Warning: Permanently added '10.128.0.54' (ED25519) to the list of known hosts. 2024/04/24 10:54:58 fuzzer started 2024/04/24 10:54:58 dialing manager at 10.128.0.163:30004 [ 19.129834][ T30] audit: type=1400 audit(1713956098.220:66): avc: denied { node_bind } for pid=281 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 19.133818][ T30] audit: type=1400 audit(1713956098.220:67): avc: denied { name_bind } for pid=281 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 19.356416][ T30] audit: type=1400 audit(1713956098.450:68): avc: denied { integrity } for pid=288 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 19.360100][ T288] cgroup: Unknown subsys name 'net' [ 19.378579][ T30] audit: type=1400 audit(1713956098.450:69): avc: denied { mounton } for pid=288 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 19.405940][ T30] audit: type=1400 audit(1713956098.450:70): avc: denied { mount } for pid=288 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.406106][ T288] cgroup: Unknown subsys name 'devices' [ 19.427828][ T30] audit: type=1400 audit(1713956098.480:71): avc: denied { unmount } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.571772][ T288] cgroup: Unknown subsys name 'hugetlb' [ 19.577305][ T288] cgroup: Unknown subsys name 'rlimit' [ 19.732453][ T30] audit: type=1400 audit(1713956098.830:72): avc: denied { mounton } for pid=288 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 19.756950][ T30] audit: type=1400 audit(1713956098.830:73): avc: denied { mount } for pid=288 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 19.779880][ T30] audit: type=1400 audit(1713956098.830:74): avc: denied { setattr } for pid=288 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.790555][ T290] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). 2024/04/24 10:54:58 code coverage: enabled 2024/04/24 10:54:58 comparison tracing: enabled 2024/04/24 10:54:58 extra coverage: enabled 2024/04/24 10:54:58 delay kcov mmap: mmap returned an invalid pointer 2024/04/24 10:54:58 setuid sandbox: enabled 2024/04/24 10:54:58 namespace sandbox: enabled 2024/04/24 10:54:58 Android sandbox: enabled 2024/04/24 10:54:58 fault injection: enabled 2024/04/24 10:54:58 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2024/04/24 10:54:58 net packet injection: enabled 2024/04/24 10:54:58 net device setup: enabled 2024/04/24 10:54:58 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2024/04/24 10:54:58 devlink PCI setup: PCI device 0000:00:10.0 is not available 2024/04/24 10:54:58 NIC VF setup: PCI device 0000:00:11.0 is not available 2024/04/24 10:54:58 USB emulation: enabled 2024/04/24 10:54:58 hci packet injection: /dev/vhci does not exist 2024/04/24 10:54:58 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 2024/04/24 10:54:58 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 2024/04/24 10:54:58 swap file: enabled [ 19.811481][ T30] audit: type=1400 audit(1713956098.910:75): avc: denied { relabelto } for pid=290 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.852408][ T288] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/04/24 10:54:59 starting 5 executor processes [ 20.465684][ T299] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.472584][ T299] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.479711][ T299] device bridge_slave_0 entered promiscuous mode [ 20.499240][ T299] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.506136][ T299] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.513349][ T299] device bridge_slave_1 entered promiscuous mode [ 20.549381][ T300] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.556341][ T300] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.563805][ T300] device bridge_slave_0 entered promiscuous mode [ 20.570705][ T300] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.577715][ T300] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.585125][ T300] device bridge_slave_1 entered promiscuous mode [ 20.615014][ T305] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.621915][ T305] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.628955][ T305] device bridge_slave_0 entered promiscuous mode [ 20.635678][ T305] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.642554][ T305] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.649604][ T305] device bridge_slave_1 entered promiscuous mode [ 20.713434][ T302] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.720397][ T302] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.727488][ T302] device bridge_slave_0 entered promiscuous mode [ 20.742267][ T302] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.749107][ T302] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.756358][ T302] device bridge_slave_1 entered promiscuous mode [ 20.777809][ T301] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.784674][ T301] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.791902][ T301] device bridge_slave_0 entered promiscuous mode [ 20.809524][ T301] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.816448][ T301] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.823624][ T301] device bridge_slave_1 entered promiscuous mode [ 20.910789][ T299] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.917640][ T299] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.924799][ T299] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.931668][ T299] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.967212][ T300] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.974075][ T300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.981174][ T300] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.987967][ T300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.999523][ T301] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.006383][ T301] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.013480][ T301] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.020261][ T301] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.042923][ T305] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.049773][ T305] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.056891][ T305] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.063675][ T305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.082337][ T302] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.089179][ T302] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.096309][ T302] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.103083][ T302] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.122871][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.131845][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.139811][ T308] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.146879][ T308] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.153886][ T308] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.160913][ T308] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.168107][ T308] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.175108][ T308] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.182075][ T308] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.189007][ T308] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.196297][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.203473][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.221120][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.229882][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.255871][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.263937][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.271809][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.279784][ T308] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.286555][ T308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.293700][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.301662][ T308] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.308477][ T308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.320295][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.333156][ T299] device veth0_vlan entered promiscuous mode [ 21.343627][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.351466][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.359350][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.366129][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.373290][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.381337][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.388508][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.407986][ T300] device veth0_vlan entered promiscuous mode [ 21.425711][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.434432][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.442227][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.449403][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.458457][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.466287][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.474042][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.482104][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.488920][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.496239][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.503945][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.512162][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.518991][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.526182][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.534113][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.540949][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.548067][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.555784][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.563714][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.574579][ T299] device veth1_macvtap entered promiscuous mode [ 21.587773][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.595723][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.603730][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.611217][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffe}]}) mkdirat(0xffffffffffffff9c, 0x0, 0x0) fchownat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) executing program 1: mkdir(&(0x7f0000000580)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000400)='./file1/file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r4, &(0x7f0000002c00)=ANY=[@ANYBLOB="b0"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480)=0x0, &(0x7f00000004c0)) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',privport,access', @ANYRESDEC=r5]) mount$overlay(0x20000000, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1/file0'}}]}) [ 21.619192][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.627359][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.635343][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.658358][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.670775][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.680622][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 21.689158][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.697845][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.704716][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.712264][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 21.720573][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.728557][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.735419][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.742977][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 21.750941][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.756290][ T331] 9pnet: p9_client_clunk (331): Trying to clunk with invalid fid [ 21.767507][ T331] CPU: 0 PID: 331 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00013-gad06eaf051cd #0 [ 21.770135][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.777482][ T331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 21.790445][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.795108][ T331] Call Trace: [ 21.805951][ T331] [ 21.808727][ T331] dump_stack_lvl+0x151/0x1b7 [ 21.813244][ T331] ? io_uring_drop_tctx_refs+0x190/0x190 [ 21.818713][ T331] ? avc_has_perm_noaudit+0x430/0x430 [ 21.823918][ T331] dump_stack+0x15/0x17 [ 21.827909][ T331] p9_client_clunk+0x2e2/0x3a0 [ 21.832511][ T331] ? v9fs_fid_lookup+0x118/0x160 [ 21.837281][ T331] v9fs_statfs+0x16d/0x4d0 [ 21.841535][ T331] ? selinux_sb_show_options+0x610/0x610 [ 21.847006][ T331] ? v9fs_drop_inode+0x130/0x130 [ 21.851782][ T331] vfs_statfs+0x15c/0x320 [ 21.855944][ T331] ovl_get_lowerstack+0x1ff/0x1fe0 [ 21.861109][ T331] ? ovl_get_workdir+0x102/0x1250 [ 21.867455][ T331] ? ovl_get_upper+0x5f0/0x5f0 [ 21.873126][ T331] ? ovl_get_workdir+0x1250/0x1250 [ 21.878623][ T331] ? __kasan_kmalloc+0x9/0x10 [ 21.883136][ T331] ? __kmalloc+0x13a/0x270 [ 21.887381][ T331] ? ovl_fill_super+0x14ed/0x2a70 [ 21.892247][ T331] ovl_fill_super+0x17af/0x2a70 [ 21.894388][ T301] device veth0_vlan entered promiscuous mode [ 21.896933][ T331] ? ovl_mount+0x40/0x40 [ 21.906832][ T331] ? register_shrinker_prepared+0xd7/0x100 [ 21.912469][ T331] ? free_anon_bdev+0x30/0x30 [ 21.916981][ T331] ? ovl_mount+0x40/0x40 [ 21.921060][ T331] mount_nodev+0x57/0xf0 [ 21.921260][ T300] device veth1_macvtap entered promiscuous mode [ 21.925135][ T331] ovl_mount+0x2c/0x40 [ 21.935646][ T331] legacy_get_tree+0xf1/0x190 [ 21.938377][ T305] device veth0_vlan entered promiscuous mode [ 21.941460][ T331] ? virtio_fs_request_complete+0xd70/0xd70 [ 21.941490][ T331] vfs_get_tree+0x88/0x290 [ 21.941507][ T331] do_new_mount+0x2ba/0xb30 [ 21.941525][ T331] ? do_move_mount_old+0x160/0x160 [ 21.960680][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.963751][ T331] ? security_capable+0x87/0xb0 [ 21.968539][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.973120][ T331] ? ns_capable+0x89/0xe0 [ 21.973139][ T331] path_mount+0x671/0x1070 [ 21.973156][ T331] __se_sys_mount+0x2c4/0x3b0 [ 21.973178][ T331] ? __x64_sys_mount+0xd0/0xd0 [ 21.981601][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.985277][ T331] ? __kasan_check_read+0x11/0x20 [ 21.985304][ T331] __x64_sys_mount+0xbf/0xd0 [ 22.000431][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.000808][ T331] do_syscall_64+0x3d/0xb0 [ 22.006856][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.014150][ T331] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 22.014198][ T331] RIP: 0033:0x7ff8b4e78ea9 [ 22.014214][ T331] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 22.014227][ T331] RSP: 002b:00007ff8b3bcb0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 22.014254][ T331] RAX: ffffffffffffffda RBX: 00007ff8b4fa7050 RCX: 00007ff8b4e78ea9 [ 22.030424][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.031328][ T331] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000020000000 [ 22.038755][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.042806][ T331] RBP: 00007ff8b4ec54a4 R08: 00000000200005c0 R09: 0000000000000000 [ 22.042819][ T331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 22.042827][ T331] R13: 000000000000006e R14: 00007ff8b4fa7050 R15: 00007ffe358575c8 [ 22.042841][ T331] [ 22.052807][ T331] overlayfs: statfs failed on './file0' [ 22.060883][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.162119][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready executing program 1: openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000a61a7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) listxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50) close(r0) [ 22.172191][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.180392][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.200238][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.208511][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.216318][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.229964][ T301] device veth1_macvtap entered promiscuous mode [ 22.238569][ T302] device veth0_vlan entered promiscuous mode [ 22.255830][ T305] device veth1_macvtap entered promiscuous mode [ 22.263353][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.271722][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.279835][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.289635][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.297271][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.306987][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.320391][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.330862][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.339076][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.347261][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.355445][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48) r1 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780), &(0x7f0000000900)=@udp=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000010000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 22.377959][ T302] device veth1_macvtap entered promiscuous mode [ 22.390386][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.398562][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.410416][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.417692][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.425814][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.436943][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.445223][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 122.450041][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 122.456525][ C1] rcu: 1-...!: (10000 ticks this GP) idle=459/1/0x4000000000000000 softirq=2280/2280 fqs=0 last_accelerate: 92f3/ba54 dyntick_enabled: 1 [ 122.470400][ C1] (t=10000 jiffies g=817 q=127) [ 122.475538][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 9999 jiffies! g817 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 122.487487][ C1] rcu: Possible timer handling issue on cpu=1 timer-softirq=574 [ 122.495036][ C1] rcu: rcu_preempt kthread starved for 10000 jiffies! g817 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 [ 122.506062][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 122.515867][ C1] rcu: RCU grace-period kthread stack dump: [ 122.521605][ C1] task:rcu_preempt state:I stack:28328 pid: 14 ppid: 2 flags:0x00004000 [ 122.530669][ C1] Call Trace: [ 122.533748][ C1] [ 122.536540][ C1] __schedule+0xccc/0x1590 [ 122.540780][ C1] ? __sched_text_start+0x8/0x8 [ 122.545467][ C1] ? __kasan_check_write+0x14/0x20 [ 122.550413][ C1] schedule+0x11f/0x1e0 [ 122.554405][ C1] schedule_timeout+0x18c/0x370 [ 122.559092][ C1] ? _raw_spin_unlock_irq+0x4e/0x70 [ 122.564127][ C1] ? console_conditional_schedule+0x30/0x30 [ 122.569853][ C1] ? update_process_times+0x200/0x200 [ 122.575064][ C1] ? prepare_to_swait_event+0x308/0x320 [ 122.580446][ C1] rcu_gp_fqs_loop+0x2af/0xf80 [ 122.585058][ C1] ? debug_smp_processor_id+0x17/0x20 [ 122.590255][ C1] ? __note_gp_changes+0x4ab/0x920 [ 122.595203][ C1] ? rcu_gp_init+0xc30/0xc30 [ 122.599647][ C1] ? _raw_spin_unlock_irq+0x4e/0x70 [ 122.604835][ C1] ? rcu_gp_init+0x9cf/0xc30 [ 122.609275][ C1] rcu_gp_kthread+0xa4/0x350 [ 122.613689][ C1] ? _raw_spin_lock+0x1b0/0x1b0 [ 122.618373][ C1] ? rcu_barrier_callback+0x50/0x50 [ 122.623434][ C1] ? __kasan_check_read+0x11/0x20 [ 122.628270][ C1] ? __kthread_parkme+0xb2/0x200 [ 122.633045][ C1] kthread+0x421/0x510 [ 122.636947][ C1] ? rcu_barrier_callback+0x50/0x50 [ 122.641987][ C1] ? kthread_blkcg+0xd0/0xd0 [ 122.646409][ C1] ret_from_fork+0x1f/0x30 [ 122.650667][ C1] [ 122.653533][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 122.659700][ C1] NMI backtrace for cpu 1 [ 122.663870][ C1] CPU: 1 PID: 339 Comm: syz-fuzzer Not tainted 5.15.148-syzkaller-00013-gad06eaf051cd #0 [ 122.673709][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 122.685427][ C1] Call Trace: [ 122.688617][ C1] [ 122.691318][ C1] dump_stack_lvl+0x151/0x1b7 [ 122.695821][ C1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 122.701288][ C1] dump_stack+0x15/0x17 [ 122.705281][ C1] nmi_cpu_backtrace+0x2f7/0x300 [ 122.710055][ C1] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 122.716043][ C1] ? panic+0x751/0x751 [ 122.719947][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 122.725849][ C1] nmi_trigger_cpumask_backtrace+0x15d/0x270 [ 122.731665][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 122.737568][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 122.743296][ C1] rcu_check_gp_kthread_starvation+0x1e3/0x250 [ 122.749285][ C1] ? rcu_check_gp_kthread_expired_fqs_timer+0x18e/0x230 [ 122.756219][ C1] print_cpu_stall+0x310/0x5f0 [ 122.760818][ C1] rcu_sched_clock_irq+0x989/0x12f0 [ 122.765844][ C1] ? rcu_boost_kthread_setaffinity+0x340/0x340 [ 122.771833][ C1] ? hrtimer_run_queues+0x15f/0x440 [ 122.776869][ C1] update_process_times+0x198/0x200 [ 122.781900][ C1] tick_sched_timer+0x188/0x240 [ 122.786589][ C1] ? tick_setup_sched_timer+0x480/0x480 [ 122.791969][ C1] __hrtimer_run_queues+0x41a/0xad0 [ 122.797092][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 122.802038][ C1] ? clockevents_program_event+0x22f/0x300 [ 122.807767][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 122.813676][ C1] hrtimer_interrupt+0x40c/0xaa0 [ 122.818446][ C1] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 122.825343][ C1] sysvec_apic_timer_interrupt+0x95/0xc0 [ 122.830955][ C1] [ 122.833723][ C1] [ 122.836499][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 122.842310][ C1] RIP: 0010:kvm_wait+0x147/0x180 [ 122.847171][ C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 122.866613][ C1] RSP: 0018:ffffc900052d71e0 EFLAGS: 00000246 [ 122.872518][ C1] RAX: 0000000000000001 RBX: 1ffff92000a5ae40 RCX: 1ffffffff0d1aa9c [ 122.880500][ C1] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881f7137ed4 [ 122.888309][ C1] RBP: ffffc900052d7290 R08: dffffc0000000000 R09: ffffed103ee26fdb [ 122.896127][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 122.904126][ C1] R13: ffff8881f7137ed4 R14: 0000000000000001 R15: 1ffff92000a5ae44 [ 122.912022][ C1] ? asm_common_interrupt+0x27/0x40 [ 122.917049][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 122.921995][ C1] __pv_queued_spin_lock_slowpath+0x41b/0xc40 [ 122.927896][ C1] ? __sk_dst_check+0xd2/0x1b0 [ 122.932495][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 122.938756][ C1] ? tcp_recvmsg_locked+0x17fd/0x2890 [ 122.943954][ C1] ? inet_recvmsg+0x158/0x500 [ 122.948464][ C1] ? sock_read_iter+0x353/0x480 [ 122.953154][ C1] ? vfs_read+0xa7e/0xd40 [ 122.957321][ C1] ? __x64_sys_read+0x7b/0x90 [ 122.961833][ C1] ? do_syscall_64+0x3d/0xb0 [ 122.966262][ C1] _raw_spin_lock_bh+0x139/0x1b0 [ 122.971032][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 122.976067][ C1] ? sock_hash_bucket_hash+0x36d/0x7e0 [ 122.981364][ C1] sock_hash_delete_elem+0xb1/0x2f0 [ 122.986398][ C1] ? skb_release_data+0x8a9/0xa80 [ 122.992017][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0x8ac [ 122.998886][ C1] bpf_trace_run2+0xec/0x210 [ 123.003700][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 123.008839][ C1] ? skb_release_data+0x8a9/0xa80 [ 123.013704][ C1] ? mark_free_pages+0x3b0/0x3b0 [ 123.018471][ C1] ? __check_object_size+0x1b7/0x3d0 [ 123.023587][ C1] ? trace_raw_output_mm_lru_activate+0x20/0xe0 [ 123.029668][ C1] ? skb_release_data+0x8a9/0xa80 [ 123.034531][ C1] __bpf_trace_kfree+0x6f/0x90 [ 123.039125][ C1] ? skb_release_data+0x8a9/0xa80 [ 123.043982][ C1] kfree+0x1f3/0x220 [ 123.047717][ C1] ? __put_compound_page+0x73/0xb0 [ 123.052670][ C1] skb_release_data+0x8a9/0xa80 [ 123.057352][ C1] __kfree_skb+0x50/0x70 [ 123.061431][ C1] tcp_recvmsg_locked+0x17fd/0x2890 [ 123.066468][ C1] ? tcp_recvmsg+0x7f0/0x7f0 [ 123.071097][ C1] tcp_recvmsg+0x24e/0x7f0 [ 123.075508][ C1] ? avc_has_perm_noaudit+0x430/0x430 [ 123.080709][ C1] ? tcp_recv_timestamp+0x710/0x710 [ 123.085739][ C1] ? selinux_socket_sendmsg+0x340/0x340 [ 123.091128][ C1] inet_recvmsg+0x158/0x500 [ 123.095656][ C1] ? inet_sendpage+0x120/0x120 [ 123.101048][ C1] ? file_has_perm+0x508/0x6c0 [ 123.106353][ C1] ? security_socket_recvmsg+0x87/0xb0 [ 123.112963][ C1] ? inet_sendpage+0x120/0x120 [ 123.119614][ C1] sock_read_iter+0x353/0x480 [ 123.124079][ C1] ? kernel_sock_ip_overhead+0x280/0x280 [ 123.129570][ C1] ? iov_iter_init+0x53/0x190 [ 123.134252][ C1] vfs_read+0xa7e/0xd40 [ 123.138245][ C1] ? kernel_read+0x1f0/0x1f0 [ 123.142682][ C1] ? __fdget_pos+0x209/0x3a0 [ 123.147095][ C1] ? ksys_read+0x77/0x2c0 [ 123.151263][ C1] ksys_read+0x199/0x2c0 [ 123.155342][ C1] ? vfs_write+0x1110/0x1110 [ 123.159768][ C1] ? debug_smp_processor_id+0x17/0x20 [ 123.164978][ C1] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 123.170880][ C1] __x64_sys_read+0x7b/0x90 [ 123.175230][ C1] do_syscall_64+0x3d/0xb0 [ 123.179473][ C1] ? sysvec_call_function_single+0x52/0xb0 [ 123.185202][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 123.190937][ C1] RIP: 0033:0x40720e [ 123.194674][ C1] Code: 48 83 ec 38 e8 13 00 00 00 48 83 c4 38 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 49 89 f2 48 89 fa 48 89 ce 48 89 df 0f 05 <48> 3d 01 f0 ff ff 76 15 48 f7 d8 48 89 c1 48 c7 c0 ff ff ff ff 48 [ 123.214105][ C1] RSP: 002b:000000c000a8f7f0 EFLAGS: 00000212 ORIG_RAX: 0000000000000000 [ 123.222349][ C1] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000040720e [ 123.230164][ C1] RDX: 0000000000001000 RSI: 000000c00096f000 RDI: 0000000000000003 [ 123.237978][ C1] RBP: 000000c000a8f830 R08: 0000000000000000 R09: 0000000000000000 [ 123.245786][ C1] R10: 0000000000000000 R11: 0000000000000212 R12: 000000c000a8f970 [ 123.253595][ C1] R13: 0000000000004fe4 R14: 000000c00047f040 R15: 000000000000002f [ 123.261495][ C1] [ 123.264421][ C1] Sending NMI from CPU 1 to CPUs 0: [ 123.269457][ C0] NMI backtrace for cpu 0 [ 123.269470][ C0] CPU: 0 PID: 338 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00013-gad06eaf051cd #0 [ 123.269487][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 123.269496][ C0] RIP: 0010:kvm_wait+0x147/0x180 [ 123.269519][ C0] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 123.269530][ C0] RSP: 0018:ffffc900052c6bc0 EFLAGS: 00000246 [ 123.269544][ C0] RAX: 0000000000000003 RBX: 1ffff92000a58d7c RCX: ffffffff8154f88f [ 123.269555][ C0] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff888100be00e8 [ 123.269565][ C0] RBP: ffffc900052c6c70 R08: dffffc0000000000 R09: ffffed102017c01e [ 123.269576][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 123.269587][ C0] R13: ffff888100be00e8 R14: 0000000000000003 R15: 1ffff92000a58d80 [ 123.269597][ C0] FS: 00007ff8b3bec6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 123.269611][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.269621][ C0] CR2: 000000c002c78740 CR3: 0000000128136000 CR4: 00000000003506b0 [ 123.269635][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 123.269643][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 123.269652][ C0] Call Trace: [ 123.269657][ C0] [ 123.269663][ C0] ? show_regs+0x58/0x60 [ 123.269680][ C0] ? nmi_cpu_backtrace+0x29f/0x300 [ 123.269697][ C0] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 123.269714][ C0] ? kvm_wait+0x147/0x180 [ 123.269727][ C0] ? kvm_wait+0x147/0x180 [ 123.269740][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 123.269756][ C0] ? nmi_handle+0xa8/0x280 [ 123.269770][ C0] ? kvm_wait+0x147/0x180 [ 123.269783][ C0] ? default_do_nmi+0x69/0x160 [ 123.269800][ C0] ? exc_nmi+0xaf/0x120 [ 123.269813][ C0] ? end_repeat_nmi+0x16/0x31 [ 123.269828][ C0] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 123.269847][ C0] ? kvm_wait+0x147/0x180 [ 123.269860][ C0] ? kvm_wait+0x147/0x180 [ 123.269873][ C0] ? kvm_wait+0x147/0x180 [ 123.269886][ C0] [ 123.269890][ C0] [ 123.269901][ C0] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 123.269916][ C0] ? kvm_arch_para_hints+0x30/0x30 [ 123.269931][ C0] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 123.269948][ C0] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 123.269966][ C0] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 123.269983][ C0] ? arch_stack_walk+0xf3/0x140 [ 123.270003][ C0] _raw_spin_lock_bh+0x139/0x1b0 [ 123.270019][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 123.270035][ C0] ? sock_hash_bucket_hash+0x36d/0x7e0 [ 123.270053][ C0] sock_hash_delete_elem+0xb1/0x2f0 [ 123.270068][ C0] ? sock_map_unref+0x352/0x4d0 [ 123.270082][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0x8ac [ 123.270096][ C0] bpf_trace_run2+0xec/0x210 [ 123.270112][ C0] ? bpf_trace_run1+0x1c0/0x1c0 [ 123.270127][ C0] ? sock_map_unref+0x352/0x4d0 [ 123.270142][ C0] ? sock_map_unref+0x352/0x4d0 [ 123.270156][ C0] __bpf_trace_kfree+0x6f/0x90 [ 123.270170][ C0] ? sock_map_unref+0x352/0x4d0 [ 123.270184][ C0] kfree+0x1f3/0x220 [ 123.270201][ C0] sock_map_unref+0x352/0x4d0 [ 123.270217][ C0] sock_hash_delete_elem+0x274/0x2f0 [ 123.270232][ C0] ? avc_audit_post_callback+0x43d/0xb20 [ 123.270249][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0x8ac [ 123.270260][ C0] bpf_trace_run2+0xec/0x210 [ 123.270275][ C0] ? bpf_trace_run1+0x1c0/0x1c0 [ 123.270290][ C0] ? avc_audit_post_callback+0x43d/0xb20 [ 123.270305][ C0] ? audit_log_format+0xd7/0x120 [ 123.270319][ C0] ? avc_audit_post_callback+0x43d/0xb20 [ 123.270333][ C0] __bpf_trace_kfree+0x6f/0x90 [ 123.270347][ C0] ? avc_audit_post_callback+0x43d/0xb20 [ 123.270361][ C0] kfree+0x1f3/0x220 [ 123.270384][ C0] avc_audit_post_callback+0x43d/0xb20 [ 123.270399][ C0] ? avc_audit_pre_callback+0x2b0/0x2b0 [ 123.270414][ C0] ? audit_log_start+0xa80/0xa80 [ 123.270429][ C0] ? avc_audit_pre_callback+0x2b0/0x2b0 [ 123.270443][ C0] common_lsm_audit+0xbc6/0x18b0 [ 123.270458][ C0] ? avc_audit_pre_callback+0x2b0/0x2b0 [ 123.270473][ C0] ? ipv6_skb_to_auditdata+0xd90/0xd90 [ 123.270487][ C0] ? rcu_gp_kthread_wake+0x90/0x90 [ 123.270502][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 123.270518][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 123.270535][ C0] slow_avc_audit+0x26c/0x3c0 [ 123.270549][ C0] ? avc_get_hash_stats+0x180/0x180 [ 123.270566][ C0] audit_inode_permission+0x1ce/0x2a0 [ 123.270581][ C0] ? may_link+0x5d0/0x5d0 [ 123.270597][ C0] selinux_inode_permission+0x530/0x660 [ 123.270613][ C0] ? selinux_inode_follow_link+0x3b0/0x3b0 [ 123.270629][ C0] ? __kasan_check_write+0x14/0x20 [ 123.270644][ C0] ? _raw_spin_lock+0xa4/0x1b0 [ 123.270659][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 123.270675][ C0] security_inode_permission+0xa0/0xf0 [ 123.270692][ C0] inode_permission+0xf8/0x460 [ 123.270707][ C0] may_open+0x2d7/0x440 [ 123.270722][ C0] path_openat+0x264e/0x2f40 [ 123.270738][ C0] ? __kasan_slab_alloc+0xb1/0xe0 [ 123.270751][ C0] ? kmem_cache_alloc+0xf5/0x200 [ 123.270766][ C0] ? getname_flags+0xba/0x520 [ 123.270779][ C0] ? __x64_sys_openat+0x243/0x290 [ 123.270797][ C0] ? do_filp_open+0x460/0x460 [ 123.270814][ C0] do_filp_open+0x21c/0x460 [ 123.270828][ C0] ? vfs_tmpfile+0x2c0/0x2c0 [ 123.270847][ C0] do_sys_openat2+0x13f/0x830 [ 123.270864][ C0] ? do_sys_open+0x220/0x220 [ 123.270878][ C0] ? security_bpf+0x82/0xb0 [ 123.270897][ C0] __x64_sys_openat+0x243/0x290 [ 123.270913][ C0] ? __ia32_sys_open+0x270/0x270 [ 123.270929][ C0] ? __kasan_check_read+0x11/0x20 [ 123.270944][ C0] ? exit_to_user_mode_prepare+0x7e/0xa0 [ 123.270959][ C0] do_syscall_64+0x3d/0xb0 [ 123.270973][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 123.270989][ C0] RIP: 0033:0x7ff8b4e78ea9 [ 123.271003][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 123.271014][ C0] RSP: 002b:00007ff8b3bec0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 123.271030][ C0] RAX: ffffffffffffffda RBX: 00007ff8b4fa6f80 RCX: 00007ff8b4e78ea9 [ 123.271041][ C0] RDX: 0000000000000000 RSI: 0000000020000100 RDI: ffffffffffffff9c [ 123.271050][ C0] RBP: 00007ff8b4ec54a4 R08: 0000000000000000 R09: 0000000000000000 [ 123.271059][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.271068][ C0] R13: 000000000000000b R14: 00007ff8b4fa6f80 R15: 00007ffe358575c8 [ 123.271080][ C0] [ 123.271418][ C1] NMI backtrace for cpu 1 [ 123.906694][ C1] CPU: 1 PID: 339 Comm: syz-fuzzer Not tainted 5.15.148-syzkaller-00013-gad06eaf051cd #0 [ 123.916327][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 123.926216][ C1] Call Trace: [ 123.929339][ C1] [ 123.932032][ C1] dump_stack_lvl+0x151/0x1b7 [ 123.936544][ C1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 123.942010][ C1] ? cpumask_next+0x8a/0xb0 [ 123.946352][ C1] dump_stack+0x15/0x17 [ 123.950346][ C1] nmi_cpu_backtrace+0x2f7/0x300 [ 123.955128][ C1] ? init_x2apic_ldr+0x10/0x10 [ 123.959717][ C1] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 123.965706][ C1] ? irq_work_queue+0xd4/0x160 [ 123.970314][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 123.976213][ C1] nmi_trigger_cpumask_backtrace+0x15d/0x270 [ 123.982027][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 123.987941][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 123.993657][ C1] rcu_dump_cpu_stacks+0x1d8/0x330 [ 123.998704][ C1] print_cpu_stall+0x315/0x5f0 [ 124.005193][ C1] rcu_sched_clock_irq+0x989/0x12f0 [ 124.011552][ C1] ? rcu_boost_kthread_setaffinity+0x340/0x340 [ 124.020818][ C1] ? hrtimer_run_queues+0x15f/0x440 [ 124.026855][ C1] update_process_times+0x198/0x200 [ 124.031972][ C1] tick_sched_timer+0x188/0x240 [ 124.036683][ C1] ? tick_setup_sched_timer+0x480/0x480 [ 124.042029][ C1] __hrtimer_run_queues+0x41a/0xad0 [ 124.047064][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 124.052017][ C1] ? clockevents_program_event+0x22f/0x300 [ 124.057659][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 124.063577][ C1] hrtimer_interrupt+0x40c/0xaa0 [ 124.070151][ C1] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 124.080583][ C1] sysvec_apic_timer_interrupt+0x95/0xc0 [ 124.087707][ C1] [ 124.092305][ C1] [ 124.099684][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 124.108741][ C1] RIP: 0010:kvm_wait+0x147/0x180 [ 124.113833][ C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 124.133253][ C1] RSP: 0018:ffffc900052d71e0 EFLAGS: 00000246 [ 124.139153][ C1] RAX: 0000000000000001 RBX: 1ffff92000a5ae40 RCX: 1ffffffff0d1aa9c [ 124.146964][ C1] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881f7137ed4 [ 124.154953][ C1] RBP: ffffc900052d7290 R08: dffffc0000000000 R09: ffffed103ee26fdb [ 124.162764][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 124.170686][ C1] R13: ffff8881f7137ed4 R14: 0000000000000001 R15: 1ffff92000a5ae44 [ 124.178500][ C1] ? asm_common_interrupt+0x27/0x40 [ 124.183528][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 124.188478][ C1] __pv_queued_spin_lock_slowpath+0x41b/0xc40 [ 124.194378][ C1] ? __sk_dst_check+0xd2/0x1b0 [ 124.198981][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 124.205232][ C1] ? tcp_recvmsg_locked+0x17fd/0x2890 [ 124.210435][ C1] ? inet_recvmsg+0x158/0x500 [ 124.214948][ C1] ? sock_read_iter+0x353/0x480 [ 124.219721][ C1] ? vfs_read+0xa7e/0xd40 [ 124.223889][ C1] ? __x64_sys_read+0x7b/0x90 [ 124.228401][ C1] ? do_syscall_64+0x3d/0xb0 [ 124.232829][ C1] _raw_spin_lock_bh+0x139/0x1b0 [ 124.237601][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 124.242636][ C1] ? sock_hash_bucket_hash+0x36d/0x7e0 [ 124.247930][ C1] sock_hash_delete_elem+0xb1/0x2f0 [ 124.252965][ C1] ? skb_release_data+0x8a9/0xa80 [ 124.257826][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0x8ac [ 124.263206][ C1] bpf_trace_run2+0xec/0x210 [ 124.267633][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 124.272320][ C1] ? skb_release_data+0x8a9/0xa80 [ 124.277179][ C1] ? mark_free_pages+0x3b0/0x3b0 [ 124.281954][ C1] ? __check_object_size+0x1b7/0x3d0 [ 124.287076][ C1] ? trace_raw_output_mm_lru_activate+0x20/0xe0 [ 124.293149][ C1] ? skb_release_data+0x8a9/0xa80 [ 124.298012][ C1] __bpf_trace_kfree+0x6f/0x90 [ 124.302610][ C1] ? skb_release_data+0x8a9/0xa80 [ 124.307483][ C1] kfree+0x1f3/0x220 [ 124.311206][ C1] ? __put_compound_page+0x73/0xb0 [ 124.316150][ C1] skb_release_data+0x8a9/0xa80 [ 124.320839][ C1] __kfree_skb+0x50/0x70 [ 124.324916][ C1] tcp_recvmsg_locked+0x17fd/0x2890 [ 124.329954][ C1] ? tcp_recvmsg+0x7f0/0x7f0 [ 124.334380][ C1] tcp_recvmsg+0x24e/0x7f0 [ 124.338628][ C1] ? avc_has_perm_noaudit+0x430/0x430 [ 124.343840][ C1] ? tcp_recv_timestamp+0x710/0x710 [ 124.348869][ C1] ? selinux_socket_sendmsg+0x340/0x340 [ 124.354254][ C1] inet_recvmsg+0x158/0x500 [ 124.358595][ C1] ? inet_sendpage+0x120/0x120 [ 124.363192][ C1] ? file_has_perm+0x508/0x6c0 [ 124.367794][ C1] ? security_socket_recvmsg+0x87/0xb0 [ 124.373089][ C1] ? inet_sendpage+0x120/0x120 [ 124.377689][ C1] sock_read_iter+0x353/0x480 [ 124.382201][ C1] ? kernel_sock_ip_overhead+0x280/0x280 [ 124.387669][ C1] ? iov_iter_init+0x53/0x190 [ 124.392183][ C1] vfs_read+0xa7e/0xd40 [ 124.396175][ C1] ? kernel_read+0x1f0/0x1f0 [ 124.400606][ C1] ? __fdget_pos+0x209/0x3a0 [ 124.405029][ C1] ? ksys_read+0x77/0x2c0 [ 124.409193][ C1] ksys_read+0x199/0x2c0 [ 124.413274][ C1] ? vfs_write+0x1110/0x1110 [ 124.417699][ C1] ? debug_smp_processor_id+0x17/0x20 [ 124.422908][ C1] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 124.428810][ C1] __x64_sys_read+0x7b/0x90 [ 124.433149][ C1] do_syscall_64+0x3d/0xb0 [ 124.437402][ C1] ? sysvec_call_function_single+0x52/0xb0 [ 124.443046][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 124.448771][ C1] RIP: 0033:0x40720e [ 124.452507][ C1] Code: 48 83 ec 38 e8 13 00 00 00 48 83 c4 38 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 49 89 f2 48 89 fa 48 89 ce 48 89 df 0f 05 <48> 3d 01 f0 ff ff 76 15 48 f7 d8 48 89 c1 48 c7 c0 ff ff ff ff 48 [ 124.471948][ C1] RSP: 002b:000000c000a8f7f0 EFLAGS: 00000212 ORIG_RAX: 0000000000000000 [ 124.480194][ C1] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000040720e [ 124.488003][ C1] RDX: 0000000000001000 RSI: 000000c00096f000 RDI: 0000000000000003 [ 124.495815][ C1] RBP: 000000c000a8f830 R08: 0000000000000000 R09: 0000000000000000 [ 124.503625][ C1] R10: 0000000000000000 R11: 0000000000000212 R12: 000000c000a8f970 [ 124.511508][ C1] R13: 0000000000004fe4 R14: 000000c00047f040 R15: 000000000000002f [ 124.520125][ C1] [ 265.071113][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 245s! [syz-executor.1:338] [ 265.079432][ C0] Modules linked in: [ 265.083167][ C0] CPU: 0 PID: 338 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00013-gad06eaf051cd #0 [ 265.093142][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 265.103045][ C0] RIP: 0010:kvm_wait+0x147/0x180 [ 265.107815][ C0] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 265.127691][ C0] RSP: 0018:ffffc900052c6bc0 EFLAGS: 00000246 [ 265.133589][ C0] RAX: 0000000000000003 RBX: 1ffff92000a58d7c RCX: ffffffff8154f88f [ 265.141399][ C0] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff888100be00e8 [ 265.149211][ C0] RBP: ffffc900052c6c70 R08: dffffc0000000000 R09: ffffed102017c01e [ 265.157026][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 265.164835][ C0] R13: ffff888100be00e8 R14: 0000000000000003 R15: 1ffff92000a58d80 [ 265.172647][ C0] FS: 00007ff8b3bec6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 265.181412][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 265.187835][ C0] CR2: 000000c002c78740 CR3: 0000000128136000 CR4: 00000000003506b0 [ 265.195656][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 265.203456][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 265.211269][ C0] Call Trace: [ 265.214404][ C0] [ 265.217159][ C0] ? show_regs+0x58/0x60 [ 265.221164][ C0] ? watchdog_timer_fn+0x4b1/0x5f0 [ 265.226110][ C0] ? proc_watchdog_cpumask+0xd0/0xd0 [ 265.231319][ C0] ? __hrtimer_run_queues+0x41a/0xad0 [ 265.236526][ C0] ? hrtimer_interrupt+0xaa0/0xaa0 [ 265.241473][ C0] ? clockevents_program_event+0x22f/0x300 [ 265.247116][ C0] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 265.253017][ C0] ? hrtimer_interrupt+0x40c/0xaa0 [ 265.257966][ C0] ? __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 265.263866][ C0] ? sysvec_apic_timer_interrupt+0x95/0xc0 [ 265.269508][ C0] [ 265.272288][ C0] [ 265.275063][ C0] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 265.281053][ C0] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 265.287127][ C0] ? kvm_wait+0x147/0x180 [ 265.291293][ C0] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 265.297281][ C0] ? kvm_arch_para_hints+0x30/0x30 [ 265.302230][ C0] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 265.308305][ C0] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 265.314209][ C0] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 265.320457][ C0] ? arch_stack_walk+0xf3/0x140 [ 265.325145][ C0] _raw_spin_lock_bh+0x139/0x1b0 [ 265.329918][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 265.334952][ C0] ? sock_hash_bucket_hash+0x36d/0x7e0 [ 265.340247][ C0] sock_hash_delete_elem+0xb1/0x2f0 [ 265.345279][ C0] ? sock_map_unref+0x352/0x4d0 [ 265.349967][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0x8ac [ 265.355347][ C0] bpf_trace_run2+0xec/0x210 [ 265.359774][ C0] ? bpf_trace_run1+0x1c0/0x1c0 [ 265.364462][ C0] ? sock_map_unref+0x352/0x4d0 [ 265.369147][ C0] ? sock_map_unref+0x352/0x4d0 [ 265.373835][ C0] __bpf_trace_kfree+0x6f/0x90 [ 265.378433][ C0] ? sock_map_unref+0x352/0x4d0 [ 265.383124][ C0] kfree+0x1f3/0x220 [ 265.386857][ C0] sock_map_unref+0x352/0x4d0 [ 265.391369][ C0] sock_hash_delete_elem+0x274/0x2f0 [ 265.396488][ C0] ? avc_audit_post_callback+0x43d/0xb20 [ 265.401956][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0x8ac [ 265.407339][ C0] bpf_trace_run2+0xec/0x210 [ 265.411766][ C0] ? bpf_trace_run1+0x1c0/0x1c0 [ 265.416451][ C0] ? avc_audit_post_callback+0x43d/0xb20 [ 265.421921][ C0] ? audit_log_format+0xd7/0x120 [ 265.426696][ C0] ? avc_audit_post_callback+0x43d/0xb20 [ 265.432165][ C0] __bpf_trace_kfree+0x6f/0x90 [ 265.436760][ C0] ? avc_audit_post_callback+0x43d/0xb20 [ 265.442229][ C0] kfree+0x1f3/0x220 [ 265.445964][ C0] avc_audit_post_callback+0x43d/0xb20 [ 265.451255][ C0] ? avc_audit_pre_callback+0x2b0/0x2b0 [ 265.456639][ C0] ? audit_log_start+0xa80/0xa80 [ 265.461414][ C0] ? avc_audit_pre_callback+0x2b0/0x2b0 [ 265.466791][ C0] common_lsm_audit+0xbc6/0x18b0 [ 265.471566][ C0] ? avc_audit_pre_callback+0x2b0/0x2b0 [ 265.476957][ C0] ? ipv6_skb_to_auditdata+0xd90/0xd90 [ 265.482244][ C0] ? rcu_gp_kthread_wake+0x90/0x90 [ 265.487195][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 265.492485][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 265.497170][ C0] slow_avc_audit+0x26c/0x3c0 [ 265.501684][ C0] ? avc_get_hash_stats+0x180/0x180 [ 265.506721][ C0] audit_inode_permission+0x1ce/0x2a0 [ 265.511925][ C0] ? may_link+0x5d0/0x5d0 [ 265.516092][ C0] selinux_inode_permission+0x530/0x660 [ 265.521472][ C0] ? selinux_inode_follow_link+0x3b0/0x3b0 [ 265.527118][ C0] ? __kasan_check_write+0x14/0x20 [ 265.532071][ C0] ? _raw_spin_lock+0xa4/0x1b0 [ 265.536662][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 265.541871][ C0] security_inode_permission+0xa0/0xf0 [ 265.547163][ C0] inode_permission+0xf8/0x460 [ 265.551767][ C0] may_open+0x2d7/0x440 [ 265.555757][ C0] path_openat+0x264e/0x2f40 [ 265.560185][ C0] ? __kasan_slab_alloc+0xb1/0xe0 [ 265.565042][ C0] ? kmem_cache_alloc+0xf5/0x200 [ 265.569817][ C0] ? getname_flags+0xba/0x520 [ 265.574329][ C0] ? __x64_sys_openat+0x243/0x290 [ 265.579200][ C0] ? do_filp_open+0x460/0x460 [ 265.583705][ C0] do_filp_open+0x21c/0x460 [ 265.588043][ C0] ? vfs_tmpfile+0x2c0/0x2c0 [ 265.592474][ C0] do_sys_openat2+0x13f/0x830 [ 265.596987][ C0] ? do_sys_open+0x220/0x220 [ 265.601409][ C0] ? security_bpf+0x82/0xb0 [ 265.605750][ C0] __x64_sys_openat+0x243/0x290 [ 265.610440][ C0] ? __ia32_sys_open+0x270/0x270 [ 265.615209][ C0] ? __kasan_check_read+0x11/0x20 [ 265.620071][ C0] ? exit_to_user_mode_prepare+0x7e/0xa0 [ 265.625539][ C0] do_syscall_64+0x3d/0xb0 [ 265.629793][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 265.635524][ C0] RIP: 0033:0x7ff8b4e78ea9 [ 265.639882][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 265.659305][ C0] RSP: 002b:00007ff8b3bec0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 265.667551][ C0] RAX: ffffffffffffffda RBX: 00007ff8b4fa6f80 RCX: 00007ff8b4e78ea9 [ 265.675359][ C0] RDX: 0000000000000000 RSI: 0000000020000100 RDI: ffffffffffffff9c [ 265.683171][ C0] RBP: 00007ff8b4ec54a4 R08: 0000000000000000 R09: 0000000000000000 [ 265.690984][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 265.698792][ C0] R13: 000000000000000b R14: 00007ff8b4fa6f80 R15: 00007ffe358575c8 [ 265.706612][ C0] [ 265.709477][ C0] Sending NMI from CPU 0 to CPUs 1: [ 265.714534][ C1] NMI backtrace for cpu 1 [ 265.714543][ C1] CPU: 1 PID: 339 Comm: syz-fuzzer Not tainted 5.15.148-syzkaller-00013-gad06eaf051cd #0 [ 265.714558][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 265.714566][ C1] RIP: 0010:kvm_wait+0x147/0x180 [ 265.714586][ C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 265.714597][ C1] RSP: 0018:ffffc900052d71e0 EFLAGS: 00000246 [ 265.714611][ C1] RAX: 0000000000000001 RBX: 1ffff92000a5ae40 RCX: 1ffffffff0d1aa9c [ 265.714621][ C1] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881f7137ed4 [ 265.714630][ C1] RBP: ffffc900052d7290 R08: dffffc0000000000 R09: ffffed103ee26fdb [ 265.714641][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 265.714651][ C1] R13: ffff8881f7137ed4 R14: 0000000000000001 R15: 1ffff92000a5ae44 [ 265.714661][ C1] FS: 000000c000f50490(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 265.714674][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 265.714685][ C1] CR2: 00005588599a7fd8 CR3: 000000011f445000 CR4: 00000000003506a0 [ 265.714698][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 265.714706][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 265.714715][ C1] Call Trace: [ 265.714720][ C1] [ 265.714725][ C1] ? show_regs+0x58/0x60 [ 265.714741][ C1] ? nmi_cpu_backtrace+0x29f/0x300 [ 265.714758][ C1] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 265.714775][ C1] ? kvm_wait+0x147/0x180 [ 265.714788][ C1] ? kvm_wait+0x147/0x180 [ 265.714801][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 265.714816][ C1] ? nmi_handle+0xa8/0x280 [ 265.714830][ C1] ? kvm_wait+0x147/0x180 [ 265.714843][ C1] ? default_do_nmi+0x69/0x160 [ 265.714868][ C1] ? exc_nmi+0xaf/0x120 [ 265.714881][ C1] ? end_repeat_nmi+0x16/0x31 [ 265.714896][ C1] ? kvm_wait+0x147/0x180 [ 265.714909][ C1] ? kvm_wait+0x147/0x180 [ 265.714922][ C1] ? kvm_wait+0x147/0x180 [ 265.714935][ C1] [ 265.714939][ C1] [ 265.714944][ C1] ? asm_common_interrupt+0x27/0x40 [ 265.714957][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 265.714972][ C1] __pv_queued_spin_lock_slowpath+0x41b/0xc40 [ 265.714989][ C1] ? __sk_dst_check+0xd2/0x1b0 [ 265.715005][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 265.715021][ C1] ? tcp_recvmsg_locked+0x17fd/0x2890 [ 265.715036][ C1] ? inet_recvmsg+0x158/0x500 [ 265.715050][ C1] ? sock_read_iter+0x353/0x480 [ 265.715064][ C1] ? vfs_read+0xa7e/0xd40 [ 265.715077][ C1] ? __x64_sys_read+0x7b/0x90 [ 265.715089][ C1] ? do_syscall_64+0x3d/0xb0 [ 265.715103][ C1] _raw_spin_lock_bh+0x139/0x1b0 [ 265.715119][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 265.715135][ C1] ? sock_hash_bucket_hash+0x36d/0x7e0 [ 265.715151][ C1] sock_hash_delete_elem+0xb1/0x2f0 [ 265.715166][ C1] ? skb_release_data+0x8a9/0xa80 [ 265.715180][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0x8ac [ 265.715193][ C1] bpf_trace_run2+0xec/0x210 [ 265.715209][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 265.715224][ C1] ? skb_release_data+0x8a9/0xa80 [ 265.715237][ C1] ? mark_free_pages+0x3b0/0x3b0 [ 265.715252][ C1] ? __check_object_size+0x1b7/0x3d0 [ 265.715268][ C1] ? trace_raw_output_mm_lru_activate+0x20/0xe0 [ 265.715283][ C1] ? skb_release_data+0x8a9/0xa80 [ 265.715297][ C1] __bpf_trace_kfree+0x6f/0x90 [ 265.715311][ C1] ? skb_release_data+0x8a9/0xa80 [ 265.715324][ C1] kfree+0x1f3/0x220 [ 265.715338][ C1] ? __put_compound_page+0x73/0xb0 [ 265.715352][ C1] skb_release_data+0x8a9/0xa80 [ 265.715367][ C1] __kfree_skb+0x50/0x70 [ 265.715379][ C1] tcp_recvmsg_locked+0x17fd/0x2890 [ 265.715398][ C1] ? tcp_recvmsg+0x7f0/0x7f0 [ 265.715413][ C1] tcp_recvmsg+0x24e/0x7f0 [ 265.715426][ C1] ? avc_has_perm_noaudit+0x430/0x430 [ 265.715442][ C1] ? tcp_recv_timestamp+0x710/0x710 [ 265.715457][ C1] ? selinux_socket_sendmsg+0x340/0x340 [ 265.715472][ C1] inet_recvmsg+0x158/0x500 [ 265.715486][ C1] ? inet_sendpage+0x120/0x120 [ 265.715500][ C1] ? file_has_perm+0x508/0x6c0 [ 265.715513][ C1] ? security_socket_recvmsg+0x87/0xb0 [ 265.715526][ C1] ? inet_sendpage+0x120/0x120 [ 265.715540][ C1] sock_read_iter+0x353/0x480 [ 265.715555][ C1] ? kernel_sock_ip_overhead+0x280/0x280 [ 265.715571][ C1] ? iov_iter_init+0x53/0x190 [ 265.715586][ C1] vfs_read+0xa7e/0xd40 [ 265.715599][ C1] ? kernel_read+0x1f0/0x1f0 [ 265.715614][ C1] ? __fdget_pos+0x209/0x3a0 [ 265.715627][ C1] ? ksys_read+0x77/0x2c0 [ 265.715639][ C1] ksys_read+0x199/0x2c0 [ 265.715652][ C1] ? vfs_write+0x1110/0x1110 [ 265.715665][ C1] ? debug_smp_processor_id+0x17/0x20 [ 265.715679][ C1] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 265.715696][ C1] __x64_sys_read+0x7b/0x90 [ 265.715708][ C1] do_syscall_64+0x3d/0xb0 [ 265.715721][ C1] ? sysvec_call_function_single+0x52/0xb0 [ 265.715736][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 265.715752][ C1] RIP: 0033:0x40720e [ 265.715764][ C1] Code: 48 83 ec 38 e8 13 00 00 00 48 83 c4 38 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 49 89 f2 48 89 fa 48 89 ce 48 89 df 0f 05 <48> 3d 01 f0 ff ff 76 15 48 f7 d8 48 89 c1 48 c7 c0 ff ff ff ff 48 [ 265.715775][ C1] RSP: 002b:000000c000a8f7f0 EFLAGS: 00000212 ORIG_RAX: 0000000000000000 [ 265.715789][ C1] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000040720e [ 265.715798][ C1] RDX: 0000000000001000 RSI: 000000c00096f000 RDI: 0000000000000003 [ 265.715808][ C1] RBP: 000000c000a8f830 R08: 0000000000000000 R09: 0000000000000000 [ 265.715817][ C1] R10: 0000000000000000 R11: 0000000000000212 R12: 000000c000a8f970 [ 265.715826][ C1] R13: 0000000000004fe4 R14: 000000c00047f040 R15: 000000000000002f [ 265.715837][ C1]