./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3123806648 <...> pe=1400 audit(1746838965.630:78): avc: denied { rlimitinh } for pid=212 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.170701][ T24] audit: type=1400 audit(1746838965.630:79): avc: denied { siginh } for pid=212 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.177' (ED25519) to the list of known hosts. execve("./syz-executor3123806648", ["./syz-executor3123806648"], 0x7ffdde7a7470 /* 10 vars */) = 0 brk(NULL) = 0x55556ca06000 brk(0x55556ca06d40) = 0x55556ca06d40 arch_prctl(ARCH_SET_FS, 0x55556ca063c0) = 0 set_tid_address(0x55556ca06690) = 272 set_robust_list(0x55556ca066a0, 24) = 0 rseq(0x55556ca06ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3123806648", 4096) = 28 getrandom("\xbb\x23\x78\x50\x64\x42\xc2\x19", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556ca06d40 brk(0x55556ca27d40) = 0x55556ca27d40 brk(0x55556ca28000) = 0x55556ca28000 mprotect(0x7f9c7d4d2000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 273 attached [pid 273] set_robust_list(0x55556ca066a0, 24 [pid 272] <... clone resumed>, child_tidptr=0x55556ca06690) = 273 [pid 273] <... set_robust_list resumed>) = 0 [pid 273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 273] setpgid(0, 0) = 0 [pid 273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 273] write(3, "1000", 4) = 4 [pid 273] close(3) = 0 executing program [pid 273] write(1, "executing program\n", 18) = 18 [pid 273] futex(0x7f9c7d4d832c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 273] rt_sigaction(SIGRT_1, {sa_handler=0x7f9c7d4719e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9c7d463060}, NULL, 8) = 0 [pid 273] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c7d3ec000 [pid 273] mprotect(0x7f9c7d3ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c7d40c990, parent_tid=0x7f9c7d40c990, exit_signal=0, stack=0x7f9c7d3ec000, stack_size=0x20300, tls=0x7f9c7d40c6c0}./strace-static-x86_64: Process 274 attached => {parent_tid=[274]}, 88) = 274 [pid 274] set_robust_list(0x7f9c7d40c9a0, 24) = 0 [pid 274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 274] futex(0x7f9c7d4d8328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 273] futex(0x7f9c7d4d8328, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 274] <... futex resumed>) = 0 [pid 274] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 273] futex(0x7f9c7d4d832c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 274] <... socketpair resumed>[3, 4]) = 0 [pid 274] futex(0x7f9c7d4d832c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 274] futex(0x7f9c7d4d8328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 273] futex(0x7f9c7d4d8328, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 274] <... futex resumed>) = 0 [pid 274] sendmsg(3, {msg_name={sa_family=AF_TIPC, sa_data="\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, msg_namelen=16, msg_iov=[{iov_base="\xc3\xe9\x72\xbd\x85\xa6\xd8\x41\x36\xd6\xdd\x55\x04\x8d\x35\x93\xa7\x4f\x33\x8c\xe6\x77\x2a\xb9\xa6\xf6\x40\x41\xc2\xf6\xfb\xbe\xcd\xc0\x8e\xbc\xd3\x19\x2b\x6a\x53\x66\x2d\xae\x7c\x8e\x9c\x66\x5e\x80\xa5\xd0\x92\x5f\x72\x8d\xca\xc3\x0c\x29\x79\x39\x92\xe5\x88\x95\x26\x53\xd4\x14\xcb\x8c\xcd\xab\xc3\x87\x67\xfe\xe8\x19\xec\x5a\xf0\xc5\xee\x93\x68\x80\xfe\x85\x49\xb4\xed\x34\x77\x79\xca\xb4\xff\xd4", iov_len=100}, {iov_base="V", iov_len=1}, {iov_base="\x3e\xed\x50\xd0\x12\x57\x19\xa8\x10\xf8\x8e\x3f\x47\x18\x6f\xe4\xda\xe7\x41\x82\xdf\xd1\x09\xa2\x58\x7c\x47\x97\x41\x0c\x9b\x8e\x39\xbd\x3d\x9a\xa1\x44\xd5\x90\x86\x47\xc3\x0c\x8d\xb6\x9b\x5c\x17\x08\x4c\x9b\x1b\xfb\xb8\x68\x07\x37\xc4\xf8\x8a\xbc\xdb\xc7\xd2\x94\xd7\x2a\xb1\xb3\x44\x27\x09\x15\xdf\x9d\xdf\x56\x35\x64\x4c\x35\x1c\x22\xb2\x9d\x94\x8a\xc4\x10\x6b\xce\x71\x07\x57\x0b\xee\xd6\x30\x77"..., iov_len=4096}, {iov_base="\xb7\x68\xeb\x20\x30\x4f\x2f\xdc\x5a\x96\x94\xa4\x86\x78\x40\xd9\x31\x70\xca\x1a\x86\x40\x6f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04\x00\x00\x00\x20\x00\x00\x64\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x20\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\x00"..., iov_len=4294966976}], msg_iovlen=4, msg_controllen=0, msg_flags=MSG_PROBE|MSG_MORE}, 0 [ 195.493993][ T24] audit: type=1400 audit(1746839145.990:80): avc: denied { execmem } for pid=272 comm="syz-executor312" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 195.520951][ T24] audit: type=1400 audit(1746839146.020:81): avc: denied { create } for pid=273 comm="syz-executor312" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [pid 273] futex(0x7f9c7d4d832c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 273] futex(0x7f9c7d4d832c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 273] futex(0x7f9c7d4d832c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 273] futex(0x7f9c7d4d832c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 273] futex(0x7f9c7d4d833c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c7d3cb000 [pid 273] mprotect(0x7f9c7d3cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c7d3eb990, parent_tid=0x7f9c7d3eb990, exit_signal=0, stack=0x7f9c7d3cb000, stack_size=0x20300, tls=0x7f9c7d3eb6c0}./strace-static-x86_64: Process 275 attached => {parent_tid=[275]}, 88) = 275 [pid 275] set_robust_list(0x7f9c7d3eb9a0, 24) = 0 [pid 275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 275] futex(0x7f9c7d4d8338, FUTEX_WAIT_PRIVATE, 0, NULL [pid 273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 273] futex(0x7f9c7d4d8338, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 275] <... futex resumed>) = 0 [pid 275] dup2(4, 3) = 3 [pid 275] futex(0x7f9c7d4d833c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 275] futex(0x7f9c7d4d8338, FUTEX_WAIT_PRIVATE, 0, NULL [pid 273] futex(0x7f9c7d4d833c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 273] futex(0x7f9c7d4d8338, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 275] <... futex resumed>) = 0 [ 195.542564][ T24] audit: type=1400 audit(1746839146.050:82): avc: denied { write } for pid=273 comm="syz-executor312" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [pid 275] setsockopt(3, SOL_SOCKET, SO_RCVBUFFORCE, [-1], 4) = 0 [pid 275] futex(0x7f9c7d4d833c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 275] futex(0x7f9c7d4d8338, FUTEX_WAIT_PRIVATE, 0, NULL [pid 273] futex(0x7f9c7d4d833c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 273] futex(0x7f9c7d4d8338, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 275] <... futex resumed>) = 0 [pid 275] sendmmsg(3, [pid 273] futex(0x7f9c7d4d833c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 274] <... sendmsg resumed>) = 132000 [pid 274] futex(0x7f9c7d4d832c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 274] futex(0x7f9c7d4d8328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 275] <... sendmmsg resumed>[{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base="\xe8\x1a\xc9\xa4\xbc\x34\x9c\x10\x7e\xf6\xc1\xd5\x04\x90\xa8\x72\xc3\xdb\x14\x7c\xe7\x03\x20\x63\x54\x91\xd8\xf1\x69\xa3\xa0\x25\xe7\x5a\xdd\xef\xa7\x8b\x31\xb6\x29\xd7\xab\x8a\x10\x4f\x9c\xcc\xd8\xb3\x2b\x6c\xe1\xf3\xca\x7e\x7f\xbf\xba\x28\x2b\x24\x86\x8a\x15\xb1\xc0\x08\x56\x57\xd7\xa0\xfb\x42\xe6\xe7\xd0\x9c\xf7\xbb\xe6\xe9\x8b\x2c\x5a\xe0\x62\x01\x75\xe8\x06\xac\x5e\x23\xb4\xea\xad\xa0\x1c\x42"..., iov_len=4096}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], msg_iovlen=10, msg_controllen=0, msg_flags=0}, msg_len=4096}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_control=NULL, msg_controllen=13144, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}], 17, MSG_OOB|MSG_PROBE|MSG_DONTWAIT|MSG_EOR|MSG_FASTOPEN) = 12 [pid 275] futex(0x7f9c7d4d833c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 273] <... futex resumed>) = 0 [pid 273] exit_group(0 [pid 274] <... futex resumed>) = ? [pid 274] +++ exited with 0 +++ [pid 273] <... exit_group resumed>) = ? [pid 275] +++ exited with 0 +++ [pid 273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=273, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556ca06690) = 276 ./strace-static-x86_64: Process 276 attached [pid 276] set_robust_list(0x55556ca066a0, 24) = 0 [pid 276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 276] setpgid(0, 0) = 0 [pid 276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 276] write(3, "1000", 4) = 4 [pid 276] close(3) = 0 [pid 276] write(1, "executing program\n", 18executing program ) = 18 [pid 276] futex(0x7f9c7d4d832c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 276] rt_sigaction(SIGRT_1, {sa_handler=0x7f9c7d4719e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9c7d463060}, NULL, 8) = 0 [pid 276] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c7d3ec000 [pid 276] mprotect(0x7f9c7d3ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 276] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c7d40c990, parent_tid=0x7f9c7d40c990, exit_signal=0, stack=0x7f9c7d3ec000, stack_size=0x20300, tls=0x7f9c7d40c6c0} => {parent_tid=[277]}, 88) = 277 [pid 276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 276] futex(0x7f9c7d4d8328, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 277 attached [pid 277] set_robust_list(0x7f9c7d40c9a0, 24) = 0 [pid 277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 277] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 276] futex(0x7f9c7d4d832c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 277] <... socketpair resumed>[3, 4]) = 0 [pid 277] futex(0x7f9c7d4d832c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 276] <... futex resumed>) = 0 [pid 277] futex(0x7f9c7d4d8328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 276] futex(0x7f9c7d4d8328, FUTEX_WAKE_PRIVATE, 1000000 [pid 277] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 276] <... futex resumed>) = 0 [pid 277] sendmsg(3, {msg_name={sa_family=AF_TIPC, sa_data="\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, msg_namelen=16, msg_iov=[{iov_base="\xc3\xe9\x72\xbd\x85\xa6\xd8\x41\x36\xd6\xdd\x55\x04\x8d\x35\x93\xa7\x4f\x33\x8c\xe6\x77\x2a\xb9\xa6\xf6\x40\x41\xc2\xf6\xfb\xbe\xcd\xc0\x8e\xbc\xd3\x19\x2b\x6a\x53\x66\x2d\xae\x7c\x8e\x9c\x66\x5e\x80\xa5\xd0\x92\x5f\x72\x8d\xca\xc3\x0c\x29\x79\x39\x92\xe5\x88\x95\x26\x53\xd4\x14\xcb\x8c\xcd\xab\xc3\x87\x67\xfe\xe8\x19\xec\x5a\xf0\xc5\xee\x93\x68\x80\xfe\x85\x49\xb4\xed\x34\x77\x79\xca\xb4\xff\xd4", iov_len=100}, {iov_base="V", iov_len=1}, {iov_base="\x3e\xed\x50\xd0\x12\x57\x19\xa8\x10\xf8\x8e\x3f\x47\x18\x6f\xe4\xda\xe7\x41\x82\xdf\xd1\x09\xa2\x58\x7c\x47\x97\x41\x0c\x9b\x8e\x39\xbd\x3d\x9a\xa1\x44\xd5\x90\x86\x47\xc3\x0c\x8d\xb6\x9b\x5c\x17\x08\x4c\x9b\x1b\xfb\xb8\x68\x07\x37\xc4\xf8\x8a\xbc\xdb\xc7\xd2\x94\xd7\x2a\xb1\xb3\x44\x27\x09\x15\xdf\x9d\xdf\x56\x35\x64\x4c\x35\x1c\x22\xb2\x9d\x94\x8a\xc4\x10\x6b\xce\x71\x07\x57\x0b\xee\xd6\x30\x77"..., iov_len=4096}, {iov_base="\xb7\x68\xeb\x20\x30\x4f\x2f\xdc\x5a\x96\x94\xa4\x86\x78\x40\xd9\x31\x70\xca\x1a\x86\x40\x6f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04\x00\x00\x00\x20\x00\x00\x64\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x20\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\x00"..., iov_len=4294966976}], msg_iovlen=4, msg_controllen=0, msg_flags=MSG_PROBE|MSG_MORE}, 0 [ 195.596543][ T24] audit: type=1400 audit(1746839146.100:83): avc: denied { setopt } for pid=273 comm="syz-executor312" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [pid 276] futex(0x7f9c7d4d832c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 276] futex(0x7f9c7d4d832c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 276] futex(0x7f9c7d4d833c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c7d3cb000 [pid 276] mprotect(0x7f9c7d3cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 276] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c7d3eb990, parent_tid=0x7f9c7d3eb990, exit_signal=0, stack=0x7f9c7d3cb000, stack_size=0x20300, tls=0x7f9c7d3eb6c0} => {parent_tid=[278]}, 88) = 278 [pid 276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 276] futex(0x7f9c7d4d8338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 276] futex(0x7f9c7d4d833c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 278 attached [pid 278] set_robust_list(0x7f9c7d3eb9a0, 24) = 0 [pid 278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 278] dup2(4, 3) = 3 [pid 278] futex(0x7f9c7d4d833c, FUTEX_WAKE_PRIVATE, 1000000 [pid 276] <... futex resumed>) = 0 [pid 276] futex(0x7f9c7d4d8338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 276] futex(0x7f9c7d4d833c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 278] <... futex resumed>) = 1 [pid 278] setsockopt(3, SOL_SOCKET, SO_RCVBUFFORCE, [-1], 4) = 0 [pid 278] futex(0x7f9c7d4d833c, FUTEX_WAKE_PRIVATE, 1000000 [pid 276] <... futex resumed>) = 0 [pid 276] futex(0x7f9c7d4d8338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 276] futex(0x7f9c7d4d833c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 278] <... futex resumed>) = 1 [pid 278] sendmmsg(3, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base="\xe8\x1a\xc9\xa4\xbc\x34\x9c\x10\x7e\xf6\xc1\xd5\x04\x90\xa8\x72\xc3\xdb\x14\x7c\xe7\x03\x20\x63\x54\x91\xd8\xf1\x69\xa3\xa0\x25\xe7\x5a\xdd\xef\xa7\x8b\x31\xb6\x29\xd7\xab\x8a\x10\x4f\x9c\xcc\xd8\xb3\x2b\x6c\xe1\xf3\xca\x7e\x7f\xbf\xba\x28\x2b\x24\x86\x8a\x15\xb1\xc0\x08\x56\x57\xd7\xa0\xfb\x42\xe6\xe7\xd0\x9c\xf7\xbb\xe6\xe9\x8b\x2c\x5a\xe0\x62\x01\x75\xe8\x06\xac\x5e\x23\xb4\xea\xad\xa0\x1c\x42"..., iov_len=4096}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], msg_iovlen=10, msg_controllen=0, msg_flags=0}, msg_len=4096}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_control=NULL, msg_controllen=13144, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}], 17, MSG_OOB|MSG_PROBE|MSG_DONTWAIT|MSG_EOR|MSG_FASTOPEN) = 12 [pid 278] futex(0x7f9c7d4d833c, FUTEX_WAKE_PRIVATE, 1000000 [pid 276] <... futex resumed>) = 0 [pid 278] <... futex resumed>) = 1 [pid 278] futex(0x7f9c7d4d8338, FUTEX_WAIT_PRIVATE, 0, NULL [pid 276] exit_group(0) = ? [pid 278] <... futex resumed>) = ? [pid 278] +++ exited with 0 +++ [ 295.665865][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 295.672598][ C0] rcu: 0-...!: (10000 ticks this GP) idle=fea/1/0x4000000000000000 softirq=1200/1200 fqs=0 last_accelerate: d6f1/fe01 dyntick_enabled: 1 [ 295.686628][ C0] (t=10000 jiffies g=177 q=5) [ 295.691374][ C0] rcu: rcu_preempt kthread starved for 10000 jiffies! g177 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 295.702555][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 295.712501][ C0] rcu: RCU grace-period kthread stack dump: [ 295.718652][ C0] task:rcu_preempt state:I stack: 0 pid: 13 ppid: 2 flags:0x00004000 [ 295.727840][ C0] Call Trace: [ 295.731172][ C0] __schedule+0xb47/0x1310 [ 295.735569][ C0] ? release_firmware_map_entry+0x190/0x190 [ 295.741532][ C0] ? __mod_timer+0x7ae/0xb30 [ 295.746171][ C0] schedule+0x13c/0x1d0 [ 295.750307][ C0] schedule_timeout+0x12c/0x2d0 [ 295.755152][ C0] ? console_conditional_schedule+0x10/0x10 [ 295.761020][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 295.766478][ C0] ? run_local_timers+0x160/0x160 [ 295.771486][ C0] ? prepare_to_swait_event+0x320/0x340 [ 295.777014][ C0] rcu_gp_kthread+0x100a/0x26a0 [ 295.781869][ C0] ? rcu_barrier_callback+0x50/0x50 [ 295.787084][ C0] ? __kasan_check_read+0x11/0x20 [ 295.792097][ C0] ? __kthread_parkme+0xb9/0x1c0 [ 295.797021][ C0] kthread+0x346/0x3d0 [ 295.801200][ C0] ? rcu_barrier_callback+0x50/0x50 [ 295.806385][ C0] ? kthread_blkcg+0xd0/0xd0 [ 295.810957][ C0] ret_from_fork+0x1f/0x30 [ 295.815398][ C0] NMI backtrace for cpu 0 [ 295.819847][ C0] CPU: 0 PID: 277 Comm: syz-executor312 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 295.830072][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 295.840159][ C0] Call Trace: [ 295.843448][ C0] [ 295.846402][ C0] __dump_stack+0x21/0x24 [ 295.850721][ C0] dump_stack_lvl+0x169/0x1d8 [ 295.855412][ C0] ? show_regs_print_info+0x18/0x18 [ 295.860597][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 295.866139][ C0] ? _raw_spin_lock+0xe0/0xe0 [ 295.870819][ C0] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 295.876872][ C0] dump_stack+0x15/0x1c [ 295.881030][ C0] nmi_trigger_cpumask_backtrace+0x27f/0x2c0 [ 295.886995][ C0] arch_trigger_cpumask_backtrace+0x10/0x20 [ 295.892870][ C0] rcu_dump_cpu_stacks+0x19c/0x2c0 [ 295.897959][ C0] rcu_sched_clock_irq+0xf79/0x1870 [ 295.903135][ C0] ? rcutree_dead_cpu+0x2f0/0x2f0 [ 295.908137][ C0] ? hrtimer_run_queues+0x166/0x430 [ 295.913336][ C0] update_process_times+0x198/0x200 [ 295.918551][ C0] tick_sched_timer+0x17c/0x240 [ 295.923399][ C0] ? tick_setup_sched_timer+0x450/0x450 [ 295.928946][ C0] __hrtimer_run_queues+0x37a/0x960 [ 295.934130][ C0] ? hrtimer_interrupt+0xdc0/0xdc0 [ 295.939271][ C0] ? ktime_get_update_offsets_now+0x293/0x2b0 [ 295.945342][ C0] hrtimer_interrupt+0x3a6/0xdc0 [ 295.950262][ C0] ? do_sync_core+0x22/0x30 [ 295.954749][ C0] __sysvec_apic_timer_interrupt+0xfa/0x3f0 [ 295.960639][ C0] asm_call_irq_on_stack+0xf/0x20 [ 295.965677][ C0] [ 295.968608][ C0] sysvec_apic_timer_interrupt+0x85/0xe0 [ 295.974227][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 295.980198][ C0] RIP: 0010:tipc_sk_lookup+0x1f2/0x5f0 [ 295.985652][ C0] Code: f2 31 d1 89 d6 c1 c6 19 29 f1 31 c8 89 ce c1 c6 10 29 f0 31 c2 89 c6 c1 c6 04 29 f2 31 d1 c1 c2 0e 29 d1 31 c8 c1 c1 18 29 c8 cb 21 c3 45 8b 65 00 31 ff 44 89 e6 e8 bc 9b 09 fd 45 85 e4 0f [ 296.005247][ C0] RSP: 0018:ffffc90000b368c0 EFLAGS: 00000287 [ 296.011307][ C0] RAX: 00000000cd602e82 RBX: 0000000000000100 RCX: 00000000fbf9fd61 [ 296.019375][ C0] RDX: 0000000067ca83a7 RSI: 000000000a74a183 RDI: ffff88810bf74008 [ 296.027348][ C0] RBP: ffffc90000b369b0 R08: 0000000000000004 R09: 0000000000000003 [ 296.035311][ C0] R10: fffff52000166d28 R11: 1ffff92000166d28 R12: dffffc0000000000 [ 296.043269][ C0] R13: ffff88810bf74004 R14: 00000000116b2f35 R15: ffff88810c0bd0de [ 296.051235][ C0] ? _raw_spin_lock_bh+0x8e/0xe0 [ 296.056236][ C0] ? tipc_sk_rcv+0x1ef0/0x1ef0 [ 296.060974][ C0] tipc_sk_rcv+0x3eb/0x1ef0 [ 296.065455][ C0] ? __stack_depot_save+0x479/0x4c0 [ 296.070644][ C0] ? kasan_set_track+0x5b/0x70 [ 296.075390][ C0] ? kasan_set_track+0x4a/0x70 [ 296.080134][ C0] ? kasan_set_free_info+0x23/0x40 [ 296.085246][ C0] ? ____kasan_slab_free+0x125/0x160 [ 296.090512][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 296.096038][ C0] ? kmem_cache_free+0x100/0x2d0 [ 296.100953][ C0] ? kfree_skbmem+0x10c/0x180 [ 296.105606][ C0] ? kfree_skb+0xc1/0x2f0 [ 296.109909][ C0] ? tipc_msg_reverse+0x698/0x900 [ 296.114910][ C0] ? tipc_node_xmit+0x256/0xcd0 [ 296.119749][ C0] ? tipc_sk_filter_rcv+0x1581/0x3850 [ 296.125136][ C0] ? tipc_node_xmit+0x256/0xcd0 [ 296.129984][ C0] ? tipc_node_distr_xmit+0x292/0x390 [ 296.135341][ C0] ? tipc_sk_backlog_rcv+0x16f/0x1f0 [ 296.140627][ C0] ? syscall_exit_to_user_mode+0x5b/0x90 [ 296.146245][ C0] ? do_syscall_64+0x3d/0x40 [ 296.150832][ C0] ? __skb_queue_purge+0x170/0x170 [ 296.155951][ C0] tipc_node_xmit+0x256/0xcd0 [ 296.160611][ C0] ? ____kasan_slab_free+0x130/0x160 [ 296.165877][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 296.171396][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 296.177003][ C0] ? kfree_skbmem+0x10c/0x180 [ 296.181659][ C0] ? kmem_cache_free+0x100/0x2d0 [ 296.186575][ C0] tipc_node_xmit_skb+0xe9/0x130 [ 296.191502][ C0] ? kfree_skb+0xc1/0x2f0 [ 296.195832][ C0] ? __skb_queue_purge+0x170/0x170 [ 296.201018][ C0] ? trace_tipc_sk_rej_msg+0x2c/0x6d0 [ 296.206402][ C0] tipc_sk_rcv+0x1d77/0x1ef0 [ 296.211059][ C0] ? is_bpf_text_address+0x177/0x190 [ 296.216321][ C0] ? __kernel_text_address+0xa0/0x100 [ 296.221684][ C0] ? unwind_get_return_address+0x4d/0x90 [ 296.227306][ C0] ? stack_trace_save+0xe0/0xe0 [ 296.232153][ C0] ? arch_stack_walk+0xee/0x140 [ 296.236990][ C0] ? __skb_queue_purge+0x170/0x170 [ 296.242270][ C0] tipc_node_xmit+0x256/0xcd0 [ 296.246925][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 296.252449][ C0] ? unwind_get_return_address+0x4d/0x90 [ 296.258060][ C0] ? __kasan_check_write+0x14/0x20 [ 296.263146][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 296.268592][ C0] ? _raw_spin_lock+0xe0/0xe0 [ 296.273246][ C0] tipc_sk_filter_rcv+0x1581/0x3850 [ 296.278425][ C0] ? tipc_sk_dump+0xfc0/0xfc0 [ 296.283079][ C0] ? __kasan_check_write+0x14/0x20 [ 296.288181][ C0] ? _raw_spin_lock_bh+0x8e/0xe0 [ 296.293112][ C0] tipc_sk_rcv+0x7cc/0x1ef0 [ 296.297589][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 296.303112][ C0] ? kmem_cache_free+0x100/0x2d0 [ 296.308027][ C0] ? __skb_queue_purge+0x170/0x170 [ 296.313113][ C0] ? tipc_sk_filter_rcv+0x3034/0x3850 [ 296.318458][ C0] ? ____fput+0x15/0x20 [ 296.322591][ C0] ? task_work_run+0x127/0x190 [ 296.327331][ C0] tipc_node_xmit+0x256/0xcd0 [ 296.331982][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 296.337505][ C0] tipc_node_distr_xmit+0x292/0x390 [ 296.342783][ C0] ? tipc_node_xmit_skb+0x130/0x130 [ 296.347972][ C0] ? kvm_sched_clock_read+0x18/0x40 [ 296.353152][ C0] ? sched_clock+0x3a/0x40 [ 296.357569][ C0] ? sched_clock+0x3a/0x40 [ 296.361967][ C0] ? sched_clock_cpu+0x1b/0x3d0 [ 296.366794][ C0] tipc_sk_backlog_rcv+0x16f/0x1f0 [ 296.371888][ C0] ? tipc_sk_timeout+0x970/0x970 [ 296.376804][ C0] ? irq_exit_rcu+0x9/0x10 [ 296.381198][ C0] __release_sock+0x146/0x360 [ 296.385856][ C0] release_sock+0x60/0x1b0 [ 296.390274][ C0] tipc_release+0xbd4/0x1490 [ 296.394857][ C0] sock_close+0xe0/0x270 [ 296.399080][ C0] ? sock_mmap+0xa0/0xa0 [ 296.403319][ C0] __fput+0x2fb/0x770 [ 296.407276][ C0] ____fput+0x15/0x20 [ 296.411239][ C0] task_work_run+0x127/0x190 [ 296.415818][ C0] ptrace_notify+0x212/0x250 [ 296.420398][ C0] ? fput+0x1a/0x20 [ 296.424248][ C0] ? __x64_sys_sendmsg+0x24b/0x2a0 [ 296.429369][ C0] ? do_notify_parent+0x7e0/0x7e0 [ 296.434382][ C0] ? ___sys_sendmsg+0x260/0x260 [ 296.439215][ C0] syscall_exit_work+0x6e/0x140 [ 296.444047][ C0] syscall_exit_to_user_mode+0x5b/0x90 [ 296.449613][ C0] do_syscall_64+0x3d/0x40 [ 296.454011][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 296.459915][ C0] RIP: 0033:0x7f9c7d44baa9 [ 296.464365][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 296.483972][ C0] RSP: 002b:00007f9c7d40c218 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 296.492453][ C0] RAX: 00000000000203a0 RBX: 00007f9c7d4d8328 RCX: 00007f9c7d44baa9 [ 296.500423][ C0] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003 [ 296.508372][ C0] RBP: 00007f9c7d4d8320 R08: 0000000000000000 R09: 0000000000000000 [ 296.516323][ C0] R10: 00002000000003c0 R11: 0000000000000246 R12: 00007f9c7d4a5084 [ 296.524271][ C0] R13: 0000200000004b40 R14: 0000200000010dd0 R15: 0000200000010c80 [ 440.938348][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 123s! [syz-executor312:277] [ 440.947232][ C0] Modules linked in: [ 440.951165][ C0] CPU: 0 PID: 277 Comm: syz-executor312 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 440.961461][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 440.971593][ C0] RIP: 0010:tipc_sk_lookup+0x4e3/0x5f0 [ 440.977033][ C0] Code: 01 00 00 48 8b 44 24 08 0f b7 00 49 29 c5 74 67 49 8d 9d 80 00 00 00 48 89 df be 04 00 00 00 e8 f3 86 43 fd 41 be 01 00 00 00 45 0f c1 b5 80 00 00 00 31 ff 44 89 f6 e8 ca 98 09 fd 45 85 f6 [ 440.997001][ C0] RSP: 0018:ffffc90000b368c0 EFLAGS: 00000256 [ 441.003176][ C0] RAX: 0000000000000301 RBX: ffff88810c0c7280 RCX: ffffffff8459fdcd [ 441.011131][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff88810c0c7280 [ 441.019082][ C0] RBP: ffffc90000b369b0 R08: dffffc0000000000 R09: ffffed1021818e51 [ 441.027034][ C0] R10: ffffed1021818e51 R11: 1ffff11021818e50 R12: dffffc0000000000 [ 441.034998][ C0] R13: ffff88810c0c7200 R14: 0000000000000001 R15: fffffffffffffc18 [ 441.042966][ C0] FS: 00007f9c7d40c6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 441.051977][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 441.058544][ C0] CR2: 00007ffcb1c0a750 CR3: 000000011c246000 CR4: 00000000003506b0 [ 441.066500][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 441.074485][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 441.082446][ C0] Call Trace: [ 441.085767][ C0] ? tipc_sk_rcv+0x1ef0/0x1ef0 [ 441.090517][ C0] tipc_sk_rcv+0x3eb/0x1ef0 [ 441.095041][ C0] ? __stack_depot_save+0x479/0x4c0 [ 441.100231][ C0] ? kasan_set_track+0x5b/0x70 [ 441.104980][ C0] ? kasan_set_track+0x4a/0x70 [ 441.109724][ C0] ? kasan_set_free_info+0x23/0x40 [ 441.114836][ C0] ? ____kasan_slab_free+0x125/0x160 [ 441.120098][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 441.125622][ C0] ? kmem_cache_free+0x100/0x2d0 [ 441.130717][ C0] ? kfree_skbmem+0x10c/0x180 [ 441.135372][ C0] ? kfree_skb+0xc1/0x2f0 [ 441.139864][ C0] ? tipc_msg_reverse+0x698/0x900 [ 441.145033][ C0] ? tipc_node_xmit+0x256/0xcd0 [ 441.149896][ C0] ? tipc_sk_filter_rcv+0x1581/0x3850 [ 441.155282][ C0] ? tipc_node_xmit+0x256/0xcd0 [ 441.160128][ C0] ? tipc_node_distr_xmit+0x292/0x390 [ 441.165476][ C0] ? tipc_sk_backlog_rcv+0x16f/0x1f0 [ 441.170769][ C0] ? syscall_exit_to_user_mode+0x5b/0x90 [ 441.176406][ C0] ? do_syscall_64+0x3d/0x40 [ 441.180974][ C0] ? __skb_queue_purge+0x170/0x170 [ 441.186068][ C0] tipc_node_xmit+0x256/0xcd0 [ 441.190724][ C0] ? ____kasan_slab_free+0x130/0x160 [ 441.195989][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 441.201510][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 441.207052][ C0] ? kfree_skbmem+0x10c/0x180 [ 441.211744][ C0] ? kmem_cache_free+0x100/0x2d0 [ 441.216676][ C0] tipc_node_xmit_skb+0xe9/0x130 [ 441.221594][ C0] ? kfree_skb+0xc1/0x2f0 [ 441.225999][ C0] ? __skb_queue_purge+0x170/0x170 [ 441.231088][ C0] ? trace_tipc_sk_rej_msg+0x2c/0x6d0 [ 441.236440][ C0] tipc_sk_rcv+0x1d77/0x1ef0 [ 441.241054][ C0] ? is_bpf_text_address+0x177/0x190 [ 441.246452][ C0] ? __kernel_text_address+0xa0/0x100 [ 441.251837][ C0] ? unwind_get_return_address+0x4d/0x90 [ 441.257463][ C0] ? stack_trace_save+0xe0/0xe0 [ 441.262299][ C0] ? arch_stack_walk+0xee/0x140 [ 441.267139][ C0] ? __skb_queue_purge+0x170/0x170 [ 441.272250][ C0] tipc_node_xmit+0x256/0xcd0 [ 441.276906][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 441.282450][ C0] ? unwind_get_return_address+0x4d/0x90 [ 441.288061][ C0] ? __kasan_check_write+0x14/0x20 [ 441.293175][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 441.298610][ C0] ? _raw_spin_lock+0xe0/0xe0 [ 441.303264][ C0] tipc_sk_filter_rcv+0x1581/0x3850 [ 441.308448][ C0] ? tipc_sk_dump+0xfc0/0xfc0 [ 441.313107][ C0] ? __kasan_check_write+0x14/0x20 [ 441.318224][ C0] ? _raw_spin_lock_bh+0x8e/0xe0 [ 441.323146][ C0] tipc_sk_rcv+0x7cc/0x1ef0 [ 441.327648][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 441.333192][ C0] ? kmem_cache_free+0x100/0x2d0 [ 441.338119][ C0] ? __skb_queue_purge+0x170/0x170 [ 441.343227][ C0] ? tipc_sk_filter_rcv+0x3034/0x3850 [ 441.348590][ C0] ? ____fput+0x15/0x20 [ 441.352731][ C0] ? task_work_run+0x127/0x190 [ 441.357501][ C0] tipc_node_xmit+0x256/0xcd0 [ 441.362169][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 441.367726][ C0] tipc_node_distr_xmit+0x292/0x390 [ 441.372913][ C0] ? tipc_node_xmit_skb+0x130/0x130 [ 441.378092][ C0] ? kvm_sched_clock_read+0x18/0x40 [ 441.383288][ C0] ? sched_clock+0x3a/0x40 [ 441.387710][ C0] ? sched_clock+0x3a/0x40 [ 441.392155][ C0] ? sched_clock_cpu+0x1b/0x3d0 [ 441.396992][ C0] tipc_sk_backlog_rcv+0x16f/0x1f0 [ 441.402085][ C0] ? tipc_sk_timeout+0x970/0x970 [ 441.407029][ C0] ? irq_exit_rcu+0x9/0x10 [ 441.411426][ C0] __release_sock+0x146/0x360 [ 441.416083][ C0] release_sock+0x60/0x1b0 [ 441.420503][ C0] tipc_release+0xbd4/0x1490 [ 441.425101][ C0] sock_close+0xe0/0x270 [ 441.429338][ C0] ? sock_mmap+0xa0/0xa0 [ 441.433569][ C0] __fput+0x2fb/0x770 [ 441.437534][ C0] ____fput+0x15/0x20 [ 441.441513][ C0] task_work_run+0x127/0x190 [ 441.446108][ C0] ptrace_notify+0x212/0x250 [ 441.450686][ C0] ? fput+0x1a/0x20 [ 441.454482][ C0] ? __x64_sys_sendmsg+0x24b/0x2a0 [ 441.459604][ C0] ? do_notify_parent+0x7e0/0x7e0 [ 441.464608][ C0] ? ___sys_sendmsg+0x260/0x260 [ 441.469440][ C0] syscall_exit_work+0x6e/0x140 [ 441.475060][ C0] syscall_exit_to_user_mode+0x5b/0x90 [ 441.481050][ C0] do_syscall_64+0x3d/0x40 [ 441.485923][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 441.491837][ C0] RIP: 0033:0x7f9c7d44baa9 [ 441.496460][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 441.517325][ C0] RSP: 002b:00007f9c7d40c218 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 441.526019][ C0] RAX: 00000000000203a0 RBX: 00007f9c7d4d8328 RCX: 00007f9c7d44baa9 [ 441.534301][ C0] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003 [ 441.542798][ C0] RBP: 00007f9c7d4d8320 R08: 0000000000000000 R09: 0000000000000000 [ 441.551069][ C0] R10: 00002000000003c0 R11: 0000000000000246 R12: 00007f9c7d4a5084 [ 441.559047][ C0] R13: 0000200000004b40 R14: 0000200000010dd0 R15: 0000200000010c80