./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1156794284 <...> Warning: Permanently added '10.128.1.121' (ED25519) to the list of known hosts. execve("./syz-executor1156794284", ["./syz-executor1156794284"], 0x7fff6da4d6e0 /* 10 vars */) = 0 brk(NULL) = 0x555555e33000 brk(0x555555e33d00) = 0x555555e33d00 arch_prctl(ARCH_SET_FS, 0x555555e33380) = 0 set_tid_address(0x555555e33650) = 295 set_robust_list(0x555555e33660, 24) = 0 rseq(0x555555e33ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1156794284", 4096) = 28 getrandom("\xc9\x3b\x7e\xc6\x60\xd8\x32\xac", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555e33d00 brk(0x555555e54d00) = 0x555555e54d00 brk(0x555555e55000) = 0x555555e55000 mprotect(0x7fec42339000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 296 ./strace-static-x86_64: Process 296 attached [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] set_robust_list(0x555555e33660, 24) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... clone resumed>, child_tidptr=0x555555e33650) = 297 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 298 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone resumed>, child_tidptr=0x555555e33650) = 299 [pid 295] <... clone resumed>, child_tidptr=0x555555e33650) = 300 ./strace-static-x86_64: Process 299 attached [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 297 attached [pid 299] set_robust_list(0x555555e33660, 24 [pid 295] <... clone resumed>, child_tidptr=0x555555e33650) = 301 [pid 299] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x555555e33660, 24) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] set_robust_list(0x555555e33660, 24 [pid 301] <... clone resumed>, child_tidptr=0x555555e33650) = 302 [pid 299] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x555555e33660, 24) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] setpgid(0, 0 [pid 297] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 298 attached [pid 299] <... setpgid resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555555e33650) = 303 ./strace-static-x86_64: Process 302 attached [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 302] set_robust_list(0x555555e33660, 24) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... openat resumed>) = 3 [pid 302] <... openat resumed>) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 299] write(3, "1000", 4 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... write resumed>) = 4 [pid 299] close(3./strace-static-x86_64: Process 303 attached ) = 0 [pid 298] set_robust_list(0x555555e33660, 24./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x555555e33660, 24) = 0 [pid 303] set_robust_list(0x555555e33660, 24 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 298] <... set_robust_list resumed>) = 0 [pid 303] <... set_robust_list resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555555e33650) = 304 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 304] <... openat resumed>) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [ 23.040078][ T28] audit: type=1400 audit(1713756766.845:66): avc: denied { execmem } for pid=295 comm="syz-executor115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.067886][ T28] audit: type=1400 audit(1713756766.875:67): avc: denied { bpf } for pid=302 comm="syz-executor115" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 303] <... prctl resumed>) = 0 [pid 303] setpgid(0, 0 [pid 298] <... clone resumed>, child_tidptr=0x555555e33650) = 305 [pid 303] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x555555e33660, 24) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] <... close resumed>) = 0 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 305] <... bpf resumed>) = 3 [pid 304] <... bpf resumed>) = 3 [pid 305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16) = 4 [pid 305] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 303] <... bpf resumed>) = 3 [pid 299] <... bpf resumed>) = 3 [pid 305] <... bpf resumed>) = 5 [pid 305] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 305] <... bpf resumed>) = 0 [ 23.090918][ T28] audit: type=1400 audit(1713756766.875:68): avc: denied { prog_load } for pid=302 comm="syz-executor115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 23.112609][ T28] audit: type=1400 audit(1713756766.875:69): avc: denied { perfmon } for pid=302 comm="syz-executor115" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 304] <... bpf resumed>) = 4 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 302] <... bpf resumed>) = 3 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16) = 7 [pid 305] exit_group(0) = ? [pid 299] <... bpf resumed>) = 4 [pid 304] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 303] <... bpf resumed>) = 4 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 304] <... bpf resumed>) = 5 [pid 303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 304] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 299] <... bpf resumed>) = 5 [pid 304] <... bpf resumed>) = 0 [pid 303] <... bpf resumed>) = 5 [pid 299] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 303] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 299] <... bpf resumed>) = 0 [pid 304] <... bpf resumed>) = 6 [pid 303] <... bpf resumed>) = 0 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 299] <... bpf resumed>) = 6 [pid 303] <... bpf resumed>) = 6 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [ 23.139437][ T28] audit: type=1400 audit(1713756766.945:71): avc: denied { map_create } for pid=305 comm="syz-executor115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 23.164317][ T28] audit: type=1400 audit(1713756766.945:72): avc: denied { map_read map_write } for pid=305 comm="syz-executor115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 304] <... bpf resumed>) = 7 [pid 303] <... bpf resumed>) = 7 [pid 305] +++ exited with 0 +++ [pid 302] <... bpf resumed>) = 4 [pid 299] <... bpf resumed>) = 7 [pid 302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 299] exit_group(0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 302] <... bpf resumed>) = 5 [pid 299] <... exit_group resumed>) = ? [pid 304] exit_group(0 [pid 303] exit_group(0 [pid 302] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 304] <... exit_group resumed>) = ? [pid 303] <... exit_group resumed>) = ? [pid 302] <... bpf resumed>) = 0 [pid 299] +++ exited with 0 +++ [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 302] <... bpf resumed>) = 7 [pid 296] <... restart_syscall resumed>) = 0 [pid 302] exit_group(0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 303] +++ exited with 0 +++ [pid 302] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 306 attached [pid 298] <... clone resumed>, child_tidptr=0x555555e33650) = 306 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 307 ./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x555555e33660, 24) = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 307] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 308 [pid 306] set_robust_list(0x555555e33660, 24) = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 304] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 309 [pid 306] <... bpf resumed>) = 3 [pid 306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x555555e33660, 24) = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 308] write(3, "1000", 4) = 4 [pid 308] close(3) = 0 [pid 308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 308] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x555555e33660, 24) = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [ 23.184352][ T28] audit: type=1400 audit(1713756766.945:70): avc: denied { prog_run } for pid=302 comm="syz-executor115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 23.209434][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000102, exited with 00000101? [ 23.222302][ T304] BUG: scheduling while atomic: syz-executor115/304/0x00000002 [ 23.229733][ T304] Modules linked in: [ 23.234028][ T304] Preemption disabled at: [ 23.234039][ T304] [] up_write+0x27/0x1f0 [ 23.244499][ T304] CPU: 1 PID: 304 Comm: syz-executor115 Not tainted 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 23.254376][ T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.264299][ T304] Call Trace: [ 23.267446][ T304] [ 23.270177][ T304] dump_stack_lvl+0x151/0x1b7 [ 23.274686][ T304] ? up_write+0x27/0x1f0 [ 23.278761][ T304] ? up_write+0x27/0x1f0 [ 23.282840][ T304] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 23.288144][ T304] ? up_write+0x27/0x1f0 [ 23.292214][ T304] dump_stack+0x15/0x1b [ 23.296206][ T304] __schedule_bug+0x195/0x260 [ 23.300719][ T304] ? cpu_util_update_eff+0x10e0/0x10e0 [ 23.306017][ T304] ? sysvec_irq_work+0x52/0xb0 [ 23.310621][ T304] ? asm_sysvec_irq_work+0x1b/0x20 [ 23.315569][ T304] __schedule+0xcf7/0x1550 [ 23.319824][ T304] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 23.325196][ T304] ? __sched_text_start+0x8/0x8 [ 23.330076][ T304] ? startup_64+0x2/0x60 [ 23.334304][ T304] do_task_dead+0x99/0xa0 [ 23.338474][ T304] do_exit+0x202a/0x2b80 [ 23.342549][ T304] ? put_task_struct+0x80/0x80 [ 23.347146][ T304] ? __kasan_check_write+0x14/0x20 [ 23.352313][ T304] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.357264][ T304] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.362638][ T304] ? zap_other_threads+0x29c/0x2d0 [ 23.367590][ T304] do_group_exit+0x21a/0x2d0 [ 23.372045][ T304] __x64_sys_exit_group+0x3f/0x40 [ 23.376874][ T304] do_syscall_64+0x3d/0xb0 [ 23.381133][ T304] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 23.386856][ T304] RIP: 0033:0x7fec422c2ff9 [ 23.391107][ T304] Code: Unable to access opcode bytes at 0x7fec422c2fcf. [ 23.397968][ T304] RSP: 002b:00007ffe5e1cad88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 23.406208][ T304] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fec422c2ff9 [ 23.414021][ T304] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 23.421855][ T304] RBP: 00007fec4233f2b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 23.429641][ T304] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fec4233f2b0 [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 307] <... bpf resumed>) = 4 [pid 307] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 306] <... bpf resumed>) = 4 [pid 302] +++ exited with 0 +++ [pid 307] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 309] <... bpf resumed>) = 4 [pid 308] <... bpf resumed>) = 4 [pid 307] <... bpf resumed>) = 0 [pid 306] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 309] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 308] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 306] <... bpf resumed>) = 5 [pid 301] <... restart_syscall resumed>) = 0 [pid 309] <... bpf resumed>) = 5 [pid 308] <... bpf resumed>) = 5 [pid 306] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 309] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 308] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 307] <... bpf resumed>) = 6 [pid 306] <... bpf resumed>) = 0 [pid 309] <... bpf resumed>) = 0 [pid 308] <... bpf resumed>) = 0 [pid 307] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 309] <... bpf resumed>) = 6 [pid 308] <... bpf resumed>) = 6 [pid 306] <... bpf resumed>) = 6 [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 308] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 312 attached [pid 301] <... clone resumed>, child_tidptr=0x555555e33650) = 312 [pid 312] set_robust_list(0x555555e33660, 24) = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 312] setpgid(0, 0) = 0 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 312] write(3, "1000", 4) = 4 [pid 312] close(3) = 0 [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 307] <... bpf resumed>) = 7 [pid 307] exit_group(0 [pid 309] <... bpf resumed>) = 7 [pid 307] <... exit_group resumed>) = ? [pid 312] <... bpf resumed>) = 4 [pid 309] exit_group(0 [pid 308] <... bpf resumed>) = 7 [pid 306] <... bpf resumed>) = 7 [pid 312] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 309] <... exit_group resumed>) = ? [pid 308] exit_group(0 [pid 306] exit_group(0 [pid 312] <... bpf resumed>) = 5 [pid 309] +++ exited with 0 +++ [pid 308] <... exit_group resumed>) = ? [pid 306] <... exit_group resumed>) = ? [pid 312] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 308] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 312] <... bpf resumed>) = 0 [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 312] <... bpf resumed>) = 6 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16) = 7 [pid 300] <... clone resumed>, child_tidptr=0x555555e33650) = 313 [pid 298] <... clone resumed>, child_tidptr=0x555555e33650) = 314 [pid 297] <... clone resumed>, child_tidptr=0x555555e33650) = 315 [ 23.437452][ T304] R13: 0000000000000000 R14: 00007fec4233fd20 R15: 00007fec422941b0 [ 23.445275][ T304] [ 23.465171][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 23.476822][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000104, exited with 00000103? [pid 312] exit_group(0) = ? ./strace-static-x86_64: Process 315 attached [pid 307] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 316 [pid 315] set_robust_list(0x555555e33660, 24) = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 313 attached [pid 315] write(3, "1000", 4) = 4 [pid 313] set_robust_list(0x555555e33660, 24 [pid 315] close(3 [pid 313] <... set_robust_list resumed>) = 0 [pid 315] <... close resumed>) = 0 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 313] <... prctl resumed>) = 0 [pid 313] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 316 attached [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 316] set_robust_list(0x555555e33660, 24 [pid 313] <... openat resumed>) = 3 [pid 316] <... set_robust_list resumed>) = 0 [pid 313] write(3, "1000", 4 [pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 313] <... write resumed>) = 4 [pid 316] <... prctl resumed>) = 0 [pid 313] close(3 [pid 316] setpgid(0, 0 [pid 313] <... close resumed>) = 0 [pid 316] <... setpgid resumed>) = 0 [pid 313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 316] write(3, "1000", 4) = 4 [pid 316] close(3) = 0 [ 23.489135][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000105, exited with 00000104? [ 23.501063][ T307] BUG: scheduling while atomic: syz-executor115/307/0x00000004 [ 23.508872][ T307] Modules linked in: [ 23.512838][ T307] Preemption disabled at: [ 23.512848][ T307] [] is_module_text_address+0x1f/0x360 [ 23.524508][ T307] CPU: 1 PID: 307 Comm: syz-executor115 Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 23.535880][ T307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.545769][ T307] Call Trace: [ 23.549164][ T307] [ 23.551941][ T307] dump_stack_lvl+0x151/0x1b7 [ 23.556460][ T307] ? is_module_text_address+0x1f/0x360 [ 23.561749][ T307] ? is_module_text_address+0x1f/0x360 [ 23.567054][ T307] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 23.572343][ T307] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 23.577980][ T307] ? is_module_text_address+0x1f/0x360 [ 23.583274][ T307] dump_stack+0x15/0x1b [ 23.587274][ T307] __schedule_bug+0x195/0x260 [ 23.591787][ T307] ? cpu_util_update_eff+0x10e0/0x10e0 [ 23.597207][ T307] __schedule+0xcf7/0x1550 [ 23.601563][ T307] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 23.606846][ T307] ? __sched_text_start+0x8/0x8 [ 23.611533][ T307] ? _raw_write_lock_irqsave+0x160/0x1e0 [ 23.617000][ T307] do_task_dead+0x99/0xa0 [ 23.621165][ T307] do_exit+0x202a/0x2b80 [ 23.625246][ T307] ? put_task_struct+0x80/0x80 [ 23.629842][ T307] ? __kasan_check_write+0x14/0x20 [ 23.634801][ T307] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.640008][ T307] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.645386][ T307] ? zap_other_threads+0x29c/0x2d0 [ 23.650327][ T307] do_group_exit+0x21a/0x2d0 [ 23.654753][ T307] __x64_sys_exit_group+0x3f/0x40 [ 23.659612][ T307] do_syscall_64+0x3d/0xb0 [ 23.663877][ T307] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 23.669596][ T307] RIP: 0033:0x7fec422c2ff9 [ 23.673850][ T307] Code: Unable to access opcode bytes at 0x7fec422c2fcf. [ 23.680717][ T307] RSP: 002b:00007ffe5e1cad88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [pid 316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46./strace-static-x86_64: Process 314 attached [pid 314] set_robust_list(0x555555e33660, 24 [pid 315] <... bpf resumed>) = 3 [pid 313] <... bpf resumed>) = 3 [pid 316] <... bpf resumed>) = 3 [pid 314] <... set_robust_list resumed>) = 0 [pid 313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 315] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 316] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 314] <... prctl resumed>) = 0 [pid 314] setpgid(0, 0 [pid 312] +++ exited with 0 +++ [pid 314] <... setpgid resumed>) = 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 314] write(3, "1000", 4) = 4 [pid 314] close(3) = 0 [pid 314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 301] <... restart_syscall resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 314] <... bpf resumed>) = 3 [pid 314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 301] <... clone resumed>, child_tidptr=0x555555e33650) = 318 ./strace-static-x86_64: Process 318 attached [pid 318] set_robust_list(0x555555e33660, 24) = 0 [pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 318] setpgid(0, 0) = 0 [pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 318] write(3, "1000", 4) = 4 [pid 318] close(3) = 0 [pid 318] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 318] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16) = 4 [pid 316] <... bpf resumed>) = 4 [pid 315] <... bpf resumed>) = 4 [pid 314] <... bpf resumed>) = 4 [pid 313] <... bpf resumed>) = 4 [pid 318] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 316] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 315] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 314] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 313] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 318] <... bpf resumed>) = 5 [pid 316] <... bpf resumed>) = 5 [pid 315] <... bpf resumed>) = 5 [pid 314] <... bpf resumed>) = 5 [pid 313] <... bpf resumed>) = 5 [pid 318] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 316] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 315] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 314] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 313] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 318] <... bpf resumed>) = 0 [pid 316] <... bpf resumed>) = 0 [pid 315] <... bpf resumed>) = 0 [pid 314] <... bpf resumed>) = 0 [pid 313] <... bpf resumed>) = 0 [pid 318] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 318] <... bpf resumed>) = 6 [pid 316] <... bpf resumed>) = 6 [pid 315] <... bpf resumed>) = 6 [pid 318] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 316] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 315] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 314] <... bpf resumed>) = 6 [pid 318] <... bpf resumed>) = 7 [pid 316] <... bpf resumed>) = 7 [pid 315] <... bpf resumed>) = 7 [pid 314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 318] exit_group(0 [pid 316] exit_group(0 [pid 315] exit_group(0 [pid 314] <... bpf resumed>) = 7 [pid 313] <... bpf resumed>) = 6 [pid 318] <... exit_group resumed>) = ? [pid 316] <... exit_group resumed>) = ? [pid 315] <... exit_group resumed>) = ? [pid 314] exit_group(0 [pid 313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 314] <... exit_group resumed>) = ? [pid 313] <... bpf resumed>) = 7 [pid 313] exit_group(0 [pid 316] +++ exited with 0 +++ [pid 313] <... exit_group resumed>) = ? [pid 315] +++ exited with 0 +++ [pid 313] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 23.688948][ T307] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fec422c2ff9 [ 23.696763][ T307] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 23.704572][ T307] RBP: 00007fec4233f2b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 23.712384][ T307] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fec4233f2b0 [ 23.720192][ T307] R13: 0000000000000000 R14: 00007fec4233fd20 R15: 00007fec422941b0 [ 23.728099][ T307] [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 320 [pid 300] <... clone resumed>, child_tidptr=0x555555e33650) = 319 ./strace-static-x86_64: Process 320 attached [pid 297] <... clone resumed>, child_tidptr=0x555555e33650) = 321 ./strace-static-x86_64: Process 319 attached [pid 320] set_robust_list(0x555555e33660, 24./strace-static-x86_64: Process 321 attached ) = 0 [pid 319] set_robust_list(0x555555e33660, 24 [pid 321] set_robust_list(0x555555e33660, 24 [pid 319] <... set_robust_list resumed>) = 0 [pid 321] <... set_robust_list resumed>) = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 320] <... prctl resumed>) = 0 [pid 321] <... prctl resumed>) = 0 [pid 321] setpgid(0, 0 [pid 320] setpgid(0, 0 [pid 321] <... setpgid resumed>) = 0 [pid 320] <... setpgid resumed>) = 0 [pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 321] write(3, "1000", 4) = 4 [pid 320] <... openat resumed>) = 3 [pid 321] close(3 [pid 320] write(3, "1000", 4 [pid 321] <... close resumed>) = 0 [pid 319] <... prctl resumed>) = 0 [pid 321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 320] <... write resumed>) = 4 [pid 320] close(3 [pid 319] setpgid(0, 0 [pid 320] <... close resumed>) = 0 [pid 320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 319] <... setpgid resumed>) = 0 [pid 321] <... bpf resumed>) = 3 [pid 321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 320] <... bpf resumed>) = 3 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 319] <... openat resumed>) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 314] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 318] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 298] <... restart_syscall resumed>) = 0 [pid 301] <... restart_syscall resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 322 attached ./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x555555e33660, 24 [pid 322] set_robust_list(0x555555e33660, 24 [pid 301] <... clone resumed>, child_tidptr=0x555555e33650) = 323 [pid 298] <... clone resumed>, child_tidptr=0x555555e33650) = 322 [pid 323] <... set_robust_list resumed>) = 0 [pid 322] <... set_robust_list resumed>) = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 323] setpgid(0, 0) = 0 [pid 322] <... prctl resumed>) = 0 [pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 323] <... openat resumed>) = 3 [pid 323] write(3, "1000", 4 [pid 322] <... openat resumed>) = 3 [pid 323] <... write resumed>) = 4 [pid 323] close(3) = 0 [pid 323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 323] <... bpf resumed>) = 3 [pid 323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 322] <... bpf resumed>) = 3 [pid 322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 321] <... bpf resumed>) = 4 [pid 320] <... bpf resumed>) = 4 [pid 321] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 319] <... bpf resumed>) = 4 [pid 323] <... bpf resumed>) = 4 [pid 322] <... bpf resumed>) = 4 [pid 321] <... bpf resumed>) = 5 [pid 320] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 319] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 322] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 321] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 322] <... bpf resumed>) = 5 [pid 321] <... bpf resumed>) = 0 [pid 322] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 319] <... bpf resumed>) = 5 [pid 323] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 322] <... bpf resumed>) = 0 [pid 321] <... bpf resumed>) = 6 [pid 320] <... bpf resumed>) = 5 [pid 319] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 323] <... bpf resumed>) = 5 [pid 322] <... bpf resumed>) = 6 [pid 321] <... bpf resumed>) = 7 [pid 320] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 319] <... bpf resumed>) = 0 [pid 322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 321] exit_group(0 [pid 320] <... bpf resumed>) = 0 [pid 319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 323] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 322] <... bpf resumed>) = 7 [pid 321] <... exit_group resumed>) = ? [ 23.829580][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 23.841062][ T292] BUG: scheduling while atomic: strace-static-x/292/0x00000002 [ 23.848420][ T292] Modules linked in: [ 23.852072][ T292] Preemption disabled at: [ 23.852079][ T292] [] is_module_text_address+0x1f/0x360 [ 23.863493][ T292] CPU: 1 PID: 292 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 23.874839][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.884733][ T292] Call Trace: [ 23.887859][ T292] [ 23.890638][ T292] dump_stack_lvl+0x151/0x1b7 [ 23.895149][ T292] ? is_module_text_address+0x1f/0x360 [ 23.900445][ T292] ? is_module_text_address+0x1f/0x360 [ 23.905740][ T292] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 23.911035][ T292] ? is_module_text_address+0x1f/0x360 [ 23.916329][ T292] dump_stack+0x15/0x1b [ 23.920328][ T292] __schedule_bug+0x195/0x260 [ 23.924841][ T292] ? cpu_util_update_eff+0x10e0/0x10e0 [ 23.930126][ T292] ? percpu_counter_add_batch+0x13d/0x160 [ 23.935695][ T292] __schedule+0xcf7/0x1550 [ 23.940023][ T292] ? blkcg_maybe_throttle_current+0x17d/0xa00 [ 23.945926][ T292] ? ____fput+0x15/0x20 [ 23.949916][ T292] ? __sched_text_start+0x8/0x8 [ 23.954603][ T292] ? __blkcg_punt_bio_submit+0x180/0x180 [ 23.960071][ T292] ? unlock_page_memcg+0x160/0x160 [ 23.965020][ T292] schedule+0xc3/0x180 [ 23.968934][ T292] exit_to_user_mode_loop+0x4e/0xa0 [ 23.973962][ T292] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.979378][ T292] syscall_exit_to_user_mode+0x26/0x140 [ 23.984751][ T292] do_syscall_64+0x49/0xb0 [ 23.989010][ T292] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 23.994745][ T292] RIP: 0033:0x4e65f7 [ 23.998466][ T292] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 24.017910][ T292] RSP: 002b:00007fff6da4d1d8 EFLAGS: 00000286 ORIG_RAX: 0000000000000003 [pid 320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 323] <... bpf resumed>) = 0 [pid 322] exit_group(0 [pid 321] +++ exited with 0 +++ [pid 320] <... bpf resumed>) = 6 [pid 319] <... bpf resumed>) = 6 [pid 323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 322] <... exit_group resumed>) = ? [pid 323] <... bpf resumed>) = 6 [pid 320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 322] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 324 ./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x555555e33660, 24) = 0 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 324] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x555555e33660, 24 [pid 298] <... clone resumed>, child_tidptr=0x555555e33650) = 325 [pid 325] <... set_robust_list resumed>) = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 324] setpgid(0, 0) = 0 [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 325] <... bpf resumed>) = 3 [pid 325] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 324] <... openat resumed>) = 3 [pid 324] write(3, "1000", 4) = 4 [pid 324] close(3) = 0 [pid 324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 324] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 320] <... bpf resumed>) = 7 [pid 325] <... bpf resumed>) = 4 [pid 324] <... bpf resumed>) = 4 [pid 323] <... bpf resumed>) = 7 [pid 319] <... bpf resumed>) = 7 [pid 325] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 324] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 323] exit_group(0 [pid 320] exit_group(0 [pid 319] exit_group(0 [pid 325] <... bpf resumed>) = 5 [pid 324] <... bpf resumed>) = 5 [pid 323] <... exit_group resumed>) = ? [pid 320] <... exit_group resumed>) = ? [ 24.026150][ T292] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: 00000000004e65f7 [ 24.033962][ T292] RDX: 00007fff6da4d1e0 RSI: 0000000000008910 RDI: 0000000000000003 [ 24.041773][ T292] RBP: 0000000000000003 R08: 00000000ffffffff R09: 000000000000000d [ 24.049586][ T292] R10: 00000000005549d3 R11: 0000000000000286 R12: 00007fff6da4d240 [ 24.057395][ T292] R13: 00007fff6da4d1e0 R14: 0000000000427210 R15: 0000000000617180 [ 24.065213][ T292] [ 24.085171][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000102, exited with 00000101? [ 24.097851][ T320] BUG: scheduling while atomic: syz-executor115/320/0x00000002 [ 24.105388][ T320] Modules linked in: [ 24.109123][ T320] Preemption disabled at: [ 24.109133][ T320] [] up_write+0x27/0x1f0 [ 24.118915][ T320] CPU: 1 PID: 320 Comm: syz-executor115 Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 24.130278][ T320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.140171][ T320] Call Trace: [ 24.143295][ T320] [ 24.146074][ T320] dump_stack_lvl+0x151/0x1b7 [ 24.150589][ T320] ? up_write+0x27/0x1f0 [ 24.154666][ T320] ? up_write+0x27/0x1f0 [ 24.158742][ T320] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 24.164041][ T320] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 24.169687][ T320] ? up_write+0x27/0x1f0 [ 24.173758][ T320] dump_stack+0x15/0x1b [ 24.177749][ T320] __schedule_bug+0x195/0x260 [ 24.182266][ T320] ? cpu_util_update_eff+0x10e0/0x10e0 [ 24.187564][ T320] __schedule+0xcf7/0x1550 [ 24.191812][ T320] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 24.197108][ T320] ? __sched_text_start+0x8/0x8 [ 24.201792][ T320] ? asm_sysvec_reboot+0x12/0x20 [ 24.206569][ T320] do_task_dead+0x99/0xa0 [ 24.210732][ T320] do_exit+0x202a/0x2b80 [ 24.214814][ T320] ? put_task_struct+0x80/0x80 [ 24.219424][ T320] ? __kasan_check_write+0x14/0x20 [ 24.224367][ T320] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 24.229304][ T320] ? _raw_spin_lock_irqsave+0x210/0x210 [ 24.234699][ T320] ? zap_other_threads+0x29c/0x2d0 [ 24.239636][ T320] do_group_exit+0x21a/0x2d0 [ 24.244064][ T320] __x64_sys_exit_group+0x3f/0x40 [ 24.248920][ T320] do_syscall_64+0x3d/0xb0 [ 24.253173][ T320] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 24.258906][ T320] RIP: 0033:0x7fec422c2ff9 [ 24.263154][ T320] Code: Unable to access opcode bytes at 0x7fec422c2fcf. [ 24.270010][ T320] RSP: 002b:00007ffe5e1cad88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 24.278259][ T320] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fec422c2ff9 [pid 319] <... exit_group resumed>) = ? [pid 325] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 324] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 323] +++ exited with 0 +++ [pid 325] <... bpf resumed>) = 0 [pid 324] <... bpf resumed>) = 0 [pid 325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 325] <... bpf resumed>) = 6 [pid 324] <... bpf resumed>) = 6 [pid 320] +++ exited with 0 +++ [pid 319] +++ exited with 0 +++ [pid 325] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 324] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 325] <... bpf resumed>) = 7 [pid 324] <... bpf resumed>) = 7 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 324] exit_group(0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 324] <... exit_group resumed>) = ? [pid 300] <... clone resumed>, child_tidptr=0x555555e33650) = 329 [pid 296] <... clone resumed>, child_tidptr=0x555555e33650) = 331 ./strace-static-x86_64: Process 331 attached [pid 331] set_robust_list(0x555555e33660, 24) = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 331] setpgid(0, 0) = 0 [pid 301] <... clone resumed>, child_tidptr=0x555555e33650) = 330 [pid 325] exit_group(0./strace-static-x86_64: Process 330 attached ) = ? [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 330] set_robust_list(0x555555e33660, 24./strace-static-x86_64: Process 329 attached ) = 0 [pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 329] set_robust_list(0x555555e33660, 24 [pid 331] <... openat resumed>) = 3 [pid 330] <... prctl resumed>) = 0 [pid 329] <... set_robust_list resumed>) = 0 [pid 331] write(3, "1000", 4 [pid 330] setpgid(0, 0 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 331] <... write resumed>) = 4 [pid 330] <... setpgid resumed>) = 0 [pid 329] <... prctl resumed>) = 0 [pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] close(3) = 0 [pid 331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 330] write(3, "1000", 4 [pid 329] setpgid(0, 0 [pid 330] <... write resumed>) = 4 [pid 329] <... setpgid resumed>) = 0 [pid 330] close(3) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 329] <... openat resumed>) = 3 [pid 329] write(3, "1000", 4) = 4 [pid 331] <... bpf resumed>) = 3 [pid 329] close(3) = 0 [pid 331] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 330] <... bpf resumed>) = 3 [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 330] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 329] <... bpf resumed>) = 3 [pid 324] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 325] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=21} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] <... restart_syscall resumed>) = 0 [pid 329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 332 attached ./strace-static-x86_64: Process 333 attached [pid 298] <... clone resumed>, child_tidptr=0x555555e33650) = 332 [pid 297] <... clone resumed>, child_tidptr=0x555555e33650) = 333 [pid 332] set_robust_list(0x555555e33660, 24 [pid 333] set_robust_list(0x555555e33660, 24 [pid 332] <... set_robust_list resumed>) = 0 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 333] <... set_robust_list resumed>) = 0 [pid 332] <... prctl resumed>) = 0 [pid 332] setpgid(0, 0) = 0 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 332] <... openat resumed>) = 3 [pid 333] <... prctl resumed>) = 0 [pid 332] write(3, "1000", 4 [pid 333] setpgid(0, 0) = 0 [pid 332] <... write resumed>) = 4 [pid 332] close(3) = 0 [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 332] <... bpf resumed>) = 3 [pid 332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 333] <... bpf resumed>) = 3 [pid 333] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 330] <... bpf resumed>) = 4 [pid 333] <... bpf resumed>) = 4 [pid 332] <... bpf resumed>) = 4 [pid 331] <... bpf resumed>) = 4 [pid 329] <... bpf resumed>) = 4 [pid 333] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 332] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 331] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 333] <... bpf resumed>) = 5 [pid 332] <... bpf resumed>) = 5 [pid 331] <... bpf resumed>) = 5 [pid 330] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 329] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 333] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 332] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 331] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 330] <... bpf resumed>) = 5 [pid 329] <... bpf resumed>) = 5 [pid 333] <... bpf resumed>) = 0 [pid 332] <... bpf resumed>) = 0 [pid 331] <... bpf resumed>) = 0 [pid 330] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 329] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 330] <... bpf resumed>) = 0 [pid 329] <... bpf resumed>) = 0 [pid 332] <... bpf resumed>) = 6 [pid 330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 333] <... bpf resumed>) = 6 [pid 332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 331] <... bpf resumed>) = 6 [pid 330] <... bpf resumed>) = 6 [pid 333] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 332] <... bpf resumed>) = 7 [pid 331] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 330] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 329] <... bpf resumed>) = 6 [pid 333] <... bpf resumed>) = 7 [pid 332] exit_group(0 [pid 331] <... bpf resumed>) = 7 [pid 330] <... bpf resumed>) = 7 [pid 329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 333] exit_group(0 [pid 332] <... exit_group resumed>) = ? [pid 331] exit_group(0 [pid 330] exit_group(0 [pid 329] <... bpf resumed>) = 7 [ 24.286153][ T320] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 24.293965][ T320] RBP: 00007fec4233f2b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 24.301778][ T320] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fec4233f2b0 [ 24.309590][ T320] R13: 0000000000000000 R14: 00007fec4233fd20 R15: 00007fec422941b0 [ 24.317405][ T320] [pid 333] <... exit_group resumed>) = ? [pid 330] <... exit_group resumed>) = ? [pid 329] exit_group(0 [pid 330] +++ exited with 0 +++ [pid 329] <... exit_group resumed>) = ? [pid 329] +++ exited with 0 +++ [pid 331] <... exit_group resumed>) = ? [pid 331] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 334 ./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x555555e33660, 24) = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 [pid 334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 332] +++ exited with 0 +++ [pid 334] <... bpf resumed>) = 3 [pid 334] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16) = 4 [pid 334] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 334] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 334] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16) = 7 [pid 334] exit_group(0) = ? [pid 334] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 335 ./strace-static-x86_64: Process 335 attached [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 335] set_robust_list(0x555555e33660, 24) = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 301] <... restart_syscall resumed>) = 0 [pid 300] <... restart_syscall resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] <... clone resumed>, child_tidptr=0x555555e33650) = 337 [pid 300] <... clone resumed>, child_tidptr=0x555555e33650) = 336 [pid 335] <... prctl resumed>) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 ./strace-static-x86_64: Process 336 attached [pid 335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 336] set_robust_list(0x555555e33660, 24 [pid 335] <... bpf resumed>) = 4 [pid 336] <... set_robust_list resumed>) = 0 [pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 335] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 336] <... prctl resumed>) = 0 [pid 335] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 336] setpgid(0, 0 [pid 335] <... bpf resumed>) = 0 [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 336] <... setpgid resumed>) = 0 [pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 336] write(3, "1000", 4) = 4 [pid 336] close(3) = 0 [pid 336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 335] <... bpf resumed>) = 6 [pid 335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16) = 7 [pid 335] exit_group(0) = ? [pid 336] <... bpf resumed>) = 3 [pid 336] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16) = 4 [pid 336] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 336] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 335] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 336] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 296] <... restart_syscall resumed>) = 0 [ 24.362936][ C1] softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000103, exited with 00000102? [ 24.374771][ T332] BUG: scheduling while atomic: syz-executor115/332/0x00000002 [ 24.382817][ T332] Modules linked in: [ 24.386704][ T332] Preemption disabled at: [ 24.386713][ T332] [] up_write+0x27/0x1f0 [ 24.397348][ T332] CPU: 1 PID: 332 Comm: syz-executor115 Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 296] <... clone resumed>, child_tidptr=0x555555e33650) = 338 [pid 298] <... restart_syscall resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 339 ./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x555555e33660, 24) = 0 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 338] setpgid(0, 0) = 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 338] write(3, "1000", 4) = 4 [pid 338] close(3) = 0 [pid 338] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 338] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16./strace-static-x86_64: Process 337 attached [ 24.408718][ T332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.418616][ T332] Call Trace: [ 24.421734][ T332] [ 24.424518][ T332] dump_stack_lvl+0x151/0x1b7 [ 24.429026][ T332] ? up_write+0x27/0x1f0 [ 24.433106][ T332] ? up_write+0x27/0x1f0 [ 24.437184][ T332] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 24.442481][ T332] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 24.448115][ T332] ? up_write+0x27/0x1f0 [ 24.452193][ T332] dump_stack+0x15/0x1b [ 24.456193][ T332] __schedule_bug+0x195/0x260 [ 24.460705][ T332] ? cpu_util_update_eff+0x10e0/0x10e0 [ 24.465997][ T332] __schedule+0xcf7/0x1550 [ 24.470264][ T332] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 24.475543][ T332] ? __sched_text_start+0x8/0x8 [ 24.480444][ T332] ? _raw_write_lock_irqsave+0x160/0x1e0 [ 24.485915][ T332] do_task_dead+0x99/0xa0 [ 24.490074][ T332] do_exit+0x202a/0x2b80 [ 24.494170][ T332] ? put_task_struct+0x80/0x80 [ 24.498841][ T332] ? __kasan_check_write+0x14/0x20 [ 24.503786][ T332] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 24.508731][ T332] ? _raw_spin_lock_irqsave+0x210/0x210 [ 24.514122][ T332] ? zap_other_threads+0x29c/0x2d0 [ 24.519062][ T332] do_group_exit+0x21a/0x2d0 [ 24.523500][ T332] __x64_sys_exit_group+0x3f/0x40 [ 24.528348][ T332] do_syscall_64+0x3d/0xb0 [ 24.532607][ T332] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 24.538333][ T332] RIP: 0033:0x7fec422c2ff9 [ 24.542592][ T332] Code: Unable to access opcode bytes at 0x7fec422c2fcf. [ 24.549501][ T332] RSP: 002b:00007ffe5e1cad88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [pid 337] set_robust_list(0x555555e33660, 24) = 0 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 337] setpgid(0, 0) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 337] write(3, "1000", 4) = 4 [pid 337] close(3) = 0 [pid 337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 337] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x555555e33660, 24) = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 336] <... bpf resumed>) = 7 [pid 336] exit_group(0) = ? [pid 339] <... bpf resumed>) = 4 [pid 338] <... bpf resumed>) = 4 [pid 337] <... bpf resumed>) = 4 [pid 336] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 340 attached [pid 339] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 338] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 337] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 333] +++ exited with 0 +++ [pid 339] <... bpf resumed>) = 5 [pid 338] <... bpf resumed>) = 5 [pid 337] <... bpf resumed>) = 5 [pid 300] <... clone resumed>, child_tidptr=0x555555e33650) = 340 [pid 339] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 340] set_robust_list(0x555555e33660, 24 [pid 337] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 338] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 339] <... bpf resumed>) = 0 [pid 340] <... set_robust_list resumed>) = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 337] <... bpf resumed>) = 0 [pid 338] <... bpf resumed>) = 0 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 338] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 340] <... openat resumed>) = 3 [pid 339] <... bpf resumed>) = 6 [pid 340] write(3, "1000", 4) = 4 [pid 340] close(3) = 0 [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 338] <... bpf resumed>) = 6 [pid 337] <... bpf resumed>) = 6 ./strace-static-x86_64: Process 341 attached [pid 339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 338] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 337] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 341] set_robust_list(0x555555e33660, 24 [pid 340] <... bpf resumed>) = 3 [pid 340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 341] <... set_robust_list resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555555e33650) = 341 [pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 341] setpgid(0, 0) = 0 [pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 341] write(3, "1000", 4) = 4 [pid 341] close(3) = 0 [pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 341] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 339] <... bpf resumed>) = 7 [pid 340] <... bpf resumed>) = 4 [pid 338] <... bpf resumed>) = 7 [pid 340] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 338] exit_group(0 [pid 337] <... bpf resumed>) = 7 [pid 341] <... bpf resumed>) = 4 [pid 340] <... bpf resumed>) = 5 [pid 339] exit_group(0 [pid 338] <... exit_group resumed>) = ? [pid 341] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 339] <... exit_group resumed>) = ? [ 24.557692][ T332] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fec422c2ff9 [ 24.565496][ T332] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 24.573309][ T332] RBP: 00007fec4233f2b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 24.581216][ T332] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fec4233f2b0 [ 24.589025][ T332] R13: 0000000000000000 R14: 00007fec4233fd20 R15: 00007fec422941b0 [ 24.596848][ T332] [pid 337] exit_group(0 [pid 341] <... bpf resumed>) = 5 [pid 339] +++ exited with 0 +++ [pid 337] <... exit_group resumed>) = ? [pid 341] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 341] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 340] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 342 ./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x555555e33660, 24) = 0 [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 342] setpgid(0, 0) = 0 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 342] write(3, "1000", 4) = 4 [pid 342] close(3) = 0 [pid 342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 342] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 338] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 343 ./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x555555e33660, 24) = 0 [pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 343] setpgid(0, 0) = 0 [pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 343] write(3, "1000", 4) = 4 [pid 343] close(3) = 0 [pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [ 24.635113][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 24.647465][ C1] softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000104, exited with 00000103? [ 24.659913][ T338] BUG: scheduling while atomic: syz-executor115/338/0x00000003 [ 24.667351][ T338] Modules linked in: [ 24.671442][ T338] Preemption disabled at: [ 24.671453][ T338] [] free_unref_page+0x177/0x5c0 [ 24.681960][ T338] CPU: 1 PID: 338 Comm: syz-executor115 Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 24.693325][ T338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.703340][ T338] Call Trace: [ 24.706431][ T338] [ 24.709208][ T338] dump_stack_lvl+0x151/0x1b7 [ 24.713717][ T338] ? free_unref_page+0x177/0x5c0 [ 24.718489][ T338] ? free_unref_page+0x177/0x5c0 [ 24.723267][ T338] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 24.728563][ T338] ? free_unref_page+0x177/0x5c0 [ 24.733334][ T338] dump_stack+0x15/0x1b [ 24.737328][ T338] __schedule_bug+0x195/0x260 [ 24.741849][ T338] ? cpu_util_update_eff+0x10e0/0x10e0 [ 24.747135][ T338] ? sysvec_irq_work+0x52/0xb0 [ 24.751735][ T338] ? asm_sysvec_irq_work+0x1b/0x20 [ 24.756685][ T338] __schedule+0xcf7/0x1550 [ 24.760935][ T338] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 24.766318][ T338] ? __sched_text_start+0x8/0x8 [ 24.771005][ T338] ? startup_64+0x2/0x60 [ 24.775081][ T338] do_task_dead+0x99/0xa0 [ 24.779253][ T338] do_exit+0x202a/0x2b80 [ 24.783329][ T338] ? put_task_struct+0x80/0x80 [ 24.787926][ T338] ? __kasan_check_write+0x14/0x20 [ 24.792872][ T338] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 24.797825][ T338] ? _raw_spin_lock_irqsave+0x210/0x210 [ 24.803204][ T338] ? zap_other_threads+0x29c/0x2d0 [ 24.808159][ T338] do_group_exit+0x21a/0x2d0 [ 24.812666][ T338] __x64_sys_exit_group+0x3f/0x40 [ 24.817550][ T338] do_syscall_64+0x3d/0xb0 [ 24.821779][ T338] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 24.827502][ T338] RIP: 0033:0x7fec422c2ff9 [ 24.831754][ T338] Code: Unable to access opcode bytes at 0x7fec422c2fcf. [ 24.838613][ T338] RSP: 002b:00007ffe5e1cad88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 24.846859][ T338] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fec422c2ff9 [ 24.854667][ T338] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 24.862481][ T338] RBP: 00007fec4233f2b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 24.870498][ T338] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fec4233f2b0 [ 24.878300][ T338] R13: 0000000000000000 R14: 00007fec4233fd20 R15: 00007fec422941b0 [pid 343] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 337] +++ exited with 0 +++ [pid 341] <... bpf resumed>) = 7 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 340] <... bpf resumed>) = 7 [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 343] <... bpf resumed>) = 4 [pid 342] <... bpf resumed>) = 4 [pid 343] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 342] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 341] exit_group(0 [pid 340] exit_group(0 [pid 301] <... restart_syscall resumed>) = 0 [pid 343] <... bpf resumed>) = 5 [pid 343] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 342] <... bpf resumed>) = 5 [pid 341] <... exit_group resumed>) = ? [pid 340] <... exit_group resumed>) = ? [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 342] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 343] <... bpf resumed>) = 0 [pid 301] <... clone resumed>, child_tidptr=0x555555e33650) = 345 [pid 342] <... bpf resumed>) = 0 [pid 342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 342] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 343] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x555555e33660, 24) = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0) = 0 [pid 341] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] <... restart_syscall resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 346 [pid 345] <... openat resumed>) = 3 [pid 345] write(3, "1000", 4) = 4 [pid 345] close(3) = 0 [pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 345] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16./strace-static-x86_64: Process 346 attached [pid 346] set_robust_list(0x555555e33660, 24) = 0 [pid 346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 346] setpgid(0, 0) = 0 [pid 346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 346] write(3, "1000", 4) = 4 [pid 346] close(3) = 0 [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [ 24.886119][ T338] [ 24.892849][ C0] softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000103, exited with 00000102? [ 24.905009][ T341] BUG: scheduling while atomic: syz-executor115/341/0x00000002 [ 24.912592][ T341] Modules linked in: [ 24.916553][ T341] Preemption disabled at: [ 24.916563][ T341] [] up_write+0x27/0x1f0 [ 24.926409][ T341] CPU: 0 PID: 341 Comm: syz-executor115 Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 24.937742][ T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.947642][ T341] Call Trace: [ 24.950766][ T341] [ 24.953543][ T341] dump_stack_lvl+0x151/0x1b7 [ 24.958064][ T341] ? up_write+0x27/0x1f0 [ 24.962134][ T341] ? up_write+0x27/0x1f0 [ 24.966212][ T341] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 24.971501][ T341] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 24.977152][ T341] ? up_write+0x27/0x1f0 [ 24.981222][ T341] dump_stack+0x15/0x1b [ 24.985216][ T341] __schedule_bug+0x195/0x260 [ 24.989733][ T341] ? cpu_util_update_eff+0x10e0/0x10e0 [ 24.995026][ T341] __schedule+0xcf7/0x1550 [ 24.999276][ T341] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 25.004571][ T341] ? __sched_text_start+0x8/0x8 [ 25.009256][ T341] ? _raw_write_lock_irqsave+0x160/0x1e0 [ 25.014733][ T341] do_task_dead+0x99/0xa0 [ 25.018889][ T341] do_exit+0x202a/0x2b80 [ 25.022972][ T341] ? put_task_struct+0x80/0x80 [ 25.027569][ T341] ? __kasan_check_write+0x14/0x20 [ 25.032520][ T341] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 25.037463][ T341] ? _raw_spin_lock_irqsave+0x210/0x210 [ 25.042861][ T341] ? zap_other_threads+0x29c/0x2d0 [ 25.047807][ T341] do_group_exit+0x21a/0x2d0 [ 25.052226][ T341] __x64_sys_exit_group+0x3f/0x40 [ 25.057083][ T341] do_syscall_64+0x3d/0xb0 [ 25.061352][ T341] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 25.067060][ T341] RIP: 0033:0x7fec422c2ff9 [ 25.071314][ T341] Code: Unable to access opcode bytes at 0x7fec422c2fcf. [ 25.078174][ T341] RSP: 002b:00007ffe5e1cad88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [pid 346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 342] <... bpf resumed>) = 7 [pid 340] +++ exited with 0 +++ [pid 342] exit_group(0 [pid 343] <... bpf resumed>) = 7 [pid 342] <... exit_group resumed>) = ? [pid 346] <... bpf resumed>) = 4 [pid 345] <... bpf resumed>) = 4 [pid 343] exit_group(0 [pid 342] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 346] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 345] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 343] <... exit_group resumed>) = ? [pid 346] <... bpf resumed>) = 5 [pid 345] <... bpf resumed>) = 5 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 346] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 345] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 345] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [ 25.086421][ T341] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fec422c2ff9 [ 25.094323][ T341] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 25.102125][ T341] RBP: 00007fec4233f2b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 25.110025][ T341] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fec4233f2b0 [ 25.117834][ T341] R13: 0000000000000000 R14: 00007fec4233fd20 R15: 00007fec422941b0 [ 25.125653][ T341] [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 347 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 348 ./strace-static-x86_64: Process 347 attached [pid 347] set_robust_list(0x555555e33660, 24) = 0 [pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 347] setpgid(0, 0) = 0 [pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 347] write(3, "1000", 4) = 4 [pid 347] close(3 [pid 346] <... bpf resumed>) = 7 [pid 345] <... bpf resumed>) = 7 [pid 346] exit_group(0 [pid 345] exit_group(0 [pid 346] <... exit_group resumed>) = ? [pid 345] <... exit_group resumed>) = ? [pid 343] +++ exited with 0 +++ [pid 346] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 297] <... restart_syscall resumed>) = 0 [pid 296] <... restart_syscall resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... clone resumed>, child_tidptr=0x555555e33650) = 349 [pid 296] <... clone resumed>, child_tidptr=0x555555e33650) = 350 [pid 347] <... close resumed>) = 0 [pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 347] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16./strace-static-x86_64: Process 348 attached [pid 348] set_robust_list(0x555555e33660, 24) = 0 [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 348] setpgid(0, 0) = 0 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 348] write(3, "1000", 4) = 4 [pid 348] close(3) = 0 [pid 348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 348] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x555555e33660, 24) = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 349] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x555555e33660, 24) = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [ 25.133695][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 25.147257][ T343] BUG: scheduling while atomic: syz-executor115/343/0x00000002 [ 25.154984][ T343] Modules linked in: [ 25.159047][ T343] Preemption disabled at: [ 25.159085][ T343] [] is_module_text_address+0x1f/0x360 [ 25.170601][ T343] CPU: 1 PID: 343 Comm: syz-executor115 Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 25.181967][ T343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.191862][ T343] Call Trace: [ 25.194987][ T343] [ 25.197763][ T343] dump_stack_lvl+0x151/0x1b7 [ 25.202272][ T343] ? is_module_text_address+0x1f/0x360 [ 25.207573][ T343] ? is_module_text_address+0x1f/0x360 [ 25.212863][ T343] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 25.218160][ T343] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 25.223800][ T343] ? is_module_text_address+0x1f/0x360 [ 25.229098][ T343] dump_stack+0x15/0x1b [ 25.233088][ T343] __schedule_bug+0x195/0x260 [ 25.237613][ T343] ? cpu_util_update_eff+0x10e0/0x10e0 [ 25.242897][ T343] __schedule+0xcf7/0x1550 [ 25.247151][ T343] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 25.252444][ T343] ? __sched_text_start+0x8/0x8 [ 25.257135][ T343] ? asm_exc_page_fault+0x22/0x30 [ 25.261990][ T343] do_task_dead+0x99/0xa0 [ 25.266157][ T343] do_exit+0x202a/0x2b80 [ 25.270263][ T343] ? put_task_struct+0x80/0x80 [ 25.274844][ T343] ? __kasan_check_write+0x14/0x20 [ 25.279796][ T343] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 25.284817][ T343] ? _raw_spin_lock_irqsave+0x210/0x210 [ 25.290194][ T343] ? zap_other_threads+0x29c/0x2d0 [ 25.295150][ T343] do_group_exit+0x21a/0x2d0 [ 25.299572][ T343] __x64_sys_exit_group+0x3f/0x40 [ 25.304440][ T343] do_syscall_64+0x3d/0xb0 [ 25.308685][ T343] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 25.314420][ T343] RIP: 0033:0x7fec422c2ff9 [ 25.318663][ T343] Code: Unable to access opcode bytes at 0x7fec422c2fcf. [ 25.325528][ T343] RSP: 002b:00007ffe5e1cad88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [pid 350] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 345] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 351 ./strace-static-x86_64: Process 351 attached [pid 351] set_robust_list(0x555555e33660, 24) = 0 [pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 351] setpgid(0, 0) = 0 [pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 351] write(3, "1000", 4) = 4 [pid 351] close(3) = 0 [pid 351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 351] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 348] <... bpf resumed>) = 4 [pid 347] <... bpf resumed>) = 4 [pid 348] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 347] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 350] <... bpf resumed>) = 4 [pid 349] <... bpf resumed>) = 4 [pid 348] <... bpf resumed>) = 5 [pid 347] <... bpf resumed>) = 5 [pid 351] <... bpf resumed>) = 4 [pid 350] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 349] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 348] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 347] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 351] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 350] <... bpf resumed>) = 5 [pid 349] <... bpf resumed>) = 5 [pid 348] <... bpf resumed>) = 0 [pid 347] <... bpf resumed>) = 0 [pid 348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 351] <... bpf resumed>) = 5 [pid 350] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 349] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 350] <... bpf resumed>) = 0 [pid 349] <... bpf resumed>) = 0 [pid 348] <... bpf resumed>) = 6 [pid 350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 351] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 348] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 347] <... bpf resumed>) = 6 [pid 351] <... bpf resumed>) = 0 [pid 350] <... bpf resumed>) = 6 [pid 348] <... bpf resumed>) = 7 [pid 347] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 350] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 349] <... bpf resumed>) = 6 [pid 348] exit_group(0 [pid 347] <... bpf resumed>) = 7 [pid 350] <... bpf resumed>) = 7 [pid 349] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 348] <... exit_group resumed>) = ? [pid 350] exit_group(0 [pid 349] <... bpf resumed>) = 7 [ 25.333771][ T343] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fec422c2ff9 [ 25.341594][ T343] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 25.349397][ T343] RBP: 00007fec4233f2b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 25.357206][ T343] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fec4233f2b0 [ 25.365016][ T343] R13: 0000000000000000 R14: 00007fec4233fd20 R15: 00007fec422941b0 [ 25.372836][ T343] [pid 347] exit_group(0 [pid 350] <... exit_group resumed>) = ? [pid 349] exit_group(0 [pid 350] +++ exited with 0 +++ [pid 349] <... exit_group resumed>) = ? [pid 349] +++ exited with 0 +++ [pid 351] <... bpf resumed>) = 6 [pid 351] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16) = 7 [pid 351] exit_group(0) = ? [pid 351] +++ exited with 0 +++ [pid 347] <... exit_group resumed>) = ? [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] <... restart_syscall resumed>) = 0 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 348] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] <... restart_syscall resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 296] <... restart_syscall resumed>) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 301] <... clone resumed>, child_tidptr=0x555555e33650) = 352 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... clone resumed>, child_tidptr=0x555555e33650) = 353 [pid 296] <... clone resumed>, child_tidptr=0x555555e33650) = 354 [pid 298] <... clone resumed>, child_tidptr=0x555555e33650) = 355 ./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x555555e33660, 24) = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 353 attached [pid 353] set_robust_list(0x555555e33660, 24 [pid 355] <... openat resumed>) = 3 [pid 353] <... set_robust_list resumed>) = 0 [pid 355] write(3, "1000", 4 [pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 355] <... write resumed>) = 4 [pid 355] close(3) = 0 [pid 353] <... prctl resumed>) = 0 [pid 355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 353] setpgid(0, 0) = 0 [pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 353] write(3, "1000", 4) = 4 [pid 353] close(3) = 0 [pid 353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 355] <... bpf resumed>) = 3 [pid 353] <... bpf resumed>) = 3 [pid 353] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 355] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16./strace-static-x86_64: Process 352 attached [pid 352] set_robust_list(0x555555e33660, 24) = 0 [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 352] setpgid(0, 0) = 0 [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 352] write(3, "1000", 4) = 4 [pid 352] close(3) = 0 [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16./strace-static-x86_64: Process 354 attached [pid 354] set_robust_list(0x555555e33660, 24) = 0 [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 354] setpgid(0, 0) = 0 [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 354] write(3, "1000", 4) = 4 [pid 354] close(3) = 0 [pid 354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [ 25.402567][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000102, exited with 00000101? [ 25.415955][ T348] BUG: scheduling while atomic: syz-executor115/348/0x00000002 [ 25.423372][ T348] Modules linked in: [ 25.427601][ T348] Preemption disabled at: [ 25.427612][ T348] [] up_write+0x27/0x1f0 [ 25.437976][ T348] CPU: 1 PID: 348 Comm: syz-executor115 Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 25.449579][ T348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.459456][ T348] Call Trace: [ 25.462585][ T348] [ 25.465359][ T348] dump_stack_lvl+0x151/0x1b7 [ 25.469866][ T348] ? up_write+0x27/0x1f0 [ 25.473942][ T348] ? up_write+0x27/0x1f0 [ 25.478027][ T348] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 25.483322][ T348] ? up_write+0x27/0x1f0 [ 25.487410][ T348] dump_stack+0x15/0x1b [ 25.491388][ T348] __schedule_bug+0x195/0x260 [ 25.495902][ T348] ? cpu_util_update_eff+0x10e0/0x10e0 [ 25.501293][ T348] ? sysvec_irq_work+0x52/0xb0 [ 25.505893][ T348] ? asm_sysvec_irq_work+0x1b/0x20 [ 25.510847][ T348] __schedule+0xcf7/0x1550 [ 25.515085][ T348] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 25.520385][ T348] ? __sched_text_start+0x8/0x8 [ 25.525077][ T348] ? startup_64+0x2/0x60 [ 25.529144][ T348] do_task_dead+0x99/0xa0 [ 25.533311][ T348] do_exit+0x202a/0x2b80 [ 25.537402][ T348] ? put_task_struct+0x80/0x80 [ 25.541996][ T348] ? __kasan_check_write+0x14/0x20 [ 25.546940][ T348] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 25.551883][ T348] ? _raw_spin_lock_irqsave+0x210/0x210 [ 25.557266][ T348] ? zap_other_threads+0x29c/0x2d0 [ 25.562217][ T348] do_group_exit+0x21a/0x2d0 [ 25.566667][ T348] __x64_sys_exit_group+0x3f/0x40 [ 25.571515][ T348] do_syscall_64+0x3d/0xb0 [ 25.575753][ T348] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 25.581486][ T348] RIP: 0033:0x7fec422c2ff9 [ 25.585737][ T348] Code: Unable to access opcode bytes at 0x7fec422c2fcf. [ 25.592595][ T348] RSP: 002b:00007ffe5e1cad88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [pid 354] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 355] <... bpf resumed>) = 4 [pid 354] <... bpf resumed>) = 4 [pid 353] <... bpf resumed>) = 4 [pid 352] <... bpf resumed>) = 4 [pid 347] +++ exited with 0 +++ [pid 355] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 354] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 353] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 352] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 355] <... bpf resumed>) = 5 [pid 354] <... bpf resumed>) = 5 [pid 353] <... bpf resumed>) = 5 [pid 352] <... bpf resumed>) = 5 [pid 355] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 354] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 353] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 352] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 355] <... bpf resumed>) = 0 [pid 354] <... bpf resumed>) = 0 [pid 353] <... bpf resumed>) = 0 [pid 352] <... bpf resumed>) = 0 [pid 355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 355] <... bpf resumed>) = 6 [pid 354] <... bpf resumed>) = 6 [pid 355] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 354] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 353] <... bpf resumed>) = 6 [pid 353] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 352] <... bpf resumed>) = 6 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 356 attached [pid 356] set_robust_list(0x555555e33660, 24 [pid 300] <... clone resumed>, child_tidptr=0x555555e33650) = 356 [pid 356] <... set_robust_list resumed>) = 0 [pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 356] setpgid(0, 0) = 0 [pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 356] write(3, "1000", 4) = 4 [pid 356] close(3) = 0 [pid 356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 356] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 355] <... bpf resumed>) = 7 [pid 356] <... bpf resumed>) = 4 [pid 355] exit_group(0 [pid 354] <... bpf resumed>) = 7 [pid 353] <... bpf resumed>) = 7 [pid 352] <... bpf resumed>) = 7 [pid 356] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 355] <... exit_group resumed>) = ? [pid 353] exit_group(0 [pid 352] exit_group(0 [pid 356] <... bpf resumed>) = 5 [pid 354] exit_group(0 [pid 355] +++ exited with 0 +++ [pid 354] <... exit_group resumed>) = ? [pid 356] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 353] <... exit_group resumed>) = ? [pid 352] <... exit_group resumed>) = ? [pid 356] <... bpf resumed>) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 356] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 357 attached , child_tidptr=0x555555e33650) = 357 [pid 357] set_robust_list(0x555555e33660, 24) = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 357] setpgid(0, 0) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 357] write(3, "1000", 4) = 4 [pid 357] close(3) = 0 [pid 357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [ 25.601140][ T348] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fec422c2ff9 [ 25.609088][ T348] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 25.616900][ T348] RBP: 00007fec4233f2b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 25.624716][ T348] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fec4233f2b0 [ 25.632536][ T348] R13: 0000000000000000 R14: 00007fec4233fd20 R15: 00007fec422941b0 [ 25.640353][ T348] [pid 357] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 354] +++ exited with 0 +++ [pid 353] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=353, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... clone resumed>, child_tidptr=0x555555e33650) = 358 [pid 296] <... clone resumed>, child_tidptr=0x555555e33650) = 359 ./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x555555e33660, 24) = 0 [pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 358] setpgid(0, 0) = 0 [pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 358] write(3, "1000", 4) = 4 [pid 358] close(3) = 0 [pid 358] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 358] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16./strace-static-x86_64: Process 359 attached [pid 359] set_robust_list(0x555555e33660, 24) = 0 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] setpgid(0, 0) = 0 [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 359] write(3, "1000", 4) = 4 [pid 359] close(3) = 0 [pid 359] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [ 25.683162][ C1] softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000104, exited with 00000103? [ 25.694383][ T24] BUG: workqueue leaked lock or atomic: kworker/1:0/0x00000001/24 [ 25.694383][ T24] last function: bpf_prog_free_deferred [ 25.708326][ T24] CPU: 1 PID: 24 Comm: kworker/1:0 Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 25.719270][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.729647][ T24] Workqueue: events bpf_prog_free_deferred [ 25.735279][ T24] Call Trace: [ 25.738399][ T24] [ 25.741184][ T24] dump_stack_lvl+0x151/0x1b7 [ 25.745699][ T24] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 25.751075][ T24] ? bpf_prog_free_deferred+0x63e/0x750 [ 25.756456][ T24] dump_stack+0x15/0x1b [ 25.760445][ T24] process_one_work+0x94e/0xcb0 [ 25.765248][ T24] worker_thread+0xa60/0x1260 [ 25.769908][ T24] kthread+0x26d/0x300 [ 25.774069][ T24] ? worker_clr_flags+0x1a0/0x1a0 [ 25.778929][ T24] ? kthread_blkcg+0xd0/0xd0 [ 25.783443][ T24] ret_from_fork+0x1f/0x30 [ 25.787694][ T24] [ 25.790619][ T24] BUG: scheduling while atomic: kworker/1:0/24/0x00000002 [ 25.797926][ T24] Modules linked in: [ 25.801628][ T24] Preemption disabled at: [ 25.801638][ T24] [] free_vmap_area_noflush+0x226/0xa30 [ 25.812762][ T24] CPU: 1 PID: 24 Comm: kworker/1:0 Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 25.823675][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.833742][ T24] Workqueue: 0x0 (events) [ 25.838080][ T24] Call Trace: [ 25.841205][ T24] [ 25.843985][ T24] dump_stack_lvl+0x151/0x1b7 [ 25.848587][ T24] ? free_vmap_area_noflush+0x226/0xa30 [ 25.853965][ T24] ? free_vmap_area_noflush+0x226/0xa30 [ 25.859350][ T24] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 25.864641][ T24] ? free_vmap_area_noflush+0x226/0xa30 [ 25.870020][ T24] dump_stack+0x15/0x1b [ 25.874010][ T24] __schedule_bug+0x195/0x260 [ 25.878527][ T24] ? cpu_util_update_eff+0x10e0/0x10e0 [pid 359] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 356] <... bpf resumed>) = 7 [pid 357] <... bpf resumed>) = 4 [pid 359] <... bpf resumed>) = 4 [pid 358] <... bpf resumed>) = 4 [pid 357] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 356] exit_group(0 [pid 352] +++ exited with 0 +++ [pid 359] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 358] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 356] <... exit_group resumed>) = ? [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 357] <... bpf resumed>) = 5 [pid 359] <... bpf resumed>) = 5 [pid 358] <... bpf resumed>) = 5 [pid 357] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 359] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 358] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 357] <... bpf resumed>) = 6 [pid 356] +++ exited with 0 +++ [pid 357] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 359] <... bpf resumed>) = 0 [pid 358] <... bpf resumed>) = 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 359] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 358] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 359] <... bpf resumed>) = 6 [pid 358] <... bpf resumed>) = 6 [pid 300] <... restart_syscall resumed>) = 0 [pid 359] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 361 attached [pid 301] <... clone resumed>, child_tidptr=0x555555e33650) = 361 [pid 358] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 361] set_robust_list(0x555555e33660, 24) = 0 [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 361] setpgid(0, 0) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555555e33650) = 362 [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 362 attached [pid 361] write(3, "1000", 4) = 4 [pid 361] close(3) = 0 [pid 362] set_robust_list(0x555555e33660, 24 [pid 361] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 362] <... set_robust_list resumed>) = 0 [pid 362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 362] setpgid(0, 0) = 0 [pid 362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 361] <... bpf resumed>) = 3 [pid 362] <... openat resumed>) = 3 [pid 361] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 362] write(3, "1000", 4) = 4 [pid 362] close(3) = 0 [pid 362] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 362] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 357] <... bpf resumed>) = 7 [pid 359] <... bpf resumed>) = 7 [pid 358] <... bpf resumed>) = 7 [pid 357] exit_group(0) = ? [pid 361] <... bpf resumed>) = 4 [pid 359] exit_group(0 [pid 358] exit_group(0 [pid 359] <... exit_group resumed>) = ? [pid 358] <... exit_group resumed>) = ? [pid 361] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 361] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 361] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 361] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 362] <... bpf resumed>) = 4 [pid 357] +++ exited with 0 +++ [pid 362] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 358] +++ exited with 0 +++ [pid 362] <... bpf resumed>) = 5 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=358, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 362] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 298] <... restart_syscall resumed>) = 0 [pid 297] <... restart_syscall resumed>) = 0 [pid 362] <... bpf resumed>) = 0 [ 25.883825][ T24] __schedule+0xcf7/0x1550 [ 25.888076][ T24] ? __sched_text_start+0x8/0x8 [ 25.892759][ T24] ? wq_worker_sleeping+0x64/0x290 [ 25.897708][ T24] schedule+0xc3/0x180 [ 25.901615][ T24] worker_thread+0xefa/0x1260 [ 25.906135][ T24] kthread+0x26d/0x300 [ 25.910035][ T24] ? worker_clr_flags+0x1a0/0x1a0 [ 25.914978][ T24] ? kthread_blkcg+0xd0/0xd0 [ 25.919403][ T24] ret_from_fork+0x1f/0x30 [ 25.923662][ T24] [pid 362] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 362] <... bpf resumed>) = 6 [pid 362] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x555555e33660, 24) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555555e33650) = 363 [pid 297] <... clone resumed>, child_tidptr=0x555555e33650) = 364 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x555555e33660, 24 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 364] <... set_robust_list resumed>) = 0 [pid 363] <... openat resumed>) = 3 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 363] write(3, "1000", 4 [pid 364] <... prctl resumed>) = 0 [pid 364] setpgid(0, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 363] <... write resumed>) = 4 [pid 364] write(3, "1000", 4 [pid 363] close(3 [pid 364] <... write resumed>) = 4 [pid 363] <... close resumed>) = 0 [pid 364] close(3) = 0 [pid 364] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 363] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 364] <... bpf resumed>) = 3 [pid 363] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 364] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16) = 4 [pid 362] <... bpf resumed>) = 7 [pid 361] <... bpf resumed>) = 7 [pid 359] +++ exited with 0 +++ [pid 363] <... bpf resumed>) = 4 [pid 362] exit_group(0) = ? [pid 361] exit_group(0 [pid 364] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 363] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 361] <... exit_group resumed>) = ? [pid 364] <... bpf resumed>) = 5 [pid 364] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 364] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 363] <... bpf resumed>) = 5 [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 363] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 363] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 364] <... bpf resumed>) = 6 [pid 364] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 363] <... bpf resumed>) = 6 [pid 296] <... clone resumed>, child_tidptr=0x555555e33650) = 365 [pid 363] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x555555e33660, 24) = 0 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 365] setpgid(0, 0) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 [pid 365] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 365] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 362] +++ exited with 0 +++ [pid 361] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=362, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 366 attached ./strace-static-x86_64: Process 367 attached [pid 301] <... clone resumed>, child_tidptr=0x555555e33650) = 366 [pid 367] set_robust_list(0x555555e33660, 24 [pid 366] set_robust_list(0x555555e33660, 24 [pid 300] <... clone resumed>, child_tidptr=0x555555e33650) = 367 [pid 367] <... set_robust_list resumed>) = 0 [pid 366] <... set_robust_list resumed>) = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 366] setpgid(0, 0) = 0 [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] <... bpf resumed>) = 3 [pid 365] <... bpf resumed>) = 4 [pid 364] <... bpf resumed>) = 7 [pid 363] <... bpf resumed>) = 7 [pid 365] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 364] exit_group(0 [pid 363] exit_group(0 [pid 365] <... bpf resumed>) = 5 [pid 364] <... exit_group resumed>) = ? [pid 363] <... exit_group resumed>) = ? [pid 367] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 366] write(3, "1000", 4 [pid 365] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 366] <... write resumed>) = 4 [pid 365] <... bpf resumed>) = 0 [pid 366] close(3 [pid 365] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 366] <... close resumed>) = 0 [pid 366] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 365] <... bpf resumed>) = 6 [pid 365] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 366] <... bpf resumed>) = 3 [pid 366] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 364] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=364, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 368 attached , child_tidptr=0x555555e33650) = 368 [pid 368] set_robust_list(0x555555e33660, 24) = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 368] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 367] <... bpf resumed>) = 4 [pid 363] +++ exited with 0 +++ [pid 365] <... bpf resumed>) = 7 [pid 366] <... bpf resumed>) = 4 [pid 368] <... bpf resumed>) = 4 [ 26.063663][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 26.075150][ T292] BUG: scheduling while atomic: strace-static-x/292/0x00000002 [ 26.082404][ T292] Modules linked in: [ 26.086310][ T292] Preemption disabled at: [ 26.086318][ T292] [] is_module_text_address+0x1f/0x360 [ 26.097363][ T292] CPU: 1 PID: 292 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 26.108717][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.118722][ T292] Call Trace: [ 26.121846][ T292] [ 26.124710][ T292] dump_stack_lvl+0x151/0x1b7 [ 26.129222][ T292] ? is_module_text_address+0x1f/0x360 [ 26.134515][ T292] ? is_module_text_address+0x1f/0x360 [ 26.139813][ T292] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 26.145107][ T292] ? is_module_text_address+0x1f/0x360 [ 26.150399][ T292] dump_stack+0x15/0x1b [ 26.154393][ T292] __schedule_bug+0x195/0x260 [ 26.158908][ T292] ? cpu_util_update_eff+0x10e0/0x10e0 [ 26.164198][ T292] ? percpu_counter_add_batch+0x13d/0x160 [ 26.169759][ T292] __schedule+0xcf7/0x1550 [ 26.174010][ T292] ? blkcg_maybe_throttle_current+0x17d/0xa00 [ 26.179910][ T292] ? ____fput+0x15/0x20 [ 26.184252][ T292] ? __sched_text_start+0x8/0x8 [ 26.188934][ T292] ? __blkcg_punt_bio_submit+0x180/0x180 [ 26.194404][ T292] ? unlock_page_memcg+0x160/0x160 [ 26.199352][ T292] schedule+0xc3/0x180 [ 26.203259][ T292] exit_to_user_mode_loop+0x4e/0xa0 [ 26.208398][ T292] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.213693][ T292] syscall_exit_to_user_mode+0x26/0x140 [ 26.219072][ T292] do_syscall_64+0x49/0xb0 [ 26.223327][ T292] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 26.229051][ T292] RIP: 0033:0x4e65f7 [ 26.232786][ T292] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 26.252230][ T292] RSP: 002b:00007fff6da4d208 EFLAGS: 00000286 ORIG_RAX: 0000000000000003 [pid 367] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 366] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 365] exit_group(0 [pid 368] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 367] <... bpf resumed>) = 5 [pid 365] <... exit_group resumed>) = ? [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 367] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 366] <... bpf resumed>) = 5 [pid 365] +++ exited with 0 +++ [pid 367] <... bpf resumed>) = 0 [pid 366] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 368] <... bpf resumed>) = 5 [pid 367] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 298] <... restart_syscall resumed>) = 0 [pid 368] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 366] <... bpf resumed>) = 0 [pid 367] <... bpf resumed>) = 6 [pid 368] <... bpf resumed>) = 0 [pid 367] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 366] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 369 attached ./strace-static-x86_64: Process 370 attached [pid 368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 366] <... bpf resumed>) = 6 [pid 370] set_robust_list(0x555555e33660, 24 [pid 369] set_robust_list(0x555555e33660, 24 [pid 368] <... bpf resumed>) = 6 [pid 366] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 296] <... clone resumed>, child_tidptr=0x555555e33650) = 370 [pid 368] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 369] <... set_robust_list resumed>) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555555e33650) = 369 [pid 370] <... set_robust_list resumed>) = 0 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 369] <... prctl resumed>) = 0 [pid 369] setpgid(0, 0) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "1000", 4 [pid 370] <... prctl resumed>) = 0 [pid 369] <... write resumed>) = 4 [pid 369] close(3) = 0 [pid 370] setpgid(0, 0 [pid 369] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 370] <... setpgid resumed>) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] <... bpf resumed>) = 3 [pid 369] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 370] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 367] <... bpf resumed>) = 7 [pid 368] <... bpf resumed>) = 7 [pid 366] <... bpf resumed>) = 7 [pid 367] exit_group(0 [pid 366] exit_group(0 [pid 369] <... bpf resumed>) = 4 [pid 368] exit_group(0 [pid 367] <... exit_group resumed>) = ? [pid 366] <... exit_group resumed>) = ? [pid 370] <... bpf resumed>) = 4 [pid 369] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 368] <... exit_group resumed>) = ? [pid 370] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 367] +++ exited with 0 +++ [pid 370] <... bpf resumed>) = 5 [pid 370] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 370] <... bpf resumed>) = 0 [pid 369] <... bpf resumed>) = 5 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 369] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 369] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 371 attached [pid 370] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 369] <... bpf resumed>) = 6 [pid 371] set_robust_list(0x555555e33660, 24 [pid 369] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 300] <... clone resumed>, child_tidptr=0x555555e33650) = 371 [pid 371] <... set_robust_list resumed>) = 0 [pid 370] <... bpf resumed>) = 6 [pid 370] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 371] setpgid(0, 0) = 0 [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 371] write(3, "1000", 4) = 4 [pid 371] close(3) = 0 [pid 371] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 371] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 368] +++ exited with 0 +++ [pid 366] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 26.260474][ T292] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: 00000000004e65f7 [ 26.268283][ T292] RDX: 00007fff6da4d210 RSI: 0000000000008910 RDI: 0000000000000003 [ 26.276095][ T292] RBP: 0000000000000003 R08: 00000000ffffffff R09: 000000000000000c [ 26.283905][ T292] R10: 0000000000554612 R11: 0000000000000286 R12: 00007fff6da4d270 [ 26.291808][ T292] R13: 00007fff6da4d210 R14: 0000000000423160 R15: 0000000000617180 [ 26.299646][ T292] [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 372 attached [pid 297] <... clone resumed>, child_tidptr=0x555555e33650) = 372 [pid 372] set_robust_list(0x555555e33660, 24) = 0 ./strace-static-x86_64: Process 373 attached [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 301] <... clone resumed>, child_tidptr=0x555555e33650) = 373 [pid 372] <... prctl resumed>) = 0 [pid 373] set_robust_list(0x555555e33660, 24 [pid 372] setpgid(0, 0) = 0 [pid 373] <... set_robust_list resumed>) = 0 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 372] <... openat resumed>) = 3 [pid 372] write(3, "1000", 4) = 4 [pid 373] <... prctl resumed>) = 0 [pid 372] close(3) = 0 [pid 373] setpgid(0, 0 [pid 372] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 373] <... setpgid resumed>) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3) = 0 [pid 373] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 372] <... bpf resumed>) = 3 [pid 372] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 373] <... bpf resumed>) = 3 [pid 373] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 369] <... bpf resumed>) = 7 [pid 373] <... bpf resumed>) = 4 [pid 372] <... bpf resumed>) = 4 [pid 371] <... bpf resumed>) = 4 [pid 370] <... bpf resumed>) = 7 [pid 373] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 372] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 371] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 373] <... bpf resumed>) = 5 [pid 372] <... bpf resumed>) = 5 [pid 371] <... bpf resumed>) = 5 [pid 370] exit_group(0 [pid 369] exit_group(0 [pid 372] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 371] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 372] <... bpf resumed>) = 0 [pid 371] <... bpf resumed>) = 0 [pid 372] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 371] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 373] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 370] <... exit_group resumed>) = ? [pid 369] <... exit_group resumed>) = ? [pid 373] <... bpf resumed>) = 0 [pid 372] <... bpf resumed>) = 6 [pid 371] <... bpf resumed>) = 6 [pid 372] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 371] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 372] <... bpf resumed>) = 7 [pid 371] <... bpf resumed>) = 7 [pid 372] exit_group(0 [pid 371] exit_group(0 [pid 372] <... exit_group resumed>) = ? [pid 371] <... exit_group resumed>) = ? [pid 373] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 372] +++ exited with 0 +++ [pid 370] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 374 attached [pid 373] <... bpf resumed>) = 6 [pid 296] <... restart_syscall resumed>) = 0 [pid 374] set_robust_list(0x555555e33660, 24 [pid 297] <... clone resumed>, child_tidptr=0x555555e33650) = 374 [pid 374] <... set_robust_list resumed>) = 0 [pid 373] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 369] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 375 ./strace-static-x86_64: Process 375 attached [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 375] set_robust_list(0x555555e33660, 24) = 0 [pid 374] <... prctl resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 374] setpgid(0, 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] <... clone resumed>, child_tidptr=0x555555e33650) = 376 [pid 375] <... prctl resumed>) = 0 [pid 374] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x555555e33660, 24) = 0 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 376] setpgid(0, 0) = 0 [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] write(3, "1000", 4) = 4 [pid 376] close(3) = 0 [pid 376] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 374] <... openat resumed>) = 3 [pid 375] setpgid(0, 0 [pid 374] write(3, "1000", 4 [pid 375] <... setpgid resumed>) = 0 [pid 374] <... write resumed>) = 4 [pid 374] close(3) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 374] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 375] <... openat resumed>) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 376] <... bpf resumed>) = 3 [pid 375] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 376] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 374] <... bpf resumed>) = 3 [pid 374] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 375] <... bpf resumed>) = 3 [pid 375] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 371] +++ exited with 0 +++ [pid 376] <... bpf resumed>) = 4 [pid 373] <... bpf resumed>) = 7 [pid 376] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 375] <... bpf resumed>) = 4 [pid 374] <... bpf resumed>) = 4 [pid 373] exit_group(0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 376] <... bpf resumed>) = 5 [pid 373] <... exit_group resumed>) = ? [pid 374] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 375] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 374] <... bpf resumed>) = 5 [pid 375] <... bpf resumed>) = 5 [pid 374] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 375] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 374] <... bpf resumed>) = 0 [pid 375] <... bpf resumed>) = 0 [pid 374] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 375] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 374] <... bpf resumed>) = 6 [pid 375] <... bpf resumed>) = 6 [pid 374] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 375] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 374] <... bpf resumed>) = 7 [pid 375] <... bpf resumed>) = 7 [pid 373] +++ exited with 0 +++ [pid 375] exit_group(0) = ? [pid 375] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 377 [pid 374] exit_group(0) = ? [pid 374] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=374, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 376] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 297] <... restart_syscall resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 378 [pid 376] <... bpf resumed>) = 0 [pid 376] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 376] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16) = 7 [pid 376] exit_group(0) = ? [ 26.415966][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 26.428985][ T373] BUG: scheduling while atomic: syz-executor115/373/0x00000002 [ 26.436425][ T373] Modules linked in: [ 26.440770][ T373] Preemption disabled at: [ 26.440780][ T373] [] is_module_text_address+0x1f/0x360 [ 26.452260][ T373] CPU: 1 PID: 373 Comm: syz-executor115 Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 26.463627][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.473523][ T373] Call Trace: [ 26.476644][ T373] [ 26.479420][ T373] dump_stack_lvl+0x151/0x1b7 [ 26.483931][ T373] ? is_module_text_address+0x1f/0x360 [ 26.489230][ T373] ? is_module_text_address+0x1f/0x360 [ 26.494521][ T373] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 26.499815][ T373] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 26.505459][ T373] ? is_module_text_address+0x1f/0x360 [ 26.510752][ T373] dump_stack+0x15/0x1b [ 26.514744][ T373] __schedule_bug+0x195/0x260 [ 26.519261][ T373] ? cpu_util_update_eff+0x10e0/0x10e0 [ 26.524553][ T373] __schedule+0xcf7/0x1550 [ 26.528813][ T373] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 26.534108][ T373] ? __sched_text_start+0x8/0x8 [ 26.538840][ T373] ? _raw_write_lock_irqsave+0x160/0x1e0 [ 26.544364][ T373] do_task_dead+0x99/0xa0 [ 26.548506][ T373] do_exit+0x202a/0x2b80 [ 26.552599][ T373] ? put_task_struct+0x80/0x80 [ 26.557188][ T373] ? __kasan_check_write+0x14/0x20 [ 26.562133][ T373] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 26.567078][ T373] ? _raw_spin_lock_irqsave+0x210/0x210 [ 26.572463][ T373] ? zap_other_threads+0x29c/0x2d0 [ 26.577411][ T373] do_group_exit+0x21a/0x2d0 [ 26.581842][ T373] __x64_sys_exit_group+0x3f/0x40 [ 26.586695][ T373] do_syscall_64+0x3d/0xb0 [ 26.590947][ T373] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 26.596685][ T373] RIP: 0033:0x7fec422c2ff9 [ 26.600935][ T373] Code: Unable to access opcode bytes at 0x7fec422c2fcf. [ 26.607784][ T373] RSP: 002b:00007ffe5e1cad88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 ./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x555555e33660, 24) = 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setpgid(0, 0) = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 378] <... openat resumed>) = 3 [pid 378] write(3, "1000", 4) = 4 [pid 378] close(3) = 0 [pid 378] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 300] <... clone resumed>, child_tidptr=0x555555e33650) = 379 ./strace-static-x86_64: Process 377 attached [pid 377] set_robust_list(0x555555e33660, 24) = 0 [pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 377] <... prctl resumed>) = 0 [pid 377] setpgid(0, 0) = 0 [pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] <... clone resumed>, child_tidptr=0x555555e33650) = 380 ./strace-static-x86_64: Process 380 attached ./strace-static-x86_64: Process 379 attached [pid 380] set_robust_list(0x555555e33660, 24 [pid 379] set_robust_list(0x555555e33660, 24 [pid 380] <... set_robust_list resumed>) = 0 [pid 377] <... openat resumed>) = 3 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 379] <... set_robust_list resumed>) = 0 [pid 377] write(3, "1000", 4 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 380] <... prctl resumed>) = 0 [pid 377] <... write resumed>) = 4 [pid 380] setpgid(0, 0 [pid 379] <... prctl resumed>) = 0 [pid 380] <... setpgid resumed>) = 0 [pid 377] close(3) = 0 [pid 379] setpgid(0, 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 377] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 379] <... setpgid resumed>) = 0 [pid 380] <... openat resumed>) = 3 [pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4 [pid 379] write(3, "1000", 4 [pid 380] <... write resumed>) = 4 [pid 379] <... write resumed>) = 4 [pid 380] close(3 [pid 379] close(3 [pid 380] <... close resumed>) = 0 [pid 379] <... close resumed>) = 0 [pid 380] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 379] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 380] <... bpf resumed>) = 3 [pid 380] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 379] <... bpf resumed>) = 3 [pid 379] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 378] <... bpf resumed>) = 3 [pid 378] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 377] <... bpf resumed>) = 3 [pid 377] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 376] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=19} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 381 attached , child_tidptr=0x555555e33650) = 381 [pid 381] set_robust_list(0x555555e33660, 24) = 0 [pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 381] setpgid(0, 0) = 0 [pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 381] write(3, "1000", 4) = 4 [pid 381] close(3) = 0 [pid 381] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [ 26.616030][ T373] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fec422c2ff9 [ 26.623845][ T373] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 26.631652][ T373] RBP: 00007fec4233f2b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 26.639552][ T373] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fec4233f2b0 [ 26.647364][ T373] R13: 0000000000000000 R14: 00007fec4233fd20 R15: 00007fec422941b0 [ 26.655186][ T373] [pid 381] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 380] <... bpf resumed>) = 4 [pid 380] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 379] <... bpf resumed>) = 4 [pid 381] <... bpf resumed>) = 4 [pid 380] <... bpf resumed>) = 5 [pid 379] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 378] <... bpf resumed>) = 4 [pid 377] <... bpf resumed>) = 4 [pid 380] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 379] <... bpf resumed>) = 5 [pid 377] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 381] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 380] <... bpf resumed>) = 0 [pid 379] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 378] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 377] <... bpf resumed>) = 5 [pid 381] <... bpf resumed>) = 5 [pid 380] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 379] <... bpf resumed>) = 0 [pid 378] <... bpf resumed>) = 5 [pid 381] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 377] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 381] <... bpf resumed>) = 0 [pid 380] <... bpf resumed>) = 6 [pid 379] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 378] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 377] <... bpf resumed>) = 0 [pid 381] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 380] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 378] <... bpf resumed>) = 0 [pid 377] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 381] <... bpf resumed>) = 6 [pid 380] <... bpf resumed>) = 7 [pid 379] <... bpf resumed>) = 6 [pid 378] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 377] <... bpf resumed>) = 6 [pid 381] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 380] exit_group(0 [pid 379] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 377] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 380] <... exit_group resumed>) = ? [pid 379] <... bpf resumed>) = 7 [pid 377] <... bpf resumed>) = 7 [pid 379] exit_group(0) = ? [pid 380] +++ exited with 0 +++ [pid 378] <... bpf resumed>) = 6 [pid 377] exit_group(0 [pid 378] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 377] <... exit_group resumed>) = ? [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=380, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 382 attached , child_tidptr=0x555555e33650) = 382 [pid 382] set_robust_list(0x555555e33660, 24) = 0 [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 382] setpgid(0, 0) = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 382] write(3, "1000", 4) = 4 [pid 382] close(3) = 0 [pid 382] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 382] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 381] <... bpf resumed>) = 7 [pid 381] exit_group(0) = ? [pid 379] +++ exited with 0 +++ [pid 378] <... bpf resumed>) = 7 [pid 377] +++ exited with 0 +++ [pid 382] <... bpf resumed>) = 4 [pid 378] exit_group(0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=377, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=379, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 382] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 378] <... exit_group resumed>) = ? [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 382] <... bpf resumed>) = 5 [pid 300] <... restart_syscall resumed>) = 0 [pid 382] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 382] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 383 attached [pid 382] <... bpf resumed>) = 6 [pid 300] <... clone resumed>, child_tidptr=0x555555e33650) = 383 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 383] set_robust_list(0x555555e33660, 24 [pid 382] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 384 attached [pid 383] <... set_robust_list resumed>) = 0 [pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555555e33650) = 384 [pid 383] setpgid(0, 0) = 0 [pid 383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 383] write(3, "1000", 4) = 4 [pid 383] close(3) = 0 [pid 383] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 384] set_robust_list(0x555555e33660, 24) = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 383] <... bpf resumed>) = 3 [pid 384] setpgid(0, 0 [pid 383] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 384] <... setpgid resumed>) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 384] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 381] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=381, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 385 ./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x555555e33660, 24) = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 385] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 378] +++ exited with 0 +++ [pid 385] <... bpf resumed>) = 4 [pid 384] <... bpf resumed>) = 4 [pid 383] <... bpf resumed>) = 4 [pid 382] <... bpf resumed>) = 7 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 385] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 384] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [ 26.774761][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000103, exited with 00000102? [ 26.786186][ T292] BUG: scheduling while atomic: strace-static-x/292/0x00000002 [ 26.794273][ T292] Modules linked in: [ 26.797979][ T292] Preemption disabled at: [ 26.797987][ T292] [] __dentry_kill+0x4c3/0x650 [ 26.808343][ T292] CPU: 1 PID: 292 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00037-gdcb09569bbff #0 [ 26.819680][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.829573][ T292] Call Trace: [ 26.832702][ T292] [ 26.835474][ T292] dump_stack_lvl+0x151/0x1b7 [ 26.839988][ T292] ? __dentry_kill+0x4c3/0x650 [ 26.844582][ T292] ? __dentry_kill+0x4c3/0x650 [ 26.849183][ T292] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 26.854481][ T292] ? __dentry_kill+0x4c3/0x650 [ 26.859078][ T292] dump_stack+0x15/0x1b [ 26.863070][ T292] __schedule_bug+0x195/0x260 [ 26.867592][ T292] ? cpu_util_update_eff+0x10e0/0x10e0 [ 26.872879][ T292] ? percpu_counter_add_batch+0x13d/0x160 [ 26.878439][ T292] __schedule+0xcf7/0x1550 [ 26.882693][ T292] ? blkcg_maybe_throttle_current+0x17d/0xa00 [ 26.888588][ T292] ? ____fput+0x15/0x20 [ 26.892581][ T292] ? __sched_text_start+0x8/0x8 [ 26.897284][ T292] ? __blkcg_punt_bio_submit+0x180/0x180 [ 26.902740][ T292] ? unlock_page_memcg+0x160/0x160 [ 26.907685][ T292] schedule+0xc3/0x180 [ 26.911589][ T292] exit_to_user_mode_loop+0x4e/0xa0 [ 26.916624][ T292] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.921927][ T292] syscall_exit_to_user_mode+0x26/0x140 [ 26.927308][ T292] do_syscall_64+0x49/0xb0 [ 26.931553][ T292] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 26.937279][ T292] RIP: 0033:0x4e65f7 [ 26.941014][ T292] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 26.960459][ T292] RSP: 002b:00007fff6da4d208 EFLAGS: 00000286 ORIG_RAX: 0000000000000003 [pid 383] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 382] exit_group(0 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 385] <... bpf resumed>) = 5 [pid 384] <... bpf resumed>) = 5 [pid 382] <... exit_group resumed>) = ? [pid 384] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 383] <... bpf resumed>) = 5 [pid 382] +++ exited with 0 +++ [pid 297] <... restart_syscall resumed>) = 0 [pid 383] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 384] <... bpf resumed>) = 0 [pid 383] <... bpf resumed>) = 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 385] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 384] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 383] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 385] <... bpf resumed>) = 0 [pid 384] <... bpf resumed>) = 6 [pid 385] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 384] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 383] <... bpf resumed>) = 6 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 387 attached [pid 383] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 301] <... clone resumed>, child_tidptr=0x555555e33650) = 387 ./strace-static-x86_64: Process 388 attached [pid 387] set_robust_list(0x555555e33660, 24 [pid 385] <... bpf resumed>) = 6 [pid 387] <... set_robust_list resumed>) = 0 [pid 385] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 297] <... clone resumed>, child_tidptr=0x555555e33650) = 388 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 388] set_robust_list(0x555555e33660, 24) = 0 [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 387] <... bpf resumed>) = 3 [pid 388] <... prctl resumed>) = 0 [pid 388] setpgid(0, 0) = 0 [pid 387] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 388] write(3, "1000", 4) = 4 [pid 388] close(3) = 0 [pid 388] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 388] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 384] <... bpf resumed>) = 7 [pid 385] <... bpf resumed>) = 7 [pid 383] <... bpf resumed>) = 7 [pid 388] <... bpf resumed>) = 4 [pid 384] exit_group(0 [pid 383] exit_group(0 [pid 385] exit_group(0 [pid 388] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 387] <... bpf resumed>) = 4 [pid 384] <... exit_group resumed>) = ? [pid 385] <... exit_group resumed>) = ? [pid 383] <... exit_group resumed>) = ? [pid 388] <... bpf resumed>) = 5 [pid 388] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 388] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 388] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 387] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 387] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 387] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 387] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 385] +++ exited with 0 +++ [pid 383] +++ exited with 0 +++ [pid 384] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=383, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=384, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... restart_syscall resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 390 attached ./strace-static-x86_64: Process 389 attached [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] <... clone resumed>, child_tidptr=0x555555e33650) = 390 [pid 298] <... clone resumed>, child_tidptr=0x555555e33650) = 389 [ 26.968926][ T292] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: 00000000004e65f7 [ 26.976726][ T292] RDX: 00007fff6da4d210 RSI: 0000000000008910 RDI: 0000000000000003 [ 26.984537][ T292] RBP: 0000000000000003 R08: 00000000ffffffff R09: 000000000000000c [ 26.992348][ T292] R10: 0000000000554612 R11: 0000000000000286 R12: 00007fff6da4d270 [ 27.000286][ T292] R13: 00007fff6da4d210 R14: 0000000000423160 R15: 0000000000617180 [ 27.008179][ T292] [pid 389] set_robust_list(0x555555e33660, 24 [pid 296] <... clone resumed>, child_tidptr=0x555555e33650) = 391 [pid 390] set_robust_list(0x555555e33660, 24) = 0 ./strace-static-x86_64: Process 391 attached [pid 389] <... set_robust_list resumed>) = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 390] <... prctl resumed>) = 0 [pid 390] setpgid(0, 0 [pid 389] setpgid(0, 0 [pid 390] <... setpgid resumed>) = 0 [pid 389] <... setpgid resumed>) = 0 [pid 389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 391] set_robust_list(0x555555e33660, 24 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 389] <... openat resumed>) = 3 [pid 389] write(3, "1000", 4) = 4 [pid 389] close(3 [pid 391] <... set_robust_list resumed>) = 0 [pid 390] <... openat resumed>) = 3 [pid 390] write(3, "1000", 4) = 4 [pid 389] <... close resumed>) = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 390] close(3 [pid 391] <... prctl resumed>) = 0 [pid 390] <... close resumed>) = 0 [pid 389] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 391] setpgid(0, 0 [pid 390] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 391] <... setpgid resumed>) = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 390] <... bpf resumed>) = 3 [pid 389] <... bpf resumed>) = 3 [pid 391] write(3, "1000", 4 [pid 390] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 389] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 391] <... write resumed>) = 4 [pid 391] close(3) = 0 [pid 391] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 391] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 388] <... bpf resumed>) = 7 [pid 387] <... bpf resumed>) = 7 [pid 391] <... bpf resumed>) = 4 [pid 390] <... bpf resumed>) = 4 [pid 389] <... bpf resumed>) = 4 [pid 388] exit_group(0 [pid 387] exit_group(0 [pid 391] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 390] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 389] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 388] <... exit_group resumed>) = ? [pid 387] <... exit_group resumed>) = ? [pid 391] <... bpf resumed>) = 5 [pid 390] <... bpf resumed>) = 5 [pid 389] <... bpf resumed>) = 5 [pid 391] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 390] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 389] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 391] <... bpf resumed>) = 0 [pid 390] <... bpf resumed>) = 0 [pid 389] <... bpf resumed>) = 0 [pid 391] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 390] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 389] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 391] <... bpf resumed>) = 6 [pid 390] <... bpf resumed>) = 6 [pid 389] <... bpf resumed>) = 6 [pid 391] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 390] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 389] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 388] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 392 attached , child_tidptr=0x555555e33650) = 392 [pid 392] set_robust_list(0x555555e33660, 24) = 0 [pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 392] setpgid(0, 0) = 0 [pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 392] write(3, "1000", 4) = 4 [pid 392] close(3) = 0 [pid 392] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 392] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 390] <... bpf resumed>) = 7 [pid 391] <... bpf resumed>) = 7 [pid 389] <... bpf resumed>) = 7 [pid 392] <... bpf resumed>) = 4 [pid 392] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 391] exit_group(0 [pid 390] exit_group(0 [pid 389] exit_group(0 [pid 387] +++ exited with 0 +++ [pid 392] <... bpf resumed>) = 5 [pid 391] <... exit_group resumed>) = ? [pid 390] <... exit_group resumed>) = ? [pid 389] <... exit_group resumed>) = ? [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=387, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 392] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 391] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=391, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 392] <... bpf resumed>) = 0 [pid 392] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 392] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] <... clone resumed>, child_tidptr=0x555555e33650) = 393 [pid 296] <... clone resumed>, child_tidptr=0x555555e33650) = 394 ./strace-static-x86_64: Process 393 attached ./strace-static-x86_64: Process 394 attached [pid 394] set_robust_list(0x555555e33660, 24) = 0 [pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 394] setpgid(0, 0) = 0 [pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 393] set_robust_list(0x555555e33660, 24) = 0 [pid 394] <... openat resumed>) = 3 [pid 394] write(3, "1000", 4 [pid 393] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 394] <... write resumed>) = 4 [pid 393] <... prctl resumed>) = 0 [pid 394] close(3) = 0 [pid 394] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46 [pid 393] setpgid(0, 0) = 0 [pid 393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 393] write(3, "1000", 4) = 4 [pid 393] close(3 [pid 394] <... bpf resumed>) = 3 [pid 393] <... close resumed>) = 0 [pid 394] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 393] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 393] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 390] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=390, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 300] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 395 attached , child_tidptr=0x555555e33650) = 395 [pid 395] set_robust_list(0x555555e33660, 24) = 0 [pid 395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 395] setpgid(0, 0) = 0 [pid 395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 395] write(3, "1000", 4) = 4 [pid 395] close(3) = 0 [pid 395] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 395] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 392] <... bpf resumed>) = 7 [pid 389] +++ exited with 0 +++ [pid 394] <... bpf resumed>) = 4 [pid 393] <... bpf resumed>) = 4 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=389, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 394] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 393] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 394] <... bpf resumed>) = 5 [pid 393] <... bpf resumed>) = 5 [pid 394] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 393] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 396 attached [pid 395] <... bpf resumed>) = 4 [pid 394] <... bpf resumed>) = 0 [pid 393] <... bpf resumed>) = 0 [pid 392] exit_group(0 [pid 396] set_robust_list(0x555555e33660, 24 [pid 394] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 393] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 298] <... clone resumed>, child_tidptr=0x555555e33650) = 396 [pid 396] <... set_robust_list resumed>) = 0 [pid 395] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 394] <... bpf resumed>) = 6 [pid 392] <... exit_group resumed>) = ? [pid 393] <... bpf resumed>) = 6 [pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 395] <... bpf resumed>) = 5 [pid 394] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 393] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 396] <... prctl resumed>) = 0 [pid 394] <... bpf resumed>) = 7 [pid 393] <... bpf resumed>) = 7 [pid 396] setpgid(0, 0 [pid 394] exit_group(0 [pid 393] exit_group(0 [pid 396] <... setpgid resumed>) = 0 [pid 394] <... exit_group resumed>) = ? [pid 393] <... exit_group resumed>) = ? [pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 395] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 392] +++ exited with 0 +++ [pid 396] <... openat resumed>) = 3 [pid 395] <... bpf resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=392, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 396] write(3, "1000", 4) = 4 [pid 395] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 396] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 396] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46./strace-static-x86_64: Process 397 attached [pid 395] <... bpf resumed>) = 6 [pid 297] <... clone resumed>, child_tidptr=0x555555e33650) = 397 [pid 397] set_robust_list(0x555555e33660, 24 [pid 396] <... bpf resumed>) = 3 [pid 395] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 396] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 397] <... set_robust_list resumed>) = 0 [pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 397] setpgid(0, 0) = 0 [pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 397] write(3, "1000", 4) = 4 [pid 397] close(3) = 0 [pid 397] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 397] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 394] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=394, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e33650) = 398 ./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x555555e33660, 24) = 0 [pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 398] setpgid(0, 0) = 0 [pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 398] write(3, "1000", 4) = 4 [pid 398] close(3) = 0 [pid 398] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000480, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0}, 46) = 3 [pid 398] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=3}}, 16 [pid 393] +++ exited with 0 +++ [pid 396] <... bpf resumed>) = 4 [pid 396] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=393, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 398] <... bpf resumed>) = 4 [pid 397] <... bpf resumed>) = 4 [pid 396] <... bpf resumed>) = 5 [pid 395] <... bpf resumed>) = 7 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 398] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 397] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 396] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 395] exit_group(0./strace-static-x86_64: Process 399 attached [pid 398] <... bpf resumed>) = 5 [pid 397] <... bpf resumed>) = 5 [pid 396] <... bpf resumed>) = 0 [pid 301] <... clone resumed>, child_tidptr=0x555555e33650) = 399 [pid 398] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 397] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4