./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor826170918 <...> [ 11.527132][ T30] audit: type=1400 audit(1715489564.803:64): avc: denied { rlimitinh } for pid=222 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.531222][ T30] audit: type=1400 audit(1715489564.803:65): avc: denied { siginh } for pid=222 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.987564][ T223] sshd (223) used greatest stack depth: 22288 bytes left Warning: Permanently added '10.128.1.156' (ED25519) to the list of known hosts. execve("./syz-executor826170918", ["./syz-executor826170918"], 0x7ffd5d600a20 /* 10 vars */) = 0 brk(NULL) = 0x555555afa000 brk(0x555555afad00) = 0x555555afad00 arch_prctl(ARCH_SET_FS, 0x555555afa380) = 0 set_tid_address(0x555555afa650) = 291 set_robust_list(0x555555afa660, 24) = 0 rseq(0x555555afaca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor826170918", 4096) = 27 getrandom("\x99\xeb\x9f\x49\x47\x81\x1d\x1e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555afad00 brk(0x555555b1bd00) = 0x555555b1bd00 brk(0x555555b1c000) = 0x555555b1c000 mprotect(0x7f30119f4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 292 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 293 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 294 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 295 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 296 ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x555555afa660, 24) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 294 attached ./strace-static-x86_64: Process 295 attached ./strace-static-x86_64: Process 293 attached ./strace-static-x86_64: Process 292 attached [pid 295] set_robust_list(0x555555afa660, 24 [pid 294] set_robust_list(0x555555afa660, 24 [pid 293] set_robust_list(0x555555afa660, 24 [pid 292] set_robust_list(0x555555afa660, 24 [pid 296] <... clone resumed>, child_tidptr=0x555555afa650) = 298 [pid 294] <... set_robust_list resumed>) = 0 [pid 293] <... set_robust_list resumed>) = 0 [pid 292] <... set_robust_list resumed>) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... set_robust_list resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 300 attached [pid 293] <... clone resumed>, child_tidptr=0x555555afa650) = 299 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x555555afa660, 24) = 0 [pid 294] <... clone resumed>, child_tidptr=0x555555afa650) = 300 [pid 295] <... clone resumed>, child_tidptr=0x555555afa650) = 301 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 301 attached [pid 298] setpgid(0, 0 [pid 292] <... clone resumed>, child_tidptr=0x555555afa650) = 302 ./strace-static-x86_64: Process 299 attached [pid 300] set_robust_list(0x555555afa660, 24 [pid 298] <... setpgid resumed>) = 0 [pid 300] <... set_robust_list resumed>) = 0 [pid 299] set_robust_list(0x555555afa660, 24 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] set_robust_list(0x555555afa660, 24 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] <... set_robust_list resumed>) = 0 [pid 301] <... set_robust_list resumed>) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] <... prctl resumed>) = 0 [pid 301] <... prctl resumed>) = 0 [pid 301] setpgid(0, 0) = 0 [pid 300] setpgid(0, 0) = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... prctl resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4 [pid 299] setpgid(0, 0 [pid 300] <... write resumed>) = 4 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3 [pid 300] close(3 [pid 299] <... setpgid resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 300] <... close resumed>) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] write(3, "1000", 4) = 4 [pid 298] close(3) = 0 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 299] <... openat resumed>) = 3 [pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 299] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x555555afa660, 24) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [ 20.395455][ T30] audit: type=1400 audit(1715489573.683:66): avc: denied { execmem } for pid=291 comm="syz-executor826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.415296][ T30] audit: type=1400 audit(1715489573.703:68): avc: denied { prog_load } for pid=300 comm="syz-executor826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 299] close(3) = 0 [ 20.436008][ T30] audit: type=1400 audit(1715489573.703:67): avc: denied { prog_load } for pid=298 comm="syz-executor826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 20.455805][ T30] audit: type=1400 audit(1715489573.703:69): avc: denied { bpf } for pid=298 comm="syz-executor826" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 20.496500][ T30] audit: type=1400 audit(1715489573.703:70): avc: denied { perfmon } for pid=298 comm="syz-executor826" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 20.518027][ T30] audit: type=1400 audit(1715489573.703:71): avc: denied { prog_load } for pid=301 comm="syz-executor826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 302] <... bpf resumed>) = 3 [pid 301] <... bpf resumed>) = 3 [pid 300] <... bpf resumed>) = 3 [pid 299] <... bpf resumed>) = 3 [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 300] <... bpf resumed>) = 4 [pid 299] <... bpf resumed>) = 4 [pid 300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 298] <... bpf resumed>) = 3 [pid 301] <... bpf resumed>) = 4 [pid 300] <... bpf resumed>) = 5 [pid 299] <... bpf resumed>) = 5 [pid 298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 300] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 299] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 300] <... bpf resumed>) = 0 [pid 299] <... bpf resumed>) = 0 [pid 301] <... bpf resumed>) = 5 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 302] <... bpf resumed>) = 4 [pid 301] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 300] <... bpf resumed>) = 6 [pid 299] <... bpf resumed>) = 6 [pid 298] <... bpf resumed>) = 4 [ 20.672211][ T30] audit: type=1400 audit(1715489573.963:72): avc: denied { prog_run } for pid=301 comm="syz-executor826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 20.701451][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 20.705018][ T30] audit: type=1400 audit(1715489573.963:73): avc: denied { prog_run } for pid=298 comm="syz-executor826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 20.712903][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 20.732506][ T30] audit: type=1400 audit(1715489573.993:74): avc: denied { map_create } for pid=300 comm="syz-executor826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 20.738392][ T286] Modules linked in: [ 20.761310][ T286] Preemption disabled at: [ 20.761326][ T286] [] pipe_read+0x5b3/0x1040 [ 20.771423][ T286] CPU: 0 PID: 286 Comm: sshd Not tainted 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 20.780495][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 20.790420][ T286] Call Trace: [ 20.793506][ T286] [ 20.796287][ T286] dump_stack_lvl+0x151/0x1b7 [ 20.800991][ T286] ? pipe_read+0x5b3/0x1040 [ 20.805450][ T286] ? pipe_read+0x5b3/0x1040 [ 20.809791][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 20.815257][ T286] ? pipe_read+0x5b3/0x1040 [ 20.819599][ T286] dump_stack+0x15/0x17 [ 20.823913][ T286] __schedule_bug+0x195/0x260 [ 20.828410][ T286] ? bpf_bprintf_cleanup+0x3f/0x60 [ 20.833359][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 20.838474][ T286] ? bpf_bprintf_cleanup+0x3f/0x60 [ 20.843414][ T286] ? __set_current_blocked+0x2a5/0x2f0 [ 20.848884][ T286] __schedule+0xd19/0x1590 [ 20.853146][ T286] ? bpf_trace_run2+0xf1/0x210 [ 20.857866][ T286] ? __sched_text_start+0x8/0x8 [ 20.862551][ T286] ? bpf_trace_run1+0x1c0/0x1c0 [ 20.867311][ T286] ? ksys_read+0x24f/0x2c0 [ 20.871675][ T286] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 20.877051][ T286] schedule+0x11f/0x1e0 [ 20.881148][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 20.886167][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 20.891465][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 20.896851][ T286] do_syscall_64+0x49/0xb0 [ 20.901105][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 20.906828][ T286] RIP: 0033:0x7faca7103587 [ 20.911071][ T286] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 20.930596][ T286] RSP: 002b:00007ffd596abd68 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 20.938934][ T286] RAX: 000000000000011e RBX: 0000000000000000 RCX: 00007faca7103587 [ 20.946740][ T286] RDX: 000000000000085c RSI: 0000559efed4c480 RDI: 0000559efed49937 [ 20.954550][ T286] RBP: 0000559efed4a856 R08: 0000000000000006 R09: 0000000000000000 [ 20.962364][ T286] R10: 0000559efed4a856 R11: 0000000000000246 R12: 0000559efed49937 [pid 301] <... bpf resumed>) = 0 [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 298] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 300] <... bpf resumed>) = 7 [pid 299] <... bpf resumed>) = 7 [pid 300] exit_group(0 [pid 299] exit_group(0 [pid 300] <... exit_group resumed>) = ? [pid 299] <... exit_group resumed>) = ? [pid 301] <... bpf resumed>) = 6 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 298] <... bpf resumed>) = 5 [pid 298] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 300] +++ exited with 0 +++ [pid 299] +++ exited with 0 +++ [pid 302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 302] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 302] <... bpf resumed>) = 0 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 294] <... clone resumed>, child_tidptr=0x555555afa650) = 303 [ 20.970204][ T286] R13: 0000559efed4c480 R14: 0000559efed4c480 R15: 00007ffd596ac2f0 [ 20.977992][ T286] [ 20.983433][ T30] audit: type=1400 audit(1715489573.993:75): avc: denied { map_read map_write } for pid=300 comm="syz-executor826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 21.004398][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 21.015868][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 21.022256][ T286] Modules linked in: [ 21.025936][ T286] Preemption disabled at: [ 21.025947][ T286] [] __release_sock+0x38d/0x410 [ 21.036353][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 21.046851][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 21.056745][ T286] Call Trace: [ 21.059867][ T286] [ 21.062652][ T286] dump_stack_lvl+0x151/0x1b7 [ 21.067157][ T286] ? __release_sock+0x38d/0x410 [ 21.071842][ T286] ? __release_sock+0x38d/0x410 [ 21.076528][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 21.082001][ T286] ? __release_sock+0x38d/0x410 [ 21.086691][ T286] dump_stack+0x15/0x17 [ 21.090677][ T286] __schedule_bug+0x195/0x260 [ 21.095198][ T286] ? __kasan_check_write+0x14/0x20 [ 21.100136][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 21.105268][ T286] ? __set_current_blocked+0x2a5/0x2f0 [ 21.110649][ T286] __schedule+0xd19/0x1590 [ 21.114902][ T286] ? __kasan_check_read+0x11/0x20 [ 21.119749][ T286] ? _copy_to_user+0x78/0x90 [ 21.124178][ T286] ? __sched_text_start+0x8/0x8 [ 21.128864][ T286] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 21.134335][ T286] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 21.139888][ T286] schedule+0x11f/0x1e0 [ 21.143879][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 21.148922][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 21.154210][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 21.159592][ T286] do_syscall_64+0x49/0xb0 [ 21.163995][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.169705][ T286] RIP: 0033:0x7faca70c8773 [ 21.173960][ T286] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 21.193397][ T286] RSP: 002b:00007ffd596b0530 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 21.201645][ T286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007faca70c8773 [ 21.209456][ T286] RDX: 00007ffd596b0618 RSI: 00007ffd596b0598 RDI: 0000000000000000 [pid 293] <... clone resumed>, child_tidptr=0x555555afa650) = 304 ./strace-static-x86_64: Process 304 attached [pid 301] <... bpf resumed>) = 7 [pid 304] set_robust_list(0x555555afa660, 24 [pid 301] exit_group(0) = ? [pid 301] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- ./strace-static-x86_64: Process 303 attached [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 303] set_robust_list(0x555555afa660, 24) = 0 [pid 295] <... clone resumed>, child_tidptr=0x555555afa650) = 305 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x555555afa660, 24) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 304] <... set_robust_list resumed>) = 0 [pid 305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 305] <... bpf resumed>) = 4 [pid 304] <... prctl resumed>) = 0 [pid 305] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 302] <... bpf resumed>) = 6 [pid 305] <... bpf resumed>) = 5 [pid 304] setpgid(0, 0 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 305] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 304] <... setpgid resumed>) = 0 [pid 302] <... bpf resumed>) = 7 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 302] exit_group(0 [pid 298] <... bpf resumed>) = 6 [pid 305] <... bpf resumed>) = 6 [pid 304] <... openat resumed>) = 3 [pid 303] <... bpf resumed>) = 3 [pid 302] <... exit_group resumed>) = ? [pid 298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 304] write(3, "1000", 4 [pid 302] +++ exited with 0 +++ [pid 304] <... write resumed>) = 4 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 304] close(3) = 0 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x555555afa660, 24) = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 305] <... bpf resumed>) = 7 [pid 304] <... bpf resumed>) = 4 [pid 303] <... bpf resumed>) = 4 [pid 298] <... bpf resumed>) = 7 [ 21.217264][ T286] RBP: 0000559eff2795e0 R08: 0000000000000000 R09: 0000000000000000 [ 21.225074][ T286] R10: 0000000000000008 R11: 0000000000000246 R12: 0000559efed40aa4 [ 21.232885][ T286] R13: 0000000000000014 R14: 0000559efed413e8 R15: 00007ffd596b0598 [ 21.240702][ T286] [ 21.268152][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 21.279576][ T288] BUG: scheduling while atomic: strace-static-x/288/0x00000002 [ 21.286935][ T288] Modules linked in: [ 21.290631][ T288] Preemption disabled at: [ 21.290639][ T288] [] remove_wait_queue+0x26/0x140 [ 21.301447][ T288] CPU: 0 PID: 288 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 21.313222][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 21.323112][ T288] Call Trace: [ 21.326471][ T288] [ 21.329205][ T288] dump_stack_lvl+0x151/0x1b7 [ 21.333821][ T288] ? remove_wait_queue+0x26/0x140 [ 21.338710][ T288] ? remove_wait_queue+0x26/0x140 [ 21.343621][ T288] ? io_uring_drop_tctx_refs+0x190/0x190 [ 21.349089][ T288] ? remove_wait_queue+0x26/0x140 [ 21.353948][ T288] dump_stack+0x15/0x17 [ 21.357941][ T288] __schedule_bug+0x195/0x260 [ 21.362539][ T288] ? ttwu_queue_wakelist+0x510/0x510 [ 21.367661][ T288] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 21.373418][ T288] ? wait_task_inactive+0x2cd/0x4f0 [ 21.378460][ T288] __schedule+0xd19/0x1590 [ 21.382710][ T288] ? _raw_spin_lock_irqsave+0x210/0x210 [ 21.388112][ T288] ? __sched_text_start+0x8/0x8 [ 21.392771][ T288] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 21.397916][ T288] ? _raw_spin_lock_irqsave+0x210/0x210 [ 21.403467][ T288] ? ptrace_check_attach+0x323/0x420 [ 21.408613][ T288] schedule+0x11f/0x1e0 [ 21.412749][ T288] exit_to_user_mode_loop+0x4d/0xe0 [ 21.417750][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 21.423147][ T288] syscall_exit_to_user_mode+0x26/0x160 [ 21.428612][ T288] do_syscall_64+0x49/0xb0 [ 21.432871][ T288] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.438757][ T288] RIP: 0033:0x4e6c1a [ 21.442475][ T288] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [pid 305] exit_group(0 [ 21.462009][ T288] RSP: 002b:00007ffd5d6005a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 21.470274][ T288] RAX: 0000000000000050 RBX: 0000000001a98620 RCX: 00000000004e6c1a [ 21.478665][ T288] RDX: 0000000000000058 RSI: 0000000000000131 RDI: 000000000000420e [ 21.486626][ T288] RBP: 00007ffd5d6006a0 R08: 000000000000420d R09: 0000000000000000 [ 21.494405][ T288] R10: 000000000063c820 R11: 0000000000000206 R12: 0000000001a98620 [ 21.502203][ T288] R13: 00007ffd5d6006fc R14: 000000000000857f R15: 0000000000617180 [ 21.510103][ T288] [pid 304] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 298] exit_group(0 [pid 306] <... bpf resumed>) = 4 [pid 306] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 306] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [ 21.517094][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000102, exited with 00000101? [ 21.529347][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000104, exited with 00000103? [ 21.541156][ T286] BUG: scheduling while atomic: sshd/286/0x00000003 [ 21.547601][ T286] Modules linked in: [ 21.551305][ T286] Preemption disabled at: [ 21.551316][ T286] [] pipe_read+0x5b3/0x1040 [ 21.561570][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 21.572073][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 21.581962][ T286] Call Trace: [ 21.585083][ T286] [ 21.587873][ T286] dump_stack_lvl+0x151/0x1b7 [ 21.592368][ T286] ? pipe_read+0x5b3/0x1040 [ 21.596712][ T286] ? pipe_read+0x5b3/0x1040 [ 21.601050][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 21.606518][ T286] ? pipe_read+0x5b3/0x1040 [ 21.610863][ T286] dump_stack+0x15/0x17 [ 21.614879][ T286] __schedule_bug+0x195/0x260 [ 21.619367][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 21.624485][ T286] __schedule+0xd19/0x1590 [ 21.628741][ T286] ? __sched_text_start+0x8/0x8 [ 21.633426][ T286] schedule+0x11f/0x1e0 [ 21.637414][ T286] schedule_hrtimeout_range_clock+0x228/0x3a0 [ 21.643422][ T286] ? hrtimer_nanosleep_restart+0x170/0x170 [ 21.649162][ T286] ? add_wait_queue+0x189/0x1c0 [ 21.653851][ T286] ? __remove_hrtimer+0x4d0/0x4d0 [ 21.658799][ T286] ? __pollwait+0x2f5/0x3f0 [ 21.663139][ T286] ? poll_initwait+0x160/0x160 [ 21.667738][ T286] schedule_hrtimeout_range+0x2a/0x40 [ 21.672946][ T286] do_sys_poll+0xe20/0x12d0 [ 21.677307][ T286] ? poll_select_finish+0x7b0/0x7b0 [ 21.682494][ T286] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 21.688398][ T286] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 21.694304][ T286] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 21.700120][ T286] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 21.706021][ T286] ? _raw_spin_lock_irqsave+0x210/0x210 [ 21.711399][ T286] ? __kasan_check_write+0x14/0x20 [ 21.716339][ T286] ? recalc_sigpending+0x1a5/0x230 [ 21.721287][ T286] ? _raw_spin_unlock_irq+0x4e/0x70 [ 21.726327][ T286] ? sigprocmask+0x280/0x280 [ 21.730853][ T286] ? set_current_blocked+0x40/0x40 [ 21.735799][ T286] __se_sys_ppoll+0x29c/0x330 [ 21.740528][ T286] ? __x64_sys_ppoll+0xd0/0xd0 [ 21.745208][ T286] ? __bpf_trace_sys_enter+0x62/0x70 [ 21.750323][ T286] __x64_sys_ppoll+0xbf/0xd0 [ 21.754752][ T286] do_syscall_64+0x3d/0xb0 [ 21.759007][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.764729][ T286] RIP: 0033:0x7faca711fad5 [ 21.769070][ T286] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 [ 21.788598][ T286] RSP: 002b:00007ffd596b0510 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 21.796866][ T286] RAX: ffffffffffffffda RBX: 00000000000668a0 RCX: 00007faca711fad5 [ 21.804652][ T286] RDX: 00007ffd596b0530 RSI: 0000000000000004 RDI: 0000559eff27ab20 [ 21.812472][ T286] RBP: 0000559eff2795e0 R08: 0000000000000008 R09: 0000000000000000 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16) = 7 [pid 306] exit_group(0) = ? [pid 306] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 292] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 308 [pid 305] <... exit_group resumed>) = ? [pid 305] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 309 ./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x555555afa660, 24) = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 304] <... bpf resumed>) = 5 [pid 303] <... bpf resumed>) = 5 [pid 298] <... exit_group resumed>) = ? [pid 304] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 303] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x555555afa660, 24 [pid 298] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=0, si_stime=47} --- [pid 303] <... bpf resumed>) = 0 [pid 304] <... bpf resumed>) = 0 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 308] <... set_robust_list resumed>) = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 308] <... openat resumed>) = 3 [pid 308] write(3, "1000", 4 [pid 296] <... clone resumed>, child_tidptr=0x555555afa650) = 311 [pid 308] <... write resumed>) = 4 [pid 308] close(3) = 0 [pid 308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x555555afa660, 24 [pid 309] <... bpf resumed>) = 3 [pid 311] <... set_robust_list resumed>) = 0 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 303] <... bpf resumed>) = 6 [pid 311] <... prctl resumed>) = 0 [pid 304] <... bpf resumed>) = 6 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 311] setpgid(0, 0 [pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 311] <... setpgid resumed>) = 0 [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 308] <... bpf resumed>) = 3 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 308] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 311] <... openat resumed>) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 303] <... bpf resumed>) = 7 [pid 309] <... bpf resumed>) = 4 [pid 304] <... bpf resumed>) = 7 [pid 311] <... bpf resumed>) = 4 [pid 308] <... bpf resumed>) = 4 [pid 304] exit_group(0 [ 21.820281][ T286] R10: 00007ffd596b0618 R11: 0000000000000246 R12: 0000559efed40aa4 [ 21.828227][ T286] R13: 0000000000000001 R14: 0000559efed413e8 R15: 00007ffd596b0598 [ 21.836053][ T286] [ 21.858641][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 21.870141][ T288] BUG: scheduling while atomic: strace-static-x/288/0x00000002 [ 21.877731][ T288] Modules linked in: [ 21.881440][ T288] Preemption disabled at: [ 21.881448][ T288] [] pipe_write+0x1429/0x1930 [ 21.891771][ T288] CPU: 0 PID: 288 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 21.903244][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 21.913158][ T288] Call Trace: [ 21.916283][ T288] [ 21.919044][ T288] dump_stack_lvl+0x151/0x1b7 [ 21.923547][ T288] ? pipe_write+0x1429/0x1930 [ 21.928250][ T288] ? pipe_write+0x1429/0x1930 [ 21.932877][ T288] ? io_uring_drop_tctx_refs+0x190/0x190 [ 21.938340][ T288] ? pipe_write+0x1429/0x1930 [ 21.942857][ T288] dump_stack+0x15/0x17 [ 21.946843][ T288] __schedule_bug+0x195/0x260 [ 21.951356][ T288] ? ttwu_queue_wakelist+0x510/0x510 [ 21.956493][ T288] __schedule+0xd19/0x1590 [ 21.960729][ T288] ? __sched_text_start+0x8/0x8 [ 21.965414][ T288] ? ksys_write+0x24f/0x2c0 [ 21.969757][ T288] schedule+0x11f/0x1e0 [ 21.973880][ T288] exit_to_user_mode_loop+0x4d/0xe0 [ 21.978953][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 21.984332][ T288] syscall_exit_to_user_mode+0x26/0x160 [ 21.989710][ T288] do_syscall_64+0x49/0xb0 [ 21.993956][ T288] ? sysvec_call_function_single+0x52/0xb0 [ 21.999613][ T288] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 22.005323][ T288] RIP: 0033:0x4e815a [ 22.009057][ T288] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 78 0c 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 36 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 b8 ff ff ff f7 [ 22.028518][ T288] RSP: 002b:00007ffd5d600588 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 22.036775][ T288] RAX: 0000000000001000 RBX: 0000000020000000 RCX: 00000000004e815a [ 22.044569][ T288] RDX: 0000000000000001 RSI: 00007ffd5d6005b0 RDI: 0000000000000135 [ 22.052486][ T288] RBP: 000000000063c8a0 R08: 0000000000000001 R09: 0000000000000000 [ 22.060270][ T288] R10: 00007ffd5d6005c0 R11: 0000000000000246 R12: 0000000000000000 [pid 309] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 303] exit_group(0 [pid 311] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 309] <... bpf resumed>) = 5 [pid 308] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 304] <... exit_group resumed>) = ? [pid 303] <... exit_group resumed>) = ? [pid 311] <... bpf resumed>) = 5 [pid 309] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 308] <... bpf resumed>) = 5 [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 304] +++ exited with 0 +++ [pid 311] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 309] <... bpf resumed>) = 6 [pid 308] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 303] +++ exited with 0 +++ [pid 311] <... bpf resumed>) = 0 [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 308] <... bpf resumed>) = 0 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 308] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] <... restart_syscall resumed>) = 0 [pid 311] <... bpf resumed>) = 6 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 308] <... bpf resumed>) = 6 [pid 308] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 294] <... clone resumed>, child_tidptr=0x555555afa650) = 313 [pid 293] <... clone resumed>, child_tidptr=0x555555afa650) = 312 ./strace-static-x86_64: Process 312 attached ./strace-static-x86_64: Process 313 attached [pid 312] set_robust_list(0x555555afa660, 24 [pid 313] set_robust_list(0x555555afa660, 24 [pid 312] <... set_robust_list resumed>) = 0 [pid 313] <... set_robust_list resumed>) = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 312] <... prctl resumed>) = 0 [pid 312] setpgid(0, 0 [pid 313] <... prctl resumed>) = 0 [pid 312] <... setpgid resumed>) = 0 [pid 313] setpgid(0, 0 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 313] <... setpgid resumed>) = 0 [pid 312] <... openat resumed>) = 3 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 312] write(3, "1000", 4 [pid 313] <... openat resumed>) = 3 [pid 312] <... write resumed>) = 4 [pid 313] write(3, "1000", 4 [pid 312] close(3 [pid 313] <... write resumed>) = 4 [pid 312] <... close resumed>) = 0 [pid 313] close(3 [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 313] <... close resumed>) = 0 [pid 312] <... bpf resumed>) = 3 [pid 313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 313] <... bpf resumed>) = 3 [pid 313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 309] <... bpf resumed>) = 7 [ 22.068073][ T288] R13: 0000000020000340 R14: 0000000001a9a010 R15: 0000000001a9c6b0 [ 22.075890][ T288] [ 22.107239][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000102, exited with 00000101? [pid 312] <... bpf resumed>) = 4 [pid 313] <... bpf resumed>) = 4 [pid 311] <... bpf resumed>) = 7 [pid 308] <... bpf resumed>) = 7 [pid 313] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 313] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16) = 7 [pid 313] exit_group(0) = ? [pid 313] +++ exited with 0 +++ [ 22.119348][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000104, exited with 00000103? [ 22.131305][ T286] BUG: scheduling while atomic: sshd/286/0x00000003 [ 22.137758][ T286] Modules linked in: [ 22.141575][ T286] Preemption disabled at: [ 22.141585][ T286] [] pipe_read+0x5b3/0x1040 [ 22.151693][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 22.162146][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 22.172136][ T286] Call Trace: [ 22.175251][ T286] [ 22.178033][ T286] dump_stack_lvl+0x151/0x1b7 [ 22.182542][ T286] ? pipe_read+0x5b3/0x1040 [ 22.186884][ T286] ? pipe_read+0x5b3/0x1040 [ 22.191239][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 22.196702][ T286] ? kmem_cache_free+0x116/0x2e0 [ 22.201468][ T286] ? pipe_read+0x5b3/0x1040 [ 22.205805][ T286] dump_stack+0x15/0x17 [ 22.209793][ T286] __schedule_bug+0x195/0x260 [ 22.214315][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 22.219476][ T286] __schedule+0xd19/0x1590 [ 22.223770][ T286] ? __sched_text_start+0x8/0x8 [ 22.228459][ T286] schedule+0x11f/0x1e0 [ 22.232446][ T286] schedule_hrtimeout_range_clock+0x228/0x3a0 [ 22.238548][ T286] ? hrtimer_nanosleep_restart+0x170/0x170 [ 22.244185][ T286] ? add_wait_queue+0x189/0x1c0 [ 22.248869][ T286] ? __remove_hrtimer+0x4d0/0x4d0 [ 22.253725][ T286] ? __pollwait+0x2f5/0x3f0 [ 22.258148][ T286] ? poll_initwait+0x160/0x160 [ 22.262667][ T286] schedule_hrtimeout_range+0x2a/0x40 [ 22.267972][ T286] do_sys_poll+0xe20/0x12d0 [ 22.272421][ T286] ? poll_select_finish+0x7b0/0x7b0 [ 22.277428][ T286] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 22.283324][ T286] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 22.289142][ T286] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 22.294958][ T286] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 22.300894][ T286] ? _raw_spin_lock_irqsave+0x210/0x210 [ 22.306237][ T286] ? __kasan_check_write+0x14/0x20 [ 22.311272][ T286] ? recalc_sigpending+0x1a5/0x230 [ 22.316222][ T286] ? _raw_spin_unlock_irq+0x4e/0x70 [ 22.321257][ T286] ? sigprocmask+0x280/0x280 [ 22.325682][ T286] ? set_current_blocked+0x40/0x40 [ 22.330625][ T286] __se_sys_ppoll+0x29c/0x330 [ 22.335146][ T286] ? __x64_sys_ppoll+0xd0/0xd0 [ 22.339738][ T286] ? __bpf_trace_sys_enter+0x62/0x70 [ 22.344955][ T286] __x64_sys_ppoll+0xbf/0xd0 [ 22.349459][ T286] do_syscall_64+0x3d/0xb0 [ 22.353711][ T286] ? sysvec_call_function_single+0x52/0xb0 [ 22.359359][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 22.365431][ T286] RIP: 0033:0x7faca711fad5 [ 22.369684][ T286] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 [ 22.389211][ T286] RSP: 002b:00007ffd596b0510 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 22.397454][ T286] RAX: ffffffffffffffda RBX: 00000000000668a0 RCX: 00007faca711fad5 [ 22.405282][ T286] RDX: 00007ffd596b0530 RSI: 0000000000000004 RDI: 0000559eff27ab20 [ 22.413075][ T286] RBP: 0000559eff2795e0 R08: 0000000000000008 R09: 0000000000000000 [pid 309] exit_group(0) = ? [pid 309] +++ exited with 0 +++ [pid 312] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 312] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 311] exit_group(0 [pid 308] exit_group(0 [pid 312] <... bpf resumed>) = 6 [pid 311] <... exit_group resumed>) = ? [pid 308] <... exit_group resumed>) = ? [pid 312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=26} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 314 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 315 ./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x555555afa660, 24) = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 311] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 315] <... bpf resumed>) = 3 [pid 315] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 296] <... restart_syscall resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 316 ./strace-static-x86_64: Process 316 attached ./strace-static-x86_64: Process 314 attached [pid 316] set_robust_list(0x555555afa660, 24 [pid 314] set_robust_list(0x555555afa660, 24 [pid 316] <... set_robust_list resumed>) = 0 [pid 314] <... set_robust_list resumed>) = 0 [pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 316] setpgid(0, 0 [pid 314] <... prctl resumed>) = 0 [pid 316] <... setpgid resumed>) = 0 [pid 314] setpgid(0, 0 [pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 314] <... setpgid resumed>) = 0 [pid 316] <... openat resumed>) = 3 [pid 316] write(3, "1000", 4 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 316] <... write resumed>) = 4 [pid 314] <... openat resumed>) = 3 [pid 316] close(3) = 0 [pid 314] write(3, "1000", 4 [pid 316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 314] <... write resumed>) = 4 [pid 314] close(3) = 0 [pid 314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 316] <... bpf resumed>) = 3 [pid 316] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 314] <... bpf resumed>) = 3 [pid 314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 308] +++ exited with 0 +++ [pid 312] <... bpf resumed>) = 7 [pid 315] <... bpf resumed>) = 4 [pid 316] <... bpf resumed>) = 4 [pid 315] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [ 22.420888][ T286] R10: 00007ffd596b0618 R11: 0000000000000246 R12: 0000559efed40aa4 [ 22.428785][ T286] R13: 0000000000000001 R14: 0000559efed413e8 R15: 00007ffd596b0598 [ 22.436610][ T286] [ 22.457753][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [pid 312] exit_group(0 [ 22.469411][ T288] BUG: scheduling while atomic: strace-static-x/288/0x00000002 [ 22.476801][ T288] Modules linked in: [ 22.480597][ T288] Preemption disabled at: [ 22.480605][ T288] [] __se_sys_ptrace+0x229/0x400 [ 22.491151][ T288] CPU: 0 PID: 288 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 22.502762][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 22.512847][ T288] Call Trace: [ 22.515963][ T288] [ 22.518741][ T288] dump_stack_lvl+0x151/0x1b7 [ 22.523424][ T288] ? __se_sys_ptrace+0x229/0x400 [ 22.528210][ T288] ? __se_sys_ptrace+0x229/0x400 [ 22.532977][ T288] ? io_uring_drop_tctx_refs+0x190/0x190 [ 22.538446][ T288] ? __se_sys_ptrace+0x229/0x400 [ 22.543302][ T288] dump_stack+0x15/0x17 [ 22.547292][ T288] __schedule_bug+0x195/0x260 [ 22.551807][ T288] ? ttwu_queue_wakelist+0x510/0x510 [ 22.556926][ T288] ? bpf_bprintf_cleanup+0x3f/0x60 [ 22.561875][ T288] __schedule+0xd19/0x1590 [ 22.566126][ T288] ? __kasan_check_read+0x11/0x20 [ 22.570988][ T288] ? __fdget_pos+0x209/0x3a0 [ 22.575425][ T288] ? __sched_text_start+0x8/0x8 [ 22.580103][ T288] ? ksys_write+0x24f/0x2c0 [ 22.584444][ T288] schedule+0x11f/0x1e0 [ 22.588439][ T288] exit_to_user_mode_loop+0x4d/0xe0 [ 22.593475][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 22.598767][ T288] syscall_exit_to_user_mode+0x26/0x160 [ 22.604142][ T288] do_syscall_64+0x49/0xb0 [ 22.608394][ T288] ? sysvec_call_function_single+0x52/0xb0 [ 22.614036][ T288] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 22.619767][ T288] RIP: 0033:0x4e5c73 [ 22.623497][ T288] Code: c7 c0 b8 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18 [ 22.642936][ T288] RSP: 002b:00007ffd5d600508 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 22.651182][ T288] RAX: 0000000000000012 RBX: 0000000000000012 RCX: 00000000004e5c73 [ 22.658993][ T288] RDX: 0000000000000012 RSI: 0000000001a99000 RDI: 0000000000000002 [pid 314] <... bpf resumed>) = 4 [pid 316] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 315] <... bpf resumed>) = 5 [pid 312] <... exit_group resumed>) = ? [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 316] <... bpf resumed>) = 5 [ 22.666802][ T288] RBP: 0000000001a99000 R08: 0000000000000001 R09: 0000000000000001 [ 22.674616][ T288] R10: 000000000063c820 R11: 0000000000000246 R12: 0000000000000012 [ 22.682428][ T288] R13: 0000000000617480 R14: 0000000000000012 R15: 0000000000000001 [ 22.690241][ T288] [ 22.695082][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 22.706512][ T288] BUG: scheduling while atomic: strace-static-x/288/0x00000002 [ 22.713869][ T288] Modules linked in: [ 22.717716][ T288] Preemption disabled at: [ 22.717727][ T288] [] preempt_schedule+0xd9/0xe0 [ 22.728104][ T288] CPU: 0 PID: 288 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 22.739540][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 22.749435][ T288] Call Trace: [ 22.752559][ T288] [ 22.755336][ T288] dump_stack_lvl+0x151/0x1b7 [ 22.759849][ T288] ? preempt_schedule+0xd9/0xe0 [ 22.764537][ T288] ? preempt_schedule+0xd9/0xe0 [ 22.769224][ T288] ? io_uring_drop_tctx_refs+0x190/0x190 [ 22.774693][ T288] ? preempt_schedule+0xd9/0xe0 [ 22.779469][ T288] dump_stack+0x15/0x17 [ 22.783461][ T288] __schedule_bug+0x195/0x260 [ 22.787973][ T288] ? ttwu_queue_wakelist+0x510/0x510 [ 22.793939][ T288] ? kernel_waitid+0x520/0x520 [ 22.798614][ T288] ? wait_task_inactive+0x2cd/0x4f0 [ 22.803641][ T288] __schedule+0xd19/0x1590 [ 22.807896][ T288] ? __x64_sys_wait4+0x181/0x1e0 [ 22.812667][ T288] ? bpf_trace_run2+0xf1/0x210 [ 22.817266][ T288] ? __sched_text_start+0x8/0x8 [ 22.821956][ T288] schedule+0x11f/0x1e0 [ 22.825947][ T288] exit_to_user_mode_loop+0x4d/0xe0 [ 22.830981][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 22.836276][ T288] syscall_exit_to_user_mode+0x26/0x160 [ 22.841658][ T288] do_syscall_64+0x49/0xb0 [ 22.845909][ T288] ? sysvec_call_function_single+0x52/0xb0 [ 22.851551][ T288] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 22.857279][ T288] RIP: 0033:0x4d49a6 [ 22.861012][ T288] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 22.880563][ T288] RSP: 002b:00007ffd5d600738 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 22.888805][ T288] RAX: 000000000000013c RBX: 0000000001a962f8 RCX: 00000000004d49a6 [ 22.896619][ T288] RDX: 0000000040000000 RSI: 00007ffd5d60075c RDI: 00000000ffffffff [ 22.904429][ T288] RBP: 0000000000000000 R08: 0000000000000017 R09: 0000000000000001 [ 22.912251][ T288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001a9d750 [pid 316] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 315] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 314] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 312] +++ exited with 0 +++ [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 315] <... bpf resumed>) = 0 [pid 314] <... bpf resumed>) = 5 [pid 292] <... restart_syscall resumed>) = 0 [pid 316] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16) = 7 [pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 314] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 316] exit_group(0) = ? [pid 316] +++ exited with 0 +++ [pid 315] <... bpf resumed>) = 6 [pid 314] <... bpf resumed>) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 315] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 314] <... bpf resumed>) = 6 [pid 296] <... restart_syscall resumed>) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555555afa650) = 318 [pid 314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 319 attached , child_tidptr=0x555555afa650) = 319 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 319] set_robust_list(0x555555afa660, 24) = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555555afa650) = 320 ./strace-static-x86_64: Process 318 attached ./strace-static-x86_64: Process 320 attached [pid 318] set_robust_list(0x555555afa660, 24 [pid 320] set_robust_list(0x555555afa660, 24 [pid 319] setpgid(0, 0 [pid 320] <... set_robust_list resumed>) = 0 [pid 319] <... setpgid resumed>) = 0 [pid 318] <... set_robust_list resumed>) = 0 [pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 318] <... prctl resumed>) = 0 [pid 320] <... prctl resumed>) = 0 [pid 320] setpgid(0, 0 [pid 318] setpgid(0, 0 [pid 320] <... setpgid resumed>) = 0 [pid 318] <... setpgid resumed>) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] <... openat resumed>) = 3 [pid 319] write(3, "1000", 4 [pid 320] <... openat resumed>) = 3 [pid 318] write(3, "1000", 4 [pid 315] <... bpf resumed>) = 7 [pid 314] <... bpf resumed>) = 7 [pid 315] exit_group(0 [pid 314] exit_group(0 [pid 315] <... exit_group resumed>) = ? [pid 314] <... exit_group resumed>) = ? [pid 319] <... write resumed>) = 4 [pid 320] write(3, "1000", 4 [pid 318] <... write resumed>) = 4 [pid 319] close(3 [pid 320] <... write resumed>) = 4 [ 22.920051][ T288] R13: 0000000000000000 R14: 00007ffd5d60075c R15: 0000000000617180 [ 22.927873][ T288] [ 22.950398][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 22.961888][ T288] BUG: scheduling while atomic: strace-static-x/288/0x00000002 [ 22.969330][ T288] Modules linked in: [ 22.973038][ T288] Preemption disabled at: [ 22.973045][ T288] [] remove_wait_queue+0x26/0x140 [ 22.983631][ T288] CPU: 0 PID: 288 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 22.995084][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.005063][ T288] Call Trace: [ 23.008187][ T288] [ 23.010966][ T288] dump_stack_lvl+0x151/0x1b7 [ 23.015503][ T288] ? remove_wait_queue+0x26/0x140 [ 23.020346][ T288] ? remove_wait_queue+0x26/0x140 [ 23.025208][ T288] ? io_uring_drop_tctx_refs+0x190/0x190 [ 23.030678][ T288] ? remove_wait_queue+0x26/0x140 [ 23.035536][ T288] dump_stack+0x15/0x17 [ 23.039558][ T288] __schedule_bug+0x195/0x260 [ 23.044039][ T288] ? ttwu_queue_wakelist+0x510/0x510 [ 23.049419][ T288] ? kernel_waitid+0x520/0x520 [ 23.054020][ T288] ? wait_task_inactive+0x2cd/0x4f0 [ 23.059053][ T288] __schedule+0xd19/0x1590 [ 23.063329][ T288] ? __x64_sys_wait4+0x181/0x1e0 [ 23.068073][ T288] ? bpf_trace_run2+0xf1/0x210 [ 23.072798][ T288] ? __sched_text_start+0x8/0x8 [ 23.077484][ T288] schedule+0x11f/0x1e0 [ 23.081479][ T288] exit_to_user_mode_loop+0x4d/0xe0 [ 23.086516][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.091897][ T288] syscall_exit_to_user_mode+0x26/0x160 [ 23.097212][ T288] do_syscall_64+0x49/0xb0 [ 23.101436][ T288] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.107160][ T288] RIP: 0033:0x4d49a6 [ 23.110895][ T288] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 23.130333][ T288] RSP: 002b:00007ffd5d600738 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 23.138719][ T288] RAX: 0000000000000140 RBX: 0000000000000002 RCX: 00000000004d49a6 [ 23.146609][ T288] RDX: 0000000040000001 RSI: 00007ffd5d60075c RDI: 00000000ffffffff [ 23.154666][ T288] RBP: 0000000001a97cf0 R08: 0000000000000000 R09: 0000000000000000 [ 23.162454][ T288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001a9d750 [pid 318] close(3 [pid 320] close(3 [pid 319] <... close resumed>) = 0 [pid 318] <... close resumed>) = 0 [pid 320] <... close resumed>) = 0 [pid 319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [ 23.170265][ T288] R13: 0000000000000126 R14: 00007ffd5d60075c R15: 0000000000617180 [ 23.178261][ T288] [ 23.183431][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 23.195844][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000104, exited with 00000103? [ 23.207721][ T286] BUG: scheduling while atomic: sshd/286/0x00000003 [ 23.214290][ T286] Modules linked in: [ 23.218054][ T286] Preemption disabled at: [ 23.218066][ T286] [] release_sock+0x30/0x1b0 [ 23.228271][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 23.239014][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.248905][ T286] Call Trace: [ 23.252036][ T286] [ 23.254807][ T286] dump_stack_lvl+0x151/0x1b7 [ 23.259329][ T286] ? release_sock+0x30/0x1b0 [ 23.263746][ T286] ? release_sock+0x30/0x1b0 [ 23.268167][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 23.273664][ T286] ? release_sock+0x30/0x1b0 [ 23.278063][ T286] dump_stack+0x15/0x17 [ 23.282058][ T286] __schedule_bug+0x195/0x260 [ 23.286568][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 23.291698][ T286] __schedule+0xd19/0x1590 [ 23.295976][ T286] ? __sched_text_start+0x8/0x8 [ 23.300636][ T286] schedule+0x11f/0x1e0 [ 23.304619][ T286] schedule_hrtimeout_range_clock+0x228/0x3a0 [ 23.310530][ T286] ? hrtimer_nanosleep_restart+0x170/0x170 [ 23.316161][ T286] ? add_wait_queue+0x189/0x1c0 [ 23.320851][ T286] ? __remove_hrtimer+0x4d0/0x4d0 [ 23.325712][ T286] ? __pollwait+0x2f5/0x3f0 [ 23.330057][ T286] ? poll_initwait+0x160/0x160 [ 23.334651][ T286] schedule_hrtimeout_range+0x2a/0x40 [ 23.339857][ T286] do_sys_poll+0xe20/0x12d0 [ 23.344204][ T286] ? poll_select_finish+0x7b0/0x7b0 [ 23.349236][ T286] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 23.355047][ T286] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 23.360861][ T286] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 23.366675][ T286] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 23.372498][ T286] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.377975][ T286] ? __kasan_check_write+0x14/0x20 [ 23.382934][ T286] ? recalc_sigpending+0x1a5/0x230 [ 23.387888][ T286] ? _raw_spin_unlock_irq+0x4e/0x70 [ 23.392928][ T286] ? sigprocmask+0x280/0x280 [ 23.397436][ T286] ? set_current_blocked+0x40/0x40 [ 23.402378][ T286] __se_sys_ppoll+0x29c/0x330 [ 23.406892][ T286] ? __x64_sys_ppoll+0xd0/0xd0 [ 23.411605][ T286] ? __bpf_trace_sys_enter+0x62/0x70 [ 23.416698][ T286] __x64_sys_ppoll+0xbf/0xd0 [ 23.421124][ T286] do_syscall_64+0x3d/0xb0 [ 23.425384][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.431106][ T286] RIP: 0033:0x7faca711fad5 [ 23.435361][ T286] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 [ 23.454801][ T286] RSP: 002b:00007ffd596b0510 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 23.463043][ T286] RAX: ffffffffffffffda RBX: 00000000000668a0 RCX: 00007faca711fad5 [pid 318] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 319] <... bpf resumed>) = 3 [pid 319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 315] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=28} --- [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 321 ./strace-static-x86_64: Process 321 attached [pid 318] <... bpf resumed>) = 3 [pid 314] +++ exited with 0 +++ [pid 320] <... bpf resumed>) = 3 [pid 318] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 321] set_robust_list(0x555555afa660, 24) = 0 [pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 321] setpgid(0, 0) = 0 [pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 321] write(3, "1000", 4 [pid 295] <... clone resumed>, child_tidptr=0x555555afa650) = 322 [pid 321] <... write resumed>) = 4 [pid 321] close(3) = 0 [pid 321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x555555afa660, 24) = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 319] <... bpf resumed>) = 4 [pid 318] <... bpf resumed>) = 4 [pid 321] <... bpf resumed>) = 4 [pid 322] <... bpf resumed>) = 4 [pid 320] <... bpf resumed>) = 4 [pid 321] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 319] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 318] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 322] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 321] <... bpf resumed>) = 5 [pid 320] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 319] <... bpf resumed>) = 5 [pid 318] <... bpf resumed>) = 5 [pid 322] <... bpf resumed>) = 5 [pid 321] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 320] <... bpf resumed>) = 5 [pid 319] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 318] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 322] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 321] <... bpf resumed>) = 0 [pid 320] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 319] <... bpf resumed>) = 0 [pid 318] <... bpf resumed>) = 0 [pid 322] <... bpf resumed>) = 0 [pid 321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 320] <... bpf resumed>) = 0 [pid 319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 318] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 321] <... bpf resumed>) = 6 [pid 320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 319] <... bpf resumed>) = 6 [pid 318] <... bpf resumed>) = 6 [pid 321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 318] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 321] <... bpf resumed>) = 7 [pid 320] <... bpf resumed>) = 6 [pid 319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 318] <... bpf resumed>) = 7 [ 23.470857][ T286] RDX: 00007ffd596b0530 RSI: 0000000000000004 RDI: 0000559eff27ab20 [ 23.478666][ T286] RBP: 0000559eff2795e0 R08: 0000000000000008 R09: 0000000000000000 [ 23.486483][ T286] R10: 00007ffd596b0618 R11: 0000000000000246 R12: 0000559efed40aa4 [ 23.494302][ T286] R13: 0000000000000001 R14: 0000559efed413e8 R15: 00007ffd596b0598 [ 23.502109][ T286] [pid 322] <... bpf resumed>) = 6 [ 23.538221][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 23.549664][ T288] BUG: scheduling while atomic: strace-static-x/288/0x00000002 [ 23.557321][ T288] Modules linked in: [ 23.561038][ T288] Preemption disabled at: [ 23.561048][ T288] [] try_to_wake_up+0x86/0x1160 [ 23.571631][ T288] CPU: 0 PID: 288 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 23.583079][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.592973][ T288] Call Trace: [ 23.596096][ T288] [ 23.598874][ T288] dump_stack_lvl+0x151/0x1b7 [ 23.603416][ T288] ? try_to_wake_up+0x86/0x1160 [ 23.608074][ T288] ? try_to_wake_up+0x86/0x1160 [ 23.612768][ T288] ? io_uring_drop_tctx_refs+0x190/0x190 [ 23.618354][ T288] ? try_to_wake_up+0x86/0x1160 [ 23.623028][ T288] dump_stack+0x15/0x17 [ 23.627023][ T288] __schedule_bug+0x195/0x260 [ 23.631533][ T288] ? ttwu_queue_wakelist+0x510/0x510 [ 23.636655][ T288] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 23.642295][ T288] ? wait_task_inactive+0x2cd/0x4f0 [ 23.647329][ T288] __schedule+0xd19/0x1590 [ 23.651581][ T288] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.656960][ T288] ? __sched_text_start+0x8/0x8 [ 23.661646][ T288] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.666594][ T288] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.671973][ T288] ? ptrace_check_attach+0x323/0x420 [ 23.677096][ T288] schedule+0x11f/0x1e0 [ 23.681087][ T288] exit_to_user_mode_loop+0x4d/0xe0 [ 23.686121][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.691416][ T288] syscall_exit_to_user_mode+0x26/0x160 [ 23.696797][ T288] do_syscall_64+0x49/0xb0 [ 23.701051][ T288] ? sysvec_call_function_single+0x52/0xb0 [ 23.706690][ T288] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.712420][ T288] RIP: 0033:0x4e6c1a [ 23.716156][ T288] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [pid 322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 321] exit_group(0 [pid 320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 319] <... bpf resumed>) = 7 [pid 318] exit_group(0) = ? [pid 322] <... bpf resumed>) = 7 [pid 321] <... exit_group resumed>) = ? [pid 320] <... bpf resumed>) = 7 [pid 319] exit_group(0 [pid 318] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 322] exit_group(0 [pid 321] +++ exited with 0 +++ [ 23.735683][ T288] RSP: 002b:00007ffd5d6005a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 23.743925][ T288] RAX: 0000000000000050 RBX: 0000000001a97cf0 RCX: 00000000004e6c1a [ 23.751739][ T288] RDX: 0000000000000058 RSI: 0000000000000126 RDI: 000000000000420e [ 23.759547][ T288] RBP: 00007ffd5d6006a0 R08: 000000000000420d R09: 0000000000000001 [ 23.767357][ T288] R10: 000000000063c820 R11: 0000000000000206 R12: 0000000001a97cf0 [ 23.775170][ T288] R13: 00007ffd5d6006fc R14: 000000000000857f R15: 0000000000617180 [ 23.782987][ T288] [pid 320] exit_group(0 [pid 319] <... exit_group resumed>) = ? [pid 322] <... exit_group resumed>) = ? [pid 320] <... exit_group resumed>) = ? [pid 319] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] <... clone resumed>, child_tidptr=0x555555afa650) = 324 [pid 294] <... clone resumed>, child_tidptr=0x555555afa650) = 325 ./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x555555afa660, 24) = 0 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 324] setpgid(0, 0) = 0 [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 324] write(3, "1000", 4) = 4 [pid 324] close(3) = 0 [pid 324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 324] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 326 ./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x555555afa660, 24) = 0 [pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 326] setpgid(0, 0) = 0 [pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 326] write(3, "1000", 4) = 4 [pid 326] close(3) = 0 [ 23.790960][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 23.802506][ T82] BUG: scheduling while atomic: syslogd/82/0x00000002 [ 23.809507][ T82] Modules linked in: [ 23.813546][ T82] Preemption disabled at: [ 23.813557][ T82] [] is_module_text_address+0x1a/0x140 [ 23.825360][ T82] CPU: 0 PID: 82 Comm: syslogd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 23.836032][ T82] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.845921][ T82] Call Trace: [ 23.849046][ T82] [ 23.851850][ T82] dump_stack_lvl+0x151/0x1b7 [ 23.856424][ T82] ? is_module_text_address+0x1a/0x140 [ 23.861716][ T82] ? is_module_text_address+0x1a/0x140 [ 23.867012][ T82] ? io_uring_drop_tctx_refs+0x190/0x190 [ 23.872481][ T82] ? is_module_text_address+0x1a/0x140 [ 23.877776][ T82] dump_stack+0x15/0x17 [ 23.881789][ T82] __schedule_bug+0x195/0x260 [ 23.886280][ T82] ? ttwu_queue_wakelist+0x510/0x510 [ 23.891414][ T82] ? bpf_bprintf_cleanup+0x3f/0x60 [ 23.896439][ T82] __schedule+0xd19/0x1590 [ 23.900689][ T82] ? __kasan_check_read+0x11/0x20 [ 23.905548][ T82] ? __fdget_pos+0x2ee/0x3a0 [ 23.909977][ T82] ? __sched_text_start+0x8/0x8 [ 23.914661][ T82] ? ksys_write+0x24f/0x2c0 [ 23.919002][ T82] schedule+0x11f/0x1e0 [ 23.922996][ T82] exit_to_user_mode_loop+0x4d/0xe0 [ 23.928029][ T82] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.933433][ T82] syscall_exit_to_user_mode+0x26/0x160 [ 23.938801][ T82] do_syscall_64+0x49/0xb0 [ 23.943054][ T82] ? sysvec_call_function_single+0x52/0xb0 [ 23.948697][ T82] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.954426][ T82] RIP: 0033:0x7f686cbd5bf2 [ 23.958678][ T82] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 23.978119][ T82] RSP: 002b:00007fff44624fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 326] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 322] +++ exited with 0 +++ [pid 320] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=26} --- [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone resumed>, child_tidptr=0x555555afa650) = 327 [pid 295] <... clone resumed>, child_tidptr=0x555555afa650) = 328 ./strace-static-x86_64: Process 327 attached ./strace-static-x86_64: Process 328 attached ./strace-static-x86_64: Process 325 attached [pid 326] <... bpf resumed>) = 3 [pid 328] set_robust_list(0x555555afa660, 24 [pid 327] set_robust_list(0x555555afa660, 24 [pid 326] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 327] <... set_robust_list resumed>) = 0 [pid 325] set_robust_list(0x555555afa660, 24 [pid 328] <... set_robust_list resumed>) = 0 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 327] <... prctl resumed>) = 0 [pid 328] <... prctl resumed>) = 0 [pid 327] setpgid(0, 0 [pid 328] setpgid(0, 0 [pid 327] <... setpgid resumed>) = 0 [pid 328] <... setpgid resumed>) = 0 [pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 328] <... openat resumed>) = 3 [pid 327] <... openat resumed>) = 3 [pid 328] write(3, "1000", 4 [pid 327] write(3, "1000", 4 [pid 325] <... set_robust_list resumed>) = 0 [pid 328] <... write resumed>) = 4 [pid 327] <... write resumed>) = 4 [pid 328] close(3 [pid 327] close(3 [pid 328] <... close resumed>) = 0 [pid 327] <... close resumed>) = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 328] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 325] <... prctl resumed>) = 0 [pid 328] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 327] <... bpf resumed>) = 3 [pid 325] write(3, "1000", 4 [pid 327] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 325] <... write resumed>) = 4 [pid 325] close(3) = 0 [pid 325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 325] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 324] <... bpf resumed>) = 4 [pid 328] <... bpf resumed>) = 4 [pid 327] <... bpf resumed>) = 4 [pid 326] <... bpf resumed>) = 4 [pid 325] <... bpf resumed>) = 4 [pid 324] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 328] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 327] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 326] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 325] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 324] <... bpf resumed>) = 5 [pid 328] <... bpf resumed>) = 5 [pid 327] <... bpf resumed>) = 5 [pid 326] <... bpf resumed>) = 5 [pid 325] <... bpf resumed>) = 5 [pid 324] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 328] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 327] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 326] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 325] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 324] <... bpf resumed>) = 0 [pid 328] <... bpf resumed>) = 0 [pid 327] <... bpf resumed>) = 0 [pid 326] <... bpf resumed>) = 0 [pid 325] <... bpf resumed>) = 0 [pid 324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 328] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 326] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 324] <... bpf resumed>) = 6 [pid 328] <... bpf resumed>) = 6 [pid 327] <... bpf resumed>) = 6 [pid 326] <... bpf resumed>) = 6 [pid 325] <... bpf resumed>) = 6 [pid 324] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 328] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 327] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [ 23.986370][ T82] RAX: 000000000000010b RBX: 0000000000000003 RCX: 00007f686cbd5bf2 [ 23.994181][ T82] RDX: 000000000000010b RSI: 0000563a0cbdf600 RDI: 0000000000000003 [ 24.002083][ T82] RBP: 0000563a0cbdf600 R08: 0000000000000001 R09: 0000000000000000 [ 24.010001][ T82] R10: 00007f686cd743a3 R11: 0000000000000246 R12: 000000000000010b [ 24.017894][ T82] R13: 00007f686ca81300 R14: 0000000000000004 R15: 0000563a0cbdf410 [ 24.025722][ T82] [pid 326] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 325] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 324] <... bpf resumed>) = 7 [ 24.059495][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 24.071306][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 24.077759][ T286] Modules linked in: [ 24.081451][ T286] Preemption disabled at: [ 24.081458][ T286] [] __set_current_blocked+0x11b/0x2f0 [ 24.092620][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 24.103126][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.113239][ T286] Call Trace: [ 24.116337][ T286] [ 24.119113][ T286] dump_stack_lvl+0x151/0x1b7 [ 24.123629][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 24.128923][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 24.134214][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.139681][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 24.144975][ T286] dump_stack+0x15/0x17 [ 24.148978][ T286] __schedule_bug+0x195/0x260 [ 24.153575][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 24.158697][ T286] ? bpf_bprintf_cleanup+0x3f/0x60 [ 24.163636][ T286] ? __set_current_blocked+0x2a5/0x2f0 [ 24.168957][ T286] __schedule+0xd19/0x1590 [ 24.173313][ T286] ? __kasan_check_read+0x11/0x20 [ 24.178148][ T286] ? __fdget_pos+0x209/0x3a0 [ 24.182572][ T286] ? __sched_text_start+0x8/0x8 [ 24.187271][ T286] ? ksys_write+0x24f/0x2c0 [ 24.191609][ T286] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 24.196982][ T286] schedule+0x11f/0x1e0 [ 24.200974][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 24.206005][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 24.211303][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 24.216688][ T286] do_syscall_64+0x49/0xb0 [ 24.220937][ T286] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 24.226574][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.232302][ T286] RIP: 0033:0x7faca711cbf2 [ 24.236558][ T286] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [pid 328] <... bpf resumed>) = 7 [pid 327] <... bpf resumed>) = 7 [pid 326] <... bpf resumed>) = 7 [pid 325] <... bpf resumed>) = 7 [pid 324] exit_group(0 [pid 328] exit_group(0 [pid 325] exit_group(0 [pid 324] <... exit_group resumed>) = ? [pid 328] <... exit_group resumed>) = ? [pid 325] <... exit_group resumed>) = ? [pid 324] +++ exited with 0 +++ [pid 328] +++ exited with 0 +++ [pid 325] +++ exited with 0 +++ [pid 327] exit_group(0 [pid 326] exit_group(0 [pid 327] <... exit_group resumed>) = ? [pid 326] <... exit_group resumed>) = ? [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] <... restart_syscall resumed>) = 0 [pid 293] <... restart_syscall resumed>) = 0 [pid 295] <... clone resumed>, child_tidptr=0x555555afa650) = 329 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] <... clone resumed>, child_tidptr=0x555555afa650) = 331 [pid 293] <... clone resumed>, child_tidptr=0x555555afa650) = 330 ./strace-static-x86_64: Process 331 attached [pid 331] set_robust_list(0x555555afa660, 24) = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 331] setpgid(0, 0) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] write(3, "1000", 4) = 4 [pid 331] close(3) = 0 [pid 331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 327] +++ exited with 0 +++ [pid 326] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=326, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone resumed>, child_tidptr=0x555555afa650) = 332 [pid 292] <... clone resumed>, child_tidptr=0x555555afa650) = 333 ./strace-static-x86_64: Process 330 attached ./strace-static-x86_64: Process 333 attached ./strace-static-x86_64: Process 329 attached [pid 333] set_robust_list(0x555555afa660, 24 [pid 330] set_robust_list(0x555555afa660, 24 [pid 329] set_robust_list(0x555555afa660, 24 [pid 333] <... set_robust_list resumed>) = 0 [pid 330] <... set_robust_list resumed>) = 0 [pid 329] <... set_robust_list resumed>) = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 332 attached [pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 332] set_robust_list(0x555555afa660, 24 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 333] <... prctl resumed>) = 0 [pid 330] <... prctl resumed>) = 0 [pid 329] <... prctl resumed>) = 0 [pid 332] <... set_robust_list resumed>) = 0 [pid 330] setpgid(0, 0 [pid 333] setpgid(0, 0 [pid 330] <... setpgid resumed>) = 0 [pid 329] setpgid(0, 0 [pid 333] <... setpgid resumed>) = 0 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 329] <... setpgid resumed>) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 330] <... openat resumed>) = 3 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 333] <... openat resumed>) = 3 [pid 333] write(3, "1000", 4 [pid 330] write(3, "1000", 4 [pid 329] <... openat resumed>) = 3 [pid 333] <... write resumed>) = 4 [pid 330] <... write resumed>) = 4 [pid 329] write(3, "1000", 4 [pid 333] close(3 [pid 330] close(3 [pid 329] <... write resumed>) = 4 [pid 333] <... close resumed>) = 0 [pid 332] <... prctl resumed>) = 0 [pid 329] close(3 [pid 330] <... close resumed>) = 0 [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 329] <... close resumed>) = 0 [pid 330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 332] setpgid(0, 0) = 0 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 332] write(3, "1000", 4) = 4 [pid 332] close(3) = 0 [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 331] <... bpf resumed>) = 3 [pid 331] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 333] <... bpf resumed>) = 3 [pid 330] <... bpf resumed>) = 3 [pid 332] <... bpf resumed>) = 3 [pid 330] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 329] <... bpf resumed>) = 3 [pid 333] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 333] <... bpf resumed>) = 4 [pid 332] <... bpf resumed>) = 4 [pid 331] <... bpf resumed>) = 4 [pid 330] <... bpf resumed>) = 4 [pid 329] <... bpf resumed>) = 4 [pid 333] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 332] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 331] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 330] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 329] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 333] <... bpf resumed>) = 5 [ 24.256002][ T286] RSP: 002b:00007ffd596b0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 24.264242][ T286] RAX: 00000000000000d4 RBX: 00000000000000d4 RCX: 00007faca711cbf2 [ 24.272058][ T286] RDX: 00000000000000d4 RSI: 0000559eff286510 RDI: 0000000000000004 [ 24.279866][ T286] RBP: 0000559eff279290 R08: 0000000000000000 R09: 0000000000000000 [ 24.287676][ T286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000559efed40aa4 [ 24.295487][ T286] R13: 0000000000000018 R14: 0000559efed413e8 R15: 00007ffd596b0598 [ 24.303304][ T286] [pid 332] <... bpf resumed>) = 5 [pid 331] <... bpf resumed>) = 5 [pid 330] <... bpf resumed>) = 5 [pid 329] <... bpf resumed>) = 5 [pid 333] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 332] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 331] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 330] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 329] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 333] <... bpf resumed>) = 0 [pid 332] <... bpf resumed>) = 0 [pid 331] <... bpf resumed>) = 0 [pid 330] <... bpf resumed>) = 0 [pid 329] <... bpf resumed>) = 0 [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 333] <... bpf resumed>) = 6 [pid 332] <... bpf resumed>) = 6 [pid 331] <... bpf resumed>) = 6 [pid 330] <... bpf resumed>) = 6 [ 24.348395][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 24.359861][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 24.366212][ T286] Modules linked in: [ 24.369991][ T286] Preemption disabled at: [ 24.370000][ T286] [] pipe_read+0x5b3/0x1040 [ 24.376499][ C1] softirq: huh, entered softirq 9 RCU ffffffff815cac40 with preempt_count 00000102, exited with 00000101? [ 24.380033][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 24.391245][ T288] BUG: scheduling while atomic: strace-static-x/288/0x00000002 [ 24.401715][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.401729][ T286] Call Trace: [ 24.401735][ T286] [ 24.401743][ T286] dump_stack_lvl+0x151/0x1b7 [ 24.409180][ T288] Modules linked in: [ 24.419064][ T286] ? pipe_read+0x5b3/0x1040 [ 24.422282][ T288] [ 24.422288][ T288] Preemption disabled at: [ 24.425050][ T286] ? pipe_read+0x5b3/0x1040 [ 24.429589][ T288] [] preempt_schedule+0xd9/0xe0 [ 24.433297][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.460054][ T286] ? pipe_read+0x5b3/0x1040 [ 24.464375][ T286] dump_stack+0x15/0x17 [ 24.468363][ T286] __schedule_bug+0x195/0x260 [ 24.472900][ T286] ? bpf_bprintf_cleanup+0x3f/0x60 [ 24.477843][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 24.482945][ T286] ? bpf_bprintf_cleanup+0x3f/0x60 [ 24.487889][ T286] ? __set_current_blocked+0x2a5/0x2f0 [ 24.493188][ T286] __schedule+0xd19/0x1590 [ 24.497448][ T286] ? bpf_trace_run2+0xf1/0x210 [ 24.502036][ T286] ? __sched_text_start+0x8/0x8 [ 24.506854][ T286] ? bpf_trace_run1+0x1c0/0x1c0 [ 24.511525][ T286] ? ksys_read+0x24f/0x2c0 [ 24.515785][ T286] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 24.521165][ T286] schedule+0x11f/0x1e0 [ 24.525154][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 24.530192][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 24.535480][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 24.540865][ T286] do_syscall_64+0x49/0xb0 [ 24.545116][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.550849][ T286] RIP: 0033:0x7faca7103587 [ 24.555095][ T286] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 24.574665][ T286] RSP: 002b:00007ffd596abd68 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 24.583034][ T286] RAX: 000000000000011e RBX: 0000000000000000 RCX: 00007faca7103587 [ 24.590943][ T286] RDX: 000000000000085c RSI: 0000559efed4c480 RDI: 0000559efed49937 [ 24.598750][ T286] RBP: 0000559efed4a856 R08: 0000000000000006 R09: 0000000000000000 [ 24.606651][ T286] R10: 0000559efed4a856 R11: 0000000000000246 R12: 0000559efed49937 [ 24.614458][ T286] R13: 0000559efed4c480 R14: 0000559efed4c480 R15: 00007ffd596ac2f0 [ 24.622276][ T286] [ 24.625138][ T288] CPU: 1 PID: 288 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 24.636602][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.646491][ T288] Call Trace: [ 24.649617][ T288] [ 24.652390][ T288] dump_stack_lvl+0x151/0x1b7 [ 24.656898][ T288] ? preempt_schedule+0xd9/0xe0 [ 24.661586][ T288] ? preempt_schedule+0xd9/0xe0 [ 24.666276][ T288] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.671744][ T288] ? preempt_schedule+0xd9/0xe0 [ 24.676433][ T288] dump_stack+0x15/0x17 [ 24.680538][ T288] __schedule_bug+0x195/0x260 [ 24.685047][ T288] ? ttwu_queue_wakelist+0x510/0x510 [ 24.690260][ T288] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 24.695895][ T288] ? wait_task_inactive+0x2cd/0x4f0 [ 24.700931][ T288] __schedule+0xd19/0x1590 [ 24.705197][ T288] ? _raw_spin_lock_irqsave+0x210/0x210 [ 24.710569][ T288] ? bpf_trace_run2+0xf1/0x210 [ 24.715272][ T288] ? __sched_text_start+0x8/0x8 [ 24.719955][ T288] ? ptrace_check_attach+0x323/0x420 [ 24.725074][ T288] schedule+0x11f/0x1e0 [ 24.729065][ T288] exit_to_user_mode_loop+0x4d/0xe0 [ 24.734100][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 24.739398][ T288] syscall_exit_to_user_mode+0x26/0x160 [ 24.744861][ T288] do_syscall_64+0x49/0xb0 [ 24.749116][ T288] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 24.754791][ T288] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.760484][ T288] RIP: 0033:0x4e6c1a [ 24.764218][ T288] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 24.783657][ T288] RSP: 002b:00007ffd5d600620 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 24.792021][ T288] RAX: 0000000000000000 RBX: 0000000001a962f8 RCX: 00000000004e6c1a [pid 333] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 331] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 330] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 329] <... bpf resumed>) = 6 [pid 333] <... bpf resumed>) = 7 [pid 332] <... bpf resumed>) = 7 [pid 333] exit_group(0 [pid 332] exit_group(0 [pid 333] <... exit_group resumed>) = ? [pid 332] <... exit_group resumed>) = ? [pid 329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 333] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 335 attached , child_tidptr=0x555555afa650) = 335 [pid 335] set_robust_list(0x555555afa660, 24) = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [ 24.799827][ T288] RDX: 0000000000000000 RSI: 0000000000000125 RDI: 0000000000000018 [ 24.807636][ T288] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000000 [ 24.815447][ T288] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001a97f90 [ 24.823260][ T288] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [ 24.831081][ T288] [ 24.849516][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 24.860932][ T288] BUG: scheduling while atomic: strace-static-x/288/0x00000002 [ 24.868317][ T288] Modules linked in: [ 24.872094][ T288] Preemption disabled at: [ 24.872102][ T288] [] remove_wait_queue+0x26/0x140 [ 24.882746][ T288] CPU: 1 PID: 288 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 24.894140][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.904186][ T288] Call Trace: [ 24.907272][ T288] [ 24.910049][ T288] dump_stack_lvl+0x151/0x1b7 [ 24.914567][ T288] ? remove_wait_queue+0x26/0x140 [ 24.919425][ T288] ? remove_wait_queue+0x26/0x140 [ 24.924286][ T288] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.929750][ T288] ? remove_wait_queue+0x26/0x140 [ 24.934622][ T288] dump_stack+0x15/0x17 [ 24.938605][ T288] __schedule_bug+0x195/0x260 [ 24.943116][ T288] ? ttwu_queue_wakelist+0x510/0x510 [ 24.948234][ T288] ? kernel_waitid+0x520/0x520 [ 24.952835][ T288] ? wait_task_inactive+0x2cd/0x4f0 [ 24.957873][ T288] __schedule+0xd19/0x1590 [ 24.962121][ T288] ? __x64_sys_wait4+0x181/0x1e0 [ 24.966908][ T288] ? bpf_trace_run2+0xf1/0x210 [ 24.971494][ T288] ? __sched_text_start+0x8/0x8 [ 24.976182][ T288] schedule+0x11f/0x1e0 [ 24.980175][ T288] exit_to_user_mode_loop+0x4d/0xe0 [ 24.985207][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 24.990504][ T288] syscall_exit_to_user_mode+0x26/0x160 [ 24.995886][ T288] do_syscall_64+0x49/0xb0 [ 25.000135][ T288] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 25.005786][ T288] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.011510][ T288] RIP: 0033:0x4d49a6 [ 25.015241][ T288] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 25.034769][ T288] RSP: 002b:00007ffd5d600738 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 25.043010][ T288] RAX: 000000000000014c RBX: 0000000000000001 RCX: 00000000004d49a6 [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 332] +++ exited with 0 +++ [pid 331] <... bpf resumed>) = 7 [pid 330] <... bpf resumed>) = 7 [pid 329] <... bpf resumed>) = 7 [pid 335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 331] exit_group(0 [pid 330] exit_group(0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 329] exit_group(0 [pid 335] <... bpf resumed>) = 4 [pid 331] <... exit_group resumed>) = ? [pid 330] <... exit_group resumed>) = ? [pid 329] <... exit_group resumed>) = ? [pid 335] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 331] +++ exited with 0 +++ [pid 335] <... bpf resumed>) = 5 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=19} --- [pid 335] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [ 25.050835][ T288] RDX: 0000000040000001 RSI: 00007ffd5d60075c RDI: 00000000ffffffff [ 25.058632][ T288] RBP: 0000000001a984d0 R08: 0000000000000000 R09: 0000000000000000 [ 25.066452][ T288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001a9d6c0 [ 25.074370][ T288] R13: 000000000000014f R14: 00007ffd5d60075c R15: 0000000000617180 [ 25.082184][ T288] [ 25.090020][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 25.101459][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 25.107869][ T286] Modules linked in: [ 25.111555][ T286] Preemption disabled at: [ 25.111566][ T286] [] __set_current_blocked+0x11b/0x2f0 [ 25.122600][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 25.133211][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.143112][ T286] Call Trace: [ 25.146223][ T286] [ 25.149001][ T286] dump_stack_lvl+0x151/0x1b7 [ 25.153513][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 25.158810][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 25.164101][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.169601][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 25.174872][ T286] dump_stack+0x15/0x17 [ 25.178857][ T286] __schedule_bug+0x195/0x260 [ 25.183371][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 25.188502][ T286] __schedule+0xd19/0x1590 [ 25.192752][ T286] ? __se_sys_ppoll+0x2b3/0x330 [ 25.197438][ T286] ? __sched_text_start+0x8/0x8 [ 25.202155][ T286] ? __x64_sys_ppoll+0xd0/0xd0 [ 25.206722][ T286] schedule+0x11f/0x1e0 [ 25.210719][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 25.215743][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.221036][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 25.226426][ T286] do_syscall_64+0x49/0xb0 [ 25.230673][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.236410][ T286] RIP: 0033:0x7faca711fad5 [ 25.240658][ T286] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 [ 25.260374][ T286] RSP: 002b:00007ffd596b0510 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 25.268609][ T286] RAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007faca711fad5 [ 25.276421][ T286] RDX: 00007ffd596b0530 RSI: 0000000000000004 RDI: 0000559eff27ab20 [ 25.284223][ T286] RBP: 0000559eff2795e0 R08: 0000000000000008 R09: 0000000000000000 [ 25.292032][ T286] R10: 00007ffd596b0618 R11: 0000000000000246 R12: 0000559efed40aa4 [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 336 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 337 [pid 335] <... bpf resumed>) = 6 [pid 335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 336 attached [pid 336] set_robust_list(0x555555afa660, 24) = 0 [pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 336] setpgid(0, 0) = 0 [pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 336] write(3, "1000", 4) = 4 [pid 336] close(3) = 0 [pid 336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 336] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 330] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- ./strace-static-x86_64: Process 337 attached [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 337] set_robust_list(0x555555afa660, 24./strace-static-x86_64: Process 338 attached ) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555555afa650) = 338 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 337] setpgid(0, 0) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 338] set_robust_list(0x555555afa660, 24 [pid 337] <... openat resumed>) = 3 [pid 337] write(3, "1000", 4 [pid 338] <... set_robust_list resumed>) = 0 [pid 337] <... write resumed>) = 4 [pid 337] close(3) = 0 [pid 337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 338] setpgid(0, 0) = 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 338] write(3, "1000", 4 [pid 337] <... bpf resumed>) = 3 [pid 337] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 338] <... write resumed>) = 4 [pid 338] close(3) = 0 [pid 338] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 338] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 335] <... bpf resumed>) = 7 [pid 335] exit_group(0) = ? [pid 337] <... bpf resumed>) = 4 [pid 338] <... bpf resumed>) = 4 [pid 336] <... bpf resumed>) = 4 [pid 329] +++ exited with 0 +++ [pid 338] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 337] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 336] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 335] +++ exited with 0 +++ [pid 338] <... bpf resumed>) = 5 [pid 337] <... bpf resumed>) = 5 [pid 336] <... bpf resumed>) = 5 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 338] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 337] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 336] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 338] <... bpf resumed>) = 0 [pid 337] <... bpf resumed>) = 0 [pid 336] <... bpf resumed>) = 0 [pid 338] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 338] <... bpf resumed>) = 6 [pid 337] <... bpf resumed>) = 6 [pid 336] <... bpf resumed>) = 6 [pid 337] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 338] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 336] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 292] <... clone resumed>, child_tidptr=0x555555afa650) = 339 [pid 295] <... clone resumed>, child_tidptr=0x555555afa650) = 340 ./strace-static-x86_64: Process 340 attached ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x555555afa660, 24) = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 340] set_robust_list(0x555555afa660, 24 [pid 339] <... prctl resumed>) = 0 [pid 339] setpgid(0, 0 [pid 340] <... set_robust_list resumed>) = 0 [pid 339] <... setpgid resumed>) = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 340] <... openat resumed>) = 3 [pid 339] <... openat resumed>) = 3 [pid 339] write(3, "1000", 4 [pid 340] write(3, "1000", 4 [pid 339] <... write resumed>) = 4 [pid 340] <... write resumed>) = 4 [pid 340] close(3 [pid 339] close(3 [pid 340] <... close resumed>) = 0 [pid 339] <... close resumed>) = 0 [ 25.299853][ T286] R13: 0000000000000001 R14: 0000559efed413e8 R15: 00007ffd596b0598 [ 25.307666][ T286] [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 340] <... bpf resumed>) = 3 [pid 339] <... bpf resumed>) = 3 [pid 339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16) = 4 [pid 339] <... bpf resumed>) = 4 [pid 338] <... bpf resumed>) = 7 [pid 337] <... bpf resumed>) = 7 [pid 336] <... bpf resumed>) = 7 [ 25.368023][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 25.379499][ T288] BUG: scheduling while atomic: strace-static-x/288/0x00000002 [ 25.387039][ T288] Modules linked in: [ 25.390748][ T288] Preemption disabled at: [ 25.390756][ T288] [] up_read+0x16/0x170 [ 25.400504][ T288] CPU: 0 PID: 288 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 25.411926][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.421818][ T288] Call Trace: [ 25.424947][ T288] [ 25.427722][ T288] dump_stack_lvl+0x151/0x1b7 [ 25.432433][ T288] ? up_read+0x16/0x170 [ 25.436389][ T288] ? up_read+0x16/0x170 [ 25.440384][ T288] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.445848][ T288] ? up_read+0x16/0x170 [ 25.449867][ T288] dump_stack+0x15/0x17 [ 25.453833][ T288] __schedule_bug+0x195/0x260 [ 25.458348][ T288] ? ttwu_queue_wakelist+0x510/0x510 [ 25.463469][ T288] __schedule+0xd19/0x1590 [ 25.467725][ T288] ? __sched_text_start+0x8/0x8 [ 25.472702][ T288] ? task_work_add+0x1b0/0x1d0 [ 25.477293][ T288] schedule+0x11f/0x1e0 [ 25.481286][ T288] exit_to_user_mode_loop+0x4d/0xe0 [ 25.486318][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.491610][ T288] syscall_exit_to_user_mode+0x26/0x160 [ 25.496991][ T288] do_syscall_64+0x49/0xb0 [ 25.501244][ T288] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.506975][ T288] RIP: 0033:0x4e65f7 [ 25.510794][ T288] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 25.530320][ T288] RSP: 002b:00007ffd5d600548 EFLAGS: 00000286 ORIG_RAX: 0000000000000003 [ 25.538564][ T288] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: 00000000004e65f7 [ 25.546380][ T288] RDX: 00007ffd5d600550 RSI: 0000000000008910 RDI: 0000000000000003 [ 25.554186][ T288] RBP: 0000000000000003 R08: 00000000ffffffff R09: 000000000000000c [pid 340] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 339] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 338] exit_group(0 [pid 337] exit_group(0 [ 25.561997][ T288] R10: 0000000000554612 R11: 0000000000000286 R12: 00007ffd5d6005b0 [ 25.569811][ T288] R13: 00007ffd5d600550 R14: 0000000000423160 R15: 0000000000617180 [ 25.577625][ T288] [ 25.584167][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 25.595970][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 25.602426][ T286] Modules linked in: [ 25.606286][ T286] Preemption disabled at: [ 25.606296][ T286] [] __set_current_blocked+0x11b/0x2f0 [ 25.617317][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 25.627790][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.637861][ T286] Call Trace: [ 25.640984][ T286] [ 25.643937][ T286] dump_stack_lvl+0x151/0x1b7 [ 25.648454][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.653916][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 25.659210][ T286] dump_stack+0x15/0x17 [ 25.663333][ T286] __schedule_bug+0x195/0x260 [ 25.667842][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 25.673570][ T286] ? bpf_bprintf_cleanup+0x3f/0x60 [ 25.678517][ T286] ? __set_current_blocked+0x2a5/0x2f0 [ 25.683915][ T286] __schedule+0xd19/0x1590 [ 25.688164][ T286] ? __kasan_check_read+0x11/0x20 [ 25.693024][ T286] ? __fdget_pos+0x209/0x3a0 [ 25.697836][ T286] ? __sched_text_start+0x8/0x8 [ 25.702525][ T286] ? ksys_write+0x24f/0x2c0 [ 25.706859][ T286] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 25.712248][ T286] schedule+0x11f/0x1e0 [ 25.716234][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 25.721270][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.726567][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 25.731944][ T286] do_syscall_64+0x49/0xb0 [ 25.736195][ T286] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 25.741844][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.747563][ T286] RIP: 0033:0x7faca711cbf2 [ 25.751817][ T286] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 25.771259][ T286] RSP: 002b:00007ffd596b0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 25.779506][ T286] RAX: 0000000000000054 RBX: 0000000000000054 RCX: 00007faca711cbf2 [ 25.787320][ T286] RDX: 0000000000000054 RSI: 0000559eff286510 RDI: 0000000000000004 [ 25.795132][ T286] RBP: 0000559eff279290 R08: 0000000000000000 R09: 0000000000000000 [ 25.802935][ T286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000559efed40aa4 [ 25.810751][ T286] R13: 0000000000000019 R14: 0000559efed413e8 R15: 00007ffd596b0598 [pid 336] exit_group(0 [pid 340] <... bpf resumed>) = 5 [pid 339] <... bpf resumed>) = 5 [pid 338] <... exit_group resumed>) = ? [pid 336] <... exit_group resumed>) = ? [pid 340] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 338] +++ exited with 0 +++ [pid 340] <... bpf resumed>) = 0 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 341 ./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x555555afa660, 24) = 0 [pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 341] setpgid(0, 0 [pid 340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 341] <... setpgid resumed>) = 0 [pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 341] write(3, "1000", 4) = 4 [pid 341] close(3) = 0 [pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 341] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 337] <... exit_group resumed>) = ? [pid 339] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 340] <... bpf resumed>) = 7 [pid 336] +++ exited with 0 +++ [pid 341] <... bpf resumed>) = 4 [pid 341] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 340] exit_group(0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 341] <... bpf resumed>) = 5 [pid 340] <... exit_group resumed>) = ? [ 25.818572][ T286] [ 25.827354][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 25.838811][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 25.845298][ T286] Modules linked in: [ 25.849019][ T286] Preemption disabled at: [ 25.849031][ T286] [] __set_current_blocked+0x11b/0x2f0 [ 25.860036][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 25.870515][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.880407][ T286] Call Trace: [ 25.883523][ T286] [ 25.886302][ T286] dump_stack_lvl+0x151/0x1b7 [ 25.890990][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 25.896370][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 25.901668][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 25.907216][ T286] ? fsnotify_perm+0x470/0x5d0 [ 25.911825][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 25.917138][ T286] dump_stack+0x15/0x17 [ 25.921106][ T286] __schedule_bug+0x195/0x260 [ 25.925620][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 25.930739][ T286] ? bpf_bprintf_cleanup+0x3f/0x60 [ 25.935683][ T286] ? __set_current_blocked+0x2a5/0x2f0 [ 25.940982][ T286] __schedule+0xd19/0x1590 [ 25.945236][ T286] ? __kasan_check_read+0x11/0x20 [ 25.950216][ T286] ? __fdget_pos+0x209/0x3a0 [ 25.954633][ T286] ? __sched_text_start+0x8/0x8 [ 25.959322][ T286] ? ksys_read+0x24f/0x2c0 [ 25.963571][ T286] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 25.968953][ T286] schedule+0x11f/0x1e0 [ 25.972947][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 25.978001][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.983276][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 25.988659][ T286] do_syscall_64+0x49/0xb0 [ 25.992993][ T286] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 25.998637][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.004531][ T286] RIP: 0033:0x7faca711cb6a [ 26.008749][ T286] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 26.028279][ T286] RSP: 002b:00007ffd596ac3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 26.036615][ T286] RAX: 0000000000000241 RBX: 0000000000000000 RCX: 00007faca711cb6a [ 26.044852][ T286] RDX: 0000000000004000 RSI: 00007ffd596ac408 RDI: 0000000000000009 [ 26.052665][ T286] RBP: 0000559eff281390 R08: 0000000000000000 R09: 0000000000000000 [ 26.060681][ T286] R10: 00007ffd596ac408 R11: 0000000000000246 R12: 0000559eff2795e0 [pid 341] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 342 [pid 341] <... bpf resumed>) = 6 [pid 341] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x555555afa660, 24) = 0 [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 342] setpgid(0, 0) = 0 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 26.068492][ T286] R13: 0000559efed49937 R14: 0000559efed4c480 R15: 0000559eff2795e0 [ 26.076310][ T286] [ 26.080599][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000102, exited with 00000101? [ 26.092265][ T343] BUG: scheduling while atomic: init/343/0x00000002 [ 26.098681][ T343] Modules linked in: [ 26.102320][ T343] Preemption disabled at: [ 26.102329][ T343] [] __set_current_blocked+0x11b/0x2f0 [ 26.113347][ T343] CPU: 0 PID: 343 Comm: init Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 26.123890][ T343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.133734][ T343] Call Trace: [ 26.136859][ T343] [ 26.139637][ T343] dump_stack_lvl+0x151/0x1b7 [ 26.144147][ T343] ? sysvec_call_function_single+0x52/0xb0 [ 26.149791][ T343] ? io_uring_drop_tctx_refs+0x190/0x190 [ 26.155262][ T343] ? __set_current_blocked+0x11b/0x2f0 [ 26.160563][ T343] ? __set_current_blocked+0x11b/0x2f0 [ 26.165850][ T343] dump_stack+0x15/0x17 [ 26.169842][ T343] __schedule_bug+0x195/0x260 [ 26.174361][ T343] ? bpf_bprintf_cleanup+0x1a/0x60 [ 26.179302][ T343] ? ttwu_queue_wakelist+0x510/0x510 [ 26.184424][ T343] ? bpf_bprintf_cleanup+0x1a/0x60 [ 26.189369][ T343] ? asm_sysvec_call_function_single+0x1b/0x20 [ 26.195447][ T343] __schedule+0xd19/0x1590 [ 26.199695][ T343] ? __kasan_check_write+0x14/0x20 [ 26.204642][ T343] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 26.209950][ T343] ? __sched_text_start+0x8/0x8 [ 26.214626][ T343] ? __kasan_check_write+0x14/0x20 [ 26.219569][ T343] ? _raw_write_lock_irq+0xa5/0x170 [ 26.224604][ T343] ? _raw_write_lock_irqsave+0x1e0/0x1e0 [ 26.230071][ T343] ? switch_fpu_return+0x1ed/0x3d0 [ 26.235021][ T343] schedule+0x11f/0x1e0 [ 26.239014][ T343] exit_to_user_mode_loop+0x4d/0xe0 [ 26.244046][ T343] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.249341][ T343] syscall_exit_to_user_mode+0x26/0x160 [ 26.254723][ T343] do_syscall_64+0x49/0xb0 [ 26.258977][ T343] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.264702][ T343] RIP: 0033:0x7f030d5ff7c7 [ 26.269044][ T343] Code: 73 01 c3 48 8b 0d 61 36 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 70 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 31 36 0f 00 f7 d8 64 89 01 48 [ 26.288483][ T343] RSP: 002b:00007ffdcc545338 EFLAGS: 00000206 ORIG_RAX: 0000000000000070 [ 26.296734][ T343] RAX: 0000000000000157 RBX: 000055b3d44a0a50 RCX: 00007f030d5ff7c7 [ 26.304559][ T343] RDX: 0000000000000000 RSI: 00007ffdcc545298 RDI: 0000000000000001 [ 26.312354][ T343] RBP: 00007f030d7c4528 R08: 0000000000000000 R09: 0000000000000000 [pid 342] write(3, "1000", 4 [pid 337] +++ exited with 0 +++ [ 26.320160][ T343] R10: 0000000000000008 R11: 0000000000000206 R12: 0000000000000000 [ 26.328021][ T343] R13: 0000000000000018 R14: 000055b3d3f81169 R15: 00007f030d7f5a80 [ 26.335790][ T343] [ 26.341226][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 26.352804][ T343] BUG: scheduling while atomic: init/343/0x00000002 [ 26.359174][ T343] Modules linked in: [ 26.362861][ T343] Preemption disabled at: [ 26.362872][ T343] [] is_module_text_address+0x1a/0x140 [ 26.373921][ T343] CPU: 0 PID: 343 Comm: init Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 26.384382][ T343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.394362][ T343] Call Trace: [ 26.397487][ T343] [ 26.400264][ T343] dump_stack_lvl+0x151/0x1b7 [ 26.404862][ T343] ? is_module_text_address+0x1a/0x140 [ 26.410181][ T343] ? is_module_text_address+0x1a/0x140 [ 26.415463][ T343] ? io_uring_drop_tctx_refs+0x190/0x190 [ 26.420919][ T343] ? slab_free_freelist_hook+0xbd/0x190 [ 26.426389][ T343] ? is_module_text_address+0x1a/0x140 [ 26.431857][ T343] dump_stack+0x15/0x17 [ 26.435850][ T343] __schedule_bug+0x195/0x260 [ 26.440365][ T343] ? ttwu_queue_wakelist+0x510/0x510 [ 26.445482][ T343] ? do_sys_openat2+0x71c/0x830 [ 26.450173][ T343] __schedule+0xd19/0x1590 [ 26.454423][ T343] ? bpf_trace_run2+0xf1/0x210 [ 26.459021][ T343] ? __sched_text_start+0x8/0x8 [ 26.463712][ T343] ? __x64_sys_openat+0x243/0x290 [ 26.468572][ T343] schedule+0x11f/0x1e0 [ 26.472561][ T343] exit_to_user_mode_loop+0x4d/0xe0 [ 26.477593][ T343] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.482889][ T343] syscall_exit_to_user_mode+0x26/0x160 [ 26.488271][ T343] do_syscall_64+0x49/0xb0 [ 26.492524][ T343] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.498252][ T343] RIP: 0033:0x7f030d6189a4 [ 26.502503][ T343] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83 [pid 342] <... write resumed>) = 4 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 342] close(3) = 0 [pid 342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 344 ./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x555555afa660, 24) = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 344] setpgid(0, 0) = 0 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 344] write(3, "1000", 4) = 4 [pid 344] close(3) = 0 [pid 344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 342] <... bpf resumed>) = 3 [pid 339] <... bpf resumed>) = 7 [ 26.521952][ T343] RSP: 002b:00007ffdcc545280 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 26.530396][ T343] RAX: fffffffffffffffe RBX: 0000000000000004 RCX: 00007f030d6189a4 [ 26.538300][ T343] RDX: 0000000000000802 RSI: 000055b3d44a0a5d RDI: 00000000ffffff9c [ 26.546120][ T343] RBP: 000055b3d44a0a5d R08: 0000000000000000 R09: 0000000000000000 [ 26.554013][ T343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000802 [ 26.561909][ T343] R13: 0000000000000002 R14: 0000000000000802 R15: 00007f030d7f5a80 [ 26.569731][ T343] [ 26.576462][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 26.587981][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 26.594349][ T286] Modules linked in: [ 26.598144][ T286] Preemption disabled at: [ 26.598155][ T286] [] __set_current_blocked+0x11b/0x2f0 [ 26.609114][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 26.619690][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.629578][ T286] Call Trace: [ 26.632709][ T286] [ 26.635479][ T286] dump_stack_lvl+0x151/0x1b7 [ 26.639991][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 26.645284][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 26.650588][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 26.656048][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 26.661340][ T286] dump_stack+0x15/0x17 [ 26.665332][ T286] __schedule_bug+0x195/0x260 [ 26.669932][ T286] ? __kasan_check_write+0x14/0x20 [ 26.674883][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 26.680013][ T286] ? __set_current_blocked+0x2a5/0x2f0 [ 26.685297][ T286] __schedule+0xd19/0x1590 [ 26.689667][ T286] ? __kasan_check_read+0x11/0x20 [ 26.694530][ T286] ? _copy_to_user+0x78/0x90 [ 26.698954][ T286] ? __sched_text_start+0x8/0x8 [ 26.703640][ T286] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 26.709111][ T286] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 26.714596][ T286] schedule+0x11f/0x1e0 [ 26.718605][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 26.723620][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.728910][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 26.734293][ T286] do_syscall_64+0x49/0xb0 [ 26.738545][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.744272][ T286] RIP: 0033:0x7faca70c8773 [ 26.748529][ T286] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 26.767968][ T286] RSP: 002b:00007ffd596b0530 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [pid 344] <... bpf resumed>) = 3 [pid 344] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 341] <... bpf resumed>) = 7 [pid 340] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 344] <... bpf resumed>) = 4 [pid 344] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 295] <... restart_syscall resumed>) = 0 [pid 344] <... bpf resumed>) = 5 [pid 341] exit_group(0 [pid 344] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 341] <... exit_group resumed>) = ? [pid 344] <... bpf resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 342] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 339] exit_group(0 [pid 295] <... clone resumed>, child_tidptr=0x555555afa650) = 345 [pid 339] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x555555afa660, 24) = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0 [pid 342] <... bpf resumed>) = 4 [pid 345] <... setpgid resumed>) = 0 [pid 339] +++ exited with 0 +++ [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 342] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 341] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- [pid 345] <... openat resumed>) = 3 [pid 342] <... bpf resumed>) = 5 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 345] write(3, "1000", 4 [pid 342] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 292] <... restart_syscall resumed>) = 0 [pid 345] <... write resumed>) = 4 [pid 342] <... bpf resumed>) = 0 [pid 293] <... restart_syscall resumed>) = 0 [pid 345] close(3 [pid 342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 345] <... close resumed>) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 346 attached [pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 346] set_robust_list(0x555555afa660, 24 [pid 292] <... clone resumed>, child_tidptr=0x555555afa650) = 346 ./strace-static-x86_64: Process 347 attached [pid 293] <... clone resumed>, child_tidptr=0x555555afa650) = 347 [pid 346] <... set_robust_list resumed>) = 0 [pid 347] set_robust_list(0x555555afa660, 24 [pid 345] <... bpf resumed>) = 3 [pid 342] <... bpf resumed>) = 6 [pid 346] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 347] <... set_robust_list resumed>) = 0 [pid 346] <... prctl resumed>) = 0 [pid 345] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 344] <... bpf resumed>) = 6 [pid 342] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 345] <... bpf resumed>) = 4 [pid 342] <... bpf resumed>) = 7 [pid 345] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 342] exit_group(0 [pid 346] setpgid(0, 0 [pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL [ 26.776231][ T286] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007faca70c8773 [ 26.784023][ T286] RDX: 00007ffd596b0618 RSI: 00007ffd596b0598 RDI: 0000000000000001 [ 26.791837][ T286] RBP: 0000559eff2795e0 R08: 0000000000000001 R09: 0000000000000000 [ 26.799652][ T286] R10: 0000000000000008 R11: 0000000000000246 R12: 0000559efed40aa4 [ 26.807493][ T286] R13: 000000000000001a R14: 0000559efed413e8 R15: 00007ffd596b0598 [ 26.815273][ T286] [ 26.844177][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 26.855750][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 26.862233][ T286] Modules linked in: [ 26.866060][ T286] Preemption disabled at: [ 26.866071][ T286] [] release_sock+0x30/0x1b0 [ 26.876161][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 26.886634][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.896520][ T286] Call Trace: [ 26.899643][ T286] [ 26.902423][ T286] dump_stack_lvl+0x151/0x1b7 [ 26.906933][ T286] ? release_sock+0x30/0x1b0 [ 26.911358][ T286] ? release_sock+0x30/0x1b0 [ 26.915785][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 26.921256][ T286] ? release_sock+0x30/0x1b0 [ 26.925692][ T286] dump_stack+0x15/0x17 [ 26.929695][ T286] __schedule_bug+0x195/0x260 [ 26.934190][ T286] ? bpf_bprintf_cleanup+0x3f/0x60 [ 26.939139][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 26.944258][ T286] ? bpf_bprintf_cleanup+0x3f/0x60 [ 26.949204][ T286] ? __set_current_blocked+0x2a5/0x2f0 [ 26.954501][ T286] __schedule+0xd19/0x1590 [ 26.958755][ T286] ? bpf_trace_run2+0xf1/0x210 [ 26.963355][ T286] ? __sched_text_start+0x8/0x8 [ 26.968036][ T286] ? bpf_trace_run1+0x1c0/0x1c0 [ 26.972723][ T286] ? ksys_write+0x24f/0x2c0 [ 26.977065][ T286] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 26.982495][ T286] schedule+0x11f/0x1e0 [ 26.986445][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 26.991472][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.996766][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 27.002150][ T286] do_syscall_64+0x49/0xb0 [ 27.006402][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.012139][ T286] RIP: 0033:0x7faca7103587 [ 27.016385][ T286] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 27.035831][ T286] RSP: 002b:00007ffd596afe48 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [pid 344] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 345] <... bpf resumed>) = 5 [pid 342] <... exit_group resumed>) = ? [pid 346] <... setpgid resumed>) = 0 [pid 345] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 342] +++ exited with 0 +++ [pid 345] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 347] <... prctl resumed>) = 0 [pid 347] setpgid(0, 0) = 0 [pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 347] write(3, "1000", 4) = 4 [pid 347] close(3) = 0 [pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 345] <... bpf resumed>) = 7 [pid 345] exit_group(0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 345] <... exit_group resumed>) = ? [pid 345] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 346] write(3, "1000", 4 [pid 295] <... restart_syscall resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555555afa650) = 348 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 349 attached ./strace-static-x86_64: Process 348 attached [pid 347] <... bpf resumed>) = 3 [pid 346] <... write resumed>) = 4 [pid 349] set_robust_list(0x555555afa660, 24 [pid 348] set_robust_list(0x555555afa660, 24 [pid 347] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 346] close(3 [pid 295] <... clone resumed>, child_tidptr=0x555555afa650) = 349 [pid 349] <... set_robust_list resumed>) = 0 [pid 348] <... set_robust_list resumed>) = 0 [pid 346] <... close resumed>) = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 349] <... prctl resumed>) = 0 [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 349] setpgid(0, 0 [pid 348] <... prctl resumed>) = 0 [pid 349] <... setpgid resumed>) = 0 [pid 348] setpgid(0, 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 348] <... setpgid resumed>) = 0 [pid 349] <... openat resumed>) = 3 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 346] <... bpf resumed>) = 3 [pid 349] write(3, "1000", 4 [pid 348] <... openat resumed>) = 3 [pid 346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 349] <... write resumed>) = 4 [pid 348] write(3, "1000", 4 [pid 349] close(3 [pid 348] <... write resumed>) = 4 [pid 349] <... close resumed>) = 0 [pid 348] close(3 [pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 348] <... close resumed>) = 0 [pid 348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 349] <... bpf resumed>) = 3 [pid 349] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 348] <... bpf resumed>) = 3 [pid 348] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 349] <... bpf resumed>) = 4 [pid 348] <... bpf resumed>) = 4 [pid 347] <... bpf resumed>) = 4 [pid 346] <... bpf resumed>) = 4 [pid 344] <... bpf resumed>) = 7 [ 27.044069][ T286] RAX: 000000000000011e RBX: 0000000000000000 RCX: 00007faca7103587 [ 27.051877][ T286] RDX: 0000000000000b16 RSI: 0000559efed4bfe0 RDI: 0000559efed49937 [ 27.059886][ T286] RBP: 0000559efed4add0 R08: 0000000000000006 R09: 0000000000000000 [ 27.067719][ T286] R10: 0000559efed4add0 R11: 0000000000000246 R12: 0000559efed49937 [ 27.075523][ T286] R13: 0000559efed4bfe0 R14: 0000559eff281390 R15: 00007ffd596b03d0 [ 27.083336][ T286] [ 27.109076][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 27.120575][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 27.127074][ T286] Modules linked in: [ 27.130759][ T286] Preemption disabled at: [ 27.130769][ T286] [] __set_current_blocked+0x11b/0x2f0 [ 27.141786][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 27.152269][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 27.162163][ T286] Call Trace: [ 27.165285][ T286] [ 27.168068][ T286] dump_stack_lvl+0x151/0x1b7 [ 27.172574][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 27.177875][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 27.183171][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.188635][ T286] ? fsnotify_perm+0x470/0x5d0 [ 27.193267][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 27.198527][ T286] dump_stack+0x15/0x17 [ 27.202519][ T286] __schedule_bug+0x195/0x260 [ 27.207034][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 27.212151][ T286] ? bpf_bprintf_cleanup+0x3f/0x60 [ 27.217106][ T286] ? __set_current_blocked+0x2a5/0x2f0 [ 27.222396][ T286] __schedule+0xd19/0x1590 [ 27.226650][ T286] ? __kasan_check_read+0x11/0x20 [ 27.231506][ T286] ? __fdget_pos+0x209/0x3a0 [ 27.235933][ T286] ? __sched_text_start+0x8/0x8 [ 27.240621][ T286] ? ksys_read+0x24f/0x2c0 [ 27.244874][ T286] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 27.250261][ T286] schedule+0x11f/0x1e0 [ 27.254343][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 27.259367][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 27.264663][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 27.270045][ T286] do_syscall_64+0x49/0xb0 [ 27.274298][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.280170][ T286] RIP: 0033:0x7faca711cb6a [ 27.284411][ T286] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 27.303966][ T286] RSP: 002b:00007ffd596ac3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 27.312327][ T286] RAX: 00000000000005ac RBX: 0000000000000000 RCX: 00007faca711cb6a [ 27.320111][ T286] RDX: 0000000000004000 RSI: 00007ffd596ac408 RDI: 0000000000000009 [ 27.327924][ T286] RBP: 0000559eff281390 R08: 0000000000000000 R09: 0000000000000000 [ 27.335732][ T286] R10: 00007ffd596ac408 R11: 0000000000000246 R12: 0000559eff2795e0 [ 27.343540][ T286] R13: 0000559efed49937 R14: 0000559efed4c480 R15: 0000559eff2795e0 [ 27.351356][ T286] [pid 349] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 348] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 347] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 346] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 344] exit_group(0 [pid 349] <... bpf resumed>) = 5 [pid 348] <... bpf resumed>) = 5 [pid 346] <... bpf resumed>) = 5 [pid 348] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 346] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 348] <... bpf resumed>) = 0 [pid 346] <... bpf resumed>) = 0 [pid 348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 349] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 347] <... bpf resumed>) = 5 [pid 347] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 344] <... exit_group resumed>) = ? [pid 347] <... bpf resumed>) = 0 [pid 349] <... bpf resumed>) = 0 [pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 347] <... bpf resumed>) = 6 [pid 347] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 349] <... bpf resumed>) = 6 [pid 349] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 346] <... bpf resumed>) = 7 [pid 346] exit_group(0) = ? [pid 348] <... bpf resumed>) = 6 [pid 348] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 349] <... bpf resumed>) = 7 [pid 347] <... bpf resumed>) = 7 [pid 344] +++ exited with 0 +++ [pid 346] +++ exited with 0 +++ [ 27.360035][ T30] audit: type=1400 audit(1715489580.653:76): avc: denied { remove_name } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 27.382487][ T30] audit: type=1400 audit(1715489580.653:77): avc: denied { rename } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [pid 349] exit_group(0 [pid 347] exit_group(0 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=42} --- [ 27.407321][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 27.419033][ T288] BUG: scheduling while atomic: strace-static-x/288/0x00000002 [ 27.426813][ T288] Modules linked in: [ 27.430526][ T288] Preemption disabled at: [ 27.430533][ T288] [] pipe_write+0x1429/0x1930 [ 27.440944][ T288] CPU: 0 PID: 288 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 27.452342][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 27.462233][ T288] Call Trace: [ 27.465358][ T288] [ 27.468144][ T288] dump_stack_lvl+0x151/0x1b7 [ 27.472648][ T288] ? pipe_write+0x1429/0x1930 [ 27.477160][ T288] ? pipe_write+0x1429/0x1930 [ 27.481683][ T288] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.487144][ T288] ? pipe_write+0x1429/0x1930 [ 27.491665][ T288] dump_stack+0x15/0x17 [ 27.495659][ T288] __schedule_bug+0x195/0x260 [ 27.500167][ T288] ? ttwu_queue_wakelist+0x510/0x510 [ 27.505311][ T288] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 27.510926][ T288] ? wait_task_inactive+0x2cd/0x4f0 [ 27.515957][ T288] __schedule+0xd19/0x1590 [ 27.520212][ T288] ? _raw_spin_lock_irqsave+0x210/0x210 [ 27.525595][ T288] ? bpf_trace_run2+0xf1/0x210 [ 27.530193][ T288] ? __sched_text_start+0x8/0x8 [ 27.534879][ T288] ? ptrace_check_attach+0x323/0x420 [ 27.540001][ T288] schedule+0x11f/0x1e0 [ 27.543997][ T288] exit_to_user_mode_loop+0x4d/0xe0 [ 27.549026][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 27.554321][ T288] syscall_exit_to_user_mode+0x26/0x160 [ 27.559711][ T288] do_syscall_64+0x49/0xb0 [ 27.564065][ T288] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 27.569700][ T288] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 27.575432][ T288] RIP: 0033:0x4e6c1a [ 27.579158][ T288] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 27.598808][ T288] RSP: 002b:00007ffd5d600620 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [pid 349] <... exit_group resumed>) = ? [pid 348] <... bpf resumed>) = 7 [pid 347] <... exit_group resumed>) = ? [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 348] exit_group(0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 349] +++ exited with 0 +++ [pid 348] <... exit_group resumed>) = ? [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] <... clone resumed>, child_tidptr=0x555555afa650) = 351 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 294] <... clone resumed>, child_tidptr=0x555555afa650) = 352 ./strace-static-x86_64: Process 352 attached [pid 348] +++ exited with 0 +++ [pid 352] set_robust_list(0x555555afa660, 24) = 0 [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 352] setpgid(0, 0 [pid 347] +++ exited with 0 +++ [pid 352] <... setpgid resumed>) = 0 [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- [pid 352] <... openat resumed>) = 3 [pid 352] write(3, "1000", 4 [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 352] <... write resumed>) = 4 [pid 352] close(3) = 0 [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 295] <... clone resumed>, child_tidptr=0x555555afa650) = 354 [pid 293] <... clone resumed>, child_tidptr=0x555555afa650) = 353 ./strace-static-x86_64: Process 354 attached ./strace-static-x86_64: Process 353 attached ./strace-static-x86_64: Process 351 attached [pid 352] <... bpf resumed>) = 3 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 355 attached [pid 354] set_robust_list(0x555555afa660, 24 [pid 352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 354] <... set_robust_list resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555555afa650) = 355 [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 351] set_robust_list(0x555555afa660, 24 [pid 354] setpgid(0, 0 [pid 351] <... set_robust_list resumed>) = 0 [pid 354] <... setpgid resumed>) = 0 [pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 351] <... prctl resumed>) = 0 [pid 354] write(3, "1000", 4) = 4 [pid 351] setpgid(0, 0 [pid 354] close(3) = 0 [pid 351] <... setpgid resumed>) = 0 [pid 354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 355] set_robust_list(0x555555afa660, 24 [pid 354] <... bpf resumed>) = 3 [pid 353] set_robust_list(0x555555afa660, 24 [pid 351] <... openat resumed>) = 3 [pid 354] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 353] <... set_robust_list resumed>) = 0 [pid 351] write(3, "1000", 4 [pid 355] <... set_robust_list resumed>) = 0 [pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 351] <... write resumed>) = 4 [pid 353] <... prctl resumed>) = 0 [pid 351] close(3 [pid 353] setpgid(0, 0 [pid 351] <... close resumed>) = 0 [pid 353] <... setpgid resumed>) = 0 [pid 351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 351] <... bpf resumed>) = 3 [pid 353] <... openat resumed>) = 3 [pid 351] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 355] <... prctl resumed>) = 0 [pid 353] write(3, "1000", 4) = 4 [pid 353] close(3) = 0 [pid 353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 355] setpgid(0, 0) = 0 [pid 353] <... bpf resumed>) = 3 [pid 353] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 355] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 352] <... bpf resumed>) = 4 [pid 355] <... bpf resumed>) = 4 [pid 354] <... bpf resumed>) = 4 [pid 353] <... bpf resumed>) = 4 [pid 352] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 351] <... bpf resumed>) = 4 [pid 355] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 354] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 353] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 352] <... bpf resumed>) = 5 [pid 351] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 355] <... bpf resumed>) = 5 [pid 354] <... bpf resumed>) = 5 [pid 353] <... bpf resumed>) = 5 [pid 352] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 351] <... bpf resumed>) = 5 [pid 355] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 354] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 353] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 352] <... bpf resumed>) = 0 [pid 351] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 355] <... bpf resumed>) = 0 [pid 354] <... bpf resumed>) = 0 [pid 353] <... bpf resumed>) = 0 [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 351] <... bpf resumed>) = 0 [pid 355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 352] <... bpf resumed>) = 6 [pid 351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 355] <... bpf resumed>) = 6 [pid 354] <... bpf resumed>) = 6 [pid 353] <... bpf resumed>) = 6 [ 27.607031][ T288] RAX: 0000000000000000 RBX: 0000000001a962f8 RCX: 00000000004e6c1a [ 27.614847][ T288] RDX: 0000000000000000 RSI: 0000000000000126 RDI: 0000000000000018 [ 27.622654][ T288] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000002 [ 27.630465][ T288] R10: 0000000000000011 R11: 0000000000000206 R12: 0000000001a97cf0 [ 27.638361][ T288] R13: 0000000000000011 R14: 000000000000117f R15: 0000000000617180 [ 27.646179][ T288] [ 27.687110][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 27.698630][ T355] BUG: scheduling while atomic: syz-executor826/355/0x00000002 [ 27.705994][ T355] Modules linked in: [ 27.706532][ C1] softirq: huh, entered softirq 9 RCU ffffffff815cac40 with preempt_count 00000103, exited with 00000102? [ 27.709770][ T355] Preemption disabled at: [ 27.720845][ T355] [] ptrace_stop+0x588/0xa90 [ 27.720868][ T294] BUG: scheduling while atomic: syz-executor826/294/0x00000002 [ 27.724995][ T355] CPU: 0 PID: 355 Comm: syz-executor826 Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 27.725018][ T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 27.725028][ T355] Call Trace: [ 27.725033][ T355] [ 27.725040][ T355] dump_stack_lvl+0x151/0x1b7 [ 27.725061][ T355] ? ptrace_stop+0x588/0xa90 [ 27.725078][ T355] ? ptrace_stop+0x588/0xa90 [ 27.725095][ T355] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.731054][ T294] Modules linked in: [ 27.738372][ T355] ? ptrace_stop+0x588/0xa90 [ 27.738393][ T355] dump_stack+0x15/0x17 [ 27.738411][ T355] __schedule_bug+0x195/0x260 [ 27.750033][ T294] [ 27.760328][ T355] ? stack_trace_snprint+0xf0/0xf0 [ 27.763443][ T294] Preemption disabled at: [ 27.763449][ T294] [] ptrace_stop+0x588/0xa90 [ 27.766222][ T355] ? ttwu_queue_wakelist+0x510/0x510 [ 27.824219][ T355] ? __stack_depot_save+0x34/0x470 [ 27.829249][ T355] __schedule+0xd19/0x1590 [ 27.833498][ T355] ? __kasan_slab_alloc+0xb1/0xe0 [ 27.838358][ T355] ? slab_post_alloc_hook+0x53/0x2c0 [ 27.843487][ T355] ? kmem_cache_alloc+0xf5/0x200 [ 27.848253][ T355] ? security_file_alloc+0x29/0x120 [ 27.853289][ T355] ? alloc_empty_file+0x95/0x180 [ 27.858063][ T355] ? alloc_file+0x5a/0x4e0 [ 27.862317][ T355] ? __sched_text_start+0x8/0x8 [ 27.867002][ T355] ? __mutex_add_waiter+0x1b5/0x310 [ 27.872044][ T355] ? __ww_mutex_check_waiters+0x350/0x350 [ 27.877595][ T355] schedule+0x11f/0x1e0 [ 27.881586][ T355] schedule_preempt_disabled+0x13/0x20 [ 27.886885][ T355] __mutex_lock+0x90e/0x1870 [ 27.891371][ T355] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 27.898000][ T355] ? slab_post_alloc_hook+0x72/0x2c0 [ 27.903298][ T355] ? security_file_alloc+0x29/0x120 [ 27.908318][ T355] ? security_file_alloc+0x29/0x120 [ 27.913349][ T355] ? kmem_cache_alloc+0xf5/0x200 [ 27.918124][ T355] ? percpu_counter_add_batch+0x13d/0x160 [ 27.923676][ T355] ? alloc_file+0x83/0x4e0 [ 27.927941][ T355] __mutex_lock_slowpath+0xe/0x10 [ 27.932791][ T355] mutex_lock+0x135/0x1e0 [ 27.936956][ T355] ? wait_for_completion_killable_timeout+0x10/0x10 [ 27.943467][ T355] ? alloc_file_pseudo+0x280/0x2f0 [ 27.948422][ T355] ? __bpf_trace_kmem_alloc_node+0x140/0x140 [ 27.954324][ T355] tracepoint_probe_register_prio_may_exist+0xb5/0x180 [ 27.961000][ T355] ? acct_clear_integrals+0x30/0x30 [ 27.966031][ T355] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 27.970896][ T355] bpf_probe_register+0x152/0x1e0 [ 27.975752][ T355] bpf_raw_tracepoint_open+0x610/0x950 [ 27.981048][ T355] ? bpf_obj_get_info_by_fd+0x3ce0/0x3ce0 [ 27.986600][ T355] ? bpf_bprintf_cleanup+0x48/0x60 [ 27.991549][ T355] ? bpf_trace_printk+0x1be/0x300 [ 27.996530][ T355] ? selinux_bpf+0xd2/0x100 [ 28.000875][ T355] ? security_bpf+0x82/0xb0 [ 28.005321][ T355] __sys_bpf+0x489/0x760 [ 28.009402][ T355] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 28.014595][ T355] ? __bpf_trace_sys_enter+0x62/0x70 [ 28.019713][ T355] __x64_sys_bpf+0x7c/0x90 [ 28.023963][ T355] do_syscall_64+0x3d/0xb0 [ 28.028216][ T355] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.033943][ T355] RIP: 0033:0x7f301197fea9 [ 28.038198][ T355] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 28.057642][ T355] RSP: 002b:00007ffd2a297c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 28.065966][ T355] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f301197fea9 [ 28.073781][ T355] RDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000011 [ 28.081597][ T355] RBP: 0000000000000000 R08: 00000000000000a0 R09: 00000000000000a0 [ 28.089403][ T355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 28.097215][ T355] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 28.105029][ T355] [ 28.107894][ T294] CPU: 1 PID: 294 Comm: syz-executor826 Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 28.119348][ T294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.129238][ T294] Call Trace: [ 28.132363][ T294] [ 28.135142][ T294] dump_stack_lvl+0x151/0x1b7 [ 28.139802][ T294] ? ptrace_stop+0x588/0xa90 [ 28.144222][ T294] ? ptrace_stop+0x588/0xa90 [ 28.148651][ T294] ? io_uring_drop_tctx_refs+0x190/0x190 [ 28.154113][ T294] ? ptrace_stop+0x588/0xa90 [ 28.158537][ T294] dump_stack+0x15/0x17 [ 28.162527][ T294] __schedule_bug+0x195/0x260 [ 28.167047][ T294] ? ttwu_queue_wakelist+0x510/0x510 [ 28.172170][ T294] ? ktime_get+0x12f/0x160 [ 28.176415][ T294] __schedule+0xd19/0x1590 [ 28.180668][ T294] ? tick_program_event+0x9f/0x120 [ 28.185615][ T294] ? hrtimer_reprogram+0x389/0x430 [ 28.190564][ T294] ? __sched_text_start+0x8/0x8 [ 28.195250][ T294] schedule+0x11f/0x1e0 [ 28.199240][ T294] do_nanosleep+0x181/0x6a0 [ 28.203585][ T294] ? usleep_range_state+0x160/0x160 [ 28.208622][ T294] ? hrtimer_init_sleeper+0x3b/0x1a0 [ 28.213738][ T294] ? hrtimer_nanosleep+0x107/0x3f0 [ 28.218684][ T294] hrtimer_nanosleep+0x1c5/0x3f0 [ 28.223457][ T294] ? nanosleep_copyout+0x120/0x120 [ 28.228404][ T294] ? __remove_hrtimer+0x4d0/0x4d0 [ 28.233266][ T294] ? get_timespec64+0x197/0x270 [ 28.237980][ T294] ? timespec64_add_safe+0x220/0x220 [ 28.243078][ T294] common_nsleep+0x91/0xb0 [ 28.247325][ T294] __se_sys_clock_nanosleep+0x323/0x3b0 [ 28.252707][ T294] ? __x64_sys_clock_nanosleep+0xb0/0xb0 [ 28.258172][ T294] ? __bpf_trace_sys_enter+0x62/0x70 [ 28.263405][ T294] __x64_sys_clock_nanosleep+0x9b/0xb0 [ 28.268674][ T294] do_syscall_64+0x3d/0xb0 [ 28.272929][ T294] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.278749][ T294] RIP: 0033:0x7f30119a7483 [ 28.282995][ T294] Code: 00 00 00 00 00 66 90 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d fe 1b 05 00 00 74 14 b8 e6 00 00 00 0f 05 d8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 [ 28.302434][ T294] RSP: 002b:00007ffd2a297c38 EFLAGS: 00000202 ORIG_RAX: 00000000000000e6 [ 28.310867][ T294] RAX: ffffffffffffffda RBX: 0000000000000160 RCX: 00007f30119a7483 [ 28.318665][ T294] RDX: 00007ffd2a297c50 RSI: 0000000000000000 RDI: 0000000000000000 [ 28.326481][ T294] RBP: 00000000000f4240 R08: 00007ffd2a2ec080 R09: 00007ffd2a2ec0b0 [pid 352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 355] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 354] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 353] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 352] <... bpf resumed>) = 7 [pid 351] <... bpf resumed>) = 6 [pid 352] exit_group(0) = ? [pid 351] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 353] <... bpf resumed>) = 7 [pid 353] exit_group(0 [pid 351] <... bpf resumed>) = 7 [ 28.334289][ T294] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000006bf3 [ 28.342099][ T294] R13: 00007ffd2a297c8c R14: 00007ffd2a297ca0 R15: 00007ffd2a297c90 [ 28.349917][ T294] [ 28.354740][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 28.366208][ T288] BUG: scheduling while atomic: strace-static-x/288/0x00000002 [ 28.373603][ T288] Modules linked in: [ 28.377249][ T288] Preemption disabled at: [ 28.377257][ T288] [] try_to_wake_up+0x86/0x1160 [ 28.387669][ T288] CPU: 0 PID: 288 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 28.399101][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.409186][ T288] Call Trace: [ 28.412310][ T288] [ 28.415085][ T288] dump_stack_lvl+0x151/0x1b7 [ 28.419598][ T288] ? try_to_wake_up+0x86/0x1160 [ 28.424291][ T288] ? try_to_wake_up+0x86/0x1160 [ 28.428973][ T288] ? io_uring_drop_tctx_refs+0x190/0x190 [ 28.434701][ T288] ? try_to_wake_up+0x86/0x1160 [ 28.439388][ T288] dump_stack+0x15/0x17 [ 28.443384][ T288] __schedule_bug+0x195/0x260 [ 28.447893][ T288] ? ttwu_queue_wakelist+0x510/0x510 [ 28.453014][ T288] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 28.458654][ T288] ? wait_task_inactive+0x2cd/0x4f0 [ 28.463690][ T288] __schedule+0xd19/0x1590 [ 28.467941][ T288] ? _raw_spin_lock_irqsave+0x210/0x210 [ 28.473323][ T288] ? __sched_text_start+0x8/0x8 [ 28.478008][ T288] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 28.482955][ T288] ? _raw_spin_lock_irqsave+0x210/0x210 [ 28.488337][ T288] ? ptrace_check_attach+0x323/0x420 [ 28.493458][ T288] schedule+0x11f/0x1e0 [ 28.497451][ T288] exit_to_user_mode_loop+0x4d/0xe0 [ 28.502483][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 28.507778][ T288] syscall_exit_to_user_mode+0x26/0x160 [ 28.513160][ T288] do_syscall_64+0x49/0xb0 [ 28.517416][ T288] ? sysvec_call_function_single+0x52/0xb0 [ 28.523057][ T288] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.528783][ T288] RIP: 0033:0x4e6c1a [ 28.532529][ T288] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 28.552219][ T288] RSP: 002b:00007ffd5d6005a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 28.560555][ T288] RAX: 0000000000000050 RBX: 0000000001a97ba0 RCX: 00000000004e6c1a [ 28.568361][ T288] RDX: 0000000000000058 RSI: 0000000000000128 RDI: 000000000000420e [ 28.576170][ T288] RBP: 00007ffd5d6006a0 R08: 000000000000420d R09: 0000000000000003 [pid 355] <... bpf resumed>) = 7 [pid 354] <... bpf resumed>) = 7 [pid 353] <... exit_group resumed>) = ? [ 28.584155][ T288] R10: 000000000063c820 R11: 0000000000000206 R12: 0000000001a97ba0 [ 28.591966][ T288] R13: 00007ffd5d6006fc R14: 000000000000857f R15: 0000000000617180 [ 28.599781][ T288] [ 28.606771][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 28.618240][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 28.624674][ T286] Modules linked in: [ 28.628433][ T286] Preemption disabled at: [ 28.628442][ T286] [] __set_current_blocked+0x11b/0x2f0 [ 28.639449][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 28.649919][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.659815][ T286] Call Trace: [ 28.662939][ T286] [ 28.665744][ T286] dump_stack_lvl+0x151/0x1b7 [ 28.670226][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 28.675527][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 28.680816][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 28.686284][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 28.691577][ T286] dump_stack+0x15/0x17 [ 28.695571][ T286] __schedule_bug+0x195/0x260 [ 28.700084][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 28.705206][ T286] __schedule+0xd19/0x1590 [ 28.709459][ T286] ? __se_sys_ppoll+0x2b3/0x330 [ 28.714143][ T286] ? __sched_text_start+0x8/0x8 [ 28.718834][ T286] ? __x64_sys_ppoll+0xd0/0xd0 [ 28.723433][ T286] schedule+0x11f/0x1e0 [ 28.727521][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 28.732555][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 28.737850][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 28.743234][ T286] do_syscall_64+0x49/0xb0 [ 28.747487][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.753210][ T286] RIP: 0033:0x7faca711fad5 [ 28.757466][ T286] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 [ 28.776905][ T286] RSP: 002b:00007ffd596b0510 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [pid 352] +++ exited with 0 +++ [pid 351] exit_group(0 [pid 355] exit_group(0 [pid 354] exit_group(0 [pid 353] +++ exited with 0 +++ [pid 351] <... exit_group resumed>) = ? [pid 351] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=353, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- [pid 294] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] <... clone resumed>, child_tidptr=0x555555afa650) = 357 [pid 292] <... clone resumed>, child_tidptr=0x555555afa650) = 358 [pid 294] <... clone resumed>, child_tidptr=0x555555afa650) = 359 ./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x555555afa660, 24) = 0 [pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 358] setpgid(0, 0) = 0 [pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 358] write(3, "1000", 4) = 4 [pid 358] close(3) = 0 [pid 358] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 ./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x555555afa660, 24) = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 357] setpgid(0, 0) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 358] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 357] <... openat resumed>) = 3 [pid 358] <... bpf resumed>) = 4 [pid 357] write(3, "1000", 4 [pid 358] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 357] <... write resumed>) = 4 [pid 358] <... bpf resumed>) = 5 [pid 357] close(3 [pid 358] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 357] <... close resumed>) = 0 [pid 358] <... bpf resumed>) = 0 [pid 357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 358] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 359 attached ) = 6 [pid 355] <... exit_group resumed>) = ? [pid 354] <... exit_group resumed>) = ? [pid 359] set_robust_list(0x555555afa660, 24 [pid 358] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 357] <... bpf resumed>) = 3 [pid 357] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 359] <... set_robust_list resumed>) = 0 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] setpgid(0, 0) = 0 [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 359] write(3, "1000", 4) = 4 [pid 359] close(3) = 0 [pid 359] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 359] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 358] <... bpf resumed>) = 7 [pid 357] <... bpf resumed>) = 4 [pid 355] +++ exited with 0 +++ [pid 358] exit_group(0 [pid 357] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 358] <... exit_group resumed>) = ? [pid 357] <... bpf resumed>) = 5 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 357] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] <... bpf resumed>) = 6 [ 28.785163][ T286] RAX: 0000000000000002 RBX: 00000000000668a0 RCX: 00007faca711fad5 [ 28.793049][ T286] RDX: 00007ffd596b0530 RSI: 0000000000000004 RDI: 0000559eff27ab20 [ 28.800858][ T286] RBP: 0000559eff2795e0 R08: 0000000000000008 R09: 0000000000000000 [ 28.808671][ T286] R10: 00007ffd596b0618 R11: 0000000000000246 R12: 0000559efed40aa4 [ 28.816480][ T286] R13: 0000000000000001 R14: 0000559efed413e8 R15: 00007ffd596b0598 [ 28.824298][ T286] [pid 357] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 296] <... clone resumed>, child_tidptr=0x555555afa650) = 360 ./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x555555afa660, 24) = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [ 28.851389][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 28.862896][ T292] BUG: scheduling while atomic: syz-executor826/292/0x00000002 [ 28.870323][ T292] Modules linked in: [ 28.874273][ T292] Preemption disabled at: [ 28.874284][ T292] [] ptrace_stop+0x588/0xa90 [ 28.884494][ T292] CPU: 0 PID: 292 Comm: syz-executor826 Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 28.895893][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.905785][ T292] Call Trace: [ 28.908904][ T292] [ 28.911686][ T292] dump_stack_lvl+0x151/0x1b7 [ 28.916202][ T292] ? ptrace_stop+0x588/0xa90 [ 28.920622][ T292] ? ptrace_stop+0x588/0xa90 [ 28.925050][ T292] ? io_uring_drop_tctx_refs+0x190/0x190 [ 28.930532][ T292] ? ptrace_stop+0x588/0xa90 [ 28.934972][ T292] dump_stack+0x15/0x17 [ 28.939210][ T292] __schedule_bug+0x195/0x260 [ 28.943725][ T292] ? ttwu_queue_wakelist+0x510/0x510 [ 28.948905][ T292] ? ktime_get+0x12f/0x160 [ 28.953494][ T292] __schedule+0xd19/0x1590 [ 28.957739][ T292] ? tick_program_event+0x9f/0x120 [ 28.962683][ T292] ? hrtimer_reprogram+0x389/0x430 [ 28.967632][ T292] ? __sched_text_start+0x8/0x8 [ 28.972414][ T292] schedule+0x11f/0x1e0 [ 28.976402][ T292] do_nanosleep+0x181/0x6a0 [ 28.980830][ T292] ? usleep_range_state+0x160/0x160 [ 28.985864][ T292] ? hrtimer_init_sleeper+0x3b/0x1a0 [ 28.990976][ T292] ? hrtimer_nanosleep+0x107/0x3f0 [ 28.995924][ T292] hrtimer_nanosleep+0x1c5/0x3f0 [ 29.000702][ T292] ? nanosleep_copyout+0x120/0x120 [ 29.005641][ T292] ? __remove_hrtimer+0x4d0/0x4d0 [ 29.010506][ T292] ? get_timespec64+0x197/0x270 [ 29.015195][ T292] ? timespec64_add_safe+0x220/0x220 [ 29.020317][ T292] common_nsleep+0x91/0xb0 [ 29.024564][ T292] __se_sys_clock_nanosleep+0x323/0x3b0 [ 29.029948][ T292] ? __x64_sys_clock_nanosleep+0xb0/0xb0 [ 29.035705][ T292] ? __bpf_trace_sys_enter+0x62/0x70 [ 29.041062][ T292] __x64_sys_clock_nanosleep+0x9b/0xb0 [ 29.046348][ T292] do_syscall_64+0x3d/0xb0 [ 29.050607][ T292] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 29.056334][ T292] RIP: 0033:0x7f30119a7483 [ 29.060581][ T292] Code: 00 00 00 00 00 66 90 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d fe 1b 05 00 00 74 14 b8 e6 00 00 00 0f 05 d8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 [ 29.080024][ T292] RSP: 002b:00007ffd2a297c38 EFLAGS: 00000202 ORIG_RAX: 00000000000000e6 [ 29.088267][ T292] RAX: ffffffffffffffda RBX: 0000000000000166 RCX: 00007f30119a7483 [pid 360] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 359] <... bpf resumed>) = 4 [pid 358] +++ exited with 0 +++ [pid 354] +++ exited with 0 +++ [pid 359] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=358, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 359] <... bpf resumed>) = 5 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 361 ./strace-static-x86_64: Process 361 attached [pid 359] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 361] set_robust_list(0x555555afa660, 24 [pid 359] <... bpf resumed>) = 0 [pid 361] <... set_robust_list resumed>) = 0 [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 361] setpgid(0, 0) = 0 [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 359] <... bpf resumed>) = 6 [pid 359] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 361] <... openat resumed>) = 3 [pid 361] write(3, "1000", 4) = 4 [pid 361] close(3) = 0 [pid 361] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 362 attached [pid 361] <... bpf resumed>) = 3 [pid 361] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 362] set_robust_list(0x555555afa660, 24 [pid 292] <... clone resumed>, child_tidptr=0x555555afa650) = 362 [pid 362] <... set_robust_list resumed>) = 0 [pid 362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 362] setpgid(0, 0) = 0 [pid 362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 362] write(3, "1000", 4) = 4 [ 29.096077][ T292] RDX: 00007ffd2a297c50 RSI: 0000000000000000 RDI: 0000000000000000 [ 29.103898][ T292] RBP: 00000000000f4240 R08: 00007ffd2a2ec080 R09: 00007ffd2a2ec0b0 [ 29.111696][ T292] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000006fb2 [ 29.119598][ T292] R13: 00007ffd2a297c8c R14: 00007ffd2a297ca0 R15: 00007ffd2a297c90 [ 29.127416][ T292] [ 29.147286][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 29.158825][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 29.165248][ T286] Modules linked in: [ 29.169029][ T286] Preemption disabled at: [ 29.169041][ T286] [] __set_current_blocked+0x11b/0x2f0 [ 29.180100][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 29.190667][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.200559][ T286] Call Trace: [ 29.203684][ T286] [ 29.206461][ T286] dump_stack_lvl+0x151/0x1b7 [ 29.210971][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 29.216267][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 29.221579][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 29.227031][ T286] ? fsnotify_perm+0x470/0x5d0 [ 29.231693][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 29.237045][ T286] dump_stack+0x15/0x17 [ 29.241152][ T286] __schedule_bug+0x195/0x260 [ 29.245635][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 29.250754][ T286] ? bpf_bprintf_cleanup+0x3f/0x60 [ 29.255698][ T286] ? __set_current_blocked+0x2a5/0x2f0 [ 29.260994][ T286] __schedule+0xd19/0x1590 [ 29.265250][ T286] ? __kasan_check_read+0x11/0x20 [ 29.270121][ T286] ? __fdget_pos+0x209/0x3a0 [ 29.274534][ T286] ? __sched_text_start+0x8/0x8 [ 29.279225][ T286] ? ksys_read+0x24f/0x2c0 [ 29.283493][ T286] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 29.288856][ T286] schedule+0x11f/0x1e0 [ 29.292847][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 29.297971][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.303373][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 29.308755][ T286] do_syscall_64+0x49/0xb0 [ 29.313120][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 29.318935][ T286] RIP: 0033:0x7faca711cb6a [ 29.323187][ T286] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 29.342725][ T286] RSP: 002b:00007ffd596ac3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [pid 361] <... bpf resumed>) = 4 [pid 360] <... bpf resumed>) = 4 [pid 359] <... bpf resumed>) = 7 [pid 357] <... bpf resumed>) = 7 [pid 362] close(3 [pid 361] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 360] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 359] exit_group(0 [pid 357] exit_group(0 [pid 361] <... bpf resumed>) = 5 [pid 360] <... bpf resumed>) = 5 [pid 359] <... exit_group resumed>) = ? [pid 357] <... exit_group resumed>) = ? [pid 361] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 360] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 361] <... bpf resumed>) = 0 [pid 360] <... bpf resumed>) = 0 [pid 361] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 360] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 361] <... bpf resumed>) = 6 [pid 360] <... bpf resumed>) = 6 [pid 361] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 360] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 362] <... close resumed>) = 0 [pid 359] +++ exited with 0 +++ [pid 357] +++ exited with 0 +++ [pid 362] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=19} --- [pid 362] <... bpf resumed>) = 3 [pid 362] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 364 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 364 attached , child_tidptr=0x555555afa650) = 365 [pid 364] set_robust_list(0x555555afa660, 24) = 0 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 364] setpgid(0, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "1000", 4./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x555555afa660, 24) = 0 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 365] setpgid(0, 0 [pid 364] <... write resumed>) = 4 [pid 361] <... bpf resumed>) = 7 [pid 360] <... bpf resumed>) = 7 [pid 362] <... bpf resumed>) = 4 [pid 361] exit_group(0 [ 29.350958][ T286] RAX: 00000000000003f3 RBX: 0000000000000000 RCX: 00007faca711cb6a [ 29.358770][ T286] RDX: 0000000000004000 RSI: 00007ffd596ac408 RDI: 0000000000000009 [ 29.366608][ T286] RBP: 0000559eff281390 R08: 0000000000000000 R09: 0000000000000000 [ 29.374403][ T286] R10: 00007ffd596ac408 R11: 0000000000000246 R12: 0000559eff2795e0 [ 29.382206][ T286] R13: 0000559efed49937 R14: 0000559efed4c480 R15: 0000559eff2795e0 [ 29.390033][ T286] [ 29.408398][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 29.419825][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 29.426296][ T286] Modules linked in: [ 29.429970][ T286] Preemption disabled at: [ 29.429978][ T286] [] __set_current_blocked+0x11b/0x2f0 [ 29.441079][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 29.451545][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.461560][ T286] Call Trace: [ 29.464683][ T286] [ 29.467464][ T286] dump_stack_lvl+0x151/0x1b7 [ 29.471973][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 29.477283][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 29.482562][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 29.488030][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 29.493331][ T286] dump_stack+0x15/0x17 [ 29.497316][ T286] __schedule_bug+0x195/0x260 [ 29.501829][ T286] ? __kasan_check_write+0x14/0x20 [ 29.506885][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 29.512004][ T286] ? __set_current_blocked+0x2a5/0x2f0 [ 29.517302][ T286] __schedule+0xd19/0x1590 [ 29.521551][ T286] ? __kasan_check_read+0x11/0x20 [ 29.526411][ T286] ? _copy_to_user+0x78/0x90 [ 29.530839][ T286] ? __sched_text_start+0x8/0x8 [ 29.535529][ T286] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 29.540992][ T286] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 29.546375][ T286] schedule+0x11f/0x1e0 [ 29.550366][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 29.555430][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.560699][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 29.566078][ T286] do_syscall_64+0x49/0xb0 [ 29.570348][ T286] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 29.575977][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 29.581698][ T286] RIP: 0033:0x7faca70c8773 [ 29.585951][ T286] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [pid 362] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 361] <... exit_group resumed>) = ? [pid 360] exit_group(0 [pid 362] <... bpf resumed>) = 5 [pid 365] <... setpgid resumed>) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 [pid 365] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 365] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16) = 4 [pid 365] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 365] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 365] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 362] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 361] +++ exited with 0 +++ [ 29.605392][ T286] RSP: 002b:00007ffd596b0530 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 29.613726][ T286] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007faca70c8773 [ 29.621542][ T286] RDX: 00007ffd596b0618 RSI: 00007ffd596b0598 RDI: 0000000000000001 [ 29.629346][ T286] RBP: 0000559eff2795e0 R08: 0000000000000001 R09: 0000000000000000 [ 29.637157][ T286] R10: 0000000000000008 R11: 0000000000000246 R12: 0000559efed40aa4 [ 29.644967][ T286] R13: 000000000000001d R14: 0000559efed413e8 R15: 00007ffd596b0598 [ 29.652789][ T286] [ 29.658874][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 29.670389][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 29.676818][ T286] Modules linked in: [ 29.680581][ T286] Preemption disabled at: [ 29.680591][ T286] [] preempt_schedule_notrace+0xee/0x140 [ 29.691844][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 29.702289][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.712206][ T286] Call Trace: [ 29.715310][ T286] [ 29.718084][ T286] dump_stack_lvl+0x151/0x1b7 [ 29.722594][ T286] ? preempt_schedule_notrace+0xee/0x140 [ 29.728072][ T286] ? preempt_schedule_notrace+0xee/0x140 [ 29.733538][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 29.739028][ T286] ? preempt_schedule_notrace+0xee/0x140 [ 29.744468][ T286] dump_stack+0x15/0x17 [ 29.748459][ T286] __schedule_bug+0x195/0x260 [ 29.752968][ T286] ? __kasan_check_write+0x14/0x20 [ 29.757920][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 29.763125][ T286] ? __set_current_blocked+0x2a5/0x2f0 [ 29.768420][ T286] __schedule+0xd19/0x1590 [ 29.772670][ T286] ? __kasan_check_read+0x11/0x20 [ 29.777530][ T286] ? _copy_to_user+0x78/0x90 [ 29.781956][ T286] ? __sched_text_start+0x8/0x8 [ 29.786643][ T286] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 29.792114][ T286] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 29.797493][ T286] schedule+0x11f/0x1e0 [ 29.801499][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 29.806520][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.811817][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 29.817196][ T286] do_syscall_64+0x49/0xb0 [ 29.821447][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 29.827176][ T286] RIP: 0033:0x7faca70c8773 [ 29.831432][ T286] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 29.850870][ T286] RSP: 002b:00007ffd596b0530 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [pid 360] <... exit_group resumed>) = ? [pid 362] <... bpf resumed>) = 0 [pid 362] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 366 [pid 364] close(3) = 0 [pid 364] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x555555afa660, 24) = 0 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 366] setpgid(0, 0) = 0 [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 366] write(3, "1000", 4) = 4 [pid 366] close(3) = 0 [pid 366] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 364] <... bpf resumed>) = 3 [pid 364] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 366] <... bpf resumed>) = 3 [pid 365] <... bpf resumed>) = 6 [pid 364] <... bpf resumed>) = 4 [pid 362] <... bpf resumed>) = 6 [pid 360] +++ exited with 0 +++ [pid 366] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 365] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 364] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 362] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- [pid 364] <... bpf resumed>) = 5 [pid 364] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 364] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 364] <... bpf resumed>) = 6 [pid 296] <... clone resumed>, child_tidptr=0x555555afa650) = 367 [pid 364] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x555555afa660, 24) = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 366] <... bpf resumed>) = 4 [pid 365] <... bpf resumed>) = 7 [pid 366] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 365] exit_group(0 [pid 364] <... bpf resumed>) = 7 [pid 362] <... bpf resumed>) = 7 [pid 366] <... bpf resumed>) = 5 [pid 365] <... exit_group resumed>) = ? [pid 364] exit_group(0 [pid 362] exit_group(0 [ 29.859114][ T286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007faca70c8773 [ 29.866925][ T286] RDX: 00007ffd596b0618 RSI: 00007ffd596b0598 RDI: 0000000000000000 [ 29.874737][ T286] RBP: 0000559eff2795e0 R08: 0000000000000000 R09: 0000000000000000 [ 29.882547][ T286] R10: 0000000000000008 R11: 0000000000000246 R12: 0000559efed40aa4 [ 29.890358][ T286] R13: 000000000000001d R14: 0000559efed413e8 R15: 00007ffd596b0598 [ 29.898177][ T286] [pid 366] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 365] +++ exited with 0 +++ [pid 364] <... exit_group resumed>) = ? [ 29.919736][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 29.931422][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 29.937882][ T286] Modules linked in: [ 29.941564][ T286] Preemption disabled at: [ 29.941575][ T286] [] __set_current_blocked+0x11b/0x2f0 [ 29.952733][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 29.963216][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.973108][ T286] Call Trace: [ 29.976236][ T286] [ 29.979012][ T286] dump_stack_lvl+0x151/0x1b7 [ 29.983525][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 29.988819][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 29.994129][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 29.999589][ T286] ? __set_current_blocked+0x11b/0x2f0 [ 30.004877][ T286] dump_stack+0x15/0x17 [ 30.008870][ T286] __schedule_bug+0x195/0x260 [ 30.013382][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 30.018509][ T286] ? bpf_bprintf_cleanup+0x3f/0x60 [ 30.023456][ T286] ? __set_current_blocked+0x2a5/0x2f0 [ 30.028745][ T286] __schedule+0xd19/0x1590 [ 30.032997][ T286] ? __kasan_check_read+0x11/0x20 [ 30.037854][ T286] ? __fdget_pos+0x209/0x3a0 [ 30.042284][ T286] ? __sched_text_start+0x8/0x8 [ 30.046968][ T286] ? ksys_write+0x24f/0x2c0 [ 30.051314][ T286] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 30.056690][ T286] schedule+0x11f/0x1e0 [ 30.060867][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 30.065894][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.071286][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 30.076696][ T286] do_syscall_64+0x49/0xb0 [ 30.080908][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 30.086638][ T286] RIP: 0033:0x7faca711cbf2 [ 30.090888][ T286] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 30.110883][ T286] RSP: 002b:00007ffd596b0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 362] <... exit_group resumed>) = ? [pid 367] <... bpf resumed>) = 3 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=21} --- [pid 366] <... bpf resumed>) = 0 [pid 366] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 366] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 367] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 368 ./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x555555afa660, 24) = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 366] <... bpf resumed>) = 7 [pid 364] +++ exited with 0 +++ [pid 366] exit_group(0 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=364, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 366] <... exit_group resumed>) = ? [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555afa650) = 369 [pid 368] <... bpf resumed>) = 3 [pid 368] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x555555afa660, 24) = 0 [ 30.119102][ T286] RAX: 00000000000000b4 RBX: 00000000000000b4 RCX: 00007faca711cbf2 [ 30.126907][ T286] RDX: 00000000000000b4 RSI: 0000559eff286510 RDI: 0000000000000004 [ 30.134717][ T286] RBP: 0000559eff279290 R08: 0000000000000000 R09: 0000000000000000 [ 30.142527][ T286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000559efed40aa4 [ 30.150343][ T286] R13: 000000000000001d R14: 0000559efed413e8 R15: 00007ffd596b0598 [ 30.158337][ T286] [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 369] setpgid(0, 0) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "1000", 4) = 4 [pid 369] close(3) = 0 [pid 369] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [ 30.162413][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 30.173861][ T82] BUG: scheduling while atomic: syslogd/82/0x00000002 [ 30.180983][ T82] Modules linked in: [ 30.184745][ T82] Preemption disabled at: [ 30.184757][ T82] [] vfs_write+0x94b/0x1110 [ 30.194930][ T82] CPU: 0 PID: 82 Comm: syslogd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 30.205597][ T82] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 30.215497][ T82] Call Trace: [ 30.218629][ T82] [ 30.221396][ T82] dump_stack_lvl+0x151/0x1b7 [ 30.225911][ T82] ? vfs_write+0x94b/0x1110 [ 30.230333][ T82] ? vfs_write+0x94b/0x1110 [ 30.234673][ T82] ? io_uring_drop_tctx_refs+0x190/0x190 [ 30.240145][ T82] ? vfs_write+0x94b/0x1110 [ 30.244493][ T82] dump_stack+0x15/0x17 [ 30.248470][ T82] __schedule_bug+0x195/0x260 [ 30.252981][ T82] ? ttwu_queue_wakelist+0x510/0x510 [ 30.258114][ T82] ? bpf_bprintf_cleanup+0x3f/0x60 [ 30.263572][ T82] __schedule+0xd19/0x1590 [ 30.267836][ T82] ? __kasan_check_read+0x11/0x20 [ 30.272681][ T82] ? __fdget_pos+0x209/0x3a0 [ 30.277135][ T82] ? __sched_text_start+0x8/0x8 [ 30.281794][ T82] ? ksys_read+0x24f/0x2c0 [ 30.286063][ T82] schedule+0x11f/0x1e0 [ 30.290044][ T82] exit_to_user_mode_loop+0x4d/0xe0 [ 30.295079][ T82] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.300376][ T82] syscall_exit_to_user_mode+0x26/0x160 [ 30.305757][ T82] do_syscall_64+0x49/0xb0 [ 30.310010][ T82] ? sysvec_call_function_single+0x52/0xb0 [ 30.315648][ T82] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 30.321376][ T82] RIP: 0033:0x7f686cbd5b6a [ 30.325625][ T82] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 30.345071][ T82] RSP: 002b:00007fff44625118 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 30.353313][ T82] RAX: 000000000000004d RBX: 0000000000000002 RCX: 00007f686cbd5b6a [ 30.361124][ T82] RDX: 00000000000000ff RSI: 0000563a0cbdf300 RDI: 0000000000000000 [pid 369] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16) = 4 [pid 368] <... bpf resumed>) = 4 [pid 367] <... bpf resumed>) = 4 [pid 366] +++ exited with 0 +++ [pid 362] +++ exited with 0 +++ [pid 369] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 369] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4) = 0 [pid 369] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 368] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 367] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=362, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 369] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 368] <... bpf resumed>) = 5 [pid 367] <... bpf resumed>) = 5 [pid 368] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 367] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 368] <... bpf resumed>) = 0 [pid 367] <... bpf resumed>) = 0 [pid 368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 367] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 368] <... bpf resumed>) = 6 [pid 368] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 367] <... bpf resumed>) = 6 ./strace-static-x86_64: Process 371 attached [pid 367] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 295] <... clone resumed>, child_tidptr=0x555555afa650) = 372 [pid 292] <... clone resumed>, child_tidptr=0x555555afa650) = 371 ./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x555555afa660, 24) = 0 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 372] setpgid(0, 0 [pid 371] set_robust_list(0x555555afa660, 24 [pid 372] <... setpgid resumed>) = 0 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 372] write(3, "1000", 4 [pid 371] <... set_robust_list resumed>) = 0 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 372] <... write resumed>) = 4 [pid 371] setpgid(0, 0 [pid 372] close(3) = 0 [pid 372] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 371] <... setpgid resumed>) = 0 [ 30.368936][ T82] RBP: 0000563a0cbdf2c0 R08: 0000000000000001 R09: 0000000000000000 [ 30.376745][ T82] R10: 00007f686cd743a3 R11: 0000000000000246 R12: 0000563a0cbdf339 [ 30.384560][ T82] R13: 0000563a0cbdf300 R14: 0000000000000000 R15: 00007f686cdb2a80 [ 30.392370][ T82] [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 372] <... bpf resumed>) = 3 [pid 371] <... openat resumed>) = 3 [pid 371] write(3, "1000", 4 [pid 372] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 371] <... write resumed>) = 4 [pid 371] close(3) = 0 [pid 371] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001b80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 3 [pid 371] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=3}}, 16 [pid 369] <... bpf resumed>) = 7 [ 30.437642][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000103, exited with 00000102? [ 30.449125][ T286] BUG: scheduling while atomic: sshd/286/0x00000002 [ 30.455466][ T286] Modules linked in: [ 30.456519][ C1] softirq: huh, entered softirq 9 RCU ffffffff815cac40 with preempt_count 00000103, exited with 00000102? [ 30.459339][ T286] Preemption disabled at: [ 30.470362][ T288] BUG: scheduling while atomic: strace-static-x/288/0x00000002 [ 30.470383][ T288] Modules linked in: [ 30.474458][ T286] [] schedule+0x118/0x1e0 [ 30.481991][ T288] [ 30.485574][ T286] CPU: 0 PID: 286 Comm: sshd Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 30.491366][ T288] Preemption disabled at: [ 30.493469][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 30.504059][ T288] [] remove_wait_queue+0x26/0x140 [ 30.508135][ T286] Call Trace: [ 30.508143][ T286] [ 30.508151][ T286] dump_stack_lvl+0x151/0x1b7 [ 30.535495][ T286] ? schedule+0x118/0x1e0 [ 30.539660][ T286] ? schedule+0x118/0x1e0 [ 30.543827][ T286] ? io_uring_drop_tctx_refs+0x190/0x190 [ 30.549382][ T286] ? schedule+0x118/0x1e0 [ 30.553546][ T286] dump_stack+0x15/0x17 [ 30.557548][ T286] __schedule_bug+0x195/0x260 [ 30.562051][ T286] ? __kasan_check_write+0x14/0x20 [ 30.567007][ T286] ? ttwu_queue_wakelist+0x510/0x510 [ 30.572144][ T286] ? __set_current_blocked+0x2a5/0x2f0 [ 30.577416][ T286] __schedule+0xd19/0x1590 [ 30.581670][ T286] ? __kasan_check_read+0x11/0x20 [ 30.586528][ T286] ? _copy_to_user+0x78/0x90 [ 30.590953][ T286] ? __sched_text_start+0x8/0x8 [ 30.595641][ T286] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 30.601110][ T286] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 30.606495][ T286] schedule+0x11f/0x1e0 [ 30.610663][ T286] exit_to_user_mode_loop+0x4d/0xe0 [ 30.615692][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.620984][ T286] syscall_exit_to_user_mode+0x26/0x160 [ 30.626541][ T286] do_syscall_64+0x49/0xb0 [ 30.630809][ T286] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 30.636432][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 30.642170][ T286] RIP: 0033:0x7faca70c8773 [ 30.646427][ T286] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 30.665856][ T286] RSP: 002b:00007ffd596b0530 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 30.674101][ T286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007faca70c8773 [pid 368] <... bpf resumed>) = 7 [pid 372] <... bpf resumed>) = 4 [pid 371] <... bpf resumed>) = 4 [pid 367] <... bpf resumed>) = 7 [pid 372] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 371] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 369] exit_group(0 [pid 368] exit_group(0 [pid 367] exit_group(0 [pid 372] <... bpf resumed>) = 5 [pid 369] <... exit_group resumed>) = ? [pid 368] <... exit_group resumed>) = ? [pid 372] bpf(BPF_MAP_FREEZE, {map_fd=5}, 4 [pid 369] +++ exited with 0 +++ [pid 372] <... bpf resumed>) = 0 [pid 372] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 372] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=6}}, 16 [pid 371] <... bpf resumed>) = 5 [ 30.681912][ T286] RDX: 00007ffd596b0618 RSI: 00007ffd596b0598 RDI: 0000000000000000 [ 30.689721][ T286] RBP: 0000559eff2795e0 R08: 0000000000000000 R09: 0000000000000000 [ 30.697706][ T286] R10: 0000000000000008 R11: 0000000000000246 R12: 0000559efed40aa4 [ 30.705517][ T286] R13: 000000000000001e R14: 0000559efed413e8 R15: 00007ffd596b0598 [ 30.713337][ T286] [ 30.716206][ T288] CPU: 1 PID: 288 Comm: strace-static-x Tainted: G W 5.15.149-syzkaller-00490-g5d96939590c0 #0