./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3009495562 <...> Warning: Permanently added '10.128.0.230' (ED25519) to the list of known hosts. execve("./syz-executor3009495562", ["./syz-executor3009495562"], 0x7ffe6f604470 /* 10 vars */) = 0 brk(NULL) = 0x555555f0c000 brk(0x555555f0cd00) = 0x555555f0cd00 arch_prctl(ARCH_SET_FS, 0x555555f0c380) = 0 set_tid_address(0x555555f0c650) = 292 set_robust_list(0x555555f0c660, 24) = 0 rseq(0x555555f0cca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3009495562", 4096) = 28 getrandom("\xba\x48\x40\xc2\x71\x8e\x64\xa7", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555f0cd00 brk(0x555555f2dd00) = 0x555555f2dd00 brk(0x555555f2e000) = 0x555555f2e000 mprotect(0x7fe92ed2b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 293 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 294 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 295 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 295 attached ./strace-static-x86_64: Process 296 attached ./strace-static-x86_64: Process 294 attached ./strace-static-x86_64: Process 293 attached [pid 296] set_robust_list(0x555555f0c660, 24 [pid 295] set_robust_list(0x555555f0c660, 24 [pid 292] <... clone resumed>, child_tidptr=0x555555f0c650) = 296 [pid 294] set_robust_list(0x555555f0c660, 24 [pid 296] <... set_robust_list resumed>) = 0 [pid 295] <... set_robust_list resumed>) = 0 [pid 294] <... set_robust_list resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 298 attached ./strace-static-x86_64: Process 299 attached ./strace-static-x86_64: Process 297 attached [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] set_robust_list(0x555555f0c660, 24 [pid 298] set_robust_list(0x555555f0c660, 24 [pid 296] <... clone resumed>, child_tidptr=0x555555f0c650) = 297 [pid 295] <... clone resumed>, child_tidptr=0x555555f0c650) = 298 [pid 294] <... clone resumed>, child_tidptr=0x555555f0c650) = 299 [pid 298] <... set_robust_list resumed>) = 0 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 298] setpgid(0, 0) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 300 attached [pid 292] <... clone resumed>, child_tidptr=0x555555f0c650) = 300 [pid 299] set_robust_list(0x555555f0c660, 24 [pid 298] <... openat resumed>) = 3 [pid 297] set_robust_list(0x555555f0c660, 24 [pid 298] write(3, "1000", 4) = 4 [pid 298] close(3) = 0 [pid 298] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 300] set_robust_list(0x555555f0c660, 24 [pid 299] <... set_robust_list resumed>) = 0 [pid 297] <... set_robust_list resumed>) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] <... set_robust_list resumed>) = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] <... bpf resumed>) = 3 [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... prctl resumed>) = 0 [pid 297] <... prctl resumed>) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555555f0c650) = 301 [pid 299] setpgid(0, 0 [pid 297] setpgid(0, 0 [pid 300] <... clone resumed>, child_tidptr=0x555555f0c650) = 302 [pid 299] <... setpgid resumed>) = 0 [pid 297] <... setpgid resumed>) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 299] write(3, "1000", 4 [pid 297] write(3, "1000", 4 [pid 299] <... write resumed>) = 4 [pid 297] <... write resumed>) = 4 [pid 299] close(3 [pid 297] close(3 [pid 299] <... close resumed>) = 0 [pid 298] <... bpf resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 299] <... bpf resumed>) = 3 [pid 297] <... bpf resumed>) = 3 [pid 299] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 297] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 299] <... bpf resumed>) = 0 [pid 297] <... bpf resumed>) = 0 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 301 attached ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x555555f0c660, 24 [ 20.760431][ T30] audit: type=1400 audit(1707418091.568:66): avc: denied { execmem } for pid=292 comm="syz-executor300" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.768396][ T30] audit: type=1400 audit(1707418091.578:67): avc: denied { map_create } for pid=298 comm="syz-executor300" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 20.772712][ T30] audit: type=1400 audit(1707418091.578:68): avc: denied { perfmon } for pid=298 comm="syz-executor300" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 20.776307][ T30] audit: type=1400 audit(1707418091.578:69): avc: denied { map_read map_write } for pid=298 comm="syz-executor300" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 20.779641][ T30] audit: type=1400 audit(1707418091.588:70): avc: denied { bpf } for pid=298 comm="syz-executor300" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 301] set_robust_list(0x555555f0c660, 24 [pid 302] <... set_robust_list resumed>) = 0 [pid 301] <... set_robust_list resumed>) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 302] setpgid(0, 0 [pid 301] <... prctl resumed>) = 0 [pid 302] <... setpgid resumed>) = 0 [pid 301] setpgid(0, 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] <... setpgid resumed>) = 0 [pid 302] <... openat resumed>) = 3 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 302] write(3, "1000", 4) = 4 [pid 301] <... openat resumed>) = 3 [pid 302] close(3 [pid 301] write(3, "1000", 4 [pid 302] <... close resumed>) = 0 [pid 301] <... write resumed>) = 4 [pid 302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 301] close(3 [pid 302] <... bpf resumed>) = 3 [pid 301] <... close resumed>) = 0 [pid 302] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 302] <... bpf resumed>) = 0 [pid 301] <... bpf resumed>) = 3 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 301] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [ 20.792312][ T30] audit: type=1400 audit(1707418091.588:71): avc: denied { prog_load } for pid=299 comm="syz-executor300" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 302] <... bpf resumed>) = 4 [pid 301] <... bpf resumed>) = 4 [pid 298] <... bpf resumed>) = 4 [pid 297] <... bpf resumed>) = 4 [pid 299] <... bpf resumed>) = 4 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16) = 5 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 299] <... bpf resumed>) = 5 [pid 297] <... bpf resumed>) = 5 [pid 301] <... bpf resumed>) = 5 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 298] <... bpf resumed>) = 5 [pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 302] <... bpf resumed>) = 6 [pid 301] <... bpf resumed>) = 6 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7 [pid 302] exit_group(0) = ? [pid 299] <... bpf resumed>) = 6 [pid 298] <... bpf resumed>) = 6 [pid 297] <... bpf resumed>) = 6 [pid 298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7 [pid 298] exit_group(0) = ? [ 20.946387][ T30] audit: type=1400 audit(1707418091.758:73): avc: denied { prog_run } for pid=297 comm="syz-executor300" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 20.965507][ T30] audit: type=1400 audit(1707418091.758:72): avc: denied { prog_run } for pid=298 comm="syz-executor300" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 302] +++ exited with 0 +++ [pid 298] +++ exited with 0 +++ [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 303 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 304 ./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x555555f0c660, 24) = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 303] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [ 20.990177][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 21.001604][ T293] BUG: scheduling while atomic: syz-executor300/293/0x00000002 [ 21.009109][ T293] Modules linked in: [ 21.013039][ T293] Preemption disabled at: [ 21.013049][ T293] [] ptrace_stop+0x588/0xa90 [ 21.023442][ T293] CPU: 0 PID: 293 Comm: syz-executor300 Not tainted 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 21.033495][ T293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 21.043467][ T293] Call Trace: [ 21.046593][ T293] [ 21.049376][ T293] dump_stack_lvl+0x151/0x1b7 [ 21.053881][ T293] ? ptrace_stop+0x588/0xa90 [ 21.058311][ T293] ? ptrace_stop+0x588/0xa90 [ 21.063084][ T293] ? io_uring_drop_tctx_refs+0x190/0x190 [ 21.068554][ T293] ? ptrace_stop+0x588/0xa90 [ 21.072977][ T293] dump_stack+0x15/0x17 [ 21.077065][ T293] __schedule_bug+0x195/0x260 [ 21.081578][ T293] ? ttwu_queue_wakelist+0x510/0x510 [ 21.086718][ T293] ? ktime_get+0x12f/0x160 [ 21.090953][ T293] __schedule+0xd0b/0x1580 [ 21.095991][ T293] ? tick_program_event+0x9f/0x120 [ 21.100931][ T293] ? hrtimer_reprogram+0x389/0x430 [ 21.105879][ T293] ? __sched_text_start+0x8/0x8 [ 21.110571][ T293] schedule+0x11f/0x1e0 [ 21.114557][ T293] do_nanosleep+0x181/0x6a0 [ 21.118909][ T293] ? usleep_range_state+0x160/0x160 [ 21.124019][ T293] ? hrtimer_init_sleeper+0x3b/0x1a0 [ 21.129147][ T293] ? hrtimer_nanosleep+0x107/0x3f0 [ 21.135052][ T293] hrtimer_nanosleep+0x1c5/0x3f0 [ 21.140262][ T293] ? nanosleep_copyout+0x120/0x120 [ 21.145206][ T293] ? __remove_hrtimer+0x4d0/0x4d0 [ 21.150069][ T293] ? get_timespec64+0x197/0x270 [ 21.154769][ T293] ? timespec64_add_safe+0x220/0x220 [ 21.159876][ T293] common_nsleep+0x91/0xb0 [ 21.164131][ T293] __se_sys_clock_nanosleep+0x323/0x3b0 [ 21.169508][ T293] ? __x64_sys_clock_nanosleep+0xb0/0xb0 [ 21.175063][ T293] ? __bpf_trace_sys_enter+0x62/0x70 [ 21.180192][ T293] __x64_sys_clock_nanosleep+0x9b/0xb0 [ 21.185743][ T293] do_syscall_64+0x3d/0xb0 [ 21.189993][ T293] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.195723][ T293] RIP: 0033:0x7fe92ecde483 [ 21.199979][ T293] Code: 00 00 00 00 00 66 90 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d fe 1b 05 00 00 74 14 b8 e6 00 00 00 0f 05 d8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 [ 21.219695][ T293] RSP: 002b:00007ffeabb5f4d8 EFLAGS: 00000202 ORIG_RAX: 00000000000000e6 [ 21.227944][ T293] RAX: ffffffffffffffda RBX: 000000000000012d RCX: 00007fe92ecde483 [ 21.235742][ T293] RDX: 00007ffeabb5f4f0 RSI: 0000000000000000 RDI: 0000000000000000 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 304 attached ) = 4 [pid 301] <... bpf resumed>) = 7 [pid 299] <... bpf resumed>) = 7 [pid 297] <... bpf resumed>) = 7 [pid 304] set_robust_list(0x555555f0c660, 24 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 304] <... set_robust_list resumed>) = 0 [pid 301] exit_group(0 [pid 299] exit_group(0 [ 21.243544][ T293] RBP: 00000000000f4240 R08: 00007ffeabb7a080 R09: 00007ffeabb7a0b0 [ 21.252137][ T293] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000510f [ 21.260045][ T293] R13: 00007ffeabb5f52c R14: 00007ffeabb5f540 R15: 00007ffeabb5f530 [ 21.269002][ T293] [ 21.274806][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 21.286692][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 21.294573][ T289] Modules linked in: [ 21.298301][ T289] Preemption disabled at: [ 21.298307][ T289] [] up_read+0x16/0x170 [ 21.308539][ T289] CPU: 0 PID: 289 Comm: strace-static-x Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 21.320411][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 21.330705][ T289] Call Trace: [ 21.333818][ T289] [ 21.336905][ T289] dump_stack_lvl+0x151/0x1b7 [ 21.341601][ T289] ? up_read+0x16/0x170 [ 21.345835][ T289] ? up_read+0x16/0x170 [ 21.350040][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 21.355458][ T289] ? up_read+0x16/0x170 [ 21.359626][ T289] dump_stack+0x15/0x17 [ 21.363719][ T289] __schedule_bug+0x195/0x260 [ 21.368257][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 21.373353][ T289] __schedule+0xd0b/0x1580 [ 21.377743][ T289] ? _raw_spin_lock+0x1b0/0x1b0 [ 21.382615][ T289] ? __sched_text_start+0x8/0x8 [ 21.387370][ T289] ? child_wait_callback+0x200/0x200 [ 21.392484][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 21.398137][ T289] schedule+0x11f/0x1e0 [ 21.402125][ T289] do_wait+0x6e7/0xa10 [ 21.406028][ T289] kernel_wait4+0x29e/0x3d0 [ 21.410365][ T289] ? __ia32_sys_waitid+0xd0/0xd0 [ 21.415225][ T289] ? bpf_trace_printk+0x1be/0x300 [ 21.420085][ T289] ? kernel_waitid+0x520/0x520 [ 21.424686][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 21.430068][ T289] __x64_sys_wait4+0x130/0x1e0 [ 21.434696][ T289] ? kernel_wait+0x230/0x230 [ 21.439091][ T289] ? bpf_trace_run2+0xf1/0x210 [ 21.443821][ T289] ? __bpf_trace_sys_enter+0x62/0x70 [ 21.449998][ T289] ? __traceiter_sys_enter+0x2a/0x40 [ 21.455113][ T289] ? syscall_enter_from_user_mode+0x14d/0x1b0 [ 21.461015][ T289] do_syscall_64+0x3d/0xb0 [ 21.465268][ T289] ? sysvec_call_function_single+0x52/0xb0 [ 21.470910][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.477009][ T289] RIP: 0033:0x4d49a6 [ 21.480757][ T289] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 21.500885][ T289] RSP: 002b:00007ffe6f604188 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 21.509220][ T289] RAX: ffffffffffffffda RBX: 0000000001dcb2f8 RCX: 00000000004d49a6 [ 21.517028][ T289] RDX: 0000000040000000 RSI: 00007ffe6f6041ac RDI: 00000000ffffffff [ 21.525024][ T289] RBP: 0000000000000000 R08: 0000000000000017 R09: 0000000000000001 [ 21.532845][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001dd2590 [ 21.540750][ T289] R13: 0000000000000000 R14: 00007ffe6f6041ac R15: 0000000000617180 [pid 297] exit_group(0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 303] <... bpf resumed>) = 5 [pid 301] <... exit_group resumed>) = ? [pid 299] <... exit_group resumed>) = ? [pid 297] <... exit_group resumed>) = ? [pid 304] <... prctl resumed>) = 0 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 301] +++ exited with 0 +++ [pid 304] setpgid(0, 0) = 0 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 304] <... openat resumed>) = 3 [pid 293] <... restart_syscall resumed>) = 0 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 304] <... close resumed>) = 0 [pid 304] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 293] <... clone resumed>, child_tidptr=0x555555f0c650) = 307 [pid 304] <... bpf resumed>) = 3 [pid 304] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 303] <... bpf resumed>) = 6 [ 21.548658][ T289] [ 21.552779][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 21.564382][ T82] BUG: scheduling while atomic: syslogd/82/0x00000002 [ 21.572490][ T82] Modules linked in: [ 21.576496][ T82] Preemption disabled at: [ 21.576507][ T82] [] is_module_text_address+0x1a/0x140 [ 21.588408][ T82] CPU: 0 PID: 82 Comm: syslogd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 21.599330][ T82] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 21.609222][ T82] Call Trace: [ 21.612636][ T82] [ 21.615414][ T82] dump_stack_lvl+0x151/0x1b7 [ 21.619931][ T82] ? is_module_text_address+0x1a/0x140 [ 21.625772][ T82] ? is_module_text_address+0x1a/0x140 [ 21.631073][ T82] ? io_uring_drop_tctx_refs+0x190/0x190 [ 21.637786][ T82] ? is_module_text_address+0x1a/0x140 [ 21.643255][ T82] dump_stack+0x15/0x17 [ 21.647243][ T82] __schedule_bug+0x195/0x260 [ 21.651770][ T82] ? ttwu_queue_wakelist+0x510/0x510 [ 21.657076][ T82] ? __rcu_read_unlock+0xd0/0xd0 [ 21.661867][ T82] __schedule+0xd0b/0x1580 [ 21.666112][ T82] ? __kasan_check_read+0x11/0x20 [ 21.670964][ T82] ? __fdget_pos+0x2ee/0x3a0 [ 21.675478][ T82] ? __sched_text_start+0x8/0x8 [ 21.680279][ T82] ? ksys_write+0x24f/0x2c0 [ 21.684592][ T82] schedule+0x11f/0x1e0 [ 21.688584][ T82] exit_to_user_mode_loop+0x4d/0xe0 [ 21.693618][ T82] exit_to_user_mode_prepare+0x5a/0xa0 [ 21.698914][ T82] syscall_exit_to_user_mode+0x26/0x160 [ 21.704402][ T82] do_syscall_64+0x49/0xb0 [ 21.708734][ T82] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.714446][ T82] RIP: 0033:0x7fd0f5a27bf2 [ 21.718700][ T82] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 21.738492][ T82] RSP: 002b:00007fff4a1fe598 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16./strace-static-x86_64: Process 307 attached [pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 307] set_robust_list(0x555555f0c660, 24) = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 21.746737][ T82] RAX: 0000000000000059 RBX: 0000000000000003 RCX: 00007fd0f5a27bf2 [ 21.754545][ T82] RDX: 0000000000000059 RSI: 000055af5ad2f600 RDI: 0000000000000003 [ 21.762358][ T82] RBP: 000055af5ad2f600 R08: 0000000000000001 R09: 0000000000000000 [ 21.770168][ T82] R10: 00007fd0f5bc63a3 R11: 0000000000000246 R12: 0000000000000059 [ 21.778242][ T82] R13: 00007fd0f58d3300 R14: 0000000000000004 R15: 000055af5ad2f410 [ 21.786076][ T82] [ 21.792468][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 21.804008][ T82] BUG: scheduling while atomic: syslogd/82/0x00000002 [ 21.810715][ T82] Modules linked in: [ 21.814442][ T82] Preemption disabled at: [ 21.814452][ T82] [] vfs_write+0x94b/0x1110 [ 21.824513][ T82] CPU: 0 PID: 82 Comm: syslogd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 21.835380][ T82] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 21.845271][ T82] Call Trace: [ 21.848402][ T82] [ 21.851207][ T82] dump_stack_lvl+0x151/0x1b7 [ 21.855694][ T82] ? vfs_write+0x94b/0x1110 [ 21.860033][ T82] ? vfs_write+0x94b/0x1110 [ 21.864626][ T82] ? io_uring_drop_tctx_refs+0x190/0x190 [ 21.870093][ T82] ? vfs_write+0x94b/0x1110 [ 21.874705][ T82] dump_stack+0x15/0x17 [ 21.878696][ T82] __schedule_bug+0x195/0x260 [ 21.883202][ T82] ? ttwu_queue_wakelist+0x510/0x510 [ 21.888670][ T82] __schedule+0xd0b/0x1580 [ 21.892928][ T82] ? __kasan_check_read+0x11/0x20 [ 21.897802][ T82] ? __fdget_pos+0x209/0x3a0 [ 21.902295][ T82] ? __sched_text_start+0x8/0x8 [ 21.907007][ T82] ? ksys_read+0x24f/0x2c0 [ 21.911236][ T82] schedule+0x11f/0x1e0 [ 21.915226][ T82] exit_to_user_mode_loop+0x4d/0xe0 [ 21.920268][ T82] exit_to_user_mode_prepare+0x5a/0xa0 [ 21.925573][ T82] syscall_exit_to_user_mode+0x26/0x160 [ 21.930933][ T82] do_syscall_64+0x49/0xb0 [ 21.935210][ T82] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 21.940915][ T82] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.946733][ T82] RIP: 0033:0x7fd0f5a27b6a [ 21.950988][ T82] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 21.970427][ T82] RSP: 002b:00007fff4a1fe708 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 21.978670][ T82] RAX: 000000000000005b RBX: 0000000000000002 RCX: 00007fd0f5a27b6a [ 21.986751][ T82] RDX: 00000000000000ff RSI: 000055af5ad2f300 RDI: 0000000000000000 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 307] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 297] +++ exited with 0 +++ [pid 307] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 308 ./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x555555f0c660, 24) = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 308] write(3, "1000", 4) = 4 [pid 308] close(3) = 0 [pid 308] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 308] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 308] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 304] <... bpf resumed>) = 5 [pid 303] <... bpf resumed>) = 7 [pid 307] <... bpf resumed>) = 5 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 299] +++ exited with 0 +++ [pid 307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 304] <... bpf resumed>) = 6 [pid 303] exit_group(0 [pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7 [pid 304] exit_group(0) = ? [pid 307] <... bpf resumed>) = 6 [pid 303] <... exit_group resumed>) = ? [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=36} --- [pid 307] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [ 21.994553][ T82] RBP: 000055af5ad2f2c0 R08: 0000000000000001 R09: 0000000000000000 [ 22.002374][ T82] R10: 00007fd0f5bc63a3 R11: 0000000000000246 R12: 000055af5ad2f35a [ 22.010357][ T82] R13: 000055af5ad2f300 R14: 0000000000000000 R15: 00007fd0f5c04a80 [ 22.018255][ T82] [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x555555f0c660, 24 [pid 294] <... clone resumed>, child_tidptr=0x555555f0c650) = 309 [ 22.045475][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 22.057521][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 22.065306][ T289] Modules linked in: [ 22.069008][ T289] Preemption disabled at: [ 22.069015][ T289] [] remove_wait_queue+0x26/0x140 [ 22.079790][ T289] CPU: 0 PID: 289 Comm: strace-static-x Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 22.091226][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 22.101739][ T289] Call Trace: [ 22.105036][ T289] [ 22.108000][ T289] dump_stack_lvl+0x151/0x1b7 [ 22.112610][ T289] ? remove_wait_queue+0x26/0x140 [ 22.117469][ T289] ? remove_wait_queue+0x26/0x140 [ 22.122306][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 22.127783][ T289] ? remove_wait_queue+0x26/0x140 [ 22.132635][ T289] dump_stack+0x15/0x17 [ 22.136629][ T289] __schedule_bug+0x195/0x260 [ 22.141139][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 22.146262][ T289] __schedule+0xd0b/0x1580 [ 22.150514][ T289] ? _raw_spin_lock+0x1b0/0x1b0 [ 22.155204][ T289] ? __sched_text_start+0x8/0x8 [ 22.159893][ T289] ? child_wait_callback+0x200/0x200 [ 22.165008][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 22.170652][ T289] schedule+0x11f/0x1e0 [ 22.174643][ T289] do_wait+0x6e7/0xa10 [ 22.178549][ T289] kernel_wait4+0x29e/0x3d0 [ 22.182894][ T289] ? __ia32_sys_waitid+0xd0/0xd0 [ 22.187747][ T289] ? bpf_trace_printk+0x1be/0x300 [ 22.192608][ T289] ? kernel_waitid+0x520/0x520 [ 22.197295][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 22.202331][ T289] __x64_sys_wait4+0x130/0x1e0 [ 22.206932][ T289] ? kernel_wait+0x230/0x230 [ 22.211354][ T289] ? bpf_trace_run2+0xf1/0x210 [ 22.215979][ T289] ? __bpf_trace_sys_enter+0x62/0x70 [ 22.221167][ T289] ? __traceiter_sys_enter+0x2a/0x40 [ 22.226288][ T289] ? syscall_enter_from_user_mode+0x14d/0x1b0 [ 22.232307][ T289] do_syscall_64+0x3d/0xb0 [ 22.236527][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 22.243208][ T289] RIP: 0033:0x4d49a6 [ 22.246942][ T289] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 22.266563][ T289] RSP: 002b:00007ffe6f604188 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 22.274799][ T289] RAX: ffffffffffffffda RBX: 0000000001dcb2f8 RCX: 00000000004d49a6 [ 22.282628][ T289] RDX: 0000000040000000 RSI: 00007ffe6f6041ac RDI: 00000000ffffffff [pid 309] <... set_robust_list resumed>) = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 22.290423][ T289] RBP: 0000000000000000 R08: 0000000000000017 R09: 0000000000000000 [ 22.298236][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001dd22c0 [ 22.306050][ T289] R13: 0000000000000000 R14: 00007ffe6f6041ac R15: 0000000000617180 [ 22.313876][ T289] [ 22.320040][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 22.331658][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 22.339201][ T289] Modules linked in: [ 22.342945][ T289] Preemption disabled at: [ 22.342951][ T289] [] remove_wait_queue+0x26/0x140 [ 22.353526][ T289] CPU: 0 PID: 289 Comm: strace-static-x Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 22.365726][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 22.375614][ T289] Call Trace: [ 22.378738][ T289] [ 22.381517][ T289] dump_stack_lvl+0x151/0x1b7 [ 22.386026][ T289] ? sysvec_call_function_single+0x52/0xb0 [ 22.392015][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 22.397528][ T289] ? remove_wait_queue+0x26/0x140 [ 22.402357][ T289] ? remove_wait_queue+0x26/0x140 [ 22.407299][ T289] dump_stack+0x15/0x17 [ 22.411294][ T289] __schedule_bug+0x195/0x260 [ 22.415810][ T289] ? asm_sysvec_call_function_single+0x1b/0x20 [ 22.421789][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 22.427188][ T289] __schedule+0xd0b/0x1580 [ 22.431698][ T289] ? __x64_sys_wait4+0x181/0x1e0 [ 22.436467][ T289] ? bpf_trace_run2+0xf1/0x210 [ 22.441060][ T289] ? __sched_text_start+0x8/0x8 [ 22.445748][ T289] schedule+0x11f/0x1e0 [ 22.449740][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 22.454774][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 22.460178][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 22.465723][ T289] do_syscall_64+0x49/0xb0 [ 22.470050][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 22.475793][ T289] RIP: 0033:0x4d49a6 [ 22.479511][ T289] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 22.499065][ T289] RSP: 002b:00007ffe6f604188 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 22.507302][ T289] RAX: 000000000000012c RBX: 0000000000000002 RCX: 00000000004d49a6 [ 22.515188][ T289] RDX: 0000000040000001 RSI: 00007ffe6f6041ac RDI: 00000000ffffffff [ 22.522928][ T289] RBP: 0000000001dccba0 R08: 0000000000000000 R09: 0000000000000000 [ 22.531422][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001dd2350 [pid 309] write(3, "1000", 4) = 4 [pid 308] <... bpf resumed>) = 5 [pid 307] <... bpf resumed>) = 7 [pid 304] +++ exited with 0 +++ [pid 303] +++ exited with 0 +++ [ 22.539786][ T289] R13: 0000000000000127 R14: 00007ffe6f6041ac R15: 0000000000617180 [ 22.548638][ T289] [ 22.554094][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 22.565934][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 22.573179][ T287] Modules linked in: [ 22.578628][ T287] Preemption disabled at: [ 22.578639][ T287] [] __do_softirq+0xac/0x5bf [ 22.588865][ T287] CPU: 0 PID: 287 Comm: sshd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 22.599367][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 22.609244][ T287] Call Trace: [ 22.612365][ T287] [ 22.615141][ T287] dump_stack_lvl+0x151/0x1b7 [ 22.619653][ T287] ? __do_softirq+0xac/0x5bf [ 22.624080][ T287] ? __do_softirq+0xac/0x5bf [ 22.628509][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 22.633978][ T287] ? __do_softirq+0xac/0x5bf [ 22.638750][ T287] dump_stack+0x15/0x17 [ 22.642752][ T287] __schedule_bug+0x195/0x260 [ 22.647254][ T287] ? bpf_bprintf_cleanup+0x48/0x60 [ 22.652222][ T287] ? bpf_trace_printk+0x1be/0x300 [ 22.657168][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 22.662279][ T287] ? bpf_probe_write_user+0xf0/0xf0 [ 22.667841][ T287] __schedule+0xd0b/0x1580 [ 22.672083][ T287] ? __sched_text_start+0x8/0x8 [ 22.676803][ T287] ? bpf_trace_run2+0xf1/0x210 [ 22.681454][ T287] ? bpf_trace_run1+0x1c0/0x1c0 [ 22.686155][ T287] schedule+0x11f/0x1e0 [ 22.690130][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 22.695177][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 22.700546][ T287] irqentry_exit_to_user_mode+0x9/0x20 [ 22.705838][ T287] irqentry_exit+0x12/0x40 [ 22.710090][ T287] sysvec_reschedule_ipi+0x7d/0x150 [ 22.715214][ T287] asm_sysvec_reschedule_ipi+0x1b/0x20 [ 22.720508][ T287] RIP: 0033:0x7f1569833729 [ 22.724772][ T287] Code: 0f 84 c9 0e 00 00 48 8b 44 24 70 8a 18 31 c0 8d 53 e0 80 fa 5a 77 1e 0f be c3 48 8d 35 60 56 10 00 83 e8 20 48 98 0f b6 14 06 <48> 8d 05 d0 54 10 00 48 63 04 90 48 8d 0d a3 0e 00 00 48 01 c8 e9 [pid 309] close(3 [pid 308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 307] exit_group(0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=29} --- [pid 309] <... close resumed>) = 0 [pid 307] <... exit_group resumed>) = ? [pid 309] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 309] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555555f0c650) = 311 [pid 295] <... clone resumed>, child_tidptr=0x555555f0c650) = 312 [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 311 attached [pid 308] <... bpf resumed>) = 6 [pid 311] set_robust_list(0x555555f0c660, 24 [pid 308] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 311] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 312 attached [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 312] set_robust_list(0x555555f0c660, 24 [pid 311] <... prctl resumed>) = 0 [pid 312] <... set_robust_list resumed>) = 0 [pid 311] setpgid(0, 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 311] <... setpgid resumed>) = 0 [pid 312] <... prctl resumed>) = 0 [pid 312] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 311] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 312] <... openat resumed>) = 3 [pid 311] <... bpf resumed>) = 0 [pid 312] write(3, "1000", 4 [pid 311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 312] <... write resumed>) = 4 [pid 312] close(3) = 0 [pid 311] <... bpf resumed>) = 4 [pid 312] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 312] <... bpf resumed>) = 3 [pid 312] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 309] <... bpf resumed>) = 4 [pid 312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 311] <... bpf resumed>) = 5 [pid 308] <... bpf resumed>) = 7 [pid 307] +++ exited with 0 +++ [pid 311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 308] exit_group(0) = ? [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 293] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 311] <... bpf resumed>) = 6 ./strace-static-x86_64: Process 313 attached [pid 311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 293] <... clone resumed>, child_tidptr=0x555555f0c650) = 313 [pid 313] set_robust_list(0x555555f0c660, 24) = 0 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 313] setpgid(0, 0) = 0 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 313] write(3, "1000", 4) = 4 [pid 313] close(3) = 0 [pid 313] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 313] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 22.744490][ T287] RSP: 002b:00007ffcc75c8a50 EFLAGS: 00000206 [ 22.750365][ T287] RAX: 0000000000000053 RBX: 0000000000000073 RCX: 000055ee9c3fd40c [ 22.758173][ T287] RDX: 0000000000000015 RSI: 00007f1569938d80 RDI: 00007ffcc75c8ac0 [ 22.766083][ T287] RBP: 00007ffcc75c8f70 R08: 000000007ffffff7 R09: 0000000000000000 [ 22.773894][ T287] R10: 000055ee9c3fa856 R11: 0000000000000000 R12: 00007ffcc75c90e8 [ 22.781718][ T287] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 22.789523][ T287] [pid 313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 308] +++ exited with 0 +++ [pid 312] <... bpf resumed>) = 5 [pid 309] <... bpf resumed>) = 5 [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 311] <... bpf resumed>) = 7 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 313] <... bpf resumed>) = 5 [pid 312] <... bpf resumed>) = 6 [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 311] exit_group(0 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 311] <... exit_group resumed>) = ? [pid 296] <... restart_syscall resumed>) = 0 [pid 313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 313] <... bpf resumed>) = 6 [pid 312] <... bpf resumed>) = 7 [pid 309] <... bpf resumed>) = 6 [pid 313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 312] exit_group(0) = ? [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 314 attached , child_tidptr=0x555555f0c650) = 314 [pid 314] set_robust_list(0x555555f0c660, 24) = 0 [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 314] setpgid(0, 0) = 0 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 314] write(3, "1000", 4) = 4 [pid 314] close(3) = 0 [pid 314] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 314] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [ 22.861530][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 22.872947][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 22.879330][ T287] Modules linked in: [ 22.883103][ T287] Preemption disabled at: [ 22.883110][ T287] [] pipe_read+0x5b3/0x1040 [ 22.893209][ T287] CPU: 0 PID: 287 Comm: sshd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 22.903636][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 22.913528][ T287] Call Trace: [ 22.916657][ T287] [ 22.919601][ T287] dump_stack_lvl+0x151/0x1b7 [ 22.924291][ T287] ? pipe_read+0x5b3/0x1040 [ 22.928703][ T287] ? pipe_read+0x5b3/0x1040 [ 22.932969][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 22.938441][ T287] ? pipe_read+0x5b3/0x1040 [ 22.942781][ T287] dump_stack+0x15/0x17 [ 22.946770][ T287] __schedule_bug+0x195/0x260 [ 22.951283][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 22.956404][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 22.961797][ T287] __schedule+0xd0b/0x1580 [ 22.966062][ T287] ? bpf_trace_run2+0xf1/0x210 [ 22.970660][ T287] ? __sched_text_start+0x8/0x8 [ 22.975334][ T287] ? bpf_trace_run1+0x1c0/0x1c0 [ 22.980016][ T287] ? ksys_read+0x24f/0x2c0 [ 22.984277][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 22.989655][ T287] schedule+0x11f/0x1e0 [ 22.993658][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 22.998671][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.003966][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 23.009461][ T287] do_syscall_64+0x49/0xb0 [ 23.013711][ T287] ? sysvec_call_function_single+0x52/0xb0 [ 23.019352][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.025083][ T287] RIP: 0033:0x7f1569888587 [ 23.029344][ T287] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 23.049044][ T287] RSP: 002b:00007ffcc75cd2b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [pid 311] +++ exited with 0 +++ [pid 313] <... bpf resumed>) = 7 [pid 313] exit_group(0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 313] <... exit_group resumed>) = ? [pid 300] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 315 ./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x555555f0c660, 24) = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 315] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 315] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 309] <... bpf resumed>) = 7 [pid 314] <... bpf resumed>) = 5 [pid 309] exit_group(0 [pid 314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 309] <... exit_group resumed>) = ? [pid 314] <... bpf resumed>) = 6 [pid 314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 315] <... bpf resumed>) = 5 [pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 313] +++ exited with 0 +++ [pid 315] <... bpf resumed>) = 6 [pid 312] +++ exited with 0 +++ [pid 315] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=19} --- [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x555555f0c660, 24) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555555f0c650) = 316 [pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 316] setpgid(0, 0) = 0 [pid 295] <... clone resumed>, child_tidptr=0x555555f0c650) = 317 [pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x555555f0c660, 24) = 0 [pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 316] <... openat resumed>) = 3 [pid 316] write(3, "1000", 4 [pid 317] setpgid(0, 0) = 0 [pid 316] <... write resumed>) = 4 [pid 317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 316] close(3 [pid 317] <... openat resumed>) = 3 [pid 317] write(3, "1000", 4) = 4 [pid 317] close(3 [pid 316] <... close resumed>) = 0 [pid 317] <... close resumed>) = 0 [pid 317] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 316] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 317] <... bpf resumed>) = 3 [pid 316] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 317] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 317] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 316] <... bpf resumed>) = 0 [pid 316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 317] <... bpf resumed>) = 4 [pid 316] <... bpf resumed>) = 4 [pid 317] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 316] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 314] <... bpf resumed>) = 7 [pid 317] <... bpf resumed>) = 5 [pid 315] <... bpf resumed>) = 7 [pid 314] exit_group(0 [pid 309] +++ exited with 0 +++ [pid 314] <... exit_group resumed>) = ? [pid 315] exit_group(0 [pid 317] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 315] <... exit_group resumed>) = ? [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 318 attached , child_tidptr=0x555555f0c650) = 318 [pid 318] set_robust_list(0x555555f0c660, 24) = 0 [pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 318] setpgid(0, 0 [pid 317] <... bpf resumed>) = 6 [ 23.057553][ T287] RAX: 000000000000011f RBX: 0000000000000000 RCX: 00007f1569888587 [ 23.065367][ T287] RDX: 0000000000000b29 RSI: 000055ee9c3fbfe0 RDI: 000055ee9c3f9937 [ 23.073167][ T287] RBP: 000055ee9c3fae06 R08: 0000000000000006 R09: 0000000000000000 [ 23.080977][ T287] R10: 000055ee9c3fae06 R11: 0000000000000246 R12: 000055ee9c3f9937 [ 23.088788][ T287] R13: 000055ee9c3fbfe0 R14: 000055ee9cc7b390 R15: 00007ffcc75cd840 [ 23.096604][ T287] [ 23.135383][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 23.147009][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 23.153458][ T287] Modules linked in: [ 23.157184][ T287] Preemption disabled at: [ 23.157194][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 23.168307][ T287] CPU: 0 PID: 287 Comm: sshd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 23.178967][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 23.188947][ T287] Call Trace: [ 23.192073][ T287] [ 23.194848][ T287] dump_stack_lvl+0x151/0x1b7 [ 23.199362][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 23.204956][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 23.210246][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 23.215708][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 23.221006][ T287] dump_stack+0x15/0x17 [ 23.224997][ T287] __schedule_bug+0x195/0x260 [ 23.229516][ T287] ? __kasan_check_write+0x14/0x20 [ 23.234462][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 23.239579][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 23.244871][ T287] __schedule+0xd0b/0x1580 [ 23.249126][ T287] ? __kasan_check_read+0x11/0x20 [ 23.253996][ T287] ? _copy_to_user+0x78/0x90 [ 23.258411][ T287] ? __sched_text_start+0x8/0x8 [ 23.263099][ T287] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 23.268565][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 23.274039][ T287] schedule+0x11f/0x1e0 [ 23.278117][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 23.283285][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.288765][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 23.294309][ T287] do_syscall_64+0x49/0xb0 [ 23.298636][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.304563][ T287] RIP: 0033:0x7f156984d773 [ 23.308992][ T287] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [pid 318] <... setpgid resumed>) = 0 [pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 318] write(3, "1000", 4) = 4 [pid 318] close(3) = 0 [pid 318] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 318] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 318] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 318] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 317] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 318] <... bpf resumed>) = 5 [pid 316] <... bpf resumed>) = 5 [pid 315] +++ exited with 0 +++ [pid 318] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 318] <... bpf resumed>) = 6 [pid 316] <... bpf resumed>) = 6 [pid 318] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 316] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 319 ./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x555555f0c660, 24) = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 319] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 317] <... bpf resumed>) = 7 [pid 319] <... bpf resumed>) = 5 [pid 318] <... bpf resumed>) = 7 [pid 317] exit_group(0 [pid 316] <... bpf resumed>) = 7 [pid 314] +++ exited with 0 +++ [pid 319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 318] exit_group(0 [pid 317] <... exit_group resumed>) = ? [ 23.329467][ T287] RSP: 002b:00007ffcc75cd990 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 23.338346][ T287] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007f156984d773 [ 23.346362][ T287] RDX: 00007ffcc75cda78 RSI: 00007ffcc75cd9f8 RDI: 0000000000000001 [ 23.354160][ T287] RBP: 000055ee9cc735e0 R08: 0000000000000001 R09: 0000000000000000 [ 23.362098][ T287] R10: 0000000000000008 R11: 0000000000000246 R12: 000055ee9c3f0aa4 [ 23.369981][ T287] R13: 0000000000000017 R14: 000055ee9c3f13e8 R15: 00007ffcc75cd9f8 [ 23.377827][ T287] [pid 316] exit_group(0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 23.403310][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 23.414757][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 23.422140][ T289] Modules linked in: [ 23.425914][ T289] Preemption disabled at: [ 23.425922][ T289] [] __se_sys_ptrace+0x229/0x400 [ 23.437154][ T289] CPU: 0 PID: 289 Comm: strace-static-x Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 23.448560][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 23.460054][ T289] Call Trace: [ 23.463189][ T289] [ 23.465946][ T289] dump_stack_lvl+0x151/0x1b7 [ 23.470619][ T289] ? __se_sys_ptrace+0x229/0x400 [ 23.475339][ T289] ? __se_sys_ptrace+0x229/0x400 [ 23.480118][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 23.485786][ T289] ? __se_sys_ptrace+0x229/0x400 [ 23.490541][ T289] dump_stack+0x15/0x17 [ 23.494672][ T289] __schedule_bug+0x195/0x260 [ 23.499275][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 23.504580][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 23.510227][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 23.515836][ T289] __schedule+0xd0b/0x1580 [ 23.520088][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.525739][ T289] ? bpf_trace_run2+0xf1/0x210 [ 23.530306][ T289] ? __sched_text_start+0x8/0x8 [ 23.535175][ T289] ? ptrace_check_attach+0x323/0x420 [ 23.540738][ T289] schedule+0x11f/0x1e0 [ 23.544797][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 23.549840][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.556196][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 23.561679][ T289] do_syscall_64+0x49/0xb0 [ 23.566070][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.571841][ T289] RIP: 0033:0x4e6c1a [ 23.575567][ T289] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [pid 319] <... bpf resumed>) = 6 [pid 318] <... exit_group resumed>) = ? [pid 317] +++ exited with 0 +++ [pid 316] <... exit_group resumed>) = ? [pid 318] +++ exited with 0 +++ [pid 319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- ./strace-static-x86_64: Process 321 attached [pid 296] <... clone resumed>, child_tidptr=0x555555f0c650) = 321 [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 321] set_robust_list(0x555555f0c660, 24) = 0 [pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 321] setpgid(0, 0) = 0 [pid 294] <... restart_syscall resumed>) = 0 [pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 321] write(3, "1000", 4 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 321] <... write resumed>) = 4 ./strace-static-x86_64: Process 322 attached [pid 321] close(3 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 322] set_robust_list(0x555555f0c660, 24 [pid 321] <... close resumed>) = 0 [pid 294] <... clone resumed>, child_tidptr=0x555555f0c650) = 322 ./strace-static-x86_64: Process 323 attached [pid 322] <... set_robust_list resumed>) = 0 [pid 321] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 295] <... clone resumed>, child_tidptr=0x555555f0c650) = 323 [pid 323] set_robust_list(0x555555f0c660, 24 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 321] <... bpf resumed>) = 3 [pid 323] <... set_robust_list resumed>) = 0 [pid 322] <... prctl resumed>) = 0 [pid 321] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 322] setpgid(0, 0 [pid 321] <... bpf resumed>) = 0 [pid 323] <... prctl resumed>) = 0 [pid 322] <... setpgid resumed>) = 0 [pid 321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 323] setpgid(0, 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 323] <... setpgid resumed>) = 0 [pid 321] <... bpf resumed>) = 4 [pid 321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 322] <... openat resumed>) = 3 [pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 322] write(3, "1000", 4 [pid 323] <... openat resumed>) = 3 [pid 322] <... write resumed>) = 4 [pid 323] write(3, "1000", 4 [pid 322] close(3 [pid 323] <... write resumed>) = 4 [pid 322] <... close resumed>) = 0 [pid 323] close(3 [pid 322] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 323] <... close resumed>) = 0 [pid 322] <... bpf resumed>) = 3 [pid 323] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 322] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 323] <... bpf resumed>) = 3 [pid 322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 323] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 322] <... bpf resumed>) = 4 [pid 322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 323] <... bpf resumed>) = 0 [pid 323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 319] <... bpf resumed>) = 7 [pid 316] +++ exited with 0 +++ [pid 321] <... bpf resumed>) = 5 [pid 323] <... bpf resumed>) = 5 [pid 322] <... bpf resumed>) = 5 [pid 319] exit_group(0 [ 23.595247][ T289] RSP: 002b:00007ffe6f604070 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 23.605627][ T289] RAX: 0000000000000000 RBX: 0000000001dcb2f8 RCX: 00000000004e6c1a [ 23.613903][ T289] RDX: 0000000000000000 RSI: 0000000000000126 RDI: 0000000000000018 [ 23.621944][ T289] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000001 [ 23.630856][ T289] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001dcce40 [ 23.639153][ T289] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [ 23.647038][ T289] [ 23.672196][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000102, exited with 00000101? [ 23.684220][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 23.691851][ T289] Modules linked in: [ 23.695654][ T289] Preemption disabled at: [ 23.695662][ T289] [] remove_wait_queue+0x26/0x140 [ 23.706535][ T289] CPU: 0 PID: 289 Comm: strace-static-x Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 23.719339][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 23.729399][ T289] Call Trace: [ 23.732526][ T289] [ 23.735302][ T289] dump_stack_lvl+0x151/0x1b7 [ 23.739813][ T289] ? remove_wait_queue+0x26/0x140 [ 23.744813][ T289] ? remove_wait_queue+0x26/0x140 [ 23.749765][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 23.755313][ T289] ? remove_wait_queue+0x26/0x140 [ 23.760170][ T289] dump_stack+0x15/0x17 [ 23.764511][ T289] __schedule_bug+0x195/0x260 [ 23.769109][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 23.774228][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 23.780195][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 23.785233][ T289] __schedule+0xd0b/0x1580 [ 23.789473][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.794852][ T289] ? __sched_text_start+0x8/0x8 [ 23.799535][ T289] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.804495][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.809865][ T289] ? ptrace_check_attach+0x323/0x420 [ 23.815088][ T289] schedule+0x11f/0x1e0 [ 23.819067][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 23.824096][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.829605][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 23.835071][ T289] do_syscall_64+0x49/0xb0 [ 23.839314][ T289] ? sysvec_call_function_single+0x52/0xb0 [ 23.844960][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.850691][ T289] RIP: 0033:0x4e6c1a [ 23.854591][ T289] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 23.875142][ T289] RSP: 002b:00007ffe6f603ff0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 23.883396][ T289] RAX: 0000000000000050 RBX: 0000000001dcd770 RCX: 00000000004e6c1a [ 23.891315][ T289] RDX: 0000000000000058 RSI: 0000000000000143 RDI: 000000000000420e [ 23.900313][ T289] RBP: 00007ffe6f6040f0 R08: 000000000000420d R09: 0000000000000000 [ 23.908129][ T289] R10: 000000000063c820 R11: 0000000000000206 R12: 0000000001dcd770 [pid 321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 319] <... exit_group resumed>) = ? [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 323] <... bpf resumed>) = 6 [pid 322] <... bpf resumed>) = 6 [pid 321] <... bpf resumed>) = 6 [pid 319] +++ exited with 0 +++ [pid 323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 293] <... clone resumed>, child_tidptr=0x555555f0c650) = 325 ./strace-static-x86_64: Process 325 attached [pid 300] <... restart_syscall resumed>) = 0 [pid 325] set_robust_list(0x555555f0c660, 24) = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 325] <... openat resumed>) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 325] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 300] <... clone resumed>, child_tidptr=0x555555f0c650) = 326 ./strace-static-x86_64: Process 326 attached [pid 325] <... bpf resumed>) = 0 [pid 326] set_robust_list(0x555555f0c660, 24) = 0 [pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 326] setpgid(0, 0) = 0 [pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 326] write(3, "1000", 4 [pid 325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 326] <... write resumed>) = 4 [pid 326] close(3) = 0 [pid 326] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 326] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 326] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 325] <... bpf resumed>) = 4 [pid 326] <... bpf resumed>) = 4 [pid 326] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 325] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 323] <... bpf resumed>) = 7 [ 23.916086][ T289] R13: 00007ffe6f60414c R14: 000000000000857f R15: 0000000000617180 [ 23.924027][ T289] [ 23.951478][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 23.963008][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 23.970602][ T289] Modules linked in: [ 23.974491][ T289] Preemption disabled at: [ 23.974501][ T289] [] pipe_write+0x1429/0x1930 [ 23.984914][ T289] CPU: 0 PID: 289 Comm: strace-static-x Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 23.996329][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 24.006312][ T289] Call Trace: [ 24.009435][ T289] [ 24.012333][ T289] dump_stack_lvl+0x151/0x1b7 [ 24.018004][ T289] ? pipe_write+0x1429/0x1930 [ 24.022521][ T289] ? pipe_write+0x1429/0x1930 [ 24.027902][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.033872][ T289] ? pipe_write+0x1429/0x1930 [ 24.038507][ T289] dump_stack+0x15/0x17 [ 24.042510][ T289] __schedule_bug+0x195/0x260 [ 24.047003][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 24.052303][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 24.057939][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 24.062983][ T289] __schedule+0xd0b/0x1580 [ 24.068024][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 24.075019][ T289] ? bpf_trace_run2+0xf1/0x210 [ 24.079672][ T289] ? __sched_text_start+0x8/0x8 [ 24.084455][ T289] ? ptrace_check_attach+0x323/0x420 [ 24.089974][ T289] schedule+0x11f/0x1e0 [ 24.094181][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 24.100023][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 24.105379][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 24.110772][ T289] do_syscall_64+0x49/0xb0 [ 24.115114][ T289] ? sysvec_call_function_single+0x52/0xb0 [ 24.120745][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.126472][ T289] RIP: 0033:0x4e6c1a [ 24.130204][ T289] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [pid 326] <... bpf resumed>) = 5 [pid 325] <... bpf resumed>) = 5 [ 24.149929][ T289] RSP: 002b:00007ffe6f604070 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 24.158504][ T289] RAX: 0000000000000000 RBX: 0000000001dcb2f8 RCX: 00000000004e6c1a [ 24.166307][ T289] RDX: 0000000000000000 RSI: 0000000000000143 RDI: 0000000000000018 [ 24.174118][ T289] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000003 [ 24.182015][ T289] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001dcd770 [ 24.189835][ T289] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [ 24.197640][ T289] [ 24.203375][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000102, exited with 00000101? [ 24.214866][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 24.221398][ T287] Modules linked in: [ 24.225114][ T287] Preemption disabled at: [ 24.225128][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 24.236240][ T287] CPU: 0 PID: 287 Comm: sshd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 24.246706][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 24.256617][ T287] Call Trace: [ 24.259720][ T287] [ 24.262496][ T287] dump_stack_lvl+0x151/0x1b7 [ 24.267096][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 24.272390][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 24.278560][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.284024][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 24.289411][ T287] dump_stack+0x15/0x17 [ 24.293397][ T287] __schedule_bug+0x195/0x260 [ 24.297916][ T287] ? __kasan_check_write+0x14/0x20 [ 24.302856][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 24.307975][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 24.313281][ T287] __schedule+0xd0b/0x1580 [ 24.317529][ T287] ? __kasan_check_read+0x11/0x20 [ 24.322388][ T287] ? _copy_to_user+0x78/0x90 [ 24.326818][ T287] ? __sched_text_start+0x8/0x8 [ 24.331496][ T287] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 24.336965][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 24.342345][ T287] schedule+0x11f/0x1e0 [ 24.346347][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 24.351375][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 24.357049][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 24.362399][ T287] do_syscall_64+0x49/0xb0 [ 24.366650][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.372463][ T287] RIP: 0033:0x7f156984d773 [ 24.376721][ T287] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 24.396169][ T287] RSP: 002b:00007ffcc75cd990 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [pid 323] exit_group(0 [pid 322] <... bpf resumed>) = 7 [pid 321] <... bpf resumed>) = 7 [pid 326] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 323] <... exit_group resumed>) = ? [pid 322] exit_group(0 [pid 323] +++ exited with 0 +++ [pid 322] <... exit_group resumed>) = ? [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 325] <... bpf resumed>) = 6 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 327 [pid 325] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 326] <... bpf resumed>) = 6 [pid 326] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x555555f0c660, 24) = 0 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 327] setpgid(0, 0) = 0 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 327] write(3, "1000", 4) = 4 [pid 327] close(3) = 0 [pid 327] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 327] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 321] exit_group(0) = ? [pid 322] +++ exited with 0 +++ [pid 321] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 327] <... bpf resumed>) = 4 [pid 327] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16) = 5 [pid 327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x555555f0c660, 24) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555555f0c650) = 329 [pid 294] <... clone resumed>, child_tidptr=0x555555f0c650) = 330 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 329] setpgid(0, 0 [pid 327] <... bpf resumed>) = 6 [pid 327] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 329] <... setpgid resumed>) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 329] write(3, "1000", 4) = 4 [pid 329] close(3) = 0 [pid 329] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 329] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x555555f0c660, 24) = 0 [pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 329] <... bpf resumed>) = 4 [pid 330] <... prctl resumed>) = 0 [pid 330] setpgid(0, 0) = 0 [pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 330] <... openat resumed>) = 3 [pid 330] write(3, "1000", 4) = 4 [pid 330] close(3) = 0 [pid 330] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 330] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 24.404404][ T287] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007f156984d773 [ 24.412220][ T287] RDX: 00007ffcc75cda78 RSI: 00007ffcc75cd9f8 RDI: 0000000000000001 [ 24.420375][ T287] RBP: 000055ee9cc735e0 R08: 0000000000000001 R09: 0000000000000000 [ 24.428359][ T287] R10: 0000000000000008 R11: 0000000000000246 R12: 000055ee9c3f0aa4 [ 24.436259][ T287] R13: 0000000000000018 R14: 000055ee9c3f13e8 R15: 00007ffcc75cd9f8 [ 24.444274][ T287] [pid 330] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 325] <... bpf resumed>) = 7 [pid 329] <... bpf resumed>) = 5 [pid 327] <... bpf resumed>) = 7 [pid 326] <... bpf resumed>) = 7 [pid 325] exit_group(0 [ 24.461707][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 24.473269][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 24.481442][ T289] Modules linked in: [ 24.485858][ T289] Preemption disabled at: [ 24.485869][ T289] [] try_to_wake_up+0x86/0x1150 [ 24.496557][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 24.509121][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 24.519582][ T289] Call Trace: [ 24.522936][ T289] [ 24.525701][ T289] dump_stack_lvl+0x151/0x1b7 [ 24.531004][ T289] ? try_to_wake_up+0x86/0x1150 [ 24.536400][ T289] ? try_to_wake_up+0x86/0x1150 [ 24.542065][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.548034][ T289] ? try_to_wake_up+0x86/0x1150 [ 24.553086][ T289] dump_stack+0x15/0x17 [ 24.557240][ T289] __schedule_bug+0x195/0x260 [ 24.561751][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 24.566979][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 24.572742][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 24.577953][ T289] __schedule+0xd0b/0x1580 [ 24.582581][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 24.588056][ T289] ? __sched_text_start+0x8/0x8 [ 24.592856][ T289] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 24.597805][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 24.603276][ T289] ? ptrace_check_attach+0x323/0x420 [ 24.608791][ T289] schedule+0x11f/0x1e0 [ 24.613112][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 24.618407][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 24.624063][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 24.629847][ T289] do_syscall_64+0x49/0xb0 [ 24.634146][ T289] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 24.640524][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.646256][ T289] RIP: 0033:0x4e6c1a [ 24.650239][ T289] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 24.669894][ T289] RSP: 002b:00007ffe6f603ff0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 24.681109][ T289] RAX: 0000000000000050 RBX: 0000000001dcd620 RCX: 00000000004e6c1a [ 24.693216][ T289] RDX: 0000000000000058 RSI: 0000000000000146 RDI: 000000000000420e [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 326] exit_group(0 [pid 325] <... exit_group resumed>) = ? [pid 327] exit_group(0 [pid 330] <... bpf resumed>) = 5 [pid 329] <... bpf resumed>) = 6 [pid 327] <... exit_group resumed>) = ? [pid 326] <... exit_group resumed>) = ? [pid 325] +++ exited with 0 +++ [pid 330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 293] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 330] <... bpf resumed>) = 6 [pid 330] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 331 attached , child_tidptr=0x555555f0c650) = 331 [pid 331] set_robust_list(0x555555f0c660, 24) = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 331] setpgid(0, 0) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] write(3, "1000", 4) = 4 [pid 331] close(3) = 0 [pid 331] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 331] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 24.703399][ T289] RBP: 00007ffe6f6040f0 R08: 000000000000420d R09: 0000000000000002 [ 24.714644][ T289] R10: 000000000063c820 R11: 0000000000000206 R12: 0000000001dcd620 [ 24.723114][ T289] R13: 00007ffe6f60414c R14: 000000000000857f R15: 0000000000617180 [ 24.731982][ T289] [ 24.744889][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 24.756305][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 24.763740][ T289] Modules linked in: [ 24.767377][ T289] Preemption disabled at: [ 24.767383][ T289] [] try_to_wake_up+0x86/0x1150 [ 24.777789][ T289] CPU: 0 PID: 289 Comm: strace-static-x Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 24.789241][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 24.799136][ T289] Call Trace: [ 24.802268][ T289] [ 24.805038][ T289] dump_stack_lvl+0x151/0x1b7 [ 24.809549][ T289] ? try_to_wake_up+0x86/0x1150 [ 24.814236][ T289] ? try_to_wake_up+0x86/0x1150 [ 24.819010][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.824826][ T289] ? try_to_wake_up+0x86/0x1150 [ 24.829614][ T289] dump_stack+0x15/0x17 [ 24.833589][ T289] __schedule_bug+0x195/0x260 [ 24.838104][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 24.843870][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 24.849824][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 24.854847][ T289] __schedule+0xd0b/0x1580 [ 24.859096][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 24.864461][ T289] ? __sched_text_start+0x8/0x8 [ 24.869181][ T289] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 24.874616][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 24.880005][ T289] ? ptrace_check_attach+0x323/0x420 [ 24.885118][ T289] schedule+0x11f/0x1e0 [ 24.889109][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 24.894238][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 24.899770][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 24.905158][ T289] do_syscall_64+0x49/0xb0 [ 24.909551][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.915301][ T289] RIP: 0033:0x4e6c1a [ 24.919053][ T289] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 24.939541][ T289] RSP: 002b:00007ffe6f603ff0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 24.948313][ T289] RAX: 0000000000000050 RBX: 0000000001dccba0 RCX: 00000000004e6c1a [ 24.956116][ T289] RDX: 0000000000000058 RSI: 0000000000000127 RDI: 000000000000420e [pid 331] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 327] +++ exited with 0 +++ [pid 326] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=326, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 332 [pid 295] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x555555f0c660, 24 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 332] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x555555f0c660, 24 [pid 295] <... clone resumed>, child_tidptr=0x555555f0c650) = 333 [pid 333] <... set_robust_list resumed>) = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 333] setpgid(0, 0) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 333] <... openat resumed>) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 [pid 333] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 332] <... prctl resumed>) = 0 [pid 333] <... bpf resumed>) = 3 [pid 333] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 332] setpgid(0, 0 [pid 333] <... bpf resumed>) = 4 [pid 332] <... setpgid resumed>) = 0 [pid 333] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 332] write(3, "1000", 4) = 4 [pid 332] close(3) = 0 [pid 332] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 332] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 330] <... bpf resumed>) = 7 [pid 329] <... bpf resumed>) = 7 [pid 331] <... bpf resumed>) = 5 [pid 333] <... bpf resumed>) = 5 [pid 332] <... bpf resumed>) = 5 [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 330] exit_group(0 [pid 329] exit_group(0 [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 332] <... bpf resumed>) = 6 [pid 330] <... exit_group resumed>) = ? [pid 332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 331] <... bpf resumed>) = 6 [pid 330] +++ exited with 0 +++ [pid 329] <... exit_group resumed>) = ? [pid 332] <... bpf resumed>) = 7 [pid 331] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 332] exit_group(0) = ? [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 333] <... bpf resumed>) = 6 [pid 333] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 294] <... clone resumed>, child_tidptr=0x555555f0c650) = 334 ./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x555555f0c660, 24) = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 24.963931][ T289] RBP: 00007ffe6f6040f0 R08: 000000000000420d R09: 0000000000000000 [ 24.971950][ T289] R10: 000000000063c820 R11: 0000000000000206 R12: 0000000001dccba0 [ 24.979885][ T289] R13: 00007ffe6f60414c R14: 000000000000857f R15: 0000000000617180 [ 24.987691][ T289] [pid 334] setpgid(0, 0) = 0 [ 25.018854][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 25.030409][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 25.037023][ T287] Modules linked in: [ 25.040830][ T287] Preemption disabled at: [ 25.040840][ T287] [] schedule+0x118/0x1e0 [ 25.050765][ T287] CPU: 0 PID: 287 Comm: sshd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 25.061229][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 25.071318][ T287] Call Trace: [ 25.074433][ T287] [ 25.077235][ T287] dump_stack_lvl+0x151/0x1b7 [ 25.081724][ T287] ? schedule+0x118/0x1e0 [ 25.085888][ T287] ? schedule+0x118/0x1e0 [ 25.090080][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.095686][ T287] ? schedule+0x118/0x1e0 [ 25.099985][ T287] dump_stack+0x15/0x17 [ 25.103997][ T287] __schedule_bug+0x195/0x260 [ 25.108486][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 25.113798][ T287] ? finish_task_switch+0x167/0x7b0 [ 25.118840][ T287] __schedule+0xd0b/0x1580 [ 25.123081][ T287] ? __kasan_check_read+0x11/0x20 [ 25.127955][ T287] ? __fdget_pos+0x209/0x3a0 [ 25.132381][ T287] ? __sched_text_start+0x8/0x8 [ 25.137061][ T287] ? ksys_write+0x24f/0x2c0 [ 25.141392][ T287] schedule+0x11f/0x1e0 [ 25.145386][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 25.150445][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.155815][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 25.161192][ T287] do_syscall_64+0x49/0xb0 [ 25.165444][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.171177][ T287] RIP: 0033:0x7f15698a1bf2 [ 25.175457][ T287] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 25.195540][ T287] RSP: 002b:00007ffcc75cd988 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 25.203783][ T287] RAX: 000000000000003c RBX: 000000000000003c RCX: 00007f15698a1bf2 [ 25.211903][ T287] RDX: 000000000000003c RSI: 000055ee9cc7fe30 RDI: 0000000000000004 [ 25.219714][ T287] RBP: 000055ee9cc73290 R08: 0000000000000000 R09: 0000000000000000 [ 25.228934][ T287] R10: 0000000000000000 R11: 0000000000000246 R12: 000055ee9c3f0aa4 [ 25.236737][ T287] R13: 0000000000000018 R14: 000055ee9c3f13e8 R15: 00007ffcc75cd9f8 [ 25.244651][ T287] [ 25.250800][ C1] softirq: huh, entered softirq 9 RCU ffffffff815c9890 with preempt_count 00000103, exited with 00000102? [ 25.261976][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 25.268413][ T287] Modules linked in: [ 25.272114][ T287] Preemption disabled at: [ 25.272122][ T287] [] schedule+0x118/0x1e0 [ 25.282175][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 25.292638][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 25.302754][ T287] Call Trace: [ 25.305874][ T287] [ 25.308653][ T287] dump_stack_lvl+0x151/0x1b7 [ 25.313162][ T287] ? schedule+0x118/0x1e0 [ 25.317610][ T287] ? schedule+0x118/0x1e0 [ 25.321757][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.327312][ T287] ? schedule+0x118/0x1e0 [ 25.331649][ T287] dump_stack+0x15/0x17 [ 25.335640][ T287] __schedule_bug+0x195/0x260 [ 25.340249][ T287] ? __kasan_check_write+0x14/0x20 [ 25.345200][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 25.350410][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 25.355698][ T287] __schedule+0xd0b/0x1580 [ 25.359974][ T287] ? __kasan_check_read+0x11/0x20 [ 25.364872][ T287] ? _copy_to_user+0x78/0x90 [ 25.369237][ T287] ? __sched_text_start+0x8/0x8 [ 25.374820][ T287] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 25.380381][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 25.385754][ T287] schedule+0x11f/0x1e0 [ 25.389832][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 25.394872][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.400161][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 25.405641][ T287] do_syscall_64+0x49/0xb0 [ 25.410599][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.416320][ T287] RIP: 0033:0x7f156984d773 [ 25.420570][ T287] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 25.440446][ T287] RSP: 002b:00007ffcc75cd990 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 25.448694][ T287] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f156984d773 [ 25.457048][ T287] RDX: 00007ffcc75cda78 RSI: 00007ffcc75cd9f8 RDI: 0000000000000000 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 [pid 334] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 334] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 334] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 331] <... bpf resumed>) = 7 [pid 329] +++ exited with 0 +++ [pid 331] exit_group(0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 331] <... exit_group resumed>) = ? [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 335 ./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x555555f0c660, 24) = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 335] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 334] <... bpf resumed>) = 5 [pid 333] <... bpf resumed>) = 7 [pid 332] +++ exited with 0 +++ [pid 334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 333] exit_group(0 [pid 334] <... bpf resumed>) = 6 [pid 333] <... exit_group resumed>) = ? [pid 334] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 300] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 337 [ 25.465021][ T287] RBP: 000055ee9cc735e0 R08: 0000000000000000 R09: 0000000000000000 [ 25.473641][ T287] R10: 0000000000000008 R11: 0000000000000246 R12: 000055ee9c3f0aa4 [ 25.481716][ T287] R13: 0000000000000018 R14: 000055ee9c3f13e8 R15: 00007ffcc75cd9f8 [ 25.489884][ T287] [ 25.498718][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 25.511232][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 25.518009][ T287] Modules linked in: [ 25.521774][ T287] Preemption disabled at: [ 25.521781][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 25.533237][ T287] CPU: 0 PID: 287 Comm: sshd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 25.545031][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 25.557419][ T287] Call Trace: [ 25.561534][ T287] [ 25.566639][ T287] dump_stack_lvl+0x151/0x1b7 [ 25.573913][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 25.582417][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 25.588485][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.594113][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 25.599530][ T287] dump_stack+0x15/0x17 [ 25.605379][ T287] __schedule_bug+0x195/0x260 [ 25.610143][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 25.615269][ T287] __schedule+0xd0b/0x1580 [ 25.619537][ T287] ? __se_sys_ppoll+0x2b3/0x330 [ 25.624284][ T287] ? __sched_text_start+0x8/0x8 [ 25.629067][ T287] ? __x64_sys_ppoll+0xd0/0xd0 [ 25.633655][ T287] schedule+0x11f/0x1e0 [ 25.637736][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 25.642770][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.648080][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 25.653454][ T287] do_syscall_64+0x49/0xb0 [ 25.657705][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.663457][ T287] RIP: 0033:0x7f15698a4ad5 [ 25.667885][ T287] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 [ 25.687617][ T287] RSP: 002b:00007ffcc75cd970 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 25.695980][ T287] RAX: 0000000000000002 RBX: 00000000000668a0 RCX: 00007f15698a4ad5 [ 25.703978][ T287] RDX: 00007ffcc75cd990 RSI: 0000000000000004 RDI: 000055ee9cc74b20 [ 25.712816][ T287] RBP: 000055ee9cc735e0 R08: 0000000000000008 R09: 0000000000000000 ./strace-static-x86_64: Process 337 attached [pid 337] set_robust_list(0x555555f0c660, 24) = 0 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 337] setpgid(0, 0) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 337] write(3, "1000", 4) = 4 [pid 337] close(3) = 0 [pid 337] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 337] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 337] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 335] <... bpf resumed>) = 5 [pid 331] +++ exited with 0 +++ [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 335] <... bpf resumed>) = 6 [pid 335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 338 attached , child_tidptr=0x555555f0c650) = 338 [pid 338] set_robust_list(0x555555f0c660, 24) = 0 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 338] setpgid(0, 0) = 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 338] write(3, "1000", 4) = 4 [pid 338] close(3) = 0 [pid 338] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 338] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 338] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 338] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 334] <... bpf resumed>) = 7 [pid 337] <... bpf resumed>) = 5 [pid 337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 335] <... bpf resumed>) = 7 [pid 334] exit_group(0 [pid 333] +++ exited with 0 +++ [pid 334] <... exit_group resumed>) = ? [pid 335] exit_group(0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 337] <... bpf resumed>) = 6 [pid 335] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 339 attached [pid 337] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 295] <... clone resumed>, child_tidptr=0x555555f0c650) = 339 [pid 339] set_robust_list(0x555555f0c660, 24) = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 [ 25.721340][ T287] R10: 00007ffcc75cda78 R11: 0000000000000246 R12: 000055ee9c3f0aa4 [ 25.729729][ T287] R13: 0000000000000001 R14: 000055ee9c3f13e8 R15: 00007ffcc75cd9f8 [ 25.737546][ T287] [ 25.766261][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 25.777791][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 25.785306][ T289] Modules linked in: [ 25.788979][ T289] Preemption disabled at: [ 25.788987][ T289] [] __se_sys_ptrace+0x229/0x400 [ 25.799587][ T289] CPU: 0 PID: 289 Comm: strace-static-x Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 25.811341][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 25.821456][ T289] Call Trace: [ 25.824580][ T289] [ 25.827375][ T289] dump_stack_lvl+0x151/0x1b7 [ 25.832042][ T289] ? __se_sys_ptrace+0x229/0x400 [ 25.836981][ T289] ? __se_sys_ptrace+0x229/0x400 [ 25.841684][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.847694][ T289] ? __se_sys_ptrace+0x229/0x400 [ 25.852696][ T289] dump_stack+0x15/0x17 [ 25.857272][ T289] __schedule_bug+0x195/0x260 [ 25.862600][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 25.868775][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 25.874899][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 25.881390][ T289] __schedule+0xd0b/0x1580 [ 25.885863][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 25.891227][ T289] ? bpf_trace_run2+0xf1/0x210 [ 25.895831][ T289] ? __sched_text_start+0x8/0x8 [ 25.900505][ T289] ? ptrace_check_attach+0x323/0x420 [ 25.905769][ T289] schedule+0x11f/0x1e0 [ 25.909758][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 25.914795][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.920096][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 25.925464][ T289] do_syscall_64+0x49/0xb0 [ 25.929718][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.935618][ T289] RIP: 0033:0x4e6c1a [ 25.939371][ T289] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 338] <... bpf resumed>) = 5 [pid 339] <... openat resumed>) = 3 [pid 339] write(3, "1000", 4 [pid 338] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 339] <... write resumed>) = 4 [pid 339] close(3 [pid 338] <... bpf resumed>) = 6 [pid 338] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 339] <... close resumed>) = 0 [pid 339] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 339] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16) = 5 [pid 338] <... bpf resumed>) = 7 [pid 337] <... bpf resumed>) = 7 [pid 335] +++ exited with 0 +++ [pid 334] +++ exited with 0 +++ [ 25.960527][ T289] RSP: 002b:00007ffe6f604070 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 25.969177][ T289] RAX: 0000000000000000 RBX: 0000000001dcb2f8 RCX: 00000000004e6c1a [ 25.977329][ T289] RDX: 0000000000000000 RSI: 0000000000000125 RDI: 0000000000000018 [ 25.985283][ T289] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000000 [ 25.993877][ T289] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001dccf90 [ 26.001866][ T289] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [ 26.009885][ T289] [ 26.032108][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 26.044010][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 26.050617][ T287] Modules linked in: [ 26.054321][ T287] Preemption disabled at: [ 26.054330][ T287] [] pipe_read+0x5b3/0x1040 [ 26.065471][ T287] CPU: 0 PID: 287 Comm: sshd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 26.077687][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 26.087583][ T287] Call Trace: [ 26.090693][ T287] [ 26.093479][ T287] dump_stack_lvl+0x151/0x1b7 [ 26.098017][ T287] ? pipe_read+0x5b3/0x1040 [ 26.102323][ T287] ? pipe_read+0x5b3/0x1040 [ 26.107362][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 26.112913][ T287] ? pipe_read+0x5b3/0x1040 [ 26.117423][ T287] dump_stack+0x15/0x17 [ 26.121734][ T287] __schedule_bug+0x195/0x260 [ 26.127125][ T287] ? rcu_read_unlock_special+0x3d1/0x4c0 [ 26.134114][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 26.140126][ T287] ? try_invoke_on_locked_down_task+0x2a0/0x2a0 [ 26.146997][ T287] __schedule+0xd0b/0x1580 [ 26.151493][ T287] ? raise_softirq_irqoff+0x37/0x40 [ 26.156603][ T287] ? rcu_read_unlock_special+0x3d1/0x4c0 [ 26.166418][ T287] ? __sched_text_start+0x8/0x8 [ 26.171290][ T287] ? __rcu_read_unlock+0xd0/0xd0 [ 26.176575][ T287] ? ksys_read+0x24f/0x2c0 [ 26.181228][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 26.186572][ T287] schedule+0x11f/0x1e0 [ 26.191328][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 26.196439][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.202810][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 26.209272][ T287] do_syscall_64+0x49/0xb0 [ 26.213514][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.219509][ T287] RIP: 0033:0x7f1569888587 [ 26.224474][ T287] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 26.245064][ T287] RSP: 002b:00007ffcc75cd7d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 26.253611][ T287] RAX: 000000000000011f RBX: 0000000000000004 RCX: 00007f1569888587 [ 26.261652][ T287] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004 [ 26.269712][ T287] RBP: 000055ee9cc6ebb0 R08: 0000000000000000 R09: 0000000000000000 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 338] exit_group(0) = ? [pid 337] exit_group(0) = ? [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 340 ./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x555555f0c660, 24) = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 340] write(3, "1000", 4) = 4 [pid 340] close(3) = 0 [pid 340] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 340] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 341 ./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x555555f0c660, 24) = 0 [pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 341] setpgid(0, 0) = 0 [pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 341] write(3, "1000", 4) = 4 [pid 341] close(3) = 0 [pid 341] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 341] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 341] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 339] <... bpf resumed>) = 6 [pid 338] +++ exited with 0 +++ [pid 339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 342 ./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x555555f0c660, 24) = 0 [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 342] setpgid(0, 0) = 0 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 342] write(3, "1000", 4) = 4 [pid 342] close(3) = 0 [pid 342] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 342] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 342] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 340] <... bpf resumed>) = 5 [pid 337] +++ exited with 0 +++ [pid 341] <... bpf resumed>) = 5 [pid 339] <... bpf resumed>) = 7 [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 339] exit_group(0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 300] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 340] <... bpf resumed>) = 6 [pid 300] <... clone resumed>, child_tidptr=0x555555f0c650) = 343 [pid 339] <... exit_group resumed>) = ? [pid 340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 339] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 341] <... bpf resumed>) = 6 ./strace-static-x86_64: Process 343 attached [pid 341] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 295] <... restart_syscall resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 344 attached [pid 343] set_robust_list(0x555555f0c660, 24 [pid 295] <... clone resumed>, child_tidptr=0x555555f0c650) = 344 [pid 343] <... set_robust_list resumed>) = 0 [pid 344] set_robust_list(0x555555f0c660, 24 [pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 344] <... set_robust_list resumed>) = 0 [pid 343] <... prctl resumed>) = 0 [pid 343] setpgid(0, 0) = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 344] <... prctl resumed>) = 0 [pid 343] <... openat resumed>) = 3 [pid 343] write(3, "1000", 4 [pid 344] setpgid(0, 0) = 0 [pid 343] <... write resumed>) = 4 [pid 343] close(3) = 0 [pid 343] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 343] <... bpf resumed>) = 3 [pid 343] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 344] <... openat resumed>) = 3 [pid 344] write(3, "1000", 4 [pid 343] <... bpf resumed>) = 4 [pid 344] <... write resumed>) = 4 [pid 344] close(3) = 0 [pid 344] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 344] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 343] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 344] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 340] <... bpf resumed>) = 7 [pid 342] <... bpf resumed>) = 5 [pid 341] <... bpf resumed>) = 7 [pid 344] <... bpf resumed>) = 5 [pid 343] <... bpf resumed>) = 5 [pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 341] exit_group(0 [pid 340] exit_group(0 [ 26.279704][ T287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000400 [ 26.288214][ T287] R13: 0000000000000004 R14: 0000000000000000 R15: 000055ee9cc73290 [ 26.296034][ T287] [ 26.333895][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000102, exited with 00000101? [ 26.346854][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 26.354418][ T289] Modules linked in: [ 26.358132][ T289] Preemption disabled at: [ 26.358141][ T289] [] try_to_wake_up+0x86/0x1150 [ 26.369090][ T289] CPU: 0 PID: 289 Comm: strace-static-x Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 26.382772][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 26.393094][ T289] Call Trace: [ 26.396224][ T289] [ 26.399042][ T289] dump_stack_lvl+0x151/0x1b7 [ 26.404026][ T289] ? try_to_wake_up+0x86/0x1150 [ 26.409428][ T289] ? try_to_wake_up+0x86/0x1150 [ 26.414481][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 26.420303][ T289] ? bpf_bprintf_cleanup+0xa/0x60 [ 26.425269][ T289] ? try_to_wake_up+0x86/0x1150 [ 26.430080][ T289] dump_stack+0x15/0x17 [ 26.434499][ T289] __schedule_bug+0x195/0x260 [ 26.439013][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 26.444122][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 26.450419][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 26.455454][ T289] __schedule+0xd0b/0x1580 [ 26.459696][ T289] ? _raw_spin_lock_irqsave+0x210/0x210 [ 26.465176][ T289] ? bpf_trace_run2+0xf1/0x210 [ 26.469851][ T289] ? __sched_text_start+0x8/0x8 [ 26.474538][ T289] ? ptrace_check_attach+0x323/0x420 [ 26.479781][ T289] schedule+0x11f/0x1e0 [ 26.484860][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 26.490190][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.495456][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 26.500938][ T289] do_syscall_64+0x49/0xb0 [ 26.505843][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.513152][ T289] RIP: 0033:0x4e6c1a [ 26.518347][ T289] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 26.542969][ T289] RSP: 002b:00007ffe6f604070 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 26.552066][ T289] RAX: 0000000000000000 RBX: 0000000001dcb2f8 RCX: 00000000004e6c1a [ 26.560206][ T289] RDX: 0000000000000000 RSI: 0000000000000126 RDI: 0000000000000018 [ 26.568561][ T289] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000002 [pid 342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 6 [pid 343] <... bpf resumed>) = 6 [pid 342] <... bpf resumed>) = 6 [pid 341] <... exit_group resumed>) = ? [pid 340] <... exit_group resumed>) = ? [pid 344] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 343] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 342] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 344] <... bpf resumed>) = 7 [pid 342] <... bpf resumed>) = 7 [pid 341] +++ exited with 0 +++ [ 26.577159][ T289] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001dcce40 [ 26.587921][ T289] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [ 26.598235][ T289] [ 26.609997][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 26.625378][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 26.632715][ T287] Modules linked in: [ 26.638027][ T287] Preemption disabled at: [ 26.638037][ T287] [] pipe_read+0x5b3/0x1040 [ 26.648557][ T287] CPU: 0 PID: 287 Comm: sshd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 26.659126][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 26.669187][ T287] Call Trace: [ 26.672334][ T287] [ 26.675084][ T287] dump_stack_lvl+0x151/0x1b7 [ 26.679716][ T287] ? pipe_read+0x5b3/0x1040 [ 26.684392][ T287] ? pipe_read+0x5b3/0x1040 [ 26.688780][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 26.694470][ T287] ? pipe_read+0x5b3/0x1040 [ 26.699832][ T287] dump_stack+0x15/0x17 [ 26.704220][ T287] __schedule_bug+0x195/0x260 [ 26.708995][ T287] ? rcu_read_unlock_special+0x3d1/0x4c0 [ 26.714358][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 26.719651][ T287] ? try_invoke_on_locked_down_task+0x2a0/0x2a0 [ 26.727103][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 26.732357][ T287] __schedule+0xd0b/0x1580 [ 26.736607][ T287] ? raise_softirq_irqoff+0x37/0x40 [ 26.741635][ T287] ? rcu_read_unlock_special+0x3d1/0x4c0 [ 26.747300][ T287] ? __sched_text_start+0x8/0x8 [ 26.752173][ T287] ? __rcu_read_unlock+0xd0/0xd0 [ 26.756884][ T287] ? ksys_read+0x24f/0x2c0 [ 26.761124][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 26.766509][ T287] schedule+0x11f/0x1e0 [ 26.770522][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 26.776054][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.781356][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 26.786732][ T287] do_syscall_64+0x49/0xb0 [ 26.790996][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.796802][ T287] RIP: 0033:0x7f1569888587 [ 26.801079][ T287] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 26.820598][ T287] RSP: 002b:00007ffcc75cd2b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [pid 344] exit_group(0 [pid 342] exit_group(0 [pid 340] +++ exited with 0 +++ [pid 344] <... exit_group resumed>) = ? [pid 342] <... exit_group resumed>) = ? [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 296] <... restart_syscall resumed>) = 0 [pid 294] <... restart_syscall resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone resumed>, child_tidptr=0x555555f0c650) = 346 [pid 294] <... clone resumed>, child_tidptr=0x555555f0c650) = 347 ./strace-static-x86_64: Process 346 attached [pid 346] set_robust_list(0x555555f0c660, 24) = 0 [pid 346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 346] setpgid(0, 0) = 0 [pid 346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 346] write(3, "1000", 4) = 4 [pid 346] close(3) = 0 [pid 346] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 346] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16./strace-static-x86_64: Process 347 attached [pid 347] set_robust_list(0x555555f0c660, 24) = 0 [pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 347] setpgid(0, 0) = 0 [pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 347] write(3, "1000", 4) = 4 [pid 347] close(3) = 0 [pid 347] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 347] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 344] +++ exited with 0 +++ [pid 347] <... bpf resumed>) = 4 [pid 347] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 348 attached , child_tidptr=0x555555f0c650) = 348 [pid 348] set_robust_list(0x555555f0c660, 24) = 0 [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 348] setpgid(0, 0) = 0 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 348] write(3, "1000", 4) = 4 [pid 348] close(3) = 0 [pid 348] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 348] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 348] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 346] <... bpf resumed>) = 5 [pid 343] <... bpf resumed>) = 7 [pid 347] <... bpf resumed>) = 5 [pid 342] +++ exited with 0 +++ [pid 348] <... bpf resumed>) = 5 [pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 343] exit_group(0 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 347] <... bpf resumed>) = 6 [pid 346] <... bpf resumed>) = 6 [pid 343] <... exit_group resumed>) = ? [pid 348] <... bpf resumed>) = 6 [pid 347] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 343] +++ exited with 0 +++ [pid 348] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 293] <... clone resumed>, child_tidptr=0x555555f0c650) = 349 ./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x555555f0c660, 24) = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] <... restart_syscall resumed>) = 0 [pid 349] <... prctl resumed>) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 349] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 300] <... clone resumed>, child_tidptr=0x555555f0c650) = 350 ./strace-static-x86_64: Process 350 attached [pid 349] <... bpf resumed>) = 4 [pid 349] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 350] set_robust_list(0x555555f0c660, 24) = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 350] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 26.828826][ T287] RAX: 000000000000011f RBX: 0000000000000000 RCX: 00007f1569888587 [ 26.836920][ T287] RDX: 0000000000000b29 RSI: 000055ee9c3fbfe0 RDI: 000055ee9c3f9937 [ 26.844796][ T287] RBP: 000055ee9c3fae06 R08: 0000000000000006 R09: 0000000000000000 [ 26.852612][ T287] R10: 000055ee9c3fae06 R11: 0000000000000246 R12: 000055ee9c3f9937 [ 26.860680][ T287] R13: 000055ee9c3fbfe0 R14: 000055ee9cc7b390 R15: 00007ffcc75cd840 [ 26.868776][ T287] [pid 350] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 347] <... bpf resumed>) = 7 [pid 346] <... bpf resumed>) = 7 [pid 348] <... bpf resumed>) = 7 [pid 349] <... bpf resumed>) = 5 [pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 348] exit_group(0 [pid 347] exit_group(0 [pid 346] exit_group(0 [pid 348] <... exit_group resumed>) = ? [pid 347] <... exit_group resumed>) = ? [pid 346] <... exit_group resumed>) = ? [pid 350] <... bpf resumed>) = 5 [pid 348] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 351 ./strace-static-x86_64: Process 351 attached [pid 349] <... bpf resumed>) = 6 [pid 351] set_robust_list(0x555555f0c660, 24 [pid 349] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 351] <... set_robust_list resumed>) = 0 [pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 351] setpgid(0, 0) = 0 [pid 350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 351] write(3, "1000", 4 [pid 350] <... bpf resumed>) = 6 [pid 350] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 351] <... write resumed>) = 4 [pid 351] close(3) = 0 [pid 351] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 351] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 351] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 347] +++ exited with 0 +++ [pid 346] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone resumed>, child_tidptr=0x555555f0c650) = 352 ./strace-static-x86_64: Process 352 attached [pid 352] set_robust_list(0x555555f0c660, 24) = 0 [pid 294] <... clone resumed>, child_tidptr=0x555555f0c650) = 353 [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 352] setpgid(0, 0) = 0 [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 353 attached [pid 353] set_robust_list(0x555555f0c660, 24) = 0 [pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 353] setpgid(0, 0 [pid 352] <... openat resumed>) = 3 [pid 353] <... setpgid resumed>) = 0 [pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 352] write(3, "1000", 4) = 4 [pid 352] close(3) = 0 [pid 353] <... openat resumed>) = 3 [pid 353] write(3, "1000", 4) = 4 [pid 353] close(3) = 0 [pid 353] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 353] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 352] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 353] <... bpf resumed>) = 0 [pid 352] <... bpf resumed>) = 3 [pid 352] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 353] <... bpf resumed>) = 4 [pid 352] <... bpf resumed>) = 4 [pid 353] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 350] <... bpf resumed>) = 7 [pid 349] <... bpf resumed>) = 7 [pid 351] <... bpf resumed>) = 5 [pid 350] exit_group(0 [pid 351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 350] <... exit_group resumed>) = ? [pid 349] exit_group(0 [pid 350] +++ exited with 0 +++ [pid 349] <... exit_group resumed>) = ? [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 353] <... bpf resumed>) = 5 [pid 352] <... bpf resumed>) = 5 [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 349] +++ exited with 0 +++ [pid 352] <... bpf resumed>) = 6 [pid 351] <... bpf resumed>) = 6 [pid 300] <... restart_syscall resumed>) = 0 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 351] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 6 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 354 [pid 353] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16./strace-static-x86_64: Process 354 attached [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 354] set_robust_list(0x555555f0c660, 24) = 0 [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 354] setpgid(0, 0) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555555f0c650) = 355 [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 354] write(3, "1000", 4) = 4 [pid 354] close(3) = 0 [pid 354] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 354] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 354] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x555555f0c660, 24) = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 355] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 355] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 354] <... bpf resumed>) = 5 [pid 353] <... bpf resumed>) = 7 [pid 355] <... bpf resumed>) = 5 [pid 352] <... bpf resumed>) = 7 [pid 351] <... bpf resumed>) = 7 [pid 355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 353] exit_group(0 [pid 352] exit_group(0 [pid 351] exit_group(0 [pid 353] <... exit_group resumed>) = ? [pid 353] +++ exited with 0 +++ [pid 354] <... bpf resumed>) = 6 [pid 354] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 351] <... exit_group resumed>) = ? [pid 352] <... exit_group resumed>) = ? [pid 354] <... bpf resumed>) = 7 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=353, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 356 [pid 354] exit_group(0) = ? ./strace-static-x86_64: Process 356 attached [pid 356] set_robust_list(0x555555f0c660, 24 [pid 351] +++ exited with 0 +++ [pid 356] <... set_robust_list resumed>) = 0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 356] setpgid(0, 0) = 0 [pid 295] <... restart_syscall resumed>) = 0 [pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 356] <... openat resumed>) = 3 [pid 356] write(3, "1000", 4) = 4 [pid 295] <... clone resumed>, child_tidptr=0x555555f0c650) = 357 [pid 356] close(3) = 0 [pid 356] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 356] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 355] <... bpf resumed>) = 6 [pid 355] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [ 26.990626][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 27.002283][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 27.009680][ T287] Modules linked in: [ 27.013532][ T287] Preemption disabled at: [ 27.013539][ T287] [] release_sock+0x30/0x1b0 [ 27.024778][ T287] CPU: 0 PID: 287 Comm: sshd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 27.035276][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 27.045343][ T287] Call Trace: [ 27.048462][ T287] [ 27.051509][ T287] dump_stack_lvl+0x151/0x1b7 [ 27.056532][ T287] ? release_sock+0x30/0x1b0 [ 27.061053][ T287] ? release_sock+0x30/0x1b0 [ 27.065746][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.071215][ T287] ? release_sock+0x30/0x1b0 [ 27.075724][ T287] dump_stack+0x15/0x17 [ 27.079828][ T287] __schedule_bug+0x195/0x260 [ 27.084339][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 27.089464][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 27.095362][ T287] __schedule+0xd0b/0x1580 [ 27.099616][ T287] ? bpf_trace_run2+0xf1/0x210 [ 27.104209][ T287] ? __sched_text_start+0x8/0x8 [ 27.109032][ T287] ? bpf_trace_run1+0x1c0/0x1c0 [ 27.113713][ T287] ? ksys_write+0x24f/0x2c0 [ 27.118049][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 27.123438][ T287] schedule+0x11f/0x1e0 [ 27.127715][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 27.136885][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 27.142325][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 27.148169][ T287] do_syscall_64+0x49/0xb0 [ 27.152427][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.158148][ T287] RIP: 0033:0x7f1569888587 [ 27.162921][ T287] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 27.182955][ T287] RSP: 002b:00007ffcc75cd7d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [pid 356] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x555555f0c660, 24) = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 357] setpgid(0, 0) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 357] write(3, "1000", 4) = 4 [pid 357] close(3) = 0 [pid 357] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 357] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 357] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 354] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 358 ./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x555555f0c660, 24) = 0 [pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 358] setpgid(0, 0) = 0 [pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 358] write(3, "1000", 4) = 4 [pid 358] close(3) = 0 [pid 358] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 358] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 358] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 358] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 352] +++ exited with 0 +++ [pid 355] <... bpf resumed>) = 7 [pid 356] <... bpf resumed>) = 5 [pid 357] <... bpf resumed>) = 5 [pid 355] exit_group(0 [pid 357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 358] <... bpf resumed>) = 5 [pid 356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 355] <... exit_group resumed>) = ? [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 358] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 357] <... bpf resumed>) = 6 [pid 356] <... bpf resumed>) = 6 [pid 356] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 357] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 358] <... bpf resumed>) = 6 [pid 355] +++ exited with 0 +++ [pid 296] <... restart_syscall resumed>) = 0 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16./strace-static-x86_64: Process 359 attached ./strace-static-x86_64: Process 360 attached [pid 293] <... clone resumed>, child_tidptr=0x555555f0c650) = 359 [pid 359] set_robust_list(0x555555f0c660, 24) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555555f0c650) = 360 [pid 360] set_robust_list(0x555555f0c660, 24 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] setpgid(0, 0) = 0 [pid 360] <... set_robust_list resumed>) = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 360] <... prctl resumed>) = 0 [pid 360] setpgid(0, 0) = 0 [pid 359] <... openat resumed>) = 3 [pid 359] write(3, "1000", 4) = 4 [pid 359] close(3) = 0 [pid 359] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 359] <... bpf resumed>) = 3 [pid 359] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 359] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 360] <... openat resumed>) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 359] <... bpf resumed>) = 4 [pid 360] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 359] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 360] <... bpf resumed>) = 0 [pid 360] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 27.191383][ T287] RAX: 000000000000011f RBX: 0000000000000005 RCX: 00007f1569888587 [ 27.199271][ T287] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 27.207079][ T287] RBP: 000055ee9cc75b2f R08: 0000000000000000 R09: 0000000000000000 [ 27.215040][ T287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000400 [ 27.223451][ T287] R13: 0000000000000005 R14: 0000000000000000 R15: 000055ee9cc73290 [ 27.231254][ T287] [pid 360] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 356] <... bpf resumed>) = 7 [pid 358] <... bpf resumed>) = 7 [pid 357] <... bpf resumed>) = 7 [pid 356] exit_group(0 [pid 360] <... bpf resumed>) = 5 [pid 359] <... bpf resumed>) = 5 [pid 358] exit_group(0 [pid 357] exit_group(0 [pid 356] <... exit_group resumed>) = ? [pid 360] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 359] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 358] <... exit_group resumed>) = ? [pid 357] <... exit_group resumed>) = ? [pid 356] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 359] <... bpf resumed>) = 6 [pid 360] <... bpf resumed>) = 6 [ 27.285637][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 27.297182][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 27.304758][ T289] Modules linked in: [ 27.308475][ T289] Preemption disabled at: [ 27.308485][ T289] [] remove_wait_queue+0x26/0x140 [ 27.319059][ T289] CPU: 0 PID: 289 Comm: strace-static-x Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 27.334939][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 27.345268][ T289] Call Trace: [ 27.348383][ T289] [ 27.351362][ T289] dump_stack_lvl+0x151/0x1b7 [ 27.356111][ T289] ? remove_wait_queue+0x26/0x140 [ 27.360959][ T289] ? remove_wait_queue+0x26/0x140 [ 27.365835][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.371367][ T289] ? remove_wait_queue+0x26/0x140 [ 27.376415][ T289] dump_stack+0x15/0x17 [ 27.380498][ T289] __schedule_bug+0x195/0x260 [ 27.385118][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 27.390486][ T289] ? kernel_waitid+0x520/0x520 [ 27.395900][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 27.401188][ T289] __schedule+0xd0b/0x1580 [ 27.405977][ T289] ? __x64_sys_wait4+0x181/0x1e0 [ 27.411021][ T289] ? bpf_trace_run2+0xf1/0x210 [ 27.416080][ T289] ? __sched_text_start+0x8/0x8 [ 27.420928][ T289] schedule+0x11f/0x1e0 [ 27.425134][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 27.430298][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 27.435582][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 27.441307][ T289] do_syscall_64+0x49/0xb0 [ 27.446184][ T289] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 27.451913][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.458149][ T289] RIP: 0033:0x4d49a6 [ 27.461874][ T289] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 27.481661][ T289] RSP: 002b:00007ffe6f604188 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 27.490776][ T289] RAX: 0000000000000168 RBX: 0000000000000004 RCX: 00000000004d49a6 [ 27.499013][ T289] RDX: 0000000040000001 RSI: 00007ffe6f6041ac RDI: 00000000ffffffff [ 27.509405][ T289] RBP: 0000000001dccf90 R08: 0000000000000000 R09: 0000000000000000 [ 27.518403][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001dd2470 [ 27.526348][ T289] R13: 0000000000000125 R14: 00007ffe6f6041ac R15: 0000000000617180 [pid 359] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 360] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 358] +++ exited with 0 +++ [pid 357] +++ exited with 0 +++ [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=358, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 294] <... clone resumed>, child_tidptr=0x555555f0c650) = 361 ./strace-static-x86_64: Process 361 attached [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 361] set_robust_list(0x555555f0c660, 24) = 0 ./strace-static-x86_64: Process 362 attached [pid 300] <... clone resumed>, child_tidptr=0x555555f0c650) = 362 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 362] set_robust_list(0x555555f0c660, 24./strace-static-x86_64: Process 363 attached ) = 0 [pid 361] <... prctl resumed>) = 0 [pid 362] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 361] setpgid(0, 0 [pid 295] <... clone resumed>, child_tidptr=0x555555f0c650) = 363 [pid 361] <... setpgid resumed>) = 0 [pid 363] set_robust_list(0x555555f0c660, 24 [pid 362] <... prctl resumed>) = 0 [pid 363] <... set_robust_list resumed>) = 0 [pid 362] setpgid(0, 0 [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 362] <... setpgid resumed>) = 0 [pid 361] <... openat resumed>) = 3 [pid 361] write(3, "1000", 4) = 4 [pid 363] <... prctl resumed>) = 0 [pid 362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 361] close(3 [pid 363] setpgid(0, 0 [pid 362] <... openat resumed>) = 3 [pid 361] <... close resumed>) = 0 [pid 363] <... setpgid resumed>) = 0 [pid 362] write(3, "1000", 4 [pid 361] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 361] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 363] <... openat resumed>) = 3 [pid 361] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 363] write(3, "1000", 4 [pid 362] <... write resumed>) = 4 [pid 362] close(3) = 0 [pid 362] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 362] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 362] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 363] <... write resumed>) = 4 [pid 361] <... bpf resumed>) = 4 [pid 361] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 363] close(3) = 0 [pid 363] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 362] <... bpf resumed>) = 4 [pid 362] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 363] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 363] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 363] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 360] <... bpf resumed>) = 7 [pid 363] <... bpf resumed>) = 5 [pid 362] <... bpf resumed>) = 5 [pid 361] <... bpf resumed>) = 5 [pid 359] <... bpf resumed>) = 7 [pid 363] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 362] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 360] exit_group(0 [pid 359] exit_group(0 [pid 361] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 363] <... bpf resumed>) = 6 [pid 362] <... bpf resumed>) = 6 [pid 360] <... exit_group resumed>) = ? [pid 359] <... exit_group resumed>) = ? [pid 363] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 362] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 361] <... bpf resumed>) = 6 [pid 360] +++ exited with 0 +++ [pid 363] <... bpf resumed>) = 7 [pid 362] <... bpf resumed>) = 7 [pid 363] exit_group(0 [pid 362] exit_group(0 [pid 361] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [ 27.534438][ T289] [ 27.556451][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 27.568586][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 27.576251][ T289] Modules linked in: [ 27.580230][ T289] Preemption disabled at: [ 27.580239][ T289] [] try_to_wake_up+0x86/0x1150 [ 27.590810][ T289] CPU: 0 PID: 289 Comm: strace-static-x Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 27.602898][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 27.614814][ T289] Call Trace: [ 27.617931][ T289] [ 27.620986][ T289] dump_stack_lvl+0x151/0x1b7 [ 27.625526][ T289] ? try_to_wake_up+0x86/0x1150 [ 27.630543][ T289] ? try_to_wake_up+0x86/0x1150 [ 27.635545][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.641387][ T289] ? try_to_wake_up+0x86/0x1150 [ 27.646076][ T289] dump_stack+0x15/0x17 [ 27.650064][ T289] __schedule_bug+0x195/0x260 [ 27.654581][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 27.659881][ T289] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 27.665522][ T289] ? bpf_bprintf_cleanup+0x3f/0x60 [ 27.670560][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 27.675611][ T289] __schedule+0xd0b/0x1580 [ 27.679850][ T289] ? __kasan_check_read+0x11/0x20 [ 27.684719][ T289] ? __fdget_pos+0x209/0x3a0 [ 27.689346][ T289] ? __sched_text_start+0x8/0x8 [ 27.694242][ T289] ? ksys_write+0x24f/0x2c0 [ 27.698521][ T289] schedule+0x11f/0x1e0 [ 27.702510][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 27.707560][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 27.712961][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 27.718435][ T289] do_syscall_64+0x49/0xb0 [ 27.722752][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.729286][ T289] RIP: 0033:0x4e5c73 [ 27.733193][ T289] Code: c7 c0 b8 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18 [ 27.752889][ T289] RSP: 002b:00007ffe6f603fc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 27.770984][ T289] RAX: 0000000000000012 RBX: 0000000000000012 RCX: 00000000004e5c73 [ 27.778961][ T289] RDX: 0000000000000012 RSI: 0000000001dce000 RDI: 0000000000000002 [pid 359] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 363] <... exit_group resumed>) = ? [pid 362] <... exit_group resumed>) = ? [pid 361] <... bpf resumed>) = 7 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 361] exit_group(0) = ? [pid 363] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 365 ./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x555555f0c660, 24) = 0 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 366 attached , child_tidptr=0x555555f0c650) = 366 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 366] set_robust_list(0x555555f0c660, 24 [pid 365] <... prctl resumed>) = 0 [pid 365] setpgid(0, 0) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 27.787109][ T289] RBP: 0000000001dce000 R08: 0000000001dd2470 R09: 0000000000000002 [ 27.795106][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000012 [ 27.803508][ T289] R13: 0000000000617480 R14: 0000000000000012 R15: 0000000000000001 [ 27.811672][ T289] [ 27.824092][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000102, exited with 00000101? [ 27.835624][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 27.843058][ T287] Modules linked in: [ 27.846772][ T287] Preemption disabled at: [ 27.846780][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 27.858172][ T287] CPU: 0 PID: 287 Comm: sshd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 27.868958][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 27.880659][ T287] Call Trace: [ 27.883859][ T287] [ 27.886774][ T287] dump_stack_lvl+0x151/0x1b7 [ 27.891280][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 27.897044][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 27.903129][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.909959][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 27.915246][ T287] dump_stack+0x15/0x17 [ 27.919582][ T287] __schedule_bug+0x195/0x260 [ 27.924146][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 27.929816][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 27.935480][ T287] __schedule+0xd0b/0x1580 [ 27.939722][ T287] ? __kasan_check_read+0x11/0x20 [ 27.944688][ T287] ? __fdget_pos+0x209/0x3a0 [ 27.949230][ T287] ? __sched_text_start+0x8/0x8 [ 27.953870][ T287] ? ksys_write+0x24f/0x2c0 [ 27.958372][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 27.963902][ T287] schedule+0x11f/0x1e0 [ 27.967882][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 27.972905][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 27.978213][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 27.983596][ T287] do_syscall_64+0x49/0xb0 [ 27.987831][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.993646][ T287] RIP: 0033:0x7f15698a1bf2 [ 27.997900][ T287] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 28.019272][ T287] RSP: 002b:00007ffcc75cd988 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 28.027691][ T287] RAX: 000000000000004c RBX: 000000000000004c RCX: 00007f15698a1bf2 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 [pid 365] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 365] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 365] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 365] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 293] <... clone resumed>, child_tidptr=0x555555f0c650) = 367 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x555555f0c660, 24) = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 367] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 367] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 362] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=362, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 361] +++ exited with 0 +++ [pid 300] <... clone resumed>, child_tidptr=0x555555f0c650) = 368 [pid 366] <... set_robust_list resumed>) = 0 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 366] setpgid(0, 0) = 0 [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 366] write(3, "1000", 4) = 4 [pid 366] close(3) = 0 [pid 366] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 366] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 366] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x555555f0c660, 24) = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 368] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [ 28.035499][ T287] RDX: 000000000000004c RSI: 000055ee9cc7fe30 RDI: 0000000000000004 [ 28.043326][ T287] RBP: 000055ee9cc73290 R08: 0000000000000000 R09: 0000000000000000 [ 28.052768][ T287] R10: 0000000000000000 R11: 0000000000000246 R12: 000055ee9c3f0aa4 [ 28.061658][ T287] R13: 000000000000001b R14: 000055ee9c3f13e8 R15: 00007ffcc75cd9f8 [ 28.069927][ T287] [pid 368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 365] <... bpf resumed>) = 5 [pid 365] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 371 [pid 367] <... bpf resumed>) = 4 [pid 368] <... bpf resumed>) = 4 [pid 367] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 368] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 365] <... bpf resumed>) = 6 [pid 367] <... bpf resumed>) = 5 [pid 368] <... bpf resumed>) = 5 [pid 367] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 365] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7 [pid 365] exit_group(0 [pid 367] <... bpf resumed>) = 6 [pid 365] <... exit_group resumed>) = ? [ 28.075080][ T30] audit: type=1400 audit(1707418098.888:74): avc: denied { remove_name } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 28.101904][ T30] audit: type=1400 audit(1707418098.888:75): avc: denied { rename } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [pid 367] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7 [pid 367] exit_group(0) = ? ./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x555555f0c660, 24) = 0 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 371] setpgid(0, 0) = 0 [ 28.128505][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 28.140739][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 28.147330][ T287] Modules linked in: [ 28.151010][ T287] Preemption disabled at: [ 28.151018][ T287] [] pipe_read+0x5b3/0x1040 [ 28.161130][ T287] CPU: 0 PID: 287 Comm: sshd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 28.172585][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 28.182545][ T287] Call Trace: [ 28.185668][ T287] [ 28.188492][ T287] dump_stack_lvl+0x151/0x1b7 [ 28.192973][ T287] ? pipe_read+0x5b3/0x1040 [ 28.197367][ T287] ? pipe_read+0x5b3/0x1040 [ 28.201648][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 28.207108][ T287] ? pipe_read+0x5b3/0x1040 [ 28.211455][ T287] dump_stack+0x15/0x17 [ 28.215530][ T287] __schedule_bug+0x195/0x260 [ 28.220052][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 28.225159][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 28.230465][ T287] __schedule+0xd0b/0x1580 [ 28.234707][ T287] ? __kasan_check_read+0x11/0x20 [ 28.239566][ T287] ? __fdget_pos+0x209/0x3a0 [ 28.244176][ T287] ? __sched_text_start+0x8/0x8 [ 28.248852][ T287] ? ksys_write+0x24f/0x2c0 [ 28.253206][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 28.258575][ T287] schedule+0x11f/0x1e0 [ 28.262566][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 28.267690][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 28.273071][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 28.279291][ T287] do_syscall_64+0x49/0xb0 [ 28.283905][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.289712][ T287] RIP: 0033:0x7f15698a1bf2 [ 28.294072][ T287] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 28.313493][ T287] RSP: 002b:00007ffcc75cd988 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 28.321736][ T287] RAX: 000000000000008c RBX: 000000000000008c RCX: 00007f15698a1bf2 [ 28.329541][ T287] RDX: 000000000000008c RSI: 000055ee9cc7fe30 RDI: 0000000000000004 [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 371] write(3, "1000", 4) = 4 [pid 371] close(3) = 0 [pid 371] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 371] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 371] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 368] <... bpf resumed>) = 6 [pid 368] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 371] <... bpf resumed>) = 4 [pid 371] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 365] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 366] <... bpf resumed>) = 4 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 366] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 296] <... restart_syscall resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 372 ./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x555555f0c660, 24) = 0 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 372] setpgid(0, 0) = 0 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 372] write(3, "1000", 4) = 4 [pid 372] close(3) = 0 [pid 372] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 372] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 372] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 372] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 371] <... bpf resumed>) = 5 [ 28.337455][ T287] RBP: 000055ee9cc73290 R08: 0000000000000000 R09: 0000000000000000 [ 28.345425][ T287] R10: 0000000000000000 R11: 0000000000000246 R12: 000055ee9c3f0aa4 [ 28.353246][ T287] R13: 000000000000001c R14: 000055ee9c3f13e8 R15: 00007ffcc75cd9f8 [ 28.361836][ T287] [pid 368] <... bpf resumed>) = 7 [ 28.381500][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 28.394200][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 28.401808][ T289] Modules linked in: [ 28.405612][ T289] Preemption disabled at: [ 28.405624][ T289] [] up_read+0x16/0x170 [ 28.415868][ T289] CPU: 0 PID: 289 Comm: strace-static-x Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 28.428032][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 28.437930][ T289] Call Trace: [ 28.441054][ T289] [ 28.443825][ T289] dump_stack_lvl+0x151/0x1b7 [ 28.448341][ T289] ? up_read+0x16/0x170 [ 28.452334][ T289] ? up_read+0x16/0x170 [ 28.456562][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 28.462025][ T289] ? up_read+0x16/0x170 [ 28.466363][ T289] dump_stack+0x15/0x17 [ 28.470522][ T289] __schedule_bug+0x195/0x260 [ 28.475433][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 28.480880][ T289] ? asm_sysvec_call_function_single+0x1b/0x20 [ 28.487464][ T289] __schedule+0xd0b/0x1580 [ 28.491796][ T289] ? __sched_text_start+0x8/0x8 [ 28.496568][ T289] ? task_work_add+0x1b0/0x1d0 [ 28.501166][ T289] schedule+0x11f/0x1e0 [ 28.505332][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 28.511485][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 28.516962][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 28.522364][ T289] do_syscall_64+0x49/0xb0 [ 28.527423][ T289] ? sysvec_call_function_single+0x52/0xb0 [ 28.533995][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.540128][ T289] RIP: 0033:0x4e65f7 [ 28.544158][ T289] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 28.566427][ T289] RSP: 002b:00007ffe6f603f68 EFLAGS: 00000286 ORIG_RAX: 0000000000000003 [pid 371] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 367] +++ exited with 0 +++ [pid 372] <... bpf resumed>) = 5 [pid 368] exit_group(0 [pid 366] <... bpf resumed>) = 5 [pid 372] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 368] <... exit_group resumed>) = ? [pid 366] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=42} --- [pid 372] <... bpf resumed>) = 6 [pid 371] <... bpf resumed>) = 6 [pid 368] +++ exited with 0 +++ [pid 366] <... bpf resumed>) = 6 [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 372] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 366] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 293] <... restart_syscall resumed>) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 371] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 293] <... clone resumed>, child_tidptr=0x555555f0c650) = 374 ./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x555555f0c660, 24) = 0 [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 374] setpgid(0, 0) = 0 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 374] write(3, "1000", 4) = 4 [pid 300] <... clone resumed>, child_tidptr=0x555555f0c650) = 375 [pid 374] close(3) = 0 [pid 374] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72./strace-static-x86_64: Process 375 attached ) = 3 [pid 374] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 374] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 375] set_robust_list(0x555555f0c660, 24 [pid 374] <... bpf resumed>) = 4 [pid 374] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 375] <... set_robust_list resumed>) = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 375] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 375] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 375] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 375] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 372] <... bpf resumed>) = 7 [pid 366] <... bpf resumed>) = 7 [ 28.575200][ T289] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: 00000000004e65f7 [ 28.583829][ T289] RDX: 00007ffe6f603f70 RSI: 0000000000008910 RDI: 0000000000000003 [ 28.592605][ T289] RBP: 0000000000000003 R08: 00000000ffffffff R09: 000000000000000d [ 28.600614][ T289] R10: 00000000005549d3 R11: 0000000000000286 R12: 00007ffe6f603fd0 [ 28.608423][ T289] R13: 00007ffe6f603f70 R14: 0000000000427210 R15: 0000000000617180 [ 28.616330][ T289] [pid 375] <... bpf resumed>) = 5 [pid 374] <... bpf resumed>) = 5 [pid 372] exit_group(0 [pid 371] <... bpf resumed>) = 7 [pid 366] exit_group(0 [pid 375] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [ 28.641958][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 28.655817][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 28.662284][ T287] Modules linked in: [ 28.666683][ T287] Preemption disabled at: [ 28.666698][ T287] [] pipe_read+0x5b3/0x1040 [ 28.677305][ T287] CPU: 0 PID: 287 Comm: sshd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 28.688085][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 28.697984][ T287] Call Trace: [ 28.701172][ T287] [ 28.703954][ T287] dump_stack_lvl+0x151/0x1b7 [ 28.708486][ T287] ? pipe_read+0x5b3/0x1040 [ 28.712988][ T287] ? pipe_read+0x5b3/0x1040 [ 28.717423][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 28.722897][ T287] ? bstr_printf+0x1020/0x10c0 [ 28.729762][ T287] ? pipe_read+0x5b3/0x1040 [ 28.734474][ T287] dump_stack+0x15/0x17 [ 28.738548][ T287] __schedule_bug+0x195/0x260 [ 28.743091][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 28.748253][ T287] __schedule+0xd0b/0x1580 [ 28.752593][ T287] ? __sched_text_start+0x8/0x8 [ 28.757300][ T287] schedule+0x11f/0x1e0 [ 28.761281][ T287] schedule_hrtimeout_range_clock+0x1ef/0x360 [ 28.767701][ T287] ? hrtimer_nanosleep_restart+0x170/0x170 [ 28.773346][ T287] ? add_wait_queue+0x189/0x1c0 [ 28.778202][ T287] ? __remove_hrtimer+0x4d0/0x4d0 [ 28.783954][ T287] ? __pollwait+0x2f5/0x3f0 [ 28.788450][ T287] ? poll_initwait+0x160/0x160 [ 28.793156][ T287] schedule_hrtimeout_range+0x2a/0x40 [ 28.798867][ T287] do_sys_poll+0xe20/0x12d0 [ 28.803308][ T287] ? poll_select_finish+0x7b0/0x7b0 [ 28.809208][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 28.816098][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 28.822104][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 28.828095][ T287] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 28.834008][ T287] ? _raw_spin_lock_irqsave+0x210/0x210 [ 28.839474][ T287] ? __kasan_check_write+0x14/0x20 [ 28.844999][ T287] ? recalc_sigpending+0x1a5/0x230 [ 28.850058][ T287] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.855097][ T287] ? sigprocmask+0x280/0x280 [ 28.859612][ T287] ? set_current_blocked+0x40/0x40 [ 28.864955][ T287] __se_sys_ppoll+0x29c/0x330 [ 28.869456][ T287] ? __x64_sys_ppoll+0xd0/0xd0 [ 28.874530][ T287] ? __bpf_trace_sys_enter+0x62/0x70 [ 28.879622][ T287] __x64_sys_ppoll+0xbf/0xd0 [ 28.885034][ T287] do_syscall_64+0x3d/0xb0 [ 28.889283][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.895373][ T287] RIP: 0033:0x7f15698a4ad5 [ 28.900398][ T287] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 [ 28.925141][ T287] RSP: 002b:00007ffcc75cd970 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 28.934429][ T287] RAX: ffffffffffffffda RBX: 00000000000668a0 RCX: 00007f15698a4ad5 [pid 374] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 372] <... exit_group resumed>) = ? [pid 366] <... exit_group resumed>) = ? [pid 372] +++ exited with 0 +++ [pid 374] <... bpf resumed>) = 6 [pid 374] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 375] <... bpf resumed>) = 6 [pid 375] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 371] exit_group(0) = ? [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 376 ./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x555555f0c660, 24) = 0 [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 376] setpgid(0, 0) = 0 [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] write(3, "1000", 4) = 4 [pid 376] close(3) = 0 [pid 376] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 376] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [ 28.942331][ T287] RDX: 00007ffcc75cd990 RSI: 0000000000000004 RDI: 000055ee9cc74b20 [ 28.950333][ T287] RBP: 000055ee9cc735e0 R08: 0000000000000008 R09: 0000000000000000 [ 28.959357][ T287] R10: 00007ffcc75cda78 R11: 0000000000000246 R12: 000055ee9c3f0aa4 [ 28.968218][ T287] R13: 0000000000000001 R14: 000055ee9c3f13e8 R15: 00007ffcc75cd9f8 [ 28.976255][ T287] [ 28.980717][ C1] softirq: huh, entered softirq 9 RCU ffffffff815c9890 with preempt_count 00000103, exited with 00000102? [pid 376] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 28.992597][ T82] BUG: scheduling while atomic: syslogd/82/0x00000002 [ 29.000797][ T82] Modules linked in: [ 29.004603][ T82] Preemption disabled at: [ 29.004610][ T82] [] vfs_write+0x94b/0x1110 [ 29.014880][ T82] CPU: 1 PID: 82 Comm: syslogd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 29.026342][ T82] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 29.036194][ T82] Call Trace: [ 29.039311][ T82] [ 29.042091][ T82] dump_stack_lvl+0x151/0x1b7 [ 29.046597][ T82] ? vfs_write+0x94b/0x1110 [ 29.050939][ T82] ? vfs_write+0x94b/0x1110 [ 29.055397][ T82] ? io_uring_drop_tctx_refs+0x190/0x190 [ 29.061743][ T82] ? vfs_write+0x94b/0x1110 [ 29.066205][ T82] dump_stack+0x15/0x17 [ 29.070213][ T82] __schedule_bug+0x195/0x260 [ 29.074834][ T82] ? ttwu_queue_wakelist+0x510/0x510 [ 29.079954][ T82] ? vbin_printf+0x1bc0/0x1bc0 [ 29.087430][ T82] ? consume_skb+0xb4/0x250 [ 29.092100][ T82] ? __unix_dgram_recvmsg+0xcb1/0x1260 [ 29.099060][ T82] ? unix_dgram_recvmsg+0xc4/0xe0 [ 29.106274][ T82] __schedule+0xd0b/0x1580 [ 29.111700][ T82] ? bpf_snprintf+0x1ed/0x210 [ 29.117343][ T82] ? __sched_text_start+0x8/0x8 [ 29.122842][ T82] ? xas_load+0x2b7/0x2d0 [ 29.128765][ T82] schedule+0x11f/0x1e0 [ 29.134403][ T82] schedule_timeout+0xa9/0x370 [ 29.139721][ T82] ? __kasan_check_write+0x14/0x20 [ 29.146003][ T82] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 29.152545][ T82] ? console_conditional_schedule+0x30/0x30 [ 29.159611][ T82] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 29.167529][ T82] ? prepare_to_wait_exclusive+0x1ac/0x1f0 [ 29.174737][ T82] __skb_wait_for_more_packets+0x394/0x5f0 [ 29.180356][ T82] ? skb_checksum_setup_ip+0xaf0/0xaf0 [ 29.185651][ T82] ? mutex_unlock+0xb2/0x260 [ 29.190216][ T82] ? __skb_wait_for_more_packets+0x5f0/0x5f0 [ 29.196147][ T82] ? __mutex_lock_slowpath+0x10/0x10 [ 29.201354][ T82] ? avc_has_perm+0x16f/0x260 [ 29.206558][ T82] __unix_dgram_recvmsg+0x34f/0x1260 [ 29.211669][ T82] ? selinux_socket_recvmsg+0x243/0x340 [ 29.217047][ T82] ? unix_unhash+0x10/0x10 [ 29.221469][ T82] ? file_has_perm+0x508/0x6c0 [ 29.226071][ T82] unix_dgram_recvmsg+0xc4/0xe0 [ 29.230763][ T82] ? unix_dgram_sendmsg+0x2090/0x2090 [ 29.236011][ T82] sock_read_iter+0x353/0x480 [ 29.240476][ T82] ? kernel_sock_ip_overhead+0x280/0x280 [ 29.245948][ T82] ? iov_iter_init+0x53/0x190 [ 29.250630][ T82] vfs_read+0xa7e/0xd40 [ 29.254633][ T82] ? kernel_read+0x1f0/0x1f0 [ 29.259058][ T82] ? clockevents_program_event+0x22f/0x300 [ 29.264802][ T82] ? __kasan_check_read+0x11/0x20 [ 29.269776][ T82] ? __fdget_pos+0x209/0x3a0 [ 29.274497][ T82] ksys_read+0x199/0x2c0 [ 29.278661][ T82] ? vfs_write+0x1110/0x1110 [ 29.283258][ T82] ? __bpf_trace_sys_enter+0x62/0x70 [ 29.288369][ T82] __x64_sys_read+0x7b/0x90 [ 29.292707][ T82] do_syscall_64+0x3d/0xb0 [ 29.296965][ T82] ? sysvec_call_function_single+0x52/0xb0 [ 29.302618][ T82] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 29.308332][ T82] RIP: 0033:0x7fd0f5a27b6a [ 29.312757][ T82] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 29.332543][ T82] RSP: 002b:00007fff4a1fe708 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [pid 376] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16) = 5 [pid 375] <... bpf resumed>) = 7 [pid 374] <... bpf resumed>) = 7 [pid 371] +++ exited with 0 +++ [pid 366] +++ exited with 0 +++ [ 29.340906][ T82] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd0f5a27b6a [ 29.348787][ T82] RDX: 00000000000000ff RSI: 000055af5ad2f300 RDI: 0000000000000000 [ 29.356757][ T82] RBP: 000055af5ad2f2c0 R08: 0000000000000001 R09: 0000000000000000 [ 29.365117][ T82] R10: 00007fd0f5bc63a3 R11: 0000000000000246 R12: 000055af5ad2f373 [ 29.374813][ T82] R13: 000055af5ad2f300 R14: 0000000000000000 R15: 00007fd0f5c04a80 [ 29.383765][ T82] [ 29.390255][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 29.401692][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 29.408563][ T287] Modules linked in: [ 29.413017][ T287] Preemption disabled at: [ 29.413027][ T287] [] __set_current_blocked+0x11b/0x2f0 [ 29.425948][ T287] CPU: 0 PID: 287 Comm: sshd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 29.437414][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 29.447388][ T287] Call Trace: [ 29.450797][ T287] [ 29.453583][ T287] dump_stack_lvl+0x151/0x1b7 [ 29.458268][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 29.463988][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 29.476148][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 29.481849][ T287] ? __set_current_blocked+0x11b/0x2f0 [ 29.487861][ T287] dump_stack+0x15/0x17 [ 29.491863][ T287] __schedule_bug+0x195/0x260 [ 29.498370][ T287] ? __kasan_check_write+0x14/0x20 [ 29.504478][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 29.510961][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 29.516335][ T287] __schedule+0xd0b/0x1580 [ 29.521022][ T287] ? __kasan_check_read+0x11/0x20 [ 29.527564][ T287] ? _copy_to_user+0x78/0x90 [ 29.532681][ T287] ? __sched_text_start+0x8/0x8 [ 29.537739][ T287] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 29.543665][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 29.549026][ T287] schedule+0x11f/0x1e0 [ 29.553461][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 29.558572][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.564852][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 29.570723][ T287] do_syscall_64+0x49/0xb0 [ 29.574981][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 29.580793][ T287] RIP: 0033:0x7f156984d773 [ 29.585560][ T287] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 29.606050][ T287] RSP: 002b:00007ffcc75cd990 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 29.614548][ T287] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007f156984d773 [ 29.622358][ T287] RDX: 00007ffcc75cda78 RSI: 00007ffcc75cd9f8 RDI: 0000000000000001 [ 29.630192][ T287] RBP: 000055ee9cc735e0 R08: 0000000000000001 R09: 0000000000000000 [ 29.637984][ T287] R10: 0000000000000008 R11: 0000000000000246 R12: 000055ee9c3f0aa4 [pid 376] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 375] exit_group(0 [pid 374] exit_group(0 [pid 375] <... exit_group resumed>) = ? [pid 374] <... exit_group resumed>) = ? [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 376] <... bpf resumed>) = 6 [pid 376] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 377 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 378 ./strace-static-x86_64: Process 377 attached [pid 377] set_robust_list(0x555555f0c660, 24) = 0 [pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 377] setpgid(0, 0) = 0 [pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 377] write(3, "1000", 4) = 4 [pid 377] close(3) = 0 [pid 377] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 377] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 377] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x555555f0c660, 24) = 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setpgid(0, 0) = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 378] write(3, "1000", 4) = 4 [pid 378] close(3) = 0 [pid 378] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 378] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 378] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 375] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 380 [pid 377] <... bpf resumed>) = 4 [pid 377] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x555555f0c660, 24) = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0 [pid 378] <... bpf resumed>) = 4 [pid 380] <... setpgid resumed>) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 378] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 380] <... openat resumed>) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 380] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 380] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 380] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 376] <... bpf resumed>) = 7 [ 29.646121][ T287] R13: 000000000000001d R14: 000055ee9c3f13e8 R15: 00007ffcc75cd9f8 [ 29.655875][ T287] [ 29.671777][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 29.683420][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 29.690908][ T289] Modules linked in: [ 29.694571][ T289] Preemption disabled at: [ 29.694579][ T289] [] remove_wait_queue+0x26/0x140 [ 29.705516][ T289] CPU: 0 PID: 289 Comm: strace-static-x Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 29.717193][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 29.727144][ T289] Call Trace: [ 29.730263][ T289] [ 29.733068][ T289] dump_stack_lvl+0x151/0x1b7 [ 29.737553][ T289] ? remove_wait_queue+0x26/0x140 [ 29.742848][ T289] ? remove_wait_queue+0x26/0x140 [ 29.747780][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 29.754538][ T289] ? remove_wait_queue+0x26/0x140 [ 29.759378][ T289] dump_stack+0x15/0x17 [ 29.763823][ T289] __schedule_bug+0x195/0x260 [ 29.768323][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 29.773539][ T289] ? kernel_waitid+0x520/0x520 [ 29.778511][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 29.783937][ T289] __schedule+0xd0b/0x1580 [ 29.788351][ T289] ? __x64_sys_wait4+0x181/0x1e0 [ 29.793257][ T289] ? __sched_text_start+0x8/0x8 [ 29.798021][ T289] schedule+0x11f/0x1e0 [ 29.802024][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 29.807672][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.813237][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 29.818863][ T289] do_syscall_64+0x49/0xb0 [ 29.824160][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 29.830494][ T289] RIP: 0033:0x4d49a6 [ 29.834545][ T289] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 29.855014][ T289] RSP: 002b:00007ffe6f604188 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 29.863242][ T289] RAX: 000000000000012c RBX: 0000000000000001 RCX: 00000000004d49a6 [ 29.872830][ T289] RDX: 0000000040000001 RSI: 00007ffe6f6041ac RDI: 00000000ffffffff [ 29.880962][ T289] RBP: 0000000001dcd230 R08: 0000000000000000 R09: 0000000000000000 [pid 376] exit_group(0 [pid 380] <... bpf resumed>) = 5 [pid 378] <... bpf resumed>) = 5 [pid 377] <... bpf resumed>) = 5 [pid 374] +++ exited with 0 +++ [pid 377] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 376] <... exit_group resumed>) = ? [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=374, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 380] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 378] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 376] +++ exited with 0 +++ [pid 377] <... bpf resumed>) = 6 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 381 ./strace-static-x86_64: Process 381 attached [pid 381] set_robust_list(0x555555f0c660, 24) = 0 [pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 381] setpgid(0, 0 [pid 378] <... bpf resumed>) = 6 [pid 381] <... setpgid resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 382 [pid 380] <... bpf resumed>) = 6 [pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 378] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 380] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 377] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 381] <... openat resumed>) = 3 [pid 381] write(3, "1000", 4) = 4 [pid 381] close(3) = 0 [pid 381] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x555555f0c660, 24 [pid 381] <... bpf resumed>) = 3 [pid 381] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 381] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 382] <... set_robust_list resumed>) = 0 [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 382] setpgid(0, 0 [pid 381] <... bpf resumed>) = 4 [pid 381] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 382] <... setpgid resumed>) = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 382] write(3, "1000", 4) = 4 [pid 382] close(3) = 0 [pid 382] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 382] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 382] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 382] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 378] <... bpf resumed>) = 7 [pid 381] <... bpf resumed>) = 5 [pid 380] <... bpf resumed>) = 7 [pid 378] exit_group(0 [pid 377] <... bpf resumed>) = 7 [pid 381] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 380] exit_group(0 [pid 378] <... exit_group resumed>) = ? [pid 377] exit_group(0 [pid 381] <... bpf resumed>) = 6 [pid 380] <... exit_group resumed>) = ? [pid 381] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 378] +++ exited with 0 +++ [pid 377] <... exit_group resumed>) = ? [pid 381] <... bpf resumed>) = 7 [pid 382] <... bpf resumed>) = 5 [pid 381] exit_group(0 [pid 380] +++ exited with 0 +++ [pid 382] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 381] <... exit_group resumed>) = ? [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=380, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- [pid 382] <... bpf resumed>) = 6 [ 29.888860][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001dd22c0 [ 29.897848][ T289] R13: 0000000000000178 R14: 00007ffe6f6041ac R15: 0000000000617180 [ 29.912313][ T289] [ 29.937642][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 29.950384][ T289] BUG: scheduling while atomic: strace-static-x/289/0x00000002 [ 29.958030][ T289] Modules linked in: [ 29.962669][ T289] Preemption disabled at: [ 29.962680][ T289] [] remove_wait_queue+0x26/0x140 [ 29.974914][ T289] CPU: 1 PID: 289 Comm: strace-static-x Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 29.986877][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 29.996945][ T289] Call Trace: [ 30.003373][ T289] [ 30.006290][ T289] dump_stack_lvl+0x151/0x1b7 [ 30.010907][ T289] ? remove_wait_queue+0x26/0x140 [ 30.015761][ T289] ? remove_wait_queue+0x26/0x140 [ 30.020732][ T289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 30.026652][ T289] ? remove_wait_queue+0x26/0x140 [ 30.031609][ T289] dump_stack+0x15/0x17 [ 30.035612][ T289] __schedule_bug+0x195/0x260 [ 30.040468][ T289] ? ttwu_queue_wakelist+0x510/0x510 [ 30.046138][ T289] ? kernel_waitid+0x520/0x520 [ 30.050984][ T289] ? wait_task_inactive+0x2cd/0x4f0 [ 30.056099][ T289] __schedule+0xd0b/0x1580 [ 30.060341][ T289] ? __x64_sys_wait4+0x181/0x1e0 [ 30.065134][ T289] ? bpf_trace_run2+0xf1/0x210 [ 30.069723][ T289] ? __sched_text_start+0x8/0x8 [ 30.076734][ T289] schedule+0x11f/0x1e0 [ 30.082351][ T289] exit_to_user_mode_loop+0x4d/0xe0 [ 30.088463][ T289] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.096875][ T289] syscall_exit_to_user_mode+0x26/0x160 [ 30.107280][ T289] do_syscall_64+0x49/0xb0 [ 30.112626][ T289] ? sysvec_call_function_single+0x52/0xb0 [ 30.119649][ T289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 30.126488][ T289] RIP: 0033:0x4d49a6 [ 30.130295][ T289] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 30.151093][ T289] RSP: 002b:00007ffe6f604188 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 30.159637][ T289] RAX: 000000000000017e RBX: 0000000000000004 RCX: 00000000004d49a6 [ 30.168153][ T289] RDX: 0000000040000001 RSI: 00007ffe6f6041ac RDI: 00000000ffffffff [ 30.176686][ T289] RBP: 0000000001dcce40 R08: 0000000000000000 R09: 0000000000000000 [ 30.185811][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001dd2470 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 382] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 377] +++ exited with 0 +++ ./strace-static-x86_64: Process 383 attached [pid 382] <... bpf resumed>) = 7 [pid 381] +++ exited with 0 +++ [pid 383] set_robust_list(0x555555f0c660, 24 [pid 382] exit_group(0 [pid 300] <... clone resumed>, child_tidptr=0x555555f0c650) = 383 [pid 382] <... exit_group resumed>) = ? [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=377, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=381, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 383] <... set_robust_list resumed>) = 0 [pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 383] setpgid(0, 0) = 0 [pid 383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 383] write(3, "1000", 4) = 4 [pid 383] close(3) = 0 [pid 383] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 383] <... bpf resumed>) = 3 [pid 383] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 383] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 382] +++ exited with 0 +++ [pid 294] <... clone resumed>, child_tidptr=0x555555f0c650) = 384 [pid 383] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16./strace-static-x86_64: Process 384 attached [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] <... clone resumed>, child_tidptr=0x555555f0c650) = 385 [pid 384] set_robust_list(0x555555f0c660, 24) = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] setpgid(0, 0) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 384] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 384] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 385 attached ) = 4 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 385] set_robust_list(0x555555f0c660, 24 [pid 384] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone resumed>, child_tidptr=0x555555f0c650) = 386 [pid 385] <... set_robust_list resumed>) = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72./strace-static-x86_64: Process 387 attached ) = 3 [pid 385] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 385] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 386 attached [pid 387] set_robust_list(0x555555f0c660, 24 [pid 293] <... clone resumed>, child_tidptr=0x555555f0c650) = 387 [pid 385] <... bpf resumed>) = 4 [pid 385] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 387] <... set_robust_list resumed>) = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 387] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 387] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 386] set_robust_list(0x555555f0c660, 24 [pid 387] <... bpf resumed>) = 4 [pid 387] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 386] <... set_robust_list resumed>) = 0 [pid 386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 386] setpgid(0, 0) = 0 [pid 386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 386] write(3, "1000", 4) = 4 [pid 386] close(3) = 0 [pid 386] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 386] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 386] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 386] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 387] <... bpf resumed>) = 5 [pid 386] <... bpf resumed>) = 5 [pid 385] <... bpf resumed>) = 5 [pid 384] <... bpf resumed>) = 5 [pid 383] <... bpf resumed>) = 5 [pid 387] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 386] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 385] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 384] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 383] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 387] <... bpf resumed>) = 6 [pid 386] <... bpf resumed>) = 6 [pid 385] <... bpf resumed>) = 6 [pid 384] <... bpf resumed>) = 6 [pid 386] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 385] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 384] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 387] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 386] <... bpf resumed>) = 7 [pid 385] <... bpf resumed>) = 7 [pid 383] <... bpf resumed>) = 6 [pid 387] <... bpf resumed>) = 7 [pid 386] exit_group(0 [pid 384] <... bpf resumed>) = 7 [ 30.193750][ T289] R13: 0000000000000126 R14: 00007ffe6f6041ac R15: 0000000000617180 [ 30.201560][ T289] [pid 383] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 385] exit_group(0) = ? [pid 385] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 388 ./strace-static-x86_64: Process 388 attached [pid 388] set_robust_list(0x555555f0c660, 24) = 0 [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 30.229737][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 30.236322][ C1] softirq: huh, entered softirq 6 TASKLET ffffffff8142f520 with preempt_count 00000103, exited with 00000102? [ 30.241281][ T300] BUG: scheduling while atomic: syz-executor300/300/0x00000002 [ 30.253046][ T287] BUG: scheduling while atomic: sshd/287/0x00000002 [ 30.253057][ T287] Modules linked in: [ 30.253065][ T287] Preemption disabled at: [ 30.253068][ T287] [] pipe_read+0x5b3/0x1040 [ 30.253090][ T287] CPU: 1 PID: 287 Comm: sshd Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 30.253105][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 30.253113][ T287] Call Trace: [ 30.253118][ T287] [ 30.253124][ T287] dump_stack_lvl+0x151/0x1b7 [ 30.253144][ T287] ? pipe_read+0x5b3/0x1040 [ 30.253158][ T287] ? pipe_read+0x5b3/0x1040 [ 30.253171][ T287] ? io_uring_drop_tctx_refs+0x190/0x190 [ 30.253189][ T287] ? pipe_read+0x5b3/0x1040 [ 30.253203][ T287] dump_stack+0x15/0x17 [ 30.253219][ T287] __schedule_bug+0x195/0x260 [ 30.253235][ T287] ? bpf_bprintf_cleanup+0x1a/0x60 [ 30.253251][ T287] ? ttwu_queue_wakelist+0x510/0x510 [ 30.253265][ T287] ? bpf_bprintf_cleanup+0x1a/0x60 [ 30.253278][ T287] ? __set_current_blocked+0x2a5/0x2f0 [ 30.253296][ T287] __schedule+0xd0b/0x1580 [ 30.253308][ T287] ? bpf_trace_run2+0xf1/0x210 [ 30.253324][ T287] ? __sched_text_start+0x8/0x8 [ 30.253335][ T287] ? bpf_trace_run1+0x1c0/0x1c0 [ 30.253349][ T287] ? ksys_read+0x24f/0x2c0 [ 30.253362][ T287] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 30.253380][ T287] schedule+0x11f/0x1e0 [ 30.253394][ T287] exit_to_user_mode_loop+0x4d/0xe0 [ 30.253410][ T287] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.253426][ T287] syscall_exit_to_user_mode+0x26/0x160 [ 30.253443][ T287] do_syscall_64+0x49/0xb0 [ 30.253456][ T287] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 30.253473][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 30.253492][ T287] RIP: 0033:0x7f1569888587 [ 30.253506][ T287] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 30.253519][ T287] RSP: 002b:00007ffcc75cd7d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 30.253533][ T287] RAX: 000000000000011f RBX: 000000000000000a RCX: 00007f1569888587 [ 30.265500][ T300] Modules linked in: [ 30.271903][ T287] RDX: 0000000000000000 RSI: 000000000000000a RDI: 000000000000000a [ 30.271914][ T287] RBP: 000055ee9cc75b1a R08: 0000000000000000 R09: 0000000000000000 [ 30.275619][ T300] [ 30.275624][ T300] Preemption disabled at: [ 30.279782][ T287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000400 [ 30.285872][ T300] [] ptrace_stop+0x588/0xa90 [ 30.296795][ T287] R13: 000000000000000a R14: 0000000000000000 R15: 000055ee9cc73290 [ 30.296812][ T287] [ 30.521925][ T300] CPU: 0 PID: 300 Comm: syz-executor300 Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 30.534853][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 30.544851][ T300] Call Trace: [ 30.547983][ T300] [ 30.550748][ T300] dump_stack_lvl+0x151/0x1b7 [ 30.555871][ T300] ? ptrace_stop+0x588/0xa90 [ 30.560279][ T300] ? ptrace_stop+0x588/0xa90 [ 30.565267][ T300] ? io_uring_drop_tctx_refs+0x190/0x190 [ 30.571485][ T300] ? ptrace_stop+0x588/0xa90 [ 30.576174][ T300] dump_stack+0x15/0x17 [ 30.580240][ T300] __schedule_bug+0x195/0x260 [ 30.585009][ T300] ? ttwu_queue_wakelist+0x510/0x510 [ 30.591538][ T300] __schedule+0xd0b/0x1580 [ 30.596165][ T300] ? __kasan_check_write+0x14/0x20 [ 30.602164][ T300] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 30.607495][ T300] ? __sched_text_start+0x8/0x8 [ 30.613142][ T300] ? cgroup_update_frozen+0x15f/0x980 [ 30.619476][ T300] schedule+0x11f/0x1e0 [ 30.623920][ T300] ptrace_stop+0x4ea/0xa90 [ 30.629861][ T300] ptrace_notify+0x22b/0x350 [ 30.634434][ T300] ? do_notify_parent+0xa30/0xa30 [ 30.639490][ T300] ? __bpf_trace_sys_enter+0x62/0x70 [ 30.644845][ T300] ? __traceiter_sys_enter+0x2a/0x40 [ 30.650683][ T300] syscall_exit_to_user_mode+0xac/0x160 [ 30.656825][ T300] do_syscall_64+0x49/0xb0 [ 30.661451][ T300] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 30.667586][ T300] RIP: 0033:0x7fe92ecb4933 [ 30.672767][ T300] Code: fe ff e9 41 ff ff ff 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 80 3d 51 b7 07 00 00 49 89 ca 74 14 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5d c3 0f 1f 40 00 48 83 ec 28 89 54 24 14 48 [ 30.694073][ T300] RSP: 002b:00007ffeabb5f518 EFLAGS: 00000202 ORIG_RAX: 000000000000003d [ 30.702629][ T300] RAX: 0000000000000000 RBX: 000000000000017f RCX: 00007fe92ecb4933 [ 30.711266][ T300] RDX: 0000000040000001 RSI: 00007ffeabb5f52c RDI: 00000000ffffffff [ 30.719417][ T300] RBP: 00000000000f4240 R08: 00007ffeabb7a080 R09: 00007ffeabb7a0b0 [pid 388] setpgid(0, 0) = 0 [pid 387] exit_group(0 [pid 386] <... exit_group resumed>) = ? [pid 384] exit_group(0 [pid 383] <... bpf resumed>) = 7 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 387] <... exit_group resumed>) = ? [pid 386] +++ exited with 0 +++ [pid 384] <... exit_group resumed>) = ? [pid 383] exit_group(0 [pid 388] <... openat resumed>) = 3 [pid 387] +++ exited with 0 +++ [pid 383] <... exit_group resumed>) = ? [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=386, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 388] write(3, "1000", 4 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=387, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 388] <... write resumed>) = 4 [pid 388] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 388] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 293] <... clone resumed>, child_tidptr=0x555555f0c650) = 390 [pid 388] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 388] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0c650) = 391 [pid 388] <... bpf resumed>) = 4 [pid 388] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16./strace-static-x86_64: Process 391 attached [pid 391] set_robust_list(0x555555f0c660, 24) = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 391] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 391] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x555555f0c660, 24) = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 390] setpgid(0, 0) = 0 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 391] <... bpf resumed>) = 4 [pid 390] <... openat resumed>) = 3 [ 30.728221][ T300] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000000075ea [ 30.736379][ T300] R13: 00007ffeabb5f52c R14: 00007ffeabb5f540 R15: 00007ffeabb5f530 [ 30.744807][ T300] [ 30.752620][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e83a80 with preempt_count 00000103, exited with 00000102? [ 30.765736][ T389] BUG: scheduling while atomic: init/389/0x00000002 [ 30.772525][ T389] Modules linked in: [ 30.777239][ T389] Preemption disabled at: [pid 390] write(3, "1000", 4) = 4 [pid 390] close(3) = 0 [pid 390] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 390] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 390] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 390] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [ 30.777250][ T389] [] pick_file+0x36/0x2d0 [ 30.788857][ T389] CPU: 0 PID: 389 Comm: init Tainted: G W 5.15.148-syzkaller-00704-g3802b45594e1 #0 [ 30.802837][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 30.815099][ T389] Call Trace: [ 30.818221][ T389] [ 30.821268][ T389] dump_stack_lvl+0x151/0x1b7 [ 30.826415][ T389] ? pick_file+0x36/0x2d0 [ 30.830903][ T389] ? pick_file+0x36/0x2d0 [ 30.835219][ T389] ? io_uring_drop_tctx_refs+0x190/0x190 [ 30.841040][ T389] ? pick_file+0x36/0x2d0 [ 30.845653][ T389] dump_stack+0x15/0x17 [ 30.849673][ T389] __schedule_bug+0x195/0x260 [ 30.854300][ T389] ? ttwu_queue_wakelist+0x510/0x510 [ 30.860511][ T389] ? do_sys_openat2+0x71c/0x830 [ 30.868221][ T389] __schedule+0xd0b/0x1580 [ 30.873698][ T389] ? bpf_trace_run2+0xf1/0x210 [ 30.879213][ T389] ? __sched_text_start+0x8/0x8 [ 30.884882][ T389] ? __x64_sys_openat+0x243/0x290 [ 30.890235][ T389] schedule+0x11f/0x1e0 [ 30.894235][ T389] exit_to_user_mode_loop+0x4d/0xe0 [ 30.899852][ T389] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.905310][ T389] syscall_exit_to_user_mode+0x26/0x160 [ 30.910909][ T389] do_syscall_64+0x49/0xb0 [ 30.915172][ T389] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 30.921754][ T389] RIP: 0033:0x7fbf7930a9a4 [ 30.926092][ T389] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83 [ 30.948504][ T389] RSP: 002b:00007ffef1e38960 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 30.956968][ T389] RAX: fffffffffffffffe RBX: 0000000000000005 RCX: 00007fbf7930a9a4 [ 30.965008][ T389] RDX: 0000000000000802 RSI: 0000562a766c0a5d RDI: 00000000ffffff9c [ 30.972979][ T389] RBP: 0000562a766c0a5d R08: 0000000000000000 R09: 0000000000000000 [pid 391] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 384] +++ exited with 0 +++ [pid 383] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=383, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=384, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 393 attached ./strace-static-x86_64: Process 392 attached [pid 300] <... clone resumed>, child_tidptr=0x555555f0c650) = 392 [pid 294] <... clone resumed>, child_tidptr=0x555555f0c650) = 393 [pid 393] set_robust_list(0x555555f0c660, 24 [pid 392] set_robust_list(0x555555f0c660, 24 [pid 393] <... set_robust_list resumed>) = 0 [pid 392] <... set_robust_list resumed>) = 0 [pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 393] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 392] <... prctl resumed>) = 0 [pid 393] <... prctl resumed>) = 0 [pid 392] setpgid(0, 0 [pid 393] setpgid(0, 0 [pid 392] <... setpgid resumed>) = 0 [pid 393] <... setpgid resumed>) = 0 [pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 392] <... openat resumed>) = 3 [pid 392] write(3, "1000", 4) = 4 [pid 392] close(3) = 0 [pid 392] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 392] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 392] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 393] <... openat resumed>) = 3 [pid 392] <... bpf resumed>) = 4 [pid 392] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 393] write(3, "1000", 4) = 4 [pid 393] close(3) = 0 [pid 393] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 393] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 393] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 393] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 388] <... bpf resumed>) = 5 [pid 393] <... bpf resumed>) = 5 [pid 392] <... bpf resumed>) = 5 [pid 391] <... bpf resumed>) = 5 [pid 390] <... bpf resumed>) = 5 [pid 388] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 393] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 392] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 391] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 390] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001dc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 388] <... bpf resumed>) = 6 [pid 393] <... bpf resumed>) = 6 [pid 392] <... bpf resumed>) = 6 [pid 388] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 393] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 392] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 388] <... bpf resumed>) = 7 [pid 393] <... bpf resumed>) = 7 [pid 392] <... bpf resumed>) = 7 [pid 391] <... bpf resumed>) = 6 [pid 388] exit_group(0 [pid 393] exit_group(0 [pid 392] exit_group(0 [pid 388] <... exit_group resumed>) = ? [pid 393] <... exit_group resumed>) = ? [ 30.981743][ T389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000802 [ 30.990638][ T389] R13: 0000000000000002 R14: 0000000000000802 R15: 00007fbf794e7a80 [ 30.998799][ T389] [pid 392] <... exit_group resumed>) = ? [pid 391] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 390] <... bpf resumed>) = 6 [pid 388] +++ exited with 0 +++ [pid 390] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---