./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3823839306 <...> Warning: Permanently added '10.128.1.154' (ED25519) to the list of known hosts. execve("./syz-executor3823839306", ["./syz-executor3823839306"], 0x7ffdd4807c20 /* 10 vars */) = 0 brk(NULL) = 0x55555604c000 brk(0x55555604cd40) = 0x55555604cd40 arch_prctl(ARCH_SET_FS, 0x55555604c3c0) = 0 set_tid_address(0x55555604c690) = 478 set_robust_list(0x55555604c6a0, 24) = 0 rseq(0x55555604cce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3823839306", 4096) = 28 getrandom("\x6c\x8d\x8a\x51\xa2\xd9\x8d\xff", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555604cd40 brk(0x55555606dd40) = 0x55555606dd40 brk(0x55555606e000) = 0x55555606e000 mprotect(0x7fe4ca69c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 479 attached , child_tidptr=0x55555604c690) = 479 [pid 479] set_robust_list(0x55555604c6a0, 24) = 0 [pid 479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 479] setpgid(0, 0) = 0 [pid 479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 479] write(3, "1000", 4) = 4 [pid 479] close(3) = 0 [pid 479] write(1, "executing program\n", 18executing program ) = 18 [pid 479] futex(0x7fe4ca6a234c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] rt_sigaction(SIGRT_1, {sa_handler=0x7fe4ca63d9e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe4ca62f060}, NULL, 8) = 0 [pid 479] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe4ca5b8000 [pid 479] mprotect(0x7fe4ca5b9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 479] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe4ca5d8990, parent_tid=0x7fe4ca5d8990, exit_signal=0, stack=0x7fe4ca5b8000, stack_size=0x20300, tls=0x7fe4ca5d86c0}./strace-static-x86_64: Process 480 attached => {parent_tid=[480]}, 88) = 480 [pid 480] set_robust_list(0x7fe4ca5d89a0, 24) = 0 [pid 480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 480] futex(0x7fe4ca6a2348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 479] futex(0x7fe4ca6a2348, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 480] <... futex resumed>) = 0 [pid 480] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_MSG, insn_cnt=4, insns=0x20000040, license="GPL", log_level=2, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72 [ 206.088426][ T30] audit: type=1400 audit(1725742647.089:66): avc: denied { execmem } for pid=478 comm="syz-executor382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 206.101435][ T30] audit: type=1400 audit(1725742647.099:67): avc: denied { prog_load } for pid=479 comm="syz-executor382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 206.104990][ T30] audit: type=1400 audit(1725742647.099:68): avc: denied { bpf } for pid=479 comm="syz-executor382" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 479] futex(0x7fe4ca6a234c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 479] futex(0x7fe4ca6a235c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe4ca597000 [pid 479] mprotect(0x7fe4ca598000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 479] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe4ca5b7990, parent_tid=0x7fe4ca5b7990, exit_signal=0, stack=0x7fe4ca597000, stack_size=0x20300, tls=0x7fe4ca5b76c0} => {parent_tid=[481]}, 88) = 481 [pid 479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 479] futex(0x7fe4ca6a2358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7fe4ca6a235c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 481 attached [pid 481] set_robust_list(0x7fe4ca5b79a0, 24) = 0 [pid 481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 481] close(-1) = -1 EBADF (Bad file descriptor) [pid 481] futex(0x7fe4ca6a235c, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... futex resumed>) = 0 [pid 479] futex(0x7fe4ca6a2358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7fe4ca6a235c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 481] <... futex resumed>) = 1 [pid 481] socketpair(AF_UNIX, SOCK_DGRAM, 0, [3, 4]) = 0 [pid 481] futex(0x7fe4ca6a235c, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... futex resumed>) = 0 [pid 479] futex(0x7fe4ca6a2358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7fe4ca6a235c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 481] <... futex resumed>) = 1 [pid 481] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 481] futex(0x7fe4ca6a235c, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... futex resumed>) = 0 [pid 479] futex(0x7fe4ca6a2358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7fe4ca6a235c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 481] <... futex resumed>) = 1 [pid 481] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000000, value=0x20000080, flags=BPF_ANY}, 32) = -1 EINVAL (Invalid argument) [pid 481] futex(0x7fe4ca6a235c, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... futex resumed>) = 0 [pid 479] futex(0x7fe4ca6a2358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7fe4ca6a235c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 481] <... futex resumed>) = 1 [pid 481] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 481] futex(0x7fe4ca6a235c, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... futex resumed>) = 0 [pid 479] futex(0x7fe4ca6a2358, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7fe4ca6a235c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 481] <... futex resumed>) = 1 [ 206.154898][ T30] audit: type=1400 audit(1725742647.159:69): avc: denied { map_create } for pid=479 comm="syz-executor382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 206.174330][ T30] audit: type=1400 audit(1725742647.159:70): avc: denied { map_read map_write } for pid=479 comm="syz-executor382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 481] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 479] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 479] futex(0x7fe4ca6a236c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe4ca576000 [pid 479] mprotect(0x7fe4ca577000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 479] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe4ca596990, parent_tid=0x7fe4ca596990, exit_signal=0, stack=0x7fe4ca576000, stack_size=0x20300, tls=0x7fe4ca5966c0} => {parent_tid=[482]}, 88) = 482 [pid 479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 479] futex(0x7fe4ca6a2368, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7fe4ca6a236c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000}./strace-static-x86_64: Process 482 attached [pid 482] set_robust_list(0x7fe4ca5969a0, 24) = 0 [pid 482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 482] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 482] futex(0x7fe4ca6a236c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 479] <... futex resumed>) = 0 [pid 482] futex(0x7fe4ca6a2368, FUTEX_WAIT_PRIVATE, 0, NULL [pid 481] <... bpf resumed>) = -1 EBADF (Bad file descriptor) [pid 481] futex(0x7fe4ca6a235c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7fe4ca6a2358, FUTEX_WAIT_PRIVATE, 0, NULL [pid 480] <... bpf resumed>) = 6 [ 206.194607][ T30] audit: type=1400 audit(1725742647.159:71): avc: denied { perfmon } for pid=479 comm="syz-executor382" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 480] futex(0x7fe4ca6a234c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] futex(0x7fe4ca6a2348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] exit_group(0 [pid 482] <... futex resumed>) = ? [pid 481] <... futex resumed>) = ? [pid 479] <... exit_group resumed>) = ? [pid 482] +++ exited with 0 +++ [pid 481] +++ exited with 0 +++ [pid 480] <... futex resumed>) = ? [pid 480] +++ exited with 0 +++ [pid 479] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=479, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 483 attached , child_tidptr=0x55555604c690) = 483 [pid 483] set_robust_list(0x55555604c6a0, 24) = 0 [pid 483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 483] setpgid(0, 0) = 0 [pid 483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 483] write(3, "1000", 4) = 4 [pid 483] close(3) = 0 [pid 483] write(1, "executing program\n", 18executing program ) = 18 [pid 483] futex(0x7fe4ca6a234c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] rt_sigaction(SIGRT_1, {sa_handler=0x7fe4ca63d9e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe4ca62f060}, NULL, 8) = 0 [pid 483] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe4ca5b8000 [pid 483] mprotect(0x7fe4ca5b9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 483] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe4ca5d8990, parent_tid=0x7fe4ca5d8990, exit_signal=0, stack=0x7fe4ca5b8000, stack_size=0x20300, tls=0x7fe4ca5d86c0} => {parent_tid=[484]}, 88) = 484 ./strace-static-x86_64: Process 484 attached [pid 484] set_robust_list(0x7fe4ca5d89a0, 24) = 0 [pid 484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 484] futex(0x7fe4ca6a2348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 483] futex(0x7fe4ca6a2348, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 484] <... futex resumed>) = 0 [pid 484] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_MSG, insn_cnt=4, insns=0x20000040, license="GPL", log_level=2, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72 [pid 483] futex(0x7fe4ca6a234c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... bpf resumed>) = 3 [pid 484] futex(0x7fe4ca6a234c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fe4ca6a2348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fe4ca6a234c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] close(3) = 0 [pid 484] futex(0x7fe4ca6a234c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fe4ca6a2348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fe4ca6a234c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] socketpair(AF_UNIX, SOCK_DGRAM, 0, [3, 4]) = 0 [pid 484] futex(0x7fe4ca6a234c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fe4ca6a2348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fe4ca6a234c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 484] futex(0x7fe4ca6a234c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fe4ca6a2348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fe4ca6a234c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000000, value=0x20000080, flags=BPF_ANY}, 32) = 0 [pid 484] futex(0x7fe4ca6a234c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fe4ca6a2348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fe4ca6a234c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 484] futex(0x7fe4ca6a234c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fe4ca6a2348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fe4ca6a234c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 484] futex(0x7fe4ca6a234c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fe4ca6a2348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fe4ca6a234c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [ 206.254462][ T30] audit: type=1400 audit(1725742647.259:72): avc: denied { prog_run } for pid=479 comm="syz-executor382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 306.292050][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 306.298516][ C1] rcu: 1-...!: (10000 ticks this GP) idle=2a1/1/0x4000000000000000 softirq=2926/2926 fqs=0 last_accelerate: db17/0227 dyntick_enabled: 1 [ 306.312387][ C1] (t=10002 jiffies g=1993 q=84) [ 306.317158][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10001 jiffies! g1993 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 306.329222][ C1] rcu: Possible timer handling issue on cpu=1 timer-softirq=1366 [ 306.336861][ C1] rcu: rcu_preempt kthread starved for 10004 jiffies! g1993 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 [ 306.347968][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 306.357782][ C1] rcu: RCU grace-period kthread stack dump: [ 306.363515][ C1] task:rcu_preempt state:I stack:28328 pid: 14 ppid: 2 flags:0x00004000 [ 306.372554][ C1] Call Trace: [ 306.375666][ C1] [ 306.378442][ C1] __schedule+0xccc/0x1590 [ 306.382690][ C1] ? release_firmware_map_entry+0x190/0x190 [ 306.388416][ C1] ? __kasan_check_write+0x14/0x20 [ 306.393360][ C1] schedule+0x11f/0x1e0 [ 306.397361][ C1] schedule_timeout+0x18c/0x370 [ 306.402042][ C1] ? _raw_spin_unlock_irq+0x4e/0x70 [ 306.407164][ C1] ? console_conditional_schedule+0x30/0x30 [ 306.412890][ C1] ? update_process_times+0x200/0x200 [ 306.418197][ C1] ? prepare_to_swait_event+0x308/0x320 [ 306.423568][ C1] rcu_gp_fqs_loop+0x2af/0xf80 [ 306.428169][ C1] ? debug_smp_processor_id+0x17/0x20 [ 306.433395][ C1] ? __note_gp_changes+0x4ab/0x920 [ 306.438322][ C1] ? rcu_gp_init+0xc30/0xc30 [ 306.442749][ C1] ? _raw_spin_unlock_irq+0x4e/0x70 [ 306.447781][ C1] ? rcu_gp_init+0x9cf/0xc30 [ 306.452211][ C1] rcu_gp_kthread+0xa4/0x350 [ 306.456643][ C1] ? _raw_spin_lock+0x1b0/0x1b0 [ 306.461408][ C1] ? wake_nocb_gp+0x1e0/0x1e0 [ 306.465922][ C1] ? __kasan_check_read+0x11/0x20 [ 306.470785][ C1] ? __kthread_parkme+0xb2/0x200 [ 306.475556][ C1] kthread+0x421/0x510 [ 306.479467][ C1] ? wake_nocb_gp+0x1e0/0x1e0 [ 306.483983][ C1] ? kthread_blkcg+0xd0/0xd0 [ 306.488400][ C1] ret_from_fork+0x1f/0x30 [ 306.492655][ C1] [ 306.495519][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 306.501690][ C1] NMI backtrace for cpu 1 [ 306.505861][ C1] CPU: 1 PID: 472 Comm: sshd Not tainted 5.15.157-syzkaller-00897-g53be7c8abe11 #0 [ 306.514959][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 306.524856][ C1] Call Trace: [ 306.527982][ C1] [ 306.530670][ C1] dump_stack_lvl+0x151/0x1c0 [ 306.535184][ C1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 306.540741][ C1] dump_stack+0x15/0x20 [ 306.544731][ C1] nmi_cpu_backtrace+0x2f7/0x300 [ 306.549505][ C1] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 306.555497][ C1] ? panic+0x760/0x760 [ 306.559400][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 306.565301][ C1] nmi_trigger_cpumask_backtrace+0x15d/0x270 [ 306.571125][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 306.577029][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 306.582750][ C1] rcu_check_gp_kthread_starvation+0x1e3/0x250 [ 306.588735][ C1] ? rcu_check_gp_kthread_expired_fqs_timer+0x18e/0x230 [ 306.595506][ C1] print_cpu_stall+0x310/0x5f0 [ 306.600107][ C1] rcu_sched_clock_irq+0x989/0x12f0 [ 306.605149][ C1] ? rcu_boost_kthread_setaffinity+0x340/0x340 [ 306.611135][ C1] ? hrtimer_run_queues+0x15f/0x440 [ 306.616166][ C1] update_process_times+0x198/0x200 [ 306.621199][ C1] tick_sched_timer+0x188/0x240 [ 306.625886][ C1] ? tick_setup_sched_timer+0x480/0x480 [ 306.631266][ C1] __hrtimer_run_queues+0x41a/0xad0 [ 306.636305][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 306.641246][ C1] ? clockevents_program_event+0x22f/0x300 [ 306.646907][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 306.652789][ C1] hrtimer_interrupt+0x40c/0xaa0 [ 306.657565][ C1] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 306.663293][ C1] sysvec_apic_timer_interrupt+0x95/0xc0 [ 306.668759][ C1] [ 306.671536][ C1] [ 306.674314][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 306.680140][ C1] RIP: 0010:kvm_wait+0x147/0x180 [ 306.684903][ C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d ab ec 12 04 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 306.704346][ C1] RSP: 0018:ffffc900009860a0 EFLAGS: 00000246 [ 306.710247][ C1] RAX: 0000000000000003 RBX: 1ffff92000130c18 RCX: ffffffff81552fff [ 306.718059][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff88811b75f128 [ 306.725869][ C1] RBP: ffffc90000986150 R08: dffffc0000000000 R09: ffffed10236ebe26 [ 306.733689][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 306.741493][ C1] R13: ffff88811b75f128 R14: 0000000000000003 R15: 1ffff92000130c1c [ 306.749307][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 306.755382][ C1] ? asm_sysvec_call_function_single+0x1b/0x20 [ 306.761368][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 306.766315][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 306.772402][ C1] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 306.778296][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 306.784544][ C1] _raw_spin_lock_bh+0x139/0x1b0 [ 306.789339][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 306.794440][ C1] sock_map_delete_elem+0x161/0x230 [ 306.799471][ C1] ? sock_map_update_elem+0x390/0x390 [ 306.804679][ C1] ? sock_map_unref+0x352/0x4d0 [ 306.809374][ C1] ? bpf_trace_run2+0xec/0x210 [ 306.813969][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 306.818653][ C1] ? sock_map_unref+0x352/0x4d0 [ 306.823341][ C1] ? stack_trace_save+0x1c0/0x1c0 [ 306.828200][ C1] ? sock_map_unref+0x352/0x4d0 [ 306.832888][ C1] ? __bpf_trace_kfree+0x6f/0x90 [ 306.837660][ C1] ? sock_map_unref+0x352/0x4d0 [ 306.842348][ C1] ? kfree+0x1f3/0x220 [ 306.846253][ C1] ? sock_map_unref+0x352/0x4d0 [ 306.850941][ C1] ? sock_map_delete_elem+0x191/0x230 [ 306.856149][ C1] ? sock_map_update_elem+0x390/0x390 [ 306.861372][ C1] ? kmem_cache_free+0x116/0x2e0 [ 306.866128][ C1] ? kasan_set_track+0x5d/0x70 [ 306.870729][ C1] ? kasan_set_track+0x4b/0x70 [ 306.875330][ C1] ? skb_release_data+0x8a9/0xa80 [ 306.880189][ C1] ? bpf_trace_run2+0xec/0x210 [ 306.884789][ C1] ? __dev_queue_xmit+0x161e/0x2e70 [ 306.889824][ C1] ? dev_queue_xmit+0x17/0x20 [ 306.894337][ C1] ? ip_finish_output2+0xb9f/0xf60 [ 306.899284][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 306.903971][ C1] ? ip_queue_xmit+0x4c/0x70 [ 306.908397][ C1] ? skb_release_data+0x8a9/0xa80 [ 306.913257][ C1] ? __tcp_push_pending_frames+0x98/0x2f0 [ 306.918818][ C1] ? tcp_push+0x477/0x620 [ 306.923094][ C1] ? tcp_sendmsg+0x2f/0x50 [ 306.927345][ C1] ? skb_release_data+0x8a9/0xa80 [ 306.932208][ C1] ? __bpf_trace_kfree+0x6f/0x90 [ 306.936978][ C1] ? skb_release_data+0x8a9/0xa80 [ 306.942015][ C1] ? kfree+0x1f3/0x220 [ 306.945919][ C1] ? tcp_tasklet_func+0x4b0/0x4b0 [ 306.950780][ C1] ? skb_release_data+0x8a9/0xa80 [ 306.955641][ C1] ? consume_skb+0xac/0x250 [ 306.959979][ C1] ? __dev_kfree_skb_any+0x159/0x180 [ 306.965101][ C1] ? refcount_dec_and_test+0x70/0x70 [ 306.970231][ C1] ? virtqueue_get_buf_ctx+0x6de/0xe30 [ 306.975515][ C1] ? napi_consume_skb+0x12e/0x2a0 [ 306.980375][ C1] ? free_old_xmit_skbs+0x119/0x290 [ 306.985409][ C1] ? local_bh_enable+0x30/0x30 [ 306.990010][ C1] ? consume_skb+0xb4/0x250 [ 306.994350][ C1] ? packet_rcv+0x160/0x1150 [ 306.998779][ C1] ? virtqueue_disable_cb+0x1ec/0x3a0 [ 307.003984][ C1] ? start_xmit+0x142/0x1500 [ 307.008411][ C1] ? dev_hard_start_xmit+0x228/0x620 [ 307.013555][ C1] ? sch_direct_xmit+0x298/0x9b0 [ 307.018304][ C1] ? dev_hard_start_xmit+0x5b8/0x620 [ 307.023431][ C1] ? __kasan_check_write+0x14/0x20 [ 307.028374][ C1] ? _raw_spin_trylock+0xcd/0x1a0 [ 307.033236][ C1] ? stp_proto_unregister+0x200/0x200 [ 307.038443][ C1] ? netdev_core_pick_tx+0x16e/0x300 [ 307.043564][ C1] ? __dev_queue_xmit+0x161e/0x2e70 [ 307.048601][ C1] ? __kasan_check_write+0x14/0x20 [ 307.053544][ C1] ? dev_queue_xmit+0x20/0x20 [ 307.058058][ C1] ? selinux_ipv6_output+0x10/0x10 [ 307.063004][ C1] ? dev_queue_xmit+0x20/0x20 [ 307.067519][ C1] ? ip_finish_output2+0x984/0xf60 [ 307.072552][ C1] ? dev_queue_xmit+0x17/0x20 [ 307.077065][ C1] ? ip_finish_output2+0xb9f/0xf60 [ 307.082013][ C1] ? ip_finish_output2+0x984/0xf60 [ 307.086958][ C1] ? ip_fragment+0x210/0x210 [ 307.091385][ C1] ? __local_bh_enable_ip+0x58/0x80 [ 307.096425][ C1] ? local_bh_enable+0x1f/0x30 [ 307.101018][ C1] ? ip_finish_output2+0xbef/0xf60 [ 307.105966][ C1] ? ip_skb_dst_mtu+0x38f/0x630 [ 307.110654][ C1] ? __ip_finish_output+0x162/0x360 [ 307.115688][ C1] ? ip_finish_output+0x31/0x210 [ 307.120462][ C1] ? ip_output+0x3e1/0x420 [ 307.124714][ C1] ? ip_output+0x1d6/0x420 [ 307.128969][ C1] ? ip_finish_output+0x210/0x210 [ 307.133827][ C1] ? ip_mc_finish_output+0x3c0/0x3c0 [ 307.138947][ C1] ? __kasan_check_read+0x11/0x20 [ 307.143807][ C1] ? ipv4_dst_check+0xe3/0x150 [ 307.148410][ C1] ? skb_push+0xb5/0x120 [ 307.152517][ C1] ? __sk_dst_check+0xd2/0x1b0 [ 307.157093][ C1] ? __ip_queue_xmit+0x1105/0x1c20 [ 307.162037][ C1] ? tcp_options_write+0x202/0xc60 [ 307.166983][ C1] ? ip_queue_xmit+0x4c/0x70 [ 307.171411][ C1] ? __tcp_transmit_skb+0x1e84/0x3920 [ 307.176661][ C1] ? __tcp_send_ack+0x710/0x710 [ 307.181304][ C1] ? __stack_depot_save+0x34/0x470 [ 307.186253][ C1] ? ____kasan_kmalloc+0xed/0x110 [ 307.191141][ C1] ? ____kasan_kmalloc+0xdb/0x110 [ 307.195972][ C1] ? __kasan_check_read+0x11/0x20 [ 307.200833][ C1] ? tcp_small_queue_check+0x1f5/0x3f0 [ 307.206127][ C1] ? tcp_write_xmit+0x144a/0x5e80 [ 307.210989][ C1] ? __tcp_push_pending_frames+0x98/0x2f0 [ 307.216543][ C1] ? tcp_push+0x477/0x620 [ 307.220707][ C1] ? tcp_sendmsg_locked+0x315c/0x3a90 [ 307.225942][ C1] ? tcp_free_fastopen_req+0x80/0x80 [ 307.231037][ C1] ? tcp_sendmsg+0x2f/0x50 [ 307.235291][ C1] ? inet_sendmsg+0xa1/0xc0 [ 307.239629][ C1] ? inet_send_prepare+0x4a0/0x4a0 [ 307.244576][ C1] ? sock_write_iter+0x39b/0x530 [ 307.249349][ C1] ? __kasan_check_write+0x14/0x20 [ 307.254299][ C1] ? sock_read_iter+0x480/0x480 [ 307.258984][ C1] ? iov_iter_init+0x53/0x190 [ 307.263498][ C1] ? vfs_write+0xd5d/0x1110 [ 307.267838][ C1] ? __kasan_check_write+0x14/0x20 [ 307.272785][ C1] ? file_end_write+0x1c0/0x1c0 [ 307.277472][ C1] ? __set_current_blocked+0x2a5/0x2f0 [ 307.282773][ C1] ? __kasan_check_read+0x11/0x20 [ 307.287625][ C1] ? __fdget_pos+0x209/0x3a0 [ 307.292055][ C1] ? ksys_write+0x199/0x2c0 [ 307.296394][ C1] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 307.301773][ C1] ? __ia32_sys_read+0x90/0x90 [ 307.306376][ C1] ? debug_smp_processor_id+0x17/0x20 [ 307.311581][ C1] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 307.317484][ C1] ? __x64_sys_write+0x7b/0x90 [ 307.322086][ C1] ? x64_sys_call+0x2f/0x9a0 [ 307.326510][ C1] ? do_syscall_64+0x3b/0xb0 [ 307.330938][ C1] ? clear_bhb_loop+0x35/0x90 [ 307.335454][ C1] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 307.341353][ C1] [ 307.344244][ C1] NMI backtrace for cpu 1 [ 307.348393][ C1] CPU: 1 PID: 472 Comm: sshd Not tainted 5.15.157-syzkaller-00897-g53be7c8abe11 #0 [ 307.357503][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 307.367390][ C1] Call Trace: [ 307.370514][ C1] [ 307.373210][ C1] dump_stack_lvl+0x151/0x1c0 [ 307.377719][ C1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 307.383189][ C1] ? ttwu_do_wakeup+0x187/0x430 [ 307.387874][ C1] dump_stack+0x15/0x20 [ 307.391872][ C1] nmi_cpu_backtrace+0x2f7/0x300 [ 307.396641][ C1] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 307.402630][ C1] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 307.407923][ C1] ? __kasan_check_write+0x14/0x20 [ 307.412882][ C1] ? _raw_spin_lock+0x1b0/0x1b0 [ 307.417568][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 307.423551][ C1] nmi_trigger_cpumask_backtrace+0x15d/0x270 [ 307.429384][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 307.435262][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 307.440992][ C1] rcu_dump_cpu_stacks+0x1d8/0x330 [ 307.445939][ C1] print_cpu_stall+0x315/0x5f0 [ 307.450539][ C1] rcu_sched_clock_irq+0x989/0x12f0 [ 307.455573][ C1] ? rcu_boost_kthread_setaffinity+0x340/0x340 [ 307.461564][ C1] ? hrtimer_run_queues+0x15f/0x440 [ 307.466598][ C1] update_process_times+0x198/0x200 [ 307.471642][ C1] tick_sched_timer+0x188/0x240 [ 307.476317][ C1] ? tick_setup_sched_timer+0x480/0x480 [ 307.481699][ C1] __hrtimer_run_queues+0x41a/0xad0 [ 307.486736][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 307.491680][ C1] ? clockevents_program_event+0x22f/0x300 [ 307.497320][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 307.503226][ C1] hrtimer_interrupt+0x40c/0xaa0 [ 307.507999][ C1] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 307.513727][ C1] sysvec_apic_timer_interrupt+0x95/0xc0 [ 307.519195][ C1] [ 307.521968][ C1] [ 307.524748][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 307.530568][ C1] RIP: 0010:kvm_wait+0x147/0x180 [ 307.535337][ C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d ab ec 12 04 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 307.554778][ C1] RSP: 0018:ffffc900009860a0 EFLAGS: 00000246 [ 307.560681][ C1] RAX: 0000000000000003 RBX: 1ffff92000130c18 RCX: ffffffff81552fff [ 307.568493][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff88811b75f128 [ 307.576304][ C1] RBP: ffffc90000986150 R08: dffffc0000000000 R09: ffffed10236ebe26 [ 307.584118][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 307.591927][ C1] R13: ffff88811b75f128 R14: 0000000000000003 R15: 1ffff92000130c1c [ 307.599771][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 307.605824][ C1] ? asm_sysvec_call_function_single+0x1b/0x20 [ 307.611805][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 307.616761][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 307.622828][ C1] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 307.628727][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 307.634977][ C1] _raw_spin_lock_bh+0x139/0x1b0 [ 307.639750][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 307.644785][ C1] sock_map_delete_elem+0x161/0x230 [ 307.649818][ C1] ? sock_map_update_elem+0x390/0x390 [ 307.655026][ C1] ? sock_map_unref+0x352/0x4d0 [ 307.659712][ C1] ? bpf_trace_run2+0xec/0x210 [ 307.664313][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 307.668999][ C1] ? sock_map_unref+0x352/0x4d0 [ 307.673686][ C1] ? stack_trace_save+0x1c0/0x1c0 [ 307.678545][ C1] ? sock_map_unref+0x352/0x4d0 [ 307.683235][ C1] ? __bpf_trace_kfree+0x6f/0x90 [ 307.688008][ C1] ? sock_map_unref+0x352/0x4d0 [ 307.692700][ C1] ? kfree+0x1f3/0x220 [ 307.696604][ C1] ? sock_map_unref+0x352/0x4d0 [ 307.701373][ C1] ? sock_map_delete_elem+0x191/0x230 [ 307.706583][ C1] ? sock_map_update_elem+0x390/0x390 [ 307.711789][ C1] ? kmem_cache_free+0x116/0x2e0 [ 307.716563][ C1] ? kasan_set_track+0x5d/0x70 [ 307.721170][ C1] ? kasan_set_track+0x4b/0x70 [ 307.725761][ C1] ? skb_release_data+0x8a9/0xa80 [ 307.730621][ C1] ? bpf_trace_run2+0xec/0x210 [ 307.735221][ C1] ? __dev_queue_xmit+0x161e/0x2e70 [ 307.740258][ C1] ? dev_queue_xmit+0x17/0x20 [ 307.744858][ C1] ? ip_finish_output2+0xb9f/0xf60 [ 307.749804][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 307.754511][ C1] ? ip_queue_xmit+0x4c/0x70 [ 307.758916][ C1] ? skb_release_data+0x8a9/0xa80 [ 307.763777][ C1] ? __tcp_push_pending_frames+0x98/0x2f0 [ 307.769332][ C1] ? tcp_push+0x477/0x620 [ 307.773497][ C1] ? tcp_sendmsg+0x2f/0x50 [ 307.777751][ C1] ? skb_release_data+0x8a9/0xa80 [ 307.782612][ C1] ? __bpf_trace_kfree+0x6f/0x90 [ 307.787386][ C1] ? skb_release_data+0x8a9/0xa80 [ 307.792249][ C1] ? kfree+0x1f3/0x220 [ 307.796154][ C1] ? tcp_tasklet_func+0x4b0/0x4b0 [ 307.801013][ C1] ? skb_release_data+0x8a9/0xa80 [ 307.805875][ C1] ? consume_skb+0xac/0x250 [ 307.810212][ C1] ? __dev_kfree_skb_any+0x159/0x180 [ 307.815334][ C1] ? refcount_dec_and_test+0x70/0x70 [ 307.820541][ C1] ? virtqueue_get_buf_ctx+0x6de/0xe30 [ 307.825838][ C1] ? napi_consume_skb+0x12e/0x2a0 [ 307.830696][ C1] ? free_old_xmit_skbs+0x119/0x290 [ 307.835729][ C1] ? local_bh_enable+0x30/0x30 [ 307.840504][ C1] ? consume_skb+0xb4/0x250 [ 307.844857][ C1] ? packet_rcv+0x160/0x1150 [ 307.849277][ C1] ? virtqueue_disable_cb+0x1ec/0x3a0 [ 307.854488][ C1] ? start_xmit+0x142/0x1500 [ 307.858906][ C1] ? dev_hard_start_xmit+0x228/0x620 [ 307.864028][ C1] ? sch_direct_xmit+0x298/0x9b0 [ 307.868801][ C1] ? dev_hard_start_xmit+0x5b8/0x620 [ 307.873921][ C1] ? __kasan_check_write+0x14/0x20 [ 307.879303][ C1] ? _raw_spin_trylock+0xcd/0x1a0 [ 307.884161][ C1] ? stp_proto_unregister+0x200/0x200 [ 307.889467][ C1] ? netdev_core_pick_tx+0x16e/0x300 [ 307.894577][ C1] ? __dev_queue_xmit+0x161e/0x2e70 [ 307.899610][ C1] ? __kasan_check_write+0x14/0x20 [ 307.904561][ C1] ? dev_queue_xmit+0x20/0x20 [ 307.909074][ C1] ? selinux_ipv6_output+0x10/0x10 [ 307.914022][ C1] ? dev_queue_xmit+0x20/0x20 [ 307.918539][ C1] ? ip_finish_output2+0x984/0xf60 [ 307.923483][ C1] ? dev_queue_xmit+0x17/0x20 [ 307.927992][ C1] ? ip_finish_output2+0xb9f/0xf60 [ 307.932941][ C1] ? ip_finish_output2+0x984/0xf60 [ 307.937895][ C1] ? ip_fragment+0x210/0x210 [ 307.942315][ C1] ? __local_bh_enable_ip+0x58/0x80 [ 307.947351][ C1] ? local_bh_enable+0x1f/0x30 [ 307.951956][ C1] ? ip_finish_output2+0xbef/0xf60 [ 307.956900][ C1] ? ip_skb_dst_mtu+0x38f/0x630 [ 307.961583][ C1] ? __ip_finish_output+0x162/0x360 [ 307.966736][ C1] ? ip_finish_output+0x31/0x210 [ 307.971499][ C1] ? ip_output+0x3e1/0x420 [ 307.975754][ C1] ? ip_output+0x1d6/0x420 [ 307.980004][ C1] ? ip_finish_output+0x210/0x210 [ 307.984865][ C1] ? ip_mc_finish_output+0x3c0/0x3c0 [ 307.990082][ C1] ? __kasan_check_read+0x11/0x20 [ 307.994938][ C1] ? ipv4_dst_check+0xe3/0x150 [ 307.999533][ C1] ? skb_push+0xb5/0x120 [ 308.003613][ C1] ? __sk_dst_check+0xd2/0x1b0 [ 308.008215][ C1] ? __ip_queue_xmit+0x1105/0x1c20 [ 308.013166][ C1] ? tcp_options_write+0x202/0xc60 [ 308.018111][ C1] ? ip_queue_xmit+0x4c/0x70 [ 308.022534][ C1] ? __tcp_transmit_skb+0x1e84/0x3920 [ 308.027743][ C1] ? __tcp_send_ack+0x710/0x710 [ 308.032428][ C1] ? __stack_depot_save+0x34/0x470 [ 308.037376][ C1] ? ____kasan_kmalloc+0xed/0x110 [ 308.042234][ C1] ? ____kasan_kmalloc+0xdb/0x110 [ 308.047099][ C1] ? __kasan_check_read+0x11/0x20 [ 308.051954][ C1] ? tcp_small_queue_check+0x1f5/0x3f0 [ 308.057249][ C1] ? tcp_write_xmit+0x144a/0x5e80 [ 308.062117][ C1] ? __tcp_push_pending_frames+0x98/0x2f0 [ 308.067675][ C1] ? tcp_push+0x477/0x620 [ 308.071839][ C1] ? tcp_sendmsg_locked+0x315c/0x3a90 [ 308.077046][ C1] ? tcp_free_fastopen_req+0x80/0x80 [ 308.082164][ C1] ? tcp_sendmsg+0x2f/0x50 [ 308.086413][ C1] ? inet_sendmsg+0xa1/0xc0 [ 308.090753][ C1] ? inet_send_prepare+0x4a0/0x4a0 [ 308.095700][ C1] ? sock_write_iter+0x39b/0x530 [ 308.100474][ C1] ? __kasan_check_write+0x14/0x20 [ 308.105423][ C1] ? sock_read_iter+0x480/0x480 [ 308.110110][ C1] ? iov_iter_init+0x53/0x190 [ 308.114624][ C1] ? vfs_write+0xd5d/0x1110 [ 308.118958][ C1] ? __kasan_check_write+0x14/0x20 [ 308.123909][ C1] ? file_end_write+0x1c0/0x1c0 [ 308.128597][ C1] ? __set_current_blocked+0x2a5/0x2f0 [ 308.133899][ C1] ? __kasan_check_read+0x11/0x20 [ 308.138755][ C1] ? __fdget_pos+0x209/0x3a0 [ 308.143178][ C1] ? ksys_write+0x199/0x2c0 [ 308.147518][ C1] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 308.152897][ C1] ? __ia32_sys_read+0x90/0x90 [ 308.157497][ C1] ? debug_smp_processor_id+0x17/0x20 [ 308.162712][ C1] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 308.168612][ C1] ? __x64_sys_write+0x7b/0x90 [ 308.173207][ C1] ? x64_sys_call+0x2f/0x9a0 [ 308.177635][ C1] ? do_syscall_64+0x3b/0xb0 [ 308.182067][ C1] ? clear_bhb_loop+0x35/0x90 [ 308.186576][ C1] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 308.192483][ C1] [ 353.065455][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 143s! [syz-executor382:483] [ 353.073967][ C0] Modules linked in: [ 353.077708][ C0] CPU: 0 PID: 483 Comm: syz-executor382 Not tainted 5.15.157-syzkaller-00897-g53be7c8abe11 #0 [ 353.087855][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 353.097753][ C0] RIP: 0010:kvm_wait+0x147/0x180 [ 353.102521][ C0] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d ab ec 12 04 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 353.122501][ C0] RSP: 0018:ffffc900009c7760 EFLAGS: 00000246 [ 353.128403][ C0] RAX: 0000000000000003 RBX: 1ffff92000138ef0 RCX: ffffffff81552fff [ 353.136295][ C0] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff88811b75f490 [ 353.144105][ C0] RBP: ffffc900009c7810 R08: dffffc0000000000 R09: ffffed10236ebe93 [ 353.151917][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 353.159818][ C0] R13: ffff88811b75f490 R14: 0000000000000003 R15: 1ffff92000138ef4 [ 353.167628][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 353.176393][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 353.182828][ C0] CR2: 00007fe4ca66e138 CR3: 0000000006a0f000 CR4: 00000000003506b0 [ 353.190630][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 353.198438][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 353.206425][ C0] Call Trace: [ 353.209552][ C0] [ 353.212243][ C0] ? show_regs+0x58/0x60 [ 353.216319][ C0] ? watchdog_timer_fn+0x4b1/0x5f0 [ 353.221265][ C0] ? proc_watchdog_cpumask+0xd0/0xd0 [ 353.226387][ C0] ? __hrtimer_run_queues+0x41a/0xad0 [ 353.231683][ C0] ? hrtimer_interrupt+0xaa0/0xaa0 [ 353.236633][ C0] ? clockevents_program_event+0x22f/0x300 [ 353.242270][ C0] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 353.248258][ C0] ? hrtimer_interrupt+0x40c/0xaa0 [ 353.253209][ C0] ? __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 353.259108][ C0] ? sysvec_apic_timer_interrupt+0x95/0xc0 [ 353.264751][ C0] [ 353.267563][ C0] [ 353.270304][ C0] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 353.276294][ C0] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 353.282370][ C0] ? kvm_wait+0x147/0x180 [ 353.286543][ C0] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 353.292525][ C0] ? kvm_arch_para_hints+0x30/0x30 [ 353.297472][ C0] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 353.303577][ C0] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 353.309455][ C0] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 353.315697][ C0] ? __x64_sys_exit_group+0x3f/0x40 [ 353.320734][ C0] ? do_syscall_64+0x3b/0xb0 [ 353.325243][ C0] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 353.331146][ C0] _raw_spin_lock_bh+0x139/0x1b0 [ 353.335919][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 353.340953][ C0] ? __kasan_check_write+0x14/0x20 [ 353.345900][ C0] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 353.350763][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 353.355797][ C0] ? unix_peer_get+0xe0/0xe0 [ 353.360221][ C0] sk_psock_link_pop+0x2e/0x170 [ 353.364915][ C0] ? unix_peer_get+0xe0/0xe0 [ 353.369337][ C0] sock_map_remove_links+0x7f/0x650 [ 353.374462][ C0] ? sock_init_data+0xc0/0xc0 [ 353.378970][ C0] ? sock_map_unhash+0x120/0x120 [ 353.383744][ C0] ? __kasan_check_read+0x11/0x20 [ 353.388605][ C0] ? unix_peer_get+0xe0/0xe0 [ 353.393033][ C0] sock_map_close+0x2ac/0x4c0 [ 353.397544][ C0] ? sock_map_remove_links+0x650/0x650 [ 353.402840][ C0] ? rwsem_mark_wake+0x770/0x770 [ 353.407617][ C0] ? security_file_free+0xc6/0xe0 [ 353.412476][ C0] unix_release+0x82/0xc0 [ 353.416640][ C0] sock_close+0xdf/0x270 [ 353.420720][ C0] ? sock_mmap+0xa0/0xa0 [ 353.424885][ C0] __fput+0x3fe/0x910 [ 353.428709][ C0] ____fput+0x15/0x20 [ 353.432551][ C0] task_work_run+0x129/0x190 [ 353.436949][ C0] do_exit+0xc48/0x2ca0 [ 353.441030][ C0] ? put_task_struct+0x80/0x80 [ 353.445628][ C0] ? __kasan_check_write+0x14/0x20 [ 353.450575][ C0] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 353.455609][ C0] ? _raw_spin_lock_irqsave+0x210/0x210 [ 353.460991][ C0] ? wake_up_state+0xb/0x10 [ 353.465331][ C0] ? zap_other_threads+0x237/0x270 [ 353.470394][ C0] do_group_exit+0x141/0x310 [ 353.474881][ C0] __x64_sys_exit_group+0x3f/0x40 [ 353.479739][ C0] x64_sys_call+0x610/0x9a0 [ 353.484079][ C0] do_syscall_64+0x3b/0xb0 [ 353.488334][ C0] ? clear_bhb_loop+0x35/0x90 [ 353.492843][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 353.498576][ C0] RIP: 0033:0x7fe4ca615b09 [ 353.502825][ C0] Code: Unable to access opcode bytes at RIP 0x7fe4ca615adf. [ 353.510031][ C0] RSP: 002b:00007ffd2a62dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 353.518301][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe4ca615b09 [ 353.526086][ C0] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 353.533897][ C0] RBP: 00007fe4ca6a22f0 R08: ffffffffffffffb0 R09: 00007ffd2a62df70 [ 353.541710][ C0] R10: 00007ffd2a62df70 R11: 0000000000000246 R12: 00007fe4ca6a22f0 [ 353.549539][ C0] R13: 0000000000000000 R14: 00007fe4ca6a2e80 R15: 00007fe4ca5e3920 [ 353.557339][ C0]