./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1320896261 <...> Warning: Permanently added '10.128.10.42' (ED25519) to the list of known hosts. execve("./syz-executor1320896261", ["./syz-executor1320896261"], 0x7ffe915c93f0 /* 10 vars */) = 0 brk(NULL) = 0x55557635c000 brk(0x55557635cd00) = 0x55557635cd00 arch_prctl(ARCH_SET_FS, 0x55557635c380) = 0 set_tid_address(0x55557635c650) = 5831 set_robust_list(0x55557635c660, 24) = 0 rseq(0x55557635cca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1320896261", 4096) = 28 getrandom("\x24\xf4\xfd\xd2\x55\x12\x63\x83", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557635cd00 brk(0x55557637dd00) = 0x55557637dd00 brk(0x55557637e000) = 0x55557637e000 mprotect(0x7fae11043000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557635c650) = 5832 ./strace-static-x86_64: Process 5832 attached [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] set_robust_list(0x55557635c660, 24) = 0 ./strace-static-x86_64: Process 5833 attached [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] set_robust_list(0x55557635c660, 24 [pid 5831] <... clone resumed>, child_tidptr=0x55557635c650) = 5833 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5834 attached [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... clone resumed>, child_tidptr=0x55557635c650) = 5834 ./strace-static-x86_64: Process 5835 attached [pid 5834] set_robust_list(0x55557635c660, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55557635c650) = 5835 [pid 5834] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5836 attached [pid 5835] set_robust_list(0x55557635c660, 24 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] <... clone resumed>, child_tidptr=0x55557635c650) = 5836 [pid 5835] <... set_robust_list resumed>) = 0 [pid 5834] <... prctl resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5836] set_robust_list(0x55557635c660, 24 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] setpgid(0, 0 [pid 5836] <... set_robust_list resumed>) = 0 [pid 5835] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5837 attached [pid 5836] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5835] setpgid(0, 0 [pid 5834] <... setpgid resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55557635c650) = 5837 [pid 5837] set_robust_list(0x55557635c660, 24 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached [pid 5837] <... set_robust_list resumed>) = 0 [pid 5835] <... setpgid resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5839 attached [pid 5831] <... clone resumed>, child_tidptr=0x55557635c650) = 5839 [pid 5839] set_robust_list(0x55557635c660, 24 [pid 5838] set_robust_list(0x55557635c660, 24 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5836] <... clone resumed>, child_tidptr=0x55557635c650) = 5838 [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] <... openat resumed>) = 3 [pid 5839] <... set_robust_list resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5841 attached ./strace-static-x86_64: Process 5840 attached [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5835] <... openat resumed>) = 3 [pid 5834] write(3, "1000", 4 [pid 5840] set_robust_list(0x55557635c660, 24 [pid 5841] set_robust_list(0x55557635c660, 24 [pid 5835] write(3, "1000", 4 [pid 5840] <... set_robust_list resumed>) = 0 [pid 5834] <... write resumed>) = 4 [pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] close(3 [pid 5835] <... write resumed>) = 4 [pid 5834] <... close resumed>) = 0 [pid 5835] close(3 [pid 5841] <... set_robust_list resumed>) = 0 [pid 5838] <... prctl resumed>) = 0 [pid 5835] <... close resumed>) = 0 [pid 5834] write(1, "executing program\n", 18executing program [pid 5840] <... prctl resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55557635c650) = 5841 [pid 5838] setpgid(0, 0 [pid 5834] <... write resumed>) = 18 [pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] setpgid(0, 0 [pid 5838] <... setpgid resumed>) = 0 [pid 5837] <... clone resumed>, child_tidptr=0x55557635c650) = 5840 [pid 5835] write(1, "executing program\n", 18executing program [pid 5841] <... prctl resumed>) = 0 [pid 5840] <... setpgid resumed>) = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5835] <... write resumed>) = 18 [pid 5834] openat(AT_FDCWD, "/dev/kvm", O_RDONLY [pid 5841] setpgid(0, 0 [pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5835] openat(AT_FDCWD, "/dev/kvm", O_RDONLY [pid 5834] <... openat resumed>) = 3 [pid 5841] <... setpgid resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5838] <... openat resumed>) = 3 [pid 5835] <... openat resumed>) = 3 [pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5835] bpf(BPF_MAP_CREATE, NULL, 72 [pid 5838] write(3, "1000", 4 [pid 5834] bpf(BPF_MAP_CREATE, NULL, 72 [pid 5840] write(3, "1000", 4 [pid 5835] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 5841] <... openat resumed>) = 3 [pid 5840] <... write resumed>) = 4 [pid 5838] <... write resumed>) = 4 [pid 5835] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5834] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 5835] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5834] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5838] close(3 [pid 5834] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5841] write(3, "1000", 4 [pid 5840] close(3 [pid 5835] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 5841] <... write resumed>) = 4 [pid 5840] <... close resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5835] <... bpf resumed>) = 4 executing program [pid 5834] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 5841] close(3 [pid 5840] write(1, "executing program\n", 18executing program [pid 5838] write(1, "executing program\n", 18 [pid 5835] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER [pid 5841] <... close resumed>) = 0 [pid 5840] <... write resumed>) = 18 [pid 5838] <... write resumed>) = 18 [pid 5835] <... socket resumed>) = 5 [pid 5834] <... bpf resumed>) = 4 [pid 5841] write(1, "executing program\n", 18executing program [pid 5840] openat(AT_FDCWD, "/dev/kvm", O_RDONLY [pid 5838] openat(AT_FDCWD, "/dev/kvm", O_RDONLY [pid 5835] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001c40, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=0x20000000, line_info_cnt=16, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL, ...}, 148 [pid 5834] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER [pid 5841] <... write resumed>) = 18 [pid 5840] <... openat resumed>) = 3 [pid 5835] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "/dev/kvm", O_RDONLY [pid 5840] bpf(BPF_MAP_CREATE, NULL, 72 [pid 5835] sendmsg(-1, NULL, 0 [pid 5834] <... socket resumed>) = 5 [pid 5841] <... openat resumed>) = 3 [pid 5840] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 5838] <... openat resumed>) = 3 [pid 5835] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] bpf(BPF_MAP_CREATE, NULL, 72) = -1 EFAULT (Bad address) [pid 5841] bpf(BPF_MAP_CREATE, NULL, 72 [pid 5840] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5838] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5835] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=147}, [pid 5834] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001c40, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=0x20000000, line_info_cnt=16, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL, ...}, 148 [pid 5841] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 5840] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5838] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5835] <... prlimit64 resumed>NULL) = 0 [pid 5841] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5840] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 5838] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 5835] sched_setscheduler(0, SCHED_RR, [6] [pid 5834] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5840] <... bpf resumed>) = 4 [pid 5838] <... bpf resumed>) = 4 [pid 5835] <... sched_setscheduler resumed>) = 0 [pid 5834] sendmsg(-1, NULL, 0 [pid 5841] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 5840] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER [pid 5838] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER [pid 5835] prctl(PR_SCHED_CORE, PR_SCHED_CORE_CREATE, 0, 0 /* PIDTYPE_PID */, NULL [pid 5841] <... bpf resumed>) = 4 [pid 5840] <... socket resumed>) = 5 [pid 5838] <... socket resumed>) = 5 [pid 5834] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001c40, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=0x20000000, line_info_cnt=16, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL, ...}, 148 [pid 5834] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=147}, [pid 5841] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER [pid 5840] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001c40, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=0x20000000, line_info_cnt=16, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL, ...}, 148 [pid 5834] <... prlimit64 resumed>NULL) = 0 [pid 5841] <... socket resumed>) = 5 [pid 5840] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5835] <... prctl resumed>) = 0 [pid 5834] sched_setscheduler(0, SCHED_RR, [6] [pid 5841] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20001c40, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=0x20000000, line_info_cnt=16, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL, ...}, 148 [pid 5840] sendmsg(-1, NULL, 0 [pid 5838] sendmsg(-1, NULL, 0 [pid 5835] getpid( [pid 5834] <... sched_setscheduler resumed>) = 0 [pid 5841] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5835] <... getpid resumed>) = 5835 [pid 5834] prctl(PR_SCHED_CORE, PR_SCHED_CORE_CREATE, 0, 0 /* PIDTYPE_PID */, NULL [pid 5841] sendmsg(-1, NULL, 0 [pid 5840] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=147}, [pid 5835] sched_setscheduler(5835, SCHED_RR, [4] [pid 5841] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5840] <... prlimit64 resumed>NULL) = 0 [pid 5835] <... sched_setscheduler resumed>) = 0 [pid 5841] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=147}, [pid 5840] sched_setscheduler(0, SCHED_RR, [6] [pid 5835] openat(AT_FDCWD, "/dev/video7", O_RDONLY [pid 5834] <... prctl resumed>) = 0 [pid 5841] <... prlimit64 resumed>NULL) = 0 [pid 5840] <... sched_setscheduler resumed>) = 0 [pid 5835] <... openat resumed>) = 6 [pid 5834] getpid( [pid 5838] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=147}, [pid 5841] sched_setscheduler(0, SCHED_RR, [6] [pid 5840] prctl(PR_SCHED_CORE, PR_SCHED_CORE_CREATE, 0, 0 /* PIDTYPE_PID */, NULL [pid 5838] <... prlimit64 resumed>NULL) = 0 [pid 5835] connect(-1, NULL, 0 [pid 5834] <... getpid resumed>) = 5834 [pid 5841] <... sched_setscheduler resumed>) = 0 [pid 5840] <... prctl resumed>) = 0 [pid 5838] sched_setscheduler(0, SCHED_RR, [6] [pid 5835] <... connect resumed>) = -1 EBADF (Bad file descriptor) [pid 5834] sched_setscheduler(5834, SCHED_RR, [4] [pid 5841] prctl(PR_SCHED_CORE, PR_SCHED_CORE_CREATE, 0, 0 /* PIDTYPE_PID */, NULL [pid 5840] getpid( [pid 5838] <... sched_setscheduler resumed>) = 0 [pid 5835] recvmmsg(-1, [pid 5834] <... sched_setscheduler resumed>) = 0 [pid 5841] <... prctl resumed>) = 0 [pid 5840] <... getpid resumed>) = 5840 [pid 5838] prctl(PR_SCHED_CORE, PR_SCHED_CORE_CREATE, 0, 0 /* PIDTYPE_PID */, NULL [pid 5835] <... recvmmsg resumed>NULL, 0, MSG_PEEK, NULL) = -1 EBADF (Bad file descriptor) [pid 5834] openat(AT_FDCWD, "/dev/video7", O_RDONLY [pid 5841] getpid( [pid 5840] sched_setscheduler(5840, SCHED_RR, [4] [pid 5838] <... prctl resumed>) = 0 [pid 5835] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=262144, map_flags=0, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 5834] <... openat resumed>) = 6 [ 80.760671][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [pid 5841] <... getpid resumed>) = 5841 [pid 5840] <... sched_setscheduler resumed>) = 0 [pid 5838] getpid( [pid 5835] <... bpf resumed>) = 7 [pid 5834] connect(-1, NULL, 0 [pid 5841] sched_setscheduler(5841, SCHED_RR, [4] [pid 5840] openat(AT_FDCWD, "/dev/video7", O_RDONLY [pid 5838] <... getpid resumed>) = 5838 [pid 5835] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SKB, insn_cnt=28, insns=0x20000d80, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 5834] <... connect resumed>) = -1 EBADF (Bad file descriptor) [pid 5841] <... sched_setscheduler resumed>) = 0 [pid 5840] <... openat resumed>) = 6 [pid 5838] sched_setscheduler(5838, SCHED_RR, [4] [pid 5834] recvmmsg(-1, [pid 5838] <... sched_setscheduler resumed>) = 0 [pid 5834] <... recvmmsg resumed>NULL, 0, MSG_PEEK, NULL) = -1 EBADF (Bad file descriptor) [pid 5838] openat(AT_FDCWD, "/dev/video7", O_RDONLY [pid 5834] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=262144, map_flags=0, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 5841] openat(AT_FDCWD, "/dev/video7", O_RDONLY [pid 5840] connect(-1, NULL, 0 [pid 5838] <... openat resumed>) = 6 [pid 5834] <... bpf resumed>) = 7 [pid 5841] <... openat resumed>) = 6 [ 86.302196][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 87.303280][ T58] cfg80211: failed to load regulatory.db [ 87.309648][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.987095][ T974] sched: DL replenish lagged too much [pid 5840] <... connect resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] connect(-1, NULL, 0 [pid 5837] kill(-5840, SIGKILL [ 114.575424][ T5834] ================================================================== [ 114.583520][ T5834] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x340/0x3a0 [ 114.591442][ T5834] Write of size 2097120 at addr ffffc90004c00020 by task syz-executor132/5834 [ 114.600282][ T5834] [ 114.602618][ T5834] CPU: 1 UID: 0 PID: 5834 Comm: syz-executor132 Not tainted 6.12.0-next-20241120-syzkaller #0 [ 114.612934][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 114.623019][ T5834] Call Trace: [ 114.626322][ T5834] [ 114.629255][ T5834] dump_stack_lvl+0x241/0x360 [ 114.633956][ T5834] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.639169][ T5834] ? __pfx__printk+0x10/0x10 [ 114.643772][ T5834] ? _printk+0xd5/0x120 [ 114.647931][ T5834] print_report+0x169/0x550 [ 114.652437][ T5834] ? __virt_addr_valid+0xbd/0x530 [ 114.657486][ T5834] ? vrealloc_noprof+0x340/0x3a0 [ 114.662419][ T5834] kasan_report+0x143/0x180 [ 114.666932][ T5834] ? vrealloc_noprof+0x340/0x3a0 [ 114.671881][ T5834] kasan_check_range+0x282/0x290 [ 114.676835][ T5834] __asan_memset+0x23/0x50 [ 114.681253][ T5834] vrealloc_noprof+0x340/0x3a0 [ 114.686039][ T5834] push_insn_history+0x16c/0x6a0 [ 114.690984][ T5834] check_mem_access+0xf30/0x2240 [ 114.695927][ T5834] ? __reg_deduce_bounds+0xc57/0x10d0 [ 114.701315][ T5834] ? __pfx_check_mem_access+0x10/0x10 [ 114.706693][ T5834] ? is_reg64+0x306/0x3a0 [ 114.711020][ T5834] ? __check_reg_arg+0x180/0x4d0 [ 114.715954][ T5834] do_check+0x7d97/0xfcd0 [ 114.720324][ T5834] ? __pfx_do_check+0x10/0x10 [ 114.725002][ T5834] ? mark_reg_not_init+0xd4/0x4b0 [ 114.730028][ T5834] ? __asan_memcpy+0x40/0x70 [ 114.734610][ T5834] ? mark_reg_not_init+0xd4/0x4b0 [ 114.739636][ T5834] do_check_common+0x1564/0x2010 [ 114.744583][ T5834] bpf_check+0x19380/0x1f1b0 [ 114.749175][ T5834] ? bpf_prog_alloc+0x3a/0x1b0 [ 114.753956][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 114.759150][ T5834] ? page_ext_get+0x20/0x2a0 [ 114.763753][ T5834] ? page_ext_get+0x1d6/0x2a0 [ 114.768444][ T5834] ? post_alloc_hook+0x206/0x230 [ 114.773379][ T5834] ? get_page_from_freelist+0x3725/0x3870 [ 114.779092][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 114.784288][ T5834] ? validate_chain+0x11e/0x5920 [ 114.789226][ T5834] ? validate_chain+0x11e/0x5920 [ 114.794154][ T5834] ? mark_lock+0x9a/0x360 [ 114.798508][ T5834] ? validate_chain+0x11e/0x5920 [ 114.803447][ T5834] ? validate_chain+0x11e/0x5920 [ 114.808384][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 114.813592][ T5834] ? validate_chain+0x11e/0x5920 [ 114.818532][ T5834] ? validate_chain+0x11e/0x5920 [ 114.823469][ T5834] ? validate_chain+0x11e/0x5920 [ 114.828408][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 114.833634][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 114.838834][ T5834] ? __pfx_bpf_check+0x10/0x10 [ 114.843597][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 114.848800][ T5834] ? mark_lock+0x9a/0x360 [ 114.853130][ T5834] ? mark_lock+0x9a/0x360 [ 114.857459][ T5834] ? __lock_acquire+0x1397/0x2100 [ 114.862480][ T5834] ? mark_lock+0x9a/0x360 [ 114.866813][ T5834] ? __lock_acquire+0x1397/0x2100 [ 114.871842][ T5834] ? __pfx_lock_acquire+0x10/0x10 [ 114.876860][ T5834] ? ktime_get_with_offset+0x8c/0x290 [ 114.882252][ T5834] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 114.888334][ T5834] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 114.894682][ T5834] ? ktime_get_with_offset+0x8c/0x290 [ 114.900168][ T5834] ? seqcount_lockdep_reader_access+0x157/0x220 [ 114.906429][ T5834] ? lockdep_hardirqs_on+0x99/0x150 [ 114.911645][ T5834] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 114.917891][ T5834] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 114.924481][ T5834] ? _raw_spin_unlock+0x28/0x50 [ 114.929350][ T5834] ? __asan_memset+0x23/0x50 [ 114.933934][ T5834] ? bpf_obj_name_cpy+0x18a/0x1d0 [ 114.938982][ T5834] bpf_prog_load+0x1667/0x20f0 [ 114.943741][ T5834] ? __pfx_bpf_prog_load+0x10/0x10 [ 114.948842][ T5834] ? __pfx___might_resched+0x10/0x10 [ 114.954138][ T5834] ? __might_fault+0xc6/0x120 [ 114.958817][ T5834] __sys_bpf+0x4ee/0x810 [ 114.963081][ T5834] ? __pfx___sys_bpf+0x10/0x10 [ 114.967853][ T5834] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 114.974183][ T5834] ? do_syscall_64+0x100/0x230 [ 114.978942][ T5834] __x64_sys_bpf+0x7c/0x90 [ 114.983400][ T5834] do_syscall_64+0xf3/0x230 [ 114.987904][ T5834] ? clear_bhb_loop+0x35/0x90 [ 114.992578][ T5834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.998486][ T5834] RIP: 0033:0x7fae10fcf269 [ 115.002900][ T5834] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 115.022698][ T5834] RSP: 002b:00007ffdf2bc3148 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 115.031116][ T5834] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fae10fcf269 [ 115.039087][ T5834] RDX: 0000000000000090 RSI: 0000000020000840 RDI: 0000000000000005 [ 115.047058][ T5834] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000000000a0 [ 115.055026][ T5834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.063218][ T5834] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 115.071190][ T5834] [ 115.074203][ T5834] [ 115.076526][ T5834] The buggy address belongs to the virtual mapping at [ 115.076526][ T5834] [ffffc90004800000, ffffc90004e01000) created by: [ 115.076526][ T5834] kvrealloc_noprof+0xc7/0x120 [ 115.094353][ T5834] [ 115.096692][ T5834] The buggy address belongs to the physical page: [ 115.103115][ T5834] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6c600 [ 115.111997][ T5834] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 115.119118][ T5834] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 115.127718][ T5834] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 115.136292][ T5834] page dumped because: kasan: bad access detected [ 115.142720][ T5834] page_owner tracks the page as allocated [ 115.148448][ T5834] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 5834, tgid 5834 (syz-executor132), ts 114573563417, free_ts 25588986996 [ 115.166171][ T5834] post_alloc_hook+0x1f3/0x230 [ 115.170944][ T5834] get_page_from_freelist+0x3725/0x3870 [ 115.176486][ T5834] __alloc_pages_noprof+0x292/0x710 [ 115.181688][ T5834] alloc_pages_mpol_noprof+0x3e8/0x680 [ 115.187161][ T5834] __vmalloc_node_range_noprof+0x9c9/0x1380 [ 115.193048][ T5834] __kvmalloc_node_noprof+0x142/0x190 [ 115.198424][ T5834] kvrealloc_noprof+0xc7/0x120 [ 115.203184][ T5834] push_insn_history+0x16c/0x6a0 [ 115.208127][ T5834] check_mem_access+0xf30/0x2240 [ 115.213083][ T5834] do_check+0x7d97/0xfcd0 [ 115.217424][ T5834] do_check_common+0x1564/0x2010 [ 115.222368][ T5834] bpf_check+0x19380/0x1f1b0 [ 115.226969][ T5834] bpf_prog_load+0x1667/0x20f0 [ 115.231756][ T5834] __sys_bpf+0x4ee/0x810 [ 115.236066][ T5834] __x64_sys_bpf+0x7c/0x90 [ 115.240493][ T5834] do_syscall_64+0xf3/0x230 [ 115.245008][ T5834] page last free pid 1 tgid 1 stack trace: [ 115.250815][ T5834] free_unref_page+0xdf9/0x1140 [ 115.255691][ T5834] free_contig_range+0x152/0x550 [ 115.260943][ T5834] destroy_args+0x92/0x910 [ 115.265369][ T5834] debug_vm_pgtable+0x4be/0x550 [ 115.270251][ T5834] do_one_initcall+0x248/0x880 [ 115.275023][ T5834] do_initcall_level+0x157/0x210 [ 115.279981][ T5834] do_initcalls+0x3f/0x80 [ 115.284313][ T5834] kernel_init_freeable+0x435/0x5d0 [ 115.289517][ T5834] kernel_init+0x1d/0x2b0 [ 115.293864][ T5834] ret_from_fork+0x4b/0x80 [ 115.298275][ T5834] ret_from_fork_asm+0x1a/0x30 [ 115.303044][ T5834] [ 115.305358][ T5834] Memory state around the buggy address: [ 115.310974][ T5834] ffffc90004bfff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 115.319040][ T5834] ffffc90004bfff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 115.327108][ T5834] >ffffc90004c00000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 115.335176][ T5834] ^ [ 115.340295][ T5834] ffffc90004c00080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 115.348349][ T5834] ffffc90004c00100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 115.356398][ T5834] ================================================================== [ 115.364529][ T5834] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 115.371724][ T5834] CPU: 1 UID: 0 PID: 5834 Comm: syz-executor132 Not tainted 6.12.0-next-20241120-syzkaller #0 [ 115.381956][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 115.392004][ T5834] Call Trace: [ 115.395275][ T5834] [ 115.398208][ T5834] dump_stack_lvl+0x241/0x360 [ 115.402899][ T5834] ? __pfx_dump_stack_lvl+0x10/0x10 [ 115.408094][ T5834] ? __pfx__printk+0x10/0x10 [ 115.412680][ T5834] ? lock_release+0xbf/0xa30 [ 115.417284][ T5834] ? vscnprintf+0x5d/0x90 [ 115.421622][ T5834] panic+0x349/0x880 [ 115.425536][ T5834] ? check_panic_on_warn+0x21/0xb0 [ 115.430667][ T5834] ? __pfx_panic+0x10/0x10 [ 115.435082][ T5834] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 115.440975][ T5834] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 115.446870][ T5834] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 115.453218][ T5834] ? print_report+0x502/0x550 [ 115.457910][ T5834] check_panic_on_warn+0x86/0xb0 [ 115.462855][ T5834] ? vrealloc_noprof+0x340/0x3a0 [ 115.467786][ T5834] end_report+0x77/0x160 [ 115.472046][ T5834] kasan_report+0x154/0x180 [ 115.476564][ T5834] ? vrealloc_noprof+0x340/0x3a0 [ 115.481508][ T5834] kasan_check_range+0x282/0x290 [ 115.486444][ T5834] __asan_memset+0x23/0x50 [ 115.490869][ T5834] vrealloc_noprof+0x340/0x3a0 [ 115.495638][ T5834] push_insn_history+0x16c/0x6a0 [ 115.500578][ T5834] check_mem_access+0xf30/0x2240 [ 115.505542][ T5834] ? __reg_deduce_bounds+0xc57/0x10d0 [ 115.510918][ T5834] ? __pfx_check_mem_access+0x10/0x10 [ 115.516294][ T5834] ? is_reg64+0x306/0x3a0 [ 115.520621][ T5834] ? __check_reg_arg+0x180/0x4d0 [ 115.525556][ T5834] do_check+0x7d97/0xfcd0 [ 115.529928][ T5834] ? __pfx_do_check+0x10/0x10 [ 115.534608][ T5834] ? mark_reg_not_init+0xd4/0x4b0 [ 115.539636][ T5834] ? __asan_memcpy+0x40/0x70 [ 115.544220][ T5834] ? mark_reg_not_init+0xd4/0x4b0 [ 115.549283][ T5834] do_check_common+0x1564/0x2010 [ 115.554256][ T5834] bpf_check+0x19380/0x1f1b0 [ 115.558860][ T5834] ? bpf_prog_alloc+0x3a/0x1b0 [ 115.563640][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 115.568831][ T5834] ? page_ext_get+0x20/0x2a0 [ 115.573415][ T5834] ? page_ext_get+0x1d6/0x2a0 [ 115.578087][ T5834] ? post_alloc_hook+0x206/0x230 [ 115.583021][ T5834] ? get_page_from_freelist+0x3725/0x3870 [ 115.588732][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 115.593930][ T5834] ? validate_chain+0x11e/0x5920 [ 115.598864][ T5834] ? validate_chain+0x11e/0x5920 [ 115.603812][ T5834] ? mark_lock+0x9a/0x360 [ 115.608141][ T5834] ? validate_chain+0x11e/0x5920 [ 115.613075][ T5834] ? validate_chain+0x11e/0x5920 [ 115.618006][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 115.623202][ T5834] ? validate_chain+0x11e/0x5920 [ 115.628140][ T5834] ? validate_chain+0x11e/0x5920 [ 115.633073][ T5834] ? validate_chain+0x11e/0x5920 [ 115.638006][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 115.643207][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 115.648402][ T5834] ? __pfx_bpf_check+0x10/0x10 [ 115.653176][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 115.658375][ T5834] ? mark_lock+0x9a/0x360 [ 115.662701][ T5834] ? mark_lock+0x9a/0x360 [ 115.667046][ T5834] ? __lock_acquire+0x1397/0x2100 [ 115.672065][ T5834] ? mark_lock+0x9a/0x360 [ 115.676390][ T5834] ? __lock_acquire+0x1397/0x2100 [ 115.681424][ T5834] ? __pfx_lock_acquire+0x10/0x10 [ 115.686444][ T5834] ? ktime_get_with_offset+0x8c/0x290 [ 115.691820][ T5834] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 115.697799][ T5834] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 115.704128][ T5834] ? ktime_get_with_offset+0x8c/0x290 [ 115.709519][ T5834] ? seqcount_lockdep_reader_access+0x157/0x220 [ 115.715767][ T5834] ? lockdep_hardirqs_on+0x99/0x150 [ 115.720968][ T5834] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 115.727220][ T5834] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 115.733811][ T5834] ? _raw_spin_unlock+0x28/0x50 [ 115.738668][ T5834] ? __asan_memset+0x23/0x50 [ 115.743264][ T5834] ? bpf_obj_name_cpy+0x18a/0x1d0 [ 115.748289][ T5834] bpf_prog_load+0x1667/0x20f0 [ 115.753173][ T5834] ? __pfx_bpf_prog_load+0x10/0x10 [ 115.758278][ T5834] ? __pfx___might_resched+0x10/0x10 [ 115.763584][ T5834] ? __might_fault+0xc6/0x120 [ 115.768265][ T5834] __sys_bpf+0x4ee/0x810 [ 115.772513][ T5834] ? __pfx___sys_bpf+0x10/0x10 [ 115.777283][ T5834] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 115.783618][ T5834] ? do_syscall_64+0x100/0x230 [ 115.788379][ T5834] __x64_sys_bpf+0x7c/0x90 [ 115.792795][ T5834] do_syscall_64+0xf3/0x230 [ 115.797292][ T5834] ? clear_bhb_loop+0x35/0x90 [ 115.801982][ T5834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.807880][ T5834] RIP: 0033:0x7fae10fcf269 [ 115.812288][ T5834] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 115.831889][ T5834] RSP: 002b:00007ffdf2bc3148 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 115.840297][ T5834] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fae10fcf269 [ 115.848374][ T5834] RDX: 0000000000000090 RSI: 0000000020000840 RDI: 0000000000000005 [ 115.856348][ T5834] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000000000a0 [ 115.864311][ T5834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.872364][ T5834] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 115.880377][ T5834] [ 115.883761][ T5834] Kernel Offset: disabled [ 115.888106][ T5834] Rebooting in 86400 seconds..