./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1053100548 <...> Warning: Permanently added '10.128.1.41' (ED25519) to the list of known hosts. execve("./syz-executor1053100548", ["./syz-executor1053100548"], 0x7ffc6e331680 /* 10 vars */) = 0 brk(NULL) = 0x555556789000 brk(0x555556789d00) = 0x555556789d00 arch_prctl(ARCH_SET_FS, 0x555556789380) = 0 set_tid_address(0x555556789650) = 292 set_robust_list(0x555556789660, 24) = 0 rseq(0x555556789ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1053100548", 4096) = 28 getrandom("\x03\x55\x69\x20\xdb\x0a\x9b\xa3", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556789d00 brk(0x5555567aad00) = 0x5555567aad00 brk(0x5555567ab000) = 0x5555567ab000 mprotect(0x7ff1e19b9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556789650) = 293 ./strace-static-x86_64: Process 293 attached [pid 293] set_robust_list(0x555556789660, 24) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] <... clone resumed>, child_tidptr=0x555556789650) = 294 ./strace-static-x86_64: Process 294 attached [pid 294] set_robust_list(0x555556789660, 24) = 0 [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 294] setpgid(0, 0) = 0 [pid 294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "1000", 4) = 4 [pid 294] close(3) = 0 [pid 294] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 295 attached [pid 292] <... clone resumed>, child_tidptr=0x555556789650) = 295 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] set_robust_list(0x555556789660, 24./strace-static-x86_64: Process 296 attached ) = 0 [pid 292] <... clone resumed>, child_tidptr=0x555556789650) = 296 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] set_robust_list(0x555556789660, 24./strace-static-x86_64: Process 297 attached ) = 0 [pid 295] <... clone resumed>, child_tidptr=0x555556789650) = 297 [pid 292] <... clone resumed>, child_tidptr=0x555556789650) = 298 [pid 297] set_robust_list(0x555556789660, 24 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x555556789660, 24) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... clone resumed>, child_tidptr=0x555556789650) = 299 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x555556789660, 24) = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0 [pid 292] <... clone resumed>, child_tidptr=0x555556789650) = 301 [pid 296] <... clone resumed>, child_tidptr=0x555556789650) = 300 [pid 300] <... setpgid resumed>) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 297] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x555556789660, 24) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] <... clone resumed>, child_tidptr=0x555556789650) = 302 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x555556789660, 24) = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] setpgid(0, 0 [pid 299] <... prctl resumed>) = 0 [pid 299] setpgid(0, 0) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "1000", 4) = 4 [pid 299] close(3 [pid 297] <... setpgid resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x555556789660, 24) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4 [pid 297] <... openat resumed>) = 3 [pid 302] <... write resumed>) = 4 [pid 302] close(3) = 0 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 297] write(3, "1000", 4) = 4 [pid 297] close(3) = 0 [ 20.660904][ T30] audit: type=1400 audit(1715591785.309:66): avc: denied { execmem } for pid=292 comm="syz-executor105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.668499][ T30] audit: type=1400 audit(1715591785.319:67): avc: denied { prog_load } for pid=294 comm="syz-executor105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 20.671771][ T30] audit: type=1400 audit(1715591785.319:68): avc: denied { bpf } for pid=294 comm="syz-executor105" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 20.675312][ T30] audit: type=1400 audit(1715591785.319:69): avc: denied { perfmon } for pid=294 comm="syz-executor105" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 300] <... bpf resumed>) = 3 [pid 294] <... bpf resumed>) = 3 [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16) = 4 [pid 300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 294] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 300] <... bpf resumed>) = 5 [pid 300] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 297] <... bpf resumed>) = 3 [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 299] <... bpf resumed>) = 3 [pid 300] <... bpf resumed>) = 7 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 300] exit_group(0 [pid 299] <... bpf resumed>) = 4 [pid 300] <... exit_group resumed>) = ? [pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 294] <... bpf resumed>) = 4 [ 20.818900][ T30] audit: type=1400 audit(1715591785.469:70): avc: denied { prog_run } for pid=294 comm="syz-executor105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 20.838898][ T30] audit: type=1400 audit(1715591785.469:71): avc: denied { prog_run } for pid=300 comm="syz-executor105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 299] <... bpf resumed>) = 5 [pid 297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 294] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 299] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 294] <... bpf resumed>) = 5 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 302] <... bpf resumed>) = 3 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 297] <... bpf resumed>) = 4 [pid 294] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 297] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 294] <... bpf resumed>) = 0 [pid 297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 294] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 302] <... bpf resumed>) = 4 [pid 300] +++ exited with 0 +++ [pid 299] <... bpf resumed>) = 7 [pid 297] <... bpf resumed>) = 7 [pid 294] <... bpf resumed>) = 6 [ 20.860725][ T30] audit: type=1400 audit(1715591785.489:72): avc: denied { map_create } for pid=300 comm="syz-executor105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 20.884640][ T30] audit: type=1400 audit(1715591785.489:73): avc: denied { map_read map_write } for pid=300 comm="syz-executor105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 20.905845][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 20.917316][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 20.925122][ T289] Modules linked in: [ 20.928862][ T289] Preemption disabled at: [ 20.928869][ T289] [] up_read+0x16/0x170 [ 20.938649][ T289] CPU: 1 PID: 289 Comm: strace-static-x Not tainted 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 20.948700][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 20.958603][ T289] Call Trace: [ 20.961721][ T289] [ 20.964498][ T289] dump_stack_lvl+0x151/0x1b7 [ 20.969009][ T289] ? up_read+0x16/0x170 [ 20.972997][ T289] ? up_read+0x16/0x170 [ 20.976996][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 20.982471][ T289] ? up_read+0x16/0x170 [ 20.986456][ T289] dump_stack+0x15/0x17 [ 20.990456][ T289] __schedule_bug+0x195/0x260 [ 20.994962][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 21.000087][ T289] __schedule+0xd19/0x1590 [ 21.004334][ T289] ? __sched_text_start+0x8/0x8 [ 21.009026][ T289] ? task_work_add+0x1b0/0x1d0 [ 21.013629][ T289] schedule+0x11f/0x1e0 [ 21.017702][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 21.022740][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 21.028029][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 21.033408][ T289] do_syscall_64+0x49/0xb0 [ 21.037665][ T289] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 21.043302][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.049055][ T289] RIP: 0033:0x4e65f7 [ 21.052766][ T289] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 21.072205][ T289] RSP: 002b:00007ffc6e3311a8 EFLAGS: 00000286 ORIG_RAX: 0000000000000003 [ 21.080448][ T289] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: 00000000004e65f7 [ 21.088261][ T289] RDX: 00007ffc6e3311b0 RSI: 0000000000008910 RDI: 0000000000000003 [ 21.096072][ T289] RBP: 0000000000000003 R08: 00000000ffffffff R09: 000000000000000c [ 21.103883][ T289] R10: 0000000000554612 R11: 0000000000000286 R12: 00007ffc6e331210 [ 21.111698][ T289] R13: 00007ffc6e3311b0 R14: 0000000000423160 R15: 0000000000617180 [pid 302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 299] exit_group(0 [pid 297] exit_group(0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [ 21.119511][ T289] [ 21.123611][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 21.135216][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 21.142598][ T289] Modules linked in: [ 21.146306][ T289] Preemption disabled at: [ 21.146312][ T289] [] preempt_schedule+0xd9/0xe0 [ 21.156740][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 21.168166][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 21.178058][ T289] Call Trace: [ 21.181185][ T289] [ 21.183960][ T289] dump_stack_lvl+0x151/0x1b7 [ 21.188473][ T289] ? preempt_schedule+0xd9/0xe0 [ 21.193162][ T289] ? preempt_schedule+0xd9/0xe0 [ 21.197966][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 21.203426][ T289] ? preempt_schedule+0xd9/0xe0 [ 21.208113][ T289] dump_stack+0x15/0x17 [ 21.212194][ T289] __schedule_bug+0x195/0x260 [ 21.216793][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 21.221916][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 21.227990][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 21.233113][ T289] __schedule+0xd19/0x1590 [ 21.237662][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 21.243009][ T289] ? bpf_trace_run2+0xf1/0x210 [ 21.247601][ T289] ? __sched_text_start+0x8/0x8 [ 21.252296][ T289] ? ptrace_check_attach+0x323/0x420 [ 21.257409][ T289] schedule+0x11f/0x1e0 [ 21.261405][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 21.266524][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 21.271819][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 21.277197][ T289] do_syscall_64+0x49/0xb0 [ 21.281456][ T289] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 21.287100][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.292929][ T289] RIP: 0033:0x4e6c1a [ 21.296658][ T289] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [pid 294] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 302] <... bpf resumed>) = 5 [pid 299] <... exit_group resumed>) = ? [pid 297] <... exit_group resumed>) = ? [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] <... bpf resumed>) = 7 [pid 302] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 299] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 302] <... bpf resumed>) = 0 [ 21.316188][ T289] RSP: 002b:00007ffc6e331280 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 21.324430][ T289] RAX: 0000000000000000 RBX: 0000000001ca62f8 RCX: 00000000004e6c1a [ 21.332242][ T289] RDX: 0000000000000000 RSI: 0000000000000128 RDI: 0000000000000018 [ 21.340574][ T289] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000000 [ 21.348688][ T289] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001ca7f90 [ 21.356456][ T289] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [ 21.364273][ T289] [ 21.370066][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 21.381470][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 21.389111][ T289] Modules linked in: [ 21.392809][ T289] Preemption disabled at: [ 21.392814][ T289] [] remove_wait_queue+0x26/0x140 [ 21.403600][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 21.415027][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 21.424922][ T289] Call Trace: [ 21.428050][ T289] [ 21.430824][ T289] dump_stack_lvl+0x151/0x1b7 [ 21.435335][ T289] ? remove_wait_queue+0x26/0x140 [ 21.440198][ T289] ? remove_wait_queue+0x26/0x140 [ 21.445060][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 21.450529][ T289] ? remove_wait_queue+0x26/0x140 [ 21.455387][ T289] dump_stack+0x15/0x17 [ 21.459380][ T289] __schedule_bug+0x195/0x260 [ 21.463893][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 21.469012][ T289] ? kernel_waitid+0x520/0x520 [ 21.473611][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 21.478757][ T289] __schedule+0xd19/0x1590 [ 21.483076][ T289] ? __x64_sys_wait4+0x181/0x1e0 [ 21.488028][ T289] ? bpf_trace_run2+0xf1/0x210 [ 21.492618][ T289] ? __sched_text_start+0x8/0x8 [ 21.497314][ T289] schedule+0x11f/0x1e0 [ 21.501472][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 21.506497][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 21.511792][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 21.517174][ T289] do_syscall_64+0x49/0xb0 [ 21.521426][ T289] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 21.527077][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.532795][ T289] RIP: 0033:0x4d49a6 [ 21.536527][ T289] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 21.555966][ T289] RSP: 002b:00007ffc6e331398 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 21.564214][ T289] RAX: 0000000000000130 RBX: 0000000000000001 RCX: 00000000004d49a6 [pid 294] exit_group(0./strace-static-x86_64: Process 304 attached [pid 296] <... clone resumed>, child_tidptr=0x555556789650) = 304 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 298] <... restart_syscall resumed>) = 0 [pid 297] +++ exited with 0 +++ [pid 294] <... exit_group resumed>) = ? [ 21.572023][ T289] RDX: 0000000040000001 RSI: 00007ffc6e3313bc RDI: 00000000ffffffff [ 21.579834][ T289] RBP: 0000000001ca7f90 R08: 0000000000000000 R09: 0000000000000000 [ 21.587647][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001cad2c0 [ 21.595546][ T289] R13: 0000000000000128 R14: 00007ffc6e3313bc R15: 0000000000617180 [ 21.604342][ T289] [ 21.608096][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000102, exited with 00000101? [pid 304] set_robust_list(0x555556789660, 24 [pid 302] <... bpf resumed>) = 6 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 304] <... set_robust_list resumed>) = 0 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 304] <... prctl resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 304] setpgid(0, 0 [pid 298] <... clone resumed>, child_tidptr=0x555556789650) = 305 [pid 304] <... setpgid resumed>) = 0 [pid 295] <... clone resumed>, child_tidptr=0x555556789650) = 306 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x555556789660, 24) = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [ 21.619507][ T296] BUG: scheduling while atomic: syz-executor105/296/0x00000002 [ 21.627041][ T296] Modules linked in: [ 21.630962][ T296] Preemption disabled at: [ 21.630969][ T296] [] ptrace_stop+0x588/0xa90 [ 21.641535][ T296] CPU: 1 PID: 296 Comm: syz-executor105 Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 21.652969][ T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 21.662863][ T296] Call Trace: [ 21.665987][ T296] [ 21.668853][ T296] dump_stack_lvl+0x151/0x1b7 [ 21.673365][ T296] ? ptrace_stop+0x588/0xa90 [ 21.677788][ T296] ? ptrace_stop+0x588/0xa90 [ 21.682303][ T296] ? io_uring_drop_tctx_refs+0x190/0x190 [ 21.687780][ T296] ? ptrace_stop+0x588/0xa90 [ 21.692199][ T296] dump_stack+0x15/0x17 [ 21.696193][ T296] __schedule_bug+0x195/0x260 [ 21.700706][ T296] ? ttwu_queue_wakelist+0x510/0x510 [ 21.705823][ T296] ? ktime_get+0x12f/0x160 [ 21.710077][ T296] __schedule+0xd19/0x1590 [ 21.714329][ T296] ? tick_program_event+0x9f/0x120 [ 21.719276][ T296] ? hrtimer_reprogram+0x389/0x430 [ 21.724404][ T296] ? __sched_text_start+0x8/0x8 [ 21.729091][ T296] schedule+0x11f/0x1e0 [ 21.733075][ T296] do_nanosleep+0x181/0x6a0 [ 21.737418][ T296] ? usleep_range_state+0x160/0x160 [ 21.742450][ T296] ? hrtimer_init_sleeper+0x3b/0x1a0 [ 21.747831][ T296] ? hrtimer_nanosleep+0x107/0x3f0 [ 21.752780][ T296] hrtimer_nanosleep+0x1c5/0x3f0 [ 21.757667][ T296] ? nanosleep_copyout+0x120/0x120 [ 21.762586][ T296] ? __remove_hrtimer+0x4d0/0x4d0 [ 21.767447][ T296] ? get_timespec64+0x197/0x270 [ 21.772135][ T296] ? timespec64_add_safe+0x220/0x220 [ 21.777341][ T296] common_nsleep+0x91/0xb0 [ 21.781593][ T296] __se_sys_clock_nanosleep+0x323/0x3b0 [ 21.786975][ T296] ? __x64_sys_clock_nanosleep+0xb0/0xb0 [ 21.792442][ T296] ? __bpf_trace_sys_enter+0x62/0x70 [ 21.797567][ T296] __x64_sys_clock_nanosleep+0x9b/0xb0 [ 21.802857][ T296] do_syscall_64+0x3d/0xb0 [ 21.807112][ T296] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.812924][ T296] RIP: 0033:0x7ff1e196d703 [ 21.817269][ T296] Code: 00 00 00 00 00 66 90 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 7e 09 05 00 00 74 14 b8 e6 00 00 00 0f 05 d8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 [ 21.836705][ T296] RSP: 002b:00007ffc988ba3d8 EFLAGS: 00000202 ORIG_RAX: 00000000000000e6 [ 21.844955][ T296] RAX: ffffffffffffffda RBX: 0000000000000130 RCX: 00007ff1e196d703 [ 21.852762][ T296] RDX: 00007ffc988ba3f0 RSI: 0000000000000000 RDI: 0000000000000000 [ 21.860573][ T296] RBP: 00000000000f4240 R08: 00007ffc989d2080 R09: 00007ffc989d20b0 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 305 attached [pid 304] <... bpf resumed>) = 4 [pid 302] <... bpf resumed>) = 7 [pid 294] +++ exited with 0 +++ [pid 306] <... bpf resumed>) = 3 [pid 305] set_robust_list(0x555556789660, 24 [ 21.868389][ T296] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000005457 [ 21.876205][ T296] R13: 00007ffc988ba42c R14: 00007ffc988ba440 R15: 00007ffc988ba430 [ 21.884014][ T296] [ 21.890901][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 21.902329][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 21.909781][ T289] Modules linked in: [ 21.913486][ T289] Preemption disabled at: [ 21.913491][ T289] [] __se_sys_ptrace+0x229/0x400 [ 21.923985][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 21.935439][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 21.945419][ T289] Call Trace: [ 21.948540][ T289] [ 21.951319][ T289] dump_stack_lvl+0x151/0x1b7 [ 21.955832][ T289] ? __se_sys_ptrace+0x229/0x400 [ 21.960634][ T289] ? __se_sys_ptrace+0x229/0x400 [ 21.965381][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 21.970856][ T289] ? __se_sys_ptrace+0x229/0x400 [ 21.975622][ T289] dump_stack+0x15/0x17 [ 21.979625][ T289] __schedule_bug+0x195/0x260 [ 21.984137][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 21.989363][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 21.995011][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 22.000046][ T289] __schedule+0xd19/0x1590 [ 22.004303][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 22.009672][ T289] ? bpf_trace_run2+0xf1/0x210 [ 22.014389][ T289] ? __sched_text_start+0x8/0x8 [ 22.019198][ T289] ? ptrace_check_attach+0x323/0x420 [ 22.024400][ T289] schedule+0x11f/0x1e0 [ 22.028396][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 22.033431][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 22.038725][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 22.044113][ T289] do_syscall_64+0x49/0xb0 [ 22.048357][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 22.054088][ T289] RIP: 0033:0x4e6c1a [ 22.057836][ T289] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 22.077256][ T289] RSP: 002b:00007ffc6e331280 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 22.085503][ T289] RAX: 0000000000000000 RBX: 0000000001ca62f8 RCX: 00000000004e6c1a [ 22.093317][ T289] RDX: 0000000000000000 RSI: 000000000000012d RDI: 0000000000000018 [ 22.101126][ T289] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000002 [ 22.109026][ T289] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001ca84d0 [ 22.116834][ T289] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [pid 304] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 302] exit_group(0 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=294, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 305] <... set_robust_list resumed>) = 0 [pid 304] <... bpf resumed>) = 5 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] <... exit_group resumed>) = ? [pid 306] <... bpf resumed>) = 4 [pid 305] write(3, "1000", 4 [pid 304] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 305] <... write resumed>) = 4 [pid 304] <... bpf resumed>) = 0 [pid 305] close(3) = 0 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 306] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 305] <... bpf resumed>) = 3 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 302] +++ exited with 0 +++ [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 306] <... bpf resumed>) = 5 [pid 305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16) = 4 [pid 305] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 306] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 305] <... bpf resumed>) = 5 [pid 304] <... bpf resumed>) = 6 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 306] <... bpf resumed>) = 0 [pid 305] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 305] <... bpf resumed>) = 0 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 293] <... clone resumed>, child_tidptr=0x555556789650) = 308 ./strace-static-x86_64: Process 308 attached [pid 306] <... bpf resumed>) = 6 [pid 305] <... bpf resumed>) = 6 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x555556789660, 24) = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 308] set_robust_list(0x555556789660, 24 [pid 301] <... clone resumed>, child_tidptr=0x555556789650) = 309 [pid 309] <... prctl resumed>) = 0 [pid 308] <... set_robust_list resumed>) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0 [pid 309] <... openat resumed>) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 308] <... setpgid resumed>) = 0 [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 309] <... bpf resumed>) = 3 [pid 308] <... openat resumed>) = 3 [pid 308] write(3, "1000", 4 [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 308] <... write resumed>) = 4 [pid 308] close(3) = 0 [pid 308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 309] <... bpf resumed>) = 4 [pid 308] <... bpf resumed>) = 3 [pid 306] <... bpf resumed>) = 7 [pid 305] <... bpf resumed>) = 7 [pid 304] <... bpf resumed>) = 7 [pid 306] exit_group(0 [pid 305] exit_group(0 [pid 306] <... exit_group resumed>) = ? [pid 305] <... exit_group resumed>) = ? [pid 304] exit_group(0 [pid 309] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 308] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 306] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 308] <... bpf resumed>) = 4 [ 22.124650][ T289] [ 22.148920][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 22.160407][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 22.166911][ T287] Modules linked in: [ 22.170522][ T287] Preemption disabled at: [ 22.170530][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 22.181623][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 22.192043][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 22.201937][ T287] Call Trace: [ 22.205149][ T287] [ 22.207925][ T287] dump_stack_lvl+0x151/0x1b7 [ 22.212441][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 22.217848][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 22.223143][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 22.228610][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 22.233905][ T287] dump_stack+0x15/0x17 [ 22.237905][ T287] __schedule_bug+0x195/0x260 [ 22.242410][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 22.247629][ T287] __schedule+0xd19/0x1590 [ 22.252054][ T287] ? __sched_text_start+0x8/0x8 [ 22.256741][ T287] schedule+0x11f/0x1e0 [ 22.260732][ T287] schedule_hrtimeout_range_clock+0x228/0x3a0 [ 22.266634][ T287] ? hrtimer_nanosleep_restart+0x170/0x170 [ 22.272274][ T287] ? add_wait_queue+0x189/0x1c0 [ 22.277315][ T287] ? __remove_hrtimer+0x4d0/0x4d0 [ 22.282178][ T287] ? __pollwait+0x2f5/0x3f0 [ 22.286511][ T287] ? poll_initwait+0x160/0x160 [ 22.291121][ T287] schedule_hrtimeout_range+0x2a/0x40 [ 22.296406][ T287] do_sys_poll+0xe20/0x12d0 [ 22.300750][ T287] ? poll_select_finish+0x7b0/0x7b0 [ 22.305781][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 22.311599][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 22.317406][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 22.323224][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 22.329050][ T287] ? _raw_spin_lock_irqsave+0x210/0x210 [ 22.334427][ T287] ? __kasan_check_write+0x14/0x20 [ 22.339370][ T287] ? recalc_sigpending+0x1a5/0x230 [ 22.346515][ T287] ? _raw_spin_unlock_irq+0x4e/0x70 [ 22.351576][ T287] ? sigprocmask+0x280/0x280 [ 22.355965][ T287] ? set_current_blocked+0x40/0x40 [ 22.360904][ T287] __se_sys_ppoll+0x29c/0x330 [ 22.365793][ T287] ? __x64_sys_ppoll+0xd0/0xd0 [ 22.370471][ T287] ? __bpf_trace_sys_enter+0x62/0x70 [ 22.375593][ T287] __x64_sys_ppoll+0xbf/0xd0 [ 22.380032][ T287] do_syscall_64+0x3d/0xb0 [ 22.384364][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 22.390098][ T287] RIP: 0033:0x7f1e21a3dad5 [ 22.394352][ T287] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 [ 22.413793][ T287] RSP: 002b:00007ffdfad8a1e0 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 22.422032][ T287] RAX: ffffffffffffffda RBX: 00000000000668a0 RCX: 00007f1e21a3dad5 [ 22.429844][ T287] RDX: 00007ffdfad8a200 RSI: 0000000000000004 RDI: 0000564bd30b0840 [ 22.437656][ T287] RBP: 0000564bd30af410 R08: 0000000000000008 R09: 0000000000000000 [pid 308] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 309] <... bpf resumed>) = 5 [pid 305] +++ exited with 0 +++ [pid 304] <... exit_group resumed>) = ? [pid 309] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 304] +++ exited with 0 +++ [pid 309] <... bpf resumed>) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 308] <... bpf resumed>) = 5 [pid 308] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 295] <... clone resumed>, child_tidptr=0x555556789650) = 310 ./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x555556789660, 24) = 0 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] <... clone resumed>, child_tidptr=0x555556789650) = 311 [pid 311] <... prctl resumed>) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 308] <... bpf resumed>) = 6 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 308] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16) = 7 [pid 308] exit_group(0) = ? [pid 296] <... clone resumed>, child_tidptr=0x555556789650) = 312 ./strace-static-x86_64: Process 312 attached ./strace-static-x86_64: Process 310 attached [pid 311] <... bpf resumed>) = 3 [pid 309] <... bpf resumed>) = 6 [pid 308] +++ exited with 0 +++ [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 312] set_robust_list(0x555556789660, 24) = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 310] set_robust_list(0x555556789660, 24 [pid 312] <... prctl resumed>) = 0 [pid 310] <... set_robust_list resumed>) = 0 [pid 312] setpgid(0, 0 [pid 293] <... restart_syscall resumed>) = 0 [pid 312] <... setpgid resumed>) = 0 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 310] <... prctl resumed>) = 0 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 310] setpgid(0, 0./strace-static-x86_64: Process 313 attached [pid 312] <... openat resumed>) = 3 [pid 312] write(3, "1000", 4 [pid 310] <... setpgid resumed>) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555556789650) = 313 [pid 312] <... write resumed>) = 4 [pid 313] set_robust_list(0x555556789660, 24 [pid 312] close(3 [pid 313] <... set_robust_list resumed>) = 0 [pid 312] <... close resumed>) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 310] <... openat resumed>) = 3 [pid 313] <... prctl resumed>) = 0 [pid 313] setpgid(0, 0 [pid 312] <... bpf resumed>) = 3 [pid 310] write(3, "1000", 4 [pid 312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 310] <... write resumed>) = 4 [pid 313] <... setpgid resumed>) = 0 [pid 310] close(3) = 0 [pid 310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 313] write(3, "1000", 4 [pid 310] <... bpf resumed>) = 3 [pid 313] <... write resumed>) = 4 [pid 310] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 313] close(3) = 0 [pid 313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 309] <... bpf resumed>) = 7 [ 22.445554][ T287] R10: 00007ffdfad8a2e8 R11: 0000000000000246 R12: 0000564bd24eaaa4 [ 22.453363][ T287] R13: 0000000000000001 R14: 0000564bd24eb3e8 R15: 00007ffdfad8a268 [ 22.461438][ T287] [ 22.487172][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 22.498944][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 22.505379][ T287] Modules linked in: [ 22.509142][ T287] Preemption disabled at: [ 22.509149][ T287] [] pipe_read+0x5b3/0x1040 [ 22.519151][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 22.529616][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 22.539508][ T287] Call Trace: [ 22.542651][ T287] [ 22.545410][ T287] dump_stack_lvl+0x151/0x1b7 [ 22.549923][ T287] ? pipe_read+0x5b3/0x1040 [ 22.554263][ T287] ? pipe_read+0x5b3/0x1040 [ 22.558602][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 22.564073][ T287] ? pipe_read+0x5b3/0x1040 [ 22.568409][ T287] dump_stack+0x15/0x17 [ 22.572403][ T287] __schedule_bug+0x195/0x260 [ 22.576915][ T287] ? bpf_bprintf_cleanup+0x3f/0x60 [ 22.581865][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 22.586985][ T287] ? bpf_bprintf_cleanup+0x3f/0x60 [ 22.592025][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 22.597322][ T287] __schedule+0xd19/0x1590 [ 22.601567][ T287] ? bpf_trace_run2+0xf1/0x210 [ 22.606167][ T287] ? __sched_text_start+0x8/0x8 [ 22.610850][ T287] ? bpf_trace_run1+0x1c0/0x1c0 [ 22.615538][ T287] ? ksys_read+0x24f/0x2c0 [ 22.619790][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 22.625262][ T287] schedule+0x11f/0x1e0 [ 22.629253][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 22.634287][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 22.639666][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 22.645047][ T287] do_syscall_64+0x49/0xb0 [ 22.649302][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 22.655209][ T287] RIP: 0033:0x7f1e21a21587 [ 22.659456][ T287] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 22.679072][ T287] RSP: 002b:00007ffdfad8a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 22.687403][ T287] RAX: 000000000000011f RBX: 0000000000000006 RCX: 00007f1e21a21587 [pid 311] <... bpf resumed>) = 4 [pid 313] <... bpf resumed>) = 4 [pid 312] <... bpf resumed>) = 4 [pid 311] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 310] <... bpf resumed>) = 4 [pid 309] exit_group(0) = ? [pid 309] +++ exited with 0 +++ [pid 313] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 313] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 312] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 312] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 311] <... bpf resumed>) = 5 [pid 311] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 310] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 310] <... bpf resumed>) = 5 ./strace-static-x86_64: Process 316 attached [pid 310] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 301] <... clone resumed>, child_tidptr=0x555556789650) = 316 [pid 310] <... bpf resumed>) = 0 [pid 310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 316] set_robust_list(0x555556789660, 24 [pid 310] <... bpf resumed>) = 6 [ 22.695505][ T287] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006 [ 22.703287][ T287] RBP: 0000564bd30b18fe R08: 0000000000000000 R09: 0000000000000000 [ 22.711103][ T287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000400 [ 22.718909][ T287] R13: 0000000000000006 R14: 0000000000000000 R15: 0000564bd30afc90 [ 22.726738][ T287] [ 22.736942][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000102, exited with 00000101? [ 22.748544][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 22.754918][ T287] Modules linked in: [ 22.758678][ T287] Preemption disabled at: [ 22.758685][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 22.769694][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 22.780167][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 22.790235][ T287] Call Trace: [ 22.793357][ T287] [ 22.796136][ T287] dump_stack_lvl+0x151/0x1b7 [ 22.800646][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 22.805941][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 22.811410][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 22.816877][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 22.822170][ T287] dump_stack+0x15/0x17 [ 22.826162][ T287] __schedule_bug+0x195/0x260 [ 22.830676][ T287] ? __kasan_check_write+0x14/0x20 [ 22.835646][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 22.840752][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 22.846040][ T287] __schedule+0xd19/0x1590 [ 22.850383][ T287] ? __kasan_check_read+0x11/0x20 [ 22.855247][ T287] ? _copy_to_user+0x78/0x90 [ 22.859674][ T287] ? __sched_text_start+0x8/0x8 [ 22.864438][ T287] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 22.869917][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 22.875287][ T287] ? kvm_sched_clock_read+0x18/0x40 [ 22.880332][ T287] schedule+0x11f/0x1e0 [ 22.884497][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 22.889530][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 22.894943][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 22.900402][ T287] do_syscall_64+0x49/0xb0 [ 22.904742][ T287] ? sysvec_call_function_single+0x52/0xb0 [ 22.910477][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 22.916786][ T287] RIP: 0033:0x7f1e219e6773 [ 22.921026][ T287] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 22.941168][ T287] RSP: 002b:00007ffdfad8a200 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [pid 310] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 313] <... bpf resumed>) = 7 [pid 311] <... bpf resumed>) = 7 [pid 310] <... bpf resumed>) = 7 [pid 311] exit_group(0 [pid 310] exit_group(0 [pid 311] <... exit_group resumed>) = ? [pid 310] <... exit_group resumed>) = ? [pid 311] +++ exited with 0 +++ [pid 310] +++ exited with 0 +++ [pid 312] <... bpf resumed>) = 7 [pid 312] exit_group(0) = ? [pid 313] exit_group(0) = ? [pid 316] <... set_robust_list resumed>) = 0 [pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 316] setpgid(0, 0) = 0 [pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 316] write(3, "1000", 4) = 4 [pid 316] close(3) = 0 [pid 316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 316] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=21} --- [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556789650) = 317 ./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x555556789660, 24) = 0 [pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 317] setpgid(0, 0) = 0 [pid 317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 317] write(3, "1000", 4) = 4 [pid 317] close(3) = 0 [pid 317] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 317] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556789650) = 319 ./strace-static-x86_64: Process 319 attached [ 22.949495][ T287] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007f1e219e6773 [ 22.957296][ T287] RDX: 00007ffdfad8a2e8 RSI: 00007ffdfad8a268 RDI: 0000000000000001 [ 22.965109][ T287] RBP: 0000564bd30af410 R08: 0000000000000001 R09: 0000000000000000 [ 22.972921][ T287] R10: 0000000000000008 R11: 0000000000000246 R12: 0000564bd24eaaa4 [ 22.980734][ T287] R13: 0000000000000016 R14: 0000564bd24eb3e8 R15: 00007ffdfad8a268 [ 22.988555][ T287] [ 22.996793][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 23.008208][ T301] BUG: scheduling while atomic: syz-executor105/301/0x00000002 [ 23.015531][ T301] Modules linked in: [ 23.019345][ T301] Preemption disabled at: [ 23.019352][ T301] [] ptrace_stop+0x588/0xa90 [ 23.029683][ T301] CPU: 1 PID: 301 Comm: syz-executor105 Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 23.041141][ T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [pid 319] set_robust_list(0x555556789660, 24) = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [ 23.051037][ T301] Call Trace: [ 23.054160][ T301] [ 23.056944][ T301] dump_stack_lvl+0x151/0x1b7 [ 23.061450][ T301] ? ptrace_stop+0x588/0xa90 [ 23.065877][ T301] ? ptrace_stop+0x588/0xa90 [ 23.070389][ T301] ? io_uring_drop_tctx_refs+0x190/0x190 [ 23.075858][ T301] ? ptrace_stop+0x588/0xa90 [ 23.080292][ T301] dump_stack+0x15/0x17 [ 23.084276][ T301] __schedule_bug+0x195/0x260 [ 23.088793][ T301] ? ttwu_queue_wakelist+0x510/0x510 [ 23.093913][ T301] __schedule+0xd19/0x1590 [ 23.098165][ T301] ? __kasan_check_write+0x14/0x20 [ 23.103109][ T301] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.108058][ T301] ? __sched_text_start+0x8/0x8 [ 23.112744][ T301] ? cgroup_update_frozen+0x15f/0x980 [ 23.117954][ T301] schedule+0x11f/0x1e0 [ 23.121944][ T301] ptrace_stop+0x4ea/0xa90 [ 23.126297][ T301] ptrace_notify+0x22b/0x350 [ 23.130711][ T301] ? do_notify_parent+0xa30/0xa30 [ 23.135571][ T301] ? __bpf_trace_sys_enter+0x62/0x70 [ 23.140694][ T301] ? __traceiter_sys_enter+0x2a/0x40 [ 23.145811][ T301] syscall_exit_to_user_mode+0xac/0x160 [ 23.151203][ T301] do_syscall_64+0x49/0xb0 [ 23.155453][ T301] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.161260][ T301] RIP: 0033:0x7ff1e1943bb3 [ 23.165515][ T301] Code: fe ff e9 41 ff ff ff 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 80 3d d1 a4 07 00 00 49 89 ca 74 14 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5d c3 0f 1f 40 00 48 83 ec 28 89 54 24 14 48 [ 23.184959][ T301] RSP: 002b:00007ffc988ba418 EFLAGS: 00000202 ORIG_RAX: 000000000000003d [ 23.193297][ T301] RAX: 0000000000000000 RBX: 000000000000013c RCX: 00007ff1e1943bb3 [pid 319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 316] <... bpf resumed>) = 4 [pid 312] +++ exited with 0 +++ [pid 319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 316] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 320 attached [pid 316] <... bpf resumed>) = 5 [pid 296] <... clone resumed>, child_tidptr=0x555556789650) = 320 [pid 316] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 320] set_robust_list(0x555556789660, 24 [pid 316] <... bpf resumed>) = 0 [pid 320] <... set_robust_list resumed>) = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 316] <... bpf resumed>) = 6 [pid 320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 316] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 317] <... bpf resumed>) = 4 [pid 313] +++ exited with 0 +++ [pid 319] <... bpf resumed>) = 4 [ 23.201099][ T301] RDX: 0000000040000001 RSI: 00007ffc988ba42c RDI: 00000000ffffffff [ 23.208911][ T301] RBP: 00000000000f4240 R08: 00007ffc989d2080 R09: 00007ffc989d20b0 [ 23.216726][ T301] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000000058be [ 23.224540][ T301] R13: 00007ffc988ba42c R14: 00007ffc988ba440 R15: 00007ffc988ba430 [ 23.232347][ T301] [ 23.256951][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 23.268373][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 23.275694][ T289] Modules linked in: [ 23.279538][ T289] Preemption disabled at: [ 23.279545][ T289] [] try_to_wake_up+0x86/0x1160 [ 23.289882][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 23.301385][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.311279][ T289] Call Trace: [ 23.314405][ T289] [ 23.317184][ T289] dump_stack_lvl+0x151/0x1b7 [ 23.321694][ T289] ? try_to_wake_up+0x86/0x1160 [ 23.326379][ T289] ? try_to_wake_up+0x86/0x1160 [ 23.331070][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 23.336537][ T289] ? try_to_wake_up+0x86/0x1160 [ 23.341230][ T289] dump_stack+0x15/0x17 [ 23.345216][ T289] __schedule_bug+0x195/0x260 [ 23.349730][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 23.354852][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 23.360490][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 23.365529][ T289] __schedule+0xd19/0x1590 [ 23.369963][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.375337][ T289] ? __sched_text_start+0x8/0x8 [ 23.380197][ T289] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.385228][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.390610][ T289] ? ptrace_check_attach+0x323/0x420 [ 23.395731][ T289] schedule+0x11f/0x1e0 [ 23.399724][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 23.404754][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.410051][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 23.415430][ T289] do_syscall_64+0x49/0xb0 [ 23.419683][ T289] ? sysvec_call_function_single+0x52/0xb0 [ 23.425326][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.431085][ T289] RIP: 0033:0x4e6c1a [ 23.434789][ T289] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 23.454230][ T289] RSP: 002b:00007ffc6e331200 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 23.462929][ T289] RAX: 0000000000000050 RBX: 0000000001ca8230 RCX: 00000000004e6c1a [ 23.470716][ T289] RDX: 0000000000000058 RSI: 000000000000012a RDI: 000000000000420e [ 23.478705][ T289] RBP: 00007ffc6e331300 R08: 000000000000420d R09: 0000000000000003 [ 23.486514][ T289] R10: 000000000063c820 R11: 0000000000000206 R12: 0000000001ca8230 [ 23.494331][ T289] R13: 00007ffc6e33135c R14: 000000000000857f R15: 0000000000617180 [ 23.502147][ T289] [pid 320] <... bpf resumed>) = 4 [pid 319] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 317] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 316] <... bpf resumed>) = 7 [pid 320] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 320] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [ 23.506173][ C0] softirq: huh, entered softirq 9 RCU ffffffff815cac40 with preempt_count 00000103, exited with 00000102? [ 23.517308][ T82] BUG: scheduling while atomic: syslogd/82/0x00000002 [ 23.524029][ T82] Modules linked in: [ 23.524559][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 23.527708][ T82] Preemption disabled at: [ 23.539065][ T82] [] is_module_text_address+0x1a/0x140 [ 23.539089][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 23.539100][ T289] Modules linked in: [ 23.543215][ T82] CPU: 0 PID: 82 Comm: syslogd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 23.550117][ T289] [ 23.557440][ T82] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.557450][ T82] Call Trace: [ 23.557455][ T82] [ 23.557461][ T82] dump_stack_lvl+0x151/0x1b7 [ 23.561170][ T289] Preemption disabled at: [ 23.561175][ T289] [] preempt_schedule+0xd9/0xe0 [ 23.571848][ T82] ? is_module_text_address+0x1a/0x140 [ 23.571866][ T82] ? is_module_text_address+0x1a/0x140 [ 23.615335][ T82] ? io_uring_drop_tctx_refs+0x190/0x190 [ 23.620888][ T82] ? is_module_text_address+0x1a/0x140 [ 23.626183][ T82] dump_stack+0x15/0x17 [ 23.630174][ T82] __schedule_bug+0x195/0x260 [ 23.634686][ T82] ? ttwu_queue_wakelist+0x510/0x510 [ 23.639815][ T82] ? bpf_bprintf_cleanup+0x1a/0x60 [ 23.644768][ T82] __schedule+0xd19/0x1590 [ 23.649011][ T82] ? __kasan_check_read+0x11/0x20 [ 23.653876][ T82] ? __fdget_pos+0x2ee/0x3a0 [ 23.658471][ T82] ? __sched_text_start+0x8/0x8 [ 23.663242][ T82] ? ksys_write+0x24f/0x2c0 [ 23.667585][ T82] schedule+0x11f/0x1e0 [ 23.671677][ T82] exit_to_user_mode_loop+0x4d/0xe0 [ 23.676790][ T82] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.682079][ T82] syscall_exit_to_user_mode+0x26/0x160 [ 23.687461][ T82] do_syscall_64+0x49/0xb0 [ 23.691885][ T82] ? sysvec_call_function_single+0x52/0xb0 [ 23.697538][ T82] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.703256][ T82] RIP: 0033:0x7fc85668bbf2 [ 23.707515][ T82] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 23.727123][ T82] RSP: 002b:00007ffd63077538 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 23.735374][ T82] RAX: 000000000000009d RBX: 0000000000000003 RCX: 00007fc85668bbf2 [ 23.743180][ T82] RDX: 000000000000009d RSI: 0000558ae13fc600 RDI: 0000000000000003 [ 23.750995][ T82] RBP: 0000558ae13fc600 R08: 0000000000000001 R09: 0000000000000000 [ 23.758809][ T82] R10: 00007fc85682a3a3 R11: 0000000000000246 R12: 000000000000009d [ 23.766615][ T82] R13: 00007fc856537300 R14: 0000000000000004 R15: 0000558ae13fc410 [ 23.774430][ T82] [ 23.777299][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 23.788748][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.798746][ T289] Call Trace: [ 23.802110][ T289] [ 23.804903][ T289] dump_stack_lvl+0x151/0x1b7 [ 23.809417][ T289] ? preempt_schedule+0xd9/0xe0 [ 23.814087][ T289] ? preempt_schedule+0xd9/0xe0 [ 23.818775][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 23.824246][ T289] ? preempt_schedule+0xd9/0xe0 [ 23.828931][ T289] dump_stack+0x15/0x17 [ 23.832923][ T289] __schedule_bug+0x195/0x260 [ 23.837447][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 23.842652][ T289] ? kernel_waitid+0x520/0x520 [ 23.847330][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 23.852364][ T289] __schedule+0xd19/0x1590 [ 23.856617][ T289] ? __x64_sys_wait4+0x181/0x1e0 [ 23.861390][ T289] ? bpf_trace_run2+0xf1/0x210 [ 23.866077][ T289] ? __sched_text_start+0x8/0x8 [ 23.871350][ T289] schedule+0x11f/0x1e0 [ 23.876025][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 23.881501][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.886794][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 23.892274][ T289] do_syscall_64+0x49/0xb0 [ 23.896878][ T289] ? sysvec_call_function_single+0x52/0xb0 [ 23.903506][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.909191][ T289] RIP: 0033:0x4d49a6 [ 23.912918][ T289] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 23.932443][ T289] RSP: 002b:00007ffc6e331398 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 23.940690][ T289] RAX: 0000000000000140 RBX: 0000000001ca62f8 RCX: 00000000004d49a6 [ 23.948500][ T289] RDX: 0000000040000000 RSI: 00007ffc6e3313bc RDI: 00000000ffffffff [pid 320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 319] <... bpf resumed>) = 5 [pid 317] <... bpf resumed>) = 5 [pid 316] exit_group(0 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 320] <... bpf resumed>) = 7 [pid 319] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 317] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 316] <... exit_group resumed>) = ? [pid 319] <... bpf resumed>) = 0 [pid 319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 317] <... bpf resumed>) = 0 [pid 293] restart_syscall(<... resuming interrupted clone ...> [ 23.956311][ T289] RBP: 0000000000000000 R08: 0000000000000017 R09: 0000000000000001 [ 23.964120][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001cad3e0 [ 23.971931][ T289] R13: 0000000000000000 R14: 00007ffc6e3313bc R15: 0000000000617180 [ 23.979761][ T289] [ 23.990689][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000102, exited with 00000101? [ 24.002212][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 24.008633][ T287] Modules linked in: [ 24.012323][ T287] Preemption disabled at: [ 24.012332][ T287] [] pipe_read+0x5b3/0x1040 [ 24.022563][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 24.033028][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.042921][ T287] Call Trace: [ 24.046043][ T287] [ 24.048822][ T287] dump_stack_lvl+0x151/0x1b7 [ 24.053331][ T287] ? pipe_read+0x5b3/0x1040 [ 24.057672][ T287] ? pipe_read+0x5b3/0x1040 [ 24.062013][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.067578][ T287] ? pipe_read+0x5b3/0x1040 [ 24.071907][ T287] dump_stack+0x15/0x17 [ 24.075899][ T287] __schedule_bug+0x195/0x260 [ 24.081021][ T287] ? bpf_bprintf_cleanup+0x3f/0x60 [ 24.085967][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 24.091087][ T287] ? bpf_bprintf_cleanup+0x3f/0x60 [ 24.096035][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 24.101330][ T287] __schedule+0xd19/0x1590 [ 24.105584][ T287] ? bpf_trace_run2+0xf1/0x210 [ 24.110183][ T287] ? __sched_text_start+0x8/0x8 [ 24.114880][ T287] ? bpf_trace_run1+0x1c0/0x1c0 [ 24.119556][ T287] ? ksys_read+0x24f/0x2c0 [ 24.123813][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 24.129194][ T287] schedule+0x11f/0x1e0 [ 24.133182][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 24.138216][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 24.143509][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 24.148891][ T287] do_syscall_64+0x49/0xb0 [ 24.153144][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.158959][ T287] RIP: 0033:0x7f1e21a21587 [ 24.163214][ T287] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 24.182654][ T287] RSP: 002b:00007ffdfad85a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 24.190900][ T287] RAX: 000000000000011f RBX: 0000000000000000 RCX: 00007f1e21a21587 [ 24.198719][ T287] RDX: 000000000000085c RSI: 0000564bd24f6480 RDI: 0000564bd24f3937 [pid 319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 320] exit_group(0 [pid 317] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 293] <... restart_syscall resumed>) = 0 [pid 320] <... exit_group resumed>) = ? [pid 317] <... bpf resumed>) = 6 [pid 317] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556789650) = 322 ./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x555556789660, 24) = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 319] <... bpf resumed>) = 7 [pid 316] +++ exited with 0 +++ [pid 319] exit_group(0) = ? [pid 322] <... bpf resumed>) = 3 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 323 attached , child_tidptr=0x555556789650) = 323 [ 24.206520][ T287] RBP: 0000564bd24f4856 R08: 0000000000000006 R09: 0000000000000000 [ 24.214331][ T287] R10: 0000564bd24f4856 R11: 0000000000000246 R12: 0000564bd24f3937 [ 24.222232][ T287] R13: 0000564bd24f6480 R14: 0000564bd24f6480 R15: 00007ffdfad85fc0 [ 24.230048][ T287] [ 24.238356][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 24.249924][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 24.257308][ T289] Modules linked in: [ 24.260983][ T289] Preemption disabled at: [ 24.260989][ T289] [] remove_wait_queue+0x26/0x140 [ 24.271702][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 24.283125][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.293095][ T289] Call Trace: [ 24.296223][ T289] [ 24.299000][ T289] dump_stack_lvl+0x151/0x1b7 [ 24.303518][ T289] ? remove_wait_queue+0x26/0x140 [ 24.308377][ T289] ? remove_wait_queue+0x26/0x140 [ 24.313238][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.318701][ T289] ? remove_wait_queue+0x26/0x140 [ 24.323561][ T289] dump_stack+0x15/0x17 [ 24.327556][ T289] __schedule_bug+0x195/0x260 [ 24.332065][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 24.337185][ T289] ? kernel_waitid+0x520/0x520 [ 24.341789][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 24.346820][ T289] __schedule+0xd19/0x1590 [ 24.351079][ T289] ? __x64_sys_wait4+0x181/0x1e0 [ 24.355848][ T289] ? bpf_trace_run2+0xf1/0x210 [ 24.360449][ T289] ? __sched_text_start+0x8/0x8 [ 24.365134][ T289] schedule+0x11f/0x1e0 [ 24.369126][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 24.374247][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 24.379541][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 24.385010][ T289] do_syscall_64+0x49/0xb0 [ 24.389262][ T289] ? sysvec_call_function_single+0x52/0xb0 [ 24.394903][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.400631][ T289] RIP: 0033:0x4d49a6 [ 24.404454][ T289] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 24.424090][ T289] RSP: 002b:00007ffc6e331398 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 24.432332][ T289] RAX: 000000000000012d RBX: 0000000000000001 RCX: 00000000004d49a6 [ 24.440284][ T289] RDX: 0000000040000001 RSI: 00007ffc6e3313bc RDI: 00000000ffffffff [ 24.448483][ T289] RBP: 0000000001ca8770 R08: 0000000000000000 R09: 0000000000000000 [pid 323] set_robust_list(0x555556789660, 24) = 0 [ 24.456293][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001cad2c0 [ 24.464097][ T289] R13: 0000000000000143 R14: 00007ffc6e3313bc R15: 0000000000617180 [ 24.471915][ T289] [ 24.476331][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 24.487745][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 24.494145][ T287] Modules linked in: [ 24.497900][ T287] Preemption disabled at: [ 24.497908][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 24.508899][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 24.519380][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.529274][ T287] Call Trace: [ 24.532397][ T287] [ 24.535174][ T287] dump_stack_lvl+0x151/0x1b7 [ 24.539685][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 24.544979][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 24.550273][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.555830][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 24.561124][ T287] dump_stack+0x15/0x17 [ 24.565114][ T287] __schedule_bug+0x195/0x260 [ 24.569637][ T287] ? __kasan_check_write+0x14/0x20 [ 24.574576][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 24.579704][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 24.584995][ T287] __schedule+0xd19/0x1590 [ 24.589245][ T287] ? __kasan_check_read+0x11/0x20 [ 24.594105][ T287] ? _copy_to_user+0x78/0x90 [ 24.598531][ T287] ? __sched_text_start+0x8/0x8 [ 24.603217][ T287] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 24.608686][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 24.614068][ T287] schedule+0x11f/0x1e0 [ 24.618067][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 24.623093][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 24.628395][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 24.633768][ T287] do_syscall_64+0x49/0xb0 [ 24.638028][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.643749][ T287] RIP: 0033:0x7f1e219e6773 [ 24.648090][ T287] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 24.667615][ T287] RSP: 002b:00007ffdfad8a200 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 24.675861][ T287] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007f1e219e6773 [ 24.683758][ T287] RDX: 00007ffdfad8a2e8 RSI: 00007ffdfad8a268 RDI: 0000000000000001 [ 24.691661][ T287] RBP: 0000564bd30af410 R08: 0000000000000001 R09: 0000000000000000 [ 24.699487][ T287] R10: 0000000000000008 R11: 0000000000000246 R12: 0000564bd24eaaa4 [pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 320] +++ exited with 0 +++ [pid 317] <... bpf resumed>) = 7 [pid 323] <... prctl resumed>) = 0 [pid 317] exit_group(0) = ? [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556789650) = 324 ./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x555556789660, 24) = 0 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 324] setpgid(0, 0) = 0 [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 324] write(3, "1000", 4) = 4 [pid 324] close(3) = 0 [pid 324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 324] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 319] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- [pid 322] <... bpf resumed>) = 4 [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 323] setpgid(0, 0 [pid 322] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 323] <... setpgid resumed>) = 0 [pid 322] <... bpf resumed>) = 5 [pid 295] <... restart_syscall resumed>) = 0 [pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 322] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 323] <... openat resumed>) = 3 [pid 322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 295] <... clone resumed>, child_tidptr=0x555556789650) = 325 [pid 322] <... bpf resumed>) = 6 [pid 323] write(3, "1000", 4) = 4 [pid 322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 323] close(3) = 0 [pid 323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x555556789660, 24) = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 323] <... bpf resumed>) = 3 [pid 323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 325] <... prctl resumed>) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 325] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 317] +++ exited with 0 +++ [pid 324] <... bpf resumed>) = 4 [pid 323] <... bpf resumed>) = 4 [pid 322] <... bpf resumed>) = 7 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- [pid 325] <... bpf resumed>) = 4 [ 24.707367][ T287] R13: 0000000000000018 R14: 0000564bd24eb3e8 R15: 00007ffdfad8a268 [ 24.715305][ T287] [ 24.737343][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000102, exited with 00000101? [ 24.748758][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 24.756087][ T289] Modules linked in: [ 24.759984][ T289] Preemption disabled at: [ 24.759989][ T289] [] try_to_wake_up+0x86/0x1160 [ 24.770392][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 24.781821][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.791710][ T289] Call Trace: [ 24.794835][ T289] [ 24.797610][ T289] dump_stack_lvl+0x151/0x1b7 [ 24.802121][ T289] ? try_to_wake_up+0x86/0x1160 [ 24.806811][ T289] ? try_to_wake_up+0x86/0x1160 [ 24.811497][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.816974][ T289] ? try_to_wake_up+0x86/0x1160 [ 24.821738][ T289] dump_stack+0x15/0x17 [ 24.825740][ T289] __schedule_bug+0x195/0x260 [ 24.830247][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 24.835372][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 24.841009][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 24.846041][ T289] __schedule+0xd19/0x1590 [ 24.850301][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 24.855675][ T289] ? __sched_text_start+0x8/0x8 [ 24.860362][ T289] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 24.865313][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 24.870777][ T289] ? ptrace_check_attach+0x323/0x420 [ 24.875897][ T289] schedule+0x11f/0x1e0 [ 24.879889][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 24.884921][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 24.890216][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 24.895600][ T289] do_syscall_64+0x49/0xb0 [ 24.899850][ T289] ? sysvec_call_function_single+0x52/0xb0 [ 24.905491][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.911221][ T289] RIP: 0033:0x4e6c1a [ 24.914957][ T289] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [pid 324] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 325] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 324] <... bpf resumed>) = 5 [pid 323] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [ 24.934496][ T289] RSP: 002b:00007ffc6e331200 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 24.942726][ T289] RAX: 0000000000000050 RBX: 0000000001ca7f90 RCX: 00000000004e6c1a [ 24.950538][ T289] RDX: 0000000000000058 RSI: 0000000000000128 RDI: 000000000000420e [ 24.958360][ T289] RBP: 00007ffc6e331300 R08: 000000000000420d R09: 0000000000000002 [ 24.966166][ T289] R10: 000000000063c820 R11: 0000000000000206 R12: 0000000001ca7f90 [ 24.974234][ T289] R13: 00007ffc6e33135c R14: 000000000000857f R15: 0000000000617180 [ 24.982054][ T289] [ 24.988056][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 24.999554][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 25.006036][ T287] Modules linked in: [ 25.009709][ T287] Preemption disabled at: [ 25.009717][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 25.020711][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 25.031178][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.041075][ T287] Call Trace: [ 25.044210][ T287] [ 25.046986][ T287] dump_stack_lvl+0x151/0x1b7 [ 25.051489][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 25.056873][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 25.062171][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.067732][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 25.073029][ T287] dump_stack+0x15/0x17 [ 25.077098][ T287] __schedule_bug+0x195/0x260 [ 25.081615][ T287] ? __kasan_check_write+0x14/0x20 [ 25.086561][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 25.091680][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 25.097062][ T287] __schedule+0xd19/0x1590 [ 25.101315][ T287] ? __kasan_check_read+0x11/0x20 [ 25.106173][ T287] ? _copy_to_user+0x78/0x90 [ 25.110699][ T287] ? __sched_text_start+0x8/0x8 [ 25.115564][ T287] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 25.121038][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 25.126412][ T287] schedule+0x11f/0x1e0 [ 25.130492][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 25.135525][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.140824][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 25.147562][ T287] do_syscall_64+0x49/0xb0 [ 25.151809][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.157624][ T287] RIP: 0033:0x7f1e219e6773 [ 25.161878][ T287] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [pid 322] exit_group(0 [pid 325] <... bpf resumed>) = 5 [pid 324] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 323] <... bpf resumed>) = 5 [pid 322] <... exit_group resumed>) = ? [pid 325] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 324] <... bpf resumed>) = 0 [pid 323] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 325] <... bpf resumed>) = 0 [pid 324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 323] <... bpf resumed>) = 0 [pid 325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 324] <... bpf resumed>) = 6 [pid 323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 325] <... bpf resumed>) = 6 [pid 324] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 325] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 298] <... clone resumed>, child_tidptr=0x555556789650) = 327 ./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x555556789660, 24 [pid 323] <... bpf resumed>) = 6 [pid 327] <... set_robust_list resumed>) = 0 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 327] setpgid(0, 0) = 0 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 327] write(3, "1000", 4) = 4 [pid 327] close(3) = 0 [pid 327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 327] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 325] <... bpf resumed>) = 7 [pid 327] <... bpf resumed>) = 4 [pid 324] <... bpf resumed>) = 7 [pid 323] <... bpf resumed>) = 7 [pid 322] +++ exited with 0 +++ [ 25.181484][ T287] RSP: 002b:00007ffdfad8a200 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 25.189727][ T287] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007f1e219e6773 [ 25.197538][ T287] RDX: 00007ffdfad8a2e8 RSI: 00007ffdfad8a268 RDI: 0000000000000001 [ 25.205350][ T287] RBP: 0000564bd30af410 R08: 0000000000000001 R09: 0000000000000000 [ 25.213160][ T287] R10: 0000000000000008 R11: 0000000000000246 R12: 0000564bd24eaaa4 [ 25.220972][ T287] R13: 0000000000000018 R14: 0000564bd24eb3e8 R15: 00007ffdfad8a268 [ 25.228785][ T287] [ 25.247755][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 25.259176][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 25.265560][ T287] Modules linked in: [ 25.269327][ T287] Preemption disabled at: [ 25.269334][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 25.280333][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 25.290806][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.300703][ T287] Call Trace: [ 25.303825][ T287] [ 25.306603][ T287] dump_stack_lvl+0x151/0x1b7 [ 25.311112][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 25.316409][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 25.321706][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.327286][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 25.332574][ T287] dump_stack+0x15/0x17 [ 25.336656][ T287] __schedule_bug+0x195/0x260 [ 25.341171][ T287] ? __kasan_check_write+0x14/0x20 [ 25.346121][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 25.351235][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 25.356551][ T287] __schedule+0xd19/0x1590 [ 25.360784][ T287] ? __kasan_check_read+0x11/0x20 [ 25.365643][ T287] ? _copy_to_user+0x78/0x90 [ 25.370071][ T287] ? __sched_text_start+0x8/0x8 [ 25.374755][ T287] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 25.380227][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 25.385611][ T287] schedule+0x11f/0x1e0 [ 25.389599][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 25.394645][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.399925][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 25.405307][ T287] do_syscall_64+0x49/0xb0 [ 25.409562][ T287] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 25.415208][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.420928][ T287] RIP: 0033:0x7f1e219e6773 [ 25.425186][ T287] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [pid 327] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 325] exit_group(0 [pid 324] exit_group(0 [pid 323] exit_group(0 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- [pid 327] <... bpf resumed>) = 5 [pid 325] <... exit_group resumed>) = ? [pid 324] <... exit_group resumed>) = ? [pid 323] <... exit_group resumed>) = ? [pid 327] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 325] +++ exited with 0 +++ [pid 327] <... bpf resumed>) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 293] <... clone resumed>, child_tidptr=0x555556789650) = 328 [pid 327] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 328 attached [pid 328] set_robust_list(0x555556789660, 24) = 0 [pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 328] setpgid(0, 0) = 0 [pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 328] write(3, "1000", 4) = 4 [pid 328] close(3) = 0 [pid 328] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 328] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556789650) = 329 ./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x555556789660, 24) = 0 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 329] setpgid(0, 0) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 329] write(3, "1000", 4) = 4 [pid 329] close(3) = 0 [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 324] +++ exited with 0 +++ [pid 329] <... bpf resumed>) = 3 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556789650) = 330 ./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x555556789660, 24) = 0 [pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 330] setpgid(0, 0) = 0 [pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 330] write(3, "1000", 4) = 4 [pid 330] close(3) = 0 [pid 330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 330] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 327] <... bpf resumed>) = 7 [pid 323] +++ exited with 0 +++ [pid 329] <... bpf resumed>) = 4 [pid 328] <... bpf resumed>) = 4 [pid 327] exit_group(0 [pid 329] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 328] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 327] <... exit_group resumed>) = ? [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=21} --- [pid 329] <... bpf resumed>) = 5 [pid 328] <... bpf resumed>) = 5 [pid 327] +++ exited with 0 +++ [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 329] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 328] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 301] <... restart_syscall resumed>) = 0 [pid 329] <... bpf resumed>) = 0 [pid 328] <... bpf resumed>) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 328] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 329] <... bpf resumed>) = 6 [pid 330] <... bpf resumed>) = 4 [pid 329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 330] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 330] <... bpf resumed>) = 5 [pid 330] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 328] <... bpf resumed>) = 6 [pid 298] <... clone resumed>, child_tidptr=0x555556789650) = 331 [pid 328] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 301] <... clone resumed>, child_tidptr=0x555556789650) = 332 ./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x555556789660, 24 [pid 330] <... bpf resumed>) = 6 ./strace-static-x86_64: Process 331 attached [pid 330] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 332] <... set_robust_list resumed>) = 0 [pid 331] set_robust_list(0x555556789660, 24 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 331] <... set_robust_list resumed>) = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 331] setpgid(0, 0 [pid 332] <... prctl resumed>) = 0 [pid 331] <... setpgid resumed>) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] write(3, "1000", 4 [pid 332] setpgid(0, 0) = 0 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 331] <... write resumed>) = 4 [pid 332] <... openat resumed>) = 3 [pid 331] close(3) = 0 [pid 332] write(3, "1000", 4 [pid 331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 332] <... write resumed>) = 4 [pid 331] <... bpf resumed>) = 3 [pid 332] close(3 [pid 331] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 332] <... close resumed>) = 0 [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 329] <... bpf resumed>) = 7 [pid 328] <... bpf resumed>) = 7 [pid 332] <... bpf resumed>) = 4 [pid 331] <... bpf resumed>) = 4 [pid 330] <... bpf resumed>) = 7 [pid 329] exit_group(0 [pid 328] exit_group(0 [pid 332] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 331] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 330] exit_group(0 [pid 329] <... exit_group resumed>) = ? [ 25.444628][ T287] RSP: 002b:00007ffdfad8a200 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 25.452965][ T287] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007f1e219e6773 [ 25.460766][ T287] RDX: 00007ffdfad8a2e8 RSI: 00007ffdfad8a268 RDI: 0000000000000001 [ 25.468584][ T287] RBP: 0000564bd30af410 R08: 0000000000000001 R09: 0000000000000000 [ 25.476396][ T287] R10: 0000000000000008 R11: 0000000000000246 R12: 0000564bd24eaaa4 [ 25.484202][ T287] R13: 0000000000000019 R14: 0000564bd24eb3e8 R15: 00007ffdfad8a268 [ 25.492021][ T287] [ 25.530339][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 25.541864][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 25.548307][ T287] Modules linked in: [ 25.551985][ T287] Preemption disabled at: [ 25.551992][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 25.563068][ T287] CPU: 0 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 25.573563][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.583456][ T287] Call Trace: [ 25.586581][ T287] [ 25.589361][ T287] dump_stack_lvl+0x151/0x1b7 [ 25.593877][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 25.599168][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 25.604459][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.609926][ T287] ? fsnotify_perm+0x470/0x5d0 [ 25.614617][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 25.619911][ T287] dump_stack+0x15/0x17 [ 25.623903][ T287] __schedule_bug+0x195/0x260 [ 25.628431][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 25.633536][ T287] ? bpf_bprintf_cleanup+0x3f/0x60 [ 25.638487][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 25.643865][ T287] __schedule+0xd19/0x1590 [ 25.648117][ T287] ? __kasan_check_read+0x11/0x20 [ 25.653245][ T287] ? __fdget_pos+0x209/0x3a0 [ 25.657762][ T287] ? __sched_text_start+0x8/0x8 [ 25.662446][ T287] ? ksys_read+0x24f/0x2c0 [ 25.666693][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 25.672076][ T287] schedule+0x11f/0x1e0 [ 25.676065][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 25.681100][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.686397][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 25.691785][ T287] do_syscall_64+0x49/0xb0 [ 25.696026][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.701844][ T287] RIP: 0033:0x7f1e21a3ab6a [ 25.706098][ T287] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [pid 328] <... exit_group resumed>) = ? [pid 332] <... bpf resumed>) = 5 [pid 331] <... bpf resumed>) = 5 [pid 330] <... exit_group resumed>) = ? [pid 329] +++ exited with 0 +++ [pid 332] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 331] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- [pid 332] <... bpf resumed>) = 0 [pid 331] <... bpf resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556789650) = 333 ./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x555556789660, 24) = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 333] setpgid(0, 0) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 328] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556789650) = 334 ./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x555556789660, 24) = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 [pid 334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 330] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 333] <... bpf resumed>) = 3 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 333] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16) = 4 [pid 333] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 296] <... clone resumed>, child_tidptr=0x555556789650) = 335 [pid 333] <... bpf resumed>) = 5 [pid 333] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 335 attached [pid 334] <... bpf resumed>) = 3 [pid 333] <... bpf resumed>) = 6 [pid 332] <... bpf resumed>) = 6 [pid 331] <... bpf resumed>) = 6 [pid 335] set_robust_list(0x555556789660, 24 [pid 334] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 333] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 331] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 335] <... set_robust_list resumed>) = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 333] <... bpf resumed>) = 7 [pid 335] <... bpf resumed>) = 4 [pid 334] <... bpf resumed>) = 4 [pid 333] exit_group(0 [pid 332] <... bpf resumed>) = 7 [pid 331] <... bpf resumed>) = 7 [ 25.725536][ T287] RSP: 002b:00007ffdfad860b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 25.733785][ T287] RAX: 0000000000000294 RBX: 0000000000000000 RCX: 00007f1e21a3ab6a [ 25.741591][ T287] RDX: 0000000000004000 RSI: 00007ffdfad860d8 RDI: 0000000000000009 [ 25.749404][ T287] RBP: 0000564bd30b73a0 R08: 0000000000000000 R09: 0000000000000000 [ 25.757215][ T287] R10: 00007ffdfad860d8 R11: 0000000000000246 R12: 0000564bd30af410 [ 25.765136][ T287] R13: 0000564bd24f3937 R14: 0000564bd24f6480 R15: 0000564bd30af410 [ 25.773051][ T287] [ 25.797837][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 25.809261][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 25.816952][ T289] Modules linked in: [ 25.820683][ T289] Preemption disabled at: [ 25.820688][ T289] [] try_to_wake_up+0x86/0x1160 [ 25.831104][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 25.842521][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.852413][ T289] Call Trace: [ 25.855538][ T289] [ 25.858314][ T289] dump_stack_lvl+0x151/0x1b7 [ 25.862827][ T289] ? try_to_wake_up+0x86/0x1160 [ 25.867624][ T289] ? try_to_wake_up+0x86/0x1160 [ 25.872310][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.877777][ T289] ? try_to_wake_up+0x86/0x1160 [ 25.882464][ T289] dump_stack+0x15/0x17 [ 25.886465][ T289] __schedule_bug+0x195/0x260 [ 25.890974][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 25.896099][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 25.901733][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 25.906776][ T289] __schedule+0xd19/0x1590 [ 25.911026][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 25.916432][ T289] ? bpf_trace_run2+0xf1/0x210 [ 25.921000][ T289] ? __sched_text_start+0x8/0x8 [ 25.925690][ T289] ? ptrace_check_attach+0x323/0x420 [ 25.930811][ T289] schedule+0x11f/0x1e0 [ 25.934800][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 25.939847][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.945136][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 25.950509][ T289] do_syscall_64+0x49/0xb0 [ 25.954759][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.960494][ T289] RIP: 0033:0x4e6c1a [ 25.964224][ T289] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 25.983663][ T289] RSP: 002b:00007ffc6e331280 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [pid 335] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [ 25.991908][ T289] RAX: 0000000000000000 RBX: 0000000001ca62f8 RCX: 00000000004e6c1a [ 25.999718][ T289] RDX: 0000000000000000 RSI: 000000000000012d RDI: 0000000000000018 [ 26.007531][ T289] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000003 [ 26.015344][ T289] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001ca84d0 [ 26.023155][ T289] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [ 26.030971][ T289] [ 26.036551][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 26.048037][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 26.054521][ T287] Modules linked in: [ 26.058267][ T287] Preemption disabled at: [ 26.058274][ T287] [] pipe_read+0x5b3/0x1040 [ 26.068428][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 26.078897][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.088795][ T287] Call Trace: [ 26.091911][ T287] [ 26.094688][ T287] dump_stack_lvl+0x151/0x1b7 [ 26.099287][ T287] ? pipe_read+0x5b3/0x1040 [ 26.103630][ T287] ? pipe_read+0x5b3/0x1040 [ 26.107968][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 26.113437][ T287] ? pipe_read+0x5b3/0x1040 [ 26.117784][ T287] dump_stack+0x15/0x17 [ 26.121780][ T287] __schedule_bug+0x195/0x260 [ 26.126280][ T287] ? bpf_bprintf_cleanup+0x3f/0x60 [ 26.131231][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 26.136351][ T287] ? bpf_bprintf_cleanup+0x3f/0x60 [ 26.141556][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 26.146852][ T287] __schedule+0xd19/0x1590 [ 26.151106][ T287] ? bpf_trace_run2+0xf1/0x210 [ 26.155877][ T287] ? __sched_text_start+0x8/0x8 [ 26.160563][ T287] ? bpf_trace_run1+0x1c0/0x1c0 [ 26.165250][ T287] ? ksys_read+0x24f/0x2c0 [ 26.169503][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 26.174892][ T287] schedule+0x11f/0x1e0 [ 26.178895][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 26.183997][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.189297][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 26.194673][ T287] do_syscall_64+0x49/0xb0 [ 26.198925][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.204654][ T287] RIP: 0033:0x7f1e21a21587 [ 26.208911][ T287] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 26.228358][ T287] RSP: 002b:00007ffdfad8a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 26.237166][ T287] RAX: 000000000000011f RBX: 000000000000000b RCX: 00007f1e21a21587 [pid 334] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 333] <... exit_group resumed>) = ? [ 26.244973][ T287] RDX: 0000000000000000 RSI: 000000000000000b RDI: 000000000000000b [ 26.252781][ T287] RBP: 0000564bd30aa9c1 R08: 0000000000000000 R09: 0000000000000000 [ 26.260601][ T287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000400 [ 26.268411][ T287] R13: 000000000000000b R14: 0000000000000000 R15: 0000564bd30afc90 [ 26.276220][ T287] [ 26.282409][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 26.286129][ C0] softirq: huh, entered softirq 9 RCU ffffffff815cac40 with preempt_count 00000102, exited with 00000101? [ 26.293820][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 26.304923][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 26.304935][ T289] Modules linked in: [ 26.304943][ T289] Preemption disabled at: [ 26.304947][ T289] [] remove_wait_queue+0x26/0x140 [ 26.304972][ T289] CPU: 0 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 26.311364][ T287] Modules linked in: [ 26.318677][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.318687][ T289] Call Trace: [ 26.318692][ T289] [ 26.318698][ T289] dump_stack_lvl+0x151/0x1b7 [ 26.322409][ T287] [ 26.322414][ T287] Preemption disabled at: [ 26.326576][ T289] ? remove_wait_queue+0x26/0x140 [ 26.326603][ T289] ? remove_wait_queue+0x26/0x140 [ 26.332997][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 26.344457][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 26.344476][ T289] ? remove_wait_queue+0x26/0x140 [ 26.344490][ T289] dump_stack+0x15/0x17 [ 26.405908][ T289] __schedule_bug+0x195/0x260 [ 26.410420][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 26.415722][ T289] ? kernel_waitid+0x520/0x520 [ 26.420364][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 26.425349][ T289] __schedule+0xd19/0x1590 [ 26.429779][ T289] ? __x64_sys_wait4+0x181/0x1e0 [ 26.434514][ T289] ? bpf_trace_run2+0xf1/0x210 [ 26.439105][ T289] ? __sched_text_start+0x8/0x8 [ 26.443792][ T289] schedule+0x11f/0x1e0 [ 26.447795][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 26.452825][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.458115][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 26.463493][ T289] do_syscall_64+0x49/0xb0 [ 26.467746][ T289] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 26.473473][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.479203][ T289] RIP: 0033:0x4d49a6 [ 26.482936][ T289] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 26.502380][ T289] RSP: 002b:00007ffc6e331398 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 26.510718][ T289] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004d49a6 [ 26.518615][ T289] RDX: 0000000040000001 RSI: 00007ffc6e3313bc RDI: 00000000ffffffff [ 26.526432][ T289] RBP: 0000000001ca7ba0 R08: 0000000000000000 R09: 0000000000000000 [ 26.534466][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001cad470 [ 26.542272][ T289] R13: 0000000000000125 R14: 00007ffc6e3313bc R15: 0000000000617180 [ 26.550089][ T289] [ 26.552950][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 26.563455][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.573341][ T287] Call Trace: [ 26.576468][ T287] [ 26.579243][ T287] dump_stack_lvl+0x151/0x1b7 [ 26.583758][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 26.589050][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 26.594347][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 26.599838][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 26.605544][ T287] dump_stack+0x15/0x17 [ 26.609538][ T287] __schedule_bug+0x195/0x260 [ 26.614061][ T287] ? __kasan_check_write+0x14/0x20 [ 26.618996][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 26.624462][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 26.629681][ T287] __schedule+0xd19/0x1590 [ 26.633931][ T287] ? __kasan_check_read+0x11/0x20 [ 26.638794][ T287] ? _copy_to_user+0x78/0x90 [ 26.643216][ T287] ? __sched_text_start+0x8/0x8 [ 26.647904][ T287] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 26.653546][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 26.658939][ T287] schedule+0x11f/0x1e0 [ 26.662921][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 26.667973][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.673248][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 26.678628][ T287] do_syscall_64+0x49/0xb0 [ 26.682898][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.688611][ T287] RIP: 0033:0x7f1e219e6773 [ 26.692864][ T287] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 26.712320][ T287] RSP: 002b:00007ffdfad8a200 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 26.720550][ T287] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007f1e219e6773 [ 26.728621][ T287] RDX: 00007ffdfad8a2e8 RSI: 00007ffdfad8a268 RDI: 0000000000000001 [ 26.736430][ T287] RBP: 0000564bd30af410 R08: 0000000000000001 R09: 0000000000000000 [ 26.744243][ T287] R10: 0000000000000008 R11: 0000000000000246 R12: 0000564bd24eaaa4 [pid 332] exit_group(0 [pid 331] exit_group(0 [pid 335] <... bpf resumed>) = 5 [pid 332] <... exit_group resumed>) = ? [pid 331] <... exit_group resumed>) = ? [pid 335] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 332] +++ exited with 0 +++ [pid 335] <... bpf resumed>) = 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556789650) = 336 ./strace-static-x86_64: Process 336 attached [pid 336] set_robust_list(0x555556789660, 24) = 0 [pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 336] setpgid(0, 0) = 0 [pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 336] write(3, "1000", 4) = 4 [pid 336] close(3) = 0 [pid 336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 334] <... bpf resumed>) = 5 [pid 335] <... bpf resumed>) = 7 [pid 334] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 335] exit_group(0 [pid 334] <... bpf resumed>) = 0 [pid 335] <... exit_group resumed>) = ? [pid 336] <... bpf resumed>) = 3 [pid 336] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 333] +++ exited with 0 +++ [pid 331] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 334] <... bpf resumed>) = 6 [pid 334] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 295] <... clone resumed>, child_tidptr=0x555556789650) = 339 ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x555556789660, 24) = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4 [pid 298] <... clone resumed>, child_tidptr=0x555556789650) = 340 [pid 339] <... write resumed>) = 4 [pid 339] close(3) = 0 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 ./strace-static-x86_64: Process 340 attached [pid 339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 340] set_robust_list(0x555556789660, 24) = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 340] write(3, "1000", 4) = 4 [pid 340] close(3) = 0 [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 339] <... bpf resumed>) = 4 [pid 336] <... bpf resumed>) = 4 [pid 335] +++ exited with 0 +++ [pid 334] <... bpf resumed>) = 7 [pid 336] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [ 26.752056][ T287] R13: 000000000000001a R14: 0000564bd24eb3e8 R15: 00007ffdfad8a268 [ 26.759869][ T287] [ 26.777890][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 26.790182][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 26.797786][ T289] Modules linked in: [ 26.801491][ T289] Preemption disabled at: [ 26.801496][ T289] [] try_to_wake_up+0x86/0x1160 [ 26.812163][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 26.823596][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.833492][ T289] Call Trace: [ 26.836613][ T289] [ 26.839392][ T289] dump_stack_lvl+0x151/0x1b7 [ 26.843904][ T289] ? try_to_wake_up+0x86/0x1160 [ 26.848712][ T289] ? try_to_wake_up+0x86/0x1160 [ 26.853393][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 26.858864][ T289] ? try_to_wake_up+0x86/0x1160 [ 26.863546][ T289] dump_stack+0x15/0x17 [ 26.867538][ T289] __schedule_bug+0x195/0x260 [ 26.872051][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 26.877178][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 26.882988][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 26.888139][ T289] __schedule+0xd19/0x1590 [ 26.892390][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 26.897795][ T289] ? bpf_trace_run2+0xf1/0x210 [ 26.902370][ T289] ? __sched_text_start+0x8/0x8 [ 26.907055][ T289] ? ptrace_check_attach+0x323/0x420 [ 26.912175][ T289] schedule+0x11f/0x1e0 [ 26.916173][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 26.921202][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.926503][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 26.931877][ T289] do_syscall_64+0x49/0xb0 [ 26.936130][ T289] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 26.941859][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.947598][ T289] RIP: 0033:0x4e6c1a [ 26.951317][ T289] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 26.970852][ T289] RSP: 002b:00007ffc6e331280 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 26.979091][ T289] RAX: 0000000000000000 RBX: 0000000001ca62f8 RCX: 00000000004e6c1a [ 26.986900][ T289] RDX: 0000000000000000 RSI: 0000000000000127 RDI: 0000000000000018 [ 26.994714][ T289] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000001 [pid 334] exit_group(0 [pid 340] <... bpf resumed>) = 4 [pid 339] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 336] <... bpf resumed>) = 5 [pid 334] <... exit_group resumed>) = ? [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 27.002525][ T289] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001ca7e40 [ 27.010337][ T289] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [ 27.018240][ T289] [ 27.023281][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 27.035387][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 27.041860][ T287] Modules linked in: [ 27.045603][ T287] Preemption disabled at: [ 27.045611][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 27.056562][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 27.067050][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 27.077022][ T287] Call Trace: [ 27.080145][ T287] [ 27.082922][ T287] dump_stack_lvl+0x151/0x1b7 [ 27.087435][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 27.092727][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 27.098024][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.103493][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 27.108786][ T287] dump_stack+0x15/0x17 [ 27.112781][ T287] __schedule_bug+0x195/0x260 [ 27.117296][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 27.122413][ T287] __schedule+0xd19/0x1590 [ 27.126668][ T287] ? __sched_text_start+0x8/0x8 [ 27.131353][ T287] schedule+0x11f/0x1e0 [ 27.135344][ T287] schedule_hrtimeout_range_clock+0x228/0x3a0 [ 27.141341][ T287] ? hrtimer_nanosleep_restart+0x170/0x170 [ 27.147062][ T287] ? add_wait_queue+0x189/0x1c0 [ 27.151749][ T287] ? __remove_hrtimer+0x4d0/0x4d0 [ 27.156608][ T287] ? __pollwait+0x2f5/0x3f0 [ 27.160949][ T287] ? poll_initwait+0x160/0x160 [ 27.165551][ T287] schedule_hrtimeout_range+0x2a/0x40 [ 27.170757][ T287] do_sys_poll+0xe20/0x12d0 [ 27.175111][ T287] ? poll_select_finish+0x7b0/0x7b0 [ 27.180139][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 27.185944][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 27.191760][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 27.197577][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 27.203391][ T287] ? _raw_spin_lock_irqsave+0x210/0x210 [ 27.208771][ T287] ? __kasan_check_write+0x14/0x20 [ 27.213720][ T287] ? recalc_sigpending+0x1a5/0x230 [ 27.218664][ T287] ? _raw_spin_unlock_irq+0x4e/0x70 [ 27.223703][ T287] ? sigprocmask+0x280/0x280 [ 27.228126][ T287] ? set_current_blocked+0x40/0x40 [ 27.233074][ T287] __se_sys_ppoll+0x29c/0x330 [ 27.237590][ T287] ? __x64_sys_ppoll+0xd0/0xd0 [ 27.242272][ T287] ? __bpf_trace_sys_enter+0x62/0x70 [ 27.247398][ T287] __x64_sys_ppoll+0xbf/0xd0 [ 27.251822][ T287] do_syscall_64+0x3d/0xb0 [ 27.256087][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.261803][ T287] RIP: 0033:0x7f1e21a3dad5 [ 27.266066][ T287] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 [ 27.285501][ T287] RSP: 002b:00007ffdfad8a1e0 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 27.293741][ T287] RAX: ffffffffffffffda RBX: 00000000000668a0 RCX: 00007f1e21a3dad5 [pid 340] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 339] <... bpf resumed>) = 5 [pid 336] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 334] +++ exited with 0 +++ [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 340] <... bpf resumed>) = 5 [pid 339] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 336] <... bpf resumed>) = 0 [pid 340] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 339] <... bpf resumed>) = 0 [pid 336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 296] <... clone resumed>, child_tidptr=0x555556789650) = 341 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=41} --- [pid 340] <... bpf resumed>) = 0 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 336] <... bpf resumed>) = 6 [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 293] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 341 attached [pid 339] <... bpf resumed>) = 6 [ 27.301552][ T287] RDX: 00007ffdfad8a200 RSI: 0000000000000004 RDI: 0000564bd30b0840 [ 27.309363][ T287] RBP: 0000564bd30af410 R08: 0000000000000008 R09: 0000000000000000 [ 27.317176][ T287] R10: 00007ffdfad8a2e8 R11: 0000000000000246 R12: 0000564bd24eaaa4 [ 27.324988][ T287] R13: 0000000000000001 R14: 0000564bd24eb3e8 R15: 00007ffdfad8a268 [ 27.332803][ T287] [pid 336] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 341] set_robust_list(0x555556789660, 24 [pid 339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 336] <... bpf resumed>) = 7 [pid 340] <... bpf resumed>) = 6 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556789650) = 343 ./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x555556789660, 24) = 0 [pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 343] setpgid(0, 0) = 0 [pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 27.338700][ T30] audit: type=1400 audit(1715591791.989:74): avc: denied { remove_name } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 27.361590][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 27.366204][ C0] softirq: huh, entered softirq 9 RCU ffffffff815cac40 with preempt_count 00000102, exited with 00000101? [ 27.373388][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 27.384092][ T301] BUG: scheduling while atomic: syz-executor105/301/0x00000002 [ 27.384103][ T301] Modules linked in: [ 27.384112][ T301] Preemption disabled at: [ 27.384115][ T301] [] ptrace_stop+0x588/0xa90 [ 27.390571][ T287] Modules linked in: [ 27.397877][ T301] CPU: 0 PID: 301 Comm: syz-executor105 Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 27.401589][ T287] Preemption disabled at: [ 27.401595][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 27.405756][ T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 27.447854][ T301] Call Trace: [ 27.450978][ T301] [ 27.453755][ T301] dump_stack_lvl+0x151/0x1b7 [ 27.458355][ T301] ? ptrace_stop+0x588/0xa90 [ 27.462867][ T301] ? ptrace_stop+0x588/0xa90 [ 27.467296][ T301] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.472853][ T301] ? ptrace_stop+0x588/0xa90 [ 27.477278][ T301] dump_stack+0x15/0x17 [ 27.481354][ T301] __schedule_bug+0x195/0x260 [ 27.485871][ T301] ? ttwu_queue_wakelist+0x510/0x510 [ 27.490997][ T301] __schedule+0xd19/0x1590 [ 27.495244][ T301] ? __kasan_check_write+0x14/0x20 [ 27.500189][ T301] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 27.505140][ T301] ? __sched_text_start+0x8/0x8 [ 27.509824][ T301] ? cgroup_update_frozen+0x15f/0x980 [ 27.515041][ T301] schedule+0x11f/0x1e0 [ 27.519024][ T301] ptrace_stop+0x4ea/0xa90 [ 27.523284][ T301] ptrace_notify+0x22b/0x350 [ 27.527872][ T301] ? do_notify_parent+0xa30/0xa30 [ 27.532732][ T301] ? __bpf_trace_sys_enter+0x62/0x70 [ 27.537840][ T301] ? __traceiter_sys_enter+0x2a/0x40 [ 27.542958][ T301] syscall_exit_to_user_mode+0xac/0x160 [ 27.548340][ T301] do_syscall_64+0x49/0xb0 [ 27.552589][ T301] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.558322][ T301] RIP: 0033:0x7ff1e1943bb3 [ 27.562585][ T301] Code: fe ff e9 41 ff ff ff 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 80 3d d1 a4 07 00 00 49 89 ca 74 14 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5d c3 0f 1f 40 00 48 83 ec 28 89 54 24 14 48 [ 27.582020][ T301] RSP: 002b:00007ffc988ba418 EFLAGS: 00000202 ORIG_RAX: 000000000000003d [ 27.590258][ T301] RAX: 0000000000000000 RBX: 0000000000000150 RCX: 00007ff1e1943bb3 [ 27.598154][ T301] RDX: 0000000040000001 RSI: 00007ffc988ba42c RDI: 00000000ffffffff [ 27.605968][ T301] RBP: 00000000000f4240 R08: 00007ffc989d2080 R09: 00007ffc989d20b0 [ 27.613778][ T301] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000000065b7 [ 27.621678][ T301] R13: 00007ffc988ba42c R14: 00007ffc988ba440 R15: 00007ffc988ba430 [ 27.629495][ T301] [ 27.632354][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 27.643032][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 27.653269][ T287] Call Trace: [ 27.656398][ T287] [ 27.659176][ T287] dump_stack_lvl+0x151/0x1b7 [ 27.663682][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 27.668977][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 27.674275][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.679748][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 27.685038][ T287] dump_stack+0x15/0x17 [ 27.689028][ T287] __schedule_bug+0x195/0x260 [ 27.693549][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 27.698662][ T287] __schedule+0xd19/0x1590 [ 27.703095][ T287] ? __sched_text_start+0x8/0x8 [ 27.707783][ T287] schedule+0x11f/0x1e0 [ 27.711770][ T287] schedule_hrtimeout_range_clock+0x228/0x3a0 [ 27.717670][ T287] ? hrtimer_nanosleep_restart+0x170/0x170 [ 27.723324][ T287] ? add_wait_queue+0x189/0x1c0 [ 27.727999][ T287] ? __remove_hrtimer+0x4d0/0x4d0 [ 27.732945][ T287] ? __pollwait+0x2f5/0x3f0 [ 27.737283][ T287] ? poll_initwait+0x160/0x160 [ 27.741886][ T287] schedule_hrtimeout_range+0x2a/0x40 [ 27.747092][ T287] do_sys_poll+0xe20/0x12d0 [ 27.751437][ T287] ? poll_select_finish+0x7b0/0x7b0 [ 27.756473][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 27.762280][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 27.768095][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 27.773909][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 27.779732][ T287] ? _raw_spin_lock_irqsave+0x210/0x210 [ 27.785109][ T287] ? __kasan_check_write+0x14/0x20 [ 27.790052][ T287] ? recalc_sigpending+0x1a5/0x230 [ 27.795003][ T287] ? _raw_spin_unlock_irq+0x4e/0x70 [ 27.800472][ T287] ? sigprocmask+0x280/0x280 [ 27.804895][ T287] ? set_current_blocked+0x40/0x40 [ 27.809842][ T287] __se_sys_ppoll+0x29c/0x330 [ 27.814365][ T287] ? __x64_sys_ppoll+0xd0/0xd0 [ 27.818958][ T287] ? __bpf_trace_sys_enter+0x62/0x70 [ 27.824076][ T287] __x64_sys_ppoll+0xbf/0xd0 [ 27.828514][ T287] do_syscall_64+0x3d/0xb0 [ 27.832755][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.838483][ T287] RIP: 0033:0x7f1e21a3dad5 [ 27.842739][ T287] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 [ 27.862266][ T287] RSP: 002b:00007ffdfad8a1e0 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 27.870509][ T287] RAX: ffffffffffffffda RBX: 00000000000668a0 RCX: 00007f1e21a3dad5 [ 27.878322][ T287] RDX: 00007ffdfad8a200 RSI: 0000000000000004 RDI: 0000564bd30b0840 [ 27.886132][ T287] RBP: 0000564bd30af410 R08: 0000000000000008 R09: 0000000000000000 [ 27.893941][ T287] R10: 00007ffdfad8a2e8 R11: 0000000000000246 R12: 0000564bd24eaaa4 [pid 343] write(3, "1000", 4 [pid 341] <... set_robust_list resumed>) = 0 [pid 340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 336] exit_group(0 [pid 343] <... write resumed>) = 4 [pid 336] <... exit_group resumed>) = ? [pid 343] close(3 [pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 340] <... bpf resumed>) = 7 [pid 339] <... bpf resumed>) = 7 [pid 336] +++ exited with 0 +++ [pid 340] exit_group(0) = ? [pid 341] <... prctl resumed>) = 0 [pid 343] <... close resumed>) = 0 [pid 340] +++ exited with 0 +++ [pid 339] exit_group(0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=26} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 27.901761][ T287] R13: 0000000000000001 R14: 0000564bd24eb3e8 R15: 00007ffdfad8a268 [ 27.909571][ T287] [ 27.912605][ T30] audit: type=1400 audit(1715591791.989:75): avc: denied { rename } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 27.938284][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 27.949777][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 27.956339][ T287] Modules linked in: [ 27.960061][ T287] Preemption disabled at: [ 27.960070][ T287] [] pipe_read+0x5b3/0x1040 [ 27.970940][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 27.981409][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 27.991300][ T287] Call Trace: [ 27.994424][ T287] [ 27.997227][ T287] dump_stack_lvl+0x151/0x1b7 [ 28.001723][ T287] ? pipe_read+0x5b3/0x1040 [ 28.006053][ T287] ? pipe_read+0x5b3/0x1040 [ 28.010404][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 28.015860][ T287] ? pipe_read+0x5b3/0x1040 [ 28.020201][ T287] dump_stack+0x15/0x17 [ 28.024193][ T287] __schedule_bug+0x195/0x260 [ 28.028719][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 28.033831][ T287] ? bpf_probe_write_user+0xf0/0xf0 [ 28.039276][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 28.046622][ T287] __schedule+0xd19/0x1590 [ 28.051692][ T287] ? __kasan_check_read+0x11/0x20 [ 28.057062][ T287] ? __fdget_pos+0x209/0x3a0 [ 28.061483][ T287] ? __sched_text_start+0x8/0x8 [ 28.066175][ T287] ? ksys_write+0x24f/0x2c0 [ 28.070597][ T287] ? bpf_trace_run1+0x1c0/0x1c0 [ 28.075284][ T287] schedule+0x11f/0x1e0 [ 28.079280][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 28.085033][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 28.090330][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 28.095701][ T287] do_syscall_64+0x49/0xb0 [ 28.099954][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.105681][ T287] RIP: 0033:0x7f1e21a3abf2 [ 28.110112][ T287] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 28.129548][ T287] RSP: 002b:00007ffdfad8a1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 28.137795][ T287] RAX: 000000000000002c RBX: 000000000000002c RCX: 00007f1e21a3abf2 [ 28.145689][ T287] RDX: 000000000000002c RSI: 0000564bd30bb830 RDI: 0000000000000004 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556789650) = 344 ./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x555556789660, 24) = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 344] setpgid(0, 0) = 0 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 344] write(3, "1000", 4) = 4 [pid 344] close(3) = 0 [pid 344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 341] setpgid(0, 0) = 0 [pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 341] write(3, "1000", 4) = 4 [pid 341] close(3) = 0 [pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556789650) = 345 ./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x555556789660, 24) = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 345] write(3, "1000", 4) = 4 [pid 345] close(3) = 0 [pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 341] <... bpf resumed>) = 3 [pid 341] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16) = 4 [pid 345] <... bpf resumed>) = 3 [pid 344] <... bpf resumed>) = 3 [pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 341] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 339] <... exit_group resumed>) = ? [pid 345] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 344] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 341] <... bpf resumed>) = 5 [pid 343] <... bpf resumed>) = 3 [pid 341] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 343] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 341] <... bpf resumed>) = 6 [pid 341] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 345] <... bpf resumed>) = 4 [pid 344] <... bpf resumed>) = 4 [pid 343] <... bpf resumed>) = 4 [pid 339] +++ exited with 0 +++ [pid 345] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 344] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 341] <... bpf resumed>) = 7 [pid 345] <... bpf resumed>) = 5 [pid 344] <... bpf resumed>) = 5 [pid 345] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 344] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 345] <... bpf resumed>) = 0 [pid 344] <... bpf resumed>) = 0 [ 28.153503][ T287] RBP: 0000564bd30afc90 R08: 0000000000000000 R09: 0000000000000000 [ 28.161313][ T287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000564bd24eaaa4 [ 28.169124][ T287] R13: 000000000000001b R14: 0000564bd24eb3e8 R15: 00007ffdfad8a268 [ 28.177546][ T287] [ 28.198694][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 28.210107][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 28.217564][ T289] Modules linked in: [ 28.221613][ T289] Preemption disabled at: [ 28.221618][ T289] [] fd_install+0x59/0x250 [ 28.231715][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 28.243140][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.253025][ T289] Call Trace: [ 28.256147][ T289] [ 28.258925][ T289] dump_stack_lvl+0x151/0x1b7 [ 28.263440][ T289] ? fd_install+0x59/0x250 [ 28.267690][ T289] ? fd_install+0x59/0x250 [ 28.271943][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 28.277423][ T289] ? fd_install+0x59/0x250 [ 28.281674][ T289] dump_stack+0x15/0x17 [ 28.285661][ T289] __schedule_bug+0x195/0x260 [ 28.290174][ T289] ? sock_show_fdinfo+0xa0/0xa0 [ 28.294946][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 28.300158][ T289] ? bpf_bprintf_cleanup+0x3f/0x60 [ 28.305098][ T289] __schedule+0xd19/0x1590 [ 28.309352][ T289] ? sock_ioctl+0x455/0x740 [ 28.313690][ T289] ? bpf_trace_run2+0xf1/0x210 [ 28.318291][ T289] ? __sched_text_start+0x8/0x8 [ 28.322976][ T289] ? bpf_trace_run1+0x1c0/0x1c0 [ 28.327666][ T289] schedule+0x11f/0x1e0 [ 28.331656][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 28.336689][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 28.341984][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 28.347365][ T289] do_syscall_64+0x49/0xb0 [ 28.351618][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.357358][ T289] RIP: 0033:0x4e6a17 [ 28.361085][ T289] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 f4 e8 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 28.380533][ T289] RSP: 002b:00007ffc6e331178 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 28.388765][ T289] RAX: ffffffffffffffed RBX: 0000000000000000 RCX: 00000000004e6a17 [ 28.396577][ T289] RDX: 00007ffc6e331180 RSI: 0000000000008910 RDI: 0000000000000003 [pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 343] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 341] exit_group(0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=28} --- [pid 343] <... bpf resumed>) = 5 [pid 341] <... exit_group resumed>) = ? [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 343] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 341] +++ exited with 0 +++ [pid 295] <... restart_syscall resumed>) = 0 [pid 345] <... bpf resumed>) = 6 [pid 343] <... bpf resumed>) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 343] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 295] <... clone resumed>, child_tidptr=0x555556789650) = 346 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556789650) = 347 [ 28.404387][ T289] RBP: 0000000000000003 R08: 00000000ffffffff R09: 000000000000000d [ 28.412204][ T289] R10: 00000000005549d3 R11: 0000000000000246 R12: 00007ffc6e3311e0 [ 28.420330][ T289] R13: 00007ffc6e331180 R14: 0000000000427210 R15: 0000000000617180 [ 28.428229][ T289] [ 28.432489][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 28.444801][ T89] BUG: scheduling while atomic: klogd/89/0x00000002 [ 28.451246][ T89] Modules linked in: [ 28.455280][ T89] Preemption disabled at: [pid 345] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 346 attached [pid 346] set_robust_list(0x555556789660, 24) = 0 [pid 346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 346] setpgid(0, 0) = 0 [pid 346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 346] write(3, "1000", 4) = 4 [pid 346] close(3) = 0 [ 28.455289][ T89] [] unix_dgram_sendmsg+0xd62/0x2090 [ 28.466665][ T89] CPU: 1 PID: 89 Comm: klogd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 28.477158][ T89] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.487043][ T89] Call Trace: [ 28.490169][ T89] [ 28.493034][ T89] dump_stack_lvl+0x151/0x1b7 [ 28.497544][ T89] ? unix_dgram_sendmsg+0xd62/0x2090 [ 28.502665][ T89] ? unix_dgram_sendmsg+0xd62/0x2090 [ 28.507787][ T89] ? io_uring_drop_tctx_refs+0x190/0x190 [ 28.513261][ T89] ? unix_dgram_sendmsg+0xd62/0x2090 [ 28.518376][ T89] dump_stack+0x15/0x17 [ 28.522368][ T89] __schedule_bug+0x195/0x260 [ 28.526887][ T89] ? ttwu_queue_wakelist+0x510/0x510 [ 28.532004][ T89] __schedule+0xd19/0x1590 [ 28.536262][ T89] ? devkmsg_release+0x130/0x130 [ 28.541032][ T89] ? bpf_trace_run2+0xf1/0x210 [ 28.545631][ T89] ? __sched_text_start+0x8/0x8 [ 28.550317][ T89] schedule+0x11f/0x1e0 [ 28.554316][ T89] exit_to_user_mode_loop+0x4d/0xe0 [ 28.559343][ T89] exit_to_user_mode_prepare+0x5a/0xa0 [ 28.564638][ T89] syscall_exit_to_user_mode+0x26/0x160 [ 28.570019][ T89] do_syscall_64+0x49/0xb0 [ 28.574269][ T89] ? sysvec_call_function_single+0x52/0xb0 [ 28.579914][ T89] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.585813][ T89] RIP: 0033:0x7f5215425fa7 [ 28.590068][ T89] Code: 73 01 c3 48 8b 0d 81 ce 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 67 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 ce 0c 00 f7 d8 64 89 01 48 [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 347 attached [pid 345] <... bpf resumed>) = 7 [pid 343] <... bpf resumed>) = 7 [ 28.609609][ T89] RSP: 002b:00007fffcad9c3e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000067 [ 28.617850][ T89] RAX: 00000000000003e6 RBX: 00007f52155c44a0 RCX: 00007f5215425fa7 [ 28.625648][ T89] RDX: 00000000000003ff RSI: 00007f52155c44a0 RDI: 0000000000000002 [ 28.633547][ T89] RBP: 0000000000000000 R08: 0000000000000007 R09: 61400c13b5e9a182 [ 28.641454][ T89] R10: 0000000000004000 R11: 0000000000000206 R12: 00007f52155c44a0 [ 28.649257][ T89] R13: 00007f52155b4212 R14: 00007f52155c4890 R15: 00007f52155c4890 [ 28.657074][ T89] [pid 347] set_robust_list(0x555556789660, 24 [pid 345] exit_group(0 [pid 343] exit_group(0 [pid 345] <... exit_group resumed>) = ? [pid 343] <... exit_group resumed>) = ? [pid 344] <... bpf resumed>) = 6 [pid 344] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 347] <... set_robust_list resumed>) = 0 [pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 347] setpgid(0, 0) = 0 [pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 347] write(3, "1000", 4) = 4 [pid 347] close(3) = 0 [ 28.661911][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 28.673356][ T82] BUG: scheduling while atomic: syslogd/82/0x00000002 [ 28.680106][ T82] Modules linked in: [ 28.683833][ T82] Preemption disabled at: [ 28.683840][ T82] [] is_module_text_address+0x1a/0x140 [ 28.694862][ T82] CPU: 1 PID: 82 Comm: syslogd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 28.705589][ T82] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.715487][ T82] Call Trace: [ 28.718700][ T82] [ 28.721491][ T82] dump_stack_lvl+0x151/0x1b7 [ 28.725987][ T82] ? is_module_text_address+0x1a/0x140 [ 28.731280][ T82] ? is_module_text_address+0x1a/0x140 [ 28.736668][ T82] ? io_uring_drop_tctx_refs+0x190/0x190 [ 28.742131][ T82] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 28.747427][ T82] ? is_module_text_address+0x1a/0x140 [ 28.752726][ T82] dump_stack+0x15/0x17 [ 28.756711][ T82] __schedule_bug+0x195/0x260 [ 28.761224][ T82] ? try_invoke_on_locked_down_task+0x2a0/0x2a0 [ 28.767302][ T82] ? kasan_set_track+0x5d/0x70 [ 28.771899][ T82] ? ttwu_queue_wakelist+0x510/0x510 [ 28.777018][ T82] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 28.782836][ T82] ? try_to_wake_up+0x697/0x1160 [ 28.787608][ T82] __schedule+0xd19/0x1590 [ 28.791859][ T82] ? raise_softirq_irqoff+0x37/0x40 [ 28.796896][ T82] ? rcu_read_unlock_special+0x3d1/0x4c0 [ 28.802364][ T82] ? __sched_text_start+0x8/0x8 [ 28.807147][ T82] ? wake_up_process+0x10/0x20 [ 28.811738][ T82] ? raise_softirq_irqoff+0x37/0x40 [ 28.816856][ T82] schedule+0x11f/0x1e0 [ 28.820849][ T82] schedule_timeout+0xa9/0x370 [ 28.825457][ T82] ? __kasan_check_write+0x14/0x20 [ 28.830482][ T82] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 28.835775][ T82] ? console_conditional_schedule+0x30/0x30 [ 28.841855][ T82] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 28.847498][ T82] ? prepare_to_wait_exclusive+0x1ac/0x1f0 [ 28.853156][ T82] __skb_wait_for_more_packets+0x394/0x5f0 [ 28.858873][ T82] ? skb_checksum_setup_ip+0xaf0/0xaf0 [ 28.864162][ T82] ? mutex_unlock+0xb2/0x260 [ 28.868594][ T82] ? __skb_wait_for_more_packets+0x5f0/0x5f0 [ 28.874583][ T82] ? __mutex_lock_slowpath+0x10/0x10 [ 28.879694][ T82] ? avc_has_perm+0x16f/0x260 [ 28.884215][ T82] __unix_dgram_recvmsg+0x34f/0x1260 [ 28.889333][ T82] ? selinux_socket_recvmsg+0x243/0x340 [ 28.894711][ T82] ? unix_unhash+0x10/0x10 [ 28.898967][ T82] ? file_has_perm+0x508/0x6c0 [ 28.903564][ T82] unix_dgram_recvmsg+0xc4/0xe0 [ 28.908250][ T82] ? unix_dgram_sendmsg+0x2090/0x2090 [ 28.913487][ T82] sock_read_iter+0x353/0x480 [ 28.918059][ T82] ? kernel_sock_ip_overhead+0x280/0x280 [ 28.923529][ T82] ? iov_iter_init+0x53/0x190 [ 28.928044][ T82] vfs_read+0xa7e/0xd40 [ 28.932033][ T82] ? kernel_read+0x1f0/0x1f0 [ 28.936458][ T82] ? __rcu_read_unlock+0xd0/0xd0 [ 28.941235][ T82] ? __kasan_check_read+0x11/0x20 [ 28.946091][ T82] ? __fdget_pos+0x209/0x3a0 [ 28.950618][ T82] ksys_read+0x199/0x2c0 [ 28.954699][ T82] ? vfs_write+0x1110/0x1110 [ 28.959121][ T82] ? __bpf_trace_sys_enter+0x62/0x70 [ 28.964321][ T82] __x64_sys_read+0x7b/0x90 [ 28.968657][ T82] do_syscall_64+0x3d/0xb0 [ 28.972909][ T82] ? sysvec_call_function_single+0x52/0xb0 [ 28.978551][ T82] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.984280][ T82] RIP: 0033:0x7fc85668bb6a [ 28.988533][ T82] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 345] +++ exited with 0 +++ [pid 343] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- [pid 346] <... bpf resumed>) = 3 [pid 346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 346] <... bpf resumed>) = 4 [pid 347] <... bpf resumed>) = 3 [pid 293] <... restart_syscall resumed>) = 0 [pid 346] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 347] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 346] <... bpf resumed>) = 5 [pid 346] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 346] <... bpf resumed>) = 0 [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 301] <... clone resumed>, child_tidptr=0x555556789650) = 349 [pid 293] <... clone resumed>, child_tidptr=0x555556789650) = 350 [pid 346] <... bpf resumed>) = 6 [pid 346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x555556789660, 24) = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 350 attached ) = 3 [pid 349] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 350] set_robust_list(0x555556789660, 24) = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3 [pid 349] <... bpf resumed>) = 4 [pid 347] <... bpf resumed>) = 4 [pid 346] <... bpf resumed>) = 7 [ 29.007973][ T82] RSP: 002b:00007ffd630776a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 29.016219][ T82] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc85668bb6a [ 29.024029][ T82] RDX: 00000000000000ff RSI: 0000558ae13fc300 RDI: 0000000000000000 [ 29.031842][ T82] RBP: 0000558ae13fc2c0 R08: 0000000000000001 R09: 0000000000000000 [ 29.039653][ T82] R10: 00007fc85682a3a3 R11: 0000000000000246 R12: 0000558ae13fc373 [ 29.047465][ T82] R13: 0000558ae13fc300 R14: 0000000000000000 R15: 00007fc856868a80 [ 29.055281][ T82] [pid 344] <... bpf resumed>) = 7 [ 29.077200][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 29.088769][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 29.096250][ T289] Modules linked in: [ 29.100016][ T289] Preemption disabled at: [ 29.100022][ T289] [] up_read+0x16/0x170 [ 29.109769][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 29.121195][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.131086][ T289] Call Trace: [ 29.134211][ T289] [ 29.136989][ T289] dump_stack_lvl+0x151/0x1b7 [ 29.141585][ T289] ? up_read+0x16/0x170 [ 29.145577][ T289] ? up_read+0x16/0x170 [ 29.149570][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 29.155040][ T289] ? up_read+0x16/0x170 [ 29.159034][ T289] dump_stack+0x15/0x17 [ 29.163023][ T289] __schedule_bug+0x195/0x260 [ 29.167539][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 29.172657][ T289] ? alloc_file_pseudo+0x280/0x2f0 [ 29.177608][ T289] ? local_bh_enable+0x1f/0x30 [ 29.182209][ T289] __schedule+0xd19/0x1590 [ 29.186461][ T289] ? __sched_text_start+0x8/0x8 [ 29.191147][ T289] ? __sys_socket+0x1d2/0x370 [ 29.195661][ T289] schedule+0x11f/0x1e0 [ 29.199652][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 29.204691][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.209980][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 29.215448][ T289] do_syscall_64+0x49/0xb0 [ 29.219702][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 29.225432][ T289] RIP: 0033:0x4e8217 [ 29.229163][ T289] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 29.248689][ T289] RSP: 002b:00007ffc6e331148 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 29.256934][ T289] RAX: 0000000000000003 RBX: 0000000000000000 RCX: 00000000004e8217 [ 29.264746][ T289] RDX: 0000000000000000 RSI: 0000000000080002 RDI: 0000000000000001 [pid 349] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 347] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [ 29.272558][ T289] RBP: 00007ffc6e331210 R08: 00000000ffffffff R09: 000000000000000c [ 29.280368][ T289] R10: 0000000000554612 R11: 0000000000000246 R12: 00007ffc6e331210 [ 29.288187][ T289] R13: 0000000001cac2b0 R14: 0000000000423160 R15: 0000000000617180 [ 29.296082][ T289] [ 29.301810][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 29.313389][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 29.319943][ T287] Modules linked in: [ 29.323706][ T287] Preemption disabled at: [ 29.323714][ T287] [] pipe_read+0x5b3/0x1040 [ 29.333700][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 29.344273][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.356270][ T287] Call Trace: [ 29.359825][ T287] [ 29.363179][ T287] dump_stack_lvl+0x151/0x1b7 [ 29.367696][ T287] ? pipe_read+0x5b3/0x1040 [ 29.372016][ T287] ? pipe_read+0x5b3/0x1040 [ 29.376356][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 29.381943][ T287] ? pipe_read+0x5b3/0x1040 [ 29.386281][ T287] dump_stack+0x15/0x17 [ 29.390265][ T287] __schedule_bug+0x195/0x260 [ 29.394789][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 29.399905][ T287] ? __rcu_read_unlock+0xd0/0xd0 [ 29.404681][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 29.409978][ T287] __schedule+0xd19/0x1590 [ 29.414233][ T287] ? __kasan_check_read+0x11/0x20 [ 29.419087][ T287] ? __fdget_pos+0x209/0x3a0 [ 29.423515][ T287] ? __sched_text_start+0x8/0x8 [ 29.428200][ T287] ? ksys_write+0x24f/0x2c0 [ 29.432547][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 29.437920][ T287] schedule+0x11f/0x1e0 [ 29.441928][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 29.446941][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.452240][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 29.457617][ T287] do_syscall_64+0x49/0xb0 [ 29.461872][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 29.467596][ T287] RIP: 0033:0x7f1e21a3abf2 [ 29.471859][ T287] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 29.491293][ T287] RSP: 002b:00007ffdfad8a1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 29.499541][ T287] RAX: 0000000000000054 RBX: 0000000000000054 RCX: 00007f1e21a3abf2 [ 29.507348][ T287] RDX: 0000000000000054 RSI: 0000564bd30bb830 RDI: 0000000000000004 [ 29.515165][ T287] RBP: 0000564bd30afc90 R08: 0000000000000000 R09: 0000000000000000 [pid 346] exit_group(0 [pid 344] exit_group(0 [pid 350] <... close resumed>) = 0 [pid 349] <... bpf resumed>) = 5 [pid 347] <... bpf resumed>) = 5 [pid 344] <... exit_group resumed>) = ? [pid 350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 347] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 347] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 346] <... exit_group resumed>) = ? [pid 350] <... bpf resumed>) = 3 [pid 349] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 350] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 349] <... bpf resumed>) = 6 [pid 349] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 347] <... bpf resumed>) = 7 [pid 344] +++ exited with 0 +++ [pid 347] exit_group(0) = ? [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 29.522971][ T287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000564bd24eaaa4 [ 29.530787][ T287] R13: 000000000000001d R14: 0000564bd24eb3e8 R15: 00007ffdfad8a268 [ 29.538600][ T287] [ 29.546167][ C0] softirq: huh, entered softirq 9 RCU ffffffff815cac40 with preempt_count 00000103, exited with 00000102? [ 29.557302][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 29.564768][ T289] Modules linked in: [ 29.568525][ T289] Preemption disabled at: [ 29.568533][ T289] [] remove_wait_queue+0x26/0x140 [ 29.579301][ T289] CPU: 0 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 29.590848][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.600742][ T289] Call Trace: [ 29.603865][ T289] [ 29.606672][ T289] dump_stack_lvl+0x151/0x1b7 [ 29.611157][ T289] ? remove_wait_queue+0x26/0x140 [ 29.616015][ T289] ? remove_wait_queue+0x26/0x140 [ 29.620962][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 29.626432][ T289] ? remove_wait_queue+0x26/0x140 [ 29.631292][ T289] dump_stack+0x15/0x17 [ 29.635286][ T289] __schedule_bug+0x195/0x260 [ 29.639798][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 29.644916][ T289] ? kernel_waitid+0x520/0x520 [ 29.649522][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 29.654559][ T289] __schedule+0xd19/0x1590 [ 29.658807][ T289] ? __x64_sys_wait4+0x181/0x1e0 [ 29.663590][ T289] ? bpf_trace_run2+0xf1/0x210 [ 29.668188][ T289] ? __sched_text_start+0x8/0x8 [ 29.672867][ T289] schedule+0x11f/0x1e0 [ 29.676857][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 29.681893][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.687194][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 29.692574][ T289] do_syscall_64+0x49/0xb0 [ 29.696820][ T289] ? sysvec_call_function_single+0x52/0xb0 [ 29.702466][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 29.708190][ T289] RIP: 0033:0x4d49a6 [ 29.711922][ T289] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 29.731482][ T289] RSP: 002b:00007ffc6e331398 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 29.739723][ T289] RAX: 0000000000000125 RBX: 0000000000000004 RCX: 00000000004d49a6 [ 29.747709][ T289] RDX: 0000000040000001 RSI: 00007ffc6e3313bc RDI: 00000000ffffffff [ 29.755524][ T289] RBP: 0000000001ca7e40 R08: 0000000000000000 R09: 0000000000000000 [ 29.763334][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001cad470 [ 29.771145][ T289] R13: 0000000000000127 R14: 00007ffc6e3313bc R15: 0000000000617180 [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 350] <... bpf resumed>) = 4 [pid 346] +++ exited with 0 +++ [pid 350] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 349] <... bpf resumed>) = 7 [pid 350] <... bpf resumed>) = 5 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 350] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 349] exit_group(0 [pid 350] <... bpf resumed>) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555556789650) = 352 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=19} --- [ 29.778958][ T289] [ 29.785563][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 29.797189][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 29.803554][ T287] Modules linked in: [ 29.807286][ T287] Preemption disabled at: [ 29.807293][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 29.819177][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 29.829656][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.839557][ T287] Call Trace: [ 29.842757][ T287] [ 29.845623][ T287] dump_stack_lvl+0x151/0x1b7 [ 29.850131][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 29.855428][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 29.860722][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 29.866190][ T287] ? fsnotify_perm+0x470/0x5d0 [ 29.870792][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 29.876084][ T287] dump_stack+0x15/0x17 [ 29.880077][ T287] __schedule_bug+0x195/0x260 [ 29.884596][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 29.889714][ T287] ? bpf_bprintf_cleanup+0x3f/0x60 [ 29.894659][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 29.899955][ T287] __schedule+0xd19/0x1590 [ 29.904208][ T287] ? __kasan_check_read+0x11/0x20 [ 29.909069][ T287] ? __fdget_pos+0x209/0x3a0 [ 29.913491][ T287] ? __sched_text_start+0x8/0x8 [ 29.918181][ T287] ? ksys_read+0x24f/0x2c0 [ 29.922435][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 29.927815][ T287] schedule+0x11f/0x1e0 [ 29.931805][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 29.936839][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.942134][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 29.947628][ T287] do_syscall_64+0x49/0xb0 [ 29.951879][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 29.957610][ T287] RIP: 0033:0x7f1e21a3ab6a [ 29.961864][ T287] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 29.981302][ T287] RSP: 002b:00007ffdfad860b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 29.989557][ T287] RAX: 00000000000004ba RBX: 0000000000000000 RCX: 00007f1e21a3ab6a [ 29.997360][ T287] RDX: 0000000000004000 RSI: 00007ffdfad860d8 RDI: 0000000000000009 [ 30.005256][ T287] RBP: 0000564bd30b73a0 R08: 0000000000000000 R09: 0000000000000000 [ 30.013067][ T287] R10: 00007ffdfad860d8 R11: 0000000000000246 R12: 0000564bd30af410 [ 30.020882][ T287] R13: 0000564bd24f3937 R14: 0000564bd24f6480 R15: 0000564bd30af410 [ 30.028696][ T287] [pid 350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 349] <... exit_group resumed>) = ? [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 352 attached [pid 350] <... bpf resumed>) = 6 [pid 350] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 295] <... clone resumed>, child_tidptr=0x555556789650) = 353 [pid 352] set_robust_list(0x555556789660, 24) = 0 [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 352] setpgid(0, 0) = 0 [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 352] write(3, "1000", 4) = 4 [pid 352] close(3) = 0 [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16./strace-static-x86_64: Process 353 attached [pid 353] set_robust_list(0x555556789660, 24) = 0 [pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 353] setpgid(0, 0) = 0 [pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 353] write(3, "1000", 4) = 4 [pid 353] close(3) = 0 [pid 353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 3 [pid 353] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 350] <... bpf resumed>) = 7 [pid 347] +++ exited with 0 +++ [pid 350] exit_group(0) = ? [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=35} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 354 attached , child_tidptr=0x555556789650) = 354 [pid 354] set_robust_list(0x555556789660, 24) = 0 [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 354] setpgid(0, 0) = 0 [ 30.036769][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 30.048185][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 30.055720][ T289] Modules linked in: [ 30.059501][ T289] Preemption disabled at: [ 30.059507][ T289] [] remove_wait_queue+0x26/0x140 [ 30.070081][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 30.081462][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 30.091355][ T289] Call Trace: [ 30.094481][ T289] [ 30.097261][ T289] dump_stack_lvl+0x151/0x1b7 [ 30.101777][ T289] ? remove_wait_queue+0x26/0x140 [ 30.106630][ T289] ? remove_wait_queue+0x26/0x140 [ 30.111490][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 30.116959][ T289] ? remove_wait_queue+0x26/0x140 [ 30.121906][ T289] dump_stack+0x15/0x17 [ 30.125899][ T289] __schedule_bug+0x195/0x260 [ 30.130413][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 30.135530][ T289] ? kernel_waitid+0x520/0x520 [ 30.140132][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 30.145166][ T289] __schedule+0xd19/0x1590 [ 30.149418][ T289] ? __x64_sys_wait4+0x181/0x1e0 [ 30.154193][ T289] ? bpf_trace_run2+0xf1/0x210 [ 30.158792][ T289] ? __sched_text_start+0x8/0x8 [ 30.163480][ T289] schedule+0x11f/0x1e0 [ 30.167471][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 30.172505][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.177799][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 30.183182][ T289] do_syscall_64+0x49/0xb0 [ 30.187522][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 30.193279][ T289] RIP: 0033:0x4d49a6 [ 30.196984][ T289] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 30.216425][ T289] RSP: 002b:00007ffc6e331398 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 30.224928][ T289] RAX: 0000000000000162 RBX: 0000000000000001 RCX: 00000000004d49a6 [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 353] <... bpf resumed>) = 4 [pid 352] <... bpf resumed>) = 4 [pid 350] +++ exited with 0 +++ [pid 349] +++ exited with 0 +++ [pid 354] <... openat resumed>) = 3 [pid 354] write(3, "1000", 4 [pid 353] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 352] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 354] <... write resumed>) = 4 [pid 353] <... bpf resumed>) = 5 [pid 354] close(3 [pid 353] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 352] <... bpf resumed>) = 5 [pid 354] <... close resumed>) = 0 [pid 353] <... bpf resumed>) = 0 [pid 352] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 352] <... bpf resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 354] <... bpf resumed>) = 3 [pid 353] <... bpf resumed>) = 6 [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 354] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16) = 4 [pid 354] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 354] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 353] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 352] <... bpf resumed>) = 6 [pid 301] <... clone resumed>, child_tidptr=0x555556789650) = 356 [pid 293] <... clone resumed>, child_tidptr=0x555556789650) = 357 [pid 354] <... bpf resumed>) = 0 [pid 352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 357 attached ./strace-static-x86_64: Process 356 attached ) = 6 [pid 354] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 357] set_robust_list(0x555556789660, 24 [pid 356] set_robust_list(0x555556789660, 24 [pid 357] <... set_robust_list resumed>) = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 357] setpgid(0, 0 [pid 356] <... set_robust_list resumed>) = 0 [pid 357] <... setpgid resumed>) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 357] <... openat resumed>) = 3 [pid 356] <... prctl resumed>) = 0 [pid 356] setpgid(0, 0 [pid 357] write(3, "1000", 4 [pid 356] <... setpgid resumed>) = 0 [pid 357] <... write resumed>) = 4 [pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 357] close(3 [pid 356] <... openat resumed>) = 3 [pid 357] <... close resumed>) = 0 [pid 356] write(3, "1000", 4 [pid 357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 356] <... write resumed>) = 4 [pid 356] close(3) = 0 [pid 356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 357] <... bpf resumed>) = 3 [pid 356] <... bpf resumed>) = 3 [pid 357] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 356] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 353] <... bpf resumed>) = 7 [pid 357] <... bpf resumed>) = 4 [pid 356] <... bpf resumed>) = 4 [pid 354] <... bpf resumed>) = 7 [ 30.232739][ T289] RDX: 0000000040000001 RSI: 00007ffc6e3313bc RDI: 00000000ffffffff [ 30.240550][ T289] RBP: 0000000001ca7f90 R08: 0000000000000000 R09: 0000000000000000 [ 30.248380][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001cad2c0 [ 30.256174][ T289] R13: 0000000000000128 R14: 00007ffc6e3313bc R15: 0000000000617180 [ 30.263989][ T289] [pid 353] exit_group(0 [ 30.287077][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 30.298602][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 30.306162][ T289] Modules linked in: [ 30.310011][ T289] Preemption disabled at: [ 30.310017][ T289] [] __se_sys_ptrace+0x229/0x400 [ 30.320570][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 30.331997][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 30.341891][ T289] Call Trace: [ 30.345014][ T289] [ 30.347803][ T289] dump_stack_lvl+0x151/0x1b7 [ 30.352302][ T289] ? __se_sys_ptrace+0x229/0x400 [ 30.357090][ T289] ? __se_sys_ptrace+0x229/0x400 [ 30.361865][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 30.367321][ T289] ? __se_sys_ptrace+0x229/0x400 [ 30.372094][ T289] dump_stack+0x15/0x17 [ 30.376091][ T289] __schedule_bug+0x195/0x260 [ 30.380603][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 30.385717][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 30.391385][ T289] ? bpf_bprintf_cleanup+0x3f/0x60 [ 30.396310][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 30.401343][ T289] __schedule+0xd19/0x1590 [ 30.405691][ T289] ? __kasan_check_read+0x11/0x20 [ 30.410542][ T289] ? __fdget_pos+0x209/0x3a0 [ 30.414972][ T289] ? __sched_text_start+0x8/0x8 [ 30.419659][ T289] ? ksys_write+0x24f/0x2c0 [ 30.423993][ T289] schedule+0x11f/0x1e0 [ 30.427990][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 30.433022][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.438317][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 30.443696][ T289] do_syscall_64+0x49/0xb0 [ 30.448038][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 30.453769][ T289] RIP: 0033:0x4e5c73 [ 30.457533][ T289] Code: c7 c0 b8 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18 [ 30.477167][ T289] RSP: 002b:00007ffc6e331168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 352] <... bpf resumed>) = 7 [pid 357] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 356] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 354] exit_group(0 [pid 353] <... exit_group resumed>) = ? [pid 354] <... exit_group resumed>) = ? [pid 352] exit_group(0) = ? [pid 357] <... bpf resumed>) = 5 [ 30.485400][ T289] RAX: 0000000000000012 RBX: 0000000000000012 RCX: 00000000004e5c73 [ 30.493216][ T289] RDX: 0000000000000012 RSI: 0000000001ca9000 RDI: 0000000000000002 [ 30.501286][ T289] RBP: 0000000001ca9000 R08: 0000000000000001 R09: 0000000000000001 [ 30.509098][ T289] R10: 000000000063c820 R11: 0000000000000246 R12: 0000000000000012 [ 30.516919][ T289] R13: 0000000000617480 R14: 0000000000000012 R15: 0000000000000001 [ 30.524744][ T289] [ 30.532077][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 30.543590][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 30.550974][ T289] Modules linked in: [ 30.555201][ T289] Preemption disabled at: [ 30.555208][ T289] [] remove_wait_queue+0x26/0x140 [ 30.566014][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 30.577560][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 30.587538][ T289] Call Trace: [ 30.590658][ T289] [ 30.593436][ T289] dump_stack_lvl+0x151/0x1b7 [ 30.598123][ T289] ? remove_wait_queue+0x26/0x140 [ 30.603068][ T289] ? remove_wait_queue+0x26/0x140 [ 30.607928][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 30.613396][ T289] ? remove_wait_queue+0x26/0x140 [ 30.618259][ T289] dump_stack+0x15/0x17 [ 30.622251][ T289] __schedule_bug+0x195/0x260 [ 30.626850][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 30.631976][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 30.637612][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 30.642648][ T289] __schedule+0xd19/0x1590 [ 30.646899][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 30.652284][ T289] ? __sched_text_start+0x8/0x8 [ 30.658114][ T289] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 30.663564][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 30.668938][ T289] ? ptrace_check_attach+0x323/0x420 [ 30.674059][ T289] schedule+0x11f/0x1e0 [ 30.678055][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 30.683086][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.688489][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 30.693877][ T289] do_syscall_64+0x49/0xb0 [ 30.698119][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 30.703846][ T289] RIP: 0033:0x4e6c1a [ 30.707580][ T289] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 30.727020][ T289] RSP: 002b:00007ffc6e331200 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [pid 357] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 356] <... bpf resumed>) = 5 [ 30.735614][ T289] RAX: 0000000000000050 RBX: 0000000001ca8380 RCX: 00000000004e6c1a [ 30.743433][ T289] RDX: 0000000000000058 RSI: 0000000000000165 RDI: 000000000000420e [ 30.751242][ T289] RBP: 00007ffc6e331300 R08: 000000000000420d R09: 0000000000000000 [ 30.759047][ T289] R10: 000000000063c820 R11: 0000000000000206 R12: 0000000001ca8380 [ 30.767034][ T289] R13: 00007ffc6e33135c R14: 000000000000857f R15: 0000000000617180 [ 30.774847][ T289] [ 30.779175][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 30.790899][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 30.797339][ T287] Modules linked in: [ 30.801115][ T287] Preemption disabled at: [ 30.801123][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 30.812213][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 30.822640][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 30.832533][ T287] Call Trace: [ 30.835654][ T287] [ 30.838439][ T287] dump_stack_lvl+0x151/0x1b7 [ 30.843209][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 30.848590][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 30.853882][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 30.859350][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 30.864642][ T287] dump_stack+0x15/0x17 [ 30.868635][ T287] __schedule_bug+0x195/0x260 [ 30.873149][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 30.878271][ T287] __schedule+0xd19/0x1590 [ 30.882524][ T287] ? __sched_text_start+0x8/0x8 [ 30.887212][ T287] schedule+0x11f/0x1e0 [ 30.891637][ T287] schedule_hrtimeout_range_clock+0x228/0x3a0 [ 30.897538][ T287] ? hrtimer_nanosleep_restart+0x170/0x170 [ 30.903179][ T287] ? add_wait_queue+0x189/0x1c0 [ 30.908047][ T287] ? __remove_hrtimer+0x4d0/0x4d0 [ 30.912905][ T287] ? __pollwait+0x2f5/0x3f0 [ 30.917246][ T287] ? poll_initwait+0x160/0x160 [ 30.921847][ T287] schedule_hrtimeout_range+0x2a/0x40 [ 30.927056][ T287] do_sys_poll+0xe20/0x12d0 [ 30.931398][ T287] ? poll_select_finish+0x7b0/0x7b0