298] dump_stack+0x15/0x1b [ 33.306601][ T298] __schedule_bug+0x195/0x260 [ 33.311054][ T298] ? cpu_util_update_eff+0x10e0/0x10e0 [ 33.316349][ T298] ? bpf_trace_printk+0x1be/0x300 [ 33.321211][ T298] ? bpf_trace_run2+0xe9/0x290 [ 33.325809][ T298] ? bpf_probe_write_user+0xf0/0xf0 [ 33.330844][ T298] __schedule+0xcf7/0x1550 [ 33.335104][ T298] ? __sched_text_start+0x8/0x8 [ 33.339780][ T298] ? bpf_trace_run2+0x138/0x290 [ 33.344469][ T298] ? bpf_trace_run1+0x240/0x240 [ 33.349169][ T298] schedule+0xc3/0x180 [ 33.353061][ T298] exit_to_user_mode_loop+0x4e/0xa0 [ 33.358096][ T298] exit_to_user_mode_prepare+0x5a/0xa0 [ 33.363390][ T298] syscall_exit_to_user_mode+0x26/0x140 [ 33.368779][ T298] do_syscall_64+0x49/0xb0 [ 33.373022][ T298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 33.378838][ T298] RIP: 0033:0x7f69280fd587 [ 33.383090][ T298] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 33.402624][ T298] RSP: 002b:00007fff39fd7368 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 33.410866][ T298] RAX: 000000000000012a RBX: 0000000000000006 RCX: 00007f69280fd587 [pid 330] <... bpf resumed>) = 5 executing program [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 328] exit_group(0 [pid 325] +++ exited with 0 +++ [pid 330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 329] <... bpf resumed>) = 6 [pid 328] <... exit_group resumed>) = ? [pid 306] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 330] <... bpf resumed>) = 6 [pid 329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 330] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557135650) = 333 ./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x555557135660, 24) = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 333] setpgid(0, 0) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 [pid 333] write(1, "executing program\n", 18) = 18 [pid 333] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 333] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 333] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 332] <... bpf resumed>) = 5 [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 6 [pid 332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 329] <... bpf resumed>) = 7 [ 33.418676][ T298] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006 [ 33.426488][ T298] RBP: 000056294104853e R08: 0000000000000000 R09: 0000000000000000 [ 33.434303][ T298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000400 [ 33.442113][ T298] R13: 0000000000000006 R14: 0000000000000000 R15: 000056294104d290 [ 33.449930][ T298] [ 33.471076][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 33.482486][ T298] BUG: scheduling while atomic: sshd/298/0x00000002 [ 33.488875][ T298] Modules linked in: [ 33.492663][ T298] Preemption disabled at: [ 33.492672][ T298] [] __set_current_blocked+0x11b/0x2f0 [ 33.503734][ T298] CPU: 0 PID: 298 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 33.514146][ T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 33.524047][ T298] Call Trace: [ 33.527168][ T298] [ 33.529950][ T298] dump_stack_lvl+0x151/0x1b7 [ 33.534461][ T298] ? __set_current_blocked+0x11b/0x2f0 [ 33.539749][ T298] ? __set_current_blocked+0x11b/0x2f0 [ 33.545051][ T298] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 33.550344][ T298] ? __set_current_blocked+0x11b/0x2f0 [ 33.555634][ T298] dump_stack+0x15/0x1b [ 33.559629][ T298] __schedule_bug+0x195/0x260 [ 33.564148][ T298] ? cpu_util_update_eff+0x10e0/0x10e0 [ 33.569442][ T298] __schedule+0xcf7/0x1550 [ 33.573692][ T298] ? __kasan_check_read+0x11/0x20 [ 33.578563][ T298] ? _copy_to_user+0x74/0x90 [ 33.582974][ T298] ? __sched_text_start+0x8/0x8 [ 33.587660][ T298] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 33.593128][ T298] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 33.598523][ T298] schedule+0xc3/0x180 [ 33.602492][ T298] exit_to_user_mode_loop+0x4e/0xa0 [ 33.607451][ T298] exit_to_user_mode_prepare+0x5a/0xa0 [ 33.612744][ T298] syscall_exit_to_user_mode+0x26/0x140 [ 33.618122][ T298] do_syscall_64+0x49/0xb0 [ 33.622383][ T298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 33.628104][ T298] RIP: 0033:0x7f69280c2773 [ 33.632367][ T298] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 33.651898][ T298] RSP: 002b:00007fff39fd7520 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 33.660135][ T298] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007f69280c2773 [pid 333] <... bpf resumed>) = 5 [pid 330] <... bpf resumed>) = 7 [pid 329] exit_group(0 [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 329] <... exit_group resumed>) = ? [pid 333] <... bpf resumed>) = 6 [pid 333] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 330] exit_group(0) = ? [pid 333] <... bpf resumed>) = 7 [pid 332] <... bpf resumed>) = 7 [pid 330] +++ exited with 0 +++ [pid 329] +++ exited with 0 +++ [pid 328] +++ exited with 0 +++ [pid 333] exit_group(0 [pid 332] exit_group(0 [pid 310] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 307] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 333] <... exit_group resumed>) = ? [pid 332] <... exit_group resumed>) = ? [ 33.667949][ T298] RDX: 00007fff39fd7608 RSI: 00007fff39fd7588 RDI: 0000000000000001 [ 33.675759][ T298] RBP: 000056294104d5e0 R08: 0000000000000001 R09: 0000000000000000 [ 33.683579][ T298] R10: 0000000000000008 R11: 0000000000000246 R12: 000056293f314aa4 [ 33.691381][ T298] R13: 0000000000000021 R14: 000056293f3153e8 R15: 00007fff39fd7588 [ 33.699203][ T298] [ 33.705294][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 33.716697][ T300] BUG: scheduling while atomic: strace-static-x/300/0x00000002 [ 33.724079][ T300] Modules linked in: [ 33.727761][ T300] Preemption disabled at: [ 33.727771][ T300] [] remove_wait_queue+0x26/0x140 [ 33.738357][ T300] CPU: 0 PID: 300 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 33.749716][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 33.759615][ T300] Call Trace: [ 33.762742][ T300] [ 33.765512][ T300] dump_stack_lvl+0x151/0x1b7 [ 33.770023][ T300] ? remove_wait_queue+0x26/0x140 [ 33.774884][ T300] ? remove_wait_queue+0x26/0x140 [ 33.779745][ T300] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 33.785037][ T300] ? task_rq_lock+0xd2/0x2b0 [ 33.789466][ T300] ? remove_wait_queue+0x26/0x140 [ 33.794325][ T300] dump_stack+0x15/0x1b [ 33.798332][ T300] __schedule_bug+0x195/0x260 [ 33.803277][ T300] ? cpu_util_update_eff+0x10e0/0x10e0 [ 33.808570][ T300] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 33.813865][ T300] ? _raw_spin_lock+0x1b0/0x1b0 [ 33.818551][ T300] __schedule+0xcf7/0x1550 [ 33.822804][ T300] ? __lock_task_sighand+0xde/0x100 [ 33.827838][ T300] ? __sched_text_start+0x8/0x8 [ 33.832535][ T300] ? __kasan_check_write+0x14/0x20 [ 33.837474][ T300] ? __se_sys_ptrace+0x3b2/0x410 [ 33.842251][ T300] schedule+0xc3/0x180 [ 33.846238][ T300] exit_to_user_mode_loop+0x4e/0xa0 [ 33.851270][ T300] exit_to_user_mode_prepare+0x5a/0xa0 [ 33.856572][ T300] syscall_exit_to_user_mode+0x26/0x140 [ 33.861949][ T300] do_syscall_64+0x49/0xb0 [ 33.866206][ T300] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 33.871840][ T300] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 33.877568][ T300] RIP: 0033:0x4e6c1a [ 33.881301][ T300] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 33.900744][ T300] RSP: 002b:00007ffc90176540 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 33.908987][ T300] RAX: 0000000000000000 RBX: 00000000007462f8 RCX: 00000000004e6c1a [ 33.916799][ T300] RDX: 0000000000000000 RSI: 0000000000000136 RDI: 0000000000000018 [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 333] +++ exited with 0 +++ [pid 307] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 332] +++ exited with 0 +++ [pid 308] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 308] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 337 attached ./strace-static-x86_64: Process 336 attached ./strace-static-x86_64: Process 335 attached [pid 310] <... clone resumed>, child_tidptr=0x555557135650) = 335 [pid 304] <... clone resumed>, child_tidptr=0x555557135650) = 336 [pid 308] <... clone resumed>, child_tidptr=0x555557135650) = 338 [pid 307] <... clone resumed>, child_tidptr=0x555557135650) = 337 [pid 306] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 306] restart_syscall(<... resuming interrupted clone ...>) = 0 ./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x555557135660, 24 [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 338] <... set_robust_list resumed>) = 0 [pid 306] <... clone resumed>, child_tidptr=0x555557135650) = 339 [pid 337] set_robust_list(0x555557135660, 24) = 0 ./strace-static-x86_64: Process 339 attached [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 336] set_robust_list(0x555557135660, 24 [pid 335] set_robust_list(0x555557135660, 24 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 339] set_robust_list(0x555557135660, 24 [pid 338] <... prctl resumed>) = 0 [pid 337] <... prctl resumed>) = 0 [pid 336] <... set_robust_list resumed>) = 0 [pid 335] <... set_robust_list resumed>) = 0 [pid 339] <... set_robust_list resumed>) = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 337] setpgid(0, 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 339] <... prctl resumed>) = 0 [pid 339] setpgid(0, 0) = 0 [pid 337] <... setpgid resumed>) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 335] <... prctl resumed>) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 338] setpgid(0, 0 [pid 337] <... openat resumed>) = 3 [pid 336] <... prctl resumed>) = 0 [pid 335] setpgid(0, 0 [pid 339] <... openat resumed>) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] write(1, "executing program\n", 18 [pid 338] <... setpgid resumed>) = 0 [pid 337] write(3, "1000", 4 [pid 336] setpgid(0, 0 [pid 335] <... setpgid resumed>) = 0 executing program [pid 339] <... write resumed>) = 18 [pid 337] <... write resumed>) = 4 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 339] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 337] close(3 [pid 336] <... setpgid resumed>) = 0 [pid 337] <... close resumed>) = 0 [pid 339] <... bpf resumed>) = 3 [pid 339] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 337] write(1, "executing program\n", 18 [pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program [pid 337] <... write resumed>) = 18 [pid 337] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 336] <... openat resumed>) = 3 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 337] <... bpf resumed>) = 3 [pid 336] write(3, "1000", 4 [pid 335] <... openat resumed>) = 3 [pid 337] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 339] <... bpf resumed>) = 4 [pid 339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 338] <... openat resumed>) = 3 [pid 336] <... write resumed>) = 4 [pid 335] write(3, "1000", 4 [pid 336] close(3 [pid 338] write(3, "1000", 4 [pid 335] <... write resumed>) = 4 executing program [pid 338] <... write resumed>) = 4 [pid 336] <... close resumed>) = 0 [pid 335] close(3 [pid 336] write(1, "executing program\n", 18) = 18 [pid 337] <... bpf resumed>) = 4 [pid 335] <... close resumed>) = 0 [pid 336] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 338] close(3executing program [pid 337] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 335] write(1, "executing program\n", 18 [pid 336] <... bpf resumed>) = 3 [pid 335] <... write resumed>) = 18 [pid 335] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 338] <... close resumed>) = 0 [pid 336] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 335] <... bpf resumed>) = 3 [pid 336] <... bpf resumed>) = 0 [pid 335] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 335] <... bpf resumed>) = 0 [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 338] write(1, "executing program\n", 18 [pid 336] <... bpf resumed>) = 4 [pid 335] <... bpf resumed>) = 4 [pid 335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 336] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16executing program [pid 338] <... write resumed>) = 18 [pid 338] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 338] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 338] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 338] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 339] <... bpf resumed>) = 5 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 338] <... bpf resumed>) = 5 [pid 337] <... bpf resumed>) = 5 [pid 336] <... bpf resumed>) = 5 [pid 335] <... bpf resumed>) = 5 [pid 337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 339] <... bpf resumed>) = 6 [pid 338] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 337] <... bpf resumed>) = 6 [pid 336] <... bpf resumed>) = 6 [pid 335] <... bpf resumed>) = 6 [pid 339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 337] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 336] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 339] <... bpf resumed>) = 7 [pid 337] <... bpf resumed>) = 7 [pid 336] <... bpf resumed>) = 7 [pid 335] <... bpf resumed>) = 7 [pid 339] exit_group(0 [pid 338] <... bpf resumed>) = 6 [pid 337] exit_group(0 [pid 336] exit_group(0 [ 33.924609][ T300] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000000 [ 33.932420][ T300] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000748380 [ 33.940234][ T300] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [ 33.948049][ T300] [ 33.976763][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 33.988203][ T300] BUG: scheduling while atomic: strace-static-x/300/0x00000002 [ 33.995766][ T300] Modules linked in: [ 33.999469][ T300] Preemption disabled at: [ 33.999475][ T300] [] __lock_task_sighand+0x6b/0x100 [ 34.010240][ T300] CPU: 0 PID: 300 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 34.021601][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 34.031496][ T300] Call Trace: [ 34.034621][ T300] [ 34.037397][ T300] dump_stack_lvl+0x151/0x1b7 [ 34.041929][ T300] ? __lock_task_sighand+0x6b/0x100 [ 34.046943][ T300] ? __lock_task_sighand+0x6b/0x100 [ 34.051978][ T300] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 34.057275][ T300] ? __lock_task_sighand+0x6b/0x100 [ 34.062306][ T300] dump_stack+0x15/0x1b [ 34.066302][ T300] __schedule_bug+0x195/0x260 [ 34.070905][ T300] ? cpu_util_update_eff+0x10e0/0x10e0 [ 34.076298][ T300] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 34.081591][ T300] ? _raw_spin_lock+0x1b0/0x1b0 [ 34.086274][ T300] __schedule+0xcf7/0x1550 [ 34.090549][ T300] ? __lock_task_sighand+0xde/0x100 [ 34.095565][ T300] ? __sched_text_start+0x8/0x8 [ 34.100247][ T300] ? __kasan_check_write+0x14/0x20 [ 34.105542][ T300] ? __se_sys_ptrace+0x3b2/0x410 [ 34.110318][ T300] schedule+0xc3/0x180 [ 34.114220][ T300] exit_to_user_mode_loop+0x4e/0xa0 [ 34.119264][ T300] exit_to_user_mode_prepare+0x5a/0xa0 [ 34.124557][ T300] syscall_exit_to_user_mode+0x26/0x140 [ 34.129932][ T300] do_syscall_64+0x49/0xb0 [ 34.134276][ T300] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 34.140155][ T300] RIP: 0033:0x4e6c1a [ 34.143882][ T300] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 34.163560][ T300] RSP: 002b:00007ffc901764c0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [pid 335] exit_group(0 [pid 339] <... exit_group resumed>) = ? [pid 338] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 337] <... exit_group resumed>) = ? [pid 336] <... exit_group resumed>) = ? [pid 335] <... exit_group resumed>) = ? [pid 338] <... bpf resumed>) = 7 [pid 336] +++ exited with 0 +++ [pid 338] exit_group(0 [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 338] <... exit_group resumed>) = ? [pid 338] +++ exited with 0 +++ [pid 308] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 308] restart_syscall(<... resuming interrupted clone ...> [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 308] <... restart_syscall resumed>) = 0 [pid 304] <... clone resumed>, child_tidptr=0x555557135650) = 340 [pid 308] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 340 attached , child_tidptr=0x555557135650) = 341 [pid 340] set_robust_list(0x555557135660, 24./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x555557135660, 24 [pid 340] <... set_robust_list resumed>) = 0 [pid 341] <... set_robust_list resumed>) = 0 [pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 [ 34.171804][ T300] RAX: 0000000000000050 RBX: 00000000007480e0 RCX: 00000000004e6c1a [ 34.179621][ T300] RDX: 0000000000000058 RSI: 0000000000000134 RDI: 000000000000420e [ 34.187595][ T300] RBP: 00007ffc901765c0 R08: 000000000000420d R09: 0000000000000001 [ 34.195419][ T300] R10: 000000000063c820 R11: 0000000000000206 R12: 00000000007480e0 [ 34.203217][ T300] R13: 00007ffc9017661c R14: 000000000000857f R15: 0000000000617180 [ 34.211032][ T300] [pid 341] setpgid(0, 0) = 0 [ 34.221540][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 34.232973][ T300] BUG: scheduling while atomic: strace-static-x/300/0x00000002 [ 34.240552][ T300] Modules linked in: [ 34.244402][ T300] Preemption disabled at: [ 34.244409][ T300] [] __lock_task_sighand+0x6b/0x100 [ 34.255241][ T300] CPU: 0 PID: 300 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 34.266620][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 34.276601][ T300] Call Trace: [ 34.279723][ T300] [ 34.282500][ T300] dump_stack_lvl+0x151/0x1b7 [ 34.287011][ T300] ? __lock_task_sighand+0x6b/0x100 [ 34.292046][ T300] ? __lock_task_sighand+0x6b/0x100 [ 34.297082][ T300] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 34.302375][ T300] ? __lock_task_sighand+0x6b/0x100 [ 34.307533][ T300] dump_stack+0x15/0x1b [ 34.311515][ T300] __schedule_bug+0x195/0x260 [ 34.316027][ T300] ? __ia32_sys_waitid+0xd0/0xd0 [ 34.320799][ T300] ? bpf_trace_printk+0x1be/0x300 [ 34.325784][ T300] ? cpu_util_update_eff+0x10e0/0x10e0 [ 34.331075][ T300] ? kernel_waitid+0x520/0x520 [ 34.335682][ T300] __schedule+0xcf7/0x1550 [ 34.339927][ T300] ? __x64_sys_wait4+0x181/0x1e0 [ 34.344702][ T300] ? bpf_trace_run2+0x138/0x290 [ 34.349387][ T300] ? __sched_text_start+0x8/0x8 [ 34.354076][ T300] schedule+0xc3/0x180 [ 34.357980][ T300] exit_to_user_mode_loop+0x4e/0xa0 [ 34.363018][ T300] exit_to_user_mode_prepare+0x5a/0xa0 [ 34.368310][ T300] syscall_exit_to_user_mode+0x26/0x140 [ 34.373690][ T300] do_syscall_64+0x49/0xb0 [ 34.377943][ T300] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 34.383671][ T300] RIP: 0033:0x4d49a6 [ 34.387404][ T300] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 34.406844][ T300] RSP: 002b:00007ffc90176658 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 34.415089][ T300] RAX: 0000000000000155 RBX: 00000000007462f8 RCX: 00000000004d49a6 [pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 337] +++ exited with 0 +++ [pid 335] +++ exited with 0 +++ [pid 339] +++ exited with 0 +++ [pid 310] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 307] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 306] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 307] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 341] <... openat resumed>) = 3 [pid 341] write(3, "1000", 4executing program ) = 4 [pid 341] close(3) = 0 [pid 341] write(1, "executing program\n", 18) = 18 [pid 341] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72./strace-static-x86_64: Process 344 attached [pid 340] <... openat resumed>) = 3 [pid 310] <... clone resumed>, child_tidptr=0x555557135650) = 344 [pid 306] <... clone resumed>, child_tidptr=0x555557135650) = 343 ./strace-static-x86_64: Process 345 attached ./strace-static-x86_64: Process 343 attached [pid 341] <... bpf resumed>) = 3 [pid 340] write(3, "1000", 4 [pid 307] <... clone resumed>, child_tidptr=0x555557135650) = 345 [pid 345] set_robust_list(0x555557135660, 24 [pid 344] set_robust_list(0x555557135660, 24 [pid 340] <... write resumed>) = 4 [pid 345] <... set_robust_list resumed>) = 0 [pid 344] <... set_robust_list resumed>) = 0 [pid 343] set_robust_list(0x555557135660, 24 [pid 340] close(3 [pid 341] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 340] <... close resumed>) = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 343] <... set_robust_list resumed>) = 0 [pid 341] <... bpf resumed>) = 0 [pid 340] write(1, "executing program\n", 18executing program [pid 345] <... prctl resumed>) = 0 [pid 344] <... prctl resumed>) = 0 [pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 340] <... write resumed>) = 18 [pid 345] setpgid(0, 0 [pid 344] setpgid(0, 0 [pid 340] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 345] <... setpgid resumed>) = 0 [pid 344] <... setpgid resumed>) = 0 [pid 343] <... prctl resumed>) = 0 [pid 340] <... bpf resumed>) = 3 [pid 340] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 343] setpgid(0, 0 [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 341] <... bpf resumed>) = 4 [pid 345] <... openat resumed>) = 3 [pid 345] write(3, "1000", 4 [pid 344] <... openat resumed>) = 3 [pid 343] <... setpgid resumed>) = 0 [pid 341] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 340] <... bpf resumed>) = 4 [pid 344] write(3, "1000", 4 [pid 340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 344] <... write resumed>) = 4 [pid 345] <... write resumed>) = 4 [pid 344] close(3 [pid 345] close(3 [pid 344] <... close resumed>) = 0 executing program [pid 345] <... close resumed>) = 0 [pid 345] write(1, "executing program\n", 18) = 18 [pid 345] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 executing program [pid 344] write(1, "executing program\n", 18 [pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 344] <... write resumed>) = 18 [pid 343] <... openat resumed>) = 3 [pid 344] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 343] write(3, "1000", 4 [pid 345] <... bpf resumed>) = 3 [pid 344] <... bpf resumed>) = 3 [pid 343] <... write resumed>) = 4 [pid 345] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 344] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 343] close(3 [pid 345] <... bpf resumed>) = 0 [pid 344] <... bpf resumed>) = 0 [pid 343] <... close resumed>) = 0 [pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 executing program [pid 343] write(1, "executing program\n", 18 [pid 345] <... bpf resumed>) = 4 [pid 344] <... bpf resumed>) = 4 [pid 344] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 343] <... write resumed>) = 18 [pid 345] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 343] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 343] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 343] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 340] <... bpf resumed>) = 5 [pid 345] <... bpf resumed>) = 5 [pid 344] <... bpf resumed>) = 5 [pid 343] <... bpf resumed>) = 5 [pid 341] <... bpf resumed>) = 5 [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 343] <... bpf resumed>) = 6 [pid 340] <... bpf resumed>) = 6 [pid 343] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 343] <... bpf resumed>) = 7 [pid 343] exit_group(0 [pid 340] <... bpf resumed>) = 7 [pid 343] <... exit_group resumed>) = ? [pid 344] <... bpf resumed>) = 6 [pid 340] exit_group(0) = ? [ 34.422900][ T300] RDX: 0000000040000000 RSI: 00007ffc9017667c RDI: 00000000ffffffff [ 34.430718][ T300] RBP: 0000000000000000 R08: 0000000000000017 R09: 0000000000000003 [ 34.438524][ T300] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074d6c0 [ 34.446335][ T300] R13: 0000000000000000 R14: 00007ffc9017667c R15: 0000000000617180 [ 34.454151][ T300] [ 34.475261][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 34.486692][ T300] BUG: scheduling while atomic: strace-static-x/300/0x00000002 [ 34.494275][ T300] Modules linked in: [ 34.497978][ T300] Preemption disabled at: [ 34.497984][ T300] [] __lock_task_sighand+0x6b/0x100 [ 34.508742][ T300] CPU: 0 PID: 300 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 34.520108][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 34.530001][ T300] Call Trace: [ 34.533142][ T300] [ 34.535904][ T300] dump_stack_lvl+0x151/0x1b7 [ 34.540416][ T300] ? __lock_task_sighand+0x6b/0x100 [ 34.545448][ T300] ? __lock_task_sighand+0x6b/0x100 [ 34.550493][ T300] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 34.555869][ T300] ? __lock_task_sighand+0x6b/0x100 [ 34.560899][ T300] dump_stack+0x15/0x1b [ 34.564893][ T300] __schedule_bug+0x195/0x260 [ 34.569406][ T300] ? cpu_util_update_eff+0x10e0/0x10e0 [ 34.574698][ T300] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 34.579994][ T300] ? _raw_spin_lock+0x1b0/0x1b0 [ 34.584681][ T300] __schedule+0xcf7/0x1550 [ 34.588934][ T300] ? __lock_task_sighand+0xde/0x100 [ 34.593968][ T300] ? __sched_text_start+0x8/0x8 [ 34.598673][ T300] ? __kasan_check_write+0x14/0x20 [ 34.603800][ T300] ? __se_sys_ptrace+0x3b2/0x410 [ 34.608573][ T300] schedule+0xc3/0x180 [ 34.612478][ T300] exit_to_user_mode_loop+0x4e/0xa0 [ 34.617514][ T300] exit_to_user_mode_prepare+0x5a/0xa0 [ 34.622808][ T300] syscall_exit_to_user_mode+0x26/0x140 [ 34.628326][ T300] do_syscall_64+0x49/0xb0 [ 34.632563][ T300] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 34.638375][ T300] RIP: 0033:0x4e6c1a [ 34.642111][ T300] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 34.661635][ T300] RSP: 002b:00007ffc901764c0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 34.669882][ T300] RAX: 0000000000000050 RBX: 0000000000747cf0 RCX: 00000000004e6c1a [pid 344] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 345] <... bpf resumed>) = 6 [pid 343] +++ exited with 0 +++ [pid 341] <... bpf resumed>) = 6 [pid 340] +++ exited with 0 +++ [pid 306] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 306] restart_syscall(<... resuming interrupted clone ...> [pid 304] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 345] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 306] <... restart_syscall resumed>) = 0 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 341] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16./strace-static-x86_64: Process 346 attached [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 304] <... clone resumed>, child_tidptr=0x555557135650) = 346 [pid 346] set_robust_list(0x555557135660, 24) = 0 ./strace-static-x86_64: Process 347 attached [pid 306] <... clone resumed>, child_tidptr=0x555557135650) = 347 [pid 346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 346] setpgid(0, 0 [pid 347] set_robust_list(0x555557135660, 24) = 0 [pid 346] <... setpgid resumed>) = 0 [pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 347] setpgid(0, 0) = 0 [pid 346] <... openat resumed>) = 3 [pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 346] write(3, "1000", 4) = 4 [pid 346] close(3) = 0 executing program [pid 346] write(1, "executing program\n", 18 [pid 347] <... openat resumed>) = 3 [pid 346] <... write resumed>) = 18 [pid 346] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 347] write(3, "1000", 4) = 4 [pid 346] <... bpf resumed>) = 3 [pid 347] close(3) = 0 executing program [pid 347] write(1, "executing program\n", 18) = 18 [pid 346] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 347] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 346] <... bpf resumed>) = 0 [pid 347] <... bpf resumed>) = 3 [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 347] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 346] <... bpf resumed>) = 4 [pid 346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 347] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 345] <... bpf resumed>) = 7 [pid 345] exit_group(0 [pid 344] <... bpf resumed>) = 7 [pid 341] <... bpf resumed>) = 7 [pid 345] <... exit_group resumed>) = ? [pid 347] <... bpf resumed>) = 5 [pid 346] <... bpf resumed>) = 5 [pid 344] exit_group(0 [pid 341] exit_group(0 [pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 345] +++ exited with 0 +++ [pid 344] <... exit_group resumed>) = ? [pid 341] <... exit_group resumed>) = ? [pid 347] <... bpf resumed>) = 6 [pid 307] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 307] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 347] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 307] <... clone resumed>, child_tidptr=0x555557135650) = 348 [pid 346] <... bpf resumed>) = 6 ./strace-static-x86_64: Process 348 attached [pid 346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 348] set_robust_list(0x555557135660, 24) = 0 [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 348] setpgid(0, 0) = 0 [ 34.677696][ T300] RDX: 0000000000000058 RSI: 0000000000000132 RDI: 000000000000420e [ 34.685509][ T300] RBP: 00007ffc901765c0 R08: 000000000000420d R09: 0000000000000000 [ 34.693573][ T300] R10: 000000000063c820 R11: 0000000000000206 R12: 0000000000747cf0 [ 34.701382][ T300] R13: 00007ffc9017661c R14: 000000000000857f R15: 0000000000617180 [ 34.709202][ T300] [ 34.736345][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000102, exited with 00000101? [ 34.747784][ C0] ------------[ cut here ]------------ [ 34.753063][ C0] DEBUG_LOCKS_WARN_ON((val < PREEMPT_MASK) && !(preempt_count() & PREEMPT_MASK)) [ 34.753114][ C0] WARNING: CPU: 0 PID: 13 at kernel/sched/core.c:5913 preempt_count_sub+0xe5/0x160 [ 34.771067][ C0] Modules linked in: [ 34.774792][ C0] CPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 34.785736][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 34.795630][ C0] RIP: 0010:preempt_count_sub+0xe5/0x160 [ 34.801093][ C0] Code: 87 48 c1 e8 03 42 0f b6 04 30 84 c0 75 6f 83 3d 78 ec 1f 06 00 75 94 48 c7 c7 e0 69 69 85 48 c7 c6 c0 6a 69 85 e8 db 1d f5 ff <0f> 0b e9 7a ff ff ff 48 c7 c1 60 60 93 87 80 e1 07 80 c1 03 38 c1 [ 34.820542][ C0] RSP: 0018:ffffc900000d6820 EFLAGS: 00010246 [ 34.826427][ C0] RAX: 5a56f56a2b92fb00 RBX: 0000000000000001 RCX: ffff88810038a880 [ 34.834252][ C0] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 34.842151][ C0] RBP: ffffc900000d6830 R08: ffffffff8144792e R09: fffff5200001ac5d [ 34.849951][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 34.857776][ C0] R13: 1ffff9200001ad10 R14: dffffc0000000000 R15: 1ffff9200001ad0c [ 34.865609][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 34.874369][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.880771][ C0] CR2: 00007fd637be001d CR3: 000000012089b000 CR4: 00000000003506b0 [ 34.888572][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.896394][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.904205][ C0] Call Trace: [ 34.907449][ C0] [ 34.910228][ C0] ? show_regs+0x58/0x60 [ 34.914322][ C0] ? __warn+0x160/0x3d0 [ 34.918326][ C0] ? preempt_count_sub+0xe5/0x160 [ 34.923170][ C0] ? report_bug+0x4d5/0x7d0 [ 34.927505][ C0] ? preempt_count_sub+0xe5/0x160 [ 34.932367][ C0] ? handle_bug+0x41/0x70 [ 34.936522][ C0] ? exc_invalid_op+0x1b/0x50 [ 34.941049][ C0] ? asm_exc_invalid_op+0x1b/0x20 [ 34.945984][ C0] ? __warn_printk+0x28e/0x350 [ 34.950596][ C0] ? preempt_count_sub+0xe5/0x160 [ 34.955444][ C0] bpf_snprintf+0x1c0/0x210 [ 34.959788][ C0] ? bpf_bprintf_prepare+0x1360/0x1360 [ 34.965093][ C0] bpf_prog_c39d3245afed4123+0x46/0x6c [ 34.970385][ C0] bpf_trace_run2+0x133/0x290 [ 34.974887][ C0] ? bpf_trace_run1+0x240/0x240 [ 34.979571][ C0] ? skb_release_data+0x616/0x840 [ 34.984444][ C0] ? unwind_next_frame+0x3cb/0x700 [ 34.989381][ C0] ? skb_release_data+0x616/0x840 [ 34.994250][ C0] __bpf_trace_kfree+0x6f/0x90 [ 34.998841][ C0] ? skb_release_data+0x616/0x840 [ 35.003712][ C0] __traceiter_kfree+0x2a/0x40 [ 35.008300][ C0] ? skb_release_data+0x616/0x840 [ 35.013173][ C0] kfree+0xce/0xf0 [ 35.016717][ C0] skb_release_data+0x616/0x840 [ 35.021415][ C0] __kfree_skb+0x50/0x70 [ 35.025486][ C0] tcp_rtx_queue_unlink_and_free+0x3d5/0x610 [ 35.031310][ C0] tcp_ack+0x2437/0x6a30 [ 35.035377][ C0] ? kasan_set_track+0x4b/0x70 [ 35.039984][ C0] ? tcp_rcv_established+0x1c60/0x1c60 [ 35.045290][ C0] ? debug_smp_processor_id+0x17/0x20 [ 35.050491][ C0] ? kasan_quarantine_put+0x34/0x1a0 [ 35.055605][ C0] ? __kasan_check_read+0x11/0x20 [ 35.060473][ C0] ? ktime_get+0x12f/0x160 [ 35.064713][ C0] tcp_rcv_established+0xe31/0x1c60 [ 35.069749][ C0] ? tcp_check_space+0xae0/0xae0 [ 35.074534][ C0] ? __kasan_check_read+0x11/0x20 [ 35.079389][ C0] ? ipv4_dst_check+0xe3/0x150 [ 35.083992][ C0] tcp_v4_do_rcv+0x430/0xa20 [ 35.088409][ C0] tcp_v4_rcv+0x20d7/0x2a30 [ 35.092762][ C0] ? tcp_filter+0x90/0x90 [ 35.096909][ C0] ? __kasan_check_write+0x14/0x20 [ 35.101867][ C0] ? __inet_lookup_established+0x831/0x860 [ 35.107504][ C0] ip_protocol_deliver_rcu+0x32f/0x720 [ 35.112806][ C0] ip_local_deliver_finish+0x24b/0x430 [ 35.118090][ C0] ip_local_deliver+0x1b3/0x3b0 [ 35.122785][ C0] ? tcp_v4_early_demux+0x587/0x910 [ 35.127810][ C0] ? ip_protocol_deliver_rcu+0x720/0x720 [ 35.133294][ C0] ? ip_rcv_finish_core+0xb40/0x14d0 [ 35.138411][ C0] ip_sublist_rcv+0x7e5/0x990 [ 35.142929][ C0] ? ip_list_rcv+0x470/0x470 [ 35.147351][ C0] ? memset+0x35/0x40 [ 35.151167][ C0] ? ip_rcv_core+0x759/0xba0 [ 35.155586][ C0] ip_list_rcv+0x422/0x470 [ 35.159835][ C0] ? __kasan_check_read+0x11/0x20 [ 35.164710][ C0] ? ip_rcv_finish+0xd0/0xd0 [ 35.169124][ C0] ? ip_rcv_finish+0xd0/0xd0 [ 35.173559][ C0] __netif_receive_skb_list_core+0x6b1/0x890 [ 35.179365][ C0] ? napi_schedule_rps+0x100/0x100 [ 35.184322][ C0] ? receive_buf+0x22e4/0x4ef0 [ 35.188913][ C0] ? slab_err+0x1a1/0x1d0 [ 35.193089][ C0] netif_receive_skb_list_internal+0x967/0xcc0 [ 35.199066][ C0] ? virtnet_poll_tx+0x560/0x560 [ 35.203854][ C0] ? netif_receive_skb_core+0x210/0x210 [ 35.209224][ C0] ? virtqueue_get_buf_ctx+0x484/0xd30 [ 35.214525][ C0] ? detach_buf_split+0x71d/0xae0 [ 35.219376][ C0] napi_complete_done+0x344/0x770 [ 35.224335][ C0] ? __napi_schedule_irqoff+0x280/0x280 [ 35.229701][ C0] ? virtqueue_enable_cb_prepare+0x289/0x550 [ 35.235530][ C0] virtnet_poll+0xc85/0x1470 [ 35.239944][ C0] ? refill_work+0x230/0x230 [ 35.244383][ C0] ? __kasan_check_write+0x14/0x20 [ 35.249318][ C0] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 35.254283][ C0] __napi_poll+0xbe/0x5c0 [ 35.258431][ C0] net_rx_action+0x595/0xdd0 [ 35.262871][ C0] ? net_tx_action+0x560/0x560 [ 35.267454][ C0] ? __this_cpu_preempt_check+0x13/0x20 [ 35.272851][ C0] __do_softirq+0x1d8/0x661 [ 35.277177][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 35.282223][ C0] run_ksoftirqd+0x23/0x30 [ 35.286468][ C0] smpboot_thread_fn+0x466/0x8d0 [ 35.291336][ C0] kthread+0x26d/0x300 [ 35.295334][ C0] ? cpu_report_death+0x2b0/0x2b0 [ 35.300193][ C0] ? kthread_blkcg+0xd0/0xd0 [ 35.304632][ C0] ret_from_fork+0x1f/0x30 [ 35.308873][ C0] [ 35.311745][ C0] ---[ end trace 0000000000000000 ]--- [ 35.317070][ T13] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000100, exited with 000000fe? [ 35.328577][ T348] ================================================================================ [ 35.337803][ C0] softirq: huh, entered softirq 9 RCU ffffffff8160d2f0 with preempt_count 00000103, exited with 00000100? [ 35.349024][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000100? [ 35.349116][ C0] softirq: huh, entered softirq 9 RCU ffffffff8160d2f0 with preempt_count 00000103, exited with 00000100? [ 35.371618][ T348] UBSAN: array-index-out-of-bounds in kernel/bpf/helpers.c:776:13 [ 35.379238][ T348] index -5 is out of range for type 'char[3][512]' [ 35.385584][ T348] CPU: 0 PID: 348 Comm: syz-executor303 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 35.396927][ T348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 35.406818][ T348] Call Trace: [ 35.409941][ T348] [ 35.412715][ T348] dump_stack_lvl+0x151/0x1b7 [ 35.417227][ T348] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 35.422524][ T348] ? __switch_to+0x62c/0x1190 [ 35.427043][ T348] dump_stack+0x15/0x1b [ 35.431026][ T348] __ubsan_handle_out_of_bounds+0x13a/0x160 [ 35.436761][ T348] bpf_bprintf_prepare+0x132e/0x1360 [ 35.441879][ T348] ? __kasan_check_write+0x14/0x20 [ 35.446823][ T348] ? bpf_bprintf_cleanup+0x60/0x60 [ 35.451776][ T348] ? __schedule+0xcaf/0x1550 [ 35.456210][ T348] ? __kasan_check_write+0x14/0x20 [ 35.461150][ T348] bpf_trace_printk+0x14a/0x300 [ 35.465833][ T348] ? bpf_trace_run2+0xe9/0x290 [ 35.470435][ T348] ? bpf_probe_write_user+0xf0/0xf0 [ 35.475465][ T348] ? bpf_trace_run2+0xe9/0x290 [ 35.480064][ T348] ? memset+0x35/0x40 [ 35.483897][ T348] bpf_prog_0605f9f479290f07+0x2f/0x33 [ 35.489179][ T348] bpf_trace_run2+0x133/0x290 [ 35.493702][ T348] ? _raw_spin_unlock_irq+0x4d/0x70 [ 35.498725][ T348] ? bpf_trace_run1+0x240/0x240 [ 35.503411][ T348] ? do_notify_parent+0xa20/0xa20 [ 35.508273][ T348] __bpf_trace_sys_enter+0x62/0x70 [ 35.513219][ T348] __traceiter_sys_enter+0x2a/0x40 [ 35.518173][ T348] syscall_enter_from_user_mode+0x12c/0x190 [ 35.523896][ T348] do_syscall_64+0x1e/0xb0 [ 35.528146][ T348] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 35.533878][ T348] RIP: 0033:0x7fd637b95f91 [ 35.538130][ T348] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d fa a0 07 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25 [ 35.557568][ T348] RSP: 002b:00007fffaae407d0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 35.565817][ T348] RAX: ffffffffffffffda RBX: 0000000000080001 RCX: 00007fd637b95f91 [ 35.573634][ T348] RDX: 0000000000080001 RSI: 00007fd637be0022 RDI: 00000000ffffff9c [ 35.581440][ T348] RBP: 00007fd637be0022 R08: 0000000000000000 R09: 0000000000000000 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 348] write(3, "1000", 4) = 4 [pid 348] close(3) = 0 [pid 348] write(1, "executing program\n", 18executing program ) = 18 [pid 348] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 348] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 35.589253][ T348] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fffaae40870 [ 35.597065][ T348] R13: 00007fffaae40d4c R14: 00007fffaae40d60 R15: 00007fffaae40d50 [ 35.604881][ T348] [ 35.607787][ T348] ================================================================================ [ 35.616994][ C0] BUG: workqueue leaked lock or atomic: kworker/0:2/0x7fffffff/331 [ 35.616994][ C0] last function: bpf_prog_free_deferred [ 35.617034][ T331] CPU: 0 PID: 331 Comm: kworker/0:2 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 35.641665][ T331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 35.651567][ T331] Workqueue: events bpf_prog_free_deferred [ 35.657199][ T331] Call Trace: [ 35.660332][ T331] [ 35.663108][ T331] dump_stack_lvl+0x151/0x1b7 [ 35.667615][ T331] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 35.672913][ T331] ? bpf_prog_free_deferred+0x63e/0x750 [ 35.678293][ T331] dump_stack+0x15/0x1b [ 35.682286][ T331] process_one_work+0x94e/0xcb0 [ 35.686972][ T331] worker_thread+0xa60/0x1260 [ 35.691489][ T331] ? __kasan_check_read+0x11/0x20 [ 35.696349][ T331] kthread+0x26d/0x300 [ 35.700253][ T331] ? worker_clr_flags+0x1a0/0x1a0 [ 35.705112][ T331] ? kthread_blkcg+0xd0/0xd0 [ 35.709536][ T331] ret_from_fork+0x1f/0x30 [ 35.713794][ T331] [ 35.716817][ C0] BUG: workqueue leaked lock or atomic: kworker/0:2/0x7fffffff/331 [ 35.716817][ C0] last function: bpf_prog_free_deferred [ 35.716850][ T331] CPU: 0 PID: 331 Comm: kworker/0:2 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 35.741414][ T331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 35.751285][ T331] Workqueue: events bpf_prog_free_deferred [ 35.756924][ T331] Call Trace: [ 35.760045][ T331] [ 35.762823][ T331] dump_stack_lvl+0x151/0x1b7 [ 35.767337][ T331] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 35.772636][ T331] ? bpf_prog_free_deferred+0x63e/0x750 [ 35.778015][ T331] dump_stack+0x15/0x1b [ 35.782004][ T331] process_one_work+0x94e/0xcb0 [ 35.786697][ T331] worker_thread+0xa60/0x1260 [ 35.791207][ T331] ? __kasan_check_read+0x11/0x20 [ 35.796063][ T331] kthread+0x26d/0x300 [ 35.799965][ T331] ? worker_clr_flags+0x1a0/0x1a0 [ 35.804830][ T331] ? kthread_blkcg+0xd0/0xd0 [ 35.809256][ T331] ret_from_fork+0x1f/0x30 [ 35.813516][ T331] [ 35.817054][ C0] BUG: workqueue leaked lock or atomic: kworker/0:2/0x7fffffff/331 [ 35.817054][ C0] last function: free_work [ 35.817095][ T331] CPU: 0 PID: 331 Comm: kworker/0:2 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 35.840516][ T331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 35.850407][ T331] Workqueue: events free_work [ 35.854918][ T331] Call Trace: [ 35.858042][ T331] [ 35.860820][ T331] dump_stack_lvl+0x151/0x1b7 [ 35.865342][ T331] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 35.870756][ T331] dump_stack+0x15/0x1b [ 35.874715][ T331] process_one_work+0x94e/0xcb0 [ 35.879406][ T331] worker_thread+0xa60/0x1260 [ 35.883924][ T331] ? __kasan_check_read+0x11/0x20 [ 35.888869][ T331] kthread+0x26d/0x300 [ 35.892767][ T331] ? worker_clr_flags+0x1a0/0x1a0 [ 35.897629][ T331] ? kthread_blkcg+0xd0/0xd0 [ 35.902056][ T331] ret_from_fork+0x1f/0x30 [ 35.906310][ T331] [ 35.909393][ T90] BUG: using smp_processor_id() in preemptible [00000000] code: klogd/90 [ 35.917689][ C0] softirq: huh, entered softirq 9 RCU ffffffff8160d2f0 with preempt_count 00000102, exited with 00000100? [ 35.928751][ T90] caller is debug_smp_processor_id+0x17/0x20 [ 35.934553][ T90] CPU: 0 PID: 90 Comm: klogd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 35.944950][ T90] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 35.954848][ T90] Call Trace: [ 35.957971][ T90] [ 35.960746][ T90] dump_stack_lvl+0x151/0x1b7 [ 35.965259][ T90] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 35.970560][ T90] ? stack_trace_save+0x1c0/0x1c0 [ 35.975419][ T90] dump_stack+0x15/0x1b [ 35.979408][ T90] check_preemption_disabled+0x109/0x110 [ 35.984881][ T90] debug_smp_processor_id+0x17/0x20 [ 35.989907][ T90] rcu_is_watching+0x15/0xb0 [ 35.994335][ T90] kernel_text_address+0x83/0xe0 [ 35.999109][ T90] __kernel_text_address+0xd/0x40 [ 36.003967][ T90] unwind_get_return_address+0x4d/0x90 [ 36.009268][ T90] arch_stack_walk+0xf3/0x140 [ 36.013785][ T90] stack_trace_save+0x113/0x1c0 [ 36.018469][ T90] ? stack_trace_snprint+0xf0/0xf0 [ 36.023409][ T90] ? kfree+0x7a/0xf0 [ 36.027143][ T90] ? kfree+0x7a/0xf0 [ 36.030872][ T90] kasan_set_track+0x4b/0x70 [ 36.035301][ T90] ? kasan_set_track+0x4b/0x70 [ 36.039900][ T90] ? kasan_save_free_info+0x2b/0x40 [ 36.044933][ T90] ? ____kasan_slab_free+0x131/0x180 [ 36.050054][ T90] ? __kasan_slab_free+0x11/0x20 [ 36.054825][ T90] ? __kmem_cache_free+0x218/0x3b0 [ 36.059774][ T90] ? kfree+0x7a/0xf0 [ 36.063504][ T90] ? syslog_print+0x577/0x600 [ 36.068024][ T90] ? do_syslog+0x732/0x7f0 [ 36.072273][ T90] ? __x64_sys_syslog+0x7c/0x90 [ 36.076959][ T90] ? do_syscall_64+0x3d/0xb0 [ 36.081389][ T90] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 36.087305][ T90] kasan_save_free_info+0x2b/0x40 [ 36.092150][ T90] ____kasan_slab_free+0x131/0x180 [ 36.097099][ T90] __kasan_slab_free+0x11/0x20 [ 36.101794][ T90] __kmem_cache_free+0x218/0x3b0 [ 36.106559][ T90] ? syslog_print+0x577/0x600 [ 36.111073][ T90] ? syslog_print+0x577/0x600 [ 36.115760][ T90] kfree+0x7a/0xf0 [ 36.119313][ T90] syslog_print+0x577/0x600 [ 36.123660][ T90] ? do_syslog+0x7f0/0x7f0 [ 36.127914][ T90] ? avc_has_perm_noaudit+0x430/0x430 [ 36.133113][ T90] ? cap_capable+0x1d2/0x270 [ 36.137538][ T90] ? wake_bit_function+0x230/0x230 [ 36.142488][ T90] do_syslog+0x732/0x7f0 [ 36.146573][ T90] ? devkmsg_release+0x130/0x130 [ 36.151343][ T90] ? bpf_trace_run2+0x138/0x290 [ 36.156033][ T90] ? __bpf_trace_sys_enter+0x62/0x70 [ 36.161149][ T90] __x64_sys_syslog+0x7c/0x90 [ 36.165666][ T90] do_syscall_64+0x3d/0xb0 [ 36.169910][ T90] ? sysvec_call_function_single+0x52/0xb0 [ 36.175553][ T90] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 36.181286][ T90] RIP: 0033:0x7f3a2dc91fa7 [ 36.185532][ T90] Code: 73 01 c3 48 8b 0d 81 ce 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 67 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 ce 0c 00 f7 d8 64 89 01 48 [ 36.204977][ T90] RSP: 002b:00007ffdeb0580b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000067 [ 36.213219][ T90] RAX: ffffffffffffffda RBX: 00007f3a2de304a0 RCX: 00007f3a2dc91fa7 [ 36.221034][ T90] RDX: 00000000000003ff RSI: 00007f3a2de304a0 RDI: 0000000000000002 [ 36.228877][ T90] RBP: 0000000000000000 R08: 0000000000000007 R09: 7da5a40a7f985d19 [ 36.236652][ T90] R10: 0000000000004000 R11: 0000000000000206 R12: 00007f3a2de304a0 [ 36.244465][ T90] R13: 00007f3a2de20212 R14: 00007f3a2de305b4 R15: 00007f3a2de305b4 [ 36.252366][ T90] [ 36.255345][ C0] BUG: workqueue leaked lock or atomic: kworker/0:2/0x7fffffff/331 [ 36.255345][ C0] last function: bpf_prog_free_deferred [ 36.255381][ T331] CPU: 0 PID: 331 Comm: kworker/0:2 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 36.279919][ T331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 36.289817][ T331] Workqueue: events bpf_prog_free_deferred [ 36.295455][ T331] Call Trace: [ 36.298578][ T331] [ 36.301445][ T331] dump_stack_lvl+0x151/0x1b7 [ 36.306310][ T331] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 36.311595][ T331] ? bpf_prog_free_deferred+0x63e/0x750 [ 36.316979][ T331] dump_stack+0x15/0x1b [ 36.320971][ T331] process_one_work+0x94e/0xcb0 [ 36.325660][ T331] worker_thread+0xa60/0x1260 [ 36.330172][ T331] ? __kasan_check_read+0x11/0x20 [ 36.335062][ T331] kthread+0x26d/0x300 [ 36.338936][ T331] ? worker_clr_flags+0x1a0/0x1a0 [ 36.343804][ T331] ? kthread_blkcg+0xd0/0xd0 [ 36.348247][ T331] ret_from_fork+0x1f/0x30 [ 36.352488][ T331] [ 36.355642][ C0] BUG: scheduling while atomic: kworker/0:2/331/0x00010001 [ 36.362670][ C0] Modules linked in: [ 36.366388][ C0] Preemption disabled at: [ 36.366396][ C0] [] rcu_preempt_deferred_qs_irqrestore+0x255/0x9e0 [ 36.378537][ C0] CPU: 0 PID: 331 Comm: kworker/0:2 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 36.389566][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 36.399453][ C0] Workqueue: events bpf_prog_free_deferred [ 36.405392][ C0] Call Trace: [ 36.408486][ C0] [ 36.411257][ C0] dump_stack_lvl+0x151/0x1b7 [ 36.415768][ C0] ? rcu_preempt_deferred_qs_irqrestore+0x255/0x9e0 [ 36.422201][ C0] ? rcu_preempt_deferred_qs_irqrestore+0x255/0x9e0 [ 36.428618][ C0] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 36.433909][ C0] ? rcu_preempt_deferred_qs_irqrestore+0x255/0x9e0 [ 36.440339][ C0] dump_stack+0x15/0x1b [ 36.444327][ C0] __schedule_bug+0x195/0x260 [ 36.448835][ C0] ? sched_clock_cpu+0x71/0x2b0 [ 36.453532][ C0] ? cpu_util_update_eff+0x10e0/0x10e0 [ 36.458821][ C0] ? compat_start_thread+0x20/0x20 [ 36.463761][ C0] ? pick_next_task_fair+0xa22/0xc80 [ 36.468890][ C0] ? __sched_clock_gtod_offset+0x100/0x100 [ 36.474534][ C0] __schedule+0xcf7/0x1550 [ 36.478788][ C0] ? finish_task_switch+0x167/0x7b0 [ 36.483812][ C0] ? __sched_text_start+0x8/0x8 [ 36.488497][ C0] ? __schedule+0xcaf/0x1550 [ 36.492925][ C0] schedule+0xc3/0x180 [ 36.496830][ C0] schedule_preempt_disabled+0x13/0x20 [ 36.502139][ C0] __mutex_lock+0x5b6/0x1ca0 [ 36.506731][ C0] ? ret_from_fork+0x1f/0x30 [ 36.511153][ C0] ? __kasan_check_read+0x11/0x20 [ 36.516120][ C0] ? preempt_schedule_irq+0xe7/0x140 [ 36.521321][ C0] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 36.527922][ C0] ? bpf_bprintf_prepare+0xc1/0x1360 [ 36.533045][ C0] ? memcpy+0x56/0x70 [ 36.536862][ C0] ? bpf_bprintf_prepare+0x1168/0x1360 [ 36.542166][ C0] ? bstr_printf+0x1020/0x10c0 [ 36.546756][ C0] ? bpf_bprintf_cleanup+0x60/0x60 [ 36.551698][ C0] ? vbin_printf+0x1bc0/0x1bc0 [ 36.556315][ C0] __mutex_lock_slowpath+0xe/0x10 [ 36.561172][ C0] mutex_lock+0x130/0x1e0 [ 36.565336][ C0] ? bit_wait_io_timeout+0x120/0x120 [ 36.570474][ C0] ? bpf_bprintf_prepare+0x1360/0x1360 [ 36.575744][ C0] ? in_gate_area_no_mm+0x41/0x60 [ 36.580607][ C0] text_poke_set+0xac/0x170 [ 36.584940][ C0] ? __kasan_check_write+0x14/0x20 [ 36.589897][ C0] ? text_poke_copy+0x90/0x90 [ 36.594411][ C0] ? bit_wait_io_timeout+0x120/0x120 [ 36.599522][ C0] ? debug_locks_off+0x6b/0x90 [ 36.604129][ C0] bpf_arch_text_invalidate+0x22/0x40 [ 36.609329][ C0] bpf_prog_pack_free+0x14b/0x3d0 [ 36.614195][ C0] bpf_jit_binary_pack_free+0x38/0x80 [ 36.619666][ C0] bpf_jit_free+0x132/0x1e0 [ 36.623996][ C0] bpf_prog_free_deferred+0x63e/0x750 [ 36.629209][ C0] process_one_work+0x73d/0xcb0 [ 36.633891][ C0] worker_thread+0xa60/0x1260 [ 36.638407][ C0] ? __kasan_check_read+0x11/0x20 [ 36.643272][ C0] kthread+0x26d/0x300 [ 36.647210][ C0] ? worker_clr_flags+0x1a0/0x1a0 [ 36.652210][ C0] ? kthread_blkcg+0xd0/0xd0 [ 36.656642][ C0] ret_from_fork+0x1f/0x30 [ 36.661004][ C0] [ 36.664205][ C0] BUG: workqueue leaked lock or atomic: kworker/0:2/0x7fffffff/331 [ 36.664205][ C0] last function: bpf_prog_free_deferred [ 36.664242][ T331] CPU: 0 PID: 331 Comm: kworker/0:2 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 36.689289][ T331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 36.699186][ T331] Workqueue: events bpf_prog_free_deferred [ 36.704847][ T331] Call Trace: [ 36.707943][ T331] [ 36.710808][ T331] dump_stack_lvl+0x151/0x1b7 [ 36.715322][ T331] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 36.720615][ T331] ? bpf_prog_free_deferred+0x63e/0x750 [ 36.726007][ T331] dump_stack+0x15/0x1b [ 36.729988][ T331] process_one_work+0x94e/0xcb0 [ 36.734677][ T331] worker_thread+0xa60/0x1260 [ 36.739190][ T331] ? __kasan_check_read+0x11/0x20 [ 36.744054][ T331] kthread+0x26d/0x300 [ 36.747960][ T331] ? worker_clr_flags+0x1a0/0x1a0 [ 36.752820][ T331] ? kthread_blkcg+0xd0/0xd0 [ 36.757330][ T331] ret_from_fork+0x1f/0x30 [ 36.761581][ T331] [ 36.764580][ C0] BUG: workqueue leaked lock or atomic: kworker/0:2/0x7fffffff/331 [ 36.764580][ C0] last function: bpf_prog_free_deferred [ 36.764616][ T331] CPU: 0 PID: 331 Comm: kworker/0:2 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 36.789156][ T331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 36.799143][ T331] Workqueue: events bpf_prog_free_deferred [ 36.804774][ T331] Call Trace: [ 36.807898][ T331] [ 36.810677][ T331] dump_stack_lvl+0x151/0x1b7 [ 36.815195][ T331] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 36.820484][ T331] ? bpf_prog_free_deferred+0x63e/0x750 [ 36.825874][ T331] dump_stack+0x15/0x1b [ 36.829860][ T331] process_one_work+0x94e/0xcb0 [ 36.834554][ T331] worker_thread+0xa60/0x1260 [ 36.839064][ T331] ? __kasan_check_read+0x11/0x20 [ 36.843920][ T331] kthread+0x26d/0x300 [ 36.847827][ T331] ? worker_clr_flags+0x1a0/0x1a0 [ 36.852683][ T331] ? kthread_blkcg+0xd0/0xd0 [ 36.857110][ T331] ret_from_fork+0x1f/0x30 [ 36.861372][ T331] [ 36.864471][ C0] BUG: workqueue leaked lock or atomic: kworker/0:2/0x7fffffff/331 [ 36.864471][ C0] last function: bpf_prog_free_deferred [ 36.864505][ T331] CPU: 0 PID: 331 Comm: kworker/0:2 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 36.889038][ T331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 36.899026][ T331] Workqueue: events bpf_prog_free_deferred [ 36.904658][ T331] Call Trace: [ 36.907782][ T331] [ 36.910561][ T331] dump_stack_lvl+0x151/0x1b7 [ 36.915089][ T331] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 36.920369][ T331] ? bpf_prog_free_deferred+0x63e/0x750 [ 36.925751][ T331] dump_stack+0x15/0x1b [ 36.929896][ T331] process_one_work+0x94e/0xcb0 [ 36.934572][ T331] worker_thread+0xa60/0x1260 [ 36.939083][ T331] ? __kasan_check_read+0x11/0x20 [ 36.943950][ T331] kthread+0x26d/0x300 [ 36.947848][ T331] ? worker_clr_flags+0x1a0/0x1a0 [ 36.952705][ T331] ? kthread_blkcg+0xd0/0xd0 [ 36.957133][ T331] ret_from_fork+0x1f/0x30 [ 36.961387][ T331] [ 36.964723][ T344] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor303/344 [ 36.973939][ T344] caller is debug_smp_processor_id+0x17/0x20 [ 36.979726][ T344] CPU: 0 PID: 344 Comm: syz-executor303 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 36.991092][ T344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 37.001066][ T344] Call Trace: [ 37.004192][ T344] [ 37.006971][ T344] dump_stack_lvl+0x151/0x1b7 [ 37.012177][ T344] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 37.017472][ T344] ? stack_trace_save+0x1c0/0x1c0 [ 37.022417][ T344] dump_stack+0x15/0x1b [ 37.026411][ T344] check_preemption_disabled+0x109/0x110 [ 37.031880][ T344] debug_smp_processor_id+0x17/0x20 [ 37.036911][ T344] rcu_is_watching+0x15/0xb0 [ 37.041353][ T344] kernel_text_address+0x83/0xe0 [ 37.046112][ T344] __kernel_text_address+0xd/0x40 [ 37.051085][ T344] unwind_get_return_address+0x4d/0x90 [ 37.056381][ T344] arch_stack_walk+0xf3/0x140 [ 37.060974][ T344] stack_trace_save+0x113/0x1c0 [ 37.065659][ T344] ? stack_trace_snprint+0xf0/0xf0 [ 37.070604][ T344] ? memcpy+0x56/0x70 [ 37.074424][ T344] ? kfree+0x7a/0xf0 [ 37.078160][ T344] ? kfree+0x7a/0xf0 [ 37.081891][ T344] kasan_set_track+0x4b/0x70 [ 37.086314][ T344] ? kasan_set_track+0x4b/0x70 [ 37.091010][ T344] ? kasan_save_free_info+0x2b/0x40 [ 37.096053][ T344] ? ____kasan_slab_free+0x131/0x180 [ 37.101166][ T344] ? __kasan_slab_free+0x11/0x20 [ 37.105949][ T344] ? __kmem_cache_free+0x218/0x3b0 [ 37.111200][ T344] ? kfree+0x7a/0xf0 [ 37.114942][ T344] ? bpf_raw_tp_link_dealloc+0x15/0x20 [ 37.120238][ T344] ? bpf_link_free+0x394/0x3f0 [ 37.124845][ T344] ? bpf_link_release+0x170/0x180 [ 37.129698][ T344] ? __fput+0x3ab/0x870 [ 37.133691][ T344] ? ____fput+0x15/0x20 [ 37.137684][ T344] ? task_work_run+0x24d/0x2e0 [ 37.142284][ T344] ? do_exit+0xbd5/0x2b80 [ 37.146535][ T344] ? do_group_exit+0x21a/0x2d0 [ 37.151137][ T344] ? __x64_sys_exit_group+0x3f/0x40 [ 37.156173][ T344] ? do_syscall_64+0x3d/0xb0 [ 37.160595][ T344] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 37.166509][ T344] kasan_save_free_info+0x2b/0x40 [ 37.171359][ T344] ____kasan_slab_free+0x131/0x180 [ 37.176316][ T344] __kasan_slab_free+0x11/0x20 [ 37.180996][ T344] __kmem_cache_free+0x218/0x3b0 [ 37.185767][ T344] ? bpf_raw_tp_link_dealloc+0x15/0x20 [ 37.191147][ T344] ? bpf_raw_tp_link_dealloc+0x15/0x20 [ 37.196441][ T344] kfree+0x7a/0xf0 [ 37.199999][ T344] bpf_raw_tp_link_dealloc+0x15/0x20 [ 37.205122][ T344] bpf_link_free+0x394/0x3f0 [ 37.209547][ T344] ? bpf_link_put_deferred+0x20/0x20 [ 37.214672][ T344] ? bpf_prog_get_stats+0x290/0x290 [ 37.219703][ T344] bpf_link_release+0x170/0x180 [ 37.224392][ T344] ? bpf_prog_get_stats+0x290/0x290 [ 37.229423][ T344] __fput+0x3ab/0x870 [ 37.233332][ T344] ____fput+0x15/0x20 [ 37.237148][ T344] task_work_run+0x24d/0x2e0 [ 37.241766][ T344] ? task_work_cancel+0x2b0/0x2b0 [ 37.246618][ T344] ? __kasan_check_write+0x14/0x20 [ 37.251570][ T344] ? exit_task_namespaces+0xc2/0xd0 [ 37.256601][ T344] do_exit+0xbd5/0x2b80 [ 37.260599][ T344] ? put_task_struct+0x80/0x80 [ 37.265191][ T344] ? __kasan_check_write+0x14/0x20 [ 37.270176][ T344] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 37.275086][ T344] ? _raw_spin_lock_irqsave+0x210/0x210 [ 37.280466][ T344] ? zap_other_threads+0x29c/0x2d0 [ 37.285419][ T344] do_group_exit+0x21a/0x2d0 [ 37.289840][ T344] __x64_sys_exit_group+0x3f/0x40 [ 37.294700][ T344] do_syscall_64+0x3d/0xb0 [ 37.298951][ T344] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 37.304681][ T344] RIP: 0033:0x7fd637b95039 [ 37.308934][ T344] Code: Unable to access opcode bytes at 0x7fd637b9500f. [ 37.316292][ T344] RSP: 002b:00007fffaae40cd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.324525][ T344] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd637b95039 [ 37.332343][ T344] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 37.340155][ T344] RBP: 00007fd637c112b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 37.347959][ T344] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd637c112b0 [ 37.355780][ T344] R13: 0000000000000000 R14: 00007fd637c11d20 R15: 00007fd637b661e0 [ 37.363589][ T344] [ 37.366742][ T90] BUG: using smp_processor_id() in preemptible [00000000] code: klogd/90 [ 37.374998][ T90] caller is debug_smp_processor_id+0x17/0x20 [ 37.380800][ T90] CPU: 0 PID: 90 Comm: klogd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 37.391191][ T90] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 37.401084][ T90] Call Trace: [ 37.404209][ T90] [ 37.407077][ T90] dump_stack_lvl+0x151/0x1b7 [ 37.411587][ T90] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 37.416884][ T90] ? stack_trace_save+0x1c0/0x1c0 [ 37.421739][ T90] dump_stack+0x15/0x1b [ 37.425732][ T90] check_preemption_disabled+0x109/0x110 [ 37.431210][ T90] debug_smp_processor_id+0x17/0x20 [ 37.436238][ T90] rcu_is_watching+0x15/0xb0 [ 37.440692][ T90] kernel_text_address+0x83/0xe0 [ 37.445435][ T90] __kernel_text_address+0xd/0x40 [ 37.450294][ T90] unwind_get_return_address+0x4d/0x90 [ 37.455597][ T90] arch_stack_walk+0xf3/0x140 [ 37.460125][ T90] stack_trace_save+0x113/0x1c0 [ 37.464795][ T90] ? stack_trace_snprint+0xf0/0xf0 [ 37.469738][ T90] ? kfree+0x7a/0xf0 [ 37.473475][ T90] ? kfree+0x7a/0xf0 [ 37.477200][ T90] kasan_set_track+0x4b/0x70 [ 37.481811][ T90] ? kasan_set_track+0x4b/0x70 [ 37.486407][ T90] ? kasan_save_free_info+0x2b/0x40 [ 37.491439][ T90] ? ____kasan_slab_free+0x131/0x180 [ 37.496560][ T90] ? __kasan_slab_free+0x11/0x20 [ 37.501332][ T90] ? __kmem_cache_free+0x218/0x3b0 [ 37.506285][ T90] ? kfree+0x7a/0xf0 [ 37.510011][ T90] ? syslog_print+0x577/0x600 [ 37.514525][ T90] ? do_syslog+0x732/0x7f0 [ 37.518776][ T90] ? __x64_sys_syslog+0x7c/0x90 [ 37.523465][ T90] ? do_syscall_64+0x3d/0xb0 [ 37.527894][ T90] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 37.533807][ T90] kasan_save_free_info+0x2b/0x40 [ 37.538655][ T90] ____kasan_slab_free+0x131/0x180 [ 37.543835][ T90] __kasan_slab_free+0x11/0x20 [ 37.548423][ T90] __kmem_cache_free+0x218/0x3b0 [ 37.553202][ T90] ? syslog_print+0x577/0x600 [ 37.557709][ T90] ? syslog_print+0x577/0x600 [ 37.562221][ T90] kfree+0x7a/0xf0 [ 37.565780][ T90] syslog_print+0x577/0x600 [ 37.570121][ T90] ? do_syslog+0x7f0/0x7f0 [ 37.574376][ T90] ? avc_has_perm_noaudit+0x430/0x430 [ 37.579580][ T90] ? security_socket_sendmsg+0x82/0xb0 [ 37.584876][ T90] ? cap_capable+0x1d2/0x270 [ 37.589300][ T90] ? wake_bit_function+0x230/0x230 [ 37.594253][ T90] do_syslog+0x732/0x7f0 [ 37.598340][ T90] ? devkmsg_release+0x130/0x130 [ 37.603104][ T90] ? debug_smp_processor_id+0x17/0x20 [ 37.608311][ T90] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 37.614209][ T90] __x64_sys_syslog+0x7c/0x90 [ 37.618727][ T90] do_syscall_64+0x3d/0xb0 [ 37.622975][ T90] ? sysvec_call_function_single+0x52/0xb0 [ 37.628619][ T90] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 37.634346][ T90] RIP: 0033:0x7f3a2dc91fa7 [ 37.638688][ T90] Code: 73 01 c3 48 8b 0d 81 ce 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 67 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 ce 0c 00 f7 d8 64 89 01 48 [ 37.658126][ T90] RSP: 002b:00007ffdeb0580b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000067 [ 37.666371][ T90] RAX: ffffffffffffffda RBX: 00007f3a2de304a0 RCX: 00007f3a2dc91fa7 [ 37.674192][ T90] RDX: 00000000000003ff RSI: 00007f3a2de304a0 RDI: 0000000000000002 [ 37.681991][ T90] RBP: 0000000000000000 R08: 0000000000000007 R09: 7da5a40a7f985d19 [ 37.689805][ T90] R10: 0000000000004000 R11: 0000000000000206 R12: 00007f3a2de304a0 [pid 348] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 341] +++ exited with 0 +++ [ 37.697622][ T90] R13: 00007f3a2de20212 R14: 00007f3a2de30551 R15: 00007f3a2de30551 [ 37.705433][ T90] [ 37.709240][ C0] BUG: scheduling while atomic: syz-executor303/341/0x00010001 [ 37.716648][ C0] Modules linked in: [ 37.718413][ T28] audit: type=1400 audit(1716235063.419:73): avc: denied { remove_name } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 37.720362][ C0] Preemption disabled at: [pid 308] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=73} --- [pid 308] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557135650) = 352 ./strace-static-x86_64: Process 352 attached [pid 352] set_robust_list(0x555557135660, 24) = 0 [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 352] setpgid(0, 0) = 0 [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 352] write(3, "1000", 4) = 4 [pid 352] close(3) = 0 executing program [pid 352] write(1, "executing program\n", 18) = 18 [ 37.720368][ C0] [] bpf_put_raw_tracepoint+0x17/0x60 [ 37.743053][ T28] audit: type=1400 audit(1716235063.419:74): avc: denied { rename } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 37.746641][ C0] CPU: 0 PID: 341 Comm: syz-executor303 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 37.746662][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 37.796483][ C0] Call Trace: [ 37.799604][ C0] [ 37.802352][ C0] dump_stack_lvl+0x151/0x1b7 [ 37.806870][ C0] ? bpf_put_raw_tracepoint+0x17/0x60 [ 37.812074][ C0] ? bpf_put_raw_tracepoint+0x17/0x60 [ 37.817291][ C0] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 37.822575][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 37.828234][ C0] ? bpf_put_raw_tracepoint+0x17/0x60 [ 37.833423][ C0] dump_stack+0x15/0x1b [ 37.837420][ C0] __schedule_bug+0x195/0x260 [ 37.841931][ C0] ? cpu_util_update_eff+0x10e0/0x10e0 [ 37.847236][ C0] __schedule+0xcf7/0x1550 [ 37.851482][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 37.856767][ C0] ? __sched_text_start+0x8/0x8 [ 37.861455][ C0] ? _raw_write_lock_irqsave+0x170/0x1e0 [ 37.866924][ C0] do_task_dead+0x99/0xa0 [ 37.871101][ C0] do_exit+0x202a/0x2b80 [ 37.875293][ C0] ? put_task_struct+0x80/0x80 [ 37.879890][ C0] ? __kasan_check_write+0x14/0x20 [ 37.884841][ C0] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 37.889782][ C0] ? _raw_spin_lock_irqsave+0x210/0x210 [ 37.895167][ C0] ? zap_other_threads+0x29c/0x2d0 [ 37.900111][ C0] do_group_exit+0x21a/0x2d0 [ 37.904563][ C0] __x64_sys_exit_group+0x3f/0x40 [ 37.909403][ C0] do_syscall_64+0x3d/0xb0 [ 37.913660][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 37.919469][ C0] RIP: 0033:0x7fd637b95039 [ 37.923721][ C0] Code: Unable to access opcode bytes at 0x7fd637b9500f. [ 37.930587][ C0] RSP: 002b:00007fffaae40cd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.938831][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd637b95039 [pid 352] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 352] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 37.946635][ C0] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 37.954442][ C0] RBP: 00007fd637c112b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 37.962259][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd637c112b0 [ 37.970066][ C0] R13: 0000000000000000 R14: 00007fd637c11d20 R15: 00007fd637b661e0 [ 37.977889][ C0] [ 37.981355][ C0] ------------[ cut here ]------------ [ 37.986637][ C0] WARNING: CPU: 0 PID: 331 at net/core/skbuff.c:645 __napi_alloc_skb+0x360/0x560 [ 37.995591][ C0] Modules linked in: [ 37.999299][ C0] CPU: 0 PID: 331 Comm: kworker/0:2 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 38.010344][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 38.020214][ C0] Workqueue: events bpf_prog_put_deferred [ 38.025880][ C0] RIP: 0010:__napi_alloc_skb+0x360/0x560 [ 38.031350][ C0] Code: 03 42 80 3c 28 00 74 08 48 89 df e8 7a b2 ba fd 4c 89 33 4c 89 f8 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 b0 b2 73 fd <0f> 0b e9 df fc ff ff e8 a4 b2 73 fd 45 31 ff eb d8 e8 9a b2 73 fd [ 38.050793][ C0] RSP: 0018:ffffc900000077e0 EFLAGS: 00010293 [ 38.056663][ C0] RAX: ffffffff8401bdd0 RBX: 0000000000000000 RCX: ffff888109b0bcc0 [ 38.064496][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 38.072299][ C0] RBP: ffffc90000007820 R08: ffffffff8401baa5 R09: 0000000000001000 [ 38.080104][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 000000000000000c [ 38.087977][ C0] R13: 0000000000000080 R14: ffff88810d2fc008 R15: 0000000000000a20 [ 38.095737][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 38.104512][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.110920][ C0] CR2: 00007fd637be001d CR3: 0000000120883000 CR4: 00000000003506b0 [ 38.118719][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.126559][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.134356][ C0] Call Trace: [ 38.137463][ C0] [ 38.140155][ C0] ? show_regs+0x58/0x60 [ 38.144271][ C0] ? __warn+0x160/0x3d0 [ 38.148232][ C0] ? __napi_alloc_skb+0x360/0x560 [ 38.153114][ C0] ? report_bug+0x4d5/0x7d0 [ 38.157428][ C0] ? __napi_alloc_skb+0x360/0x560 [ 38.162333][ C0] ? handle_bug+0x41/0x70 [ 38.166455][ C0] ? exc_invalid_op+0x1b/0x50 [ 38.171002][ C0] ? asm_exc_invalid_op+0x1b/0x20 [ 38.175925][ C0] ? __napi_alloc_skb+0x35/0x560 [ 38.180713][ C0] ? __napi_alloc_skb+0x360/0x560 [ 38.185553][ C0] ? __napi_alloc_skb+0x360/0x560 [ 38.190450][ C0] page_to_skb+0x28d/0xba0 [ 38.194667][ C0] receive_buf+0x4fc/0x4ef0 [ 38.199010][ C0] ? virtnet_poll_tx+0x560/0x560 [ 38.203811][ C0] ? detach_entity_load_avg+0x780/0x780 [ 38.209159][ C0] ? virtqueue_get_buf_ctx+0x484/0xd30 [ 38.214484][ C0] ? detach_buf_split+0x71d/0xae0 [ 38.219317][ C0] ? virtqueue_get_buf_ctx+0x6f8/0xd30 [ 38.224632][ C0] virtnet_poll+0x6d3/0x1470 [ 38.229036][ C0] ? refill_work+0x230/0x230 [ 38.233495][ C0] ? __kasan_check_write+0x14/0x20 [ 38.238405][ C0] ? _raw_spin_lock+0xa4/0x1b0 [ 38.243117][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 38.248304][ C0] __napi_poll+0xbe/0x5c0 [ 38.252496][ C0] net_rx_action+0x595/0xdd0 [ 38.256900][ C0] ? net_tx_action+0x560/0x560 [ 38.261517][ C0] __do_softirq+0x1d8/0x661 [ 38.265833][ C0] do_softirq+0xf6/0x150 [ 38.269913][ C0] [ 38.272718][ C0] [ 38.275468][ C0] ? __local_bh_enable_ip+0x80/0x80 [ 38.280530][ C0] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 38.285358][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 38.290423][ C0] __local_bh_enable_ip+0x75/0x80 [ 38.295253][ C0] _raw_spin_unlock_bh+0x50/0x60 [ 38.300023][ C0] bpf_ksym_del+0x145/0x150 [ 38.304386][ C0] bpf_prog_kallsyms_del_all+0x27e/0x2f0 [ 38.309830][ C0] ? radix_tree_delete_item+0x2f1/0x3f0 [ 38.315241][ C0] __bpf_prog_put_noref+0x2a/0x2c0 [ 38.320162][ C0] bpf_prog_put_deferred+0x2ee/0x3e0 [ 38.325391][ C0] ? check_and_init_map_value+0x2f0/0x2f0 [ 38.331057][ C0] ? __schedule+0xcaf/0x1550 [ 38.335436][ C0] process_one_work+0x73d/0xcb0 [ 38.340125][ C0] worker_thread+0xa60/0x1260 [ 38.344663][ C0] ? __kasan_check_read+0x11/0x20 [pid 352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 347] <... bpf resumed>) = 7 [pid 352] <... bpf resumed>) = 5 [pid 348] <... bpf resumed>) = 5 [pid 347] exit_group(0 [pid 346] <... bpf resumed>) = 7 [ 38.349503][ C0] kthread+0x26d/0x300 [ 38.353421][ C0] ? worker_clr_flags+0x1a0/0x1a0 [ 38.358694][ C0] ? kthread_blkcg+0xd0/0xd0 [ 38.363148][ C0] ret_from_fork+0x1f/0x30 [ 38.367376][ C0] [ 38.370234][ C0] ---[ end trace 0000000000000000 ]--- [ 38.375894][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000101, exited with 00000100? [ 38.387336][ T13] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000100, exited with 000000fe? [pid 344] +++ exited with 0 +++ [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 347] <... exit_group resumed>) = ? [pid 346] exit_group(0 [pid 352] <... bpf resumed>) = 6 [pid 348] <... bpf resumed>) = 6 [pid 310] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 348] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 352] <... bpf resumed>) = 7 [pid 348] <... bpf resumed>) = 7 [pid 352] exit_group(0 [pid 348] exit_group(0 [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 352] <... exit_group resumed>) = ? [pid 348] <... exit_group resumed>) = ? [pid 352] +++ exited with 0 +++ [pid 348] +++ exited with 0 +++ [pid 310] <... clone resumed>, child_tidptr=0x555557135650) = 353 ./strace-static-x86_64: Process 353 attached [pid 346] <... exit_group resumed>) = ? [pid 308] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 307] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 308] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 307] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 308] <... clone resumed>, child_tidptr=0x555557135650) = 354 [pid 307] <... clone resumed>, child_tidptr=0x555557135650) = 355 ./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x555557135660, 24) = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] write(1, "executing program\n", 18) = 18 [pid 355] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 355] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 354 attached [pid 354] set_robust_list(0x555557135660, 24 [pid 355] <... bpf resumed>) = 4 [pid 354] <... set_robust_list resumed>) = 0 [ 38.399609][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000100? [ 38.411115][ T13] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000100, exited with 000000fe? [ 38.424403][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000101, exited with 00000100? [ 38.430359][ C1] softirq: huh, entered softirq 9 RCU ffffffff8160d2f0 with preempt_count 00000103, exited with 00000102? [ 38.436099][ T298] BUG: using smp_processor_id() in preemptible [00000000] code: sshd/298 [ 38.446917][ T300] BUG: scheduling while atomic: strace-static-x/300/0x00000002 [ 38.446931][ T300] Modules linked in: [ 38.446940][ T300] Preemption disabled at: [ 38.446944][ T300] [] remove_wait_queue+0x26/0x140 [ 38.446984][ T300] CPU: 1 PID: 300 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 38.447002][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 38.447010][ T300] Call Trace: [ 38.447015][ T300] [ 38.447020][ T300] dump_stack_lvl+0x151/0x1b7 [ 38.455250][ T298] caller is debug_smp_processor_id+0x17/0x20 [ 38.462620][ T300] ? remove_wait_queue+0x26/0x140 [ 38.519285][ T300] ? remove_wait_queue+0x26/0x140 [ 38.524146][ T300] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 38.529438][ T300] ? remove_wait_queue+0x26/0x140 [ 38.534298][ T300] dump_stack+0x15/0x1b [ 38.538291][ T300] __schedule_bug+0x195/0x260 [ 38.542801][ T300] ? __ia32_sys_waitid+0xd0/0xd0 [ 38.547576][ T300] ? bpf_trace_printk+0x1be/0x300 [ 38.552437][ T300] ? cpu_util_update_eff+0x10e0/0x10e0 [ 38.557731][ T300] ? kernel_waitid+0x520/0x520 [ 38.562334][ T300] __schedule+0xcf7/0x1550 [ 38.566585][ T300] ? __x64_sys_wait4+0x181/0x1e0 [ 38.571357][ T300] ? bpf_trace_run2+0x138/0x290 [ 38.576045][ T300] ? __sched_text_start+0x8/0x8 [ 38.580740][ T300] schedule+0xc3/0x180 [ 38.584637][ T300] exit_to_user_mode_loop+0x4e/0xa0 [ 38.589671][ T300] exit_to_user_mode_prepare+0x5a/0xa0 [ 38.594965][ T300] syscall_exit_to_user_mode+0x26/0x140 [ 38.600346][ T300] do_syscall_64+0x49/0xb0 [ 38.604596][ T300] ? sysvec_call_function_single+0x52/0xb0 [ 38.610238][ T300] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 38.615968][ T300] RIP: 0033:0x4d49a6 [ 38.619700][ T300] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 38.639142][ T300] RSP: 002b:00007ffc90176658 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 38.647387][ T300] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00000000004d49a6 [ 38.655196][ T300] RDX: 0000000040000001 RSI: 00007ffc9017667c RDI: 00000000ffffffff [ 38.663007][ T300] RBP: 0000000000748620 R08: 0000000000000000 R09: 0000000000000000 [ 38.670824][ T300] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074d6c0 [ 38.678629][ T300] R13: 0000000000000162 R14: 00007ffc9017667c R15: 0000000000617180 [ 38.686447][ T300] [ 38.689308][ T298] CPU: 0 PID: 298 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 38.699728][ T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 38.709621][ T298] Call Trace: [ 38.712741][ T298] [ 38.715519][ T298] dump_stack_lvl+0x151/0x1b7 [ 38.720036][ T298] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 38.725323][ T298] ? stack_trace_save+0x1c0/0x1c0 [ 38.730184][ T298] dump_stack+0x15/0x1b [ 38.734176][ T298] check_preemption_disabled+0x109/0x110 [ 38.739646][ T298] debug_smp_processor_id+0x17/0x20 [ 38.744677][ T298] rcu_is_watching+0x15/0xb0 [ 38.749125][ T298] kernel_text_address+0x83/0xe0 [ 38.753988][ T298] __kernel_text_address+0xd/0x40 [ 38.758828][ T298] unwind_get_return_address+0x4d/0x90 [ 38.764120][ T298] arch_stack_walk+0xf3/0x140 [ 38.768633][ T298] stack_trace_save+0x113/0x1c0 [ 38.773318][ T298] ? __kmem_cache_alloc_node+0x1af/0x250 [ 38.778786][ T298] ? stack_trace_snprint+0xf0/0xf0 [ 38.783735][ T298] ? memcpy+0x56/0x70 [ 38.787553][ T298] ? kfree+0x7a/0xf0 [ 38.791284][ T298] ? kfree+0x7a/0xf0 [ 38.795018][ T298] kasan_set_track+0x4b/0x70 [ 38.799442][ T298] ? kasan_set_track+0x4b/0x70 [ 38.804043][ T298] ? kasan_save_free_info+0x2b/0x40 [ 38.809074][ T298] ? ____kasan_slab_free+0x131/0x180 [ 38.814195][ T298] ? __kasan_slab_free+0x11/0x20 [ 38.818968][ T298] ? __kmem_cache_free+0x218/0x3b0 [ 38.823915][ T298] ? kfree+0x7a/0xf0 [ 38.827646][ T298] ? skb_release_data+0x616/0x840 [ 38.832509][ T298] ? __kfree_skb+0x50/0x70 [ 38.836760][ T298] ? tcp_rtx_queue_unlink_and_free+0x3d5/0x610 [ 38.842751][ T298] ? tcp_ack+0x2437/0x6a30 [ 38.847001][ T298] ? tcp_rcv_established+0xe31/0x1c60 [ 38.852213][ T298] ? tcp_v4_do_rcv+0x430/0xa20 [ 38.856810][ T298] ? __release_sock+0x145/0x410 [ 38.861498][ T298] ? release_sock+0x65/0x1b0 [ 38.865923][ T298] ? tcp_sendmsg+0x3a/0x50 [ 38.870175][ T298] ? inet_sendmsg+0xa1/0xc0 [ 38.874515][ T298] ? sock_write_iter+0x394/0x4e0 [ 38.879289][ T298] ? vfs_write+0x902/0xeb0 [ 38.883542][ T298] ? ksys_write+0x199/0x2c0 [ 38.887895][ T298] ? __x64_sys_write+0x7b/0x90 [ 38.892482][ T298] ? do_syscall_64+0x3d/0xb0 [ 38.896908][ T298] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 38.902818][ T298] ? bpf_trace_run1+0x240/0x240 [ 38.907496][ T298] kasan_save_free_info+0x2b/0x40 [ 38.912356][ T298] ____kasan_slab_free+0x131/0x180 [ 38.917304][ T298] __kasan_slab_free+0x11/0x20 [ 38.921994][ T298] __kmem_cache_free+0x218/0x3b0 [ 38.926763][ T298] ? skb_release_data+0x616/0x840 [ 38.931625][ T298] ? skb_release_data+0x616/0x840 [ 38.936486][ T298] kfree+0x7a/0xf0 [ 38.940048][ T298] skb_release_data+0x616/0x840 [ 38.944734][ T298] __kfree_skb+0x50/0x70 [ 38.948809][ T298] tcp_rtx_queue_unlink_and_free+0x3d5/0x610 [ 38.954626][ T298] tcp_ack+0x2437/0x6a30 [ 38.958713][ T298] ? tcp_rcv_established+0x1c60/0x1c60 [ 38.964002][ T298] ? ktime_get+0x12f/0x160 [ 38.968252][ T298] tcp_rcv_established+0xe31/0x1c60 [ 38.973287][ T298] ? tcp_check_space+0xae0/0xae0 [ 38.978059][ T298] ? __kasan_check_read+0x11/0x20 [ 38.982920][ T298] ? ipv4_dst_check+0xe3/0x150 [ 38.987699][ T298] tcp_v4_do_rcv+0x430/0xa20 [ 38.992119][ T298] __release_sock+0x145/0x410 [ 38.996633][ T298] release_sock+0x65/0x1b0 [ 39.000890][ T298] tcp_sendmsg+0x3a/0x50 [ 39.005002][ T298] inet_sendmsg+0xa1/0xc0 [ 39.009127][ T298] ? inet_send_prepare+0x4a0/0x4a0 [ 39.014079][ T298] sock_write_iter+0x394/0x4e0 [ 39.018677][ T298] ? sock_read_iter+0x4b0/0x4b0 [ 39.023363][ T298] ? fsnotify_perm+0x6a/0x5d0 [ 39.027881][ T298] vfs_write+0x902/0xeb0 [ 39.031957][ T298] ? file_end_write+0x1c0/0x1c0 [ 39.036639][ T298] ? __set_current_blocked+0x2a5/0x2f0 [ 39.041941][ T298] ? __kasan_check_read+0x11/0x20 [ 39.046888][ T298] ? __fdget_pos+0x204/0x390 [ 39.051312][ T298] ksys_write+0x199/0x2c0 [ 39.055475][ T298] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 39.060857][ T298] ? __ia32_sys_read+0x90/0x90 [ 39.065455][ T298] ? __bpf_trace_sys_enter+0x62/0x70 [ 39.070577][ T298] __x64_sys_write+0x7b/0x90 [ 39.075007][ T298] do_syscall_64+0x3d/0xb0 [ 39.079264][ T298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 39.084984][ T298] RIP: 0033:0x7f6928116bf2 [ 39.089244][ T298] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 39.108695][ T298] RSP: 002b:00007fff39fd7518 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 39.116921][ T298] RAX: ffffffffffffffda RBX: 00000000000006f0 RCX: 00007f6928116bf2 [ 39.124732][ T298] RDX: 00000000000006f0 RSI: 0000562941063930 RDI: 0000000000000004 [ 39.132548][ T298] RBP: 000056294104d290 R08: 0000000000000000 R09: 0000000000000000 [ 39.140452][ T298] R10: 0000000000000000 R11: 0000000000000246 R12: 000056293f314aa4 [ 39.148272][ T298] R13: 0000000000000026 R14: 000056293f3153e8 R15: 00007fff39fd7588 [ 39.156078][ T298] [ 39.159131][ C0] softirq: huh, entered softirq 9 RCU ffffffff8160d2f0 with preempt_count 00000101, exited with 00000100? [ 39.170713][ T298] BUG: using smp_processor_id() in preemptible [00000000] code: sshd/298 [ 39.178954][ T298] caller is debug_smp_processor_id+0x17/0x20 [ 39.184817][ T298] CPU: 0 PID: 298 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 39.195178][ T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 39.205071][ T298] Call Trace: [ 39.208196][ T298] [ 39.210976][ T298] dump_stack_lvl+0x151/0x1b7 [ 39.215486][ T298] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 39.220783][ T298] ? stack_trace_save+0x1c0/0x1c0 [ 39.225638][ T298] dump_stack+0x15/0x1b [ 39.229631][ T298] check_preemption_disabled+0x109/0x110 [ 39.235100][ T298] debug_smp_processor_id+0x17/0x20 [ 39.240135][ T298] rcu_is_watching+0x15/0xb0 [ 39.244561][ T298] kernel_text_address+0x83/0xe0 [ 39.249335][ T298] __kernel_text_address+0xd/0x40 [ 39.254196][ T298] unwind_get_return_address+0x4d/0x90 [ 39.259489][ T298] arch_stack_walk+0xf3/0x140 [ 39.264003][ T298] stack_trace_save+0x113/0x1c0 [ 39.268690][ T298] ? stack_trace_snprint+0xf0/0xf0 [ 39.273807][ T298] ? memcpy+0x56/0x70 [ 39.277631][ T298] ? kfree+0x7a/0xf0 [ 39.281447][ T298] ? kfree+0x7a/0xf0 [ 39.285179][ T298] kasan_set_track+0x4b/0x70 [ 39.289613][ T298] ? kasan_set_track+0x4b/0x70 [ 39.294203][ T298] ? kasan_save_free_info+0x2b/0x40 [ 39.299244][ T298] ? ____kasan_slab_free+0x131/0x180 [ 39.304439][ T298] ? __kasan_slab_free+0x11/0x20 [ 39.309132][ T298] ? __kmem_cache_free+0x218/0x3b0 [ 39.314079][ T298] ? kfree+0x7a/0xf0 [ 39.317818][ T298] ? skb_release_data+0x616/0x840 [ 39.322697][ T298] ? __kfree_skb+0x50/0x70 [ 39.326930][ T298] ? tcp_rtx_queue_unlink_and_free+0x3d5/0x610 [ 39.332912][ T298] ? tcp_ack+0x2437/0x6a30 [ 39.337167][ T298] ? tcp_rcv_established+0x7e5/0x1c60 [ 39.342375][ T298] ? tcp_v4_do_rcv+0x430/0xa20 [ 39.346970][ T298] ? __release_sock+0x145/0x410 [ 39.351657][ T298] ? release_sock+0x65/0x1b0 [ 39.356093][ T298] ? tcp_sendmsg+0x3a/0x50 [ 39.360341][ T298] ? inet_sendmsg+0xa1/0xc0 [ 39.364680][ T298] ? sock_write_iter+0x394/0x4e0 [ 39.369451][ T298] ? vfs_write+0x902/0xeb0 [ 39.373701][ T298] ? ksys_write+0x199/0x2c0 [ 39.378043][ T298] ? __x64_sys_write+0x7b/0x90 [ 39.382643][ T298] ? do_syscall_64+0x3d/0xb0 [ 39.387069][ T298] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 39.392981][ T298] ? bpf_trace_run1+0x240/0x240 [ 39.397658][ T298] kasan_save_free_info+0x2b/0x40 [ 39.402518][ T298] ____kasan_slab_free+0x131/0x180 [ 39.407465][ T298] __kasan_slab_free+0x11/0x20 [ 39.412064][ T298] __kmem_cache_free+0x218/0x3b0 [ 39.416840][ T298] ? skb_release_data+0x616/0x840 [ 39.421699][ T298] ? skb_release_data+0x616/0x840 [ 39.426561][ T298] kfree+0x7a/0xf0 [ 39.430119][ T298] skb_release_data+0x616/0x840 [ 39.434813][ T298] __kfree_skb+0x50/0x70 [ 39.438885][ T298] tcp_rtx_queue_unlink_and_free+0x3d5/0x610 [ 39.444701][ T298] tcp_ack+0x2437/0x6a30 [ 39.448780][ T298] ? kasan_set_track+0x4b/0x70 [ 39.453384][ T298] ? tcp_rcv_established+0x1c60/0x1c60 [ 39.458675][ T298] ? debug_smp_processor_id+0x17/0x20 [ 39.463882][ T298] ? kasan_quarantine_put+0x34/0x1a0 [ 39.469005][ T298] ? __kasan_check_read+0x11/0x20 [ 39.473862][ T298] ? ktime_get+0x12f/0x160 [ 39.478112][ T298] tcp_rcv_established+0x7e5/0x1c60 [ 39.483152][ T298] ? tcp_check_space+0xae0/0xae0 [ 39.487925][ T298] ? __kasan_check_read+0x11/0x20 [ 39.492783][ T298] ? ipv4_dst_check+0xe3/0x150 [ 39.497397][ T298] tcp_v4_do_rcv+0x430/0xa20 [ 39.501808][ T298] __release_sock+0x145/0x410 [ 39.506322][ T298] release_sock+0x65/0x1b0 [ 39.510576][ T298] tcp_sendmsg+0x3a/0x50 [ 39.514651][ T298] inet_sendmsg+0xa1/0xc0 [ 39.518817][ T298] ? inet_send_prepare+0x4a0/0x4a0 [ 39.523772][ T298] sock_write_iter+0x394/0x4e0 [ 39.528364][ T298] ? sock_read_iter+0x4b0/0x4b0 [ 39.533053][ T298] ? fsnotify_perm+0x6a/0x5d0 [ 39.537565][ T298] vfs_write+0x902/0xeb0 [ 39.541647][ T298] ? file_end_write+0x1c0/0x1c0 [ 39.546330][ T298] ? __set_current_blocked+0x2a5/0x2f0 [ 39.551712][ T298] ? __kasan_check_read+0x11/0x20 [ 39.556570][ T298] ? __fdget_pos+0x204/0x390 [ 39.561002][ T298] ksys_write+0x199/0x2c0 [ 39.565203][ T298] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 39.570543][ T298] ? __ia32_sys_read+0x90/0x90 [ 39.575237][ T298] ? __bpf_trace_sys_enter+0x62/0x70 [ 39.580355][ T298] __x64_sys_write+0x7b/0x90 [ 39.584784][ T298] do_syscall_64+0x3d/0xb0 [ 39.589032][ T298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 39.594769][ T298] RIP: 0033:0x7f6928116bf2 [ 39.599013][ T298] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 39.618648][ T298] RSP: 002b:00007fff39fd7518 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 39.626895][ T298] RAX: ffffffffffffffda RBX: 00000000000006f0 RCX: 00007f6928116bf2 [ 39.634705][ T298] RDX: 00000000000006f0 RSI: 0000562941063930 RDI: 0000000000000004 [ 39.642605][ T298] RBP: 000056294104d290 R08: 0000000000000000 R09: 0000000000000000 [ 39.650414][ T298] R10: 0000000000000000 R11: 0000000000000246 R12: 000056293f314aa4 executing program executing program [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 355] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 354] <... prctl resumed>) = 0 [pid 353] set_robust_list(0x555557135660, 24 [pid 354] setpgid(0, 0 [pid 353] <... set_robust_list resumed>) = 0 [pid 354] <... setpgid resumed>) = 0 [pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 353] <... prctl resumed>) = 0 [pid 354] <... openat resumed>) = 3 [pid 353] setpgid(0, 0 [pid 354] write(3, "1000", 4 [pid 353] <... setpgid resumed>) = 0 [pid 354] <... write resumed>) = 4 [pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 354] close(3 [pid 353] <... openat resumed>) = 3 [pid 354] <... close resumed>) = 0 [pid 353] write(3, "1000", 4 [pid 354] write(1, "executing program\n", 18 [pid 353] <... write resumed>) = 4 [pid 354] <... write resumed>) = 18 [pid 353] close(3 [pid 354] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 353] <... close resumed>) = 0 [pid 354] <... bpf resumed>) = 3 [pid 353] write(1, "executing program\n", 18 [pid 354] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 353] <... write resumed>) = 18 [pid 354] <... bpf resumed>) = 0 [pid 353] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 353] <... bpf resumed>) = 3 [pid 354] <... bpf resumed>) = 4 [pid 353] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 354] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 353] <... bpf resumed>) = 0 [pid 353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 39.658225][ T298] R13: 0000000000000026 R14: 000056293f3153e8 R15: 00007fff39fd7588 [ 39.666041][ T298] [ 39.669165][ C0] BUG: workqueue leaked lock or atomic: kworker/0:2/0x7fffffff/331 [ 39.669165][ C0] last function: bpf_prog_free_deferred [ 39.669196][ T331] CPU: 0 PID: 331 Comm: kworker/0:2 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 39.693741][ T331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 39.703630][ T331] Workqueue: events bpf_prog_free_deferred [ 39.709280][ T331] Call Trace: [ 39.712399][ T331] [ 39.715172][ T331] dump_stack_lvl+0x151/0x1b7 [ 39.719688][ T331] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 39.724986][ T331] ? bpf_prog_free_deferred+0x63e/0x750 [ 39.730449][ T331] dump_stack+0x15/0x1b [ 39.734439][ T331] process_one_work+0x94e/0xcb0 [ 39.739131][ T331] worker_thread+0xa60/0x1260 [ 39.743645][ T331] ? __kasan_check_read+0x11/0x20 [ 39.748504][ T331] kthread+0x26d/0x300 [ 39.752405][ T331] ? worker_clr_flags+0x1a0/0x1a0 [pid 353] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 306] kill(-347, SIGKILL [pid 304] kill(-346, SIGKILL) = 0 [pid 304] kill(346, SIGKILL) = 0 [ 39.757281][ T331] ? kthread_blkcg+0xd0/0xd0 [ 39.761694][ T331] ret_from_fork+0x1f/0x30 [ 39.765949][ T331] [ 39.769070][ T90] BUG: using smp_processor_id() in preemptible [00000000] code: klogd/90 [ 39.777454][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000102, exited with 00000100? [ 39.788844][ T90] caller is debug_smp_processor_id+0x17/0x20 [ 39.794665][ T90] CPU: 0 PID: 90 Comm: klogd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 39.805044][ T90] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 39.814939][ T90] Call Trace: [ 39.818063][ T90] [ 39.820840][ T90] dump_stack_lvl+0x151/0x1b7 [ 39.825353][ T90] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 39.830647][ T90] ? stack_trace_save+0x1c0/0x1c0 [ 39.835507][ T90] dump_stack+0x15/0x1b [ 39.839498][ T90] check_preemption_disabled+0x109/0x110 [ 39.844975][ T90] debug_smp_processor_id+0x17/0x20 [ 39.850001][ T90] rcu_is_watching+0x15/0xb0 [ 39.854428][ T90] kernel_text_address+0x83/0xe0 [ 39.859203][ T90] __kernel_text_address+0xd/0x40 [ 39.864060][ T90] unwind_get_return_address+0x4d/0x90 [ 39.869358][ T90] arch_stack_walk+0xf3/0x140 [ 39.873872][ T90] stack_trace_save+0x113/0x1c0 [ 39.878556][ T90] ? stack_trace_snprint+0xf0/0xf0 [ 39.883505][ T90] ? kfree+0x7a/0xf0 [ 39.887233][ T90] ? kfree+0x7a/0xf0 [ 39.890969][ T90] kasan_set_track+0x4b/0x70 [ 39.895393][ T90] ? kasan_set_track+0x4b/0x70 [ 39.899991][ T90] ? kasan_save_free_info+0x2b/0x40 [ 39.905024][ T90] ? ____kasan_slab_free+0x131/0x180 [ 39.910145][ T90] ? __kasan_slab_free+0x11/0x20 [ 39.914921][ T90] ? __kmem_cache_free+0x218/0x3b0 [ 39.919873][ T90] ? kfree+0x7a/0xf0 [ 39.923605][ T90] ? syslog_print+0x577/0x600 [ 39.928113][ T90] ? do_syslog+0x732/0x7f0 [ 39.932371][ T90] ? __x64_sys_syslog+0x7c/0x90 [ 39.937054][ T90] ? do_syscall_64+0x3d/0xb0 [ 39.941478][ T90] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 39.947391][ T90] kasan_save_free_info+0x2b/0x40 [ 39.952247][ T90] ____kasan_slab_free+0x131/0x180 [ 39.957188][ T90] __kasan_slab_free+0x11/0x20 [ 39.961789][ T90] __kmem_cache_free+0x218/0x3b0 [ 39.966560][ T90] ? syslog_print+0x577/0x600 [ 39.971073][ T90] ? syslog_print+0x577/0x600 [ 39.975596][ T90] kfree+0x7a/0xf0 [ 39.979150][ T90] syslog_print+0x577/0x600 [ 39.983496][ T90] ? do_syslog+0x7f0/0x7f0 [ 39.987741][ T90] ? avc_has_perm_noaudit+0x430/0x430 [ 39.992959][ T90] ? cap_capable+0x1d2/0x270 [ 39.997379][ T90] ? wake_bit_function+0x230/0x230 [ 40.002324][ T90] do_syslog+0x732/0x7f0 [ 40.006400][ T90] ? devkmsg_release+0x130/0x130 [ 40.011173][ T90] ? bpf_trace_run2+0x138/0x290 [ 40.015861][ T90] ? __bpf_trace_sys_enter+0x62/0x70 [ 40.020981][ T90] __x64_sys_syslog+0x7c/0x90 [ 40.025492][ T90] do_syscall_64+0x3d/0xb0 [ 40.029745][ T90] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 40.035386][ T90] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 40.041113][ T90] RIP: 0033:0x7f3a2dc91fa7 [ 40.045365][ T90] Code: 73 01 c3 48 8b 0d 81 ce 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 67 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 ce 0c 00 f7 d8 64 89 01 48 [ 40.064812][ T90] RSP: 002b:00007ffdeb0580b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000067 [ 40.073052][ T90] RAX: ffffffffffffffda RBX: 00007f3a2de304a0 RCX: 00007f3a2dc91fa7 [ 40.080864][ T90] RDX: 00000000000003ff RSI: 00007f3a2de304a0 RDI: 0000000000000002 [ 40.088677][ T90] RBP: 0000000000000000 R08: 0000000000000007 R09: 7da5a40a7f985d19 [ 40.096489][ T90] R10: 0000000000004000 R11: 0000000000000206 R12: 00007f3a2de304a0 [pid 306] <... kill resumed>) = 0 [pid 306] kill(347, SIGKILL) = 0 [ 40.104297][ T90] R13: 00007f3a2de20212 R14: 00007f3a2de305c1 R15: 00007f3a2de305c1 [ 40.112115][ T90] [ 40.115212][ T83] BUG: using smp_processor_id() in preemptible [00000000] code: syslogd/83 [ 40.123637][ T83] caller is debug_smp_processor_id+0x17/0x20 [ 40.129525][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000102, exited with 00000100? [ 40.140822][ T83] CPU: 0 PID: 83 Comm: syslogd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 40.151463][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 40.161447][ T83] Call Trace: [ 40.164576][ T83] [ 40.167352][ T83] dump_stack_lvl+0x151/0x1b7 [ 40.171860][ T83] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 40.177159][ T83] ? stack_trace_save+0x1c0/0x1c0 [ 40.182049][ T83] dump_stack+0x15/0x1b [ 40.186011][ T83] check_preemption_disabled+0x109/0x110 [ 40.191483][ T83] debug_smp_processor_id+0x17/0x20 [ 40.196513][ T83] rcu_is_watching+0x15/0xb0 [ 40.200937][ T83] kernel_text_address+0x83/0xe0 [ 40.205722][ T83] __kernel_text_address+0xd/0x40 [ 40.210575][ T83] unwind_get_return_address+0x4d/0x90 [ 40.215863][ T83] arch_stack_walk+0xf3/0x140 [ 40.220385][ T83] stack_trace_save+0x113/0x1c0 [ 40.225067][ T83] ? stack_trace_snprint+0xf0/0xf0 [ 40.230014][ T83] ? memcpy+0x56/0x70 [ 40.233828][ T83] ? kfree+0x7a/0xf0 [ 40.237561][ T83] ? kfree+0x7a/0xf0 [ 40.241308][ T83] kasan_set_track+0x4b/0x70 [ 40.245809][ T83] ? kasan_set_track+0x4b/0x70 [ 40.250411][ T83] ? kasan_save_free_info+0x2b/0x40 [ 40.255610][ T83] ? ____kasan_slab_free+0x131/0x180 [pid 304] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 304] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 304] getdents64(3, 0x5555571366f0 /* 2 entries */, 32768) = 48 [pid 304] getdents64(3, 0x5555571366f0 /* 0 entries */, 32768) = 0 [pid 304] close(3) = 0 [pid 306] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 306] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 306] getdents64(3, 0x5555571366f0 /* 2 entries */, 32768) = 48 [pid 306] getdents64(3, 0x5555571366f0 /* 0 entries */, 32768) = 0 [ 40.260727][ T83] ? __kasan_slab_free+0x11/0x20 [ 40.265504][ T83] ? __kmem_cache_free+0x218/0x3b0 [ 40.270453][ T83] ? kfree+0x7a/0xf0 [ 40.274187][ T83] ? skb_release_data+0x616/0x840 [ 40.279054][ T83] ? consume_skb+0xac/0x250 [ 40.283383][ T83] ? skb_free_datagram+0x15/0x20 [ 40.288160][ T83] ? __unix_dgram_recvmsg+0xcce/0x12b0 [ 40.293455][ T83] ? unix_dgram_recvmsg+0xb7/0xd0 [ 40.298392][ T83] ? sock_read_iter+0x3b2/0x4b0 [ 40.303085][ T83] ? vfs_read+0x771/0xad0 [ 40.307247][ T83] ? ksys_read+0x199/0x2c0 [ 40.311502][ T83] ? __x64_sys_read+0x7b/0x90 [ 40.316013][ T83] ? do_syscall_64+0x3d/0xb0 [ 40.320438][ T83] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 40.326349][ T83] kasan_save_free_info+0x2b/0x40 [ 40.331207][ T83] ____kasan_slab_free+0x131/0x180 [ 40.336148][ T83] __kasan_slab_free+0x11/0x20 [ 40.340755][ T83] __kmem_cache_free+0x218/0x3b0 [ 40.345523][ T83] ? skb_release_data+0x616/0x840 [ 40.350384][ T83] ? skb_release_data+0x616/0x840 [ 40.355250][ T83] kfree+0x7a/0xf0 [ 40.358826][ T83] skb_release_data+0x616/0x840 [ 40.363582][ T83] consume_skb+0xac/0x250 [ 40.367838][ T83] skb_free_datagram+0x15/0x20 [ 40.372465][ T83] __unix_dgram_recvmsg+0xcce/0x12b0 [ 40.377642][ T83] ? unix_unhash+0x10/0x10 [ 40.381887][ T83] ? avc_has_perm+0x16f/0x260 [ 40.386401][ T83] ? ring_buffer_unlock_commit+0x4b6/0x610 [ 40.392042][ T83] unix_dgram_recvmsg+0xb7/0xd0 [ 40.396727][ T83] ? unix_dgram_sendmsg+0x2050/0x2050 [ 40.401935][ T83] sock_read_iter+0x3b2/0x4b0 [ 40.406450][ T83] ? kernel_sock_ip_overhead+0x280/0x280 [pid 306] close(3) = 0 [ 40.411917][ T83] ? __kasan_check_read+0x11/0x20 [ 40.416775][ T83] ? fsnotify_perm+0x470/0x5d0 [ 40.421384][ T83] vfs_read+0x771/0xad0 [ 40.425370][ T83] ? bpf_bprintf_cleanup+0x48/0x60 [ 40.430320][ T83] ? kernel_read+0x1f0/0x1f0 [ 40.434747][ T83] ? __kasan_check_read+0x11/0x20 [ 40.439605][ T83] ? __fdget_pos+0x204/0x390 [ 40.444027][ T83] ksys_read+0x199/0x2c0 [ 40.448113][ T83] ? vfs_write+0xeb0/0xeb0 [ 40.452364][ T83] ? __bpf_trace_sys_enter+0x62/0x70 [ 40.457481][ T83] __x64_sys_read+0x7b/0x90 [ 40.461821][ T83] do_syscall_64+0x3d/0xb0 [ 40.466101][ T83] ? sysvec_call_function_single+0x52/0xb0 [ 40.471722][ T83] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 40.477445][ T83] RIP: 0033:0x7ffb7061bb6a [ 40.481696][ T83] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 40.501138][ T83] RSP: 002b:00007ffc38fbae88 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 40.509381][ T83] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007ffb7061bb6a [ 40.517383][ T83] RDX: 00000000000000ff RSI: 00005638b9757300 RDI: 0000000000000000 [ 40.525186][ T83] RBP: 00005638b97572c0 R08: 0000000000000001 R09: 0000000000000000 [ 40.533234][ T83] R10: 00007ffb707ba3a3 R11: 0000000000000246 R12: 00005638b9757398 [ 40.541130][ T83] R13: 00005638b9757300 R14: 0000000000000000 R15: 00007ffb707f8a80 [ 40.548946][ T83] [ 40.552368][ T13] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000100, exited with 000000fe? [ 40.563861][ C0] BUG: workqueue leaked lock or atomic: kworker/0:0/0x7fffffff/6 [ 40.563861][ C0] last function: bpf_prog_free_deferred [ 40.563899][ C0] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 40.588095][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 40.597988][ C0] Workqueue: events bpf_prog_free_deferred [ 40.603629][ C0] Call Trace: [ 40.606823][ C0] [ 40.609528][ C0] dump_stack_lvl+0x151/0x1b7 [ 40.614040][ C0] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 40.619508][ C0] ? bpf_prog_free_deferred+0x63e/0x750 [ 40.624889][ C0] dump_stack+0x15/0x1b [ 40.628884][ C0] process_one_work+0x94e/0xcb0 [ 40.633585][ C0] worker_thread+0xa60/0x1260 [ 40.638087][ C0] kthread+0x26d/0x300 [ 40.641986][ C0] ? worker_clr_flags+0x1a0/0x1a0 [ 40.646848][ C0] ? kthread_blkcg+0xd0/0xd0 [ 40.651274][ C0] ret_from_fork+0x1f/0x30 [ 40.655530][ C0] [pid 347] +++ exited with 0 +++ [pid 306] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=45} --- [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557135650) = 359 [ 40.658422][ C0] BUG: scheduling while atomic: kworker/0:0/6/0x00010001 [ 40.665279][ C0] Modules linked in: [ 40.668990][ C0] Preemption disabled at: [ 40.669003][ C0] [] free_unref_page+0x177/0x5c0 [ 40.679494][ C0] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 40.690330][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 40.700225][ C0] Workqueue: 0x0 (events) [ 40.704477][ C0] Call Trace: [ 40.707603][ C0] [ 40.710377][ C0] dump_stack_lvl+0x151/0x1b7 [ 40.714893][ C0] ? free_unref_page+0x177/0x5c0 [ 40.719662][ C0] ? free_unref_page+0x177/0x5c0 [ 40.724440][ C0] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 40.729735][ C0] ? free_unref_page+0x177/0x5c0 [ 40.734507][ C0] dump_stack+0x15/0x1b [ 40.738499][ C0] __schedule_bug+0x195/0x260 [ 40.743015][ C0] ? cpu_util_update_eff+0x10e0/0x10e0 [ 40.748310][ C0] __schedule+0xcf7/0x1550 [ 40.752562][ C0] ? __sched_text_start+0x8/0x8 [ 40.757245][ C0] ? wq_worker_sleeping+0x64/0x290 ./strace-static-x86_64: Process 359 attached [ 40.762194][ C0] schedule+0xc3/0x180 [ 40.766096][ C0] worker_thread+0xefa/0x1260 [ 40.770615][ C0] kthread+0x26d/0x300 [ 40.774516][ C0] ? worker_clr_flags+0x1a0/0x1a0 [ 40.779375][ C0] ? kthread_blkcg+0xd0/0xd0 [ 40.783808][ C0] ret_from_fork+0x1f/0x30 [ 40.788060][ C0] [ 40.791304][ T346] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor303/346 [ 40.800522][ T346] caller is debug_smp_processor_id+0x17/0x20 [ 40.806396][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000102, exited with 00000101? [ 40.817726][ T346] CPU: 0 PID: 346 Comm: syz-executor303 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 40.829129][ T346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 40.839017][ T346] Call Trace: [ 40.842141][ T346] [ 40.844917][ T346] dump_stack_lvl+0x151/0x1b7 [ 40.849438][ T346] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 40.854728][ T346] ? stack_trace_save+0x1c0/0x1c0 [ 40.859591][ T346] dump_stack+0x15/0x1b [ 40.863579][ T346] check_preemption_disabled+0x109/0x110 [ 40.869048][ T346] debug_smp_processor_id+0x17/0x20 [ 40.874083][ T346] rcu_is_watching+0x15/0xb0 [ 40.878518][ T346] kernel_text_address+0x83/0xe0 [ 40.883285][ T346] __kernel_text_address+0xd/0x40 [ 40.888143][ T346] unwind_get_return_address+0x4d/0x90 [ 40.893434][ T346] arch_stack_walk+0xf3/0x140 [ 40.897958][ T346] stack_trace_save+0x113/0x1c0 [ 40.902652][ T346] ? stack_trace_snprint+0xf0/0xf0 [ 40.907584][ T346] ? kfree+0x7a/0xf0 [ 40.911313][ T346] ? kfree+0x7a/0xf0 [ 40.915045][ T346] kasan_set_track+0x4b/0x70 [ 40.919475][ T346] ? kasan_set_track+0x4b/0x70 [ 40.924073][ T346] ? kasan_save_free_info+0x2b/0x40 [ 40.929107][ T346] ? ____kasan_slab_free+0x131/0x180 [ 40.934225][ T346] ? __kasan_slab_free+0x11/0x20 [ 40.939001][ T346] ? __kmem_cache_free+0x218/0x3b0 [ 40.943947][ T346] ? kfree+0x7a/0xf0 [ 40.947678][ T346] ? bpf_raw_tp_link_dealloc+0x15/0x20 [ 40.953079][ T346] ? bpf_link_free+0x394/0x3f0 [ 40.957672][ T346] ? bpf_link_release+0x170/0x180