./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3455731045 <...> [ 3.783231][ T30] audit: type=1400 audit(1713062035.369:10): avc: denied { getattr } for pid=82 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.801819][ T84] acpid (84) used greatest stack depth: 22096 bytes left [ 4.154604][ T99] udevd[99]: starting version 3.2.11 [ 4.226068][ T100] udevd[100]: starting eudev-3.2.11 [ 12.705588][ T30] kauditd_printk_skb: 50 callbacks suppressed [ 12.705598][ T30] audit: type=1400 audit(1713062044.329:61): avc: denied { transition } for pid=224 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.711452][ T30] audit: type=1400 audit(1713062044.329:62): avc: denied { noatsecure } for pid=224 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.716260][ T30] audit: type=1400 audit(1713062044.329:63): avc: denied { write } for pid=224 comm="sh" path="pipe:[13148]" dev="pipefs" ino=13148 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 12.722843][ T30] audit: type=1400 audit(1713062044.329:64): avc: denied { rlimitinh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.726344][ T30] audit: type=1400 audit(1713062044.329:65): avc: denied { siginh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.244' (ED25519) to the list of known hosts. execve("./syz-executor3455731045", ["./syz-executor3455731045"], 0x7fff86e6fe10 /* 10 vars */) = 0 brk(NULL) = 0x555556c8b000 brk(0x555556c8bd00) = 0x555556c8bd00 arch_prctl(ARCH_SET_FS, 0x555556c8b380) = 0 set_tid_address(0x555556c8b650) = 292 set_robust_list(0x555556c8b660, 24) = 0 rseq(0x555556c8bca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3455731045", 4096) = 28 getrandom("\x82\x44\xbc\x13\x0c\x5a\xf2\xaa", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556c8bd00 brk(0x555556cacd00) = 0x555556cacd00 brk(0x555556cad000) = 0x555556cad000 mprotect(0x7f44d2969000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 292 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "292", 3) = 3 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c8b650) = 293 ./strace-static-x86_64: Process 293 attached [pid 293] set_robust_list(0x555556c8b660, 24) = 0 [pid 293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 293] setpgid(0, 0) = 0 [pid 293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 293] write(3, "1000", 4) = 4 [pid 293] close(3) = 0 [ 21.039160][ T30] audit: type=1400 audit(1713062052.649:66): avc: denied { execmem } for pid=292 comm="syz-executor345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.043938][ T30] audit: type=1400 audit(1713062052.659:67): avc: denied { integrity } for pid=292 comm="syz-executor345" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 21.069622][ T30] audit: type=1400 audit(1713062052.689:68): avc: denied { prog_load } for pid=293 comm="syz-executor345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 21.089239][ T30] audit: type=1400 audit(1713062052.689:69): avc: denied { bpf } for pid=293 comm="syz-executor345" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 293] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_MSG, insn_cnt=4, insns=0x20000040, license="GPL", log_level=2, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 3 [pid 293] close(3) = 0 [pid 293] socketpair(AF_UNIX, SOCK_DGRAM, 0, [3, 4]) = 0 [pid 293] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_SKB, insn_cnt=4, insns=0x20005c40, license="GPL", log_level=4, log_size=64912, log_buf="func#0 @0\n0: R1=ctx(id=0,off=0,imm=0) R10=fp0\n0: (b4) w0 = 0\n1: R0_w=inv0 R1=ctx(id=0,off=0,imm=0) R"..., kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 5 [ 21.211564][ T30] audit: type=1400 audit(1713062052.829:70): avc: denied { perfmon } for pid=293 comm="syz-executor345" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 21.232803][ T30] audit: type=1400 audit(1713062052.849:71): avc: denied { prog_run } for pid=293 comm="syz-executor345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 21.252625][ T30] audit: type=1400 audit(1713062052.869:72): avc: denied { map_create } for pid=293 comm="syz-executor345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 121.269221][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 121.275651][ C1] rcu: 1-...!: (10000 ticks this GP) idle=473/1/0x4000000000000000 softirq=2141/2141 fqs=0 last_accelerate: 92c6/b9dc dyntick_enabled: 1 [ 121.289615][ C1] (t=10002 jiffies g=373 q=16) [ 121.294301][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10001 jiffies! g373 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 121.306381][ C1] rcu: Possible timer handling issue on cpu=1 timer-softirq=436 [ 121.313908][ C1] rcu: rcu_preempt kthread starved for 10004 jiffies! g373 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 [ 121.324932][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 121.334740][ C1] rcu: RCU grace-period kthread stack dump: [ 121.340466][ C1] task:rcu_preempt state:I stack:28328 pid: 14 ppid: 2 flags:0x00004000 [ 121.349583][ C1] Call Trace: [ 121.352709][ C1] [ 121.355496][ C1] __schedule+0xccc/0x1590 [ 121.359743][ C1] ? __sched_text_start+0x8/0x8 [ 121.364727][ C1] ? __kasan_check_write+0x14/0x20 [ 121.369672][ C1] schedule+0x11f/0x1e0 [ 121.373757][ C1] schedule_timeout+0x18c/0x370 [ 121.378441][ C1] ? _raw_spin_unlock_irq+0x4e/0x70 [ 121.383475][ C1] ? console_conditional_schedule+0x30/0x30 [ 121.389200][ C1] ? update_process_times+0x200/0x200 [ 121.394409][ C1] ? prepare_to_swait_event+0x308/0x320 [ 121.399782][ C1] rcu_gp_fqs_loop+0x2af/0xf80 [ 121.404398][ C1] ? debug_smp_processor_id+0x17/0x20 [ 121.409689][ C1] ? __note_gp_changes+0x4ab/0x920 [ 121.414640][ C1] ? rcu_gp_init+0xc30/0xc30 [ 121.419069][ C1] ? _raw_spin_unlock_irq+0x4e/0x70 [ 121.424097][ C1] ? rcu_gp_init+0x9cf/0xc30 [ 121.428639][ C1] rcu_gp_kthread+0xa4/0x350 [ 121.433054][ C1] ? _raw_spin_lock+0x1b0/0x1b0 [ 121.437767][ C1] ? rcu_barrier_callback+0x50/0x50 [ 121.443571][ C1] ? __kasan_check_read+0x11/0x20 [ 121.448412][ C1] ? __kthread_parkme+0xb2/0x200 [ 121.453360][ C1] kthread+0x421/0x510 [ 121.457267][ C1] ? rcu_barrier_callback+0x50/0x50 [ 121.462345][ C1] ? kthread_blkcg+0xd0/0xd0 [ 121.466744][ C1] ret_from_fork+0x1f/0x30 [ 121.470983][ C1] [ 121.473939][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 121.480184][ C1] NMI backtrace for cpu 1 [ 121.484350][ C1] CPU: 1 PID: 287 Comm: sshd Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 121.493548][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 121.503530][ C1] Call Trace: [ 121.506653][ C1] [ 121.509522][ C1] dump_stack_lvl+0x151/0x1b7 [ 121.514120][ C1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 121.519591][ C1] dump_stack+0x15/0x17 [ 121.523586][ C1] nmi_cpu_backtrace+0x2f7/0x300 [ 121.528440][ C1] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 121.534448][ C1] ? panic+0x751/0x751 [ 121.538335][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 121.544245][ C1] nmi_trigger_cpumask_backtrace+0x15d/0x270 [ 121.550065][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 121.556042][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 121.561789][ C1] rcu_check_gp_kthread_starvation+0x1e3/0x250 [ 121.567820][ C1] ? rcu_check_gp_kthread_expired_fqs_timer+0x18e/0x230 [ 121.574537][ C1] print_cpu_stall+0x310/0x5f0 [ 121.579391][ C1] rcu_sched_clock_irq+0x989/0x12f0 [ 121.584533][ C1] ? rcu_boost_kthread_setaffinity+0x340/0x340 [ 121.590866][ C1] ? hrtimer_run_queues+0x15f/0x440 [ 121.596334][ C1] update_process_times+0x198/0x200 [ 121.601596][ C1] tick_sched_timer+0x188/0x240 [ 121.606260][ C1] ? tick_setup_sched_timer+0x480/0x480 [ 121.611734][ C1] __hrtimer_run_queues+0x41a/0xad0 [ 121.616774][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 121.621709][ C1] ? clockevents_program_event+0x22f/0x300 [ 121.627351][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 121.633251][ C1] hrtimer_interrupt+0x40c/0xaa0 [ 121.638892][ C1] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 121.644622][ C1] sysvec_apic_timer_interrupt+0x95/0xc0 [ 121.650122][ C1] [ 121.652868][ C1] [ 121.655648][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 121.661462][ C1] RIP: 0010:kvm_wait+0x147/0x180 [ 121.666237][ C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 121.685846][ C1] RSP: 0018:ffffc90000a46180 EFLAGS: 00000246 [ 121.691759][ C1] RAX: 0000000000000003 RBX: 1ffff92000148c34 RCX: ffffffff8154f88f [ 121.699564][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff88811e2fd528 [ 121.707373][ C1] RBP: ffffc90000a46230 R08: dffffc0000000000 R09: ffffed1023c5faa6 [ 121.715184][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 121.722993][ C1] R13: ffff88811e2fd528 R14: 0000000000000003 R15: 1ffff92000148c38 [ 121.730982][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 121.737055][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 121.742087][ C1] ? pv_hash+0x86/0x150 [ 121.746089][ C1] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 121.751984][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 121.758232][ C1] ? sk_psock_stop+0x44c/0x4d0 [ 121.762833][ C1] ? sock_map_unref+0x48f/0x4d0 [ 121.767619][ C1] ? sock_map_delete_elem+0xc1/0x130 [ 121.772740][ C1] ? bpf_prog_346bdb13810e5499+0x42/0xd90 [ 121.778295][ C1] ? __bpf_trace_kmem_cache_free+0x99/0xc0 [ 121.783936][ C1] ? kmem_cache_free+0x2c3/0x2e0 [ 121.788708][ C1] _raw_spin_lock_bh+0x139/0x1b0 [ 121.793481][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 121.798536][ C1] ? __ip_queue_xmit+0x1105/0x1c20 [ 121.803492][ C1] ? __tcp_transmit_skb+0x1e84/0x3920 [ 121.808670][ C1] ? tcp_write_xmit+0x144a/0x5e80 [ 121.813538][ C1] ? __tcp_push_pending_frames+0x98/0x2f0 [ 121.819087][ C1] ? tcp_sendmsg_locked+0x315c/0x3a90 [ 121.824416][ C1] ? tcp_sendmsg+0x2f/0x50 [ 121.828647][ C1] ? inet_sendmsg+0xa1/0xc0 [ 121.832972][ C1] ? sock_write_iter+0x39b/0x530 [ 121.837856][ C1] ? vfs_write+0xd5d/0x1110 [ 121.842242][ C1] sock_map_delete_elem+0x99/0x130 [ 121.847138][ C1] bpf_prog_346bdb13810e5499+0x42/0xd90 [ 121.852707][ C1] bpf_trace_run3+0x11e/0x250 [ 121.857206][ C1] ? bpf_trace_run2+0x210/0x210 [ 121.861896][ C1] ? kfree_skbmem+0x104/0x170 [ 121.866501][ C1] ? kmem_cache_free+0x116/0x2e0 [ 121.871271][ C1] ? kfree_skbmem+0x104/0x170 [ 121.875789][ C1] ? kfree_skbmem+0x104/0x170 [ 121.880311][ C1] __bpf_trace_kmem_cache_free+0x99/0xc0 [ 121.885774][ C1] kmem_cache_free+0x2c3/0x2e0 [ 121.890363][ C1] kfree_skbmem+0x104/0x170 [ 121.894702][ C1] consume_skb+0xb4/0x250 [ 121.898868][ C1] __sk_msg_free+0x2dd/0x370 [ 121.903297][ C1] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 121.908936][ C1] sk_psock_stop+0x44c/0x4d0 [ 121.913364][ C1] sk_psock_drop+0x219/0x310 [ 121.917796][ C1] ? sock_map_unref+0x484/0x4d0 [ 121.922475][ C1] sock_map_unref+0x48f/0x4d0 [ 121.926990][ C1] sock_map_delete_elem+0xc1/0x130 [ 121.932057][ C1] bpf_prog_346bdb13810e5499+0x42/0xd90 [ 121.937436][ C1] bpf_trace_run3+0x11e/0x250 [ 121.941934][ C1] ? bpf_trace_run2+0x210/0x210 [ 121.946620][ C1] ? kfree_skbmem+0x104/0x170 [ 121.951136][ C1] ? asm_sysvec_call_function_single+0x1b/0x20 [ 121.957126][ C1] ? kfree_skbmem+0x104/0x170 [ 121.962417][ C1] ? kfree_skbmem+0x104/0x170 [ 121.966936][ C1] ? kfree_skbmem+0x104/0x170 [ 121.971450][ C1] __bpf_trace_kmem_cache_free+0x99/0xc0 [ 121.976918][ C1] kmem_cache_free+0x2c3/0x2e0 [ 121.981527][ C1] kfree_skbmem+0x104/0x170 [ 121.985858][ C1] consume_skb+0xb4/0x250 [ 121.990021][ C1] packet_rcv+0x160/0x1150 [ 121.994273][ C1] ? packet_sock_destruct+0x160/0x160 [ 121.999478][ C1] dev_queue_xmit_nit+0x9a4/0xa40 [ 122.004340][ C1] dev_hard_start_xmit+0x149/0x620 [ 122.009284][ C1] ? validate_xmit_skb_list+0x10b/0x130 [ 122.014664][ C1] sch_direct_xmit+0x298/0x9b0 [ 122.019282][ C1] ? __kasan_check_write+0x14/0x20 [ 122.024214][ C1] ? _raw_spin_trylock+0xcd/0x1a0 [ 122.029175][ C1] ? stp_proto_unregister+0x200/0x200 [ 122.034370][ C1] ? netdev_core_pick_tx+0x16e/0x300 [ 122.039489][ C1] __dev_queue_xmit+0x161e/0x2e70 [ 122.045161][ C1] ? dev_queue_xmit+0x20/0x20 [ 122.049843][ C1] ? selinux_ipv6_output+0x10/0x10 [ 122.054791][ C1] ? 0xffffffffa001a984 [ 122.058758][ C1] ? is_bpf_text_address+0x172/0x190 [ 122.063880][ C1] ? stack_trace_save+0x1c0/0x1c0 [ 122.068751][ C1] ? ip_finish_output2+0x984/0xf60 [ 122.073701][ C1] dev_queue_xmit+0x17/0x20 [ 122.078027][ C1] ip_finish_output2+0xb9f/0xf60 [ 122.083060][ C1] ? sysvec_call_function_single+0x52/0xb0 [ 122.088716][ C1] ? ip_fragment+0x210/0x210 [ 122.093221][ C1] ? audit_tree_destroy_watch+0x20/0x20 [ 122.098597][ C1] ? ip_skb_dst_mtu+0x38f/0x630 [ 122.103370][ C1] __ip_finish_output+0x162/0x360 [ 122.108273][ C1] ip_finish_output+0x31/0x210 [ 122.113136][ C1] ? ip_output+0x3e1/0x420 [ 122.117465][ C1] ip_output+0x1d6/0x420 [ 122.122102][ C1] ? ip_finish_output+0x210/0x210 [ 122.127531][ C1] ? ip_mc_finish_output+0x3c0/0x3c0 [ 122.132592][ C1] ? __kasan_check_read+0x11/0x20 [ 122.137639][ C1] ? ipv4_dst_check+0xe3/0x150 [ 122.142160][ C1] ? skb_push+0xb5/0x120 [ 122.146221][ C1] ? __sk_dst_check+0xd2/0x1b0 [ 122.150820][ C1] __ip_queue_xmit+0x1105/0x1c20 [ 122.155726][ C1] ? tcp_options_write+0x202/0xc60 [ 122.161018][ C1] ip_queue_xmit+0x4c/0x70 [ 122.165492][ C1] __tcp_transmit_skb+0x1e84/0x3920 [ 122.170645][ C1] ? __tcp_send_ack+0x710/0x710 [ 122.175337][ C1] ? __stack_depot_save+0x34/0x470 [ 122.180270][ C1] ? ____kasan_kmalloc+0xed/0x110 [ 122.185124][ C1] ? ____kasan_kmalloc+0xdb/0x110 [ 122.189984][ C1] ? __kasan_check_read+0x11/0x20 [ 122.194849][ C1] ? tcp_small_queue_check+0x1f5/0x3f0 [ 122.200147][ C1] tcp_write_xmit+0x144a/0x5e80 [ 122.204830][ C1] __tcp_push_pending_frames+0x98/0x2f0 [ 122.210339][ C1] tcp_push+0x477/0x620 [ 122.214392][ C1] tcp_sendmsg_locked+0x315c/0x3a90 [ 122.219515][ C1] ? tcp_free_fastopen_req+0x80/0x80 [ 122.224719][ C1] tcp_sendmsg+0x2f/0x50 [ 122.228920][ C1] inet_sendmsg+0xa1/0xc0 [ 122.233084][ C1] ? inet_send_prepare+0x4a0/0x4a0 [ 122.238039][ C1] sock_write_iter+0x39b/0x530 [ 122.243064][ C1] ? sock_read_iter+0x480/0x480 [ 122.247852][ C1] ? iov_iter_init+0x53/0x190 [ 122.252601][ C1] vfs_write+0xd5d/0x1110 [ 122.256824][ C1] ? file_end_write+0x1c0/0x1c0 [ 122.261892][ C1] ? __set_current_blocked+0x2a5/0x2f0 [ 122.267422][ C1] ? __kasan_check_read+0x11/0x20 [ 122.272255][ C1] ? __fdget_pos+0x209/0x3a0 [ 122.277107][ C1] ksys_write+0x199/0x2c0 [ 122.281275][ C1] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 122.286767][ C1] ? __ia32_sys_read+0x90/0x90 [ 122.291364][ C1] ? debug_smp_processor_id+0x17/0x20 [ 122.296681][ C1] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 122.302692][ C1] __x64_sys_write+0x7b/0x90 [ 122.307109][ C1] do_syscall_64+0x3d/0xb0 [ 122.311543][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 122.317486][ C1] RIP: 0033:0x7f0a1e487bf2 [ 122.321730][ C1] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 122.341931][ C1] RSP: 002b:00007ffd084c4d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 122.350257][ C1] RAX: ffffffffffffffda RBX: 000000000000036c RCX: 00007f0a1e487bf2 [ 122.358177][ C1] RDX: 000000000000036c RSI: 0000560e808b8680 RDI: 0000000000000004 [ 122.365995][ C1] RBP: 0000560e808b7290 R08: 0000000000000000 R09: 0000000000000000 [ 122.374407][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000560e7ed9daa4 [ 122.382216][ C1] R13: 0000000000000015 R14: 0000560e7ed9e3e8 R15: 00007ffd084c4da8 [ 122.390039][ C1] [ 122.392987][ C1] Sending NMI from CPU 1 to CPUs 0: [ 122.398153][ C0] NMI backtrace for cpu 0 [ 122.398166][ C0] CPU: 0 PID: 293 Comm: syz-executor345 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 122.398183][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 122.398192][ C0] RIP: 0010:kvm_wait+0x147/0x180 [ 122.398214][ C0] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 122.398226][ C0] RSP: 0018:ffffc900007bf620 EFLAGS: 00000246 [ 122.398239][ C0] RAX: 0000000000000001 RBX: 1ffff920000f7ec8 RCX: 1ffffffff0d1aa9c [ 122.398250][ C0] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881f7037ed4 [ 122.398260][ C0] RBP: ffffc900007bf6d0 R08: dffffc0000000000 R09: ffffed103ee06fdb [ 122.398271][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 122.398281][ C0] R13: ffff8881f7037ed4 R14: 0000000000000001 R15: 1ffff920000f7ecc [ 122.398291][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 122.398304][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.398315][ C0] CR2: 00007f44d2970130 CR3: 000000011eafe000 CR4: 00000000003506b0 [ 122.398344][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 122.398352][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 122.398370][ C0] Call Trace: [ 122.398375][ C0] [ 122.398382][ C0] ? show_regs+0x58/0x60 [ 122.398398][ C0] ? nmi_cpu_backtrace+0x29f/0x300 [ 122.398415][ C0] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 122.398432][ C0] ? kvm_wait+0x147/0x180 [ 122.398445][ C0] ? kvm_wait+0x147/0x180 [ 122.398458][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 122.398475][ C0] ? nmi_handle+0xa8/0x280 [ 122.398489][ C0] ? kvm_wait+0x147/0x180 [ 122.398502][ C0] ? default_do_nmi+0x69/0x160 [ 122.398518][ C0] ? exc_nmi+0xaf/0x120 [ 122.398531][ C0] ? end_repeat_nmi+0x16/0x31 [ 122.398546][ C0] ? kvm_wait+0x147/0x180 [ 122.398559][ C0] ? kvm_wait+0x147/0x180 [ 122.398572][ C0] ? kvm_wait+0x147/0x180 [ 122.398585][ C0] [ 122.398590][ C0] [ 122.398594][ C0] ? cgroup_rstat_updated+0xe5/0x370 [ 122.398610][ C0] ? kvm_arch_para_hints+0x30/0x30 [ 122.398624][ C0] ? __mod_memcg_lruvec_state+0x11c/0x1b0 [ 122.398642][ C0] __pv_queued_spin_lock_slowpath+0x41b/0xc40 [ 122.398659][ C0] ? page_remove_rmap+0xddd/0x1420 [ 122.398674][ C0] ? page_remove_rmap+0xebe/0x1420 [ 122.398688][ C0] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 122.398706][ C0] _raw_spin_lock_bh+0x139/0x1b0 [ 122.398722][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 122.398738][ C0] ? _raw_spin_unlock+0x4d/0x70 [ 122.398772][ C0] sock_map_delete_elem+0x99/0x130 [ 122.398790][ C0] bpf_prog_346bdb13810e5499+0x42/0xd90 [ 122.398802][ C0] bpf_trace_run3+0x11e/0x250 [ 122.398819][ C0] ? bpf_trace_run2+0x210/0x210 [ 122.398834][ C0] ? __put_anon_vma+0xdd/0x1f0 [ 122.398848][ C0] ? __put_anon_vma+0xdd/0x1f0 [ 122.398860][ C0] ? __put_anon_vma+0xdd/0x1f0 [ 122.398872][ C0] __bpf_trace_kmem_cache_free+0x99/0xc0 [ 122.398888][ C0] kmem_cache_free+0x2c3/0x2e0 [ 122.398903][ C0] ? __put_anon_vma+0xdd/0x1f0 [ 122.398917][ C0] __put_anon_vma+0xdd/0x1f0 [ 122.398929][ C0] unlink_anon_vmas+0x445/0x590 [ 122.398943][ C0] free_pgtables+0x137/0x280 [ 122.398958][ C0] exit_mmap+0x3e7/0x6f0 [ 122.398973][ C0] ? exit_aio+0x25e/0x3c0 [ 122.398986][ C0] ? vm_brk+0x30/0x30 [ 122.398999][ C0] ? mutex_unlock+0xb2/0x260 [ 122.399014][ C0] ? uprobe_clear_state+0x2cd/0x320 [ 122.399032][ C0] __mmput+0x95/0x310 [ 122.399048][ C0] mmput+0x5b/0x170 [ 122.399063][ C0] do_exit+0xb9c/0x2ca0 [ 122.399078][ C0] ? put_task_struct+0x80/0x80 [ 122.399092][ C0] ? ptrace_notify+0x24c/0x350 [ 122.399108][ C0] ? do_notify_parent+0xa30/0xa30 [ 122.399124][ C0] do_group_exit+0x141/0x310 [ 122.399139][ C0] __x64_sys_exit_group+0x3f/0x40 [ 122.399153][ C0] do_syscall_64+0x3d/0xb0 [ 122.399166][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 122.399186][ C0] RIP: 0033:0x7f44d28fbeb9 [ 122.399196][ C0] Code: Unable to access opcode bytes at RIP 0x7f44d28fbe8f. [ 122.399203][ C0] RSP: 002b:00007fffab4b63c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 122.399218][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f44d28fbeb9 [ 122.399227][ C0] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 122.399236][ C0] RBP: 00007f44d296f2d0 R08: ffffffffffffffb8 R09: 00007f44d293f09e [ 122.399246][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f44d296f2d0 [ 122.399254][ C0] R13: 0000000000000000 R14: 00007f44d296fd20 R15: 00007f44d28c56e0 [ 122.399267][ C0] [ 122.400117][ C1] NMI backtrace for cpu 1 [ 122.878768][ C1] CPU: 1 PID: 287 Comm: sshd Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 122.887923][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 122.898289][ C1] Call Trace: [ 122.901669][ C1] [ 122.904642][ C1] dump_stack_lvl+0x151/0x1b7 [ 122.909128][ C1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 122.915841][ C1] ? cpumask_next+0x8a/0xb0 [ 122.920197][ C1] dump_stack+0x15/0x17 [ 122.924152][ C1] nmi_cpu_backtrace+0x2f7/0x300 [ 122.929376][ C1] ? init_x2apic_ldr+0x10/0x10 [ 122.933954][ C1] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 122.940115][ C1] ? irq_work_queue+0xd4/0x160 [ 122.944875][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 122.950950][ C1] nmi_trigger_cpumask_backtrace+0x15d/0x270 [ 122.957082][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 122.963067][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 122.968940][ C1] rcu_dump_cpu_stacks+0x1d8/0x330 [ 122.974304][ C1] print_cpu_stall+0x315/0x5f0 [ 122.978905][ C1] rcu_sched_clock_irq+0x989/0x12f0 [ 122.984318][ C1] ? rcu_boost_kthread_setaffinity+0x340/0x340 [ 122.990420][ C1] ? hrtimer_run_queues+0x15f/0x440 [ 122.998367][ C1] update_process_times+0x198/0x200 [ 123.003337][ C1] tick_sched_timer+0x188/0x240 [ 123.008368][ C1] ? tick_setup_sched_timer+0x480/0x480 [ 123.013839][ C1] __hrtimer_run_queues+0x41a/0xad0 [ 123.018963][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 123.023905][ C1] ? clockevents_program_event+0x22f/0x300 [ 123.029543][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 123.035439][ C1] hrtimer_interrupt+0x40c/0xaa0 [ 123.040215][ C1] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 123.045965][ C1] sysvec_apic_timer_interrupt+0x95/0xc0 [ 123.051408][ C1] [ 123.054184][ C1] [ 123.056964][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 123.062780][ C1] RIP: 0010:kvm_wait+0x147/0x180 [ 123.067733][ C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 123.087467][ C1] RSP: 0018:ffffc90000a46180 EFLAGS: 00000246 [ 123.093366][ C1] RAX: 0000000000000003 RBX: 1ffff92000148c34 RCX: ffffffff8154f88f [ 123.101264][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff88811e2fd528 [ 123.109106][ C1] RBP: ffffc90000a46230 R08: dffffc0000000000 R09: ffffed1023c5faa6 [ 123.117097][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 123.124903][ C1] R13: ffff88811e2fd528 R14: 0000000000000003 R15: 1ffff92000148c38 [ 123.132985][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 123.139058][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 123.144005][ C1] ? pv_hash+0x86/0x150 [ 123.147988][ C1] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 123.153893][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 123.160139][ C1] ? sk_psock_stop+0x44c/0x4d0 [ 123.164739][ C1] ? sock_map_unref+0x48f/0x4d0 [ 123.169426][ C1] ? sock_map_delete_elem+0xc1/0x130 [ 123.174589][ C1] ? bpf_prog_346bdb13810e5499+0x42/0xd90 [ 123.180102][ C1] ? __bpf_trace_kmem_cache_free+0x99/0xc0 [ 123.185747][ C1] ? kmem_cache_free+0x2c3/0x2e0 [ 123.190518][ C1] _raw_spin_lock_bh+0x139/0x1b0 [ 123.195302][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 123.200411][ C1] ? __ip_queue_xmit+0x1105/0x1c20 [ 123.205456][ C1] ? __tcp_transmit_skb+0x1e84/0x3920 [ 123.210657][ C1] ? tcp_write_xmit+0x144a/0x5e80 [ 123.215780][ C1] ? __tcp_push_pending_frames+0x98/0x2f0 [ 123.221333][ C1] ? tcp_sendmsg_locked+0x315c/0x3a90 [ 123.226538][ C1] ? tcp_sendmsg+0x2f/0x50 [ 123.230798][ C1] ? inet_sendmsg+0xa1/0xc0 [ 123.235128][ C1] ? sock_write_iter+0x39b/0x530 [ 123.239904][ C1] ? vfs_write+0xd5d/0x1110 [ 123.244246][ C1] sock_map_delete_elem+0x99/0x130 [ 123.249195][ C1] bpf_prog_346bdb13810e5499+0x42/0xd90 [ 123.254572][ C1] bpf_trace_run3+0x11e/0x250 [ 123.259190][ C1] ? bpf_trace_run2+0x210/0x210 [ 123.263886][ C1] ? kfree_skbmem+0x104/0x170 [ 123.268641][ C1] ? kmem_cache_free+0x116/0x2e0 [ 123.273380][ C1] ? kfree_skbmem+0x104/0x170 [ 123.278084][ C1] ? kfree_skbmem+0x104/0x170 [ 123.282838][ C1] __bpf_trace_kmem_cache_free+0x99/0xc0 [ 123.288316][ C1] kmem_cache_free+0x2c3/0x2e0 [ 123.293004][ C1] kfree_skbmem+0x104/0x170 [ 123.299470][ C1] consume_skb+0xb4/0x250 [ 123.304161][ C1] __sk_msg_free+0x2dd/0x370 [ 123.309266][ C1] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 123.315572][ C1] sk_psock_stop+0x44c/0x4d0 [ 123.320293][ C1] sk_psock_drop+0x219/0x310 [ 123.324747][ C1] ? sock_map_unref+0x484/0x4d0 [ 123.329497][ C1] sock_map_unref+0x48f/0x4d0 [ 123.334284][ C1] sock_map_delete_elem+0xc1/0x130 [ 123.339713][ C1] bpf_prog_346bdb13810e5499+0x42/0xd90 [ 123.347192][ C1] bpf_trace_run3+0x11e/0x250 [ 123.351818][ C1] ? bpf_trace_run2+0x210/0x210 [ 123.356723][ C1] ? kfree_skbmem+0x104/0x170 [ 123.361692][ C1] ? asm_sysvec_call_function_single+0x1b/0x20 [ 123.367865][ C1] ? kfree_skbmem+0x104/0x170 [ 123.372343][ C1] ? kfree_skbmem+0x104/0x170 [ 123.377638][ C1] ? kfree_skbmem+0x104/0x170 [ 123.382349][ C1] __bpf_trace_kmem_cache_free+0x99/0xc0 [ 123.387797][ C1] kmem_cache_free+0x2c3/0x2e0 [ 123.392390][ C1] kfree_skbmem+0x104/0x170 [ 123.396725][ C1] consume_skb+0xb4/0x250 [ 123.401250][ C1] packet_rcv+0x160/0x1150 [ 123.405513][ C1] ? packet_sock_destruct+0x160/0x160 [ 123.410710][ C1] dev_queue_xmit_nit+0x9a4/0xa40 [ 123.415660][ C1] dev_hard_start_xmit+0x149/0x620 [ 123.420601][ C1] ? validate_xmit_skb_list+0x10b/0x130 [ 123.425983][ C1] sch_direct_xmit+0x298/0x9b0 [ 123.430584][ C1] ? __kasan_check_write+0x14/0x20 [ 123.435527][ C1] ? _raw_spin_trylock+0xcd/0x1a0 [ 123.440390][ C1] ? stp_proto_unregister+0x200/0x200 [ 123.450902][ C1] ? netdev_core_pick_tx+0x16e/0x300 [ 123.456390][ C1] __dev_queue_xmit+0x161e/0x2e70 [ 123.461251][ C1] ? dev_queue_xmit+0x20/0x20 [ 123.465858][ C1] ? selinux_ipv6_output+0x10/0x10 [ 123.470893][ C1] ? 0xffffffffa001a984 [ 123.474884][ C1] ? is_bpf_text_address+0x172/0x190 [ 123.480092][ C1] ? stack_trace_save+0x1c0/0x1c0 [ 123.484968][ C1] ? ip_finish_output2+0x984/0xf60 [ 123.490289][ C1] dev_queue_xmit+0x17/0x20 [ 123.494695][ C1] ip_finish_output2+0xb9f/0xf60 [ 123.499405][ C1] ? sysvec_call_function_single+0x52/0xb0 [ 123.505123][ C1] ? ip_fragment+0x210/0x210 [ 123.509557][ C1] ? audit_tree_destroy_watch+0x20/0x20 [ 123.515071][ C1] ? ip_skb_dst_mtu+0x38f/0x630 [ 123.519746][ C1] __ip_finish_output+0x162/0x360 [ 123.524608][ C1] ip_finish_output+0x31/0x210 [ 123.529210][ C1] ? ip_output+0x3e1/0x420 [ 123.533461][ C1] ip_output+0x1d6/0x420 [ 123.537540][ C1] ? ip_finish_output+0x210/0x210 [ 123.542397][ C1] ? ip_mc_finish_output+0x3c0/0x3c0 [ 123.547523][ C1] ? __kasan_check_read+0x11/0x20 [ 123.552429][ C1] ? ipv4_dst_check+0xe3/0x150 [ 123.557325][ C1] ? skb_push+0xb5/0x120 [ 123.561584][ C1] ? __sk_dst_check+0xd2/0x1b0 [ 123.566186][ C1] __ip_queue_xmit+0x1105/0x1c20 [ 123.571737][ C1] ? tcp_options_write+0x202/0xc60 [ 123.576692][ C1] ip_queue_xmit+0x4c/0x70 [ 123.580951][ C1] __tcp_transmit_skb+0x1e84/0x3920 [ 123.585977][ C1] ? __tcp_send_ack+0x710/0x710 [ 123.590662][ C1] ? __stack_depot_save+0x34/0x470 [ 123.595613][ C1] ? ____kasan_kmalloc+0xed/0x110 [ 123.600572][ C1] ? ____kasan_kmalloc+0xdb/0x110 [ 123.605645][ C1] ? __kasan_check_read+0x11/0x20 [ 123.610493][ C1] ? tcp_small_queue_check+0x1f5/0x3f0 [ 123.615959][ C1] tcp_write_xmit+0x144a/0x5e80 [ 123.620656][ C1] __tcp_push_pending_frames+0x98/0x2f0 [ 123.626133][ C1] tcp_push+0x477/0x620 [ 123.630114][ C1] tcp_sendmsg_locked+0x315c/0x3a90 [ 123.635236][ C1] ? tcp_free_fastopen_req+0x80/0x80 [ 123.640456][ C1] tcp_sendmsg+0x2f/0x50 [ 123.644684][ C1] inet_sendmsg+0xa1/0xc0 [ 123.648818][ C1] ? inet_send_prepare+0x4a0/0x4a0 [ 123.653765][ C1] sock_write_iter+0x39b/0x530 [ 123.658382][ C1] ? sock_read_iter+0x480/0x480 [ 123.663168][ C1] ? iov_iter_init+0x53/0x190 [ 123.667768][ C1] vfs_write+0xd5d/0x1110 [ 123.671935][ C1] ? file_end_write+0x1c0/0x1c0 [ 123.676754][ C1] ? __set_current_blocked+0x2a5/0x2f0 [ 123.682101][ C1] ? __kasan_check_read+0x11/0x20 [ 123.686960][ C1] ? __fdget_pos+0x209/0x3a0 [ 123.691383][ C1] ksys_write+0x199/0x2c0 [ 123.695632][ C1] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 123.701013][ C1] ? __ia32_sys_read+0x90/0x90 [ 123.705613][ C1] ? debug_smp_processor_id+0x17/0x20 [ 123.710994][ C1] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 123.716913][ C1] __x64_sys_write+0x7b/0x90 [ 123.721327][ C1] do_syscall_64+0x3d/0xb0 [ 123.725665][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 123.731404][ C1] RIP: 0033:0x7f0a1e487bf2 [ 123.735644][ C1] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 123.755172][ C1] RSP: 002b:00007ffd084c4d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 123.763415][ C1] RAX: ffffffffffffffda RBX: 000000000000036c RCX: 00007f0a1e487bf2 [ 123.771229][ C1] RDX: 000000000000036c RSI: 0000560e808b8680 RDI: 0000000000000004 [ 123.779037][ C1] RBP: 0000560e808b7290 R08: 0000000000000000 R09: 0000000000000000 [ 123.786848][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000560e7ed9daa4 [ 123.794659][ C1] R13: 0000000000000015 R14: 0000560e7ed9e3e8 R15: 00007ffd084c4da8 [ 123.802652][ C1] [ 265.104342][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 245s! [syz-executor345:293] [ 265.113015][ C0] Modules linked in: [ 265.116771][ C0] CPU: 0 PID: 293 Comm: syz-executor345 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 265.126819][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 265.137019][ C0] RIP: 0010:kvm_wait+0x147/0x180 [ 265.141874][ C0] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 265.161833][ C0] RSP: 0018:ffffc900007bf620 EFLAGS: 00000246 [ 265.167731][ C0] RAX: 0000000000000001 RBX: 1ffff920000f7ec8 RCX: 1ffffffff0d1aa9c [ 265.175547][ C0] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881f7037ed4 [ 265.183537][ C0] RBP: ffffc900007bf6d0 R08: dffffc0000000000 R09: ffffed103ee06fdb [ 265.191778][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 265.199595][ C0] R13: ffff8881f7037ed4 R14: 0000000000000001 R15: 1ffff920000f7ecc [ 265.207495][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 265.216249][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 265.222686][ C0] CR2: 00007f44d2970130 CR3: 000000011eafe000 CR4: 00000000003506b0 [ 265.231270][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 265.239170][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 265.247281][ C0] Call Trace: [ 265.250699][ C0] [ 265.254014][ C0] ? show_regs+0x58/0x60 [ 265.260237][ C0] ? watchdog_timer_fn+0x4b1/0x5f0 [ 265.265188][ C0] ? proc_watchdog_cpumask+0xd0/0xd0 [ 265.270643][ C0] ? __hrtimer_run_queues+0x41a/0xad0 [ 265.275860][ C0] ? hrtimer_interrupt+0xaa0/0xaa0 [ 265.280802][ C0] ? clockevents_program_event+0x22f/0x300 [ 265.286633][ C0] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 265.292512][ C0] ? hrtimer_interrupt+0x40c/0xaa0 [ 265.297578][ C0] ? __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 265.303740][ C0] ? sysvec_apic_timer_interrupt+0x95/0xc0 [ 265.309364][ C0] [ 265.312141][ C0] [ 265.314946][ C0] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 265.320921][ C0] ? kvm_wait+0x147/0x180 [ 265.325512][ C0] ? cgroup_rstat_updated+0xe5/0x370 [ 265.331156][ C0] ? kvm_arch_para_hints+0x30/0x30 [ 265.336683][ C0] ? __mod_memcg_lruvec_state+0x11c/0x1b0 [ 265.343296][ C0] __pv_queued_spin_lock_slowpath+0x41b/0xc40 [ 265.349202][ C0] ? page_remove_rmap+0xddd/0x1420 [ 265.354873][ C0] ? page_remove_rmap+0xebe/0x1420 [ 265.360251][ C0] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 265.367968][ C0] _raw_spin_lock_bh+0x139/0x1b0 [ 265.372848][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 265.377878][ C0] ? _raw_spin_unlock+0x4d/0x70 [ 265.382572][ C0] sock_map_delete_elem+0x99/0x130 [ 265.387802][ C0] bpf_prog_346bdb13810e5499+0x42/0xd90 [ 265.393282][ C0] bpf_trace_run3+0x11e/0x250 [ 265.397781][ C0] ? bpf_trace_run2+0x210/0x210 [ 265.402728][ C0] ? __put_anon_vma+0xdd/0x1f0 [ 265.407351][ C0] ? __put_anon_vma+0xdd/0x1f0 [ 265.412023][ C0] ? __put_anon_vma+0xdd/0x1f0 [ 265.416722][ C0] __bpf_trace_kmem_cache_free+0x99/0xc0 [ 265.422194][ C0] kmem_cache_free+0x2c3/0x2e0 [ 265.426784][ C0] ? __put_anon_vma+0xdd/0x1f0 [ 265.431384][ C0] __put_anon_vma+0xdd/0x1f0 [ 265.435850][ C0] unlink_anon_vmas+0x445/0x590 [ 265.440495][ C0] free_pgtables+0x137/0x280 [ 265.444947][ C0] exit_mmap+0x3e7/0x6f0 [ 265.449033][ C0] ? exit_aio+0x25e/0x3c0 [ 265.453166][ C0] ? vm_brk+0x30/0x30 [ 265.456995][ C0] ? mutex_unlock+0xb2/0x260 [ 265.461415][ C0] ? uprobe_clear_state+0x2cd/0x320 [ 265.466444][ C0] __mmput+0x95/0x310 [ 265.470280][ C0] mmput+0x5b/0x170 [ 265.473925][ C0] do_exit+0xb9c/0x2ca0 [ 265.478893][ C0] ? put_task_struct+0x80/0x80 [ 265.483483][ C0] ? ptrace_notify+0x24c/0x350 [ 265.488199][ C0] ? do_notify_parent+0xa30/0xa30 [ 265.493068][ C0] do_group_exit+0x141/0x310 [ 265.497539][ C0] __x64_sys_exit_group+0x3f/0x40 [ 265.502349][ C0] do_syscall_64+0x3d/0xb0 [ 265.506601][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 265.512409][ C0] RIP: 0033:0x7f44d28fbeb9 [ 265.516670][ C0] Code: Unable to access opcode bytes at RIP 0x7f44d28fbe8f. [ 265.523988][ C0] RSP: 002b:00007fffab4b63c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 265.532297][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f44d28fbeb9 [ 265.540391][ C0] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 265.548343][ C0] RBP: 00007f44d296f2d0 R08: ffffffffffffffb8 R09: 00007f44d293f09e [ 265.556157][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f44d296f2d0 [ 265.563961][ C0] R13: 0000000000000000 R14: 00007f44d296fd20 R15: 00007f44d28c56e0 [ 265.573312][ C0] [ 265.576156][ C0] Sending NMI from CPU 0 to CPUs 1: [ 265.581368][ C1] NMI backtrace for cpu 1 [ 265.581384][ C1] CPU: 1 PID: 287 Comm: sshd Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 265.581401][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 265.581410][ C1] RIP: 0010:kvm_wait+0x147/0x180 [ 265.581434][ C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 265.581446][ C1] RSP: 0018:ffffc90000a46180 EFLAGS: 00000246 [ 265.581461][ C1] RAX: 0000000000000003 RBX: 1ffff92000148c34 RCX: ffffffff8154f88f [ 265.581501][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff88811e2fd528 [ 265.581511][ C1] RBP: ffffc90000a46230 R08: dffffc0000000000 R09: ffffed1023c5faa6 [ 265.581522][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 265.581533][ C1] R13: ffff88811e2fd528 R14: 0000000000000003 R15: 1ffff92000148c38 [ 265.581543][ C1] FS: 00007f0a1e35b800(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 265.581557][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 265.581567][ C1] CR2: 00007f0a1e563304 CR3: 000000011e168000 CR4: 00000000003506a0 [ 265.581580][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 265.581589][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 265.581598][ C1] Call Trace: [ 265.581603][ C1] [ 265.581610][ C1] ? show_regs+0x58/0x60 [ 265.581627][ C1] ? nmi_cpu_backtrace+0x29f/0x300 [ 265.581704][ C1] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 265.581721][ C1] ? kvm_wait+0x147/0x180 [ 265.581734][ C1] ? kvm_wait+0x147/0x180 [ 265.581747][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 265.581763][ C1] ? nmi_handle+0xa8/0x280 [ 265.581778][ C1] ? kvm_wait+0x147/0x180 [ 265.581791][ C1] ? default_do_nmi+0x69/0x160 [ 265.581806][ C1] ? exc_nmi+0xaf/0x120 [ 265.581819][ C1] ? end_repeat_nmi+0x16/0x31 [ 265.581834][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 265.581853][ C1] ? kvm_wait+0x147/0x180 [ 265.581866][ C1] ? kvm_wait+0x147/0x180 [ 265.581879][ C1] ? kvm_wait+0x147/0x180 [ 265.581892][ C1] [ 265.581896][ C1] [ 265.581901][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 265.581915][ C1] ? pv_hash+0x86/0x150 [ 265.581930][ C1] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 265.581948][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 265.581963][ C1] ? sk_psock_stop+0x44c/0x4d0 [ 265.581978][ C1] ? sock_map_unref+0x48f/0x4d0 [ 265.581992][ C1] ? sock_map_delete_elem+0xc1/0x130 [ 265.582006][ C1] ? bpf_prog_346bdb13810e5499+0x42/0xd90 [ 265.582019][ C1] ? __bpf_trace_kmem_cache_free+0x99/0xc0 [ 265.582034][ C1] ? kmem_cache_free+0x2c3/0x2e0 [ 265.582051][ C1] _raw_spin_lock_bh+0x139/0x1b0 [ 265.582067][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 265.582082][ C1] ? __ip_queue_xmit+0x1105/0x1c20 [ 265.582112][ C1] ? __tcp_transmit_skb+0x1e84/0x3920 [ 265.582131][ C1] ? tcp_write_xmit+0x144a/0x5e80 [ 265.582145][ C1] ? __tcp_push_pending_frames+0x98/0x2f0 [ 265.582161][ C1] ? tcp_sendmsg_locked+0x315c/0x3a90 [ 265.582174][ C1] ? tcp_sendmsg+0x2f/0x50 [ 265.582186][ C1] ? inet_sendmsg+0xa1/0xc0 [ 265.582207][ C1] ? sock_write_iter+0x39b/0x530 [ 265.582247][ C1] ? vfs_write+0xd5d/0x1110 [ 265.582283][ C1] sock_map_delete_elem+0x99/0x130 [ 265.582298][ C1] bpf_prog_346bdb13810e5499+0x42/0xd90 [ 265.582310][ C1] bpf_trace_run3+0x11e/0x250 [ 265.582327][ C1] ? bpf_trace_run2+0x210/0x210 [ 265.582341][ C1] ? kfree_skbmem+0x104/0x170 [ 265.582354][ C1] ? kmem_cache_free+0x116/0x2e0 [ 265.582370][ C1] ? kfree_skbmem+0x104/0x170 [ 265.582382][ C1] ? kfree_skbmem+0x104/0x170 [ 265.582394][ C1] __bpf_trace_kmem_cache_free+0x99/0xc0 [ 265.582409][ C1] kmem_cache_free+0x2c3/0x2e0 [ 265.582424][ C1] kfree_skbmem+0x104/0x170 [ 265.582438][ C1] consume_skb+0xb4/0x250 [ 265.582451][ C1] __sk_msg_free+0x2dd/0x370 [ 265.582464][ C1] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 265.582486][ C1] sk_psock_stop+0x44c/0x4d0 [ 265.582501][ C1] sk_psock_drop+0x219/0x310 [ 265.582513][ C1] ? sock_map_unref+0x484/0x4d0 [ 265.582528][ C1] sock_map_unref+0x48f/0x4d0 [ 265.582543][ C1] sock_map_delete_elem+0xc1/0x130 [ 265.582558][ C1] bpf_prog_346bdb13810e5499+0x42/0xd90 [ 265.582569][ C1] bpf_trace_run3+0x11e/0x250 [ 265.582585][ C1] ? bpf_trace_run2+0x210/0x210 [ 265.582600][ C1] ? kfree_skbmem+0x104/0x170 [ 265.582612][ C1] ? asm_sysvec_call_function_single+0x1b/0x20 [ 265.582629][ C1] ? kfree_skbmem+0x104/0x170 [ 265.582642][ C1] ? kfree_skbmem+0x104/0x170 [ 265.582654][ C1] ? kfree_skbmem+0x104/0x170 [ 265.582666][ C1] __bpf_trace_kmem_cache_free+0x99/0xc0 [ 265.582681][ C1] kmem_cache_free+0x2c3/0x2e0 [ 265.582696][ C1] kfree_skbmem+0x104/0x170 [ 265.582709][ C1] consume_skb+0xb4/0x250 [ 265.582722][ C1] packet_rcv+0x160/0x1150 [ 265.582768][ C1] ? packet_sock_destruct+0x160/0x160 [ 265.582782][ C1] dev_queue_xmit_nit+0x9a4/0xa40 [ 265.582804][ C1] dev_hard_start_xmit+0x149/0x620 [ 265.582836][ C1] ? validate_xmit_skb_list+0x10b/0x130 [ 265.582851][ C1] sch_direct_xmit+0x298/0x9b0 [ 265.582868][ C1] ? __kasan_check_write+0x14/0x20 [ 265.582883][ C1] ? _raw_spin_trylock+0xcd/0x1a0 [ 265.582898][ C1] ? stp_proto_unregister+0x200/0x200 [ 265.582915][ C1] ? netdev_core_pick_tx+0x16e/0x300 [ 265.582930][ C1] __dev_queue_xmit+0x161e/0x2e70 [ 265.582948][ C1] ? dev_queue_xmit+0x20/0x20 [ 265.582962][ C1] ? selinux_ipv6_output+0x10/0x10 [ 265.583003][ C1] ? 0xffffffffa001a984 [ 265.583013][ C1] ? is_bpf_text_address+0x172/0x190 [ 265.583049][ C1] ? stack_trace_save+0x1c0/0x1c0 [ 265.583088][ C1] ? ip_finish_output2+0x984/0xf60 [ 265.583104][ C1] dev_queue_xmit+0x17/0x20 [ 265.583118][ C1] ip_finish_output2+0xb9f/0xf60 [ 265.583133][ C1] ? sysvec_call_function_single+0x52/0xb0 [ 265.583149][ C1] ? ip_fragment+0x210/0x210 [ 265.583164][ C1] ? audit_tree_destroy_watch+0x20/0x20 [ 265.583184][ C1] ? ip_skb_dst_mtu+0x38f/0x630 [ 265.583199][ C1] __ip_finish_output+0x162/0x360 [ 265.583215][ C1] ip_finish_output+0x31/0x210 [ 265.583228][ C1] ? ip_output+0x3e1/0x420 [ 265.583242][ C1] ip_output+0x1d6/0x420 [ 265.583257][ C1] ? ip_finish_output+0x210/0x210 [ 265.583271][ C1] ? ip_mc_finish_output+0x3c0/0x3c0 [ 265.583285][ C1] ? __kasan_check_read+0x11/0x20 [ 265.583299][ C1] ? ipv4_dst_check+0xe3/0x150 [ 265.583313][ C1] ? skb_push+0xb5/0x120 [ 265.583325][ C1] ? __sk_dst_check+0xd2/0x1b0 [ 265.583339][ C1] __ip_queue_xmit+0x1105/0x1c20 [ 265.583354][ C1] ? tcp_options_write+0x202/0xc60 [ 265.583370][ C1] ip_queue_xmit+0x4c/0x70 [ 265.583384][ C1] __tcp_transmit_skb+0x1e84/0x3920 [ 265.583403][ C1] ? __tcp_send_ack+0x710/0x710 [ 265.583418][ C1] ? __stack_depot_save+0x34/0x470 [ 265.583451][ C1] ? ____kasan_kmalloc+0xed/0x110 [ 265.583464][ C1] ? ____kasan_kmalloc+0xdb/0x110 [ 265.583482][ C1] ? __kasan_check_read+0x11/0x20 [ 265.583496][ C1] ? tcp_small_queue_check+0x1f5/0x3f0 [ 265.583512][ C1] tcp_write_xmit+0x144a/0x5e80 [ 265.583534][ C1] __tcp_push_pending_frames+0x98/0x2f0 [ 265.583550][ C1] tcp_push+0x477/0x620 [ 265.583563][ C1] tcp_sendmsg_locked+0x315c/0x3a90 [ 265.583584][ C1] ? tcp_free_fastopen_req+0x80/0x80 [ 265.583599][ C1] tcp_sendmsg+0x2f/0x50 [ 265.583612][ C1] inet_sendmsg+0xa1/0xc0 [ 265.583626][ C1] ? inet_send_prepare+0x4a0/0x4a0 [ 265.583639][ C1] sock_write_iter+0x39b/0x530 [ 265.583654][ C1] ? sock_read_iter+0x480/0x480 [ 265.583670][ C1] ? iov_iter_init+0x53/0x190 [ 265.583729][ C1] vfs_write+0xd5d/0x1110 [ 265.583744][ C1] ? file_end_write+0x1c0/0x1c0 [ 265.583757][ C1] ? __set_current_blocked+0x2a5/0x2f0 [ 265.583775][ C1] ? __kasan_check_read+0x11/0x20 [ 265.583790][ C1] ? __fdget_pos+0x209/0x3a0 [ 265.583825][ C1] ksys_write+0x199/0x2c0 [ 265.583837][ C1] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 265.583854][ C1] ? __ia32_sys_read+0x90/0x90 [ 265.583867][ C1] ? debug_smp_processor_id+0x17/0x20 [ 265.583881][ C1] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 265.583929][ C1] __x64_sys_write+0x7b/0x90 [ 265.583942][ C1] do_syscall_64+0x3d/0xb0 [ 265.583956][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 265.583972][ C1] RIP: 0033:0x7f0a1e487bf2 [ 265.583984][ C1] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 265.583996][ C1] RSP: 002b:00007ffd084c4d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 265.584012][ C1] RAX: ffffffffffffffda RBX: 000000000000036c RCX: 00007f0a1e487bf2 [ 265.584023][ C1] RDX: 000000000000036c RSI: 0000560e808b8680 RDI: 0000000000000004 [ 265.584032][ C1] RBP: 0000560e808b7290 R08: 0000000000000000 R09: 0000000000000000 [ 265.584041][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000560e7ed9daa4 [ 265.584051][ C1] R13: 0000000000000015 R14: 0000560e7ed9e3e8 R15: 00007ffd084c4da8 [ 265.584064][ C1]