./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2573224726 <...> Warning: Permanently added '10.128.0.195' (ECDSA) to the list of known hosts. execve("./syz-executor2573224726", ["./syz-executor2573224726"], 0x7ffcbcab9300 /* 10 vars */) = 0 brk(NULL) = 0x555557382000 brk(0x555557382c40) = 0x555557382c40 arch_prctl(ARCH_SET_FS, 0x555557382300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555573825d0) = 3606 set_robust_list(0x5555573825e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f0136495180, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f0136495850}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f0136495220, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0136495850}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2573224726", 4096) = 28 brk(0x5555573a3c40) = 0x5555573a3c40 brk(0x5555573a4000) = 0x5555573a4000 mprotect(0x7f0136555000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3607 attached , child_tidptr=0x5555573825d0) = 3607 [pid 3606] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3607] set_robust_list(0x5555573825e0, 24) = 0 ./strace-static-x86_64: Process 3608 attached [pid 3607] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3606] <... clone resumed>, child_tidptr=0x5555573825d0) = 3608 [pid 3608] set_robust_list(0x5555573825e0, 24) = 0 [pid 3606] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3607] <... clone resumed>, child_tidptr=0x5555573825d0) = 3609 [pid 3608] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3609 attached [pid 3609] set_robust_list(0x5555573825e0, 24 [pid 3608] <... clone resumed>, child_tidptr=0x5555573825d0) = 3610 ./strace-static-x86_64: Process 3611 attached [pid 3606] <... clone resumed>, child_tidptr=0x5555573825d0) = 3611 [pid 3611] set_robust_list(0x5555573825e0, 24) = 0 [pid 3606] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3610 attached [pid 3610] set_robust_list(0x5555573825e0, 24) = 0 [pid 3610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3610] setpgid(0, 0./strace-static-x86_64: Process 3612 attached ) = 0 [pid 3609] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 3613 attached [pid 3606] <... clone resumed>, child_tidptr=0x5555573825d0) = 3613 [pid 3606] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3611] <... clone resumed>, child_tidptr=0x5555573825d0) = 3612 [pid 3610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3613] set_robust_list(0x5555573825e0, 24 [pid 3612] set_robust_list(0x5555573825e0, 24 [pid 3609] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3606] <... clone resumed>, child_tidptr=0x5555573825d0) = 3614 [pid 3606] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3614 attached ./strace-static-x86_64: Process 3615 attached [pid 3613] <... set_robust_list resumed>) = 0 [pid 3612] <... set_robust_list resumed>) = 0 [pid 3610] <... openat resumed>) = 3 [pid 3609] <... prctl resumed>) = 0 [pid 3606] <... clone resumed>, child_tidptr=0x5555573825d0) = 3615 [pid 3615] set_robust_list(0x5555573825e0, 24 [pid 3613] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3612] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3610] write(3, "1000", 4 [pid 3609] setpgid(0, 0 [pid 3615] <... set_robust_list resumed>) = 0 [pid 3614] set_robust_list(0x5555573825e0, 24 [pid 3612] <... prctl resumed>) = 0 [pid 3610] <... write resumed>) = 4 [pid 3609] <... setpgid resumed>) = 0 [pid 3613] <... clone resumed>, child_tidptr=0x5555573825d0) = 3616 [pid 3612] setpgid(0, 0 [pid 3610] close(3 [pid 3609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3615] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3612] <... setpgid resumed>) = 0 [pid 3610] <... close resumed>) = 0 [pid 3609] <... openat resumed>) = 3 [pid 3614] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 3617 attached ./strace-static-x86_64: Process 3616 attached [pid 3614] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3610] futex(0x7f013655b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3609] write(3, "1000", 4./strace-static-x86_64: Process 3618 attached [pid 3617] set_robust_list(0x5555573825e0, 24 [pid 3616] set_robust_list(0x5555573825e0, 24 [pid 3615] <... clone resumed>, child_tidptr=0x5555573825d0) = 3617 [pid 3612] <... openat resumed>) = 3 [pid 3610] <... futex resumed>) = 0 [pid 3609] <... write resumed>) = 4 [pid 3618] set_robust_list(0x5555573825e0, 24 [pid 3617] <... set_robust_list resumed>) = 0 [pid 3616] <... set_robust_list resumed>) = 0 [pid 3614] <... clone resumed>, child_tidptr=0x5555573825d0) = 3618 [pid 3612] write(3, "1000", 4 [pid 3610] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3609] close(3 [pid 3618] <... set_robust_list resumed>) = 0 [pid 3617] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3616] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3612] <... write resumed>) = 4 [pid 3610] <... mmap resumed>) = 0x7f0136465000 [pid 3609] <... close resumed>) = 0 [pid 3617] <... prctl resumed>) = 0 [pid 3616] <... prctl resumed>) = 0 [pid 3612] close(3 [pid 3610] mprotect(0x7f0136466000, 131072, PROT_READ|PROT_WRITE [pid 3609] futex(0x7f013655b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3618] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3617] setpgid(0, 0 [pid 3616] setpgid(0, 0 [pid 3612] <... close resumed>) = 0 [pid 3610] <... mprotect resumed>) = 0 [pid 3609] <... futex resumed>) = 0 [pid 3617] <... setpgid resumed>) = 0 [pid 3616] <... setpgid resumed>) = 0 [pid 3612] futex(0x7f013655b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3610] clone(child_stack=0x7f01364853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3618] <... prctl resumed>) = 0 [pid 3617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3612] <... futex resumed>) = 0 [pid 3618] setpgid(0, 0 [pid 3617] <... openat resumed>) = 3 [pid 3616] <... openat resumed>) = 3 [pid 3612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3610] <... clone resumed>, parent_tid=[3619], tls=0x7f0136485700, child_tidptr=0x7f01364859d0) = 3619 [pid 3609] <... mmap resumed>) = 0x7f0136465000 [pid 3618] <... setpgid resumed>) = 0 [pid 3617] write(3, "1000", 4 [pid 3616] write(3, "1000", 4 [pid 3612] <... mmap resumed>) = 0x7f0136465000 [pid 3610] futex(0x7f013655b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3609] mprotect(0x7f0136466000, 131072, PROT_READ|PROT_WRITE [pid 3618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3617] <... write resumed>) = 4 [pid 3616] <... write resumed>) = 4 [pid 3612] mprotect(0x7f0136466000, 131072, PROT_READ|PROT_WRITE [pid 3610] <... futex resumed>) = 0 [pid 3609] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 3619 attached [pid 3618] <... openat resumed>) = 3 [pid 3617] close(3 [pid 3616] close(3 [pid 3612] <... mprotect resumed>) = 0 [pid 3610] futex(0x7f013655b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3609] clone(child_stack=0x7f01364853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3619] set_robust_list(0x7f01364859e0, 24 [pid 3618] write(3, "1000", 4 [pid 3617] <... close resumed>) = 0 [pid 3616] <... close resumed>) = 0 [pid 3612] clone(child_stack=0x7f01364853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3619] <... set_robust_list resumed>) = 0 [pid 3618] <... write resumed>) = 4 [pid 3617] futex(0x7f013655b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3616] futex(0x7f013655b3ec, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3621 attached [pid 3619] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LRU_PERCPU_HASH, key_size=1, value_size=32767, max_entries=256, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 3618] close(3 [pid 3617] <... futex resumed>) = 0 [pid 3616] <... futex resumed>) = 0 [pid 3609] <... clone resumed>, parent_tid=[3620], tls=0x7f0136485700, child_tidptr=0x7f01364859d0) = 3620 ./strace-static-x86_64: Process 3620 attached [pid 3621] set_robust_list(0x7f01364859e0, 24 [pid 3618] <... close resumed>) = 0 [pid 3617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3612] <... clone resumed>, parent_tid=[3621], tls=0x7f0136485700, child_tidptr=0x7f01364859d0) = 3621 [pid 3609] futex(0x7f013655b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3621] <... set_robust_list resumed>) = 0 [pid 3620] set_robust_list(0x7f01364859e0, 24 [pid 3618] futex(0x7f013655b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3617] <... mmap resumed>) = 0x7f0136465000 [pid 3616] <... mmap resumed>) = 0x7f0136465000 [pid 3612] futex(0x7f013655b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3609] <... futex resumed>) = 0 [pid 3621] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LRU_PERCPU_HASH, key_size=1, value_size=32767, max_entries=256, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 3620] <... set_robust_list resumed>) = 0 [pid 3618] <... futex resumed>) = 0 [pid 3617] mprotect(0x7f0136466000, 131072, PROT_READ|PROT_WRITE [pid 3616] mprotect(0x7f0136466000, 131072, PROT_READ|PROT_WRITE [pid 3612] <... futex resumed>) = 0 [pid 3609] futex(0x7f013655b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3620] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LRU_PERCPU_HASH, key_size=1, value_size=32767, max_entries=256, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 3618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3617] <... mprotect resumed>) = 0 [pid 3616] <... mprotect resumed>) = 0 [pid 3612] futex(0x7f013655b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3618] <... mmap resumed>) = 0x7f0136465000 [pid 3617] clone(child_stack=0x7f01364853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3616] clone(child_stack=0x7f01364853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3623 attached ./strace-static-x86_64: Process 3622 attached [pid 3618] mprotect(0x7f0136466000, 131072, PROT_READ|PROT_WRITE [pid 3623] set_robust_list(0x7f01364859e0, 24 [pid 3622] set_robust_list(0x7f01364859e0, 24 [pid 3618] <... mprotect resumed>) = 0 [pid 3617] <... clone resumed>, parent_tid=[3622], tls=0x7f0136485700, child_tidptr=0x7f01364859d0) = 3622 [pid 3616] <... clone resumed>, parent_tid=[3623], tls=0x7f0136485700, child_tidptr=0x7f01364859d0) = 3623 [pid 3617] futex(0x7f013655b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3616] futex(0x7f013655b3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3617] <... futex resumed>) = 0 [pid 3616] <... futex resumed>) = 0 [pid 3623] <... set_robust_list resumed>) = 0 [pid 3622] <... set_robust_list resumed>) = 0 [pid 3618] clone(child_stack=0x7f01364853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3617] futex(0x7f013655b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] futex(0x7f013655b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3610] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3623] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LRU_PERCPU_HASH, key_size=1, value_size=32767, max_entries=256, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 3622] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LRU_PERCPU_HASH, key_size=1, value_size=32767, max_entries=256, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72./strace-static-x86_64: Process 3624 attached [pid 3618] <... clone resumed>, parent_tid=[3624], tls=0x7f0136485700, child_tidptr=0x7f01364859d0) = 3624 [pid 3618] futex(0x7f013655b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7f013655b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3624] set_robust_list(0x7f01364859e0, 24) = 0 [pid 3624] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LRU_PERCPU_HASH, key_size=1, value_size=32767, max_entries=256, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 3609] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3612] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3617] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3616] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3618] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3618] exit_group(0) = ? [pid 3617] exit_group(0) = ? [pid 3610] exit_group(0) = ? [pid 3616] exit_group(0) = ? [ 49.034485][ T3624] ------------[ cut here ]------------ [ 49.044486][ T3624] ODEBUG: free active (active state 0) object type: percpu_counter hint: 0x0 [ 49.056490][ T3624] WARNING: CPU: 0 PID: 3624 at lib/debugobjects.c:502 debug_print_object+0x16e/0x250 [ 49.062812][ T3622] ------------[ cut here ]------------ [ 49.071795][ T3619] ------------[ cut here ]------------ [ 49.077260][ T3624] Modules linked in: [pid 3612] exit_group(0) = ? [pid 3609] exit_group(0) = ? [ 49.077277][ T3624] CPU: 0 PID: 3624 Comm: syz-executor257 Not tainted 5.19.0-syzkaller-14117-g274052a2b0ab #0 [ 49.087599][ T3622] ODEBUG: free active (active state 0) object type: percpu_counter hint: 0x0 [ 49.102703][ T3619] ODEBUG: free active (active state 0) object type: percpu_counter hint: 0x0 [ 49.116006][ T3622] WARNING: CPU: 1 PID: 3622 at lib/debugobjects.c:502 debug_print_object+0x16e/0x250 [ 49.131537][ T3619] WARNING: CPU: 1 PID: 3619 at lib/debugobjects.c:502 debug_print_object+0x16e/0x250 [ 49.141814][ T3624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 49.143360][ T3622] Modules linked in: [ 49.153474][ T3619] Modules linked in: [ 49.157813][ T3624] RIP: 0010:debug_print_object+0x16e/0x250 [ 49.159733][ T3619] [ 49.162166][ T3624] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd 60 0c 49 8a 4c 89 ee 48 c7 c7 00 00 49 8a e8 df f1 38 05 <0f> 0b 83 05 65 86 dd 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3 [ 49.169336][ T3622] [ 49.190117][ T3624] RSP: 0018:ffffc90003edfa90 EFLAGS: 00010282 [ 49.190149][ T3624] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 49.190165][ T3624] RDX: ffff8880773cbb00 RSI: ffffffff8161f148 RDI: fffff520007dbf44 [ 49.190182][ T3624] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 49.190197][ T3624] R10: 0000000080000000 R11: 0000000000000000 R12: ffffffff8a4b90c0 [ 49.190211][ T3624] R13: ffffffff8a490520 R14: 0000000000000000 R15: dffffc0000000000 [ 49.190228][ T3624] FS: 00007f0136485700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 49.194608][ T3619] CPU: 1 PID: 3619 Comm: syz-executor257 Not tainted 5.19.0-syzkaller-14117-g274052a2b0ab #0 [ 49.199307][ T3624] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.208481][ T3619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 49.224435][ T3624] CR2: 00000000200004c0 CR3: 0000000072b25000 CR4: 00000000003506f0 [ 49.232267][ T3622] CPU: 1 PID: 3622 Comm: syz-executor257 Not tainted 5.19.0-syzkaller-14117-g274052a2b0ab #0 [ 49.274893][ T3624] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.283546][ T3619] RIP: 0010:debug_print_object+0x16e/0x250 [ 49.306955][ T3619] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd 60 0c 49 8a 4c 89 ee 48 c7 c7 00 00 49 8a e8 df f1 38 05 <0f> 0b 83 05 65 86 dd 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3 [ 49.326620][ T3619] RSP: 0018:ffffc90003a8fa90 EFLAGS: 00010282 [ 49.332714][ T3619] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 49.340756][ T3619] RDX: ffff8880276dd880 RSI: ffffffff8161f148 RDI: fffff52000751f44 [ 49.349408][ T3619] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 49.349889][ T3624] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.357434][ T3619] R10: 0000000080000000 R11: 0000000000000000 R12: ffffffff8a4b90c0 [ 49.357453][ T3619] R13: ffffffff8a490520 R14: 0000000000000000 R15: dffffc0000000000 [ 49.357470][ T3619] FS: 00007f0136485700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 49.390611][ T3622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 49.401030][ T3622] RIP: 0010:debug_print_object+0x16e/0x250 [ 49.407051][ T3622] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd 60 0c 49 8a 4c 89 ee 48 c7 c7 00 00 49 8a e8 df f1 38 05 <0f> 0b 83 05 65 86 dd 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3 [ 49.407786][ T3624] Call Trace: [ 49.426801][ T3622] RSP: 0018:ffffc90003cbfa90 EFLAGS: 00010282 [ 49.436380][ T3622] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 49.444515][ T3622] RDX: ffff888020060000 RSI: ffffffff8161f148 RDI: fffff52000797f44 [ 49.452637][ T3622] RBP: 0000000000000002 R08: 0000000000000005 R09: 0000000000000000 [ 49.460950][ T3622] R10: 0000000080000000 R11: 0000000000000000 R12: ffffffff8a4b90c0 [ 49.469316][ T3622] R13: ffffffff8a490520 R14: 0000000000000000 R15: dffffc0000000000 [ 49.477763][ T3622] FS: 00007f0136485700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 49.484317][ T3619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.487077][ T3622] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.500459][ T3622] CR2: 00007f0136528af8 CR3: 000000007a5a2000 CR4: 00000000003506e0 [ 49.504187][ T3624] [ 49.511568][ T3622] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.512628][ T3619] CR2: 00007f0136528af8 CR3: 0000000076a7a000 CR4: 00000000003506e0 [ 49.527715][ T3622] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.536082][ T3622] Call Trace: [ 49.538712][ T3624] ? lockdep_hardirqs_on+0x79/0x100 [ 49.539585][ T3622] [ 49.548064][ T3622] ? lockdep_hardirqs_on+0x79/0x100 [ 49.553597][ T3622] debug_check_no_obj_freed+0x301/0x420 [ 49.559651][ T3622] slab_free_freelist_hook+0xeb/0x1c0 [ 49.561503][ T3624] debug_check_no_obj_freed+0x301/0x420 [ 49.565395][ T3622] ? kvfree+0x42/0x50 [ 49.575545][ T3622] kfree+0xe2/0x580 [ 49.577368][ T3624] slab_free_freelist_hook+0xeb/0x1c0 [ 49.579539][ T3622] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 49.586871][ T3619] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.591052][ T3622] kvfree+0x42/0x50 [ 49.603637][ T3622] htab_map_alloc+0xc76/0x1620 [ 49.609029][ T3622] ? htab_map_alloc_check+0x2ee/0x430 [ 49.614949][ T3622] ? htab_percpu_map_seq_show_elem+0x5b0/0x5b0 [ 49.615285][ T3624] ? kvfree+0x42/0x50 [ 49.621303][ T3622] __sys_bpf+0xa82/0x5f80 [ 49.628699][ T3619] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.629881][ T3622] ? lock_release+0x780/0x780 [ 49.642536][ T3622] ? bpf_perf_link_attach+0x520/0x520 [ 49.645702][ T3624] kfree+0xe2/0x580 [ 49.653030][ T3622] ? do_raw_spin_lock+0x120/0x2a0 [ 49.657818][ T3624] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 49.658461][ T3622] ? rwlock_bug.part.0+0x90/0x90 [ 49.666183][ T3619] Call Trace: [ 49.669198][ T3622] ? _raw_spin_lock_irq+0x41/0x50 [ 49.677473][ T3622] ? find_held_lock+0x2d/0x110 [ 49.678765][ T3619] [ 49.682445][ T3622] ? _raw_spin_unlock_irq+0x1f/0x40 [ 49.685901][ T3624] kvfree+0x42/0x50 [ 49.690788][ T3622] ? _raw_spin_unlock_irq+0x1f/0x40 [ 49.700089][ T3622] ? lockdep_hardirqs_on+0x79/0x100 [ 49.702363][ T3624] htab_map_alloc+0xc76/0x1620 [ 49.705719][ T3622] __x64_sys_bpf+0x75/0xb0 [ 49.712387][ T3619] ? lockdep_hardirqs_on+0x79/0x100 [ 49.714867][ T3622] do_syscall_64+0x35/0xb0 [ 49.723479][ T3619] debug_check_no_obj_freed+0x301/0x420 [ 49.724296][ T3622] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.730276][ T3624] ? htab_map_alloc_check+0x2ee/0x430 [ 49.736068][ T3622] RIP: 0033:0x7f01364d3919 [ 49.746093][ T3622] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 49.750989][ T3624] ? htab_percpu_map_seq_show_elem+0x5b0/0x5b0 [ 49.765963][ T3622] RSP: 002b:00007f0136485318 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 49.772753][ T3619] slab_free_freelist_hook+0xeb/0x1c0 [ 49.786082][ T3622] RAX: ffffffffffffffda RBX: 00007f013655b3e8 RCX: 00007f01364d3919 [ 49.794681][ T3622] RDX: 0000000000000048 RSI: 00000000200004c0 RDI: 0000000000000000 [ 49.802898][ T3622] RBP: 00007f013655b3e0 R08: 00007f0136485700 R09: 0000000000000000 [ 49.804174][ T3619] ? kvfree+0x42/0x50 [ 49.815112][ T3622] R10: 00007f0136485700 R11: 0000000000000246 R12: 00007f013655b3ec [ 49.817583][ T3624] __sys_bpf+0xa82/0x5f80 [ 49.823286][ T3622] R13: 00007ffee9a220af R14: 00007f0136485400 R15: 0000000000022000 [pid 3619] <... bpf resumed>) = ? [pid 3624] <... bpf resumed>) = ? [pid 3619] +++ exited with 0 +++ [pid 3610] +++ exited with 0 +++ [pid 3624] +++ exited with 0 +++ [pid 3618] +++ exited with 0 +++ [pid 3614] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3618, si_uid=0, si_status=0, si_utime=0, si_stime=34} --- [ 49.835905][ T3622] [ 49.839118][ T3622] Kernel panic - not syncing: panic_on_warn set ... [ 49.841805][ T3619] kfree+0xe2/0x580 [ 49.841835][ T3619] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 49.841870][ T3619] kvfree+0x42/0x50 [ 49.841892][ T3619] htab_map_alloc+0xc76/0x1620 [ 49.841929][ T3619] ? htab_map_alloc_check+0x2ee/0x430 [ 49.841962][ T3619] ? htab_percpu_map_seq_show_elem+0x5b0/0x5b0 [ 49.841991][ T3619] __sys_bpf+0xa82/0x5f80 [ 49.842016][ T3619] ? lock_release+0x780/0x780 [pid 3614] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3614] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573825d0) = 3625 ./strace-static-x86_64: Process 3625 attached [pid 3625] set_robust_list(0x5555573825e0, 24) = 0 [pid 3625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3625] setpgid(0, 0) = 0 [pid 3625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3625] write(3, "1000", 4) = 4 [pid 3625] close(3) = 0 [pid 3625] futex(0x7f013655b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0136465000 [pid 3625] mprotect(0x7f0136466000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3625] clone(child_stack=0x7f01364853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3626], tls=0x7f0136485700, child_tidptr=0x7f01364859d0) = 3626 [pid 3625] futex(0x7f013655b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 49.842044][ T3619] ? bpf_perf_link_attach+0x520/0x520 [ 49.842068][ T3619] ? do_raw_spin_lock+0x120/0x2a0 [ 49.842093][ T3619] ? rwlock_bug.part.0+0x90/0x90 [ 49.842117][ T3619] ? _raw_spin_lock_irq+0x41/0x50 [ 49.842149][ T3619] ? find_held_lock+0x2d/0x110 [ 49.842186][ T3619] ? _raw_spin_unlock_irq+0x1f/0x40 [ 49.842209][ T3619] ? _raw_spin_unlock_irq+0x1f/0x40 [ 49.842233][ T3619] ? lockdep_hardirqs_on+0x79/0x100 [ 49.842267][ T3619] __x64_sys_bpf+0x75/0xb0 [ 49.842292][ T3619] do_syscall_64+0x35/0xb0 [pid 3625] futex(0x7f013655b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 49.842318][ T3619] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.842343][ T3619] RIP: 0033:0x7f01364d3919 [ 49.842363][ T3619] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 49.842384][ T3619] RSP: 002b:00007f0136485318 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 49.842409][ T3619] RAX: ffffffffffffffda RBX: 00007f013655b3e8 RCX: 00007f01364d3919 [ 49.842425][ T3619] RDX: 0000000000000048 RSI: 00000000200004c0 RDI: 0000000000000000 [ 49.842440][ T3619] RBP: 00007f013655b3e0 R08: 00007f0136485700 R09: 0000000000000000 [ 49.842456][ T3619] R10: 00007f0136485700 R11: 0000000000000246 R12: 00007f013655b3ec [ 49.842471][ T3619] R13: 00007ffee9a220af R14: 00007f0136485400 R15: 0000000000022000 [ 49.842503][ T3619] [ 49.842511][ T3619] irq event stamp: 17353 [ 49.842518][ T3619] hardirqs last enabled at (17357): [] __down_trylock_console_sem+0x108/0x120 [ 49.842550][ T3619] hardirqs last disabled at (17360): [] __down_trylock_console_sem+0xea/0x120 [ 49.842579][ T3619] softirqs last enabled at (17222): [] __irq_exit_rcu+0x123/0x180 [ 49.842609][ T3619] softirqs last disabled at (17213): [] __irq_exit_rcu+0x123/0x180 [ 49.842638][ T3619] ---[ end trace 0000000000000000 ]--- [ 49.843260][ T3624] ? lock_release+0x780/0x780 [ 49.843289][ T3624] ? bpf_perf_link_attach+0x520/0x520 [ 49.843313][ T3624] ? do_raw_spin_lock+0x120/0x2a0 [ 49.843339][ T3624] ? rwlock_bug.part.0+0x90/0x90 [ 49.843362][ T3624] ? _raw_spin_lock_irq+0x41/0x50 [ 49.843395][ T3624] ? find_held_lock+0x2d/0x110 [ 49.843431][ T3624] ? _raw_spin_unlock_irq+0x1f/0x40 [ 49.843454][ T3624] ? _raw_spin_unlock_irq+0x1f/0x40 [ 49.843478][ T3624] ? lockdep_hardirqs_on+0x79/0x100 [ 49.843511][ T3624] __x64_sys_bpf+0x75/0xb0 [ 49.843536][ T3624] do_syscall_64+0x35/0xb0 [ 49.843561][ T3624] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.843586][ T3624] RIP: 0033:0x7f01364d3919 [ 49.843604][ T3624] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 49.843626][ T3624] RSP: 002b:00007f0136485318 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 49.843648][ T3624] RAX: ffffffffffffffda RBX: 00007f013655b3e8 RCX: 00007f01364d3919 [ 49.843665][ T3624] RDX: 0000000000000048 RSI: 00000000200004c0 RDI: 0000000000000000 [ 49.843680][ T3624] RBP: 00007f013655b3e0 R08: 00007f0136485700 R09: 0000000000000000 [ 49.843695][ T3624] R10: 00007f0136485700 R11: 0000000000000246 R12: 00007f013655b3ec [ 49.843710][ T3624] R13: 00007ffee9a220af R14: 00007f0136485400 R15: 0000000000022000 [ 49.843742][ T3624] [ 49.843749][ T3624] irq event stamp: 19441 [ 49.843756][ T3624] hardirqs last enabled at (19445): [] __down_trylock_console_sem+0x108/0x120 [ 49.843787][ T3624] hardirqs last disabled at (19448): [] __down_trylock_console_sem+0xea/0x120 [ 49.843817][ T3624] softirqs last enabled at (19350): [] __irq_exit_rcu+0x123/0x180 [ 49.843846][ T3624] softirqs last disabled at (19341): [] __irq_exit_rcu+0x123/0x180 [ 49.843875][ T3624] ---[ end trace 0000000000000000 ]--- [ 50.249959][ T3622] CPU: 1 PID: 3622 Comm: syz-executor257 Tainted: G W 5.19.0-syzkaller-14117-g274052a2b0ab #0 [ 50.261593][ T3622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 50.271646][ T3622] Call Trace: [ 50.274926][ T3622] [ 50.277859][ T3622] dump_stack_lvl+0xcd/0x134 [ 50.282467][ T3622] panic+0x2c8/0x627 [ 50.286371][ T3622] ? panic_print_sys_info.part.0+0x10b/0x10b [ 50.292368][ T3622] ? __warn.cold+0x248/0x2c4 [ 50.296990][ T3622] ? debug_print_object+0x16e/0x250 [ 50.302226][ T3622] __warn.cold+0x259/0x2c4 [ 50.306671][ T3622] ? __wake_up_klogd.part.0+0x99/0xf0 [ 50.312333][ T3622] ? debug_print_object+0x16e/0x250 [ 50.317819][ T3622] report_bug+0x1bc/0x210 [ 50.322272][ T3622] handle_bug+0x3c/0x60 [ 50.326446][ T3622] exc_invalid_op+0x14/0x40 [ 50.330976][ T3622] asm_exc_invalid_op+0x16/0x20 [ 50.335921][ T3622] RIP: 0010:debug_print_object+0x16e/0x250 [ 50.341913][ T3622] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd 60 0c 49 8a 4c 89 ee 48 c7 c7 00 00 49 8a e8 df f1 38 05 <0f> 0b 83 05 65 86 dd 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3 [ 50.361525][ T3622] RSP: 0018:ffffc90003cbfa90 EFLAGS: 00010282 [ 50.367611][ T3622] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 50.375600][ T3622] RDX: ffff888020060000 RSI: ffffffff8161f148 RDI: fffff52000797f44 [ 50.383585][ T3622] RBP: 0000000000000002 R08: 0000000000000005 R09: 0000000000000000 [ 50.391562][ T3622] R10: 0000000080000000 R11: 0000000000000000 R12: ffffffff8a4b90c0 [ 50.399536][ T3622] R13: ffffffff8a490520 R14: 0000000000000000 R15: dffffc0000000000 [ 50.407519][ T3622] ? vprintk+0x88/0x90 [ 50.411607][ T3622] ? lockdep_hardirqs_on+0x79/0x100 [ 50.416833][ T3622] debug_check_no_obj_freed+0x301/0x420 [ 50.422403][ T3622] slab_free_freelist_hook+0xeb/0x1c0 [ 50.427788][ T3622] ? kvfree+0x42/0x50 [ 50.431775][ T3622] kfree+0xe2/0x580 [ 50.435588][ T3622] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 50.441410][ T3622] kvfree+0x42/0x50 [ 50.445229][ T3622] htab_map_alloc+0xc76/0x1620 [ 50.450009][ T3622] ? htab_map_alloc_check+0x2ee/0x430 [ 50.455393][ T3622] ? htab_percpu_map_seq_show_elem+0x5b0/0x5b0 [ 50.461556][ T3622] __sys_bpf+0xa82/0x5f80 [ 50.465892][ T3622] ? lock_release+0x780/0x780 [ 50.470577][ T3622] ? bpf_perf_link_attach+0x520/0x520 [ 50.475966][ T3622] ? do_raw_spin_lock+0x120/0x2a0 [ 50.481001][ T3622] ? rwlock_bug.part.0+0x90/0x90 [ 50.485957][ T3622] ? _raw_spin_lock_irq+0x41/0x50 [ 50.491086][ T3622] ? find_held_lock+0x2d/0x110 [ 50.495874][ T3622] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.501187][ T3622] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.506405][ T3622] ? lockdep_hardirqs_on+0x79/0x100 [ 50.511627][ T3622] __x64_sys_bpf+0x75/0xb0 [ 50.516059][ T3622] do_syscall_64+0x35/0xb0 [ 50.520488][ T3622] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.526406][ T3622] RIP: 0033:0x7f01364d3919 [ 50.530830][ T3622] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 50.550446][ T3622] RSP: 002b:00007f0136485318 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 50.558868][ T3622] RAX: ffffffffffffffda RBX: 00007f013655b3e8 RCX: 00007f01364d3919 [ 50.566843][ T3622] RDX: 0000000000000048 RSI: 00000000200004c0 RDI: 0000000000000000 [ 50.574827][ T3622] RBP: 00007f013655b3e0 R08: 00007f0136485700 R09: 0000000000000000 [ 50.582805][ T3622] R10: 00007f0136485700 R11: 0000000000000246 R12: 00007f013655b3ec [ 50.590779][ T3622] R13: 00007ffee9a220af R14: 00007f0136485400 R15: 0000000000022000 [ 50.598769][ T3622] [ 50.602087][ T3622] Kernel Offset: disabled [ 50.606610][ T3622] Rebooting in 86400 seconds..