./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor24825934 <...> [ 3.946988][ T24] audit: type=1400 audit(1731365219.750:9): avc: denied { append open } for pid=76 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.950694][ T24] audit: type=1400 audit(1731365219.750:10): avc: denied { getattr } for pid=76 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 4.217637][ T93] udevd[93]: starting version 3.2.11 [ 4.284073][ T94] udevd[94]: starting eudev-3.2.11 [ 14.213252][ T24] kauditd_printk_skb: 50 callbacks suppressed [ 14.213262][ T24] audit: type=1400 audit(1731365230.030:61): avc: denied { transition } for pid=220 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.217960][ T24] audit: type=1400 audit(1731365230.030:62): avc: denied { noatsecure } for pid=220 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.221028][ T24] audit: type=1400 audit(1731365230.030:63): avc: denied { write } for pid=220 comm="sh" path="pipe:[13613]" dev="pipefs" ino=13613 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 14.225447][ T24] audit: type=1400 audit(1731365230.030:64): avc: denied { rlimitinh } for pid=220 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.229293][ T24] audit: type=1400 audit(1731365230.030:65): avc: denied { siginh } for pid=220 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.47' (ED25519) to the list of known hosts. execve("./syz-executor24825934", ["./syz-executor24825934"], 0x7fff981e2180 /* 10 vars */) = 0 brk(NULL) = 0x555590e7d000 brk(0x555590e7dd40) = 0x555590e7dd40 arch_prctl(ARCH_SET_FS, 0x555590e7d3c0) = 0 set_tid_address(0x555590e7d690) = 517 set_robust_list(0x555590e7d6a0, 24) = 0 rseq(0x555590e7dce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor24825934", 4096) = 26 getrandom("\x84\x3a\xb2\x6d\xa1\xd2\x2e\x66", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555590e7dd40 brk(0x555590e9ed40) = 0x555590e9ed40 brk(0x555590e9f000) = 0x555590e9f000 mprotect(0x7f9bb9d63000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555590e7d690) = 518 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "518", 3) = 3 close(3) = 0 kill(518, SIGKILL) = 0 ./strace-static-x86_64: Process 518 attached [pid 518] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=518, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555590e7d690) = 519 ./strace-static-x86_64: Process 519 attached [pid 519] set_robust_list(0x555590e7d6a0, 24) = 0 [pid 519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 519] setpgid(0, 0) = 0 [pid 519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 519] write(3, "1000", 4) = 4 [pid 519] close(3) = 0 [pid 519] write(1, "executing program\n", 18executing program ) = 18 [pid 519] futex(0x7f9bb9d6932c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 519] rt_sigaction(SIGRT_1, {sa_handler=0x7f9bb9d02b90, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9bb9cf4210}, NULL, 8) = 0 [pid 519] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9bb9c7d000 [pid 519] mprotect(0x7f9bb9c7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 519] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9bb9c9d990, parent_tid=0x7f9bb9c9d990, exit_signal=0, stack=0x7f9bb9c7d000, stack_size=0x20300, tls=0x7f9bb9c9d6c0}./strace-static-x86_64: Process 520 attached => {parent_tid=[520]}, 88) = 520 [pid 520] set_robust_list(0x7f9bb9c9d9a0, 24) = 0 [pid 520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 520] futex(0x7f9bb9d69328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 519] futex(0x7f9bb9d69328, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 519] <... futex resumed>) = 1 [pid 520] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 519] futex(0x7f9bb9d6932c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] <... socketpair resumed>[3, 4]) = 0 [pid 520] futex(0x7f9bb9d6932c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] futex(0x7f9bb9d69328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 519] <... futex resumed>) = 0 [pid 519] futex(0x7f9bb9d69328, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] sendmsg(3, {msg_name={sa_family=AF_TIPC, sa_data="\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, msg_namelen=16, msg_iov=[{iov_base="\xc3\xe9\x72\xbd\x85\xa6\xd8\x41\x36\xd6\xdd\x55\x04\x8d\x35\x93\xa7\x4f\x33\x8c\xe6\x77\x2a\xb9\xa6\xf6\x40\x41\xc2\xf6\xfb\xbe\xcd\xc0\x8e\xbc\xd3\x19\x2b\x6a\x53\x66\x2d\xae\x7c\x8e\x9c\x66\x5e\x80\xa5\xd0\x92\x5f\x72\x8d\xca\xc3\x0c\x29\x79\x39\x92\xe5\x88\x95\x26\x53\xd4\x14\xcb\x8c\xcd\xab\xc3\x87\x67\xfe\xe8\x19\xec\x5a\xf0\xc5\xee\x93\x68\x80\xfe\x85\x49\xb4\xed\x34\x77\x79\xca\xb4\xff\xd4", iov_len=100}, {iov_base="V", iov_len=1}, {iov_base="\x3e\xed\x50\xd0\x12\x57\x19\xa8\x10\xf8\x8e\x3f\x47\x18\x6f\xe4\xda\xe7\x41\x82\xdf\xd1\x09\xa2\x58\x7c\x47\x97\x41\x0c\x9b\x8e\x39\xbd\x3d\x9a\xa1\x44\xd5\x90\x86\x47\xc3\x0c\x8d\xb6\x9b\x5c\x17\x08\x4c\x9b\x1b\xfb\xb8\x68\x07\x37\xc4\xf8\x8a\xbc\xdb\xc7\xd2\x94\xd7\x2a\xb1\xb3\x44\x27\x09\x15\xdf\x9d\xdf\x56\x35\x64\x4c\x35\x1c\x22\xb2\x9d\x94\x8a\xc4\x10\x6b\xce\x71\x07\x57\x0b\xee\xd6\x30\x77"..., iov_len=4096}, {iov_base="\xb7\x68\xeb\x20\x30\x4f\x2f\xdc\x5a\x96\x94\xa4\x86\x78\x40\xd9\x31\x70\xca\x1a\x86\x40\x6f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04\x00\x20\x00\x00\x00\x00\x64\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\x20"..., iov_len=4294966976}], msg_iovlen=4, msg_controllen=0, msg_flags=MSG_PROBE|MSG_MORE}, 0 [ 251.912073][ T24] audit: type=1400 audit(1731365467.730:66): avc: denied { execmem } for pid=517 comm="syz-executor248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 251.940547][ T24] audit: type=1400 audit(1731365467.750:67): avc: denied { create } for pid=519 comm="syz-executor248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [pid 519] futex(0x7f9bb9d6932c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 519] futex(0x7f9bb9d6933c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9bb9c5c000 [pid 519] mprotect(0x7f9bb9c5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 519] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9bb9c7c990, parent_tid=0x7f9bb9c7c990, exit_signal=0, stack=0x7f9bb9c5c000, stack_size=0x20300, tls=0x7f9bb9c7c6c0} => {parent_tid=[521]}, 88) = 521 ./strace-static-x86_64: Process 521 attached [pid 519] rt_sigprocmask(SIG_SETMASK, [], [pid 521] set_robust_list(0x7f9bb9c7c9a0, 24 [pid 519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 519] futex(0x7f9bb9d69338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 519] futex(0x7f9bb9d6933c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... set_robust_list resumed>) = 0 [pid 521] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 521] sendmmsg(4, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 3, 0) = 3 [pid 521] futex(0x7f9bb9d6933c, FUTEX_WAKE_PRIVATE, 1000000 [pid 519] <... futex resumed>) = 0 [pid 519] futex(0x7f9bb9d69338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 519] futex(0x7f9bb9d6933c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... futex resumed>) = 1 [pid 521] dup2(4, 3) = 3 [pid 521] futex(0x7f9bb9d6933c, FUTEX_WAKE_PRIVATE, 1000000 [pid 519] <... futex resumed>) = 0 [pid 519] futex(0x7f9bb9d69338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 519] futex(0x7f9bb9d6933c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... futex resumed>) = 1 [pid 521] setsockopt(3, SOL_SOCKET, SO_RCVBUFFORCE, [-1], 4) = 0 [pid 521] futex(0x7f9bb9d6933c, FUTEX_WAKE_PRIVATE, 1000000 [pid 519] <... futex resumed>) = 0 [pid 519] futex(0x7f9bb9d69338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 251.960438][ T24] audit: type=1400 audit(1731365467.770:68): avc: denied { write } for pid=519 comm="syz-executor248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [pid 519] futex(0x7f9bb9d6933c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... futex resumed>) = 1 [pid 521] sendmmsg(3, [pid 520] <... sendmsg resumed>) = 132000 [pid 520] futex(0x7f9bb9d6932c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7f9bb9d69328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 521] <... sendmmsg resumed>[{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base="\xb6\xc7\x05\x2c\x34\xb0\x70\x7c\x30\xfc\xba\xc8\x98\x75\xa1\x28\x61\xbc\x68\xee\x8d\x7c\x84\x5f\x2f\x7e\xfe\xde\xca\x05\xb3\x95\xbb\x39\x5b\x08\xf7\xa5\x9b\xab\xc4\x60\xf0\x16\xc1\x0a\x6d\x1a\xa6\x15\xcc\x83\xf5\xd3\x72\x81\xb9\x54\x24\x51\xaf\x4b\xf0\x67\x6c\x13\x01\x6a\x1f\x72\x3a\x4f\xa9\x7d\x08\xcb\x9f\xdb\xfc\xcc\xae\x4b\x2d\x05\xfe\x6c\xdb\x40\xef\xc7\x3e\x09\x2a\x26\xe4\x3b\x75\xf7\x0e\xbf"..., iov_len=4096}, {iov_base=NULL, iov_len=0}], msg_iovlen=4, msg_controllen=0, msg_flags=0}, msg_len=4096}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 6, MSG_PROBE|MSG_BATCH) = 6 [pid 521] futex(0x7f9bb9d6933c, FUTEX_WAKE_PRIVATE, 1000000 [pid 519] <... futex resumed>) = 0 [pid 519] exit_group(0 [pid 520] <... futex resumed>) = ? [pid 519] <... exit_group resumed>) = ? [pid 520] +++ exited with 0 +++ [pid 521] <... futex resumed>) = ? [pid 521] +++ exited with 0 +++ [pid 519] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=519, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555590e7d690) = 522 ./strace-static-x86_64: Process 522 attached [pid 522] set_robust_list(0x555590e7d6a0, 24) = 0 [pid 522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 522] setpgid(0, 0) = 0 [pid 522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 522] write(3, "1000", 4) = 4 [pid 522] close(3) = 0 [pid 522] write(1, "executing program\n", 18) = 18 [pid 522] futex(0x7f9bb9d6932c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 522] rt_sigaction(SIGRT_1, {sa_handler=0x7f9bb9d02b90, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9bb9cf4210}, NULL, 8) = 0 [pid 522] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9bb9c7d000 [pid 522] mprotect(0x7f9bb9c7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9bb9c9d990, parent_tid=0x7f9bb9c9d990, exit_signal=0, stack=0x7f9bb9c7d000, stack_size=0x20300, tls=0x7f9bb9c9d6c0} => {parent_tid=[523]}, 88) = 523 [pid 522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 522] futex(0x7f9bb9d69328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 522] futex(0x7f9bb9d6932c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 523 attached [pid 523] set_robust_list(0x7f9bb9c9d9a0, 24) = 0 [pid 523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 523] socketpair(AF_TIPC, SOCK_STREAM, 0, [3, 4]) = 0 [pid 523] futex(0x7f9bb9d6932c, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... futex resumed>) = 0 [pid 522] futex(0x7f9bb9d69328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 522] futex(0x7f9bb9d6932c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 523] <... futex resumed>) = 1 [ 252.016778][ T24] audit: type=1400 audit(1731365467.830:69): avc: denied { setopt } for pid=519 comm="syz-executor248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [pid 523] sendmsg(3, {msg_name={sa_family=AF_TIPC, sa_data="\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, msg_namelen=16, msg_iov=[{iov_base="\xc3\xe9\x72\xbd\x85\xa6\xd8\x41\x36\xd6\xdd\x55\x04\x8d\x35\x93\xa7\x4f\x33\x8c\xe6\x77\x2a\xb9\xa6\xf6\x40\x41\xc2\xf6\xfb\xbe\xcd\xc0\x8e\xbc\xd3\x19\x2b\x6a\x53\x66\x2d\xae\x7c\x8e\x9c\x66\x5e\x80\xa5\xd0\x92\x5f\x72\x8d\xca\xc3\x0c\x29\x79\x39\x92\xe5\x88\x95\x26\x53\xd4\x14\xcb\x8c\xcd\xab\xc3\x87\x67\xfe\xe8\x19\xec\x5a\xf0\xc5\xee\x93\x68\x80\xfe\x85\x49\xb4\xed\x34\x77\x79\xca\xb4\xff\xd4", iov_len=100}, {iov_base="V", iov_len=1}, {iov_base="\x3e\xed\x50\xd0\x12\x57\x19\xa8\x10\xf8\x8e\x3f\x47\x18\x6f\xe4\xda\xe7\x41\x82\xdf\xd1\x09\xa2\x58\x7c\x47\x97\x41\x0c\x9b\x8e\x39\xbd\x3d\x9a\xa1\x44\xd5\x90\x86\x47\xc3\x0c\x8d\xb6\x9b\x5c\x17\x08\x4c\x9b\x1b\xfb\xb8\x68\x07\x37\xc4\xf8\x8a\xbc\xdb\xc7\xd2\x94\xd7\x2a\xb1\xb3\x44\x27\x09\x15\xdf\x9d\xdf\x56\x35\x64\x4c\x35\x1c\x22\xb2\x9d\x94\x8a\xc4\x10\x6b\xce\x71\x07\x57\x0b\xee\xd6\x30\x77"..., iov_len=4096}, {iov_base="\xb7\x68\xeb\x20\x30\x4f\x2f\xdc\x5a\x96\x94\xa4\x86\x78\x40\xd9\x31\x70\xca\x1a\x86\x40\x6f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04\x00\x20\x00\x00\x00\x00\x64\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\x20"..., iov_len=4294966976}], msg_iovlen=4, msg_controllen=0, msg_flags=MSG_PROBE|MSG_MORE}, 0 [pid 522] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 522] futex(0x7f9bb9d6932c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 522] futex(0x7f9bb9d6932c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 522] futex(0x7f9bb9d6933c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9bb9c5c000 [pid 522] mprotect(0x7f9bb9c5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9bb9c7c990, parent_tid=0x7f9bb9c7c990, exit_signal=0, stack=0x7f9bb9c5c000, stack_size=0x20300, tls=0x7f9bb9c7c6c0}./strace-static-x86_64: Process 524 attached => {parent_tid=[524]}, 88) = 524 [pid 522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 522] futex(0x7f9bb9d69338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 522] futex(0x7f9bb9d6933c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] set_robust_list(0x7f9bb9c7c9a0, 24) = 0 [pid 524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 524] sendmmsg(4, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 3, 0) = 3 [pid 524] futex(0x7f9bb9d6933c, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... futex resumed>) = 0 [pid 522] futex(0x7f9bb9d69338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 522] futex(0x7f9bb9d6933c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] <... futex resumed>) = 1 [pid 524] dup2(4, 3) = 3 [pid 524] futex(0x7f9bb9d6933c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 522] <... futex resumed>) = 0 [pid 522] futex(0x7f9bb9d69338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 522] futex(0x7f9bb9d6933c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] setsockopt(3, SOL_SOCKET, SO_RCVBUFFORCE, [-1], 4) = 0 [pid 524] futex(0x7f9bb9d6933c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 522] <... futex resumed>) = 0 [pid 522] futex(0x7f9bb9d69338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 522] futex(0x7f9bb9d6933c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] sendmmsg(3, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base="\xb6\xc7\x05\x2c\x34\xb0\x70\x7c\x30\xfc\xba\xc8\x98\x75\xa1\x28\x61\xbc\x68\xee\x8d\x7c\x84\x5f\x2f\x7e\xfe\xde\xca\x05\xb3\x95\xbb\x39\x5b\x08\xf7\xa5\x9b\xab\xc4\x60\xf0\x16\xc1\x0a\x6d\x1a\xa6\x15\xcc\x83\xf5\xd3\x72\x81\xb9\x54\x24\x51\xaf\x4b\xf0\x67\x6c\x13\x01\x6a\x1f\x72\x3a\x4f\xa9\x7d\x08\xcb\x9f\xdb\xfc\xcc\xae\x4b\x2d\x05\xfe\x6c\xdb\x40\xef\xc7\x3e\x09\x2a\x26\xe4\x3b\x75\xf7\x0e\xbf"..., iov_len=4096}, {iov_base=NULL, iov_len=0}], msg_iovlen=4, msg_controllen=0, msg_flags=0}, msg_len=4096}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=1}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 6, MSG_PROBE|MSG_BATCH) = 6 [pid 524] futex(0x7f9bb9d6933c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] futex(0x7f9bb9d69338, FUTEX_WAIT_PRIVATE, 0, NULL [pid 522] <... futex resumed>) = 0 [pid 522] exit_group(0 [pid 524] <... futex resumed>) = ? [pid 522] <... exit_group resumed>) = ? [pid 524] +++ exited with 0 +++ [pid 517] kill(-522, SIGKILL) = 0 [pid 517] kill(522, SIGKILL) = 0 [pid 517] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 517] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 517] getdents64(3, 0x555590e7e730 /* 2 entries */, 32768) = 48 [pid 517] getdents64(3, 0x555590e7e730 /* 0 entries */, 32768) = 0 [pid 517] close(3) = 0 [ 352.181493][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 352.187937][ C0] rcu: 0-....: (1 GPs behind) idle=ad2/1/0x4000000000000000 softirq=2578/2578 fqs=4999 last_accelerate: ecf6/1410 dyntick_enabled: 1 [ 352.201547][ C0] (t=10002 jiffies g=2333 q=2154) [ 352.206602][ C0] NMI backtrace for cpu 0 [ 352.210771][ C0] CPU: 0 PID: 523 Comm: syz-executor248 Not tainted 5.10.226-syzkaller-00001-g6a01908517df #0 [ 352.220819][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 352.230722][ C0] Call Trace: [ 352.233846][ C0] [ 352.236558][ C0] dump_stack_lvl+0x1e2/0x24b [ 352.241130][ C0] ? panic+0x812/0x812 [ 352.245392][ C0] ? bfq_pos_tree_add_move+0x43b/0x43b [ 352.250896][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 352.256177][ C0] ? vprintk_func+0x19d/0x1e0 [ 352.260696][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 352.265387][ C0] ? printk+0xd1/0x111 [ 352.269282][ C0] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 352.275181][ C0] dump_stack+0x15/0x17 [ 352.279171][ C0] nmi_trigger_cpumask_backtrace+0x2b5/0x300 [ 352.284986][ C0] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 352.290890][ C0] arch_trigger_cpumask_backtrace+0x10/0x20 [ 352.296616][ C0] rcu_dump_cpu_stacks+0x199/0x2b0 [ 352.301564][ C0] rcu_sched_clock_irq+0xf8a/0x1890 [ 352.306684][ C0] ? rcutree_dead_cpu+0x340/0x340 [ 352.311565][ C0] ? hrtimer_run_queues+0x15f/0x440 [ 352.316721][ C0] update_process_times+0x198/0x200 [ 352.321746][ C0] tick_sched_timer+0x188/0x240 [ 352.326423][ C0] ? tick_setup_sched_timer+0x480/0x480 [ 352.331831][ C0] __hrtimer_run_queues+0x3d7/0xa50 [ 352.336857][ C0] ? hrtimer_interrupt+0x8b0/0x8b0 [ 352.341789][ C0] ? clockevents_program_event+0x214/0x2c0 [ 352.347425][ C0] ? ktime_get_update_offsets_now+0x266/0x280 [ 352.353363][ C0] hrtimer_interrupt+0x39a/0x8b0 [ 352.358109][ C0] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 352.363846][ C0] asm_call_irq_on_stack+0xf/0x20 [ 352.368699][ C0] [ 352.371474][ C0] sysvec_apic_timer_interrupt+0x85/0xe0 [ 352.376937][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 352.382759][ C0] RIP: 0010:_raw_spin_lock_bh+0x35/0x1b0 [ 352.388223][ C0] Code: 54 53 48 83 e4 e0 48 83 ec 60 49 89 fd 65 48 8b 04 25 28 00 00 00 48 89 44 24 40 49 bc 00 00 00 00 00 fc ff df 4c 8d 7c 24 20 <48> c7 04 24 b3 8a b5 41 48 c7 44 24 08 c9 de cf 85 48 c7 44 24 10 [ 352.407816][ C0] RSP: 0018:ffffc90000b568c0 EFLAGS: 00000286 [ 352.413651][ C0] RAX: 9c4ef2df0c308e00 RBX: 0000000000000005 RCX: ffff88810c1b0000 [ 352.421701][ C0] RDX: 0000000000000000 RSI: 0000000000000005 RDI: ffffc90000b56db4 [ 352.429503][ C0] RBP: ffffc90000b56950 R08: ffffffff849995ac R09: ffffed102180f5b1 [ 352.437306][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 352.445103][ C0] R13: ffffc90000b56db4 R14: 000000005e85e613 R15: ffffc90000b568e0 [ 352.453468][ C0] ? tipc_sk_rcv+0x17cc/0x1e30 [ 352.458053][ C0] ? _raw_spin_trylock+0x1a0/0x1a0 [ 352.463000][ C0] ? tipc_sk_rcv+0x17af/0x1e30 [ 352.467592][ C0] tipc_sk_rcv+0x2d6/0x1e30 [ 352.471950][ C0] ? __stack_depot_save+0x468/0x4d0 [ 352.477004][ C0] ? kasan_set_track+0x5d/0x70 [ 352.481619][ C0] ? kasan_set_track+0x4b/0x70 [ 352.486168][ C0] ? kasan_set_free_info+0x23/0x40 [ 352.491291][ C0] ? __kasan_slab_free+0x11/0x20 [ 352.496074][ C0] ? slab_free_freelist_hook+0xc0/0x190 [ 352.501631][ C0] ? kmem_cache_free+0xa9/0x1e0 [ 352.506743][ C0] ? kfree_skbmem+0x104/0x170 [ 352.511262][ C0] ? tipc_sk_rcv+0x1b52/0x1e30 [ 352.515853][ C0] ? tipc_node_xmit+0x34b/0xe30 [ 352.520537][ C0] ? tipc_sk_filter_rcv+0x1da8/0x3e00 [ 352.525744][ C0] ? tipc_sk_rcv+0x8a1/0x1e30 [ 352.530254][ C0] ? tipc_node_distr_xmit+0x36a/0x4d0 [ 352.535462][ C0] ? tipc_sk_backlog_rcv+0x18b/0x210 [ 352.540585][ C0] ? __fput+0x33d/0x7b0 [ 352.544577][ C0] ? ____fput+0x15/0x20 [ 352.548570][ C0] ? __skb_queue_purge+0x180/0x180 [ 352.553571][ C0] ? debug_smp_processor_id+0x17/0x20 [ 352.558723][ C0] tipc_node_xmit+0x34b/0xe30 [ 352.563240][ C0] ? __kasan_slab_free+0x11/0x20 [ 352.568010][ C0] ? tipc_node_get_linkname+0x190/0x190 [ 352.573394][ C0] ? kmem_cache_free+0xa9/0x1e0 [ 352.578076][ C0] ? kfree_skbmem+0x104/0x170 [ 352.582591][ C0] tipc_node_xmit_skb+0x153/0x1b0 [ 352.587453][ C0] ? __skb_queue_purge+0x180/0x180 [ 352.592401][ C0] ? trace_tipc_sk_rej_msg+0x2b/0x6f0 [ 352.597606][ C0] tipc_sk_rcv+0x1c0b/0x1e30 [ 352.602143][ C0] ? _raw_spin_lock+0xa4/0x1b0 [ 352.606912][ C0] ? __skb_queue_purge+0x180/0x180 [ 352.611859][ C0] tipc_node_xmit+0x34b/0xe30 [ 352.616392][ C0] ? stack_trace_save+0x1c0/0x1c0 [ 352.621250][ C0] ? __kernel_text_address+0x9b/0x110 [ 352.626447][ C0] ? tipc_node_get_linkname+0x190/0x190 [ 352.631828][ C0] ? __kasan_check_write+0x14/0x20 [ 352.636928][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 352.642205][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 352.646897][ C0] tipc_sk_filter_rcv+0x1da8/0x3e00 [ 352.651921][ C0] ? tipc_sk_dump+0xf50/0xf50 [ 352.656450][ C0] ? __kasan_check_write+0x14/0x20 [ 352.661378][ C0] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 352.666236][ C0] ? kmem_cache_free+0xa9/0x1e0 [ 352.670922][ C0] tipc_sk_rcv+0x8a1/0x1e30 [ 352.675288][ C0] ? __skb_queue_purge+0x180/0x180 [ 352.680218][ C0] ? tipc_sk_filter_rcv+0x3583/0x3e00 [ 352.685423][ C0] tipc_node_xmit+0x34b/0xe30 [ 352.689937][ C0] ? tipc_node_get_linkname+0x190/0x190 [ 352.695314][ C0] tipc_node_distr_xmit+0x36a/0x4d0 [ 352.700349][ C0] ? tipc_node_xmit_skb+0x1b0/0x1b0 [ 352.705393][ C0] ? __kasan_check_write+0x14/0x20 [ 352.710355][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 352.715656][ C0] ? __tipc_shutdown+0xe7c/0x1510 [ 352.720495][ C0] tipc_sk_backlog_rcv+0x18b/0x210 [ 352.725445][ C0] ? tipc_sk_timeout+0xab0/0xab0 [ 352.730208][ C0] __release_sock+0x148/0x410 [ 352.734751][ C0] release_sock+0x65/0x1b0 [ 352.738992][ C0] tipc_release+0xb6b/0x1440 [ 352.743400][ C0] sock_close+0xdf/0x270 [ 352.747499][ C0] ? sock_mmap+0xa0/0xa0 [ 352.751559][ C0] __fput+0x33d/0x7b0 [ 352.755378][ C0] ____fput+0x15/0x20 [ 352.759194][ C0] task_work_run+0x129/0x190 [ 352.763712][ C0] ptrace_notify+0x29e/0x350 [ 352.768626][ C0] ? do_notify_parent+0xa10/0xa10 [ 352.773455][ C0] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 352.779487][ C0] ? irqentry_exit_to_user_mode+0x41/0x80 [ 352.785005][ C0] syscall_exit_to_user_mode+0xf5/0x1a0 [ 352.790394][ C0] do_syscall_64+0x40/0x70 [ 352.794648][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 352.800356][ C0] RIP: 0033:0x7f9bb9cdcc59 [ 352.804618][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 352.824056][ C0] RSP: 002b:00007f9bb9c9d218 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 352.832306][ C0] RAX: 00000000000203a0 RBX: 00007f9bb9d69328 RCX: 00007f9bb9cdcc59 [ 352.840211][ C0] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003 [ 352.848329][ C0] RBP: 00007f9bb9d69320 R08: 0000000000000000 R09: 0000000000000000 [ 352.856259][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9bb9d3627c [ 352.864071][ C0] R13: 00007f9bb9d34270 R14: 00007f9bb9d35278 R15: 618a5986bea2420f [ 358.881504][ T24] audit: type=1400 audit(1731365574.690:70): avc: denied { remove_name } for pid=76 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 358.904322][ T24] audit: type=1400 audit(1731365574.690:71): avc: denied { rename } for pid=76 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 484.982619][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 123s! [syz-executor248:523] [ 484.991042][ C0] Modules linked in: [ 484.994856][ C0] CPU: 0 PID: 523 Comm: syz-executor248 Not tainted 5.10.226-syzkaller-00001-g6a01908517df #0 [ 485.004935][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 485.014830][ C0] RIP: 0010:bcmp+0x44/0xb0 [ 485.019089][ C0] Code: 89 f7 49 89 fc 48 ba 00 00 00 00 00 fc ff df 45 31 ed 4b 8d 3c 2c 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 75 2b 43 0f b6 1c 2c <4b> 8d 3c 2f 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 75 29 43 0f b6 [ 485.038967][ C0] RSP: 0018:ffffc90000b56828 EFLAGS: 00000246 [ 485.044853][ C0] RAX: 0000000000000000 RBX: 0000000000000013 RCX: ffff88810c1b0000 [ 485.052779][ C0] RDX: dffffc0000000000 RSI: ffffc90000b568e0 RDI: ffff88810c07b05c [ 485.060576][ C0] RBP: ffffc90000b56850 R08: ffffffff84999ea5 R09: 0000000000000003 [ 485.068391][ C0] R10: fffff5200016ad1c R11: dffffc0000000001 R12: ffff88810c07b05c [ 485.076822][ C0] R13: 0000000000000000 R14: 0000000000000004 R15: ffffc90000b568e0 [ 485.084634][ C0] FS: 00007f9bb9c9d6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 485.093398][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 485.099826][ C0] CR2: 000000002001f000 CR3: 000000010a72a000 CR4: 00000000003506b0 [ 485.107723][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 485.115527][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 485.123337][ C0] Call Trace: [ 485.126503][ C0] [ 485.129186][ C0] ? show_regs+0x58/0x60 [ 485.133244][ C0] ? watchdog_timer_fn+0x471/0x590 [ 485.138189][ C0] ? proc_watchdog_cpumask+0xd0/0xd0 [ 485.143305][ C0] ? __hrtimer_run_queues+0x3d7/0xa50 [ 485.148517][ C0] ? hrtimer_interrupt+0x8b0/0x8b0 [ 485.153547][ C0] ? clockevents_program_event+0x214/0x2c0 [ 485.159209][ C0] ? ktime_get_update_offsets_now+0x266/0x280 [ 485.165380][ C0] ? hrtimer_interrupt+0x39a/0x8b0 [ 485.170302][ C0] ? __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 485.176222][ C0] ? asm_call_irq_on_stack+0xf/0x20 [ 485.181246][ C0] [ 485.184020][ C0] ? sysvec_apic_timer_interrupt+0x85/0xe0 [ 485.189669][ C0] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 485.195643][ C0] ? tipc_sk_lookup+0x295/0x650 [ 485.200341][ C0] ? bcmp+0x44/0xb0 [ 485.203975][ C0] tipc_sk_lookup+0x313/0x650 [ 485.208502][ C0] ? tipc_sk_rcv+0x1e30/0x1e30 [ 485.213096][ C0] tipc_sk_rcv+0x499/0x1e30 [ 485.217428][ C0] ? __stack_depot_save+0x468/0x4d0 [ 485.222462][ C0] ? kasan_set_track+0x5d/0x70 [ 485.227081][ C0] ? kasan_set_track+0x4b/0x70 [ 485.231672][ C0] ? kasan_set_free_info+0x23/0x40 [ 485.236610][ C0] ? __kasan_slab_free+0x11/0x20 [ 485.241379][ C0] ? slab_free_freelist_hook+0xc0/0x190 [ 485.246761][ C0] ? kmem_cache_free+0xa9/0x1e0 [ 485.251451][ C0] ? kfree_skbmem+0x104/0x170 [ 485.255963][ C0] ? tipc_sk_rcv+0x1b52/0x1e30 [ 485.260560][ C0] ? tipc_node_xmit+0x34b/0xe30 [ 485.265249][ C0] ? tipc_sk_filter_rcv+0x1da8/0x3e00 [ 485.270457][ C0] ? tipc_sk_rcv+0x8a1/0x1e30 [ 485.275056][ C0] ? tipc_node_distr_xmit+0x36a/0x4d0 [ 485.280261][ C0] ? tipc_sk_backlog_rcv+0x18b/0x210 [ 485.285907][ C0] ? __fput+0x33d/0x7b0 [ 485.289897][ C0] ? ____fput+0x15/0x20 [ 485.293890][ C0] ? __skb_queue_purge+0x180/0x180 [ 485.298847][ C0] ? debug_smp_processor_id+0x17/0x20 [ 485.304052][ C0] tipc_node_xmit+0x34b/0xe30 [ 485.308561][ C0] ? __kasan_slab_free+0x11/0x20 [ 485.313333][ C0] ? tipc_node_get_linkname+0x190/0x190 [ 485.318714][ C0] ? kmem_cache_free+0xa9/0x1e0 [ 485.323485][ C0] ? kfree_skbmem+0x104/0x170 [ 485.328001][ C0] tipc_node_xmit_skb+0x153/0x1b0 [ 485.332873][ C0] ? __skb_queue_purge+0x180/0x180 [ 485.338104][ C0] ? trace_tipc_sk_rej_msg+0x2b/0x6f0 [ 485.343275][ C0] tipc_sk_rcv+0x1c0b/0x1e30 [ 485.347703][ C0] ? _raw_spin_lock+0xa4/0x1b0 [ 485.352304][ C0] ? __skb_queue_purge+0x180/0x180 [ 485.357259][ C0] tipc_node_xmit+0x34b/0xe30 [ 485.361763][ C0] ? stack_trace_save+0x1c0/0x1c0 [ 485.366622][ C0] ? __kernel_text_address+0x9b/0x110 [ 485.371874][ C0] ? tipc_node_get_linkname+0x190/0x190 [ 485.377251][ C0] ? __kasan_check_write+0x14/0x20 [ 485.382182][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 485.387548][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 485.392232][ C0] tipc_sk_filter_rcv+0x1da8/0x3e00 [ 485.397271][ C0] ? tipc_sk_dump+0xf50/0xf50 [ 485.401778][ C0] ? __kasan_check_write+0x14/0x20 [ 485.406721][ C0] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 485.411582][ C0] ? kmem_cache_free+0xa9/0x1e0 [ 485.416269][ C0] tipc_sk_rcv+0x8a1/0x1e30 [ 485.420613][ C0] ? __skb_queue_purge+0x180/0x180 [ 485.425556][ C0] ? tipc_sk_filter_rcv+0x3583/0x3e00 [ 485.430763][ C0] tipc_node_xmit+0x34b/0xe30 [ 485.435280][ C0] ? tipc_node_get_linkname+0x190/0x190 [ 485.440671][ C0] tipc_node_distr_xmit+0x36a/0x4d0 [ 485.445711][ C0] ? tipc_node_xmit_skb+0x1b0/0x1b0 [ 485.450741][ C0] ? __kasan_check_write+0x14/0x20 [ 485.455671][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 485.461009][ C0] ? __tipc_shutdown+0xe7c/0x1510 [ 485.465923][ C0] tipc_sk_backlog_rcv+0x18b/0x210 [ 485.470863][ C0] ? tipc_sk_timeout+0xab0/0xab0 [ 485.475633][ C0] __release_sock+0x148/0x410 [ 485.480148][ C0] release_sock+0x65/0x1b0 [ 485.484399][ C0] tipc_release+0xb6b/0x1440 [ 485.488827][ C0] sock_close+0xdf/0x270 [ 485.492920][ C0] ? sock_mmap+0xa0/0xa0 [ 485.496985][ C0] __fput+0x33d/0x7b0 [ 485.500805][ C0] ____fput+0x15/0x20 [ 485.504622][ C0] task_work_run+0x129/0x190 [ 485.509342][ C0] ptrace_notify+0x29e/0x350 [ 485.513769][ C0] ? do_notify_parent+0xa10/0xa10 [ 485.518627][ C0] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 485.524528][ C0] ? irqentry_exit_to_user_mode+0x41/0x80 [ 485.530085][ C0] syscall_exit_to_user_mode+0xf5/0x1a0 [ 485.535467][ C0] do_syscall_64+0x40/0x70 [ 485.539738][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 485.545444][ C0] RIP: 0033:0x7f9bb9cdcc59 [ 485.549701][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 485.569137][ C0] RSP: 002b:00007f9bb9c9d218 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 485.577382][ C0] RAX: 00000000000203a0 RBX: 00007f9bb9d69328 RCX: 00007f9bb9cdcc59 [ 485.585191][ C0] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003 [ 485.593023][ C0] RBP: 00007f9bb9d69320 R08: 0000000000000000 R09: 0000000000000000 [ 485.600835][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9bb9d3627c [ 485.608628][ C0] R13: 00007f9bb9d34270 R14: 00007f9bb9d35278 R15: 618a5986bea2420f [ 485.616470][ C0] Sending NMI from CPU 0 to CPUs 1: [ 485.622018][ C1] NMI backtrace for cpu 1 [ 485.622025][ C1] CPU: 1 PID: 9 Comm: kworker/u4:1 Not tainted 5.10.226-syzkaller-00001-g6a01908517df #0 [ 485.622030][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 485.622035][ C1] Workqueue: events_unbound toggle_allocation_gate [ 485.622042][ C1] RIP: 0010:smp_call_function_single+0x27d/0x510 [ 485.622052][ C1] Code: 00 44 8b 6c 24 48 44 89 ee 83 e6 01 31 ff e8 fa ed 0a 00 41 83 e5 01 75 0a e8 3f ea 0a 00 e9 eb 00 00 00 f3 90 42 0f b6 04 23 <84> c0 75 15 f7 44 24 48 01 00 00 00 0f 84 cd 00 00 00 e8 1c ea 0a [ 485.622056][ C1] RSP: 0018:ffffc90000097720 EFLAGS: 00000293 [ 485.622063][ C1] RAX: 0000000000000000 RBX: 1ffff92000012eed RCX: ffff8881002513c0 [ 485.622068][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 485.622073][ C1] RBP: ffffc90000097810 R08: ffffffff815fc2a6 R09: ffffed103ee0aec9 [ 485.622077][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 485.622082][ C1] R13: 0000000000000001 R14: ffffc90000097768 R15: 0000000000000000 [ 485.622087][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 485.622091][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 485.622095][ C1] CR2: 0000555590e7d370 CR3: 000000000660f000 CR4: 00000000003506a0 [ 485.622100][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 485.622104][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 485.622106][ C1] Call Trace: [ 485.622109][ C1] [ 485.622112][ C1] ? show_regs+0x58/0x60 [ 485.622115][ C1] ? nmi_cpu_backtrace+0x133/0x160 [ 485.622118][ C1] ? smp_call_function_single+0x27d/0x510 [ 485.622122][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 485.622125][ C1] ? nmi_handle+0xa8/0x280 [ 485.622128][ C1] ? smp_call_function_single+0x27d/0x510 [ 485.622131][ C1] ? default_do_nmi+0x69/0x160 [ 485.622134][ C1] ? exc_nmi+0xad/0x100 [ 485.622137][ C1] ? end_repeat_nmi+0x16/0x31 [ 485.622140][ C1] ? smp_call_function_single+0x266/0x510 [ 485.622144][ C1] ? smp_call_function_single+0x27d/0x510 [ 485.622147][ C1] ? smp_call_function_single+0x27d/0x510 [ 485.622151][ C1] ? smp_call_function_single+0x27d/0x510 [ 485.622153][ C1] [ 485.622156][ C1] ? text_poke_sync+0x20/0x20 [ 485.622160][ C1] ? flush_smp_call_function_from_idle+0x1b0/0x1b0 [ 485.622163][ C1] ? cpumask_any_but+0x18/0xb0 [ 485.622166][ C1] ? text_poke_sync+0x20/0x20 [ 485.622169][ C1] ? cpumask_any_but+0xa3/0xb0 [ 485.622173][ C1] smp_call_function_many_cond+0x94e/0xa30 [ 485.622176][ C1] ? __kmalloc_track_caller+0xe8/0x320 [ 485.622179][ C1] ? text_poke_sync+0x20/0x20 [ 485.622182][ C1] ? smp_call_function_many+0x40/0x40 [ 485.622185][ C1] ? text_poke+0x20/0x20 [ 485.622188][ C1] ? text_poke_sync+0x20/0x20 [ 485.622191][ C1] on_each_cpu+0xa8/0x1a0 [ 485.622194][ C1] ? smp_call_function+0x90/0x90 [ 485.622197][ C1] ? text_poke_loc_init+0x2e1/0x580 [ 485.622200][ C1] ? text_poke_finish+0x30/0x30 [ 485.622204][ C1] text_poke_bp_batch+0x1d4/0x600 [ 485.622207][ C1] ? __kasan_check_write+0x14/0x20 [ 485.622210][ C1] ? text_poke_loc_init+0x580/0x580 [ 485.622213][ C1] ? __kasan_check_write+0x14/0x20 [ 485.622216][ C1] ? mutex_lock+0xa5/0x110 [ 485.622219][ C1] ? mutex_trylock+0xa0/0xa0 [ 485.622223][ C1] ? __kmalloc_track_caller+0xe8/0x320 [ 485.622226][ C1] ? __kasan_check_write+0x14/0x20 [ 485.622229][ C1] ? mutex_unlock+0x1c/0x40 [ 485.622232][ C1] text_poke_finish+0x1a/0x30 [ 485.622235][ C1] arch_jump_label_transform_apply+0x15/0x30 [ 485.622239][ C1] __jump_label_update+0x36a/0x380 [ 485.622242][ C1] jump_label_update+0x379/0x400 [ 485.622245][ C1] static_key_disable_cpuslocked+0xcd/0x1b0 [ 485.622248][ C1] static_key_disable+0x1a/0x30 [ 485.622252][ C1] toggle_allocation_gate+0x3b4/0x450 [ 485.622255][ C1] ? kfence_protect+0x270/0x270 [ 485.622258][ C1] ? finish_task_switch+0x130/0x5a0 [ 485.622261][ C1] ? io_schedule+0x120/0x120 [ 485.622264][ C1] ? __kasan_check_read+0x11/0x20 [ 485.622268][ C1] ? read_word_at_a_time+0x12/0x20 [ 485.622270][ C1] ? strscpy+0x9c/0x260 [ 485.622274][ C1] process_one_work+0x6dc/0xbd0 [ 485.622277][ C1] worker_thread+0xaea/0x1510 [ 485.622279][ C1] kthread+0x34b/0x3d0 [ 485.622282][ C1] ? worker_clr_flags+0x180/0x180 [ 485.622285][ C1] ? kthread_blkcg+0xd0/0xd0 [ 485.622288][ C1] ret_from_fork+0x1f/0x30