last executing test programs: 658.080237ms ago: executing program 2 (id=3): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000000c0)=@framed, &(0x7f00000001c0)='GPL\x00'}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff9f, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001040)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x1, 0x0, 0x0, 0xe, 0x2}, @struct]}, {0x0, [0x5f, 0x2e]}}, &(0x7f0000001280)=""/4096, 0x38, 0x1000}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000600)={r3, 0x20, &(0x7f00000005c0)={&(0x7f00000003c0)=""/114, 0x72, 0x0, 0x0}}, 0x10) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r1}, 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r4, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r6}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000080)=ANY=[@ANYRES16=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, r0, 0xfffffffffffffe77, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x3a0ffffffff) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e00)={&(0x7f0000000980)='sys_exit\x00'}, 0x10) r8 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r7}, 0x8) write$cgroup_int(r8, &(0x7f00000001c0)=0x7fffffd, 0xfffffffffffffdd4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000088500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) 407.718387ms ago: executing program 3 (id=4): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="180118190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000000000000f8ffffffb703000008000000b704000000000000850000002400000095b54bde523746ba21f08133c0ffffc53c46d8c7b13aa0090301366c2319350c811da886b37dc238000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x0, 0xfff, 0x9}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x0, 0x4, 0x4, 0x4, 0x1940}, 0x48) r3 = perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x8, 0x5, 0x5, 0x2, 0x0, 0xd, 0x8204, 0x8, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1, @perf_bp={&(0x7f00000001c0)}, 0xf016, 0x12f, 0xff, 0x2, 0x2, 0x3, 0x1, 0x0, 0x6, 0x0, 0x2}, 0x0, 0x110, 0xffffffffffffffff, 0x0) getpid() bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0xa, 0x45}, 0x48) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)='ns/net\x00') r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0xa, 0x8}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r5}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r8, &(0x7f0000000380)=ANY=[@ANYRES64, @ANYRESDEC=r2, @ANYRES16=r4, @ANYRES64, @ANYRES16=r3, @ANYRES16=r7, @ANYRESOCT=r6], 0xffdd) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r10}, 0x8) ioctl$SIOCSIFHWADDR(r9, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'}) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000080)) openat$ppp(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) 402.023268ms ago: executing program 1 (id=2): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESHEX=0x0, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x90) close(0xffffffffffffffff) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x6) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001c80)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x7a7, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1}, 0x48) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001d00)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x7f, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3}, 0x48) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001d80)={0x1b, 0x0, 0x0, 0x6, 0x0, 0x1, 0xf, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x5}, 0x48) r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001e40)=@o_path={&(0x7f0000001e00)='./file0\x00', 0x0, 0x4010, r0}, 0x18) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001ec0)=@bpf_lsm={0x1d, 0x9, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000500000000000000050000004fb40000fcffffff3903fefff0ffffff8520000001000000852000f7226b97af8b032e0001f9ffffff000000ac0000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x81, 0x1000, &(0x7f0000000a40)=""/4096, 0x40f00, 0x2a, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001e80)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff, r2, 0xffffffffffffffff, r3, r4, 0xffffffffffffffff], 0x0, 0x10, 0x9c4}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8, 0x8}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='sched_switch\x00', r6}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$unix(0x1, 0x0, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xfdef) close(0xffffffffffffffff) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r7}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 240.38284ms ago: executing program 4 (id=5): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESHEX=0x0, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x90) close(0xffffffffffffffff) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x6) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001c80)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x7a7, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1}, 0x48) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001d00)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x7f, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3}, 0x48) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001d80)={0x1b, 0x0, 0x0, 0x6, 0x0, 0x1, 0xf, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x5}, 0x48) r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001e40)=@o_path={&(0x7f0000001e00)='./file0\x00', 0x0, 0x4010, r0}, 0x18) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001ec0)=@bpf_lsm={0x1d, 0x9, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000500000000000000050000004fb40000fcffffff3903fefff0ffffff8520000001000000852000f7226b97af8b032e0001f9ffffff000000ac0000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x81, 0x1000, &(0x7f0000000a40)=""/4096, 0x40f00, 0x2a, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001e80)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff, r2, 0xffffffffffffffff, r3, r4, 0xffffffffffffffff], 0x0, 0x10, 0x9c4}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='sched_switch\x00', r6}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$unix(0x1, 0x0, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xfdef) close(0xffffffffffffffff) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000e27b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 228.944922ms ago: executing program 0 (id=1): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000040)="fb", 0x1}], 0x1}, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r4}, 0x10) recvmsg(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1}, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8914, &(0x7f0000000080)) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000f40)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r9}, 0x10) sendmsg$sock(r6, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000001000)='z', 0x101d0}], 0x1}, 0x0) recvmsg(r7, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f00000014c0)=""/4096, 0x1002}], 0x1}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r11 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r11}, &(0x7f0000000040), &(0x7f0000000140)=r10}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r11}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='kfree\x00', r12}, 0x10) r13 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x10000}, 0x48) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000140)={r13, 0x0, 0x0}, 0x20) 0s ago: executing program 3 (id=6): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000740)=ANY=[], 0x0, 0x0, 0xffffffffffffff32, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x7a05, 0x1700) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200), &(0x7f0000000c00), 0xb3e6}, 0x38) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x126, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r0, &(0x7f0000000180), 0x40010) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00'}) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40305828, &(0x7f0000000040)) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0), 0x48) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.41' (ED25519) to the list of known hosts. [ 21.668891][ T30] audit: type=1400 audit(1722375860.796:66): avc: denied { integrity } for pid=280 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 21.692670][ T30] audit: type=1400 audit(1722375860.816:67): avc: denied { mounton } for pid=280 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.694073][ T280] cgroup: Unknown subsys name 'net' [ 21.715233][ T30] audit: type=1400 audit(1722375860.816:68): avc: denied { mount } for pid=280 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.742262][ T30] audit: type=1400 audit(1722375860.856:69): avc: denied { unmount } for pid=280 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.742494][ T280] cgroup: Unknown subsys name 'devices' [ 21.889374][ T280] cgroup: Unknown subsys name 'hugetlb' [ 21.894815][ T280] cgroup: Unknown subsys name 'rlimit' [ 22.118327][ T30] audit: type=1400 audit(1722375861.246:70): avc: denied { setattr } for pid=280 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.141294][ T30] audit: type=1400 audit(1722375861.246:71): avc: denied { mounton } for pid=280 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.165836][ T30] audit: type=1400 audit(1722375861.246:72): avc: denied { mount } for pid=280 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.173004][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 22.198349][ T30] audit: type=1400 audit(1722375861.326:73): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.223889][ T30] audit: type=1400 audit(1722375861.326:74): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.252401][ T30] audit: type=1400 audit(1722375861.376:75): avc: denied { read } for pid=280 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.278305][ T280] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.694530][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.701416][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.709007][ T290] device bridge_slave_0 entered promiscuous mode [ 22.716838][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.723771][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.730919][ T290] device bridge_slave_1 entered promiscuous mode [ 22.852171][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.859143][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.866243][ T292] device bridge_slave_0 entered promiscuous mode [ 22.874193][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.881234][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.888483][ T292] device bridge_slave_1 entered promiscuous mode [ 22.921040][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.927943][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.935235][ T294] device bridge_slave_0 entered promiscuous mode [ 22.942049][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.948996][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.956272][ T294] device bridge_slave_1 entered promiscuous mode [ 23.001422][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.008344][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.015486][ T291] device bridge_slave_0 entered promiscuous mode [ 23.037636][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.044489][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.051794][ T291] device bridge_slave_1 entered promiscuous mode [ 23.142025][ T297] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.148918][ T297] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.156050][ T297] device bridge_slave_0 entered promiscuous mode [ 23.167944][ T297] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.174811][ T297] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.182312][ T297] device bridge_slave_1 entered promiscuous mode [ 23.239593][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.246445][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.253590][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.260349][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.273182][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.280044][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.287124][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.293943][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.324193][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.331058][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.338175][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.345012][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.408488][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.415970][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.423594][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.431076][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.438204][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.445115][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.452516][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.460555][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.469787][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.476948][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.484283][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.492349][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.500375][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.507196][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.514496][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.522546][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.530669][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.537519][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.545739][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 23.559379][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.567594][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.574429][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.581687][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.589800][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.596628][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.612675][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.620649][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.628646][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.636508][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.671968][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.681819][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.690035][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.698045][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.705040][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.712460][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.720426][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.727251][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.734573][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.749942][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.757803][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.765492][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.773516][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.786705][ T290] device veth0_vlan entered promiscuous mode [ 23.798387][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.806557][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.815075][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.822808][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.831107][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.838832][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.855143][ T292] device veth0_vlan entered promiscuous mode [ 23.867032][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.874420][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.881837][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.889136][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.896324][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.903624][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.910859][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.919220][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.927347][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.935436][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.943932][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.950783][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.957957][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.966015][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.974014][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.980872][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.988079][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.995722][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.003598][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.011484][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.019279][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.027172][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.046901][ T297] device veth0_vlan entered promiscuous mode [ 24.056869][ T292] device veth1_macvtap entered promiscuous mode [ 24.064513][ T290] device veth1_macvtap entered promiscuous mode [ 24.070942][ T291] device veth0_vlan entered promiscuous mode [ 24.076938][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.085229][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.092531][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.099754][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.107198][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.115106][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.122855][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.130797][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.138549][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.146634][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.154843][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.162554][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.170580][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.178629][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.186543][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.194406][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.201731][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.218071][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.226164][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.234390][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.242461][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.266901][ T291] device veth1_macvtap entered promiscuous mode [ 24.274292][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.282507][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.291460][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.303862][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.312337][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.320596][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.328817][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.342379][ T294] device veth0_vlan entered promiscuous mode [ 24.352809][ T297] device veth1_macvtap entered promiscuous mode [ 24.370144][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.378913][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.387192][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.395267][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.403431][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.411805][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.420013][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.427688][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.435821][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.444282][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.452638][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.466914][ T294] device veth1_macvtap entered promiscuous mode [ 24.477484][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.484807][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.492645][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.500919][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.509988][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.566724][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.577718][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.587154][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.652051][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.660499][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.668726][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.676912][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.685313][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.757291][ C1] hrtimer: interrupt took 28069 ns [ 24.839000][ T330] device syzkaller0 entered promiscuous mode [ 124.987276][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 124.993780][ C1] rcu: 1-...!: (10000 ticks this GP) idle=609/1/0x4000000000000000 softirq=2349/2349 fqs=0 last_accelerate: 942f/bb57 dyntick_enabled: 1 [ 125.007654][ C1] (t=10000 jiffies g=913 q=154) [ 125.012418][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 9999 jiffies! g913 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 125.024307][ C1] rcu: Possible timer handling issue on cpu=1 timer-softirq=283 [ 125.031859][ C1] rcu: rcu_preempt kthread starved for 10000 jiffies! g913 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 [ 125.042885][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 125.052690][ C1] rcu: RCU grace-period kthread stack dump: [ 125.058430][ C1] task:rcu_preempt state:I stack:28328 pid: 14 ppid: 2 flags:0x00004000 [ 125.067457][ C1] Call Trace: [ 125.070570][ C1] [ 125.073351][ C1] __schedule+0xccc/0x1590 [ 125.077608][ C1] ? __sched_text_start+0x8/0x8 [ 125.082295][ C1] ? __kasan_check_write+0x14/0x20 [ 125.087234][ C1] schedule+0x11f/0x1e0 [ 125.091229][ C1] schedule_timeout+0x18c/0x370 [ 125.095917][ C1] ? _raw_spin_unlock_irq+0x4e/0x70 [ 125.100958][ C1] ? console_conditional_schedule+0x30/0x30 [ 125.106677][ C1] ? update_process_times+0x200/0x200 [ 125.111881][ C1] ? prepare_to_swait_event+0x308/0x320 [ 125.117268][ C1] rcu_gp_fqs_loop+0x2af/0xf80 [ 125.121867][ C1] ? debug_smp_processor_id+0x17/0x20 [ 125.127072][ C1] ? __note_gp_changes+0x4ab/0x920 [ 125.132020][ C1] ? rcu_gp_init+0xc30/0xc30 [ 125.136553][ C1] ? _raw_spin_unlock_irq+0x4e/0x70 [ 125.141566][ C1] ? rcu_gp_init+0x9cf/0xc30 [ 125.145999][ C1] rcu_gp_kthread+0xa4/0x350 [ 125.150523][ C1] ? _raw_spin_lock+0x1b0/0x1b0 [ 125.155193][ C1] ? wake_nocb_gp+0x1e0/0x1e0 [ 125.159718][ C1] ? __kasan_check_read+0x11/0x20 [ 125.164568][ C1] ? __kthread_parkme+0xb2/0x200 [ 125.169356][ C1] kthread+0x421/0x510 [ 125.173249][ C1] ? wake_nocb_gp+0x1e0/0x1e0 [ 125.177758][ C1] ? kthread_blkcg+0xd0/0xd0 [ 125.182187][ C1] ret_from_fork+0x1f/0x30 [ 125.186452][ C1] [ 125.189308][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 125.195479][ C1] NMI backtrace for cpu 1 [ 125.199647][ C1] CPU: 1 PID: 330 Comm: syz.0.1 Not tainted 5.15.151-syzkaller-00134-gd0a6506ecafd #0 [ 125.209004][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 125.218897][ C1] Call Trace: [ 125.222023][ C1] [ 125.224711][ C1] dump_stack_lvl+0x151/0x1b7 [ 125.229225][ C1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 125.234700][ C1] dump_stack+0x15/0x17 [ 125.238688][ C1] nmi_cpu_backtrace+0x2f7/0x300 [ 125.243469][ C1] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 125.249451][ C1] ? panic+0x751/0x751 [ 125.253355][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 125.259257][ C1] nmi_trigger_cpumask_backtrace+0x15d/0x270 [ 125.265076][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 125.270980][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 125.276699][ C1] rcu_check_gp_kthread_starvation+0x1e3/0x250 [ 125.282694][ C1] ? rcu_check_gp_kthread_expired_fqs_timer+0x18e/0x230 [ 125.289458][ C1] print_cpu_stall+0x310/0x5f0 [ 125.294058][ C1] rcu_sched_clock_irq+0x989/0x12f0 [ 125.299094][ C1] ? rcu_boost_kthread_setaffinity+0x340/0x340 [ 125.305080][ C1] ? hrtimer_run_queues+0x15f/0x440 [ 125.310117][ C1] update_process_times+0x198/0x200 [ 125.315153][ C1] tick_sched_timer+0x188/0x240 [ 125.319834][ C1] ? tick_setup_sched_timer+0x480/0x480 [ 125.325228][ C1] __hrtimer_run_queues+0x41a/0xad0 [ 125.330254][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 125.335201][ C1] ? clockevents_program_event+0x22f/0x300 [ 125.341012][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 125.346919][ C1] hrtimer_interrupt+0x40c/0xaa0 [ 125.351696][ C1] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 125.357423][ C1] sysvec_apic_timer_interrupt+0x95/0xc0 [ 125.362883][ C1] [ 125.365657][ C1] [ 125.368445][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 125.374261][ C1] RIP: 0010:kvm_wait+0x147/0x180 [ 125.379028][ C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 2b 02 13 04 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 125.398467][ C1] RSP: 0018:ffffc900057376a0 EFLAGS: 00000246 [ 125.404372][ C1] RAX: 0000000000000003 RBX: 1ffff92000ae6ed8 RCX: ffffffff8155068f [ 125.412182][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff88810b55c658 [ 125.419991][ C1] RBP: ffffc90005737750 R08: dffffc0000000000 R09: ffffed10216ab8cc [ 125.427800][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 125.435699][ C1] R13: ffff88810b55c658 R14: 0000000000000003 R15: 1ffff92000ae6edc [ 125.443515][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 125.449596][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 125.455582][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 125.460525][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 125.466612][ C1] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 125.472508][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 125.478757][ C1] _raw_spin_lock_bh+0x139/0x1b0 [ 125.483522][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 125.488559][ C1] ? sock_hash_bucket_hash+0x31c/0x7e0 [ 125.493860][ C1] sock_hash_delete_elem+0xb1/0x2f0 [ 125.498897][ C1] ? sock_map_unref+0x352/0x4d0 [ 125.503659][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0xe10 [ 125.509151][ C1] bpf_trace_run2+0xec/0x210 [ 125.513577][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 125.518262][ C1] ? sock_map_unref+0x352/0x4d0 [ 125.522947][ C1] ? futex_exit_release+0x1e0/0x1e0 [ 125.527984][ C1] ? sock_map_unref+0x352/0x4d0 [ 125.532672][ C1] __bpf_trace_kfree+0x6f/0x90 [ 125.537267][ C1] ? sock_map_unref+0x352/0x4d0 [ 125.541956][ C1] kfree+0x1f3/0x220 [ 125.545690][ C1] sock_map_unref+0x352/0x4d0 [ 125.550204][ C1] sock_hash_delete_elem+0x274/0x2f0 [ 125.555325][ C1] ? kvfree+0x35/0x40 [ 125.559143][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0xe10 [ 125.564536][ C1] bpf_trace_run2+0xec/0x210 [ 125.568946][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 125.573634][ C1] ? __anon_inode_getfd+0x3af/0x430 [ 125.578669][ C1] ? kvfree+0x35/0x40 [ 125.582498][ C1] ? kvfree+0x35/0x40 [ 125.586304][ C1] __bpf_trace_kfree+0x6f/0x90 [ 125.590907][ C1] ? kvfree+0x35/0x40 [ 125.594723][ C1] kfree+0x1f3/0x220 [ 125.598460][ C1] kvfree+0x35/0x40 [ 125.602098][ C1] map_delete_elem+0x337/0x4e0 [ 125.606708][ C1] __sys_bpf+0x42e/0x760 [ 125.610778][ C1] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 125.615989][ C1] ? __kasan_check_read+0x11/0x20 [ 125.620849][ C1] __x64_sys_bpf+0x7c/0x90 [ 125.625274][ C1] do_syscall_64+0x3d/0xb0 [ 125.629530][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 125.635254][ C1] RIP: 0033:0x7fd0409563b9 [ 125.639540][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.658961][ C1] RSP: 002b:00007fd03f5d6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 125.667205][ C1] RAX: ffffffffffffffda RBX: 00007fd040ae4f80 RCX: 00007fd0409563b9 [ 125.675001][ C1] RDX: 0000000000000020 RSI: 0000000020000140 RDI: 0000000000000003 [ 125.682815][ C1] RBP: 00007fd0409c38e6 R08: 0000000000000000 R09: 0000000000000000 [ 125.690716][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.698531][ C1] R13: 000000000000000b R14: 00007fd040ae4f80 R15: 00007fff75d2cae8 [ 125.706344][ C1] [ 125.709308][ C1] Sending NMI from CPU 1 to CPUs 0: [ 125.714261][ C0] NMI backtrace for cpu 0 [ 125.714271][ C0] CPU: 0 PID: 317 Comm: syz.2.3 Not tainted 5.15.151-syzkaller-00134-gd0a6506ecafd #0 [ 125.714289][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 125.714299][ C0] RIP: 0010:native_apic_msr_write+0x39/0x50 [ 125.714325][ C0] Code: 74 05 83 ff 30 75 12 5d c3 81 ff d0 00 00 00 74 f6 81 ff e0 00 00 00 74 ee c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 eb d9 89 f6 31 d2 e8 0a e0 51 01 5d c3 0f 1f 84 00 00 00 00 [ 125.714339][ C0] RSP: 0018:ffffc90000007df8 EFLAGS: 00000046 [ 125.714354][ C0] RAX: 00000000000001d1 RBX: ffffffff862599c8 RCX: 0000000000000838 [ 125.714366][ C0] RDX: 0000000000000000 RSI: 00000000000001d1 RDI: 0000000000000838 [ 125.714376][ C0] RBP: ffffc90000007df8 R08: ffffffff8163ae2b R09: ffffffff8163ad1d [ 125.714389][ C0] R10: 0000000000000002 R11: ffff88810b57cf00 R12: 0000000000000020 [ 125.714400][ C0] R13: dffffc0000000000 R14: 00000000000001d1 R15: dffffc0000000000 [ 125.714412][ C0] FS: 00007f5fef3d06c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 125.714428][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.714440][ C0] CR2: 0000000020002000 CR3: 00000001251b2000 CR4: 00000000003506b0 [ 125.714455][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 125.714465][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 125.714475][ C0] Call Trace: [ 125.714479][ C0] [ 125.714485][ C0] ? show_regs+0x58/0x60 [ 125.714503][ C0] ? nmi_cpu_backtrace+0x29f/0x300 [ 125.714525][ C0] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 125.714547][ C0] ? native_apic_msr_write+0x39/0x50 [ 125.714566][ C0] ? native_apic_msr_write+0x39/0x50 [ 125.714585][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 125.714603][ C0] ? nmi_handle+0xa8/0x280 [ 125.714621][ C0] ? native_apic_msr_write+0x39/0x50 [ 125.714640][ C0] ? default_do_nmi+0x69/0x160 [ 125.714656][ C0] ? exc_nmi+0xaf/0x120 [ 125.714670][ C0] ? end_repeat_nmi+0x16/0x31 [ 125.714687][ C0] ? clockevents_program_event+0x7d/0x300 [ 125.714706][ C0] ? clockevents_program_event+0x18b/0x300 [ 125.714725][ C0] ? native_apic_msr_write+0x39/0x50 [ 125.714744][ C0] ? native_apic_msr_write+0x39/0x50 [ 125.714776][ C0] ? native_apic_msr_write+0x39/0x50 [ 125.714795][ C0] [ 125.714800][ C0] [ 125.714805][ C0] lapic_next_event+0x5f/0x70 [ 125.714821][ C0] clockevents_program_event+0x1c1/0x300 [ 125.714840][ C0] tick_program_event+0x9f/0x120 [ 125.714859][ C0] hrtimer_interrupt+0x625/0xaa0 [ 125.714883][ C0] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 125.714901][ C0] sysvec_apic_timer_interrupt+0x95/0xc0 [ 125.714917][ C0] [ 125.714922][ C0] [ 125.714927][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 125.714949][ C0] RIP: 0010:kvm_wait+0x147/0x180 [ 125.714966][ C0] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 2b 02 13 04 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 125.714979][ C0] RSP: 0018:ffffc900055f7260 EFLAGS: 00000246 [ 125.714992][ C0] RAX: 0000000000000001 RBX: 1ffff92000abee50 RCX: 1ffffffff0d5aa9c [ 125.715004][ C0] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881f7038ad4 [ 125.715015][ C0] RBP: ffffc900055f7310 R08: dffffc0000000000 R09: ffffed103ee0715b [ 125.715028][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 125.715040][ C0] R13: ffff8881f7038ad4 R14: 0000000000000001 R15: 1ffff92000abee54 [ 125.715058][ C0] ? kvm_arch_para_hints+0x30/0x30 [ 125.715075][ C0] ? __pv_queued_spin_lock_slowpath+0x3ba/0xc40 [ 125.715098][ C0] __pv_queued_spin_lock_slowpath+0x41b/0xc40 [ 125.715119][ C0] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 125.715142][ C0] _raw_spin_lock_bh+0x139/0x1b0 [ 125.715160][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 125.715178][ C0] ? sock_hash_bucket_hash+0x317/0x7e0 [ 125.715198][ C0] ? sock_hash_bucket_hash+0x31c/0x7e0 [ 125.715219][ C0] sock_hash_delete_elem+0xb1/0x2f0 [ 125.715238][ C0] ? ida_alloc_range+0x987/0xa80 [ 125.715256][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0xe10 [ 125.715270][ C0] bpf_trace_run2+0xec/0x210 [ 125.715290][ C0] ? bpf_trace_run1+0x1c0/0x1c0 [ 125.715307][ C0] ? ida_alloc_range+0x987/0xa80 [ 125.715325][ C0] ? irqentry_exit+0x30/0x40 [ 125.715339][ C0] ? ida_alloc_range+0x987/0xa80 [ 125.715357][ C0] __bpf_trace_kfree+0x6f/0x90 [ 125.715374][ C0] ? ida_alloc_range+0x987/0xa80 [ 125.715391][ C0] kfree+0x1f3/0x220 [ 125.715408][ C0] ? xas_nomem+0x19a/0x1d0 [ 125.715426][ C0] ida_alloc_range+0x987/0xa80 [ 125.715465][ C0] ? idr_replace+0x230/0x230 [ 125.715483][ C0] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 125.715503][ C0] ? get_random_bytes+0x30/0x30 [ 125.715525][ C0] proc_alloc_inum+0x27/0x90 [ 125.715541][ C0] net_ns_net_init+0x7f/0x90 [ 125.715558][ C0] ops_init+0x1cf/0x4a0 [ 125.715576][ C0] setup_net+0x34b/0xb50 [ 125.715593][ C0] ? copy_net_ns+0x5b0/0x5b0 [ 125.715608][ C0] ? kmem_cache_alloc_trace+0x115/0x210 [ 125.715629][ C0] copy_net_ns+0x35c/0x5b0 [ 125.715646][ C0] create_new_namespaces+0x416/0x670 [ 125.715669][ C0] copy_namespaces+0x1d1/0x220 [ 125.715687][ C0] copy_process+0x1174/0x3290 [ 125.715711][ C0] ? timerqueue_add+0x250/0x270 [ 125.715728][ C0] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 125.715747][ C0] ? enqueue_hrtimer+0xca/0x240 [ 125.715770][ C0] ? __hrtimer_run_queues+0x46b/0xad0 [ 125.715789][ C0] kernel_clone+0x21e/0x9e0 [ 125.715808][ C0] ? create_io_thread+0x1e0/0x1e0 [ 125.715827][ C0] ? clockevents_program_event+0x22f/0x300 [ 125.715848][ C0] __x64_sys_clone+0x23f/0x290 [ 125.715867][ C0] ? __do_sys_vfork+0x130/0x130 [ 125.715884][ C0] ? switch_fpu_return+0x1ed/0x3d0 [ 125.715905][ C0] ? __kasan_check_read+0x11/0x20 [ 125.715923][ C0] ? exit_to_user_mode_prepare+0x7e/0xa0 [ 125.715942][ C0] do_syscall_64+0x3d/0xb0 [ 125.715960][ C0] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 125.715976][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 125.715996][ C0] RIP: 0033:0x7f5ff07503b9 [ 125.716009][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.716022][ C0] RSP: 002b:00007f5fef3cfff8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 125.716039][ C0] RAX: ffffffffffffffda RBX: 00007f5ff08def80 RCX: 00007f5ff07503b9 [ 125.716051][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 125.716062][ C0] RBP: 00007f5ff07bd8e6 R08: 0000000000000000 R09: 0000000000000000 [ 125.716073][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 125.716083][ C0] R13: 000000000000000b R14: 00007f5ff08def80 R15: 00007ffdc39f4788 [ 125.716099][ C0] [ 125.716255][ C1] NMI backtrace for cpu 1 [ 126.369388][ C1] CPU: 1 PID: 330 Comm: syz.0.1 Not tainted 5.15.151-syzkaller-00134-gd0a6506ecafd #0 [ 126.378753][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 126.388647][ C1] Call Trace: [ 126.391771][ C1] [ 126.394466][ C1] dump_stack_lvl+0x151/0x1b7 [ 126.398980][ C1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 126.404445][ C1] ? cpumask_next+0x8a/0xb0 [ 126.408786][ C1] dump_stack+0x15/0x17 [ 126.412774][ C1] nmi_cpu_backtrace+0x2f7/0x300 [ 126.417550][ C1] ? init_x2apic_ldr+0x10/0x10 [ 126.422152][ C1] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 126.428141][ C1] ? irq_work_queue+0xd4/0x160 [ 126.432741][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 126.438639][ C1] nmi_trigger_cpumask_backtrace+0x15d/0x270 [ 126.444468][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 126.450358][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 126.456087][ C1] rcu_dump_cpu_stacks+0x1d8/0x330 [ 126.461036][ C1] print_cpu_stall+0x315/0x5f0 [ 126.465637][ C1] rcu_sched_clock_irq+0x989/0x12f0 [ 126.470669][ C1] ? rcu_boost_kthread_setaffinity+0x340/0x340 [ 126.476659][ C1] ? hrtimer_run_queues+0x15f/0x440 [ 126.481952][ C1] update_process_times+0x198/0x200 [ 126.486983][ C1] tick_sched_timer+0x188/0x240 [ 126.491669][ C1] ? tick_setup_sched_timer+0x480/0x480 [ 126.497061][ C1] __hrtimer_run_queues+0x41a/0xad0 [ 126.502193][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 126.507131][ C1] ? clockevents_program_event+0x22f/0x300 [ 126.512773][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 126.518674][ C1] hrtimer_interrupt+0x40c/0xaa0 [ 126.523456][ C1] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 126.529174][ C1] sysvec_apic_timer_interrupt+0x95/0xc0 [ 126.534683][ C1] [ 126.537416][ C1] [ 126.540196][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 126.546019][ C1] RIP: 0010:kvm_wait+0x147/0x180 [ 126.550785][ C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 2b 02 13 04 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 126.570225][ C1] RSP: 0018:ffffc900057376a0 EFLAGS: 00000246 [ 126.576128][ C1] RAX: 0000000000000003 RBX: 1ffff92000ae6ed8 RCX: ffffffff8155068f [ 126.584196][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff88810b55c658 [ 126.592007][ C1] RBP: ffffc90005737750 R08: dffffc0000000000 R09: ffffed10216ab8cc [ 126.599818][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 126.607630][ C1] R13: ffff88810b55c658 R14: 0000000000000003 R15: 1ffff92000ae6edc [ 126.615619][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 126.621696][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 126.627679][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 126.632632][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 126.638711][ C1] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 126.644610][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 126.650855][ C1] _raw_spin_lock_bh+0x139/0x1b0 [ 126.655632][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 126.660669][ C1] ? sock_hash_bucket_hash+0x31c/0x7e0 [ 126.665956][ C1] sock_hash_delete_elem+0xb1/0x2f0 [ 126.670989][ C1] ? sock_map_unref+0x352/0x4d0 [ 126.675675][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0xe10 [ 126.681067][ C1] bpf_trace_run2+0xec/0x210 [ 126.685571][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 126.690255][ C1] ? sock_map_unref+0x352/0x4d0 [ 126.694944][ C1] ? futex_exit_release+0x1e0/0x1e0 [ 126.699978][ C1] ? sock_map_unref+0x352/0x4d0 [ 126.704665][ C1] __bpf_trace_kfree+0x6f/0x90 [ 126.709263][ C1] ? sock_map_unref+0x352/0x4d0 [ 126.713949][ C1] kfree+0x1f3/0x220 [ 126.717691][ C1] sock_map_unref+0x352/0x4d0 [ 126.722198][ C1] sock_hash_delete_elem+0x274/0x2f0 [ 126.727321][ C1] ? kvfree+0x35/0x40 [ 126.731137][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0xe10 [ 126.736520][ C1] bpf_trace_run2+0xec/0x210 [ 126.740948][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 126.745630][ C1] ? __anon_inode_getfd+0x3af/0x430 [ 126.750661][ C1] ? kvfree+0x35/0x40 [ 126.754485][ C1] ? kvfree+0x35/0x40 [ 126.758303][ C1] __bpf_trace_kfree+0x6f/0x90 [ 126.762899][ C1] ? kvfree+0x35/0x40 [ 126.766718][ C1] kfree+0x1f3/0x220 [ 126.770454][ C1] kvfree+0x35/0x40 [ 126.774096][ C1] map_delete_elem+0x337/0x4e0 [ 126.778698][ C1] __sys_bpf+0x42e/0x760 [ 126.782782][ C1] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 126.787990][ C1] ? __kasan_check_read+0x11/0x20 [ 126.792848][ C1] __x64_sys_bpf+0x7c/0x90 [ 126.797097][ C1] do_syscall_64+0x3d/0xb0 [ 126.801352][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 126.807076][ C1] RIP: 0033:0x7fd0409563b9 [ 126.811335][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.830857][ C1] RSP: 002b:00007fd03f5d6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 126.839103][ C1] RAX: ffffffffffffffda RBX: 00007fd040ae4f80 RCX: 00007fd0409563b9 [ 126.846916][ C1] RDX: 0000000000000020 RSI: 0000000020000140 RDI: 0000000000000003 [ 126.854723][ C1] RBP: 00007fd0409c38e6 R08: 0000000000000000 R09: 0000000000000000 [ 126.862586][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.870435][ C1] R13: 000000000000000b R14: 00007fd040ae4f80 R15: 00007fff75d2cae8 [ 126.878250][ C1] [ 265.032651][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 225s! [syz.2.3:317] [ 265.040381][ C0] Modules linked in: [ 265.044117][ C0] CPU: 0 PID: 317 Comm: syz.2.3 Not tainted 5.15.151-syzkaller-00134-gd0a6506ecafd #0 [ 265.053485][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 265.063389][ C0] RIP: 0010:kvm_wait+0x147/0x180 [ 265.068154][ C0] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 2b 02 13 04 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 265.088291][ C0] RSP: 0018:ffffc900055f7260 EFLAGS: 00000246 [ 265.094189][ C0] RAX: 0000000000000001 RBX: 1ffff92000abee50 RCX: 1ffffffff0d5aa9c [ 265.102000][ C0] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881f7038ad4 [ 265.109810][ C0] RBP: ffffc900055f7310 R08: dffffc0000000000 R09: ffffed103ee0715b [ 265.117621][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 265.125432][ C0] R13: ffff8881f7038ad4 R14: 0000000000000001 R15: 1ffff92000abee54 [ 265.133244][ C0] FS: 00007f5fef3d06c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 265.142010][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 265.148434][ C0] CR2: 0000000020002000 CR3: 00000001251b2000 CR4: 00000000003506b0 [ 265.156251][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 265.164065][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 265.171954][ C0] Call Trace: [ 265.175089][ C0] [ 265.177779][ C0] ? show_regs+0x58/0x60 [ 265.181848][ C0] ? watchdog_timer_fn+0x4b1/0x5f0 [ 265.186882][ C0] ? proc_watchdog_cpumask+0xd0/0xd0 [ 265.192003][ C0] ? __hrtimer_run_queues+0x41a/0xad0 [ 265.197217][ C0] ? hrtimer_interrupt+0xaa0/0xaa0 [ 265.202158][ C0] ? clockevents_program_event+0x22f/0x300 [ 265.207799][ C0] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 265.213703][ C0] ? hrtimer_interrupt+0x40c/0xaa0 [ 265.218656][ C0] ? __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 265.224551][ C0] ? sysvec_apic_timer_interrupt+0x95/0xc0 [ 265.230190][ C0] [ 265.232966][ C0] [ 265.235748][ C0] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 265.241737][ C0] ? kvm_wait+0x147/0x180 [ 265.245899][ C0] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 265.251889][ C0] ? kvm_arch_para_hints+0x30/0x30 [ 265.256839][ C0] __pv_queued_spin_lock_slowpath+0x41b/0xc40 [ 265.262739][ C0] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 265.269079][ C0] _raw_spin_lock_bh+0x139/0x1b0 [ 265.273845][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 265.278883][ C0] ? sock_hash_bucket_hash+0x317/0x7e0 [ 265.284184][ C0] ? sock_hash_bucket_hash+0x31c/0x7e0 [ 265.289471][ C0] sock_hash_delete_elem+0xb1/0x2f0 [ 265.294501][ C0] ? ida_alloc_range+0x987/0xa80 [ 265.299277][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0xe10 [ 265.304742][ C0] bpf_trace_run2+0xec/0x210 [ 265.309171][ C0] ? bpf_trace_run1+0x1c0/0x1c0 [ 265.313858][ C0] ? ida_alloc_range+0x987/0xa80 [ 265.318631][ C0] ? irqentry_exit+0x30/0x40 [ 265.323055][ C0] ? ida_alloc_range+0x987/0xa80 [ 265.327831][ C0] __bpf_trace_kfree+0x6f/0x90 [ 265.332429][ C0] ? ida_alloc_range+0x987/0xa80 [ 265.337298][ C0] kfree+0x1f3/0x220 [ 265.341030][ C0] ? xas_nomem+0x19a/0x1d0 [ 265.345284][ C0] ida_alloc_range+0x987/0xa80 [ 265.349886][ C0] ? idr_replace+0x230/0x230 [ 265.354309][ C0] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 265.360209][ C0] ? get_random_bytes+0x30/0x30 [ 265.364899][ C0] proc_alloc_inum+0x27/0x90 [ 265.369329][ C0] net_ns_net_init+0x7f/0x90 [ 265.373780][ C0] ops_init+0x1cf/0x4a0 [ 265.377748][ C0] setup_net+0x34b/0xb50 [ 265.381823][ C0] ? copy_net_ns+0x5b0/0x5b0 [ 265.386246][ C0] ? kmem_cache_alloc_trace+0x115/0x210 [ 265.391629][ C0] copy_net_ns+0x35c/0x5b0 [ 265.395885][ C0] create_new_namespaces+0x416/0x670 [ 265.401005][ C0] copy_namespaces+0x1d1/0x220 [ 265.405606][ C0] copy_process+0x1174/0x3290 [ 265.410119][ C0] ? timerqueue_add+0x250/0x270 [ 265.414980][ C0] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 265.419918][ C0] ? enqueue_hrtimer+0xca/0x240 [ 265.424604][ C0] ? __hrtimer_run_queues+0x46b/0xad0 [ 265.430337][ C0] kernel_clone+0x21e/0x9e0 [ 265.434758][ C0] ? create_io_thread+0x1e0/0x1e0 [ 265.439619][ C0] ? clockevents_program_event+0x22f/0x300 [ 265.445259][ C0] __x64_sys_clone+0x23f/0x290 [ 265.449946][ C0] ? __do_sys_vfork+0x130/0x130 [ 265.454632][ C0] ? switch_fpu_return+0x1ed/0x3d0 [ 265.459704][ C0] ? __kasan_check_read+0x11/0x20 [ 265.464563][ C0] ? exit_to_user_mode_prepare+0x7e/0xa0 [ 265.470031][ C0] do_syscall_64+0x3d/0xb0 [ 265.474284][ C0] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 265.480193][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 265.485917][ C0] RIP: 0033:0x7f5ff07503b9 [ 265.490182][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.509606][ C0] RSP: 002b:00007f5fef3cfff8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 265.517874][ C0] RAX: ffffffffffffffda RBX: 00007f5ff08def80 RCX: 00007f5ff07503b9 [ 265.525660][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 265.533477][ C0] RBP: 00007f5ff07bd8e6 R08: 0000000000000000 R09: 0000000000000000 [ 265.541457][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 265.549270][ C0] R13: 000000000000000b R14: 00007f5ff08def80 R15: 00007ffdc39f4788 [ 265.557211][ C0] [ 265.560074][ C0] Sending NMI from CPU 0 to CPUs 1: [ 265.565132][ C1] NMI backtrace for cpu 1 [ 265.565142][ C1] CPU: 1 PID: 330 Comm: syz.0.1 Not tainted 5.15.151-syzkaller-00134-gd0a6506ecafd #0 [ 265.565161][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 265.565170][ C1] RIP: 0010:kvm_wait+0x147/0x180 [ 265.565192][ C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 2b 02 13 04 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 265.565205][ C1] RSP: 0018:ffffc900057376a0 EFLAGS: 00000246 [ 265.565220][ C1] RAX: 0000000000000003 RBX: 1ffff92000ae6ed8 RCX: ffffffff8155068f [ 265.565232][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff88810b55c658 [ 265.565244][ C1] RBP: ffffc90005737750 R08: dffffc0000000000 R09: ffffed10216ab8cc [ 265.565257][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 265.565269][ C1] R13: ffff88810b55c658 R14: 0000000000000003 R15: 1ffff92000ae6edc [ 265.565281][ C1] FS: 00007fd03f5d66c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 265.565298][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 265.565311][ C1] CR2: 0000000000000000 CR3: 0000000125575000 CR4: 00000000003506a0 [ 265.565325][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 265.565335][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 265.565346][ C1] Call Trace: [ 265.565352][ C1] [ 265.565358][ C1] ? show_regs+0x58/0x60 [ 265.565377][ C1] ? nmi_cpu_backtrace+0x29f/0x300 [ 265.565399][ C1] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 265.565420][ C1] ? kvm_wait+0x147/0x180 [ 265.565435][ C1] ? kvm_wait+0x147/0x180 [ 265.565451][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 265.565470][ C1] ? nmi_handle+0xa8/0x280 [ 265.565487][ C1] ? kvm_wait+0x147/0x180 [ 265.565503][ C1] ? default_do_nmi+0x69/0x160 [ 265.565519][ C1] ? exc_nmi+0xaf/0x120 [ 265.565534][ C1] ? end_repeat_nmi+0x16/0x31 [ 265.565551][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 265.565572][ C1] ? kvm_wait+0x147/0x180 [ 265.565588][ C1] ? kvm_wait+0x147/0x180 [ 265.565604][ C1] ? kvm_wait+0x147/0x180 [ 265.565619][ C1] [ 265.565624][ C1] [ 265.565629][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 265.565651][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 265.565668][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 265.565689][ C1] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 265.565711][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 265.565733][ C1] _raw_spin_lock_bh+0x139/0x1b0 [ 265.565751][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 265.565770][ C1] ? sock_hash_bucket_hash+0x31c/0x7e0 [ 265.565792][ C1] sock_hash_delete_elem+0xb1/0x2f0 [ 265.565811][ C1] ? sock_map_unref+0x352/0x4d0 [ 265.565829][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0xe10 [ 265.565843][ C1] bpf_trace_run2+0xec/0x210 [ 265.565863][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 265.565881][ C1] ? sock_map_unref+0x352/0x4d0 [ 265.565899][ C1] ? futex_exit_release+0x1e0/0x1e0 [ 265.565918][ C1] ? sock_map_unref+0x352/0x4d0 [ 265.565936][ C1] __bpf_trace_kfree+0x6f/0x90 [ 265.565953][ C1] ? sock_map_unref+0x352/0x4d0 [ 265.565971][ C1] kfree+0x1f3/0x220 [ 265.565990][ C1] sock_map_unref+0x352/0x4d0 [ 265.566010][ C1] sock_hash_delete_elem+0x274/0x2f0 [ 265.566030][ C1] ? kvfree+0x35/0x40 [ 265.566052][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0xe10 [ 265.566065][ C1] bpf_trace_run2+0xec/0x210 [ 265.566084][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 265.566100][ C1] ? __anon_inode_getfd+0x3af/0x430 [ 265.566119][ C1] ? kvfree+0x35/0x40 [ 265.566134][ C1] ? kvfree+0x35/0x40 [ 265.566149][ C1] __bpf_trace_kfree+0x6f/0x90 [ 265.566165][ C1] ? kvfree+0x35/0x40 [ 265.566179][ C1] kfree+0x1f3/0x220 [ 265.566198][ C1] kvfree+0x35/0x40 [ 265.566212][ C1] map_delete_elem+0x337/0x4e0 [ 265.566232][ C1] __sys_bpf+0x42e/0x760 [ 265.566248][ C1] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 265.566269][ C1] ? __kasan_check_read+0x11/0x20 [ 265.566289][ C1] __x64_sys_bpf+0x7c/0x90 [ 265.566306][ C1] do_syscall_64+0x3d/0xb0 [ 265.566324][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 265.566343][ C1] RIP: 0033:0x7fd0409563b9 [ 265.566358][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.566372][ C1] RSP: 002b:00007fd03f5d6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 265.566389][ C1] RAX: ffffffffffffffda RBX: 00007fd040ae4f80 RCX: 00007fd0409563b9 [ 265.566401][ C1] RDX: 0000000000000020 RSI: 0000000020000140 RDI: 0000000000000003 [ 265.566412][ C1] RBP: 00007fd0409c38e6 R08: 0000000000000000 R09: 0000000000000000 [ 265.566422][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 265.566432][ C1] R13: 000000000000000b R14: 00007fd040ae4f80 R15: 00007fff75d2cae8 [ 265.566448][ C1]