./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor239554182 <...> [ 12.551800][ T28] audit: type=1400 audit(1716267911.380:62): avc: denied { noatsecure } for pid=224 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.558392][ T28] audit: type=1400 audit(1716267911.380:63): avc: denied { write } for pid=224 comm="sh" path="pipe:[9101]" dev="pipefs" ino=9101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 12.563651][ T28] audit: type=1400 audit(1716267911.380:64): avc: denied { rlimitinh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.570826][ T28] audit: type=1400 audit(1716267911.380:65): avc: denied { siginh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.164' (ED25519) to the list of known hosts. execve("./syz-executor239554182", ["./syz-executor239554182"], 0x7fffd8af65d0 /* 10 vars */) = 0 brk(NULL) = 0x555556b3d000 brk(0x555556b3dd00) = 0x555556b3dd00 arch_prctl(ARCH_SET_FS, 0x555556b3d380) = 0 set_tid_address(0x555556b3d650) = 293 set_robust_list(0x555556b3d660, 24) = 0 rseq(0x555556b3dca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor239554182", 4096) = 27 getrandom("\x67\x46\x2d\x69\x87\xb2\x43\x8c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556b3dd00 brk(0x555556b5ed00) = 0x555556b5ed00 brk(0x555556b5f000) = 0x555556b5f000 mprotect(0x7ff94a3e2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 294 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 295 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 296 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 297 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 298 ./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x555556b3d660, 24) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 299 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x555556b3d660, 24) = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] setpgid(0, 0) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 297 attached ./strace-static-x86_64: Process 296 attached ./strace-static-x86_64: Process 295 attached ./strace-static-x86_64: Process 294 attached [pid 299] write(3, "1000", 4 [pid 296] set_robust_list(0x555556b3d660, 24 [pid 295] set_robust_list(0x555556b3d660, 24 [pid 294] set_robust_list(0x555556b3d660, 24 [pid 297] set_robust_list(0x555556b3d660, 24 [pid 299] <... write resumed>) = 4 [pid 295] <... set_robust_list resumed>) = 0 [pid 296] <... set_robust_list resumed>) = 0 [pid 299] close(3 [pid 297] <... set_robust_list resumed>) = 0 [pid 294] <... set_robust_list resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... clone resumed>, child_tidptr=0x555556b3d650) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x555556b3d660, 24) = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 299] <... close resumed>) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] write(1, "executing program\n", 18executing program [pid 300] <... openat resumed>) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] write(1, "executing program\n", 18executing program [pid 299] <... write resumed>) = 18 [pid 300] <... write resumed>) = 18 ./strace-static-x86_64: Process 303 attached ./strace-static-x86_64: Process 302 attached ./strace-static-x86_64: Process 301 attached [pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 303] set_robust_list(0x555556b3d660, 24 [pid 302] set_robust_list(0x555556b3d660, 24 [pid 301] set_robust_list(0x555556b3d660, 24 [pid 300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 294] <... clone resumed>, child_tidptr=0x555556b3d650) = 301 [pid 303] <... set_robust_list resumed>) = 0 [pid 302] <... set_robust_list resumed>) = 0 [pid 301] <... set_robust_list resumed>) = 0 [pid 300] <... bpf resumed>) = 3 [pid 299] <... bpf resumed>) = 3 [pid 297] <... clone resumed>, child_tidptr=0x555556b3d650) = 302 [pid 296] <... clone resumed>, child_tidptr=0x555556b3d650) = 303 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 299] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 302] <... prctl resumed>) = 0 [pid 300] <... bpf resumed>) = 0 [pid 299] <... bpf resumed>) = 0 [pid 302] setpgid(0, 0 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144executing program [pid 302] <... setpgid resumed>) = 0 [pid 300] <... bpf resumed>) = 4 [pid 299] <... bpf resumed>) = 4 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] write(1, "executing program\n", 18) = 18 [pid 302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 302] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [ 21.486807][ T28] audit: type=1400 audit(1716267920.320:66): avc: denied { execmem } for pid=293 comm="syz-executor239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.510235][ T28] audit: type=1400 audit(1716267920.340:67): avc: denied { bpf } for pid=299 comm="syz-executor239" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 301] <... prctl resumed>) = 0 [pid 303] <... prctl resumed>) = 0 [pid 301] setpgid(0, 0 [pid 303] setpgid(0, 0 [pid 301] <... setpgid resumed>) = 0 [ 21.530994][ T28] audit: type=1400 audit(1716267920.340:68): avc: denied { map_create } for pid=299 comm="syz-executor239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 21.550658][ T28] audit: type=1400 audit(1716267920.340:69): avc: denied { perfmon } for pid=299 comm="syz-executor239" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 executing program executing program [pid 303] <... setpgid resumed>) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] <... openat resumed>) = 3 [pid 303] <... openat resumed>) = 3 [pid 301] write(3, "1000", 4 [pid 303] write(3, "1000", 4 [pid 301] <... write resumed>) = 4 [pid 303] <... write resumed>) = 4 [pid 301] close(3 [pid 303] close(3 [pid 301] <... close resumed>) = 0 [pid 303] <... close resumed>) = 0 [pid 301] write(1, "executing program\n", 18 [pid 303] write(1, "executing program\n", 18 [pid 301] <... write resumed>) = 18 [pid 303] <... write resumed>) = 18 [pid 301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 301] <... bpf resumed>) = 3 [pid 303] <... bpf resumed>) = 3 [pid 301] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 303] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 301] <... bpf resumed>) = 0 [pid 303] <... bpf resumed>) = 0 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 301] <... bpf resumed>) = 4 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 302] <... bpf resumed>) = 5 [pid 300] <... bpf resumed>) = 5 [pid 303] <... bpf resumed>) = 5 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 301] <... bpf resumed>) = 5 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 299] <... bpf resumed>) = 5 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 303] <... bpf resumed>) = 6 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7 [ 21.572613][ T28] audit: type=1400 audit(1716267920.340:70): avc: denied { map_read map_write } for pid=299 comm="syz-executor239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 21.593451][ T28] audit: type=1400 audit(1716267920.340:71): avc: denied { prog_load } for pid=300 comm="syz-executor239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 21.612678][ T28] audit: type=1400 audit(1716267920.340:72): avc: denied { prog_run } for pid=300 comm="syz-executor239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 21.633764][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 21.645226][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 21.652799][ T290] Modules linked in: [ 21.656509][ T290] Preemption disabled at: [ 21.656516][ T290] [] pipe_write+0x14b2/0x1990 [ 21.666762][ T290] CPU: 1 PID: 290 Comm: strace-static-x Not tainted 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 21.676639][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 21.686543][ T290] Call Trace: [ 21.689660][ T290] [ 21.692459][ T290] dump_stack_lvl+0x151/0x1b7 [ 21.696948][ T290] ? pipe_write+0x14b2/0x1990 [ 21.701598][ T290] ? pipe_write+0x14b2/0x1990 [ 21.706111][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 21.711517][ T290] ? task_rq_lock+0xd2/0x2b0 [ 21.716029][ T290] ? pipe_write+0x14b2/0x1990 [ 21.720543][ T290] dump_stack+0x15/0x1b [ 21.724534][ T290] __schedule_bug+0x195/0x260 [ 21.729048][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 21.734339][ T290] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 21.739637][ T290] ? _raw_spin_lock+0x1b0/0x1b0 [ 21.744361][ T290] __schedule+0xcf7/0x1550 [ 21.748578][ T290] ? __lock_task_sighand+0xde/0x100 [ 21.753610][ T290] ? __sched_text_start+0x8/0x8 [ 21.758296][ T290] ? __kasan_check_write+0x14/0x20 [ 21.763243][ T290] ? __se_sys_ptrace+0x3b2/0x410 [ 21.768015][ T290] ? bpf_trace_run1+0x240/0x240 [ 21.772705][ T290] schedule+0xc3/0x180 [ 21.776610][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 21.781643][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 21.787023][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 21.792492][ T290] do_syscall_64+0x49/0xb0 [ 21.796744][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 21.802475][ T290] RIP: 0033:0x4e6c1a [ 21.806206][ T290] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 21.825653][ T290] RSP: 002b:00007fffd8af61d0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [pid 303] exit_group(0 [pid 302] <... bpf resumed>) = 6 [pid 301] <... bpf resumed>) = 6 [pid 300] <... bpf resumed>) = 6 [pid 299] <... bpf resumed>) = 6 [pid 303] <... exit_group resumed>) = ? [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [ 21.833909][ T290] RAX: 0000000000000000 RBX: 00000000017812f8 RCX: 00000000004e6c1a [ 21.841720][ T290] RDX: 0000000000000000 RSI: 000000000000012f RDI: 0000000000000018 [ 21.849599][ T290] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000003 [ 21.857411][ T290] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000017834d0 [ 21.865224][ T290] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [ 21.873039][ T290] [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 303] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 305 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x555556b3d660, 24) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] write(1, "executing program\n", 18executing program ) = 18 [pid 305] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 305] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 21.878060][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 21.889628][ T304] BUG: scheduling while atomic: init/304/0x00000002 [ 21.896160][ T304] Modules linked in: [ 21.899856][ T304] Preemption disabled at: [ 21.899867][ T304] [] is_module_text_address+0x1f/0x360 [ 21.910901][ T304] CPU: 0 PID: 304 Comm: init Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 21.921375][ T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 21.931272][ T304] Call Trace: [ 21.934393][ T304] [ 21.937170][ T304] dump_stack_lvl+0x151/0x1b7 [ 21.941688][ T304] ? is_module_text_address+0x1f/0x360 [ 21.946974][ T304] ? is_module_text_address+0x1f/0x360 [ 21.952274][ T304] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 21.957573][ T304] ? is_module_text_address+0x1f/0x360 [ 21.962860][ T304] dump_stack+0x15/0x1b [ 21.966853][ T304] __schedule_bug+0x195/0x260 [ 21.971368][ T304] ? cpu_util_update_eff+0x10e0/0x10e0 [ 21.976663][ T304] __schedule+0xcf7/0x1550 [ 21.980911][ T304] ? do_sys_open+0x220/0x220 [ 21.985554][ T304] ? blkcg_maybe_throttle_current+0x17d/0xa00 [ 21.991447][ T304] ? __sched_text_start+0x8/0x8 [ 21.996130][ T304] ? bpf_trace_run2+0x138/0x290 [ 22.000822][ T304] ? __x64_sys_openat+0x243/0x290 [ 22.005680][ T304] schedule+0xc3/0x180 [ 22.009587][ T304] exit_to_user_mode_loop+0x4e/0xa0 [ 22.014619][ T304] exit_to_user_mode_prepare+0x5a/0xa0 [ 22.019911][ T304] syscall_exit_to_user_mode+0x26/0x140 [ 22.025294][ T304] do_syscall_64+0x49/0xb0 [ 22.029548][ T304] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 22.035274][ T304] RIP: 0033:0x7f43d63939a4 [ 22.039530][ T304] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83 [ 22.058969][ T304] RSP: 002b:00007fffc3a12380 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 22.067212][ T304] RAX: fffffffffffffffe RBX: 0000000000000002 RCX: 00007f43d63939a4 [ 22.075024][ T304] RDX: 0000000000000802 RSI: 000055e428922a5d RDI: 00000000ffffff9c [pid 305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 302] <... bpf resumed>) = 7 [pid 301] <... bpf resumed>) = 7 [pid 300] <... bpf resumed>) = 7 [pid 299] <... bpf resumed>) = 7 [pid 301] exit_group(0 [pid 300] exit_group(0 [pid 299] exit_group(0 [pid 302] exit_group(0 [pid 305] <... bpf resumed>) = 5 [pid 305] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 300] <... exit_group resumed>) = ? [pid 301] <... exit_group resumed>) = ? [pid 302] <... exit_group resumed>) = ? [pid 299] <... exit_group resumed>) = ? [pid 305] <... bpf resumed>) = 6 [pid 300] +++ exited with 0 +++ [pid 299] +++ exited with 0 +++ [pid 305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... clone resumed>, child_tidptr=0x555556b3d650) = 306 [pid 295] <... clone resumed>, child_tidptr=0x555556b3d650) = 307 ./strace-static-x86_64: Process 306 attached ./strace-static-x86_64: Process 307 attached [pid 306] set_robust_list(0x555556b3d660, 24 [pid 307] set_robust_list(0x555556b3d660, 24 [pid 306] <... set_robust_list resumed>) = 0 [pid 307] <... set_robust_list resumed>) = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 306] <... prctl resumed>) = 0 [pid 307] <... prctl resumed>) = 0 [pid 306] setpgid(0, 0 [pid 307] setpgid(0, 0 [pid 306] <... setpgid resumed>) = 0 [pid 307] <... setpgid resumed>) = 0 [ 22.082840][ T304] RBP: 000055e428922a5d R08: 0000000000000000 R09: 0000000000000000 [ 22.090647][ T304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000802 [ 22.098459][ T304] R13: 0000000000000002 R14: 0000000000000802 R15: 00007f43d6570a80 [ 22.106277][ T304] [ 22.120237][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 22.131641][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 22.139094][ T290] Modules linked in: [ 22.142962][ T290] Preemption disabled at: [ 22.142974][ T290] [] remove_wait_queue+0x26/0x140 [ 22.153559][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 22.164937][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 22.174828][ T290] Call Trace: [ 22.177971][ T290] [ 22.180730][ T290] dump_stack_lvl+0x151/0x1b7 [ 22.185241][ T290] ? remove_wait_queue+0x26/0x140 [ 22.190101][ T290] ? remove_wait_queue+0x26/0x140 [ 22.194967][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 22.200260][ T290] ? remove_wait_queue+0x26/0x140 [ 22.205120][ T290] dump_stack+0x15/0x1b [ 22.209111][ T290] __schedule_bug+0x195/0x260 [ 22.213623][ T290] ? __ia32_sys_waitid+0xd0/0xd0 [ 22.218399][ T290] ? bpf_trace_printk+0x1be/0x300 [ 22.223368][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 22.228662][ T290] ? kernel_waitid+0x520/0x520 [ 22.233261][ T290] __schedule+0xcf7/0x1550 [ 22.237514][ T290] ? __x64_sys_wait4+0x181/0x1e0 [ 22.242287][ T290] ? bpf_trace_run2+0x138/0x290 [ 22.246972][ T290] ? __sched_text_start+0x8/0x8 [ 22.251666][ T290] schedule+0xc3/0x180 [ 22.255567][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 22.260599][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 22.265894][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 22.271275][ T290] do_syscall_64+0x49/0xb0 [ 22.275528][ T290] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 22.281169][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 22.286897][ T290] RIP: 0033:0x4d49a6 [ 22.290633][ T290] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 22.310077][ T290] RSP: 002b:00007fffd8af62e8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 22.318319][ T290] RAX: 0000000000000133 RBX: 0000000000000002 RCX: 00000000004d49a6 [ 22.326126][ T290] RDX: 0000000040000001 RSI: 00007fffd8af630c RDI: 00000000ffffffff [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 306] <... openat resumed>) = 3 [pid 307] <... openat resumed>) = 3 [pid 307] write(3, "1000", 4) = 4 [ 22.333936][ T290] RBP: 0000000001782e40 R08: 0000000000000000 R09: 0000000000000000 [ 22.341747][ T290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001788350 [ 22.349563][ T290] R13: 0000000000000129 R14: 00007fffd8af630c R15: 0000000000617180 [ 22.357378][ T290] [ 22.360693][ C0] softirq: huh, entered softirq 9 RCU ffffffff8160d2f0 with preempt_count 00000103, exited with 00000102? [ 22.363389][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 22.372140][ T90] BUG: scheduling while atomic: klogd/90/0x00000002 [ 22.383195][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 22.383215][ T290] Modules linked in: [ 22.383226][ T290] Preemption disabled at: [ 22.383232][ T290] [] remove_wait_queue+0x26/0x140 [ 22.383268][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 22.383290][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 22.389579][ T90] Modules linked in: [ 22.396958][ T290] Call Trace: [ 22.396965][ T290] [ 22.396973][ T290] dump_stack_lvl+0x151/0x1b7 [ 22.396996][ T290] ? remove_wait_queue+0x26/0x140 [ 22.397031][ T290] ? remove_wait_queue+0x26/0x140 [ 22.397074][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 22.400700][ T90] Preemption disabled at: [ 22.404856][ T290] ? remove_wait_queue+0x26/0x140 [ 22.411292][ T90] [] is_module_text_address+0x1f/0x360 [ 22.422741][ T290] dump_stack+0x15/0x1b [ 22.481674][ T290] __schedule_bug+0x195/0x260 [ 22.486184][ T290] ? __ia32_sys_waitid+0xd0/0xd0 [ 22.490955][ T290] ? bpf_trace_printk+0x1be/0x300 [ 22.495816][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 22.501109][ T290] ? kernel_waitid+0x520/0x520 [ 22.505710][ T290] __schedule+0xcf7/0x1550 [ 22.509965][ T290] ? __x64_sys_wait4+0x181/0x1e0 [ 22.514739][ T290] ? bpf_trace_run2+0x138/0x290 [ 22.519528][ T290] ? __sched_text_start+0x8/0x8 [ 22.524294][ T290] schedule+0xc3/0x180 [ 22.528192][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 22.533222][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 22.538516][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 22.544046][ T290] do_syscall_64+0x49/0xb0 [ 22.548306][ T290] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 22.553937][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 22.559660][ T290] RIP: 0033:0x4d49a6 [ 22.563394][ T290] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 22.583116][ T290] RSP: 002b:00007fffd8af62e8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [pid 307] close(3 [ 22.591354][ T290] RAX: 000000000000012a RBX: 0000000000000001 RCX: 00000000004d49a6 [ 22.599169][ T290] RDX: 0000000040000001 RSI: 00007fffd8af630c RDI: 00000000ffffffff [ 22.606978][ T290] RBP: 0000000001783380 R08: 0000000000000000 R09: 0000000000000000 [ 22.614787][ T290] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000017882c0 [ 22.622602][ T290] R13: 0000000000000133 R14: 00007fffd8af630c R15: 0000000000617180 [ 22.630418][ T290] [ 22.633277][ T90] CPU: 0 PID: 90 Comm: klogd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 22.635497][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 22.643701][ T90] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 22.643716][ T90] Call Trace: [ 22.643723][ T90] [ 22.643730][ T90] dump_stack_lvl+0x151/0x1b7 [ 22.643756][ T90] ? is_module_text_address+0x1f/0x360 [ 22.655083][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 22.664962][ T90] ? is_module_text_address+0x1f/0x360 [ 22.664994][ T90] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 22.668078][ T290] Modules linked in: [ 22.670943][ T90] ? is_module_text_address+0x1f/0x360 [ 22.675452][ T290] Preemption disabled at: [ 22.675458][ T290] [] __lock_task_sighand+0x6b/0x100 [ 22.680747][ T90] dump_stack+0x15/0x1b [ 22.680769][ T90] __schedule_bug+0x195/0x260 [ 22.727196][ T90] ? avc_has_perm_noaudit+0x348/0x430 [ 22.732395][ T90] ? cpu_util_update_eff+0x10e0/0x10e0 [ 22.737692][ T90] __schedule+0xcf7/0x1550 [ 22.742052][ T90] ? avc_denied+0x1b0/0x1b0 [ 22.746382][ T90] ? __kasan_check_write+0x14/0x20 [ 22.751325][ T90] ? __build_skb_around+0x23f/0x3d0 [ 22.756358][ T90] ? __sched_text_start+0x8/0x8 [ 22.761148][ T90] schedule+0xc3/0x180 [ 22.765040][ T90] schedule_timeout+0xa9/0x380 [ 22.769646][ T90] ? _copy_from_iter+0x457/0xe00 [ 22.774412][ T90] ? console_conditional_schedule+0x10/0x10 [ 22.780228][ T90] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 22.785870][ T90] ? prepare_to_wait_exclusive+0x1ac/0x1f0 [ 22.791509][ T90] unix_wait_for_peer+0x24b/0x330 [ 22.796369][ T90] ? unix_find_other+0x8e0/0x8e0 [ 22.801141][ T90] ? wake_bit_function+0x230/0x230 [ 22.806090][ T90] ? _raw_spin_trylock_bh+0x190/0x190 [ 22.811299][ T90] ? security_unix_may_send+0x7b/0xa0 [ 22.816505][ T90] unix_dgram_sendmsg+0x1348/0x2050 [ 22.821546][ T90] ? unix_dgram_poll+0x710/0x710 [ 22.826313][ T90] ? vbin_printf+0x1bc0/0x1bc0 [ 22.830914][ T90] ? security_socket_sendmsg+0x82/0xb0 [ 22.836208][ T90] ? unix_dgram_poll+0x710/0x710 [ 22.840980][ T90] __sys_sendto+0x480/0x600 [ 22.845324][ T90] ? __ia32_sys_getpeername+0x90/0x90 [ 22.850538][ T90] ? __bpf_trace_sys_enter+0x62/0x70 [ 22.855650][ T90] __x64_sys_sendto+0xe5/0x100 [ 22.860250][ T90] do_syscall_64+0x3d/0xb0 [ 22.864501][ T90] ? sysvec_call_function_single+0x52/0xb0 [ 22.870143][ T90] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 22.875874][ T90] RIP: 0033:0x7f576f3ee9b5 [ 22.880122][ T90] Code: 8b 44 24 08 48 83 c4 28 48 98 c3 48 98 c3 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 26 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 7a 48 8b 15 44 c4 0c 00 f7 d8 64 89 02 48 83 [ 22.899562][ T90] RSP: 002b:00007ffd24c7bc58 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 22.907807][ T90] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f576f3ee9b5 [ 22.915619][ T90] RDX: 0000000000000050 RSI: 0000564841b5afe0 RDI: 0000000000000003 [ 22.923430][ T90] RBP: 0000564841b552c0 R08: 0000000000000000 R09: 0000000000000000 [ 22.931252][ T90] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000013 [ 22.939057][ T90] R13: 00007f576f57c212 R14: 00007ffd24c7bd58 R15: 0000000000000000 [ 22.946871][ T90] [ 22.949730][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 22.961105][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 22.971000][ T290] Call Trace: [ 22.974119][ T290] [ 22.976907][ T290] dump_stack_lvl+0x151/0x1b7 [ 22.981407][ T290] ? __lock_task_sighand+0x6b/0x100 [ 22.986529][ T290] ? __lock_task_sighand+0x6b/0x100 [ 22.991567][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 22.996857][ T290] ? __lock_task_sighand+0x6b/0x100 [ 23.001891][ T290] dump_stack+0x15/0x1b [ 23.005913][ T290] __schedule_bug+0x195/0x260 [ 23.010482][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 23.015777][ T290] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 23.021192][ T290] ? _raw_spin_lock+0x1b0/0x1b0 [ 23.025879][ T290] __schedule+0xcf7/0x1550 [ 23.030122][ T290] ? __lock_task_sighand+0xde/0x100 [ 23.035159][ T290] ? __sched_text_start+0x8/0x8 [ 23.039839][ T290] ? __kasan_check_write+0x14/0x20 [ 23.044788][ T290] ? __se_sys_ptrace+0x3b2/0x410 [ 23.049561][ T290] schedule+0xc3/0x180 [ 23.053471][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 23.058504][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.063794][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 23.069176][ T290] do_syscall_64+0x49/0xb0 [ 23.073427][ T290] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 23.079072][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 23.084797][ T290] RIP: 0033:0x4e6c1a [ 23.088529][ T290] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 23.107972][ T290] RSP: 002b:00007fffd8af6150 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 23.116214][ T290] RAX: 0000000000000050 RBX: 00000000017830e0 RCX: 00000000004e6c1a [ 23.124027][ T290] RDX: 0000000000000058 RSI: 0000000000000127 RDI: 000000000000420e [ 23.131927][ T290] RBP: 00007fffd8af6250 R08: 000000000000420d R09: 0000000000000001 [pid 306] write(3, "1000", 4 [pid 307] <... close resumed>) = 0 [pid 306] <... write resumed>) = 4 [pid 305] <... bpf resumed>) = 7 [ 23.139736][ T290] R10: 000000000063c820 R11: 0000000000000206 R12: 00000000017830e0 [ 23.147558][ T290] R13: 00007fffd8af62ac R14: 000000000000857f R15: 0000000000617180 [ 23.155366][ T290] [ 23.163478][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 23.175094][ T288] BUG: scheduling while atomic: sshd/288/0x00000002 [ 23.181548][ T288] Modules linked in: [ 23.185243][ T288] Preemption disabled at: [ 23.185254][ T288] [] pipe_read+0x5b3/0x1040 [ 23.195609][ T288] CPU: 1 PID: 288 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 23.206014][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.215905][ T288] Call Trace: [ 23.219030][ T288] [ 23.221807][ T288] dump_stack_lvl+0x151/0x1b7 [ 23.226319][ T288] ? pipe_read+0x5b3/0x1040 [ 23.230786][ T288] ? pipe_read+0x5b3/0x1040 [ 23.235125][ T288] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 23.240549][ T288] ? pipe_read+0x5b3/0x1040 [ 23.244887][ T288] dump_stack+0x15/0x1b [ 23.248879][ T288] __schedule_bug+0x195/0x260 [ 23.253391][ T288] ? __kasan_check_read+0x11/0x20 [ 23.258260][ T288] ? cpu_util_update_eff+0x10e0/0x10e0 [ 23.263549][ T288] ? __kasan_check_write+0x14/0x20 [ 23.268497][ T288] __schedule+0xcf7/0x1550 [ 23.272752][ T288] ? timerqueue_add+0x250/0x270 [ 23.277436][ T288] ? __sched_text_start+0x8/0x8 [ 23.282124][ T288] schedule+0xc3/0x180 [ 23.286024][ T288] schedule_hrtimeout_range_clock+0x1ef/0x360 [ 23.291955][ T288] ? hrtimer_nanosleep_restart+0x170/0x170 [ 23.297568][ T288] ? add_wait_queue+0x189/0x1c0 [ 23.302256][ T288] ? __remove_hrtimer+0x4d0/0x4d0 [ 23.307275][ T288] ? __pollwait+0x2f5/0x3f0 [ 23.311617][ T288] ? poll_initwait+0x160/0x160 [ 23.316210][ T288] schedule_hrtimeout_range+0x2a/0x40 [ 23.321411][ T288] do_sys_poll+0xdd7/0x1230 [ 23.325768][ T288] ? poll_select_finish+0x7b0/0x7b0 [ 23.330787][ T288] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 23.336599][ T288] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 23.342415][ T288] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 23.348250][ T288] ? __x64_compat_sys_ppoll_time64+0xd0/0xd0 [ 23.354060][ T288] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.359425][ T288] ? __kasan_check_write+0x14/0x20 [ 23.364372][ T288] ? recalc_sigpending+0x164/0x1c0 [ 23.369343][ T288] ? _raw_spin_unlock_irq+0x4d/0x70 [ 23.374452][ T288] ? sigprocmask+0x280/0x280 [ 23.378872][ T288] __se_sys_ppoll+0x29c/0x330 [ 23.383382][ T288] ? __x64_sys_ppoll+0xd0/0xd0 [ 23.388070][ T288] ? __bpf_trace_sys_enter+0x62/0x70 [ 23.393191][ T288] __x64_sys_ppoll+0xbf/0xd0 [ 23.397630][ T288] do_syscall_64+0x3d/0xb0 [ 23.401866][ T288] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 23.407596][ T288] RIP: 0033:0x7fa4bbd19ad5 [ 23.411850][ T288] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 [ 23.431338][ T288] RSP: 002b:00007ffceeae4020 EFLAGS: 00000246 ORIG_RAX: 000000000000010f executing program executing program executing program [pid 301] +++ exited with 0 +++ [pid 307] write(1, "executing program\n", 18 [pid 306] close(3 [pid 305] exit_group(0) = ? [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 309 [pid 307] <... write resumed>) = 18 [pid 307] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 307] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 307] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 306] <... close resumed>) = 0 [pid 306] write(1, "executing program\n", 18) = 18 [pid 306] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 306] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x555556b3d660, 24) = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] write(1, "executing program\n", 18) = 18 [pid 309] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 309] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 302] +++ exited with 0 +++ [pid 305] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=32} --- [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 310 attached [pid 297] <... clone resumed>, child_tidptr=0x555556b3d650) = 310 [pid 310] set_robust_list(0x555556b3d660, 24) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555556b3d650) = 311 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 310] setpgid(0, 0) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 310] write(3, "1000", 4) = 4 [pid 310] close(3) = 0 [pid 310] write(1, "executing program\n", 18executing program ) = 18 [pid 310] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72./strace-static-x86_64: Process 311 attached ) = 3 [pid 310] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 311] set_robust_list(0x555556b3d660, 24) = 0 [pid 310] <... bpf resumed>) = 4 [pid 310] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] write(1, "executing program\n", 18) = 18 executing program [pid 311] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 311] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 307] <... bpf resumed>) = 5 [pid 309] <... bpf resumed>) = 5 [pid 306] <... bpf resumed>) = 5 [pid 310] <... bpf resumed>) = 5 [pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 311] <... bpf resumed>) = 5 [pid 311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 6 [pid 309] <... bpf resumed>) = 6 [pid 311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7 [pid 311] exit_group(0 [pid 306] <... bpf resumed>) = 6 [pid 311] <... exit_group resumed>) = ? [pid 311] +++ exited with 0 +++ [pid 310] <... bpf resumed>) = 6 [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 307] <... bpf resumed>) = 6 [pid 306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 307] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 23.439536][ T288] RAX: ffffffffffffffda RBX: 00000000000668a0 RCX: 00007fa4bbd19ad5 [ 23.447344][ T288] RDX: 00007ffceeae4040 RSI: 0000000000000004 RDI: 0000563e89f67b20 [ 23.455155][ T288] RBP: 0000563e89f665e0 R08: 0000000000000008 R09: 0000000000000000 [ 23.462966][ T288] R10: 00007ffceeae4128 R11: 0000000000000246 R12: 0000563e88b5baa4 [ 23.470775][ T288] R13: 0000000000000001 R14: 0000563e88b5c3e8 R15: 00007ffceeae40a8 [ 23.478595][ T288] [pid 310] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 312 attached , child_tidptr=0x555556b3d650) = 312 [pid 312] set_robust_list(0x555556b3d660, 24) = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 312] setpgid(0, 0) = 0 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 312] write(3, "1000", 4) = 4 [pid 312] close(3) = 0 [pid 312] write(1, "executing program\n", 18executing program ) = 18 [pid 312] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 312] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 309] <... bpf resumed>) = 7 [pid 312] <... bpf resumed>) = 5 [pid 310] <... bpf resumed>) = 7 [pid 309] exit_group(0 [pid 307] <... bpf resumed>) = 7 [pid 306] <... bpf resumed>) = 7 [ 23.542893][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 23.554522][ T288] BUG: scheduling while atomic: sshd/288/0x00000002 [ 23.561002][ T288] Modules linked in: [ 23.564670][ T288] Preemption disabled at: [ 23.564681][ T288] [] __set_current_blocked+0x11b/0x2f0 [ 23.575861][ T288] CPU: 1 PID: 288 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 23.586280][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.596169][ T288] Call Trace: [ 23.599293][ T288] [ 23.602088][ T288] dump_stack_lvl+0x151/0x1b7 [ 23.606843][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 23.612587][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 23.617992][ T288] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 23.623284][ T288] ? fsnotify_perm+0x6a/0x5d0 [ 23.627787][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 23.633086][ T288] dump_stack+0x15/0x1b [ 23.637074][ T288] __schedule_bug+0x195/0x260 [ 23.641593][ T288] ? cpu_util_update_eff+0x10e0/0x10e0 [ 23.647150][ T288] ? file_end_write+0x1c0/0x1c0 [ 23.651837][ T288] __schedule+0xcf7/0x1550 [ 23.656091][ T288] ? __kasan_check_read+0x11/0x20 [ 23.660947][ T288] ? __fdget_pos+0x204/0x390 [ 23.665367][ T288] ? __sched_text_start+0x8/0x8 [ 23.670065][ T288] ? ksys_write+0x24f/0x2c0 [ 23.674396][ T288] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 23.679779][ T288] schedule+0xc3/0x180 [ 23.683686][ T288] exit_to_user_mode_loop+0x4e/0xa0 [ 23.688710][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.694006][ T288] syscall_exit_to_user_mode+0x26/0x140 [ 23.699387][ T288] do_syscall_64+0x49/0xb0 [ 23.703639][ T288] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 23.709453][ T288] RIP: 0033:0x7fa4bbd16bf2 [ 23.713713][ T288] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 23.733236][ T288] RSP: 002b:00007ffceeae4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 executing program executing program [pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 310] exit_group(0 [pid 309] <... exit_group resumed>) = ? [pid 307] exit_group(0 [pid 306] exit_group(0 [pid 312] <... bpf resumed>) = 6 [pid 310] <... exit_group resumed>) = ? [pid 309] +++ exited with 0 +++ [pid 307] <... exit_group resumed>) = ? [pid 306] <... exit_group resumed>) = ? [pid 312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 310] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 294] <... restart_syscall resumed>) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... restart_syscall resumed>) = 0 [pid 294] <... clone resumed>, child_tidptr=0x555556b3d650) = 313 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 314 ./strace-static-x86_64: Process 313 attached [pid 313] set_robust_list(0x555556b3d660, 24) = 0 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 313] setpgid(0, 0) = 0 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 313] write(3, "1000", 4) = 4 [pid 313] close(3) = 0 [pid 313] write(1, "executing program\n", 18) = 18 [pid 313] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 313] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16./strace-static-x86_64: Process 314 attached [pid 314] set_robust_list(0x555556b3d660, 24) = 0 [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 314] setpgid(0, 0) = 0 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 314] write(3, "1000", 4) = 4 [pid 314] close(3) = 0 [pid 314] write(1, "executing program\n", 18) = 18 [pid 314] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 314] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 307] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x555556b3d660, 24) = 0 [pid 295] <... clone resumed>, child_tidptr=0x555556b3d650) = 315 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] write(1, "executing program\n", 18executing program ) = 18 [pid 315] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 315] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 315] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 306] +++ exited with 0 +++ [pid 314] <... bpf resumed>) = 5 [pid 313] <... bpf resumed>) = 5 [ 23.741481][ T288] RAX: 0000000000000094 RBX: 0000000000000094 RCX: 00007fa4bbd16bf2 [ 23.749291][ T288] RDX: 0000000000000094 RSI: 0000563e89f7b630 RDI: 0000000000000004 [ 23.757106][ T288] RBP: 0000563e89f66290 R08: 0000000000000000 R09: 0000000000000000 [ 23.764914][ T288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000563e88b5baa4 [ 23.772723][ T288] R13: 0000000000000017 R14: 0000563e88b5c3e8 R15: 00007ffceeae40a8 [ 23.780542][ T288] [pid 312] <... bpf resumed>) = 7 [ 23.801783][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000102, exited with 00000101? [ 23.813219][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 23.820544][ T290] Modules linked in: [ 23.824532][ T290] Preemption disabled at: [ 23.824540][ T290] [] __lock_task_sighand+0x6b/0x100 [ 23.835338][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 23.846670][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.856561][ T290] Call Trace: [ 23.859697][ T290] [ 23.862586][ T290] dump_stack_lvl+0x151/0x1b7 [ 23.867095][ T290] ? __lock_task_sighand+0x6b/0x100 [ 23.872132][ T290] ? __lock_task_sighand+0x6b/0x100 [ 23.877175][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 23.882581][ T290] ? task_rq_lock+0xd2/0x2b0 [ 23.886999][ T290] ? __lock_task_sighand+0x6b/0x100 [ 23.892058][ T290] dump_stack+0x15/0x1b [ 23.896026][ T290] __schedule_bug+0x195/0x260 [ 23.900538][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 23.905829][ T290] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 23.911124][ T290] ? _raw_spin_lock+0x1b0/0x1b0 [ 23.915811][ T290] __schedule+0xcf7/0x1550 [ 23.920066][ T290] ? __lock_task_sighand+0xde/0x100 [ 23.925096][ T290] ? __sched_text_start+0x8/0x8 [ 23.929796][ T290] ? __kasan_check_write+0x14/0x20 [ 23.934731][ T290] ? __se_sys_ptrace+0x3b2/0x410 [ 23.939507][ T290] ? bpf_trace_run1+0x240/0x240 [ 23.944370][ T290] schedule+0xc3/0x180 [ 23.948271][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 23.953310][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.958600][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 23.963991][ T290] do_syscall_64+0x49/0xb0 [ 23.968242][ T290] ? sysvec_call_function_single+0x52/0xb0 [ 23.973876][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 23.979715][ T290] RIP: 0033:0x4e6c1a [ 23.983510][ T290] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 24.003042][ T290] RSP: 002b:00007fffd8af61d0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 24.011300][ T290] RAX: 0000000000000000 RBX: 00000000017812f8 RCX: 00000000004e6c1a [ 24.019226][ T290] RDX: 0000000000000000 RSI: 0000000000000126 RDI: 0000000000000018 [ 24.027225][ T290] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000003 [ 24.035204][ T290] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001783230 [ 24.043106][ T290] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [pid 315] <... bpf resumed>) = 5 [pid 314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 312] exit_group(0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 314] <... bpf resumed>) = 6 [ 24.050921][ T290] [ 24.057165][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 24.068596][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 24.076149][ T290] Modules linked in: [ 24.079855][ T290] Preemption disabled at: [ 24.079862][ T290] [] __lock_task_sighand+0x6b/0x100 [ 24.090712][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 24.101990][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.111888][ T290] Call Trace: [ 24.115013][ T290] [ 24.117782][ T290] dump_stack_lvl+0x151/0x1b7 [ 24.122297][ T290] ? __lock_task_sighand+0x6b/0x100 [ 24.127331][ T290] ? __lock_task_sighand+0x6b/0x100 [ 24.132495][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 24.137745][ T290] ? fsnotify_perm+0x6a/0x5d0 [ 24.142260][ T290] ? __lock_task_sighand+0x6b/0x100 [ 24.147293][ T290] dump_stack+0x15/0x1b [ 24.151283][ T290] __schedule_bug+0x195/0x260 [ 24.155799][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 24.161095][ T290] ? file_end_write+0x1c0/0x1c0 [ 24.165792][ T290] __schedule+0xcf7/0x1550 [ 24.170033][ T290] ? __kasan_check_read+0x11/0x20 [ 24.174893][ T290] ? __fdget_pos+0x204/0x390 [ 24.179316][ T290] ? __sched_text_start+0x8/0x8 [ 24.184005][ T290] ? ksys_write+0x24f/0x2c0 [ 24.188365][ T290] ? bpf_trace_run1+0x240/0x240 [ 24.193156][ T290] schedule+0xc3/0x180 [ 24.197052][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 24.202088][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 24.207384][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 24.212762][ T290] do_syscall_64+0x49/0xb0 [ 24.217014][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 24.222745][ T290] RIP: 0033:0x4e5c73 [ 24.226474][ T290] Code: c7 c0 b8 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18 [pid 313] <... bpf resumed>) = 6 [pid 312] <... exit_group resumed>) = ? [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 315] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 312] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 298] <... clone resumed>, child_tidptr=0x555556b3d650) = 319 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 320 ./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x555556b3d660, 24) = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3executing program ) = 0 [pid 320] write(1, "executing program\n", 18) = 18 [pid 320] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 320] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 319 attached [pid 315] <... bpf resumed>) = 6 [pid 320] <... bpf resumed>) = 4 [pid 314] <... bpf resumed>) = 7 [pid 313] <... bpf resumed>) = 7 [pid 314] exit_group(0 [pid 313] exit_group(0 [pid 314] <... exit_group resumed>) = ? [pid 313] <... exit_group resumed>) = ? [pid 320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 319] set_robust_list(0x555556b3d660, 24 [pid 315] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 319] <... set_robust_list resumed>) = 0 [ 24.245918][ T290] RSP: 002b:00007fffd8af6128 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 24.254160][ T290] RAX: 000000000000002c RBX: 000000000000002c RCX: 00000000004e5c73 [ 24.262024][ T290] RDX: 000000000000002c RSI: 0000000001784000 RDI: 0000000000000002 [ 24.269782][ T290] RBP: 0000000001784000 R08: 0000000000000000 R09: 0000000000000001 [ 24.277597][ T290] R10: 00007fffd8af60e7 R11: 0000000000000246 R12: 000000000000002c [ 24.285406][ T290] R13: 0000000000617480 R14: 000000000000002c R15: 0000000000000001 [ 24.293226][ T290] [ 24.316976][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 24.318362][ C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 24.328402][ T288] BUG: scheduling while atomic: sshd/288/0x00000002 [ 24.339760][ T295] BUG: scheduling while atomic: syz-executor239/295/0x00000002 [ 24.339776][ T295] Modules linked in: [ 24.339789][ T295] Preemption disabled at: [ 24.339794][ T295] [] ptrace_stop+0x57e/0x930 [ 24.346258][ T288] Modules linked in: [ 24.346270][ T288] Preemption disabled at: [ 24.353649][ T295] CPU: 0 PID: 295 Comm: syz-executor239 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 24.357340][ T288] [] pipe_read+0x5b3/0x1040 [ 24.361593][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.361607][ T295] Call Trace: [ 24.361615][ T295] [ 24.361623][ T295] dump_stack_lvl+0x151/0x1b7 [ 24.413502][ T295] ? ptrace_stop+0x57e/0x930 [ 24.417927][ T295] ? ptrace_stop+0x57e/0x930 [ 24.422356][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 24.427662][ T295] ? ptrace_stop+0x57e/0x930 [ 24.432077][ T295] dump_stack+0x15/0x1b [ 24.436067][ T295] __schedule_bug+0x195/0x260 [ 24.440578][ T295] ? cpu_util_update_eff+0x10e0/0x10e0 [ 24.445874][ T295] __schedule+0xcf7/0x1550 [ 24.450126][ T295] ? __kasan_check_write+0x14/0x20 [ 24.455260][ T295] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 24.460200][ T295] ? __sched_text_start+0x8/0x8 [ 24.464862][ T295] ? __kasan_check_read+0x11/0x20 [ 24.469723][ T295] ? cgroup_update_frozen+0x15f/0x980 [ 24.474932][ T295] schedule+0xc3/0x180 [ 24.478833][ T295] ptrace_stop+0x54f/0x930 [ 24.483088][ T295] ptrace_notify+0x225/0x350 [ 24.487515][ T295] ? do_notify_parent+0xa20/0xa20 [ 24.492378][ T295] ? __bpf_trace_sys_enter+0x62/0x70 [ 24.497495][ T295] ? __traceiter_sys_enter+0x2a/0x40 [ 24.502616][ T295] syscall_exit_to_user_mode+0xa2/0x140 [ 24.507994][ T295] do_syscall_64+0x49/0xb0 [ 24.512250][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 24.517978][ T295] RIP: 0033:0x7ff94a36b973 [ 24.522238][ T295] Code: fe ff e9 41 ff ff ff 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 80 3d 11 b7 07 00 00 49 89 ca 74 14 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5d c3 0f 1f 40 00 48 83 ec 28 89 54 24 14 48 [ 24.541675][ T295] RSP: 002b:00007ffeffd24c48 EFLAGS: 00000202 ORIG_RAX: 000000000000003d [ 24.549925][ T295] RAX: 0000000000000000 RBX: 000000000000013b RCX: 00007ff94a36b973 [ 24.557729][ T295] RDX: 0000000040000001 RSI: 00007ffeffd24c5c RDI: 00000000ffffffff [ 24.565540][ T295] RBP: 00000000000f4240 R08: 00007ffeffd47080 R09: 00007ffeffd470b0 [ 24.573351][ T295] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000005cd7 [ 24.581161][ T295] R13: 00007ffeffd24c5c R14: 00007ffeffd24c70 R15: 00007ffeffd24c60 [ 24.588981][ T295] [ 24.591838][ T288] CPU: 1 PID: 288 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 24.602264][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.612169][ T288] Call Trace: [ 24.615275][ T288] [ 24.618058][ T288] dump_stack_lvl+0x151/0x1b7 [ 24.622567][ T288] ? pipe_read+0x5b3/0x1040 [ 24.626905][ T288] ? pipe_read+0x5b3/0x1040 [ 24.631249][ T288] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 24.636541][ T288] ? pipe_read+0x5b3/0x1040 [ 24.640877][ T288] dump_stack+0x15/0x1b [ 24.644888][ T288] __schedule_bug+0x195/0x260 [ 24.649382][ T288] ? bpf_bprintf_cleanup+0x4f/0x60 [ 24.654332][ T288] ? bpf_trace_printk+0x1be/0x300 [ 24.659190][ T288] ? cpu_util_update_eff+0x10e0/0x10e0 [ 24.664484][ T288] ? bpf_probe_write_user+0xf0/0xf0 [ 24.669518][ T288] ? bpf_trace_run2+0xe9/0x290 [ 24.674139][ T288] __schedule+0xcf7/0x1550 [ 24.678372][ T288] ? bpf_trace_run2+0x138/0x290 [ 24.683061][ T288] ? __sched_text_start+0x8/0x8 [ 24.687743][ T288] ? bpf_trace_run1+0x240/0x240 [ 24.692431][ T288] ? ksys_read+0x24f/0x2c0 [ 24.696715][ T288] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 24.702069][ T288] schedule+0xc3/0x180 [ 24.705971][ T288] exit_to_user_mode_loop+0x4e/0xa0 [ 24.711003][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 24.716301][ T288] syscall_exit_to_user_mode+0x26/0x140 [ 24.721684][ T288] do_syscall_64+0x49/0xb0 [ 24.725935][ T288] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 24.731670][ T288] RIP: 0033:0x7fa4bbcfd587 [ 24.735916][ T288] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 24.755351][ T288] RSP: 002b:00007ffceeae3968 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] write(1, "executing program\n", 18) = 18 [pid 319] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 319] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 314] +++ exited with 0 +++ [pid 315] <... bpf resumed>) = 7 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 315] exit_group(0) = ? [ 24.763606][ T288] RAX: 0000000000000120 RBX: 0000000000000000 RCX: 00007fa4bbcfd587 [ 24.771406][ T288] RDX: 0000000000000b29 RSI: 0000563e88b66fe0 RDI: 0000563e88b64937 [ 24.779230][ T288] RBP: 0000563e88b65e06 R08: 0000000000000006 R09: 0000000000000000 [ 24.787119][ T288] R10: 0000563e88b65e06 R11: 0000000000000246 R12: 0000563e88b64937 [ 24.794933][ T288] R13: 0000563e88b66fe0 R14: 0000563e89f6e390 R15: 00007ffceeae3ef0 [ 24.802745][ T288] [ 24.809216][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000102, exited with 00000101? [ 24.820837][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 24.828139][ T290] Modules linked in: [ 24.832063][ T290] Preemption disabled at: [ 24.832072][ T290] [] pipe_write+0x14b2/0x1990 [ 24.842338][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 24.853768][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.863667][ T290] Call Trace: [ 24.866789][ T290] [ 24.869686][ T290] dump_stack_lvl+0x151/0x1b7 [ 24.874190][ T290] ? pipe_write+0x14b2/0x1990 [ 24.878696][ T290] ? pipe_write+0x14b2/0x1990 [ 24.883210][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 24.888503][ T290] ? task_rq_lock+0xd2/0x2b0 [ 24.892929][ T290] ? pipe_write+0x14b2/0x1990 [ 24.897443][ T290] dump_stack+0x15/0x1b [ 24.901436][ T290] __schedule_bug+0x195/0x260 [ 24.905948][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 24.911241][ T290] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 24.916535][ T290] ? _raw_spin_lock+0x1b0/0x1b0 [ 24.921224][ T290] __schedule+0xcf7/0x1550 [ 24.925478][ T290] ? __lock_task_sighand+0xde/0x100 [ 24.930510][ T290] ? __sched_text_start+0x8/0x8 [ 24.935198][ T290] ? __kasan_check_write+0x14/0x20 [ 24.940229][ T290] ? __se_sys_ptrace+0x3b2/0x410 [ 24.945013][ T290] schedule+0xc3/0x180 [ 24.949011][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 24.954047][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 24.959429][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 24.964806][ T290] do_syscall_64+0x49/0xb0 [ 24.969058][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 24.974785][ T290] RIP: 0033:0x4e6c1a [ 24.978518][ T290] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 24.998136][ T290] RSP: 002b:00007fffd8af61d0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 25.006377][ T290] RAX: 0000000000000000 RBX: 00000000017812f8 RCX: 00000000004e6c1a [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 321 attached [pid 313] +++ exited with 0 +++ [pid 321] set_robust_list(0x555556b3d660, 24) = 0 [pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] <... bpf resumed>) = 5 [pid 319] <... bpf resumed>) = 5 [pid 297] <... clone resumed>, child_tidptr=0x555556b3d650) = 321 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 315] +++ exited with 0 +++ [pid 321] setpgid(0, 0 [pid 319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 executing program [pid 320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 321] <... setpgid resumed>) = 0 [pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 321] write(3, "1000", 4) = 4 [pid 321] close(3) = 0 [pid 321] write(1, "executing program\n", 18) = 18 [pid 321] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 321] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 320] <... bpf resumed>) = 6 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 321] <... bpf resumed>) = 4 [pid 321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16) = 5 [pid 319] <... bpf resumed>) = 6 [pid 321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 6 [pid 321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 294] <... clone resumed>, child_tidptr=0x555556b3d650) = 322 [pid 320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x555556b3d660, 24) = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 295] <... clone resumed>, child_tidptr=0x555556b3d650) = 323 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 executing program [pid 322] write(1, "executing program\n", 18) = 18 [pid 322] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 322] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 323 attached ) = 4 [pid 323] set_robust_list(0x555556b3d660, 24 [pid 322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 323] <... set_robust_list resumed>) = 0 [pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 323] setpgid(0, 0) = 0 [pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 323] write(3, "1000", 4) = 4 [pid 323] close(3executing program ) = 0 [pid 323] write(1, "executing program\n", 18) = 18 [pid 323] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 323] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 25.014197][ T290] RDX: 0000000000000000 RSI: 0000000000000129 RDI: 0000000000000018 [ 25.021999][ T290] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000006 [ 25.029810][ T290] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001782e40 [ 25.037726][ T290] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [ 25.045557][ T290] [ 25.062600][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 25.074043][ T288] BUG: scheduling while atomic: sshd/288/0x00000002 [ 25.080408][ T288] Modules linked in: [ 25.084202][ T288] Preemption disabled at: [ 25.084212][ T288] [] __set_current_blocked+0x11b/0x2f0 [ 25.096414][ T288] CPU: 1 PID: 288 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 25.106830][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.116749][ T288] Call Trace: [ 25.119845][ T288] [ 25.122640][ T288] dump_stack_lvl+0x151/0x1b7 [ 25.127133][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 25.132426][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 25.137724][ T288] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 25.143014][ T288] ? fsnotify_perm+0x470/0x5d0 [ 25.147622][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 25.152910][ T288] dump_stack+0x15/0x1b [ 25.156910][ T288] __schedule_bug+0x195/0x260 [ 25.161424][ T288] ? bpf_bprintf_cleanup+0x48/0x60 [ 25.166376][ T288] ? cpu_util_update_eff+0x10e0/0x10e0 [ 25.171742][ T288] ? kernel_read+0x1f0/0x1f0 [ 25.176257][ T288] __schedule+0xcf7/0x1550 [ 25.180509][ T288] ? __kasan_check_read+0x11/0x20 [ 25.185366][ T288] ? __fdget_pos+0x204/0x390 [ 25.189798][ T288] ? __sched_text_start+0x8/0x8 [ 25.194494][ T288] ? ksys_read+0x24f/0x2c0 [ 25.198820][ T288] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 25.204204][ T288] schedule+0xc3/0x180 [ 25.208124][ T288] exit_to_user_mode_loop+0x4e/0xa0 [ 25.213142][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.218438][ T288] syscall_exit_to_user_mode+0x26/0x140 [ 25.223824][ T288] do_syscall_64+0x49/0xb0 [ 25.228084][ T288] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 25.233800][ T288] RIP: 0033:0x7fa4bbd16b6a [ 25.238062][ T288] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 25.257501][ T288] RSP: 002b:00007ffceeadfef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [pid 320] <... bpf resumed>) = 7 [pid 319] <... bpf resumed>) = 7 [pid 323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 321] <... bpf resumed>) = 7 [pid 320] exit_group(0 [pid 319] exit_group(0 [pid 323] <... bpf resumed>) = 5 [pid 320] <... exit_group resumed>) = ? [pid 323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 6 [pid 323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7 [pid 323] exit_group(0) = ? [pid 323] +++ exited with 0 +++ [pid 322] <... bpf resumed>) = 5 [pid 322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 6 [pid 322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7 [pid 322] exit_group(0) = ? [pid 322] +++ exited with 0 +++ [pid 321] exit_group(0) = ? [pid 321] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 324 ./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x555556b3d660, 24executing program executing program executing program executing program ) = 0 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 324] setpgid(0, 0) = 0 [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 324] write(3, "1000", 4) = 4 [pid 324] close(3) = 0 [pid 324] write(1, "executing program\n", 18) = 18 [pid 324] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 324] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 324] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16) = 5 [pid 324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 6 [pid 324] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7 [pid 324] exit_group(0) = ? [pid 324] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 319] <... exit_group resumed>) = ? [pid 297] <... restart_syscall resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 325 ./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x555556b3d660, 24) = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] write(1, "executing program\n", 18) = 18 [pid 325] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 325] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 326 [pid 325] <... bpf resumed>) = 0 [pid 325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 325] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 327 ./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x555556b3d660, 24) = 0 [pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 326] setpgid(0, 0) = 0 [pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 326] write(3, "1000", 4) = 4 [pid 326] close(3) = 0 [pid 326] write(1, "executing program\n", 18) = 18 [pid 326] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 326] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 326] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 326] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x555556b3d660, 24) = 0 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 327] setpgid(0, 0) = 0 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 327] write(3, "1000", 4) = 4 [pid 327] close(3) = 0 [pid 327] write(1, "executing program\n", 18) = 18 [pid 327] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 327] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 327] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 325] <... bpf resumed>) = 5 [pid 319] +++ exited with 0 +++ [pid 325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 325] <... bpf resumed>) = 6 [pid 325] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 329 ./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x555556b3d660, 24) = 0 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 329] setpgid(0, 0) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 329] write(3, "1000", 4) = 4 [pid 329] close(3) = 0 [pid 329] write(1, "executing program\n", 18executing program ) = 18 [pid 329] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 329] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 320] +++ exited with 0 +++ [pid 327] <... bpf resumed>) = 5 [pid 326] <... bpf resumed>) = 5 [pid 325] <... bpf resumed>) = 7 [pid 329] <... bpf resumed>) = 5 [pid 327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 326] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 325] exit_group(0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 327] <... bpf resumed>) = 6 [pid 325] <... exit_group resumed>) = ? [pid 329] <... bpf resumed>) = 6 [ 25.265739][ T288] RAX: 00000000000007c2 RBX: 0000000000000000 RCX: 00007fa4bbd16b6a [ 25.273549][ T288] RDX: 0000000000004000 RSI: 00007ffceeadff18 RDI: 0000000000000009 [ 25.281364][ T288] RBP: 0000563e89f6e390 R08: 0000000000000000 R09: 0000000000000000 [ 25.289348][ T288] R10: 00007ffceeadff18 R11: 0000000000000246 R12: 0000563e89f665e0 [ 25.297155][ T288] R13: 0000563e88b64937 R14: 0000563e88b67480 R15: 0000563e89f665e0 [ 25.304973][ T288] [ 25.324715][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 25.336224][ T288] BUG: scheduling while atomic: sshd/288/0x00000002 [ 25.342676][ T288] Modules linked in: [ 25.346341][ T288] Preemption disabled at: [ 25.346349][ T288] [] __set_current_blocked+0x11b/0x2f0 [ 25.357507][ T288] CPU: 1 PID: 288 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 25.367860][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.377755][ T288] Call Trace: [ 25.380879][ T288] [ 25.383668][ T288] dump_stack_lvl+0x151/0x1b7 [ 25.388166][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 25.393464][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 25.398757][ T288] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 25.404053][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 25.409346][ T288] dump_stack+0x15/0x1b [ 25.413338][ T288] __schedule_bug+0x195/0x260 [ 25.417854][ T288] ? cpu_util_update_eff+0x10e0/0x10e0 [ 25.423149][ T288] __schedule+0xcf7/0x1550 [ 25.427474][ T288] ? __kasan_check_read+0x11/0x20 [ 25.432259][ T288] ? _copy_to_user+0x74/0x90 [ 25.436692][ T288] ? __sched_text_start+0x8/0x8 [ 25.441375][ T288] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 25.446843][ T288] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 25.452221][ T288] schedule+0xc3/0x180 [ 25.456136][ T288] exit_to_user_mode_loop+0x4e/0xa0 [ 25.461162][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.466540][ T288] syscall_exit_to_user_mode+0x26/0x140 [ 25.471921][ T288] do_syscall_64+0x49/0xb0 [ 25.476174][ T288] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 25.482002][ T288] RIP: 0033:0x7fa4bbcc2773 [ 25.486255][ T288] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 25.505692][ T288] RSP: 002b:00007ffceeae4040 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 25.513936][ T288] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007fa4bbcc2773 [pid 327] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 326] <... bpf resumed>) = 6 [pid 326] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 325] +++ exited with 0 +++ [pid 296] <... clone resumed>, child_tidptr=0x555556b3d650) = 331 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 332 ./strace-static-x86_64: Process 331 attached ./strace-static-x86_64: Process 332 attached [pid 331] set_robust_list(0x555556b3d660, 24 [pid 332] set_robust_list(0x555556b3d660, 24 [pid 331] <... set_robust_list resumed>) = 0 [pid 332] <... set_robust_list resumed>) = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 331] <... prctl resumed>) = 0 [pid 332] <... prctl resumed>) = 0 [pid 331] setpgid(0, 0) = 0 [pid 332] setpgid(0, 0) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 331] <... openat resumed>) = 3 [pid 332] <... openat resumed>) = 3 [pid 331] write(3, "1000", 4 [pid 332] write(3, "1000", 4 [pid 331] <... write resumed>) = 4 [pid 332] <... write resumed>) = 4 [pid 332] close(3) = 0 [pid 332] write(1, "executing program\n", 18) = 18 executing program [pid 332] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 332] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 331] close(3) = 0 [pid 332] <... bpf resumed>) = 4 [pid 329] <... bpf resumed>) = 7 [pid 327] <... bpf resumed>) = 7 [pid 326] <... bpf resumed>) = 7 [pid 327] exit_group(0 [pid 326] exit_group(0 [pid 331] write(1, "executing program\n", 18 [ 25.521747][ T288] RDX: 00007ffceeae4128 RSI: 00007ffceeae40a8 RDI: 0000000000000001 [ 25.529557][ T288] RBP: 0000563e89f665e0 R08: 0000000000000001 R09: 0000000000000000 [ 25.537375][ T288] R10: 0000000000000008 R11: 0000000000000246 R12: 0000563e88b5baa4 [ 25.545181][ T288] R13: 0000000000000019 R14: 0000563e88b5c3e8 R15: 00007ffceeae40a8 [ 25.553004][ T288] [ 25.576713][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 25.588177][ T288] BUG: scheduling while atomic: sshd/288/0x00000002 [ 25.594750][ T288] Modules linked in: [ 25.598465][ T288] Preemption disabled at: [ 25.598475][ T288] [] release_sock+0x30/0x1b0 [ 25.608618][ T288] CPU: 1 PID: 288 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 25.619033][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.628933][ T288] Call Trace: [ 25.632054][ T288] [ 25.634831][ T288] dump_stack_lvl+0x151/0x1b7 [ 25.639354][ T288] ? release_sock+0x30/0x1b0 [ 25.643766][ T288] ? release_sock+0x30/0x1b0 [ 25.648192][ T288] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 25.653493][ T288] ? release_sock+0x30/0x1b0 [ 25.657917][ T288] dump_stack+0x15/0x1b [ 25.661911][ T288] __schedule_bug+0x195/0x260 [ 25.666421][ T288] ? try_to_wake_up+0x670/0x1220 [ 25.671278][ T288] ? cpu_util_update_eff+0x10e0/0x10e0 [ 25.676575][ T288] ? cpu_curr_snapshot+0x90/0x90 [ 25.681354][ T288] __schedule+0xcf7/0x1550 [ 25.685608][ T288] ? wake_up_process+0x10/0x20 [ 25.690213][ T288] ? raise_softirq_irqoff+0x37/0x40 [ 25.695234][ T288] ? rcu_read_unlock_special+0x3f2/0x4e0 [ 25.700702][ T288] ? __sched_text_start+0x8/0x8 [ 25.705475][ T288] ? __rcu_read_unlock+0xd0/0xd0 [ 25.710247][ T288] ? ksys_write+0x24f/0x2c0 [ 25.714586][ T288] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 25.720066][ T288] schedule+0xc3/0x180 [ 25.723965][ T288] exit_to_user_mode_loop+0x4e/0xa0 [ 25.728993][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.734288][ T288] syscall_exit_to_user_mode+0x26/0x140 [ 25.739681][ T288] do_syscall_64+0x49/0xb0 [ 25.743925][ T288] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 25.749564][ T288] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 25.755294][ T288] RIP: 0033:0x7fa4bbcfd587 [ 25.759545][ T288] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 25.779071][ T288] RSP: 002b:00007ffceeae3958 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 25.787320][ T288] RAX: 0000000000000120 RBX: 0000000000000000 RCX: 00007fa4bbcfd587 [ 25.795221][ T288] RDX: 0000000000000b16 RSI: 0000563e88b66fe0 RDI: 0000563e88b64937 [ 25.803026][ T288] RBP: 0000563e88b65dd0 R08: 0000000000000006 R09: 0000000000000000 [ 25.810923][ T288] R10: 0000563e88b65dd0 R11: 0000000000000246 R12: 0000563e88b64937 [ 25.818738][ T288] R13: 0000563e88b66fe0 R14: 0000563e89f6e390 R15: 00007ffceeae3ee0 [pid 332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 329] exit_group(0 [pid 327] <... exit_group resumed>) = ? executing program executing program [pid 326] <... exit_group resumed>) = ? [pid 327] +++ exited with 0 +++ [pid 331] <... write resumed>) = 18 [pid 331] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 331] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 331] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 329] <... exit_group resumed>) = ? [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 333 ./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x555556b3d660, 24) = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 333] setpgid(0, 0) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 [pid 333] write(1, "executing program\n", 18) = 18 [pid 333] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 333] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 333] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 332] <... bpf resumed>) = 5 [pid 331] <... bpf resumed>) = 5 [pid 326] +++ exited with 0 +++ [pid 333] <... bpf resumed>) = 5 [pid 329] +++ exited with 0 +++ [pid 332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 333] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 334 [pid 332] <... bpf resumed>) = 6 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=326, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- ./strace-static-x86_64: Process 334 attached [pid 333] <... bpf resumed>) = 6 [pid 332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 334] set_robust_list(0x555556b3d660, 24 [pid 333] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 331] <... bpf resumed>) = 6 [pid 334] <... set_robust_list resumed>) = 0 [pid 331] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 335 attached ) = 0 [pid 335] set_robust_list(0x555556b3d660, 24 [pid 334] setpgid(0, 0 [pid 294] <... clone resumed>, child_tidptr=0x555556b3d650) = 335 [pid 335] <... set_robust_list resumed>) = 0 [pid 334] <... setpgid resumed>) = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] <... prctl resumed>) = 0 [pid 334] write(3, "1000", 4) = 4 [pid 335] setpgid(0, 0 [pid 334] close(3 [pid 335] <... setpgid resumed>) = 0 [pid 334] <... close resumed>) = 0 [pid 334] write(1, "executing program\n", 18executing program [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 334] <... write resumed>) = 18 [pid 335] <... openat resumed>) = 3 [pid 334] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 335] write(3, "1000", 4 [pid 334] <... bpf resumed>) = 3 [pid 335] <... write resumed>) = 4 [pid 334] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 335] close(3) = 0 executing program [pid 335] write(1, "executing program\n", 18 [pid 334] <... bpf resumed>) = 4 [pid 335] <... write resumed>) = 18 [pid 334] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 335] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 335] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 25.826646][ T288] [pid 335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 332] <... bpf resumed>) = 7 [pid 334] <... bpf resumed>) = 5 [pid 333] <... bpf resumed>) = 7 [pid 331] <... bpf resumed>) = 7 [pid 335] <... bpf resumed>) = 5 [pid 334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 333] exit_group(0 [pid 332] exit_group(0 [ 25.873217][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 25.884609][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 25.892078][ T290] Modules linked in: [ 25.895771][ T290] Preemption disabled at: [ 25.895778][ T290] [] remove_wait_queue+0x26/0x140 [ 25.906479][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 25.917832][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.927722][ T290] Call Trace: [ 25.930851][ T290] [ 25.933624][ T290] dump_stack_lvl+0x151/0x1b7 [ 25.938135][ T290] ? remove_wait_queue+0x26/0x140 [ 25.942995][ T290] ? remove_wait_queue+0x26/0x140 [ 25.947856][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 25.953153][ T290] ? remove_wait_queue+0x26/0x140 [ 25.958013][ T290] dump_stack+0x15/0x1b [ 25.962199][ T290] __schedule_bug+0x195/0x260 [ 25.966712][ T290] ? __ia32_sys_waitid+0xd0/0xd0 [ 25.971486][ T290] ? bpf_trace_printk+0x1be/0x300 [ 25.976344][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 25.981725][ T290] ? kernel_waitid+0x520/0x520 [ 25.986325][ T290] __schedule+0xcf7/0x1550 [ 25.990669][ T290] ? __x64_sys_wait4+0x181/0x1e0 [ 25.995445][ T290] ? bpf_trace_run2+0x138/0x290 [ 26.000126][ T290] ? __sched_text_start+0x8/0x8 [ 26.004814][ T290] schedule+0xc3/0x180 [ 26.008746][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 26.013848][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.019134][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 26.024523][ T290] do_syscall_64+0x49/0xb0 [ 26.028774][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 26.034499][ T290] RIP: 0033:0x4d49a6 [ 26.038230][ T290] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 26.057788][ T290] RSP: 002b:00007fffd8af62e8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 26.066119][ T290] RAX: 000000000000014f RBX: 0000000000000007 RCX: 00000000004d49a6 [pid 331] exit_group(0 [pid 334] <... bpf resumed>) = 6 [pid 333] <... exit_group resumed>) = ? [ 26.073931][ T290] RDX: 0000000040000001 RSI: 00007fffd8af630c RDI: 00000000ffffffff [ 26.081745][ T290] RBP: 0000000001782ba0 R08: 0000000000000000 R09: 0000000000000000 [ 26.089553][ T290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001788620 [ 26.097450][ T290] R13: 000000000000012a R14: 00007fffd8af630c R15: 0000000000617180 [ 26.105268][ T290] [ 26.110067][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 26.121583][ T288] BUG: scheduling while atomic: sshd/288/0x00000002 [ 26.127942][ T288] Modules linked in: [ 26.131747][ T288] Preemption disabled at: [ 26.131756][ T288] [] __set_current_blocked+0x11b/0x2f0 [ 26.142743][ T288] CPU: 1 PID: 288 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 26.153115][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.163008][ T288] Call Trace: [ 26.166129][ T288] [ 26.168920][ T288] dump_stack_lvl+0x151/0x1b7 [ 26.173423][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 26.178716][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 26.184069][ T288] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 26.189306][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 26.194608][ T288] dump_stack+0x15/0x1b [ 26.198596][ T288] __schedule_bug+0x195/0x260 [ 26.203104][ T288] ? cpu_util_update_eff+0x10e0/0x10e0 [ 26.208406][ T288] __schedule+0xcf7/0x1550 [ 26.212664][ T288] ? __kasan_check_read+0x11/0x20 [ 26.217509][ T288] ? _copy_to_user+0x74/0x90 [ 26.221938][ T288] ? __sched_text_start+0x8/0x8 [ 26.226627][ T288] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 26.232102][ T288] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 26.237474][ T288] schedule+0xc3/0x180 [ 26.241387][ T288] exit_to_user_mode_loop+0x4e/0xa0 [ 26.246415][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.251727][ T288] syscall_exit_to_user_mode+0x26/0x140 [ 26.257095][ T288] do_syscall_64+0x49/0xb0 [ 26.261346][ T288] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 26.267073][ T288] RIP: 0033:0x7fa4bbcc2773 [ 26.271328][ T288] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 26.290772][ T288] RSP: 002b:00007ffceeae4040 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 26.299007][ T288] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007fa4bbcc2773 [ 26.306826][ T288] RDX: 00007ffceeae4128 RSI: 00007ffceeae40a8 RDI: 0000000000000001 [ 26.314725][ T288] RBP: 0000563e89f665e0 R08: 0000000000000001 R09: 0000000000000000 [pid 332] <... exit_group resumed>) = ? [pid 331] <... exit_group resumed>) = ? [pid 335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 334] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 333] +++ exited with 0 +++ [pid 335] <... bpf resumed>) = 6 [pid 335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 336 ./strace-static-x86_64: Process 336 attached [pid 336] set_robust_list(0x555556b3d660, 24) = 0 [pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 336] setpgid(0, 0) = 0 [pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 336] write(3, "1000", 4) = 4 [pid 336] close(3) = 0 [pid 336] write(1, "executing program\n", 18) = 18 [pid 336] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 336] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 336] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16executing program [pid 332] +++ exited with 0 +++ [pid 331] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] <... clone resumed>, child_tidptr=0x555556b3d650) = 338 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 338 attached ./strace-static-x86_64: Process 339 attached [pid 338] set_robust_list(0x555556b3d660, 24 [pid 296] <... clone resumed>, child_tidptr=0x555556b3d650) = 339 [pid 338] <... set_robust_list resumed>) = 0 [pid 339] set_robust_list(0x555556b3d660, 24 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 339] <... set_robust_list resumed>) = 0 [pid 338] <... prctl resumed>) = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 338] setpgid(0, 0 [pid 339] <... prctl resumed>) = 0 [pid 338] <... setpgid resumed>) = 0 [pid 339] setpgid(0, 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 339] <... setpgid resumed>) = 0 [pid 338] <... openat resumed>) = 3 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 338] write(3, "1000", 4 [pid 339] <... openat resumed>) = 3 [pid 338] <... write resumed>) = 4 [pid 339] write(3, "1000", 4 [pid 338] close(3 [pid 339] <... write resumed>) = 4 [pid 338] <... close resumed>) = 0 [pid 339] close(3 [pid 338] write(1, "executing program\n", 18executing program [pid 339] <... close resumed>) = 0 [pid 338] <... write resumed>) = 18 [pid 339] write(1, "executing program\n", 18 executing program [pid 338] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 339] <... write resumed>) = 18 [pid 338] <... bpf resumed>) = 3 [pid 339] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 338] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 339] <... bpf resumed>) = 3 [pid 338] <... bpf resumed>) = 0 [pid 339] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 338] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 339] <... bpf resumed>) = 0 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 338] <... bpf resumed>) = 4 [pid 338] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 339] <... bpf resumed>) = 4 [pid 339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 334] <... bpf resumed>) = 7 [pid 338] <... bpf resumed>) = 5 [pid 336] <... bpf resumed>) = 5 [pid 335] <... bpf resumed>) = 7 [pid 339] <... bpf resumed>) = 5 [pid 338] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 334] exit_group(0 [pid 339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 338] <... bpf resumed>) = 6 [pid 336] <... bpf resumed>) = 6 [pid 335] exit_group(0 [pid 334] <... exit_group resumed>) = ? [pid 338] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 336] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 335] <... exit_group resumed>) = ? [pid 338] <... bpf resumed>) = 7 [pid 338] exit_group(0 [pid 334] +++ exited with 0 +++ [pid 338] <... exit_group resumed>) = ? [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 340 attached [pid 339] <... bpf resumed>) = 6 [pid 298] <... clone resumed>, child_tidptr=0x555556b3d650) = 340 [pid 339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 340] set_robust_list(0x555556b3d660, 24) = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 26.322545][ T288] R10: 0000000000000008 R11: 0000000000000246 R12: 0000563e88b5baa4 [ 26.330343][ T288] R13: 000000000000001a R14: 0000563e88b5c3e8 R15: 00007ffceeae40a8 [ 26.338168][ T288] [ 26.378512][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 26.389947][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 26.397533][ T290] Modules linked in: [ 26.401333][ T290] Preemption disabled at: [ 26.401342][ T290] [] __lock_task_sighand+0x6b/0x100 [ 26.412036][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 26.423389][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.433277][ T290] Call Trace: [ 26.436403][ T290] [ 26.439188][ T290] dump_stack_lvl+0x151/0x1b7 [ 26.443700][ T290] ? __lock_task_sighand+0x6b/0x100 [ 26.448733][ T290] ? __lock_task_sighand+0x6b/0x100 [ 26.453766][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 26.459056][ T290] ? fsnotify_perm+0x6a/0x5d0 [ 26.463570][ T290] ? __lock_task_sighand+0x6b/0x100 [ 26.468604][ T290] dump_stack+0x15/0x1b [ 26.472595][ T290] __schedule_bug+0x195/0x260 [ 26.477107][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 26.482404][ T290] ? file_end_write+0x1c0/0x1c0 [ 26.487090][ T290] __schedule+0xcf7/0x1550 [ 26.491352][ T290] ? __kasan_check_read+0x11/0x20 [ 26.496203][ T290] ? __fdget_pos+0x204/0x390 [ 26.500634][ T290] ? __sched_text_start+0x8/0x8 [ 26.505317][ T290] ? ksys_write+0x24f/0x2c0 [ 26.509657][ T290] schedule+0xc3/0x180 [ 26.513563][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 26.518594][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.523904][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 26.529279][ T290] do_syscall_64+0x49/0xb0 [ 26.533529][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 26.539436][ T290] RIP: 0033:0x4e5c73 [ 26.543158][ T290] Code: c7 c0 b8 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18 [ 26.562686][ T290] RSP: 002b:00007fffd8af6178 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 26.570931][ T290] RAX: 0000000000000018 RBX: 0000000000000018 RCX: 00000000004e5c73 [pid 340] setpgid(0, 0) = 0 [pid 335] +++ exited with 0 +++ [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 26.578751][ T290] RDX: 0000000000000018 RSI: 0000000001784000 RDI: 0000000000000002 [ 26.586551][ T290] RBP: 0000000001784000 R08: 0000000000000000 R09: 0000000000000001 [ 26.594451][ T290] R10: 00007fffd8af60e7 R11: 0000000000000246 R12: 0000000000000018 [ 26.602260][ T290] R13: 0000000000617480 R14: 0000000000000018 R15: 0000000000617180 [ 26.610078][ T290] [ 26.614060][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 26.625924][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 26.633438][ T290] Modules linked in: [ 26.637142][ T290] Preemption disabled at: [ 26.637148][ T290] [] remove_wait_queue+0x26/0x140 [ 26.647735][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 26.659121][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.669085][ T290] Call Trace: [ 26.672209][ T290] [ 26.674987][ T290] dump_stack_lvl+0x151/0x1b7 [ 26.679496][ T290] ? remove_wait_queue+0x26/0x140 [ 26.684357][ T290] ? remove_wait_queue+0x26/0x140 [ 26.689217][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 26.694513][ T290] ? remove_wait_queue+0x26/0x140 [ 26.699373][ T290] dump_stack+0x15/0x1b [ 26.703371][ T290] __schedule_bug+0x195/0x260 [ 26.707876][ T290] ? __ia32_sys_waitid+0xd0/0xd0 [ 26.712652][ T290] ? bpf_trace_printk+0x1be/0x300 [ 26.717511][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 26.722806][ T290] ? kernel_waitid+0x520/0x520 [ 26.727409][ T290] __schedule+0xcf7/0x1550 [ 26.731660][ T290] ? __x64_sys_wait4+0x181/0x1e0 [ 26.736433][ T290] ? bpf_trace_run2+0x138/0x290 [ 26.741118][ T290] ? __sched_text_start+0x8/0x8 [ 26.745896][ T290] schedule+0xc3/0x180 [ 26.749884][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 26.754920][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 26.760213][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 26.765594][ T290] do_syscall_64+0x49/0xb0 [ 26.769846][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 26.775576][ T290] RIP: 0033:0x4d49a6 [ 26.779312][ T290] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 26.798748][ T290] RSP: 002b:00007fffd8af62e8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 26.806994][ T290] RAX: 000000000000012a RBX: 0000000000000001 RCX: 00000000004d49a6 [ 26.814811][ T290] RDX: 0000000040000001 RSI: 00007fffd8af630c RDI: 00000000ffffffff [ 26.822617][ T290] RBP: 00000000017834d0 R08: 0000000000000000 R09: 0000000000000000 [pid 340] write(3, "1000", 4) = 4 [pid 339] <... bpf resumed>) = 7 [pid 338] +++ exited with 0 +++ [pid 336] <... bpf resumed>) = 7 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 340] close(3 [ 26.830429][ T290] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000017882c0 [ 26.838242][ T290] R13: 0000000000000154 R14: 00007fffd8af630c R15: 0000000000617180 [ 26.846141][ T290] [ 26.851386][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 26.862812][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 26.870317][ T290] Modules linked in: [ 26.874132][ T290] Preemption disabled at: [ 26.874141][ T290] [] pipe_write+0x14b2/0x1990 [ 26.884425][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 26.895746][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.905727][ T290] Call Trace: [ 26.908935][ T290] [ 26.911713][ T290] dump_stack_lvl+0x151/0x1b7 [ 26.916223][ T290] ? pipe_write+0x14b2/0x1990 [ 26.920739][ T290] ? pipe_write+0x14b2/0x1990 [ 26.925252][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 26.930554][ T290] ? task_rq_lock+0xd2/0x2b0 [ 26.934974][ T290] ? pipe_write+0x14b2/0x1990 [ 26.939485][ T290] dump_stack+0x15/0x1b [ 26.943481][ T290] __schedule_bug+0x195/0x260 [ 26.948001][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 26.953292][ T290] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 26.958586][ T290] ? _raw_spin_lock+0x1b0/0x1b0 [ 26.963359][ T290] __schedule+0xcf7/0x1550 [ 26.967609][ T290] ? __lock_task_sighand+0xde/0x100 [ 26.972641][ T290] ? __sched_text_start+0x8/0x8 [ 26.977325][ T290] ? __kasan_check_write+0x14/0x20 [ 26.982274][ T290] ? __se_sys_ptrace+0x3b2/0x410 [ 26.987048][ T290] schedule+0xc3/0x180 [ 26.990954][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 26.995990][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 27.001281][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 27.006747][ T290] do_syscall_64+0x49/0xb0 [ 27.011000][ T290] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 27.016644][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 27.022381][ T290] RIP: 0033:0x4e6c1a [ 27.026153][ T290] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c [ 27.045636][ T290] RSP: 002b:00007fffd8af61d0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 27.053876][ T290] RAX: 0000000000000000 RBX: 00000000017812f8 RCX: 00000000004e6c1a [ 27.061862][ T290] RDX: 0000000000000000 RSI: 0000000000000153 RDI: 0000000000000018 [ 27.069674][ T290] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000001 [pid 339] exit_group(0 [pid 340] <... close resumed>) = 0 [pid 339] <... exit_group resumed>) = ? [pid 336] exit_group(0 executing program [pid 340] write(1, "executing program\n", 18) = 18 [ 27.077484][ T290] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001783380 [ 27.085294][ T290] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180 [ 27.093122][ T290] [ 27.097220][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 27.108710][ T340] BUG: scheduling while atomic: syz-executor239/340/0x00000002 [ 27.116146][ T340] Modules linked in: [ 27.120045][ T340] Preemption disabled at: [ 27.120054][ T340] [] ptrace_stop+0x57e/0x930 [ 27.130296][ T340] CPU: 1 PID: 340 Comm: syz-executor239 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 27.141660][ T340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 27.151554][ T340] Call Trace: [ 27.154680][ T340] [ 27.157455][ T340] dump_stack_lvl+0x151/0x1b7 [ 27.161967][ T340] ? ptrace_stop+0x57e/0x930 [ 27.166393][ T340] ? ptrace_stop+0x57e/0x930 [ 27.170824][ T340] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 27.176123][ T340] ? ptrace_stop+0x57e/0x930 [ 27.180552][ T340] dump_stack+0x15/0x1b [ 27.184536][ T340] __schedule_bug+0x195/0x260 [ 27.189051][ T340] ? cpu_util_update_eff+0x10e0/0x10e0 [ 27.194344][ T340] __schedule+0xcf7/0x1550 [ 27.198597][ T340] ? __kasan_check_write+0x14/0x20 [ 27.203544][ T340] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 27.208499][ T340] ? __sched_text_start+0x8/0x8 [ 27.213177][ T340] ? __kasan_check_read+0x11/0x20 [ 27.218037][ T340] ? cgroup_update_frozen+0x15f/0x980 [ 27.223243][ T340] ? bpf_map_new_fd+0x62/0x80 [ 27.227760][ T340] schedule+0xc3/0x180 [ 27.231668][ T340] ptrace_stop+0x54f/0x930 [ 27.235919][ T340] ptrace_notify+0x225/0x350 [ 27.240345][ T340] ? do_notify_parent+0xa20/0xa20 [ 27.245203][ T340] ? __bpf_trace_sys_enter+0x62/0x70 [ 27.250324][ T340] syscall_exit_to_user_mode+0xa2/0x140 [ 27.255708][ T340] do_syscall_64+0x49/0xb0 [ 27.259957][ T340] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 27.265687][ T340] RIP: 0033:0x7ff94a36dee9 [ 27.269937][ T340] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 27.289482][ T340] RSP: 002b:00007ffeffd24c48 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 27.297725][ T340] RAX: 0000000000000003 RBX: 0000000000000000 RCX: 00007ff94a36dee9 [ 27.305639][ T340] RDX: 0000000000000048 RSI: 0000000020000340 RDI: 0000000000000000 [ 27.313447][ T340] RBP: 00000000000f4240 R08: 0000000000000000 R09: 00000000000000a0 [ 27.321261][ T340] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000064e8 [pid 340] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 339] +++ exited with 0 +++ [pid 336] <... exit_group resumed>) = ? [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 340] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] <... clone resumed>, child_tidptr=0x555556b3d650) = 343 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 294] <... clone resumed>, child_tidptr=0x555556b3d650) = 344 [pid 296] <... restart_syscall resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 345 [ 27.329072][ T340] R13: 00007ffeffd24c5c R14: 00007ffeffd24c70 R15: 00007ffeffd24c60 [ 27.336895][ T340] [ 27.340737][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 27.352835][ T340] BUG: scheduling while atomic: syz-executor239/340/0x00000002 [ 27.360214][ T340] Modules linked in: [ 27.363979][ T340] Preemption disabled at: [ 27.363987][ T340] [] ptrace_stop+0x57e/0x930 [ 27.374111][ T340] CPU: 1 PID: 340 Comm: syz-executor239 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 27.385457][ T340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 27.395348][ T340] Call Trace: [ 27.398472][ T340] [ 27.401250][ T340] dump_stack_lvl+0x151/0x1b7 [ 27.405764][ T340] ? ptrace_stop+0x57e/0x930 [ 27.410187][ T340] ? ptrace_stop+0x57e/0x930 [ 27.414616][ T340] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 27.419914][ T340] ? arch_stack_walk+0xf3/0x140 [ 27.424597][ T340] ? ptrace_stop+0x57e/0x930 [ 27.429023][ T340] dump_stack+0x15/0x1b [ 27.433021][ T340] __schedule_bug+0x195/0x260 [ 27.437530][ T340] ? stack_trace_save+0x113/0x1c0 [ 27.442389][ T340] ? cpu_util_update_eff+0x10e0/0x10e0 [ 27.447686][ T340] ? stack_trace_snprint+0xf0/0xf0 [ 27.452634][ T340] __schedule+0xcf7/0x1550 [ 27.456886][ T340] ? kasan_set_track+0x60/0x70 [ 27.461486][ T340] ? kasan_set_track+0x4b/0x70 [ 27.466092][ T340] ? kasan_save_alloc_info+0x1f/0x30 [ 27.471206][ T340] ? __kasan_kmalloc+0x9c/0xb0 [ 27.475804][ T340] ? __kmalloc_node+0xb4/0x1e0 [ 27.480409][ T340] ? bpf_jit_binary_pack_alloc+0x1e0/0x540 [ 27.486049][ T340] ? __sched_text_start+0x8/0x8 [ 27.491046][ T340] ? __sys_bpf+0x52c/0x7f0 [ 27.495297][ T340] ? do_syscall_64+0x3d/0xb0 [ 27.499720][ T340] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 27.505649][ T340] schedule+0xc3/0x180 [ 27.509531][ T340] schedule_preempt_disabled+0x13/0x20 [ 27.514826][ T340] __mutex_lock+0x5b6/0x1ca0 [ 27.519253][ T340] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 27.525848][ T340] ? debug_smp_processor_id+0x17/0x20 [ 27.531143][ T340] ? get_random_u32+0x30d/0x650 [ 27.535920][ T340] ? kvmalloc_node+0x26c/0x640 [ 27.540516][ T340] ? __mutex_lock_slowpath+0x10/0x10 [ 27.545721][ T340] __mutex_lock_slowpath+0xe/0x10 [ 27.550582][ T340] mutex_lock+0x130/0x1e0 [ 27.554751][ T340] ? bit_wait_io_timeout+0x120/0x120 [ 27.559877][ T340] ? bpf_jit_binary_pack_alloc+0x2a1/0x540 [ 27.565600][ T340] ? in_gate_area_no_mm+0x41/0x60 [ 27.570555][ T340] text_poke_copy+0x2b/0x90 [ 27.574803][ T340] bpf_arch_text_copy+0x25/0x40 [ 27.579487][ T340] bpf_jit_binary_pack_finalize+0x3a/0x90 [ 27.585040][ T340] bpf_int_jit_compile+0xbd80/0xca30 [ 27.590181][ T340] ? emit_bpf_dispatcher+0xdf0/0xdf0 [ 27.595280][ T340] ? security_bpf_prog_alloc+0x62/0x90 [ 27.600573][ T340] ? __sys_bpf+0x52c/0x7f0 [ 27.604912][ T340] ? __x64_sys_bpf+0x7c/0x90 [ 27.609337][ T340] ? do_syscall_64+0x3d/0xb0 [ 27.613781][ T340] ? __kasan_check_write+0x14/0x20 [ 27.618714][ T340] ? _raw_spin_trylock_bh+0x190/0x190 [ 27.623933][ T340] bpf_prog_select_runtime+0x8da/0xc10 [ 27.629221][ T340] ? memset+0x35/0x40 [ 27.633038][ T340] ? bpf_obj_name_cpy+0x196/0x1e0 [ 27.637900][ T340] bpf_prog_load+0x136d/0x1bf0 [ 27.642615][ T340] ? map_freeze+0x3a0/0x3a0 [ 27.646954][ T340] ? selinux_bpf+0xcb/0x100 [ 27.651292][ T340] ? security_bpf+0x82/0xb0 [ 27.655629][ T340] __sys_bpf+0x52c/0x7f0 [ 27.659708][ T340] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 27.664920][ T340] ? __kasan_check_write+0x14/0x20 [ 27.669951][ T340] ? __bpf_trace_sys_enter+0x62/0x70 [ 27.675080][ T340] __x64_sys_bpf+0x7c/0x90 [ 27.679326][ T340] do_syscall_64+0x3d/0xb0 [ 27.683582][ T340] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 27.689307][ T340] RIP: 0033:0x7ff94a36dee9 [ 27.693565][ T340] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 27.713085][ T340] RSP: 002b:00007ffeffd24c48 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 27.721330][ T340] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff94a36dee9 ./strace-static-x86_64: Process 345 attached ./strace-static-x86_64: Process 344 attached ./strace-static-x86_64: Process 343 attached [pid 340] <... bpf resumed>) = 4 [pid 336] +++ exited with 0 +++ [pid 345] set_robust_list(0x555556b3d660, 24 [pid 344] set_robust_list(0x555556b3d660, 24 [pid 343] set_robust_list(0x555556b3d660, 24 [pid 340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=64} --- [pid 345] <... set_robust_list resumed>) = 0 [pid 344] <... set_robust_list resumed>) = 0 [pid 343] <... set_robust_list resumed>) = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 345] <... prctl resumed>) = 0 [pid 344] <... prctl resumed>) = 0 [pid 343] <... prctl resumed>) = 0 [pid 345] setpgid(0, 0 [pid 344] setpgid(0, 0 [pid 343] setpgid(0, 0 [pid 345] <... setpgid resumed>) = 0 [pid 344] <... setpgid resumed>) = 0 [pid 343] <... setpgid resumed>) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 345] <... openat resumed>) = 3 [pid 344] <... openat resumed>) = 3 [pid 343] <... openat resumed>) = 3 [pid 295] <... clone resumed>, child_tidptr=0x555556b3d650) = 346 [pid 345] write(3, "1000", 4 [pid 344] write(3, "1000", 4 [pid 343] write(3, "1000", 4 [pid 345] <... write resumed>) = 4 [pid 344] <... write resumed>) = 4 [pid 343] <... write resumed>) = 4 [pid 345] close(3 [pid 344] close(3 [pid 343] close(3executing program executing program executing program [pid 345] <... close resumed>) = 0 [pid 344] <... close resumed>) = 0 [pid 343] <... close resumed>) = 0 [pid 345] write(1, "executing program\n", 18 [pid 344] write(1, "executing program\n", 18 [pid 343] write(1, "executing program\n", 18 [pid 345] <... write resumed>) = 18 [pid 344] <... write resumed>) = 18 [pid 343] <... write resumed>) = 18 [pid 345] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 344] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 343] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 345] <... bpf resumed>) = 3 [pid 344] <... bpf resumed>) = 3 [pid 343] <... bpf resumed>) = 3 [pid 345] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 344] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 343] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 345] <... bpf resumed>) = 0 [pid 344] <... bpf resumed>) = 0 [pid 343] <... bpf resumed>) = 0 [pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 346 attached [pid 345] <... bpf resumed>) = 4 [pid 344] <... bpf resumed>) = 4 [pid 346] set_robust_list(0x555556b3d660, 24 [pid 345] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 344] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 343] <... bpf resumed>) = 4 [pid 346] <... set_robust_list resumed>) = 0 [pid 343] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 346] setpgid(0, 0) = 0 [pid 346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 346] write(3, "1000", 4) = 4 [pid 346] close(3) = 0 executing program [pid 346] write(1, "executing program\n", 18) = 18 [pid 346] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 346] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 345] <... bpf resumed>) = 5 [pid 344] <... bpf resumed>) = 5 [pid 343] <... bpf resumed>) = 5 [pid 340] <... bpf resumed>) = 5 [pid 346] <... bpf resumed>) = 5 [pid 345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 344] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 6 [pid 345] <... bpf resumed>) = 6 [pid 346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7 [pid 346] exit_group(0 [pid 340] <... bpf resumed>) = 6 [pid 346] <... exit_group resumed>) = ? [pid 346] +++ exited with 0 +++ [pid 344] <... bpf resumed>) = 6 [pid 345] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 344] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 343] <... bpf resumed>) = 6 [pid 340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 343] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 347 ./strace-static-x86_64: Process 347 attached [pid 347] set_robust_list(0x555556b3d660, 24) = 0 [pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 347] setpgid(0, 0) = 0 [pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 347] write(3, "1000", 4) = 4 [pid 347] close(3) = 0 [pid 347] write(1, "executing program\n", 18executing program ) = 18 [pid 347] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 347] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 347] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 345] <... bpf resumed>) = 7 [pid 345] exit_group(0 [pid 344] <... bpf resumed>) = 7 [pid 343] <... bpf resumed>) = 7 [pid 340] <... bpf resumed>) = 7 [pid 345] <... exit_group resumed>) = ? [pid 344] exit_group(0 [pid 347] <... bpf resumed>) = 5 [pid 345] +++ exited with 0 +++ [pid 344] <... exit_group resumed>) = ? [pid 343] exit_group(0 [pid 340] exit_group(0 [pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 344] +++ exited with 0 +++ [pid 343] <... exit_group resumed>) = ? [pid 340] <... exit_group resumed>) = ? [pid 347] <... bpf resumed>) = 6 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 347] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- ./strace-static-x86_64: Process 348 attached [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 348] set_robust_list(0x555556b3d660, 24 [pid 296] <... clone resumed>, child_tidptr=0x555556b3d650) = 348 [pid 348] <... set_robust_list resumed>) = 0 [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 349 attached [pid 294] <... clone resumed>, child_tidptr=0x555556b3d650) = 349 [pid 349] set_robust_list(0x555556b3d660, 24 [pid 348] <... prctl resumed>) = 0 [pid 349] <... set_robust_list resumed>) = 0 [pid 348] setpgid(0, 0) = 0 [ 27.729138][ T340] RDX: 0000000000000090 RSI: 00000000200004c0 RDI: 0000000000000005 [ 27.736952][ T340] RBP: 0000000000000000 R08: 00000000000000a0 R09: 00000000000000a0 [ 27.744761][ T340] R10: 00000000000000a0 R11: 0000000000000246 R12: 0000000000000000 [ 27.752572][ T340] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 27.760389][ T340] [ 27.810047][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 27.821478][ T288] BUG: scheduling while atomic: sshd/288/0x00000002 [ 27.827857][ T288] Modules linked in: [ 27.831792][ T288] Preemption disabled at: [ 27.831802][ T288] [] __set_current_blocked+0x11b/0x2f0 [ 27.842865][ T288] CPU: 1 PID: 288 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 27.853349][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 27.863241][ T288] Call Trace: [ 27.866368][ T288] [ 27.869139][ T288] dump_stack_lvl+0x151/0x1b7 [ 27.873651][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 27.878949][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 27.884238][ T288] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 27.889541][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 27.894826][ T288] dump_stack+0x15/0x1b [ 27.898819][ T288] __schedule_bug+0x195/0x260 [ 27.903338][ T288] ? cpu_util_update_eff+0x10e0/0x10e0 [ 27.908629][ T288] __schedule+0xcf7/0x1550 [ 27.912884][ T288] ? __kasan_check_read+0x11/0x20 [ 27.917740][ T288] ? _copy_to_user+0x74/0x90 [ 27.922343][ T288] ? __sched_text_start+0x8/0x8 [ 27.927027][ T288] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 27.932502][ T288] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 27.937880][ T288] schedule+0xc3/0x180 [ 27.941787][ T288] exit_to_user_mode_loop+0x4e/0xa0 [ 27.946962][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 27.952248][ T288] syscall_exit_to_user_mode+0x26/0x140 [ 27.957630][ T288] do_syscall_64+0x49/0xb0 [ 27.961880][ T288] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 27.967612][ T288] RIP: 0033:0x7fa4bbcc2773 [ 27.971860][ T288] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 27.991422][ T288] RSP: 002b:00007ffceeae4040 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 27.999660][ T288] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007fa4bbcc2773 executing program executing program executing program [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 348] write(3, "1000", 4) = 4 [pid 348] close(3) = 0 [pid 348] write(1, "executing program\n", 18) = 18 [pid 348] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 348] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 348] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] write(1, "executing program\n", 18) = 18 [pid 349] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 349] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 349] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 343] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 350 ./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x555556b3d660, 24) = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] write(1, "executing program\n", 18) = 18 [pid 350] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 350] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 350] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 340] +++ exited with 0 +++ [pid 350] <... bpf resumed>) = 5 [pid 349] <... bpf resumed>) = 5 [pid 348] <... bpf resumed>) = 5 [pid 347] <... bpf resumed>) = 7 [pid 350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 347] exit_group(0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 28.007468][ T288] RDX: 00007ffceeae4128 RSI: 00007ffceeae40a8 RDI: 0000000000000001 [ 28.015279][ T288] RBP: 0000563e89f665e0 R08: 0000000000000001 R09: 0000000000000000 [ 28.023182][ T288] R10: 0000000000000008 R11: 0000000000000246 R12: 0000563e88b5baa4 [ 28.030994][ T288] R13: 000000000000001b R14: 0000563e88b5c3e8 R15: 00007ffceeae40a8 [ 28.038812][ T288] [ 28.046091][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 28.057639][ T294] BUG: scheduling while atomic: syz-executor239/294/0x00000002 [ 28.065018][ T294] Modules linked in: [ 28.068742][ T294] Preemption disabled at: [ 28.068752][ T294] [] ptrace_stop+0x57e/0x930 [ 28.078829][ T294] CPU: 1 PID: 294 Comm: syz-executor239 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 28.090188][ T294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.100258][ T294] Call Trace: [ 28.103414][ T294] [ 28.106259][ T294] dump_stack_lvl+0x151/0x1b7 [pid 350] <... bpf resumed>) = 6 [pid 349] <... bpf resumed>) = 6 [pid 348] <... bpf resumed>) = 6 [pid 347] <... exit_group resumed>) = ? [pid 350] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 349] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 348] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 347] +++ exited with 0 +++ [ 28.110771][ T294] ? ptrace_stop+0x57e/0x930 [ 28.115198][ T294] ? ptrace_stop+0x57e/0x930 [ 28.119625][ T294] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 28.124917][ T294] ? ptrace_stop+0x57e/0x930 [ 28.129340][ T294] dump_stack+0x15/0x1b [ 28.133350][ T294] __schedule_bug+0x195/0x260 [ 28.137868][ T294] ? cpu_util_update_eff+0x10e0/0x10e0 [ 28.143165][ T294] __schedule+0xcf7/0x1550 [ 28.147407][ T294] ? __kasan_check_write+0x14/0x20 [ 28.152434][ T294] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 28.157379][ T294] ? __sched_text_start+0x8/0x8 [ 28.162061][ T294] ? __kasan_check_read+0x11/0x20 [ 28.166921][ T294] ? cgroup_update_frozen+0x15f/0x980 [ 28.172221][ T294] schedule+0xc3/0x180 [ 28.176122][ T294] ptrace_stop+0x54f/0x930 [ 28.180376][ T294] ptrace_notify+0x225/0x350 [ 28.184802][ T294] ? do_notify_parent+0xa20/0xa20 [ 28.189664][ T294] ? __kasan_check_write+0x14/0x20 [ 28.194640][ T294] ? __bpf_trace_sys_enter+0x62/0x70 [ 28.199734][ T294] syscall_exit_to_user_mode+0xa2/0x140 [ 28.205110][ T294] do_syscall_64+0x49/0xb0 [ 28.209455][ T294] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 28.215178][ T294] RIP: 0033:0x7ff94a36b973 [ 28.219441][ T294] Code: fe ff e9 41 ff ff ff 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 80 3d 11 b7 07 00 00 49 89 ca 74 14 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5d c3 0f 1f 40 00 48 83 ec 28 89 54 24 14 48 [ 28.238872][ T294] RSP: 002b:00007ffeffd24c48 EFLAGS: 00000202 ORIG_RAX: 000000000000003d [ 28.247119][ T294] RAX: 0000000000000000 RBX: 000000000000015d RCX: 00007ff94a36b973 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 350] <... bpf resumed>) = 7 [ 28.254935][ T294] RDX: 0000000040000001 RSI: 00007ffeffd24c5c RDI: 00000000ffffffff [ 28.262747][ T294] RBP: 00000000000f4240 R08: 00007ffeffd47080 R09: 00007ffeffd470b0 [ 28.270550][ T294] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000006c8c [ 28.278362][ T294] R13: 00007ffeffd24c5c R14: 00007ffeffd24c70 R15: 00007ffeffd24c60 [ 28.286178][ T294] [ 28.290673][ T28] audit: type=1400 audit(1716267927.120:73): avc: denied { remove_name } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 28.291131][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000102, exited with 00000101? [ 28.324390][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 28.331796][ T290] Modules linked in: [ 28.335571][ T290] Preemption disabled at: [ 28.335580][ T290] [] pipe_write+0x14b2/0x1990 [ 28.345801][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 28.357118][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.367010][ T290] Call Trace: [ 28.370135][ T290] [ 28.372973][ T290] dump_stack_lvl+0x151/0x1b7 [ 28.377422][ T290] ? pipe_write+0x14b2/0x1990 [ 28.382055][ T290] ? pipe_write+0x14b2/0x1990 [ 28.386548][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 28.391835][ T290] ? pipe_write+0x14b2/0x1990 [ 28.396371][ T290] dump_stack+0x15/0x1b [ 28.400377][ T290] __schedule_bug+0x195/0x260 [ 28.404850][ T290] ? __kasan_check_read+0x11/0x20 [ 28.409713][ T290] ? rb_commit+0x732/0x780 [ 28.413962][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 28.419262][ T290] ? copy_page_from_iter+0x23b/0x2b0 [ 28.424384][ T290] __schedule+0xcf7/0x1550 [ 28.428631][ T290] ? _raw_spin_lock+0x1b0/0x1b0 [ 28.433318][ T290] ? __sched_text_start+0x8/0x8 [ 28.438094][ T290] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 28.443735][ T290] schedule+0xc3/0x180 [ 28.447640][ T290] do_wait+0x6e7/0xa10 [ 28.451547][ T290] kernel_wait4+0x29e/0x3d0 [ 28.455891][ T290] ? __ia32_sys_waitid+0xd0/0xd0 [ 28.460660][ T290] ? kernel_waitid+0x520/0x520 [ 28.465431][ T290] ? bpf_trace_run2+0xe9/0x290 [ 28.470032][ T290] __x64_sys_wait4+0x130/0x1e0 [ 28.474633][ T290] ? kernel_wait+0x230/0x230 [ 28.479064][ T290] ? __bpf_trace_sys_enter+0x62/0x70 [ 28.484181][ T290] ? syscall_enter_from_user_mode+0x12c/0x190 [ 28.490083][ T290] do_syscall_64+0x3d/0xb0 [ 28.494422][ T290] ? sysvec_call_function_single+0x52/0xb0 [ 28.500063][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 28.505796][ T290] RIP: 0033:0x4d49a6 [ 28.509522][ T290] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 28.528964][ T290] RSP: 002b:00007fffd8af62e8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 28.537205][ T290] RAX: ffffffffffffffda RBX: 00000000017812f8 RCX: 00000000004d49a6 [ 28.545019][ T290] RDX: 0000000040000000 RSI: 00007fffd8af630c RDI: 00000000ffffffff [ 28.552831][ T290] RBP: 0000000000000000 R08: 0000000000000017 R09: 0000000000000000 [pid 350] exit_group(0) = ? ./strace-static-x86_64: Process 352 attached [pid 352] set_robust_list(0x555556b3d660, 24 [pid 298] <... clone resumed>, child_tidptr=0x555556b3d650) = 352 [pid 352] <... set_robust_list resumed>) = 0 [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 352] <... prctl resumed>) = 0 [pid 352] setpgid(0, 0 [pid 295] <... clone resumed>, child_tidptr=0x555556b3d650) = 354 [pid 352] <... setpgid resumed>) = 0 [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 352] write(3, "1000", 4) = 4 [pid 352] close(3) = 0 executing program [pid 352] write(1, "executing program\n", 18) = 18 [pid 352] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 352] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 executing program [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 354 attached [pid 354] set_robust_list(0x555556b3d660, 24) = 0 [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 354] setpgid(0, 0) = 0 [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 354] write(3, "1000", 4) = 4 [pid 354] close(3) = 0 [pid 354] write(1, "executing program\n", 18) = 18 [pid 354] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 354] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 352] <... bpf resumed>) = 4 [pid 349] <... bpf resumed>) = 7 [pid 354] <... bpf resumed>) = 4 [pid 348] <... bpf resumed>) = 7 [pid 354] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 350] +++ exited with 0 +++ [pid 349] exit_group(0 [pid 348] exit_group(0 [pid 354] <... bpf resumed>) = 5 [pid 352] <... bpf resumed>) = 5 [pid 348] <... exit_group resumed>) = ? [pid 354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 354] <... bpf resumed>) = 6 [pid 352] <... bpf resumed>) = 6 [pid 354] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 349] <... exit_group resumed>) = ? [ 28.560649][ T290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001788350 [ 28.568539][ T290] R13: 0000000000000000 R14: 00007fffd8af630c R15: 0000000000617180 [ 28.576550][ T290] [ 28.581831][ T28] audit: type=1400 audit(1716267927.120:74): avc: denied { rename } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 28.605044][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000102, exited with 00000101? [ 28.617035][ T297] BUG: scheduling while atomic: syz-executor239/297/0x00000002 [ 28.624421][ T297] Modules linked in: [ 28.628129][ T297] Preemption disabled at: [ 28.628136][ T297] [] ptrace_stop+0x57e/0x930 [ 28.638292][ T297] CPU: 1 PID: 297 Comm: syz-executor239 Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 28.649653][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.659727][ T297] Call Trace: [ 28.662847][ T297] [ 28.665713][ T297] dump_stack_lvl+0x151/0x1b7 [ 28.670310][ T297] ? ptrace_stop+0x57e/0x930 [ 28.674737][ T297] ? ptrace_stop+0x57e/0x930 [ 28.679166][ T297] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 28.684461][ T297] ? ptrace_stop+0x57e/0x930 [ 28.688885][ T297] dump_stack+0x15/0x1b [ 28.692879][ T297] __schedule_bug+0x195/0x260 [ 28.697475][ T297] ? irqentry_exit+0x30/0x40 [ 28.701901][ T297] ? sysvec_irq_work+0x52/0xb0 [ 28.706507][ T297] ? cpu_util_update_eff+0x10e0/0x10e0 [ 28.711801][ T297] __schedule+0xcf7/0x1550 [ 28.716054][ T297] ? __kasan_check_write+0x14/0x20 [ 28.721085][ T297] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 28.726033][ T297] ? __sched_text_start+0x8/0x8 [ 28.730716][ T297] ? __kasan_check_read+0x11/0x20 [ 28.735577][ T297] ? cgroup_update_frozen+0x15f/0x980 [ 28.740877][ T297] ? ptrace_stop+0x367/0x930 [ 28.745300][ T297] schedule+0xc3/0x180 [ 28.749206][ T297] ptrace_stop+0x54f/0x930 [ 28.753466][ T297] ptrace_notify+0x225/0x350 [ 28.757884][ T297] ? do_notify_parent+0xa20/0xa20 [ 28.762846][ T297] ? __bpf_trace_sys_enter+0x62/0x70 [ 28.767962][ T297] ? __traceiter_sys_enter+0x2a/0x40 [ 28.773090][ T297] syscall_exit_to_user_mode+0xa2/0x140 [ 28.778463][ T297] do_syscall_64+0x49/0xb0 [ 28.782714][ T297] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 28.788356][ T297] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 28.794095][ T297] RIP: 0033:0x7ff94a36b973 [ 28.798347][ T297] Code: fe ff e9 41 ff ff ff 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 80 3d 11 b7 07 00 00 49 89 ca 74 14 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5d c3 0f 1f 40 00 48 83 ec 28 89 54 24 14 48 [ 28.817778][ T297] RSP: 002b:00007ffeffd24c48 EFLAGS: 00000202 ORIG_RAX: 000000000000003d [ 28.826142][ T297] RAX: 000000000000015e RBX: 000000000000015e RCX: 00007ff94a36b973 [ 28.833947][ T297] RDX: 0000000040000001 RSI: 00007ffeffd24c5c RDI: 00000000ffffffff [ 28.841762][ T297] RBP: 00000000000f4240 R08: 00007ffeffd47080 R09: 00007ffeffd470b0 [ 28.849657][ T297] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000006ca9 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 348] +++ exited with 0 +++ [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 352] <... bpf resumed>) = 7 [pid 354] <... bpf resumed>) = 7 [pid 349] +++ exited with 0 +++ [pid 354] exit_group(0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] <... clone resumed>, child_tidptr=0x555556b3d650) = 355 [pid 352] exit_group(0) = ? [pid 354] <... exit_group resumed>) = ? [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- [pid 296] <... restart_syscall resumed>) = 0 [pid 294] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x555556b3d660, 24) = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 294] <... restart_syscall resumed>) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 355] <... openat resumed>) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 executing program [pid 355] write(1, "executing program\n", 18 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 355] <... write resumed>) = 18 [pid 355] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 296] <... clone resumed>, child_tidptr=0x555556b3d650) = 356 [pid 355] <... bpf resumed>) = 3 [pid 294] <... clone resumed>, child_tidptr=0x555556b3d650) = 357 [pid 355] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 357 attached ./strace-static-x86_64: Process 356 attached [ 28.857583][ T297] R13: 00007ffeffd24c5c R14: 00007ffeffd24c70 R15: 00007ffeffd24c60 [ 28.865407][ T297] [ 28.876753][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 28.888196][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 28.895842][ T290] Modules linked in: [ 28.899588][ T290] Preemption disabled at: [ 28.899601][ T290] [] remove_wait_queue+0x26/0x140 [ 28.910147][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 28.921540][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.931497][ T290] Call Trace: [ 28.934620][ T290] [ 28.937398][ T290] dump_stack_lvl+0x151/0x1b7 [ 28.941906][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 28.947201][ T290] ? dump_stack+0x9/0x1b [ 28.951279][ T290] ? remove_wait_queue+0x26/0x140 [ 28.956141][ T290] dump_stack+0x15/0x1b [ 28.960130][ T290] __schedule_bug+0x195/0x260 [ 28.964648][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 28.969949][ T290] ? file_end_write+0x1c0/0x1c0 [ 28.974634][ T290] __schedule+0xcf7/0x1550 [ 28.978884][ T290] ? __kasan_check_read+0x11/0x20 [ 28.983742][ T290] ? __fdget_pos+0x204/0x390 [ 28.988168][ T290] ? __sched_text_start+0x8/0x8 [ 28.992855][ T290] ? ksys_write+0x24f/0x2c0 [ 28.997193][ T290] schedule+0xc3/0x180 [ 29.001097][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 29.006133][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.011429][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 29.016807][ T290] do_syscall_64+0x49/0xb0 [ 29.021061][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 29.026789][ T290] RIP: 0033:0x4e5c73 [ 29.030519][ T290] Code: c7 c0 b8 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18 [ 29.049986][ T290] RSP: 002b:00007fffd8af5ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 ) = 4 [pid 352] +++ exited with 0 +++ [pid 354] +++ exited with 0 +++ [pid 357] set_robust_list(0x555556b3d660, 24) = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 357] <... prctl resumed>) = 0 [pid 357] setpgid(0, 0) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=19} --- [pid 357] <... openat resumed>) = 3 [pid 357] write(3, "1000", 4) = 4 [pid 357] close(3) = 0 executing program [pid 357] write(1, "executing program\n", 18) = 18 [pid 357] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 357] <... bpf resumed>) = 3 [pid 357] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555556b3d650) = 358 [pid 295] <... restart_syscall resumed>) = 0 [pid 357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] <... bpf resumed>) = 4 [pid 357] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x555556b3d660, 24) = 0 [pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] <... clone resumed>, child_tidptr=0x555556b3d650) = 359 [pid 358] <... prctl resumed>) = 0 [pid 358] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 359 attached [pid 356] set_robust_list(0x555556b3d660, 24 [pid 355] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 356] <... set_robust_list resumed>) = 0 [pid 359] set_robust_list(0x555556b3d660, 24 [pid 358] write(3, "1000", 4) = 4 [pid 358] close(3executing program ) = 0 [pid 358] write(1, "executing program\n", 18) = 18 [pid 358] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 359] <... set_robust_list resumed>) = 0 [pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 358] <... bpf resumed>) = 3 [pid 358] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 356] <... prctl resumed>) = 0 [pid 358] <... bpf resumed>) = 0 [pid 356] setpgid(0, 0 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 358] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 359] <... prctl resumed>) = 0 [pid 356] <... setpgid resumed>) = 0 [pid 359] setpgid(0, 0 [pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 359] <... setpgid resumed>) = 0 [pid 356] write(3, "1000", 4) = 4 [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 356] close(3 [pid 358] <... bpf resumed>) = 4 executing program [pid 356] <... close resumed>) = 0 [pid 356] write(1, "executing program\n", 18) = 18 [pid 359] <... openat resumed>) = 3 [pid 359] write(3, "1000", 4) = 4 [pid 356] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 359] close(3 [pid 356] <... bpf resumed>) = 3 [pid 359] <... close resumed>) = 0 [pid 356] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 359] write(1, "executing program\n", 18 [pid 358] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16executing program [pid 359] <... write resumed>) = 18 [pid 356] <... bpf resumed>) = 4 [pid 359] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 356] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 359] <... bpf resumed>) = 3 [pid 359] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 359] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 359] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 357] <... bpf resumed>) = 5 [pid 355] <... bpf resumed>) = 5 [pid 357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 358] <... bpf resumed>) = 5 [pid 358] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 6 [pid 357] <... bpf resumed>) = 6 [pid 358] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7 [pid 356] <... bpf resumed>) = 5 [pid 357] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 355] <... bpf resumed>) = 6 [pid 356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 355] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 357] <... bpf resumed>) = 7 [pid 358] exit_group(0) = ? [pid 359] <... bpf resumed>) = 5 [pid 358] +++ exited with 0 +++ [pid 357] exit_group(0 [pid 356] <... bpf resumed>) = 6 [pid 355] <... bpf resumed>) = 7 [pid 359] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 357] <... exit_group resumed>) = ? [pid 356] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 355] exit_group(0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=358, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 356] <... bpf resumed>) = 7 [pid 355] <... exit_group resumed>) = ? [pid 357] +++ exited with 0 +++ [ 29.058219][ T290] RAX: 000000000000002d RBX: 000000000000002d RCX: 00000000004e5c73 [ 29.066129][ T290] RDX: 000000000000002d RSI: 0000000001784000 RDI: 0000000000000002 [ 29.073951][ T290] RBP: 0000000001784000 R08: 00000000ffffffff R09: 000000000000002c [ 29.081740][ T290] R10: 00000000017828d0 R11: 0000000000000246 R12: 000000000000002d [ 29.089549][ T290] R13: 0000000000617480 R14: 000000000000002d R15: 0000000000000001 [ 29.097369][ T290] [ 29.128012][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 29.139449][ T288] BUG: scheduling while atomic: sshd/288/0x00000002 [ 29.145926][ T288] Modules linked in: [ 29.149546][ T288] Preemption disabled at: [ 29.149562][ T288] [] __set_current_blocked+0x11b/0x2f0 [ 29.160572][ T288] CPU: 1 PID: 288 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 29.171076][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.181053][ T288] Call Trace: [ 29.184176][ T288] [ 29.186954][ T288] dump_stack_lvl+0x151/0x1b7 [ 29.191465][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 29.196762][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 29.202058][ T288] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 29.207355][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 29.212646][ T288] dump_stack+0x15/0x1b [ 29.216633][ T288] __schedule_bug+0x195/0x260 [ 29.221153][ T288] ? cpu_util_update_eff+0x10e0/0x10e0 [ 29.226451][ T288] __schedule+0xcf7/0x1550 [ 29.230696][ T288] ? __kasan_check_read+0x11/0x20 [ 29.235561][ T288] ? _copy_to_user+0x74/0x90 [ 29.239980][ T288] ? __sched_text_start+0x8/0x8 [ 29.244755][ T288] ? __se_sys_rt_sigprocmask+0x311/0x380 [ 29.250232][ T288] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 29.255614][ T288] schedule+0xc3/0x180 [ 29.259518][ T288] exit_to_user_mode_loop+0x4e/0xa0 [ 29.264553][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.269849][ T288] syscall_exit_to_user_mode+0x26/0x140 [ 29.275226][ T288] do_syscall_64+0x49/0xb0 [ 29.279478][ T288] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 29.285203][ T288] RIP: 0033:0x7fa4bbcc2773 [ 29.289455][ T288] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41 [ 29.308898][ T288] RSP: 002b:00007ffceeae4040 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 29.317137][ T288] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007fa4bbcc2773 [pid 356] exit_group(0 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 359] <... bpf resumed>) = 6 [pid 356] <... exit_group resumed>) = ? [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 298] <... clone resumed>, child_tidptr=0x555556b3d650) = 360 [pid 294] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 361 ./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x555556b3d660, 24) = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] write(1, "executing program\n", 18) = 18 [pid 360] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 360] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 360] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 360] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16./strace-static-x86_64: Process 361 attached [pid 361] set_robust_list(0x555556b3d660, 24) = 0 [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 361] setpgid(0, 0) = 0 [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 361] write(3, "1000", 4) = 4 [pid 361] close(3) = 0 [pid 361] write(1, "executing program\n", 18) = 18 [pid 361] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 361] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 361] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 361] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16executing program executing program [pid 355] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 363 attached , child_tidptr=0x555556b3d650) = 363 [pid 363] set_robust_list(0x555556b3d660, 24) = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 executing program [pid 363] write(1, "executing program\n", 18) = 18 [pid 363] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 363] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 363] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 363] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 356] +++ exited with 0 +++ [pid 359] <... bpf resumed>) = 7 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 360] <... bpf resumed>) = 5 [pid 363] <... bpf resumed>) = 5 [pid 361] <... bpf resumed>) = 5 [pid 359] exit_group(0 [pid 296] restart_syscall(<... resuming interrupted clone ...> [ 29.324962][ T288] RDX: 00007ffceeae4128 RSI: 00007ffceeae40a8 RDI: 0000000000000001 [ 29.332889][ T288] RBP: 0000563e89f665e0 R08: 0000000000000001 R09: 0000000000000000 [ 29.340786][ T288] R10: 0000000000000008 R11: 0000000000000246 R12: 0000563e88b5baa4 [ 29.348599][ T288] R13: 000000000000001d R14: 0000563e88b5c3e8 R15: 00007ffceeae40a8 [ 29.356414][ T288] [pid 363] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [ 29.382471][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 29.393920][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 29.401538][ T290] Modules linked in: [ 29.405265][ T290] Preemption disabled at: [ 29.405271][ T290] [] __lock_task_sighand+0x6b/0x100 [ 29.416055][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 29.427377][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.437444][ T290] Call Trace: [ 29.440568][ T290] [ 29.443345][ T290] dump_stack_lvl+0x151/0x1b7 [ 29.447858][ T290] ? __lock_task_sighand+0x6b/0x100 [ 29.452893][ T290] ? __lock_task_sighand+0x6b/0x100 [ 29.457934][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 29.463248][ T290] ? fsnotify_perm+0x6a/0x5d0 [ 29.467737][ T290] ? __lock_task_sighand+0x6b/0x100 [ 29.472769][ T290] dump_stack+0x15/0x1b [ 29.476760][ T290] __schedule_bug+0x195/0x260 [ 29.481280][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 29.486571][ T290] ? file_end_write+0x1c0/0x1c0 [ 29.491254][ T290] __schedule+0xcf7/0x1550 [ 29.495596][ T290] ? __kasan_check_read+0x11/0x20 [ 29.500453][ T290] ? __fdget_pos+0x204/0x390 [ 29.504880][ T290] ? __sched_text_start+0x8/0x8 [ 29.509567][ T290] ? ksys_write+0x24f/0x2c0 [ 29.513910][ T290] ? bpf_trace_run1+0x240/0x240 [ 29.518594][ T290] schedule+0xc3/0x180 [ 29.522620][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 29.527686][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.532954][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 29.538326][ T290] do_syscall_64+0x49/0xb0 [ 29.542582][ T290] ? sysvec_call_function_single+0x52/0xb0 [ 29.548225][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 29.553951][ T290] RIP: 0033:0x4e5c73 [ 29.557683][ T290] Code: c7 c0 b8 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18 [pid 361] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 360] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 359] <... exit_group resumed>) = ? [pid 296] <... restart_syscall resumed>) = 0 [pid 363] <... bpf resumed>) = 6 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 364 [pid 361] <... bpf resumed>) = 6 [pid 361] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 360] <... bpf resumed>) = 6 [pid 359] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 360] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 363] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x555556b3d660, 24 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 364] <... set_robust_list resumed>) = 0 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 364] setpgid(0, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 365 attached [pid 295] <... clone resumed>, child_tidptr=0x555556b3d650) = 365 [pid 365] set_robust_list(0x555556b3d660, 24 [pid 364] <... openat resumed>) = 3 [pid 365] <... set_robust_list resumed>) = 0 [pid 364] write(3, "1000", 4) = 4 [pid 364] close(3) = 0 executing program [pid 364] write(1, "executing program\n", 18) = 18 [pid 364] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 364] <... bpf resumed>) = 3 [pid 364] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 365] <... prctl resumed>) = 0 [pid 364] <... bpf resumed>) = 0 [pid 364] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 365] setpgid(0, 0) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 364] <... bpf resumed>) = 4 [pid 364] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 365] <... openat resumed>) = 3 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 executing program [pid 365] write(1, "executing program\n", 18) = 18 [pid 365] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 365] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 365] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 365] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 361] <... bpf resumed>) = 7 [pid 363] <... bpf resumed>) = 7 [pid 360] <... bpf resumed>) = 7 [ 29.577140][ T290] RSP: 002b:00007fffd8af60d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 29.585366][ T290] RAX: 0000000000000012 RBX: 0000000000000012 RCX: 00000000004e5c73 [ 29.593178][ T290] RDX: 0000000000000012 RSI: 0000000001784000 RDI: 0000000000000002 [ 29.601091][ T290] RBP: 0000000001784000 R08: 0000000000000000 R09: 0000000000000002 [ 29.608888][ T290] R10: 000000000063c820 R11: 0000000000000246 R12: 0000000000000012 [ 29.616698][ T290] R13: 0000000000617480 R14: 0000000000000012 R15: 0000000000000001 [ 29.624517][ T290] [pid 363] exit_group(0 [pid 361] exit_group(0 [pid 360] exit_group(0 [pid 363] <... exit_group resumed>) = ? [pid 361] <... exit_group resumed>) = ? [pid 360] <... exit_group resumed>) = ? [ 29.641949][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 29.653391][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 29.660885][ T290] Modules linked in: [ 29.664829][ T290] Preemption disabled at: [ 29.664836][ T290] [] remove_wait_queue+0x26/0x140 [ 29.675518][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 29.686793][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.696683][ T290] Call Trace: [ 29.699809][ T290] [ 29.702586][ T290] dump_stack_lvl+0x151/0x1b7 [ 29.707098][ T290] ? remove_wait_queue+0x26/0x140 [ 29.711958][ T290] ? remove_wait_queue+0x26/0x140 [ 29.716817][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 29.722113][ T290] ? remove_wait_queue+0x26/0x140 [ 29.726970][ T290] dump_stack+0x15/0x1b [ 29.730971][ T290] __schedule_bug+0x195/0x260 [ 29.735478][ T290] ? __ia32_sys_waitid+0xd0/0xd0 [ 29.740249][ T290] ? bpf_trace_printk+0x1be/0x300 [ 29.745113][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 29.750405][ T290] ? kernel_waitid+0x520/0x520 [ 29.755008][ T290] __schedule+0xcf7/0x1550 [ 29.759259][ T290] ? __x64_sys_wait4+0x181/0x1e0 [ 29.764033][ T290] ? bpf_trace_run2+0x138/0x290 [ 29.768718][ T290] ? __sched_text_start+0x8/0x8 [ 29.773408][ T290] schedule+0xc3/0x180 [ 29.777313][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 29.782346][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 29.787639][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 29.793023][ T290] do_syscall_64+0x49/0xb0 [ 29.797273][ T290] ? sysvec_call_function_single+0x52/0xb0 [ 29.802923][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 29.808641][ T290] RIP: 0033:0x4d49a6 [ 29.812376][ T290] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 29.831816][ T290] RSP: 002b:00007fffd8af62e8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [pid 365] <... bpf resumed>) = 5 [pid 364] <... bpf resumed>) = 5 [pid 363] +++ exited with 0 +++ [pid 361] +++ exited with 0 +++ [pid 360] +++ exited with 0 +++ [pid 365] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 364] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 365] <... bpf resumed>) = 6 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 365] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 364] <... bpf resumed>) = 6 [pid 365] <... bpf resumed>) = 7 [ 29.840061][ T290] RAX: 000000000000016c RBX: 0000000000000001 RCX: 00000000004d49a6 [ 29.847873][ T290] RDX: 0000000040000001 RSI: 00007fffd8af630c RDI: 00000000ffffffff [ 29.855682][ T290] RBP: 0000000001783770 R08: 0000000000000000 R09: 0000000000000000 [ 29.863494][ T290] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000017882c0 [ 29.871306][ T290] R13: 000000000000016d R14: 00007fffd8af630c R15: 0000000000617180 [ 29.879238][ T290] [ 29.887035][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 29.898447][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 29.905909][ T290] Modules linked in: [ 29.909623][ T290] Preemption disabled at: [ 29.909634][ T290] [] remove_wait_queue+0x26/0x140 [ 29.920208][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 29.931570][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 29.941581][ T290] Call Trace: [ 29.944678][ T290] [ 29.947456][ T290] dump_stack_lvl+0x151/0x1b7 [ 29.951967][ T290] ? remove_wait_queue+0x26/0x140 [ 29.956859][ T290] ? remove_wait_queue+0x26/0x140 [ 29.961688][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 29.966984][ T290] ? remove_wait_queue+0x26/0x140 [ 29.971859][ T290] dump_stack+0x15/0x1b [ 29.975834][ T290] __schedule_bug+0x195/0x260 [ 29.980349][ T290] ? __ia32_sys_waitid+0xd0/0xd0 [ 29.985129][ T290] ? bpf_trace_printk+0x1be/0x300 [ 29.989995][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 29.995279][ T290] ? kernel_waitid+0x520/0x520 [ 29.999878][ T290] __schedule+0xcf7/0x1550 [ 30.004130][ T290] ? __x64_sys_wait4+0x181/0x1e0 [ 30.008992][ T290] ? bpf_trace_run2+0x138/0x290 [ 30.013677][ T290] ? __sched_text_start+0x8/0x8 [ 30.018367][ T290] schedule+0xc3/0x180 [ 30.022272][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 30.027301][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.032597][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 30.037978][ T290] do_syscall_64+0x49/0xb0 [ 30.042232][ T290] ? sysvec_call_function_single+0x52/0xb0 [ 30.047874][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 30.053601][ T290] RIP: 0033:0x4d49a6 [ 30.057350][ T290] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 30.076787][ T290] RSP: 002b:00007fffd8af62e8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 30.085107][ T290] RAX: 0000000000000126 RBX: 0000000000000006 RCX: 00000000004d49a6 [pid 364] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 365] exit_group(0 [pid 364] <... bpf resumed>) = 7 [pid 365] <... exit_group resumed>) = ? [pid 364] exit_group(0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 364] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 368 attached ./strace-static-x86_64: Process 367 attached ./strace-static-x86_64: Process 366 attached [pid 298] <... clone resumed>, child_tidptr=0x555556b3d650) = 366 [pid 368] set_robust_list(0x555556b3d660, 24 [pid 367] set_robust_list(0x555556b3d660, 24 [pid 366] set_robust_list(0x555556b3d660, 24 [pid 297] <... clone resumed>, child_tidptr=0x555556b3d650) = 368 [pid 294] <... clone resumed>, child_tidptr=0x555556b3d650) = 367 [pid 368] <... set_robust_list resumed>) = 0 [pid 367] <... set_robust_list resumed>) = 0 [pid 366] <... set_robust_list resumed>) = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL [ 30.092919][ T290] RDX: 0000000040000001 RSI: 00007fffd8af630c RDI: 00000000ffffffff [ 30.100728][ T290] RBP: 00000000017830e0 R08: 0000000000000000 R09: 0000000000000000 [ 30.108697][ T290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001788590 [ 30.116507][ T290] R13: 0000000000000127 R14: 00007fffd8af630c R15: 0000000000617180 [ 30.124319][ T290] [ 30.133023][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 30.144587][ T288] BUG: scheduling while atomic: sshd/288/0x00000002 [ 30.151245][ T288] Modules linked in: [ 30.154962][ T288] Preemption disabled at: [ 30.154974][ T288] [] pipe_read+0x5b3/0x1040 [ 30.165056][ T288] CPU: 1 PID: 288 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 30.175437][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 30.185379][ T288] Call Trace: [ 30.188463][ T288] [ 30.191300][ T288] dump_stack_lvl+0x151/0x1b7 [ 30.195756][ T288] ? pipe_read+0x5b3/0x1040 [ 30.200087][ T288] ? pipe_read+0x5b3/0x1040 [ 30.204518][ T288] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 30.209815][ T288] ? pipe_read+0x5b3/0x1040 [ 30.214153][ T288] dump_stack+0x15/0x1b [ 30.218141][ T288] __schedule_bug+0x195/0x260 [ 30.222659][ T288] ? bpf_bprintf_cleanup+0x4f/0x60 [ 30.227605][ T288] ? bpf_trace_printk+0x1be/0x300 [ 30.232461][ T288] ? cpu_util_update_eff+0x10e0/0x10e0 [ 30.237769][ T288] ? bpf_probe_write_user+0xf0/0xf0 [ 30.242788][ T288] ? bpf_trace_run2+0xe9/0x290 [ 30.247404][ T288] __schedule+0xcf7/0x1550 [ 30.251650][ T288] ? bpf_trace_run2+0x138/0x290 [ 30.256420][ T288] ? __sched_text_start+0x8/0x8 [ 30.261105][ T288] ? bpf_trace_run1+0x240/0x240 [ 30.265790][ T288] ? ksys_read+0x24f/0x2c0 [ 30.270046][ T288] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 30.275428][ T288] schedule+0xc3/0x180 [ 30.279335][ T288] exit_to_user_mode_loop+0x4e/0xa0 [ 30.284370][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.289659][ T288] syscall_exit_to_user_mode+0x26/0x140 [ 30.295047][ T288] do_syscall_64+0x49/0xb0 [ 30.299293][ T288] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 30.305026][ T288] RIP: 0033:0x7fa4bbcfd587 [ 30.309280][ T288] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 30.328823][ T288] RSP: 002b:00007ffceeae3968 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 30.337145][ T288] RAX: 0000000000000120 RBX: 0000000000000000 RCX: 00007fa4bbcfd587 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 368] <... prctl resumed>) = 0 [pid 367] <... prctl resumed>) = 0 executing program executing program executing program [pid 366] <... prctl resumed>) = 0 [pid 368] setpgid(0, 0 [pid 367] setpgid(0, 0 [pid 366] setpgid(0, 0 [pid 368] <... setpgid resumed>) = 0 [pid 367] <... setpgid resumed>) = 0 [pid 366] <... setpgid resumed>) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 368] <... openat resumed>) = 3 [pid 367] <... openat resumed>) = 3 [pid 366] <... openat resumed>) = 3 [pid 368] write(3, "1000", 4 [pid 367] write(3, "1000", 4 [pid 366] write(3, "1000", 4 [pid 368] <... write resumed>) = 4 [pid 367] <... write resumed>) = 4 [pid 366] <... write resumed>) = 4 [pid 368] close(3 [pid 367] close(3 [pid 366] close(3 [pid 368] <... close resumed>) = 0 [pid 367] <... close resumed>) = 0 [pid 366] <... close resumed>) = 0 [pid 368] write(1, "executing program\n", 18 [pid 367] write(1, "executing program\n", 18 [pid 366] write(1, "executing program\n", 18 [pid 368] <... write resumed>) = 18 [pid 367] <... write resumed>) = 18 [pid 366] <... write resumed>) = 18 [pid 368] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 367] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 366] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 368] <... bpf resumed>) = 3 [pid 367] <... bpf resumed>) = 3 [pid 366] <... bpf resumed>) = 3 [pid 368] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 367] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 366] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 368] <... bpf resumed>) = 0 [pid 367] <... bpf resumed>) = 0 [pid 366] <... bpf resumed>) = 0 [pid 368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 367] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 366] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 368] <... bpf resumed>) = 4 [pid 367] <... bpf resumed>) = 4 [pid 366] <... bpf resumed>) = 4 [pid 368] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 367] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 366] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 365] +++ exited with 0 +++ [pid 364] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=364, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone resumed>, child_tidptr=0x555556b3d650) = 370 [pid 295] <... clone resumed>, child_tidptr=0x555556b3d650) = 371 ./strace-static-x86_64: Process 371 attached ./strace-static-x86_64: Process 370 attached [pid 371] set_robust_list(0x555556b3d660, 24) = 0 [pid 370] set_robust_list(0x555556b3d660, 24 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 371] setpgid(0, 0) = 0 [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 371] write(3, "1000", 4 [pid 370] <... set_robust_list resumed>) = 0 [pid 368] <... bpf resumed>) = 5 [pid 367] <... bpf resumed>) = 5 [pid 366] <... bpf resumed>) = 5 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73executing program executing program [pid 367] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 366] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 371] <... write resumed>) = 4 [pid 370] <... prctl resumed>) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4 [pid 368] <... bpf resumed>) = 6 [pid 370] <... write resumed>) = 4 [pid 370] close(3) = 0 [pid 370] write(1, "executing program\n", 18) = 18 [pid 370] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 370] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 370] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 366] <... bpf resumed>) = 6 [pid 370] <... bpf resumed>) = 4 [pid 371] close(3 [pid 367] <... bpf resumed>) = 6 [pid 368] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 366] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 367] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 371] <... close resumed>) = 0 [pid 371] write(1, "executing program\n", 18 [pid 368] <... bpf resumed>) = 7 [pid 371] <... write resumed>) = 18 [pid 367] <... bpf resumed>) = 7 [pid 366] <... bpf resumed>) = 7 [pid 368] exit_group(0 [pid 367] exit_group(0 [pid 368] <... exit_group resumed>) = ? [pid 367] <... exit_group resumed>) = ? [pid 366] exit_group(0 [pid 371] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 370] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 371] <... bpf resumed>) = 3 [pid 370] <... bpf resumed>) = 5 [pid 368] +++ exited with 0 +++ [pid 366] <... exit_group resumed>) = ? [pid 371] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 [pid 370] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 371] <... bpf resumed>) = 0 [pid 370] <... bpf resumed>) = 6 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 371] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 370] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 371] <... bpf resumed>) = 4 [pid 371] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 297] <... clone resumed>, child_tidptr=0x555556b3d650) = 372 ./strace-static-x86_64: Process 372 attached [ 30.345068][ T288] RDX: 0000000000000b29 RSI: 0000563e88b66fe0 RDI: 0000563e88b64937 [ 30.352878][ T288] RBP: 0000563e88b65e06 R08: 0000000000000006 R09: 0000000000000000 [ 30.360683][ T288] R10: 0000563e88b65e06 R11: 0000000000000246 R12: 0000563e88b64937 [ 30.368614][ T288] R13: 0000563e88b66fe0 R14: 0000563e89f6e390 R15: 00007ffceeae3ef0 [ 30.376433][ T288] [ 30.404347][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 30.415832][ T290] BUG: scheduling while atomic: strace-static-x/290/0x00000002 [ 30.423534][ T290] Modules linked in: [ 30.427300][ T290] Preemption disabled at: [ 30.427313][ T290] [] __lock_task_sighand+0x6b/0x100 [ 30.438032][ T290] CPU: 1 PID: 290 Comm: strace-static-x Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 30.449589][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 30.459483][ T290] Call Trace: [ 30.462603][ T290] [ 30.465390][ T290] dump_stack_lvl+0x151/0x1b7 [ 30.469892][ T290] ? __lock_task_sighand+0x6b/0x100 [ 30.475016][ T290] ? __lock_task_sighand+0x6b/0x100 [ 30.479967][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 30.485357][ T290] ? fsnotify_perm+0x6a/0x5d0 [ 30.489858][ T290] ? __lock_task_sighand+0x6b/0x100 [ 30.494976][ T290] dump_stack+0x15/0x1b [ 30.498968][ T290] __schedule_bug+0x195/0x260 [ 30.503569][ T290] ? cpu_util_update_eff+0x10e0/0x10e0 [ 30.508862][ T290] ? file_end_write+0x1c0/0x1c0 [ 30.513549][ T290] __schedule+0xcf7/0x1550 [ 30.517804][ T290] ? __kasan_check_read+0x11/0x20 [ 30.522668][ T290] ? __fdget_pos+0x204/0x390 [ 30.527092][ T290] ? __sched_text_start+0x8/0x8 [ 30.531776][ T290] ? ksys_write+0x24f/0x2c0 [ 30.536134][ T290] schedule+0xc3/0x180 [ 30.540025][ T290] exit_to_user_mode_loop+0x4e/0xa0 [ 30.545055][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.550348][ T290] syscall_exit_to_user_mode+0x26/0x140 [ 30.555749][ T290] do_syscall_64+0x49/0xb0 [ 30.560090][ T290] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 30.565815][ T290] RIP: 0033:0x4e5c73 [ 30.569546][ T290] Code: c7 c0 b8 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18 [ 30.589093][ T290] RSP: 002b:00007fffd8af6178 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 30.597336][ T290] RAX: 000000000000002e RBX: 000000000000002e RCX: 00000000004e5c73 [pid 372] set_robust_list(0x555556b3d660, 24executing program ) = 0 [pid 367] +++ exited with 0 +++ [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 372] setpgid(0, 0) = 0 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 372] write(3, "1000", 4) = 4 [pid 372] close(3) = 0 [pid 372] write(1, "executing program\n", 18) = 18 [pid 372] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 372] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 372] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 372] <... bpf resumed>) = 4 [pid 294] <... clone resumed>, child_tidptr=0x555556b3d650) = 374 [pid 372] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x555556b3d660, 24) = 0 [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 374] setpgid(0, 0) = 0 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 374] write(3, "1000", 4) = 4 [pid 374] close(3) = 0 [pid 374] write(1, "executing program\n", 18executing program ) = 18 [pid 374] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 374] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 374] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 374] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 372] <... bpf resumed>) = 5 [pid 371] <... bpf resumed>) = 5 [pid 370] <... bpf resumed>) = 7 [pid 374] <... bpf resumed>) = 5 [pid 372] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 371] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 370] exit_group(0 [pid 366] +++ exited with 0 +++ [pid 372] <... bpf resumed>) = 6 [pid 371] <... bpf resumed>) = 6 [pid 370] <... exit_group resumed>) = ? [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=21} --- [pid 372] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 371] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 372] <... bpf resumed>) = 7 [pid 371] <... bpf resumed>) = 7 [pid 372] exit_group(0 [pid 371] exit_group(0 [pid 372] <... exit_group resumed>) = ? [pid 371] <... exit_group resumed>) = ? [pid 370] +++ exited with 0 +++ [pid 374] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 375 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 374] <... bpf resumed>) = 6 [pid 298] <... clone resumed>, child_tidptr=0x555556b3d650) = 376 ./strace-static-x86_64: Process 375 attached [ 30.605131][ T290] RDX: 000000000000002e RSI: 0000000001784000 RDI: 0000000000000002 [ 30.612942][ T290] RBP: 0000000001784000 R08: 0000000000000000 R09: 0000000000000002 [ 30.620752][ T290] R10: 00007fffd8af6106 R11: 0000000000000246 R12: 000000000000002e [ 30.628573][ T290] R13: 0000000000617480 R14: 000000000000002e R15: 0000000000617180 [ 30.636378][ T290] [ 30.668539][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 30.679976][ T288] BUG: scheduling while atomic: sshd/288/0x00000002 [ 30.686522][ T288] Modules linked in: [ 30.690245][ T288] Preemption disabled at: [ 30.690253][ T288] [] __set_current_blocked+0x11b/0x2f0 [ 30.701289][ T288] CPU: 1 PID: 288 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 30.712229][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 30.722125][ T288] Call Trace: [ 30.725247][ T288] [ 30.728025][ T288] dump_stack_lvl+0x151/0x1b7 [ 30.732535][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 30.737830][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 30.743127][ T288] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 30.748414][ T288] ? fsnotify_perm+0x470/0x5d0 [ 30.753021][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 30.758312][ T288] dump_stack+0x15/0x1b [ 30.762311][ T288] __schedule_bug+0x195/0x260 [ 30.766812][ T288] ? bpf_bprintf_cleanup+0x4f/0x60 [ 30.771766][ T288] ? cpu_util_update_eff+0x10e0/0x10e0 [ 30.777056][ T288] ? kernel_read+0x1f0/0x1f0 [ 30.781624][ T288] __schedule+0xcf7/0x1550 [ 30.785890][ T288] ? __kasan_check_read+0x11/0x20 [ 30.790727][ T288] ? __fdget_pos+0x204/0x390 [ 30.795153][ T288] ? __sched_text_start+0x8/0x8 [ 30.799844][ T288] ? ksys_read+0x24f/0x2c0 [ 30.804097][ T288] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 30.809475][ T288] schedule+0xc3/0x180 [ 30.813374][ T288] exit_to_user_mode_loop+0x4e/0xa0 [ 30.818417][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.823711][ T288] syscall_exit_to_user_mode+0x26/0x140 [ 30.829086][ T288] do_syscall_64+0x49/0xb0 [ 30.833346][ T288] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 30.839066][ T288] RIP: 0033:0x7fa4bbd16b6a [ 30.843320][ T288] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [pid 374] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x555556b3d660, 24) = 0 [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 376] setpgid(0, 0) = 0 [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] write(3, "1000", 4) = 4 [pid 376] close(3) = 0 [pid 376] write(1, "executing program\n", 18) = 18 [pid 376] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 376] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 376] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 376] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 375] set_robust_list(0x555556b3d660, 24) = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 375] write(1, "executing program\n", 18) = 18 [pid 375] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 375] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 375] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 375] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16executing program executing program [pid 372] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 377 ./strace-static-x86_64: Process 377 attached [pid 377] set_robust_list(0x555556b3d660, 24) = 0 [pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 377] setpgid(0, 0) = 0 [pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 377] write(3, "1000", 4) = 4 [pid 377] close(3) = 0 [pid 377] write(1, "executing program\n", 18executing program ) = 18 [pid 377] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 377] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 377] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 377] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 376] <... bpf resumed>) = 5 [pid 375] <... bpf resumed>) = 5 [pid 371] +++ exited with 0 +++ [pid 374] <... bpf resumed>) = 7 [pid 377] <... bpf resumed>) = 5 [pid 376] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 375] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 374] exit_group(0 [pid 377] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 376] <... bpf resumed>) = 6 [pid 295] <... clone resumed>, child_tidptr=0x555556b3d650) = 378 [pid 376] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 375] <... bpf resumed>) = 6 [pid 374] <... exit_group resumed>) = ? [pid 376] <... bpf resumed>) = 7 [pid 376] exit_group(0 [pid 375] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 376] <... exit_group resumed>) = ? [pid 377] <... bpf resumed>) = 6 [pid 377] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x555556b3d660, 24) = 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setpgid(0, 0) = 0 [ 30.862768][ T288] RSP: 002b:00007ffceeadfef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 30.871015][ T288] RAX: 0000000000000a8e RBX: 0000000000000000 RCX: 00007fa4bbd16b6a [ 30.878834][ T288] RDX: 0000000000004000 RSI: 00007ffceeadff18 RDI: 0000000000000009 [ 30.886719][ T288] RBP: 0000563e89f6e390 R08: 0000000000000000 R09: 0000000000000000 [ 30.894536][ T288] R10: 00007ffceeadff18 R11: 0000000000000246 R12: 0000563e89f665e0 [ 30.902441][ T288] R13: 0000563e88b64937 R14: 0000563e88b67480 R15: 0000563e89f665e0 [ 30.910247][ T288] [ 30.938897][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 30.950429][ T288] BUG: scheduling while atomic: sshd/288/0x00000002 [ 30.956953][ T288] Modules linked in: [ 30.960722][ T288] Preemption disabled at: [ 30.960732][ T288] [] release_sock+0x30/0x1b0 [ 30.970845][ T288] CPU: 1 PID: 288 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 30.981476][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 30.991373][ T288] Call Trace: [ 30.994494][ T288] [ 30.997284][ T288] dump_stack_lvl+0x151/0x1b7 [ 31.001788][ T288] ? release_sock+0x30/0x1b0 [ 31.006212][ T288] ? release_sock+0x30/0x1b0 [ 31.010726][ T288] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 31.016023][ T288] ? release_sock+0x30/0x1b0 [ 31.020443][ T288] dump_stack+0x15/0x1b [ 31.024440][ T288] __schedule_bug+0x195/0x260 [ 31.028956][ T288] ? bpf_bprintf_cleanup+0x4f/0x60 [ 31.033998][ T288] ? bpf_trace_printk+0x1be/0x300 [ 31.038855][ T288] ? cpu_util_update_eff+0x10e0/0x10e0 [ 31.044179][ T288] ? bpf_probe_write_user+0xf0/0xf0 [ 31.049361][ T288] ? bpf_trace_run2+0xe9/0x290 [ 31.053960][ T288] __schedule+0xcf7/0x1550 [ 31.058225][ T288] ? bpf_trace_run2+0x138/0x290 [ 31.062919][ T288] ? __sched_text_start+0x8/0x8 [ 31.067585][ T288] ? bpf_trace_run1+0x240/0x240 [ 31.072267][ T288] ? ksys_write+0x24f/0x2c0 [ 31.076617][ T288] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 31.081992][ T288] schedule+0xc3/0x180 [ 31.085901][ T288] exit_to_user_mode_loop+0x4e/0xa0 [ 31.090943][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 31.096237][ T288] syscall_exit_to_user_mode+0x26/0x140 [ 31.101610][ T288] do_syscall_64+0x49/0xb0 [ 31.105862][ T288] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 31.111587][ T288] RIP: 0033:0x7fa4bbcfd587 [ 31.115836][ T288] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 378] write(3, "1000", 4) = 4 [pid 378] close(3) = 0 [pid 378] write(1, "executing program\n", 18) = 18 [pid 378] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 378] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 378] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 378] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 374] +++ exited with 0 +++ [pid 375] <... bpf resumed>) = 7 [pid 375] exit_group(0 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=374, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 375] <... exit_group resumed>) = ? [ 31.135283][ T288] RSP: 002b:00007ffceeae3958 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 31.143528][ T288] RAX: 0000000000000120 RBX: 0000000000000000 RCX: 00007fa4bbcfd587 [ 31.151339][ T288] RDX: 0000000000000b16 RSI: 0000563e88b66fe0 RDI: 0000563e88b64937 [ 31.159153][ T288] RBP: 0000563e88b65dd0 R08: 0000000000000006 R09: 0000000000000000 [ 31.166964][ T288] R10: 0000563e88b65dd0 R11: 0000000000000246 R12: 0000563e88b64937 [ 31.174772][ T288] R13: 0000563e88b66fe0 R14: 0000563e89f6e390 R15: 00007ffceeae3ee0 [ 31.182596][ T288] [ 31.188891][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 31.200387][ T288] BUG: scheduling while atomic: sshd/288/0x00000002 [ 31.206959][ T288] Modules linked in: [ 31.210666][ T288] Preemption disabled at: [ 31.210678][ T288] [] __set_current_blocked+0x11b/0x2f0 [ 31.221681][ T288] CPU: 1 PID: 288 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 31.232077][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 31.241970][ T288] Call Trace: [ 31.245087][ T288] [ 31.247883][ T288] dump_stack_lvl+0x151/0x1b7 [ 31.252386][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 31.257672][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 31.262972][ T288] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 31.268271][ T288] ? fsnotify_perm+0x470/0x5d0 [ 31.272866][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 31.278161][ T288] dump_stack+0x15/0x1b [ 31.282147][ T288] __schedule_bug+0x195/0x260 [ 31.286660][ T288] ? bpf_bprintf_cleanup+0x4f/0x60 [ 31.291611][ T288] ? cpu_util_update_eff+0x10e0/0x10e0 [ 31.297018][ T288] ? kernel_read+0x1f0/0x1f0 [ 31.301454][ T288] __schedule+0xcf7/0x1550 [ 31.305708][ T288] ? __kasan_check_read+0x11/0x20 [ 31.310557][ T288] ? __fdget_pos+0x204/0x390 [ 31.315102][ T288] ? __sched_text_start+0x8/0x8 [ 31.319790][ T288] ? ksys_read+0x24f/0x2c0 [ 31.324168][ T288] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 31.329628][ T288] schedule+0xc3/0x180 [ 31.333538][ T288] exit_to_user_mode_loop+0x4e/0xa0 [ 31.338567][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 31.343878][ T288] syscall_exit_to_user_mode+0x26/0x140 [ 31.349330][ T288] do_syscall_64+0x49/0xb0 [ 31.353582][ T288] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 31.359316][ T288] RIP: 0033:0x7fa4bbd16b6a [ 31.363563][ T288] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x555556b3d660, 24 [pid 294] <... clone resumed>, child_tidptr=0x555556b3d650) = 379 [pid 379] <... set_robust_list resumed>) = 0 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 379] setpgid(0, 0) = 0 [pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 379] write(3, "1000", 4) = 4 [pid 379] close(3) = 0 [pid 379] write(1, "executing program\n", 18) = 18 [pid 379] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 379] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 379] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 379] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16executing program [pid 377] <... bpf resumed>) = 7 [pid 378] <... bpf resumed>) = 5 [pid 376] +++ exited with 0 +++ [pid 378] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 377] exit_group(0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 377] <... exit_group resumed>) = ? [pid 378] <... bpf resumed>) = 6 [pid 378] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 381 attached , child_tidptr=0x555556b3d650) = 381 [ 31.383031][ T288] RSP: 002b:00007ffceeadfef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 31.391266][ T288] RAX: 0000000000000608 RBX: 0000000000000000 RCX: 00007fa4bbd16b6a [ 31.399056][ T288] RDX: 0000000000004000 RSI: 00007ffceeadff18 RDI: 0000000000000009 [ 31.406867][ T288] RBP: 0000563e89f6e390 R08: 0000000000000000 R09: 0000000000000000 [ 31.414679][ T288] R10: 00007ffceeadff18 R11: 0000000000000246 R12: 0000563e89f665e0 [ 31.422497][ T288] R13: 0000563e88b64937 R14: 0000563e88b67480 R15: 0000563e89f665e0 [ 31.430314][ T288] [ 31.438555][ C1] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102? [ 31.450436][ T288] BUG: scheduling while atomic: sshd/288/0x00000002 [ 31.456963][ T288] Modules linked in: [ 31.460771][ T288] Preemption disabled at: [ 31.460782][ T288] [] __set_current_blocked+0x11b/0x2f0 [ 31.471806][ T288] CPU: 1 PID: 288 Comm: sshd Tainted: G W 6.1.75-syzkaller-00022-g34a15d350726 #0 [ 31.482185][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 31.492086][ T288] Call Trace: [ 31.495209][ T288] [ 31.497978][ T288] dump_stack_lvl+0x151/0x1b7 [ 31.502581][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 31.508226][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 31.513522][ T288] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 31.518911][ T288] ? __set_current_blocked+0x11b/0x2f0 [ 31.524194][ T288] dump_stack+0x15/0x1b [ 31.528184][ T288] __schedule_bug+0x195/0x260 [ 31.532703][ T288] ? cpu_util_update_eff+0x10e0/0x10e0 [ 31.538001][ T288] ? file_end_write+0x1c0/0x1c0 [ 31.542702][ T288] __schedule+0xcf7/0x1550 [ 31.546934][ T288] ? __kasan_check_read+0x11/0x20 [ 31.551878][ T288] ? __fdget_pos+0x204/0x390 [ 31.556316][ T288] ? __sched_text_start+0x8/0x8 [ 31.560997][ T288] ? ksys_write+0x24f/0x2c0 [ 31.565335][ T288] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 31.570714][ T288] schedule+0xc3/0x180 [ 31.574624][ T288] exit_to_user_mode_loop+0x4e/0xa0 [ 31.579667][ T288] exit_to_user_mode_prepare+0x5a/0xa0 [ 31.584945][ T288] syscall_exit_to_user_mode+0x26/0x140 [ 31.590332][ T288] do_syscall_64+0x49/0xb0 [ 31.594580][ T288] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 31.600311][ T288] RIP: 0033:0x7fa4bbd16bf2 [ 31.604563][ T288] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 [ 31.624017][ T288] RSP: 002b:00007ffceeae4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 31.632245][ T288] RAX: 0000000000000054 RBX: 0000000000000054 RCX: 00007fa4bbd16bf2 [pid 381] set_robust_list(0x555556b3d660, 24executing program ) = 0 [pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 381] setpgid(0, 0) = 0 [pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 381] write(3, "1000", 4) = 4 [pid 381] close(3) = 0 [pid 381] write(1, "executing program\n", 18) = 18 [pid 381] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 381] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 381] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 381] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 379] <... bpf resumed>) = 5 [pid 375] +++ exited with 0 +++ [pid 377] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 379] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x20000cc0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=377, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3d650) = 382 ./strace-static-x86_64: Process 382 attached [pid 379] <... bpf resumed>) = 6 [pid 379] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 [pid 382] set_robust_list(0x555556b3d660, 24) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 383 attached [pid 296] <... clone resumed>, child_tidptr=0x555556b3d650) = 383 [pid 383] set_robust_list(0x555556b3d660, 24) = 0 [pid 382] <... prctl resumed>) = 0 [pid 382] setpgid(0, 0 [pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 382] <... setpgid resumed>) = 0 [pid 383] <... prctl resumed>) = 0 [pid 383] setpgid(0, 0) = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 382] <... openat resumed>) = 3 [pid 383] write(3, "1000", 4) = 4 [pid 383] close(3) = 0 [pid 382] write(3, "1000", 4) = 4 [pid 382] close(3executing program [pid 383] write(1, "executing program\n", 18 [pid 382] <... close resumed>) = 0 [pid 383] <... write resumed>) = 18 [pid 383] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 382] write(1, "executing program\n", 18executing program ) = 18 [pid 382] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 383] <... bpf resumed>) = 3 [pid 382] <... bpf resumed>) = 3 [pid 382] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 382] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 383] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [pid 383] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 382] <... bpf resumed>) = 4 [pid 382] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kmem_cache_free", prog_fd=4}}, 16 [pid 383] <... bpf resumed>) = 4