./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor638486877

<...>
Warning: Permanently added '10.128.1.53' (ED25519) to the list of known hosts.
execve("./syz-executor638486877", ["./syz-executor638486877"], 0x7ffc3612a3d0 /* 10 vars */) = 0
brk(NULL)                               = 0x555556ccb000
brk(0x555556ccbd00)                     = 0x555556ccbd00
arch_prctl(ARCH_SET_FS, 0x555556ccb380) = 0
set_tid_address(0x555556ccb650)         = 294
set_robust_list(0x555556ccb660, 24)     = 0
rseq(0x555556ccbca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor638486877", 4096) = 27
getrandom("\xae\xad\x9f\x7b\x5c\xb5\x86\xb4", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555556ccbd00
brk(0x555556cecd00)                     = 0x555556cecd00
brk(0x555556ced000)                     = 0x555556ced000
mprotect(0x7ff340565000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 295
./strace-static-x86_64: Process 295 attached
[pid   295] set_robust_list(0x555556ccb660, 24) = 0
[pid   295] mkdir("./syzkaller.9wBgNv", 0700 <unfinished ...>
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   295] <... mkdir resumed>)        = 0
[pid   295] chmod("./syzkaller.9wBgNv", 0777) = 0
[pid   295] chdir("./syzkaller.9wBgNv") = 0
[pid   295] mkdir("./0", 0777)          = 0
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 297
[pid   294] <... clone resumed>, child_tidptr=0x555556ccb650) = 296
./strace-static-x86_64: Process 296 attached
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   296] set_robust_list(0x555556ccb660, 24) = 0
[pid   296] mkdir("./syzkaller.rLDzHN", 0700) = 0
[pid   296] chmod("./syzkaller.rLDzHN", 0777) = 0
[pid   296] chdir("./syzkaller.rLDzHN") = 0
[pid   296] mkdir("./0", 0777 <unfinished ...>
[pid   294] <... clone resumed>, child_tidptr=0x555556ccb650) = 298
./strace-static-x86_64: Process 297 attached
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   296] <... mkdir resumed>)        = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 299
[pid   294] <... clone resumed>, child_tidptr=0x555556ccb650) = 300
./strace-static-x86_64: Process 300 attached
[pid   300] set_robust_list(0x555556ccb660, 24) = 0
[pid   300] mkdir("./syzkaller.JbWHnD", 0700./strace-static-x86_64: Process 298 attached
 <unfinished ...>
[pid   294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   297] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   300] <... mkdir resumed>)        = 0
[pid   300] chmod("./syzkaller.JbWHnD", 0777) = 0
[pid   300] chdir("./syzkaller.JbWHnD" <unfinished ...>
[pid   297] <... set_robust_list resumed>) = 0
[pid   298] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   300] <... chdir resumed>)        = 0
[pid   300] mkdir("./0", 0777 <unfinished ...>
[pid   298] <... set_robust_list resumed>) = 0
[pid   297] chdir("./0" <unfinished ...>
[pid   300] <... mkdir resumed>)        = 0
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 301 attached
./strace-static-x86_64: Process 299 attached
 <unfinished ...>
[pid   298] mkdir("./syzkaller.NqiWYC", 0700 <unfinished ...>
[pid   297] <... chdir resumed>)        = 0
[pid   294] <... clone resumed>, child_tidptr=0x555556ccb650) = 301
[pid   298] <... mkdir resumed>)        = 0
[pid   297] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   298] chmod("./syzkaller.NqiWYC", 0777 <unfinished ...>
[pid   297] <... prctl resumed>)        = 0
[pid   299] set_robust_list(0x555556ccb660, 24./strace-static-x86_64: Process 302 attached
 <unfinished ...>
[pid   301] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   299] <... set_robust_list resumed>) = 0
[pid   298] <... chmod resumed>)        = 0
[pid   297] setpgid(0, 0 <unfinished ...>
[pid   302] set_robust_list(0x555556ccb660, 24) = 0
[pid   302] chdir("./0")                = 0
[pid   301] <... set_robust_list resumed>) = 0
[pid   300] <... clone resumed>, child_tidptr=0x555556ccb650) = 302
[pid   302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   302] setpgid(0, 0)               = 0
[pid   299] chdir("./0" <unfinished ...>
[pid   298] chdir("./syzkaller.NqiWYC" <unfinished ...>
[pid   297] <... setpgid resumed>)      = 0
[pid   301] mkdir("./syzkaller.h9rBDm", 0700 <unfinished ...>
[pid   302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   298] <... chdir resumed>)        = 0
[pid   299] <... chdir resumed>)        = 0
[pid   302] <... openat resumed>)       = 3
[pid   297] <... openat resumed>)       = 3
[pid   302] write(3, "1000", 4 <unfinished ...>
[pid   298] mkdir("./0", 0777 <unfinished ...>
[pid   299] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   302] <... write resumed>)        = 4
[pid   302] close(3)                    = 0
[pid   302] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   301] <... mkdir resumed>)        = 0
[pid   298] <... mkdir resumed>)        = 0
[pid   299] <... prctl resumed>)        = 0
[pid   301] chmod("./syzkaller.h9rBDm", 0777 <unfinished ...>
[pid   297] write(3, "1000", 4executing program
 <unfinished ...>
[pid   299] setpgid(0, 0 <unfinished ...>
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   297] <... write resumed>)        = 4
[pid   302] <... symlink resumed>)      = 0
[pid   302] write(1, "executing program\n", 18) = 18
[pid   301] <... chmod resumed>)        = 0
[pid   299] <... setpgid resumed>)      = 0
[pid   302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72./strace-static-x86_64: Process 303 attached
 <unfinished ...>
[pid   301] chdir("./syzkaller.h9rBDm" <unfinished ...>
[pid   299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   297] close(3 <unfinished ...>
[pid   301] <... chdir resumed>)        = 0
[pid   299] <... openat resumed>)       = 3
[pid   298] <... clone resumed>, child_tidptr=0x555556ccb650) = 303
[pid   297] <... close resumed>)        = 0
[pid   303] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   302] <... bpf resumed>)          = 3
[pid   301] mkdir("./0", 0777 <unfinished ...>
[pid   299] write(3, "1000", 4 <unfinished ...>
[pid   297] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   301] <... mkdir resumed>)        = 0
[pid   299] <... write resumed>)        = 4
[pid   297] <... symlink resumed>)      = 0
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   299] close(3)                    = 0
executing program
[pid   297] write(1, "executing program\n", 18 <unfinished ...>
[pid   301] <... clone resumed>, child_tidptr=0x555556ccb650) = 304
[pid   299] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   297] <... write resumed>)        = 18
[pid   299] <... symlink resumed>)      = 0
[pid   297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72executing program
 <unfinished ...>
[pid   299] write(1, "executing program\n", 18 <unfinished ...>
[pid   297] <... bpf resumed>)          = 3
[pid   299] <... write resumed>)        = 18
[pid   297] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   297] <... bpf resumed>)          = 0
[pid   299] <... bpf resumed>)          = 3
[pid   297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   299] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   297] <... bpf resumed>)          = 4
[pid   299] <... bpf resumed>)          = 0
[pid   297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 304 attached
 <unfinished ...>
[pid   303] <... set_robust_list resumed>) = 0
[pid   303] chdir("./0")                = 0
[pid   303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   303] setpgid(0, 0)               = 0
[pid   303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   302] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   303] write(3, "1000", 4)         = 4
[pid   303] close(3 <unfinished ...>
[pid   302] <... bpf resumed>)          = 0
[pid   303] <... close resumed>)        = 0
[pid   302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   303] symlink("/dev/binderfs", "./binderfs") = 0
[pid   303] write(1, "executing program\n", 18executing program
) = 18
[pid   303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   303] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[   20.957673][   T28] audit: type=1400 audit(1716247018.727:66): avc:  denied  { execmem } for  pid=294 comm="syz-executor638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   20.973366][   T28] audit: type=1400 audit(1716247018.747:67): avc:  denied  { bpf } for  pid=302 comm="syz-executor638" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   20.977138][   T28] audit: type=1400 audit(1716247018.747:68): avc:  denied  { map_create } for  pid=302 comm="syz-executor638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[pid   303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   304] set_robust_list(0x555556ccb660, 24) = 0
[pid   303] <... bpf resumed>)          = 4
[pid   302] <... bpf resumed>)          = 4
[pid   299] <... bpf resumed>)          = 4
[pid   297] <... bpf resumed>)          = 5
[pid   303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   304] chdir("./0" <unfinished ...>
[pid   297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   304] <... chdir resumed>)        = 0
[pid   303] <... bpf resumed>)          = 5
[pid   299] <... bpf resumed>)          = 5
[pid   303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   304] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   303] <... bpf resumed>)          = 6
[pid   299] <... bpf resumed>)          = 6
[pid   297] <... bpf resumed>)          = 6
[   20.994073][   T28] audit: type=1400 audit(1716247018.747:69): avc:  denied  { perfmon } for  pid=302 comm="syz-executor638" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   21.015310][   T28] audit: type=1400 audit(1716247018.747:70): avc:  denied  { map_read map_write } for  pid=302 comm="syz-executor638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   21.035583][   T28] audit: type=1400 audit(1716247018.747:71): avc:  denied  { prog_load } for  pid=297 comm="syz-executor638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[pid   303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   304] <... prctl resumed>)        = 0
[pid   297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   304] setpgid(0, 0 <unfinished ...>
[pid   299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   304] <... setpgid resumed>)      = 0
[pid   302] <... bpf resumed>)          = 5
[pid   303] <... bpf resumed>)          = 7
[pid   297] <... bpf resumed>)          = 7
[pid   299] <... bpf resumed>)          = 7
[pid   304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   299] exit_group(0 <unfinished ...>
[pid   297] exit_group(0 <unfinished ...>
[pid   304] <... openat resumed>)       = 3
[pid   303] exit_group(0 <unfinished ...>
[pid   299] <... exit_group resumed>)   = ?
[pid   302] <... bpf resumed>)          = 6
[pid   304] write(3, "1000", 4 <unfinished ...>
[pid   299] +++ exited with 0 +++
[pid   297] <... exit_group resumed>)   = ?
[pid   304] <... write resumed>)        = 4
[   21.056374][   T28] audit: type=1400 audit(1716247018.747:72): avc:  denied  { prog_run } for  pid=297 comm="syz-executor638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   21.079364][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   21.090764][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   21.098109][  T291] Modules linked in:
[   21.101893][  T291] Preemption disabled at:
[   21.101901][  T291] [<ffffffff81566406>] remove_wait_queue+0x26/0x140
[   21.112479][  T291] CPU: 0 PID: 291 Comm: strace-static-x Not tainted 6.1.75-syzkaller-00022-g34a15d350726 #0
[   21.122325][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   21.132229][  T291] Call Trace:
[   21.135344][  T291]  <TASK>
[   21.138122][  T291]  dump_stack_lvl+0x151/0x1b7
[   21.142635][  T291]  ? remove_wait_queue+0x26/0x140
[   21.147498][  T291]  ? remove_wait_queue+0x26/0x140
[   21.152355][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   21.157652][  T291]  ? remove_wait_queue+0x26/0x140
[   21.162510][  T291]  dump_stack+0x15/0x1b
[   21.166508][  T291]  __schedule_bug+0x195/0x260
[   21.171016][  T291]  ? __ia32_sys_waitid+0xd0/0xd0
[   21.175791][  T291]  ? bpf_trace_printk+0x1be/0x300
[   21.180650][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   21.185952][  T291]  ? kernel_waitid+0x520/0x520
[   21.190720][  T291]  __schedule+0xcf7/0x1550
[   21.194973][  T291]  ? __x64_sys_wait4+0x181/0x1e0
[   21.199753][  T291]  ? bpf_trace_run2+0x138/0x290
[   21.204440][  T291]  ? __sched_text_start+0x8/0x8
[   21.209122][  T291]  schedule+0xc3/0x180
[   21.213026][  T291]  exit_to_user_mode_loop+0x4e/0xa0
[   21.218057][  T291]  exit_to_user_mode_prepare+0x5a/0xa0
[   21.223355][  T291]  syscall_exit_to_user_mode+0x26/0x140
[   21.228736][  T291]  do_syscall_64+0x49/0xb0
[   21.232987][  T291]  ? sysvec_call_function_single+0x52/0xb0
[   21.238632][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   21.244357][  T291] RIP: 0033:0x4d49a6
[   21.248089][  T291] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24
[   21.267531][  T291] RSP: 002b:00007ffc3612a0e8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[   21.275776][  T291] RAX: 000000000000012f RBX: 0000000000000004 RCX: 00000000004d49a6
[   21.283587][  T291] RDX: 0000000040000001 RSI: 00007ffc3612a10c RDI: 00000000ffffffff
[   21.291397][  T291] RBP: 00000000012a5f90 R08: 0000000000000000 R09: 0000000000000000
[   21.299214][  T291] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000012ac880
[pid   302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16executing program
 <unfinished ...>
[pid   304] close(3 <unfinished ...>
[pid   302] <... bpf resumed>)          = 7
[pid   303] <... exit_group resumed>)   = ?
[pid   297] +++ exited with 0 +++
[pid   304] <... close resumed>)        = 0
[pid   302] exit_group(0 <unfinished ...>
[pid   304] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   302] <... exit_group resumed>)   = ?
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   304] <... symlink resumed>)      = 0
[pid   304] write(1, "executing program\n", 18) = 18
[pid   296] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   304] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   304] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   296] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   296] <... openat resumed>)       = 3
[pid   304] <... bpf resumed>)          = 4
[pid   304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] getdents64(3,  <unfinished ...>
[pid   295] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] <... openat resumed>)       = 3
[pid   296] newfstatat(AT_FDCWD, "./0/binderfs",  <unfinished ...>
[pid   295] newfstatat(3, "",  <unfinished ...>
[   21.307020][  T291] R13: 000000000000012c R14: 00007ffc3612a10c R15: 0000000000617180
[   21.314839][  T291]  </TASK>
[   21.323645][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000102, exited with 00000101?
[   21.335045][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   21.341586][  T289] Modules linked in:
[   21.345295][  T289] Preemption disabled at:
[   21.345300][  T289] [<ffffffff840015c0>] release_sock+0x30/0x1b0
[   21.355444][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   21.365856][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   21.375754][  T289] Call Trace:
[   21.378878][  T289]  <TASK>
[   21.381660][  T289]  dump_stack_lvl+0x151/0x1b7
[   21.386164][  T289]  ? release_sock+0x30/0x1b0
[   21.390597][  T289]  ? release_sock+0x30/0x1b0
[   21.395022][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   21.400314][  T289]  ? trace_event_raw_event_bpf_trace_printk+0x14f/0x210
[   21.407085][  T289]  ? release_sock+0x30/0x1b0
[   21.411510][  T289]  dump_stack+0x15/0x1b
[   21.415501][  T289]  __schedule_bug+0x195/0x260
[   21.420016][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   21.425310][  T289]  ? bpf_trace_printk+0x1be/0x300
[   21.430170][  T289]  ? bpf_trace_run2+0xe9/0x290
[   21.434769][  T289]  ? bpf_probe_write_user+0xf0/0xf0
[   21.439806][  T289]  __schedule+0xcf7/0x1550
[   21.444058][  T289]  ? __sched_text_start+0x8/0x8
[   21.448742][  T289]  ? bpf_trace_run2+0x138/0x290
[   21.453431][  T289]  ? bpf_trace_run1+0x240/0x240
[   21.458119][  T289]  schedule+0xc3/0x180
[   21.462025][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   21.467058][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   21.472352][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   21.477738][  T289]  do_syscall_64+0x49/0xb0
[   21.481995][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   21.487713][  T289] RIP: 0033:0x7f73f9afd587
[   21.491969][  T289] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00
[   21.511409][  T289] RSP: 002b:00007ffcfb246408 EFLAGS: 00000246 ORIG_RAX: 0000000000000027
[   21.519657][  T289] RAX: 0000000000000121 RBX: 0000000000000000 RCX: 00007f73f9afd587
[   21.527465][  T289] RDX: 0000000000000b29 RSI: 0000565321977fe0 RDI: 0000565321975937
[   21.535277][  T289] RBP: 0000565321976e06 R08: 0000000000000006 R09: 0000000000000000
[   21.543089][  T289] R10: 0000565321976e06 R11: 0000000000000246 R12: 0000565321975937
[   21.550899][  T289] R13: 0000565321977fe0 R14: 0000565323260390 R15: 00007ffcfb246990
[pid   296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
executing program
executing program
[pid   296] unlink("./0/binderfs" <unfinished ...>
[pid   295] getdents64(3,  <unfinished ...>
[pid   296] <... unlink resumed>)       = 0
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] getdents64(3,  <unfinished ...>
[pid   295] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] close(3 <unfinished ...>
[pid   295] newfstatat(AT_FDCWD, "./0/binderfs",  <unfinished ...>
[pid   296] <... close resumed>)        = 0
[pid   295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] rmdir("./0" <unfinished ...>
[pid   295] unlink("./0/binderfs" <unfinished ...>
[pid   296] <... rmdir resumed>)        = 0
[pid   295] <... unlink resumed>)       = 0
[pid   296] mkdir("./1", 0777 <unfinished ...>
[pid   295] getdents64(3,  <unfinished ...>
[pid   296] <... mkdir resumed>)        = 0
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   295] close(3)                    = 0
[pid   296] <... clone resumed>, child_tidptr=0x555556ccb650) = 306
[pid   295] rmdir("./0")                = 0
[pid   295] mkdir("./1", 0777)          = 0
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 307
./strace-static-x86_64: Process 307 attached
[pid   307] set_robust_list(0x555556ccb660, 24) = 0
[pid   307] chdir("./1")                = 0
[pid   307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   307] setpgid(0, 0)               = 0
[pid   307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   307] write(3, "1000", 4)         = 4
[pid   307] close(3)                    = 0
[pid   307] symlink("/dev/binderfs", "./binderfs") = 0
[pid   307] write(1, "executing program\n", 18) = 18
[pid   307] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   307] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   307] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16./strace-static-x86_64: Process 306 attached
 <unfinished ...>
[pid   306] set_robust_list(0x555556ccb660, 24) = 0
[pid   306] chdir("./1")                = 0
[pid   306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   306] setpgid(0, 0)               = 0
[pid   306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   306] write(3, "1000", 4)         = 4
[pid   306] close(3)                    = 0
[pid   306] symlink("/dev/binderfs", "./binderfs") = 0
[pid   306] write(1, "executing program\n", 18) = 18
[pid   306] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   306] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   302] +++ exited with 0 +++
[pid   303] +++ exited with 0 +++
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
[pid   300] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   300] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   300] unlink("./0/binderfs" <unfinished ...>
[pid   298] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   300] <... unlink resumed>)       = 0
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   300] close(3)                    = 0
[pid   298] <... openat resumed>)       = 3
[pid   300] rmdir("./0" <unfinished ...>
[pid   298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] newfstatat(AT_FDCWD, "./0/binderfs",  <unfinished ...>
[pid   300] <... rmdir resumed>)        = 0
[pid   300] mkdir("./1", 0777 <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] unlink("./0/binderfs")      = 0
[pid   300] <... mkdir resumed>)        = 0
[pid   298] getdents64(3,  <unfinished ...>
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] close(3)                    = 0
[pid   298] rmdir("./0")                = 0
[pid   300] <... clone resumed>, child_tidptr=0x555556ccb650) = 310
[pid   298] mkdir("./1", 0777)          = 0
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 310 attached
./strace-static-x86_64: Process 311 attached
, child_tidptr=0x555556ccb650) = 311
[pid   310] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   311] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   310] <... set_robust_list resumed>) = 0
[pid   310] chdir("./1")                = 0
[pid   310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   311] <... set_robust_list resumed>) = 0
[pid   310] setpgid(0, 0)               = 0
[pid   310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   311] chdir("./1" <unfinished ...>
[pid   310] write(3, "1000", 4)         = 4
[pid   310] close(3)                    = 0
[pid   310] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   310] write(1, "executing program\n", 18) = 18
[pid   310] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   311] <... chdir resumed>)        = 0
[pid   310] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   310] <... bpf resumed>)          = 4
[pid   310] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   311] setpgid(0, 0)               = 0
[pid   311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   311] write(3, "1000", 4)         = 4
[pid   311] close(3)                    = 0
[pid   311] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   311] write(1, "executing program\n", 18) = 18
[pid   311] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   311] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   304] <... bpf resumed>)          = 5
[pid   311] <... bpf resumed>)          = 5
[pid   310] <... bpf resumed>)          = 5
[pid   307] <... bpf resumed>)          = 5
[pid   306] <... bpf resumed>)          = 5
[pid   304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   311] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   310] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   307] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   310] <... bpf resumed>)          = 6
[pid   304] <... bpf resumed>)          = 6
[pid   310] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7
[pid   307] <... bpf resumed>)          = 6
[pid   304] exit_group(0 <unfinished ...>
[pid   307] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   306] <... bpf resumed>)          = 6
[pid   304] <... exit_group resumed>)   = ?
[pid   311] <... bpf resumed>)          = 6
[pid   310] <... bpf resumed>)          = 7
[pid   307] <... bpf resumed>)          = 7
[   21.558716][  T289]  </TASK>
[   21.594083][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   21.605508][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   21.612067][  T289] Modules linked in:
[   21.615764][  T289] Preemption disabled at:
[   21.615774][  T289] [<ffffffff81c7d203>] pipe_read+0x5b3/0x1040
[   21.625841][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   21.636249][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   21.646144][  T289] Call Trace:
[   21.649281][  T289]  <TASK>
[   21.652053][  T289]  dump_stack_lvl+0x151/0x1b7
[   21.656562][  T289]  ? pipe_read+0x5b3/0x1040
[   21.660896][  T289]  ? pipe_read+0x5b3/0x1040
[   21.665246][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   21.670534][  T289]  ? pipe_read+0x5b3/0x1040
[   21.674875][  T289]  dump_stack+0x15/0x1b
[   21.678869][  T289]  __schedule_bug+0x195/0x260
[   21.683383][  T289]  ? try_to_wake_up+0x670/0x1220
[   21.688154][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   21.693449][  T289]  ? cpu_curr_snapshot+0x90/0x90
[   21.698219][  T289]  __schedule+0xcf7/0x1550
[   21.702478][  T289]  ? wake_up_process+0x10/0x20
[   21.707078][  T289]  ? raise_softirq_irqoff+0x37/0x40
[   21.712109][  T289]  ? rcu_read_unlock_special+0x3f2/0x4e0
[   21.717577][  T289]  ? __sched_text_start+0x8/0x8
[   21.722264][  T289]  ? __rcu_read_unlock+0xd0/0xd0
[   21.727040][  T289]  ? ksys_read+0x24f/0x2c0
[   21.731289][  T289]  ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[   21.736682][  T289]  schedule+0xc3/0x180
[   21.740575][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   21.745612][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   21.750903][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   21.756378][  T289]  do_syscall_64+0x49/0xb0
[   21.760624][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   21.766350][  T289] RIP: 0033:0x7f73f9afd587
[   21.770607][  T289] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00
[pid   306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[   21.790048][  T289] RSP: 002b:00007ffcfb246408 EFLAGS: 00000246 ORIG_RAX: 0000000000000027
[   21.798294][  T289] RAX: 0000000000000121 RBX: 0000000000000000 RCX: 00007f73f9afd587
[   21.806112][  T289] RDX: 0000000000000b29 RSI: 0000565321977fe0 RDI: 0000565321975937
[   21.813922][  T289] RBP: 0000565321976e06 R08: 0000000000000006 R09: 0000000000000000
[   21.821726][  T289] R10: 0000565321976e06 R11: 0000000000000246 R12: 0000565321975937
[   21.829545][  T289] R13: 0000565321977fe0 R14: 0000565323260390 R15: 00007ffcfb246990
[   21.837355][  T289]  </TASK>
[pid   310] exit_group(0executing program
executing program
executing program
 <unfinished ...>
[pid   307] exit_group(0 <unfinished ...>
[pid   306] <... bpf resumed>)          = 7
[pid   304] +++ exited with 0 +++
[pid   311] <... bpf resumed>)          = 7
[pid   310] <... exit_group resumed>)   = ?
[pid   307] <... exit_group resumed>)   = ?
[pid   306] exit_group(0 <unfinished ...>
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   311] exit_group(0 <unfinished ...>
[pid   310] +++ exited with 0 +++
[pid   307] +++ exited with 0 +++
[pid   306] <... exit_group resumed>)   = ?
[pid   301] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   311] <... exit_group resumed>)   = ?
[pid   301] <... restart_syscall resumed>) = 0
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   295] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   301] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   301] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   301] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   295] <... openat resumed>)       = 3
[pid   301] <... openat resumed>)       = 3
[pid   295] newfstatat(3, "",  <unfinished ...>
[pid   301] newfstatat(3, "",  <unfinished ...>
[pid   295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   295] getdents64(3,  <unfinished ...>
[pid   301] getdents64(3,  <unfinished ...>
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   301] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   295] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   301] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   301] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] newfstatat(AT_FDCWD, "./1/binderfs",  <unfinished ...>
[pid   301] newfstatat(AT_FDCWD, "./0/binderfs",  <unfinished ...>
[pid   295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] unlink("./1/binderfs" <unfinished ...>
[pid   301] unlink("./0/binderfs" <unfinished ...>
[pid   295] <... unlink resumed>)       = 0
[pid   301] <... unlink resumed>)       = 0
[pid   295] getdents64(3,  <unfinished ...>
[pid   301] getdents64(3,  <unfinished ...>
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   301] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] close(3 <unfinished ...>
[pid   301] close(3 <unfinished ...>
[pid   295] <... close resumed>)        = 0
[pid   301] <... close resumed>)        = 0
[pid   295] rmdir("./1" <unfinished ...>
[pid   301] rmdir("./0" <unfinished ...>
[pid   295] <... rmdir resumed>)        = 0
[pid   301] <... rmdir resumed>)        = 0
[pid   295] mkdir("./2", 0777 <unfinished ...>
[pid   301] mkdir("./1", 0777 <unfinished ...>
[pid   295] <... mkdir resumed>)        = 0
[pid   301] <... mkdir resumed>)        = 0
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   295] <... clone resumed>, child_tidptr=0x555556ccb650) = 312
[pid   301] <... clone resumed>, child_tidptr=0x555556ccb650) = 313
./strace-static-x86_64: Process 312 attached
[pid   312] set_robust_list(0x555556ccb660, 24) = 0
[pid   312] chdir("./2")                = 0
[pid   312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   312] setpgid(0, 0)               = 0
[pid   312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   312] write(3, "1000", 4)         = 4
[pid   312] close(3)                    = 0
[pid   312] symlink("/dev/binderfs", "./binderfs") = 0
[pid   312] write(1, "executing program\n", 18) = 18
[pid   312] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   312] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   300] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   300] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   300] unlink("./1/binderfs")      = 0
[pid   300] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   300] close(3)                    = 0
[pid   300] rmdir("./1")                = 0
[pid   300] mkdir("./2", 0777)          = 0
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 314
./strace-static-x86_64: Process 313 attached
[pid   313] set_robust_list(0x555556ccb660, 24) = 0
[pid   313] chdir("./1")                = 0
[pid   313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   313] setpgid(0, 0)               = 0
[pid   313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   313] write(3, "1000", 4)         = 4
./strace-static-x86_64: Process 314 attached
[pid   313] close(3)                    = 0
[pid   313] symlink("/dev/binderfs", "./binderfs") = 0
[pid   313] write(1, "executing program\n", 18) = 18
[pid   313] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   313] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   314] set_robust_list(0x555556ccb660, 24) = 0
[pid   314] chdir("./2")                = 0
[pid   314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   314] setpgid(0, 0)               = 0
[pid   314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   314] write(3, "1000", 4)         = 4
[pid   314] close(3)                    = 0
[pid   314] symlink("/dev/binderfs", "./binderfs") = 0
[pid   314] write(1, "executing program\n", 18) = 18
[pid   314] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   314] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[   21.840985][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000102, exited with 00000101?
[   21.852543][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   21.859163][  T289] Modules linked in:
[   21.863011][  T289] Preemption disabled at:
[   21.863020][  T289] [<ffffffff81489ceb>] __set_current_blocked+0x11b/0x2f0
[   21.874061][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   21.884441][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   21.894335][  T289] Call Trace:
[   21.897465][  T289]  <TASK>
[   21.900238][  T289]  dump_stack_lvl+0x151/0x1b7
[   21.904746][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   21.910043][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   21.915337][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   21.920631][  T289]  ? fsnotify_perm+0x6a/0x5d0
[   21.925147][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   21.930441][  T289]  dump_stack+0x15/0x1b
[   21.934434][  T289]  __schedule_bug+0x195/0x260
[   21.938946][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   21.944240][  T289]  ? file_end_write+0x1c0/0x1c0
[   21.948927][  T289]  __schedule+0xcf7/0x1550
[   21.953190][  T289]  ? __kasan_check_read+0x11/0x20
[   21.958038][  T289]  ? __fdget_pos+0x204/0x390
[   21.962464][  T289]  ? __sched_text_start+0x8/0x8
[   21.967151][  T289]  ? ksys_write+0x24f/0x2c0
[   21.971492][  T289]  ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[   21.976876][  T289]  schedule+0xc3/0x180
[   21.980781][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   21.985818][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   21.991106][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   21.996489][  T289]  do_syscall_64+0x49/0xb0
[   22.000741][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   22.006469][  T289] RIP: 0033:0x7f73f9b16bf2
[   22.010723][  T289] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83
[   22.030163][  T289] RSP: 002b:00007ffcfb246ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   22.038411][  T289] RAX: 0000000000002470 RBX: 0000000000002470 RCX: 00007f73f9b16bf2
[   22.046222][  T289] RDX: 0000000000002470 RSI: 0000565323272140 RDI: 0000000000000004
[   22.054031][  T289] RBP: 0000565323258290 R08: 0000000000000000 R09: 0000000000000000
[   22.061845][  T289] R10: 0000000000000000 R11: 0000000000000246 R12: 000056532196caa4
[   22.069655][  T289] R13: 0000000000000015 R14: 000056532196d3e8 R15: 00007ffcfb246b48
[   22.077475][  T289]  </TASK>
[   22.098514][    C0] softirq: huh, entered softirq 9 RCU ffffffff8160d2f0 with preempt_count 00000103, exited with 00000102?
[   22.109669][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   22.117008][  T291] Modules linked in:
[   22.120820][  T291] Preemption disabled at:
[   22.120827][  T291] [<ffffffff8147f1fb>] __lock_task_sighand+0x6b/0x100
[   22.131520][  T291] CPU: 0 PID: 291 Comm: strace-static-x Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   22.142874][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   22.152854][  T291] Call Trace:
[   22.155977][  T291]  <TASK>
[   22.158761][  T291]  dump_stack_lvl+0x151/0x1b7
[   22.163267][  T291]  ? __lock_task_sighand+0x6b/0x100
[   22.168480][  T291]  ? __lock_task_sighand+0x6b/0x100
[   22.173509][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   22.178804][  T291]  ? task_rq_lock+0xd2/0x2b0
[   22.183231][  T291]  ? __lock_task_sighand+0x6b/0x100
[   22.188265][  T291]  dump_stack+0x15/0x1b
[   22.192257][  T291]  __schedule_bug+0x195/0x260
[   22.196773][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   22.202066][  T291]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   22.207358][  T291]  ? _raw_spin_lock+0x1b0/0x1b0
[   22.212046][  T291]  __schedule+0xcf7/0x1550
[   22.216300][  T291]  ? __lock_task_sighand+0xde/0x100
[   22.221332][  T291]  ? __sched_text_start+0x8/0x8
[   22.226024][  T291]  ? __kasan_check_write+0x14/0x20
[   22.230968][  T291]  ? __se_sys_ptrace+0x3b2/0x410
[   22.235740][  T291]  ? bpf_trace_run1+0x240/0x240
[   22.240429][  T291]  schedule+0xc3/0x180
[   22.244337][  T291]  exit_to_user_mode_loop+0x4e/0xa0
[   22.249370][  T291]  exit_to_user_mode_prepare+0x5a/0xa0
[   22.254661][  T291]  syscall_exit_to_user_mode+0x26/0x140
[   22.260044][  T291]  do_syscall_64+0x49/0xb0
[   22.264294][  T291]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[   22.269939][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   22.275689][  T291] RIP: 0033:0x4e6c1a
[   22.279399][  T291] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c
[pid   314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   306] +++ exited with 0 +++
[pid   311] +++ exited with 0 +++
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=23} ---
[pid   298] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   298] newfstatat(3, "",  <unfinished ...>
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   296] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] unlink("./1/binderfs")      = 0
[pid   296] getdents64(3,  <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] close(3)                    = 0
[pid   296] rmdir("./1" <unfinished ...>
[pid   298] getdents64(3,  <unfinished ...>
[pid   296] <... rmdir resumed>)        = 0
[pid   296] mkdir("./2", 0777 <unfinished ...>
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] <... mkdir resumed>)        = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   298] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 317 attached
 <unfinished ...>
[pid   317] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] <... clone resumed>, child_tidptr=0x555556ccb650) = 317
[pid   317] <... set_robust_list resumed>) = 0
[pid   298] newfstatat(AT_FDCWD, "./1/binderfs",  <unfinished ...>
[pid   317] chdir("./2")                = 0
[pid   298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   317] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   298] unlink("./1/binderfs" <unfinished ...>
[pid   317] <... prctl resumed>)        = 0
[pid   317] setpgid(0, 0)               = 0
[pid   298] <... unlink resumed>)       = 0
[pid   317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   298] getdents64(3,  <unfinished ...>
[pid   317] <... openat resumed>)       = 3
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   317] write(3, "1000", 4 <unfinished ...>
[pid   298] close(3 <unfinished ...>
[pid   317] <... write resumed>)        = 4
[pid   298] <... close resumed>)        = 0
[pid   317] close(3 <unfinished ...>
[pid   298] rmdir("./1" <unfinished ...>
[pid   317] <... close resumed>)        = 0
[pid   317] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   317] write(1, "executing program\n", 18 <unfinished ...>
[pid   298] <... rmdir resumed>)        = 0
[pid   317] <... write resumed>)        = 18
[pid   298] mkdir("./2", 0777 <unfinished ...>
[pid   317] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   298] <... mkdir resumed>)        = 0
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   317] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   317] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   317] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   298] <... clone resumed>, child_tidptr=0x555556ccb650) = 318
./strace-static-x86_64: Process 318 attached
[pid   318] set_robust_list(0x555556ccb660, 24) = 0
[pid   318] chdir("./2")                = 0
[pid   318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   318] setpgid(0, 0)               = 0
[pid   318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   318] write(3, "1000", 4)         = 4
[pid   318] close(3)                    = 0
[pid   318] symlink("/dev/binderfs", "./binderfs") = 0
[pid   318] write(1, "executing program\n", 18executing program
) = 18
[pid   318] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   318] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   318] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   318] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   312] <... bpf resumed>)          = 5
[pid   313] <... bpf resumed>)          = 5
[pid   314] <... bpf resumed>)          = 5
[pid   318] <... bpf resumed>)          = 5
[pid   317] <... bpf resumed>)          = 5
[pid   314] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   317] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   313] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   318] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 6
[pid   314] <... bpf resumed>)          = 6
[pid   318] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   317] <... bpf resumed>)          = 6
[pid   318] <... bpf resumed>)          = 7
[pid   318] exit_group(0)               = ?
[pid   313] <... bpf resumed>)          = 6
[pid   318] +++ exited with 0 +++
[pid   312] <... bpf resumed>)          = 6
[pid   317] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   298] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] unlink("./2/binderfs")      = 0
[pid   298] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] close(3)                    = 0
[pid   298] rmdir("./2")                = 0
[pid   298] mkdir("./3", 0777)          = 0
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 319 attached
, child_tidptr=0x555556ccb650) = 319
[pid   319] set_robust_list(0x555556ccb660, 24) = 0
[pid   319] chdir("./3")                = 0
[pid   319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   319] setpgid(0, 0)               = 0
[pid   319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   319] write(3, "1000", 4)         = 4
[pid   319] close(3)                    = 0
[pid   319] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   319] write(1, "executing program\n", 18) = 18
[pid   319] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   319] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[   22.298850][  T291] RSP: 002b:00007ffc36129fd0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065
[   22.307085][  T291] RAX: 0000000000000000 RBX: 00000000012a42f8 RCX: 00000000004e6c1a
[   22.314899][  T291] RDX: 0000000000000000 RSI: 000000000000012d RDI: 0000000000000018
[   22.322708][  T291] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000000
[   22.330610][  T291] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000012a6230
[   22.338422][  T291] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180
[   22.346238][  T291]  </TASK>
[pid   319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   317] <... bpf resumed>)          = 7
[   22.389399][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   22.400814][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   22.408218][  T291] Modules linked in:
[   22.412057][  T291] Preemption disabled at:
[   22.412064][  T291] [<ffffffff81566406>] remove_wait_queue+0x26/0x140
[   22.422605][  T291] CPU: 0 PID: 291 Comm: strace-static-x Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   22.433944][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   22.443837][  T291] Call Trace:
[   22.446962][  T291]  <TASK>
[   22.449742][  T291]  dump_stack_lvl+0x151/0x1b7
[   22.454249][  T291]  ? remove_wait_queue+0x26/0x140
[   22.459111][  T291]  ? remove_wait_queue+0x26/0x140
[   22.463974][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   22.469268][  T291]  ? remove_wait_queue+0x26/0x140
[   22.474126][  T291]  dump_stack+0x15/0x1b
[   22.478122][  T291]  __schedule_bug+0x195/0x260
[   22.482642][  T291]  ? __ia32_sys_waitid+0xd0/0xd0
[   22.487409][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   22.492711][  T291]  ? kernel_waitid+0x520/0x520
[   22.497304][  T291]  __schedule+0xcf7/0x1550
[   22.501556][  T291]  ? __x64_sys_wait4+0x181/0x1e0
[   22.506329][  T291]  ? __sched_text_start+0x8/0x8
[   22.511017][  T291]  schedule+0xc3/0x180
[   22.514922][  T291]  exit_to_user_mode_loop+0x4e/0xa0
[   22.519957][  T291]  exit_to_user_mode_prepare+0x5a/0xa0
[   22.525250][  T291]  syscall_exit_to_user_mode+0x26/0x140
[   22.530633][  T291]  do_syscall_64+0x49/0xb0
[   22.534881][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   22.540613][  T291] RIP: 0033:0x4d49a6
[   22.544345][  T291] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24
[   22.563785][  T291] RSP: 002b:00007ffc3612a0e8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[   22.572030][  T291] RAX: 000000000000012c RBX: 0000000000000005 RCX: 00000000004d49a6
[   22.579843][  T291] RDX: 0000000040000001 RSI: 00007ffc3612a10c RDI: 00000000ffffffff
[pid   317] exit_group(0 <unfinished ...>
[   22.587654][  T291] RBP: 00000000012a5ba0 R08: 0000000000000000 R09: 0000000000000000
[   22.595465][  T291] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000012ac910
[   22.603276][  T291] R13: 0000000000000127 R14: 00007ffc3612a10c R15: 0000000000617180
[   22.611092][  T291]  </TASK>
[   22.615752][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   22.627277][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   22.633699][  T289] Modules linked in:
[   22.637363][  T289] Preemption disabled at:
[   22.637373][  T289] [<ffffffff81489ceb>] __set_current_blocked+0x11b/0x2f0
[   22.648468][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   22.658975][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   22.668870][  T289] Call Trace:
[   22.671994][  T289]  <TASK>
[   22.674774][  T289]  dump_stack_lvl+0x151/0x1b7
[   22.679284][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   22.684571][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   22.689881][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   22.695173][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   22.700456][  T289]  dump_stack+0x15/0x1b
[   22.704485][  T289]  __schedule_bug+0x195/0x260
[   22.708967][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   22.714259][  T289]  ? pollwake+0x280/0x280
[   22.718432][  T289]  __schedule+0xcf7/0x1550
[   22.722684][  T289]  ? __se_sys_ppoll+0x2b3/0x330
[   22.727368][  T289]  ? __sched_text_start+0x8/0x8
[   22.732055][  T289]  ? __x64_sys_ppoll+0xd0/0xd0
[   22.736656][  T289]  schedule+0xc3/0x180
[   22.740556][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   22.745593][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   22.750886][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   22.756271][  T289]  do_syscall_64+0x49/0xb0
[   22.760516][  T289]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[   22.766160][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   22.771895][  T289] RIP: 0033:0x7f73f9b19ad5
[   22.776144][  T289] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83
[   22.795615][  T289] RSP: 002b:00007ffcfb246ac0 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[   22.803829][  T289] RAX: 0000000000000003 RBX: 00000000000668a0 RCX: 00007f73f9b19ad5
[   22.811644][  T289] RDX: 00007ffcfb246ae0 RSI: 0000000000000004 RDI: 0000565323259b20
[   22.819454][  T289] RBP: 00005653232585e0 R08: 0000000000000008 R09: 0000000000000000
[   22.827262][  T289] R10: 00007ffcfb246bc8 R11: 0000000000000246 R12: 000056532196caa4
[pid   319] <... bpf resumed>)          = 5
executing program
executing program
[pid   314] <... bpf resumed>)          = 7
[pid   313] <... bpf resumed>)          = 7
[pid   312] <... bpf resumed>)          = 7
[pid   319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   317] <... exit_group resumed>)   = ?
[pid   314] exit_group(0 <unfinished ...>
[pid   313] exit_group(0 <unfinished ...>
[pid   312] exit_group(0 <unfinished ...>
[pid   319] <... bpf resumed>)          = 6
[pid   314] <... exit_group resumed>)   = ?
[pid   313] <... exit_group resumed>)   = ?
[pid   312] <... exit_group resumed>)   = ?
[pid   319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   314] +++ exited with 0 +++
[pid   312] +++ exited with 0 +++
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   300] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   300] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   300] unlink("./2/binderfs")      = 0
[pid   300] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   300] close(3)                    = 0
[pid   300] rmdir("./2")                = 0
[pid   300] mkdir("./3", 0777)          = 0
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 320
./strace-static-x86_64: Process 320 attached
[pid   320] set_robust_list(0x555556ccb660, 24) = 0
[pid   320] chdir("./3")                = 0
[pid   320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   320] setpgid(0, 0)               = 0
[pid   320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   320] write(3, "1000", 4)         = 4
[pid   320] close(3)                    = 0
[pid   320] symlink("/dev/binderfs", "./binderfs") = 0
[pid   320] write(1, "executing program\n", 18) = 18
[pid   320] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   320] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   295] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   295] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   295] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   295] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   295] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] unlink("./2/binderfs")      = 0
[pid   295] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] close(3)                    = 0
[pid   295] rmdir("./2")                = 0
[pid   295] mkdir("./3", 0777)          = 0
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 321
./strace-static-x86_64: Process 321 attached
[pid   321] set_robust_list(0x555556ccb660, 24) = 0
[pid   321] chdir("./3")                = 0
[pid   321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   321] setpgid(0, 0)               = 0
[pid   321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   321] write(3, "1000", 4)         = 4
[pid   321] close(3)                    = 0
[pid   321] symlink("/dev/binderfs", "./binderfs") = 0
[pid   321] write(1, "executing program\n", 18) = 18
[pid   321] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   321] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   319] <... bpf resumed>)          = 7
[pid   313] +++ exited with 0 +++
[pid   319] exit_group(0 <unfinished ...>
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[   22.835075][  T289] R13: 0000000000000001 R14: 000056532196d3e8 R15: 00007ffcfb246b48
[   22.842894][  T289]  </TASK>
[   22.847900][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   22.859291][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   22.865683][  T289] Modules linked in:
[   22.869558][  T289] Preemption disabled at:
[   22.869565][  T289] [<ffffffff81c7d203>] pipe_read+0x5b3/0x1040
[   22.879655][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   22.890040][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   22.900017][  T289] Call Trace:
[   22.903142][  T289]  <TASK>
[   22.905919][  T289]  dump_stack_lvl+0x151/0x1b7
[   22.910436][  T289]  ? pipe_read+0x5b3/0x1040
[   22.914776][  T289]  ? pipe_read+0x5b3/0x1040
[   22.919116][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   22.924409][  T289]  ? pipe_read+0x5b3/0x1040
[   22.928755][  T289]  dump_stack+0x15/0x1b
[   22.932737][  T289]  __schedule_bug+0x195/0x260
[   22.937252][  T289]  ? bpf_bprintf_cleanup+0x4f/0x60
[   22.942203][  T289]  ? bpf_trace_printk+0x1be/0x300
[   22.947065][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   22.952359][  T289]  ? bpf_probe_write_user+0xf0/0xf0
[   22.957389][  T289]  ? bpf_trace_run2+0xe9/0x290
[   22.961988][  T289]  __schedule+0xcf7/0x1550
[   22.966248][  T289]  ? bpf_trace_run2+0x138/0x290
[   22.970931][  T289]  ? __sched_text_start+0x8/0x8
[   22.975618][  T289]  ? bpf_trace_run1+0x240/0x240
[   22.980300][  T289]  ? ksys_read+0x24f/0x2c0
[   22.984557][  T289]  ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[   22.989935][  T289]  schedule+0xc3/0x180
[   22.993843][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   22.998873][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   23.004168][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   23.009552][  T289]  do_syscall_64+0x49/0xb0
[   23.013809][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   23.019532][  T289] RIP: 0033:0x7f73f9afd587
[   23.023900][  T289] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00
[   23.043490][  T289] RSP: 002b:00007ffcfb242318 EFLAGS: 00000246 ORIG_RAX: 0000000000000027
[   23.051733][  T289] RAX: 0000000000000121 RBX: 0000000000000000 RCX: 00007f73f9afd587
[   23.059629][  T289] RDX: 000000000000085c RSI: 0000565321978480 RDI: 0000565321975937
[   23.067443][  T289] RBP: 0000565321976856 R08: 0000000000000006 R09: 0000000000000000
[   23.075257][  T289] R10: 0000565321976856 R11: 0000000000000246 R12: 0000565321975937
[   23.083066][  T289] R13: 0000565321978480 R14: 0000565321978480 R15: 00007ffcfb2428a0
[pid   319] <... exit_group resumed>)   = ?
executing program
[pid   301] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   301] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   301] unlink("./1/binderfs")      = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   301] close(3)                    = 0
[pid   301] rmdir("./1")                = 0
[pid   301] mkdir("./2", 0777)          = 0
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 322
./strace-static-x86_64: Process 322 attached
[pid   322] set_robust_list(0x555556ccb660, 24) = 0
[pid   322] chdir("./2")                = 0
[pid   322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   322] setpgid(0, 0)               = 0
[pid   322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   322] write(3, "1000", 4)         = 4
[pid   322] close(3)                    = 0
[pid   322] symlink("/dev/binderfs", "./binderfs") = 0
[pid   322] write(1, "executing program\n", 18) = 18
[pid   322] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   322] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   317] +++ exited with 0 +++
[pid   321] <... bpf resumed>)          = 5
[pid   320] <... bpf resumed>)          = 5
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   296] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   322] <... bpf resumed>)          = 5
[pid   321] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   320] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   319] +++ exited with 0 +++
[pid   322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   296] <... restart_syscall resumed>) = 0
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   298] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   296] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   321] <... bpf resumed>)          = 6
[pid   296] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   298] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] <... openat resumed>)       = 3
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] newfstatat(3, "",  <unfinished ...>
[pid   298] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] <... openat resumed>)       = 3
[pid   296] getdents64(3,  <unfinished ...>
[pid   298] newfstatat(3, "",  <unfinished ...>
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   322] <... bpf resumed>)          = 6
[pid   298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] getdents64(3,  <unfinished ...>
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] newfstatat(AT_FDCWD, "./2/binderfs",  <unfinished ...>
[pid   298] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] unlink("./2/binderfs" <unfinished ...>
[pid   322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   320] <... bpf resumed>)          = 6
[pid   298] newfstatat(AT_FDCWD, "./3/binderfs",  <unfinished ...>
[pid   296] <... unlink resumed>)       = 0
[pid   320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] getdents64(3,  <unfinished ...>
[pid   298] unlink("./3/binderfs" <unfinished ...>
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] <... unlink resumed>)       = 0
[pid   298] getdents64(3,  <unfinished ...>
[pid   296] close(3 <unfinished ...>
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] <... close resumed>)        = 0
[pid   298] close(3 <unfinished ...>
[pid   296] rmdir("./2" <unfinished ...>
[pid   298] <... close resumed>)        = 0
[pid   296] <... rmdir resumed>)        = 0
[pid   298] rmdir("./3" <unfinished ...>
[pid   296] mkdir("./3", 0777 <unfinished ...>
[pid   298] <... rmdir resumed>)        = 0
[pid   298] mkdir("./4", 0777 <unfinished ...>
[pid   296] <... mkdir resumed>)        = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   298] <... mkdir resumed>)        = 0
./strace-static-x86_64: Process 323 attached
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   323] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   296] <... clone resumed>, child_tidptr=0x555556ccb650) = 323
[pid   323] <... set_robust_list resumed>) = 0
[pid   323] chdir("./3")                = 0
[pid   323] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   298] <... clone resumed>, child_tidptr=0x555556ccb650) = 324
[pid   323] <... prctl resumed>)        = 0
[pid   323] setpgid(0, 0)               = 0
[pid   323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   323] write(3, "1000", 4)         = 4
[pid   323] close(3)                    = 0
[pid   323] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 324 attached
) = 0
[pid   324] set_robust_list(0x555556ccb660, 24) = 0
[pid   323] write(1, "executing program\n", 18executing program
 <unfinished ...>
[pid   324] chdir("./4" <unfinished ...>
[pid   323] <... write resumed>)        = 18
[pid   324] <... chdir resumed>)        = 0
[pid   323] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   323] <... bpf resumed>)          = 3
[pid   324] setpgid(0, 0 <unfinished ...>
[pid   323] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   324] <... setpgid resumed>)      = 0
[pid   324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   323] <... bpf resumed>)          = 0
[pid   323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   324] <... openat resumed>)       = 3
[pid   324] write(3, "1000", 4)         = 4
[pid   324] close(3)                    = 0
[pid   324] symlink("/dev/binderfs", "./binderfs") = 0
[pid   324] write(1, "executing program\n", 18 <unfinished ...>
[pid   323] <... bpf resumed>)          = 4
executing program
[pid   324] <... write resumed>)        = 18
[pid   324] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   324] <... bpf resumed>)          = 3
[pid   324] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   323] <... bpf resumed>)          = 5
[pid   322] <... bpf resumed>)          = 7
[pid   321] <... bpf resumed>)          = 7
[pid   320] <... bpf resumed>)          = 7
[   23.090885][  T289]  </TASK>
[   23.132796][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   23.144220][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   23.150744][  T289] Modules linked in:
[   23.154446][  T289] Preemption disabled at:
[   23.154453][  T289] [<ffffffff840015c0>] release_sock+0x30/0x1b0
[   23.164604][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   23.175020][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   23.184912][  T289] Call Trace:
[   23.188123][  T289]  <TASK>
[   23.190912][  T289]  dump_stack_lvl+0x151/0x1b7
[   23.195419][  T289]  ? release_sock+0x30/0x1b0
[   23.199838][  T289]  ? release_sock+0x30/0x1b0
[   23.204270][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   23.209561][  T289]  ? release_sock+0x30/0x1b0
[   23.213986][  T289]  dump_stack+0x15/0x1b
[   23.217988][  T289]  __schedule_bug+0x195/0x260
[   23.222496][  T289]  ? try_to_wake_up+0x670/0x1220
[   23.227280][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   23.232655][  T289]  ? cpu_curr_snapshot+0x90/0x90
[   23.237450][  T289]  __schedule+0xcf7/0x1550
[   23.241676][  T289]  ? wake_up_process+0x10/0x20
[   23.246276][  T289]  ? raise_softirq_irqoff+0x37/0x40
[   23.251310][  T289]  ? rcu_read_unlock_special+0x3f2/0x4e0
[   23.256782][  T289]  ? __sched_text_start+0x8/0x8
[   23.261468][  T289]  ? __rcu_read_unlock+0xd0/0xd0
[   23.266235][  T289]  ? ksys_write+0x24f/0x2c0
[   23.270662][  T289]  ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[   23.276048][  T289]  schedule+0xc3/0x180
[   23.279951][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   23.284983][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   23.290285][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   23.295659][  T289]  do_syscall_64+0x49/0xb0
[   23.299912][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   23.305648][  T289] RIP: 0033:0x7f73f9afd587
[   23.309893][  T289] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00
[pid   324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144executing program
 <unfinished ...>
[pid   322] exit_group(0 <unfinished ...>
[pid   321] exit_group(0 <unfinished ...>
[pid   320] exit_group(0 <unfinished ...>
[pid   324] <... bpf resumed>)          = 4
[pid   323] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   322] <... exit_group resumed>)   = ?
[pid   320] <... exit_group resumed>)   = ?
[pid   324] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   322] +++ exited with 0 +++
[pid   321] <... exit_group resumed>)   = ?
[pid   323] <... bpf resumed>)          = 6
[pid   323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   301] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   301] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   301] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   301] unlink("./2/binderfs")      = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   301] close(3)                    = 0
[pid   301] rmdir("./2")                = 0
[pid   301] mkdir("./3", 0777)          = 0
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 325
./strace-static-x86_64: Process 325 attached
[pid   325] set_robust_list(0x555556ccb660, 24) = 0
[pid   325] chdir("./3")                = 0
[pid   325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   325] setpgid(0, 0)               = 0
[pid   325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   325] write(3, "1000", 4)         = 4
[pid   325] close(3)                    = 0
[pid   325] symlink("/dev/binderfs", "./binderfs") = 0
[pid   325] write(1, "executing program\n", 18) = 18
[pid   325] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   325] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   325] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   324] <... bpf resumed>)          = 5
[pid   321] +++ exited with 0 +++
[pid   320] +++ exited with 0 +++
[pid   324] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   300] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   324] <... bpf resumed>)          = 6
[pid   300] <... openat resumed>)       = 3
[pid   324] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   300] newfstatat(3, "",  <unfinished ...>
[pid   295] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] getdents64(3,  <unfinished ...>
[pid   295] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   295] newfstatat(3, "",  <unfinished ...>
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] getdents64(3,  <unfinished ...>
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   300] newfstatat(AT_FDCWD, "./3/binderfs",  <unfinished ...>
[pid   295] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] unlink("./3/binderfs" <unfinished ...>
[pid   295] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] unlink("./3/binderfs" <unfinished ...>
[pid   300] <... unlink resumed>)       = 0
[pid   295] <... unlink resumed>)       = 0
[pid   300] getdents64(3,  <unfinished ...>
[pid   295] getdents64(3,  <unfinished ...>
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   300] close(3 <unfinished ...>
[pid   295] close(3)                    = 0
[pid   300] <... close resumed>)        = 0
[pid   295] rmdir("./3" <unfinished ...>
[pid   300] rmdir("./3" <unfinished ...>
[pid   295] <... rmdir resumed>)        = 0
[pid   295] mkdir("./4", 0777 <unfinished ...>
[pid   300] <... rmdir resumed>)        = 0
[pid   300] mkdir("./4", 0777 <unfinished ...>
[pid   295] <... mkdir resumed>)        = 0
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   300] <... mkdir resumed>)        = 0
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 327 attached
 <unfinished ...>
[pid   295] <... clone resumed>, child_tidptr=0x555556ccb650) = 327
./strace-static-x86_64: Process 328 attached
[pid   327] set_robust_list(0x555556ccb660, 24) = 0
[pid   300] <... clone resumed>, child_tidptr=0x555556ccb650) = 328
[pid   327] chdir("./4")                = 0
[pid   327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   327] setpgid(0, 0)               = 0
[pid   327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   327] write(3, "1000", 4)         = 4
[pid   327] close(3)                    = 0
[pid   327] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   328] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   327] <... symlink resumed>)      = 0
[pid   328] <... set_robust_list resumed>) = 0
[pid   328] chdir("./4" <unfinished ...>
executing program
[pid   327] write(1, "executing program\n", 18 <unfinished ...>
[pid   328] <... chdir resumed>)        = 0
[pid   327] <... write resumed>)        = 18
[pid   328] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   327] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   328] <... prctl resumed>)        = 0
[pid   327] <... bpf resumed>)          = 3
[pid   327] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   328] setpgid(0, 0)               = 0
[pid   328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   327] <... bpf resumed>)          = 4
[pid   328] <... openat resumed>)       = 3
[pid   327] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   328] write(3, "1000", 4)         = 4
[pid   328] close(3)                    = 0
[pid   328] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   328] write(1, "executing program\n", 18) = 18
[pid   328] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   328] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   328] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   328] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   325] <... bpf resumed>)          = 5
[pid   323] <... bpf resumed>)          = 7
[pid   324] <... bpf resumed>)          = 7
[pid   327] <... bpf resumed>)          = 5
[pid   328] <... bpf resumed>)          = 5
[pid   325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   324] exit_group(0 <unfinished ...>
[pid   323] exit_group(0 <unfinished ...>
[pid   327] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   328] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   325] <... bpf resumed>)          = 6
[pid   324] <... exit_group resumed>)   = ?
[pid   323] <... exit_group resumed>)   = ?
[pid   327] <... bpf resumed>)          = 6
[pid   325] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   327] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7
[pid   324] +++ exited with 0 +++
[pid   328] <... bpf resumed>)          = 6
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   328] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   327] exit_group(0)               = ?
[pid   298] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[   23.329339][  T289] RSP: 002b:00007ffcfb2463f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000027
[   23.337580][  T289] RAX: 0000000000000121 RBX: 0000000000000000 RCX: 00007f73f9afd587
[   23.345395][  T289] RDX: 0000000000000b16 RSI: 0000565321977fe0 RDI: 0000565321975937
[   23.353289][  T289] RBP: 0000565321976dd0 R08: 0000000000000006 R09: 0000000000000000
[   23.361102][  T289] R10: 0000565321976dd0 R11: 0000000000000246 R12: 0000565321975937
[   23.368914][  T289] R13: 0000565321977fe0 R14: 0000565323260390 R15: 00007ffcfb246980
[   23.376730][  T289]  </TASK>
[   23.405541][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   23.417146][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   23.424698][  T291] Modules linked in:
[   23.428453][  T291] Preemption disabled at:
[   23.428461][  T291] [<ffffffff81566406>] remove_wait_queue+0x26/0x140
[   23.439089][  T291] CPU: 0 PID: 291 Comm: strace-static-x Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   23.450442][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   23.460335][  T291] Call Trace:
[   23.463485][  T291]  <TASK>
[   23.466240][  T291]  dump_stack_lvl+0x151/0x1b7
[   23.470752][  T291]  ? remove_wait_queue+0x26/0x140
[   23.475614][  T291]  ? remove_wait_queue+0x26/0x140
[   23.480473][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   23.485765][  T291]  ? remove_wait_queue+0x26/0x140
[   23.490626][  T291]  dump_stack+0x15/0x1b
[   23.494619][  T291]  __schedule_bug+0x195/0x260
[   23.499131][  T291]  ? __ia32_sys_waitid+0xd0/0xd0
[   23.503906][  T291]  ? bpf_trace_printk+0x1be/0x300
[   23.508765][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   23.514062][  T291]  ? kernel_waitid+0x520/0x520
[   23.518663][  T291]  __schedule+0xcf7/0x1550
[   23.522915][  T291]  ? __x64_sys_wait4+0x181/0x1e0
[   23.527685][  T291]  ? bpf_trace_run2+0x138/0x290
[   23.532377][  T291]  ? __sched_text_start+0x8/0x8
[   23.537065][  T291]  schedule+0xc3/0x180
[   23.540967][  T291]  exit_to_user_mode_loop+0x4e/0xa0
[   23.546000][  T291]  exit_to_user_mode_prepare+0x5a/0xa0
[   23.551296][  T291]  syscall_exit_to_user_mode+0x26/0x140
[   23.556676][  T291]  do_syscall_64+0x49/0xb0
[   23.560928][  T291]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[   23.566569][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   23.572312][  T291] RIP: 0033:0x4d49a6
[   23.576031][  T291] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24
[   23.595475][  T291] RSP: 002b:00007ffc3612a0e8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[pid   298] getdents64(3,  <unfinished ...>
[pid   325] <... bpf resumed>)          = 7
[pid   323] +++ exited with 0 +++
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   328] <... bpf resumed>)          = 7
[pid   325] exit_group(0 <unfinished ...>
[pid   327] +++ exited with 0 +++
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   328] exit_group(0 <unfinished ...>
[pid   325] <... exit_group resumed>)   = ?
[pid   298] newfstatat(AT_FDCWD, "./4/binderfs",  <unfinished ...>
[pid   328] <... exit_group resumed>)   = ?
[pid   298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   298] unlink("./4/binderfs")      = 0
[pid   296] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] close(3)                    = 0
[pid   296] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   298] rmdir("./4")                = 0
[pid   296] <... openat resumed>)       = 3
[pid   298] mkdir("./5", 0777 <unfinished ...>
[pid   296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] <... mkdir resumed>)        = 0
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   296] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
./strace-static-x86_64: Process 329 attached
[pid   296] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   329] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   298] <... clone resumed>, child_tidptr=0x555556ccb650) = 329
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   329] <... set_robust_list resumed>) = 0
[pid   296] newfstatat(AT_FDCWD, "./3/binderfs",  <unfinished ...>
[pid   295] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] <... openat resumed>)       = 3
[pid   329] chdir("./5" <unfinished ...>
[pid   296] unlink("./3/binderfs" <unfinished ...>
[pid   295] newfstatat(3, "",  <unfinished ...>
[pid   329] <... chdir resumed>)        = 0
[   23.603721][  T291] RAX: 000000000000012d RBX: 0000000000000001 RCX: 00000000004d49a6
[   23.611531][  T291] RDX: 0000000040000001 RSI: 00007ffc3612a10c RDI: 00000000ffffffff
[   23.619346][  T291] RBP: 00000000012a60e0 R08: 0000000000000000 R09: 0000000000000000
[   23.627153][  T291] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000012ac6d0
[   23.634969][  T291] R13: 000000000000012a R14: 00007ffc3612a10c R15: 0000000000617180
[   23.642782][  T291]  </TASK>
[   23.653106][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   23.658494][    C1] softirq: huh, entered softirq 9 RCU ffffffff8160d2f0 with preempt_count 00000103, exited with 00000102?
[   23.664517][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   23.675626][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   23.675638][  T291] Modules linked in:
[   23.675646][  T291] Preemption disabled at:
[   23.675649][  T291] [<ffffffff8147f1fb>] __lock_task_sighand+0x6b/0x100
[   23.675681][  T291] CPU: 1 PID: 291 Comm: strace-static-x Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   23.675698][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   23.675706][  T291] Call Trace:
[   23.675710][  T291]  <TASK>
[   23.675716][  T291]  dump_stack_lvl+0x151/0x1b7
[   23.675733][  T291]  ? __lock_task_sighand+0x6b/0x100
[   23.675749][  T291]  ? __lock_task_sighand+0x6b/0x100
[   23.675765][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   23.682203][  T289] Modules linked in:
[   23.689522][  T291]  ? __lock_task_sighand+0x6b/0x100
[   23.689541][  T291]  dump_stack+0x15/0x1b
[   23.689557][  T291]  __schedule_bug+0x195/0x260
[   23.689575][  T291]  ? bpf_trace_printk+0x1be/0x300
[   23.693252][  T289] 
[   23.693258][  T289] Preemption disabled at:
[   23.697418][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   23.704026][  T289] [<ffffffff81489ceb>] __set_current_blocked+0x11b/0x2f0
[   23.715389][  T291]  __schedule+0xcf7/0x1550
[   23.715412][  T291]  ? __sched_text_start+0x8/0x8
[   23.800712][  T291]  ? __se_sys_ptrace+0x3b2/0x410
[   23.805479][  T291]  schedule+0xc3/0x180
[   23.809397][  T291]  exit_to_user_mode_loop+0x4e/0xa0
[   23.814513][  T291]  exit_to_user_mode_prepare+0x5a/0xa0
[   23.819800][  T291]  syscall_exit_to_user_mode+0x26/0x140
[   23.825179][  T291]  do_syscall_64+0x49/0xb0
[   23.829432][  T291]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[   23.835076][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   23.840801][  T291] RIP: 0033:0x4e815a
[   23.844535][  T291] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 78 0c 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 36 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 b8 ff ff ff f7
[   23.863983][  T291] RSP: 002b:00007ffc36128f18 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[   23.872220][  T291] RAX: 0000000000001000 RBX: 00007ff34053a000 RCX: 00000000004e815a
[   23.880032][  T291] RDX: 0000000000000001 RSI: 00007ffc36128f40 RDI: 000000000000014b
[   23.887843][  T291] RBP: 000000000063c8a0 R08: 0000000000000001 R09: 0000000000000000
[   23.895657][  T291] R10: 00007ffc36128f50 R11: 0000000000000246 R12: 0000000000000000
[   23.903466][  T291] R13: 00007ff34053a00f R14: 00000000012a8010 R15: 00007ffc36128ff0
[   23.911284][  T291]  </TASK>
[   23.914146][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   23.924567][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   23.934526][  T289] Call Trace:
[   23.937577][  T289]  <TASK>
[   23.940444][  T289]  dump_stack_lvl+0x151/0x1b7
[   23.944959][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   23.950251][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   23.955638][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   23.961013][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   23.966310][  T289]  dump_stack+0x15/0x1b
[   23.970305][  T289]  __schedule_bug+0x195/0x260
[   23.974813][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   23.980127][  T289]  __schedule+0xcf7/0x1550
[   23.984374][  T289]  ? __kasan_check_read+0x11/0x20
[   23.989227][  T289]  ? _copy_to_user+0x74/0x90
[   23.993652][  T289]  ? __sched_text_start+0x8/0x8
[   23.998515][  T289]  ? __se_sys_rt_sigprocmask+0x311/0x380
[   24.004064][  T289]  ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[   24.009458][  T289]  schedule+0xc3/0x180
[   24.013382][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   24.018388][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   24.023684][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   24.029063][  T289]  do_syscall_64+0x49/0xb0
[   24.033315][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   24.039052][  T289] RIP: 0033:0x7f73f9ac2773
[   24.043300][  T289] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41
[   24.062826][  T289] RSP: 002b:00007ffcfb246ae0 EFLAGS: 00000246 ORIG_RAX: 000000000000000e
[   24.071075][  T289] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007f73f9ac2773
[   24.078885][  T289] RDX: 00007ffcfb246bc8 RSI: 00007ffcfb246b48 RDI: 0000000000000001
[   24.086692][  T289] RBP: 00005653232585e0 R08: 0000000000000001 R09: 0000000000000000
[   24.094502][  T289] R10: 0000000000000008 R11: 0000000000000246 R12: 000056532196caa4
[pid   296] <... unlink resumed>)       = 0
[pid   295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] getdents64(3,  <unfinished ...>
[pid   295] getdents64(3,  <unfinished ...>
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] close(3 <unfinished ...>
[pid   295] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] <... close resumed>)        = 0
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] rmdir("./3" <unfinished ...>
[pid   295] newfstatat(AT_FDCWD, "./4/binderfs",  <unfinished ...>
[pid   296] <... rmdir resumed>)        = 0
[pid   295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] mkdir("./4", 0777 <unfinished ...>
[pid   295] unlink("./4/binderfs" <unfinished ...>
[pid   296] <... mkdir resumed>)        = 0
[pid   295] <... unlink resumed>)       = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   295] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] <... clone resumed>, child_tidptr=0x555556ccb650) = 330
[pid   295] close(3)                    = 0
[pid   295] rmdir("./4")                = 0
[pid   295] mkdir("./5", 0777)          = 0
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 331
./strace-static-x86_64: Process 331 attached
[pid   331] set_robust_list(0x555556ccb660, 24) = 0
[pid   331] chdir("./5")                = 0
[pid   331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   331] setpgid(0, 0)               = 0
[pid   331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 330 attached
) = 3
[pid   331] write(3, "1000", 4 <unfinished ...>
[pid   330] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   331] <... write resumed>)        = 4
[pid   330] <... set_robust_list resumed>) = 0
[pid   331] close(3 <unfinished ...>
[pid   330] chdir("./4" <unfinished ...>
[pid   331] <... close resumed>)        = 0
[pid   330] <... chdir resumed>)        = 0
[pid   331] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   330] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   331] <... symlink resumed>)      = 0
[pid   330] <... prctl resumed>)        = 0
[pid   331] write(1, "executing program\n", 18 <unfinished ...>
[pid   330] setpgid(0, 0 <unfinished ...>
[pid   331] <... write resumed>)        = 18
[pid   330] <... setpgid resumed>)      = 0
[pid   331] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   331] <... bpf resumed>)          = 3
[pid   330] <... openat resumed>)       = 3
[pid   331] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   330] write(3, "1000", 4 <unfinished ...>
[pid   331] <... bpf resumed>)          = 0
[pid   330] <... write resumed>)        = 4
[pid   331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   330] close(3 <unfinished ...>
[pid   331] <... bpf resumed>)          = 4
[pid   330] <... close resumed>)        = 0
[pid   331] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   330] symlink("/dev/binderfs", "./binderfs") = 0
[pid   330] write(1, "executing program\n", 18) = 18
[pid   330] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   330] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   330] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   329] setpgid(0, 0)               = 0
[pid   329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   329] write(3, "1000", 4)         = 4
[pid   329] close(3)                    = 0
[pid   329] symlink("/dev/binderfs", "./binderfs") = 0
[pid   329] write(1, "executing program\n", 18) = 18
[pid   329] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   329] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16executing program
executing program
executing program
 <unfinished ...>
[pid   325] +++ exited with 0 +++
[pid   331] <... bpf resumed>)          = 5
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   301] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   301] getdents64(3,  <unfinished ...>
[pid   331] <... bpf resumed>)          = 6
[pid   301] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   331] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   301] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   301] unlink("./3/binderfs")      = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   301] close(3)                    = 0
[pid   301] rmdir("./3")                = 0
[pid   301] mkdir("./4", 0777)          = 0
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 332
./strace-static-x86_64: Process 332 attached
[pid   332] set_robust_list(0x555556ccb660, 24) = 0
[pid   332] chdir("./4")                = 0
[pid   332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   332] setpgid(0, 0)               = 0
[pid   332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   332] write(3, "1000", 4)         = 4
[pid   332] close(3)                    = 0
[pid   332] symlink("/dev/binderfs", "./binderfs") = 0
[pid   332] write(1, "executing program\n", 18executing program
) = 18
[pid   332] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   332] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   330] <... bpf resumed>)          = 5
[pid   329] <... bpf resumed>)          = 5
[pid   328] +++ exited with 0 +++
[pid   332] <... bpf resumed>)          = 5
[pid   331] <... bpf resumed>)          = 7
[pid   330] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   329] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   332] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   331] exit_group(0 <unfinished ...>
[pid   332] <... bpf resumed>)          = 6
[pid   331] <... exit_group resumed>)   = ?
[pid   330] <... bpf resumed>)          = 6
[pid   329] <... bpf resumed>)          = 6
[pid   332] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[   24.102318][  T289] R13: 0000000000000017 R14: 000056532196d3e8 R15: 00007ffcfb246b48
[   24.110136][  T289]  </TASK>
[pid   300] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   332] <... bpf resumed>)          = 7
[pid   330] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   329] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[   24.153105][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   24.164751][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   24.172309][  T291] Modules linked in:
[   24.176115][  T291] Preemption disabled at:
[   24.176121][  T291] [<ffffffff81c7f142>] pipe_write+0x14b2/0x1990
[   24.186289][  T291] CPU: 0 PID: 291 Comm: strace-static-x Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   24.197624][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   24.207517][  T291] Call Trace:
[   24.210644][  T291]  <TASK>
[   24.213421][  T291]  dump_stack_lvl+0x151/0x1b7
[   24.217931][  T291]  ? pipe_write+0x14b2/0x1990
[   24.222445][  T291]  ? pipe_write+0x14b2/0x1990
[   24.226958][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   24.232259][  T291]  ? task_rq_lock+0xd2/0x2b0
[   24.236679][  T291]  ? pipe_write+0x14b2/0x1990
[   24.241281][  T291]  dump_stack+0x15/0x1b
[   24.245273][  T291]  __schedule_bug+0x195/0x260
[   24.249788][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   24.255080][  T291]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   24.260377][  T291]  ? _raw_spin_lock+0x1b0/0x1b0
[   24.265061][  T291]  __schedule+0xcf7/0x1550
[   24.269316][  T291]  ? __lock_task_sighand+0xde/0x100
[   24.274348][  T291]  ? __sched_text_start+0x8/0x8
[   24.279035][  T291]  ? __kasan_check_write+0x14/0x20
[   24.283983][  T291]  ? __se_sys_ptrace+0x3b2/0x410
[   24.288757][  T291]  schedule+0xc3/0x180
[   24.292661][  T291]  exit_to_user_mode_loop+0x4e/0xa0
[   24.297695][  T291]  exit_to_user_mode_prepare+0x5a/0xa0
[   24.302990][  T291]  syscall_exit_to_user_mode+0x26/0x140
[   24.308375][  T291]  do_syscall_64+0x49/0xb0
[   24.312623][  T291]  ? sysvec_call_function_single+0x52/0xb0
[   24.318272][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   24.323996][  T291] RIP: 0033:0x4e6c1a
[   24.327732][  T291] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c
[pid   332] exit_group(0 <unfinished ...>
[pid   300] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   332] <... exit_group resumed>)   = ?
[pid   331] +++ exited with 0 +++
[pid   330] <... bpf resumed>)          = 7
[pid   300] <... openat resumed>)       = 3
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   330] exit_group(0 <unfinished ...>
[pid   300] newfstatat(3, "",  <unfinished ...>
[pid   330] <... exit_group resumed>)   = ?
[pid   300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] getdents64(3,  <unfinished ...>
[pid   295] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] <... openat resumed>)       = 3
[pid   300] newfstatat(AT_FDCWD, "./4/binderfs",  <unfinished ...>
[pid   295] newfstatat(3, "",  <unfinished ...>
[   24.347170][  T291] RSP: 002b:00007ffc36129fd0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065
[   24.355415][  T291] RAX: 0000000000000000 RBX: 00000000012a42f8 RCX: 00000000004e6c1a
[   24.363234][  T291] RDX: 0000000000000000 RSI: 000000000000014c RDI: 0000000000000018
[   24.371036][  T291] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000001
[   24.378849][  T291] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000012a64d0
[   24.386657][  T291] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180
[   24.394483][  T291]  </TASK>
[pid   300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] unlink("./4/binderfs" <unfinished ...>
[pid   295] getdents64(3,  <unfinished ...>
[pid   300] <... unlink resumed>)       = 0
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   300] getdents64(3,  <unfinished ...>
[pid   295] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] close(3 <unfinished ...>
[pid   295] newfstatat(AT_FDCWD, "./5/binderfs",  <unfinished ...>
[pid   300] <... close resumed>)        = 0
[pid   295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   300] rmdir("./4" <unfinished ...>
[pid   295] unlink("./5/binderfs" <unfinished ...>
[pid   300] <... rmdir resumed>)        = 0
[pid   295] <... unlink resumed>)       = 0
[pid   300] mkdir("./5", 0777 <unfinished ...>
[pid   295] getdents64(3,  <unfinished ...>
[pid   300] <... mkdir resumed>)        = 0
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   295] close(3)                    = 0
[pid   300] <... clone resumed>, child_tidptr=0x555556ccb650) = 334
[pid   295] rmdir("./5")                = 0
[pid   295] mkdir("./6", 0777)          = 0
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 335
./strace-static-x86_64: Process 334 attached
[pid   334] set_robust_list(0x555556ccb660, 24) = 0
[pid   334] chdir("./5")                = 0
[pid   334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   334] setpgid(0, 0)               = 0
[pid   334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   334] write(3, "1000", 4)         = 4
[pid   334] close(3)                    = 0
[pid   334] symlink("/dev/binderfs", "./binderfs") = 0
[pid   334] write(1, "executing program\n", 18executing program
) = 18
[pid   334] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   334] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   334] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16./strace-static-x86_64: Process 335 attached
 <unfinished ...>
[pid   335] set_robust_list(0x555556ccb660, 24) = 0
[pid   335] chdir("./6")                = 0
[pid   335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   335] setpgid(0, 0)               = 0
[pid   335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   335] write(3, "1000", 4)         = 4
[pid   335] close(3)                    = 0
[pid   335] symlink("/dev/binderfs", "./binderfs") = 0
[pid   335] write(1, "executing program\n", 18executing program
) = 18
[pid   335] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   335] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[   24.398564][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   24.410363][   T83] BUG: scheduling while atomic: syslogd/83/0x00000002
[   24.417248][   T83] Modules linked in:
[   24.421303][   T83] Preemption disabled at:
[   24.421313][   T83] [<ffffffff81c5162d>] vfs_write+0xb1d/0xeb0
[   24.431896][   T83] CPU: 0 PID: 83 Comm: syslogd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   24.442478][   T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   24.452365][   T83] Call Trace:
[   24.455492][   T83]  <TASK>
[   24.458269][   T83]  dump_stack_lvl+0x151/0x1b7
[   24.462778][   T83]  ? vfs_write+0xb1d/0xeb0
[   24.467029][   T83]  ? vfs_write+0xb1d/0xeb0
[   24.471370][   T83]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   24.476670][   T83]  ? fsnotify_perm+0x470/0x5d0
[   24.481277][   T83]  ? vfs_write+0xb1d/0xeb0
[   24.485519][   T83]  dump_stack+0x15/0x1b
[   24.489511][   T83]  __schedule_bug+0x195/0x260
[   24.494025][   T83]  ? cpu_util_update_eff+0x10e0/0x10e0
[   24.499323][   T83]  ? kernel_read+0x1f0/0x1f0
[   24.503749][   T83]  __schedule+0xcf7/0x1550
[   24.508006][   T83]  ? __kasan_check_read+0x11/0x20
[   24.512857][   T83]  ? __fdget_pos+0x204/0x390
[   24.517284][   T83]  ? __sched_text_start+0x8/0x8
[   24.521970][   T83]  ? ksys_read+0x24f/0x2c0
[   24.526224][   T83]  ? bpf_trace_run1+0x240/0x240
[   24.530912][   T83]  schedule+0xc3/0x180
[   24.534823][   T83]  exit_to_user_mode_loop+0x4e/0xa0
[   24.539850][   T83]  exit_to_user_mode_prepare+0x5a/0xa0
[   24.545150][   T83]  syscall_exit_to_user_mode+0x26/0x140
[   24.550528][   T83]  do_syscall_64+0x49/0xb0
[   24.554776][   T83]  ? sysvec_call_function_single+0x52/0xb0
[   24.560422][   T83]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   24.566149][   T83] RIP: 0033:0x7ff3d0f26b6a
[   24.570413][   T83] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83
[   24.589845][   T83] RSP: 002b:00007ffc58074988 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[pid   335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   329] <... bpf resumed>)          = 7
[pid   329] exit_group(0)               = ?
[pid   330] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   334] <... bpf resumed>)          = 5
[pid   296] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   335] <... bpf resumed>)          = 5
[pid   332] +++ exited with 0 +++
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   301] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   329] +++ exited with 0 +++
[pid   334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   301] <... restart_syscall resumed>) = 0
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   335] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   298] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   296] <... restart_syscall resumed>) = 0
[pid   298] <... restart_syscall resumed>) = 0
[pid   296] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   298] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   296] <... openat resumed>)       = 3
[pid   298] <... openat resumed>)       = 3
[pid   296] newfstatat(3, "",  <unfinished ...>
[pid   334] <... bpf resumed>)          = 6
[pid   298] newfstatat(3, "",  <unfinished ...>
[pid   296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] getdents64(3,  <unfinished ...>
[pid   298] getdents64(3,  <unfinished ...>
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] newfstatat(AT_FDCWD, "./4/binderfs",  <unfinished ...>
[pid   335] <... bpf resumed>)          = 6
[pid   298] newfstatat(AT_FDCWD, "./5/binderfs",  <unfinished ...>
[pid   296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   301] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] unlink("./4/binderfs" <unfinished ...>
[pid   335] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   334] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   301] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] unlink("./5/binderfs" <unfinished ...>
[pid   301] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   296] <... unlink resumed>)       = 0
[pid   301] <... openat resumed>)       = 3
[pid   301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   301] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   301] unlink("./4/binderfs")      = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   301] close(3)                    = 0
[pid   301] rmdir("./4")                = 0
[pid   301] mkdir("./5", 0777)          = 0
[pid   298] <... unlink resumed>)       = 0
[pid   296] getdents64(3,  <unfinished ...>
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   298] getdents64(3,  <unfinished ...>
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] close(3 <unfinished ...>
[pid   298] close(3 <unfinished ...>
[pid   296] <... close resumed>)        = 0
[pid   298] <... close resumed>)        = 0
[pid   296] rmdir("./4" <unfinished ...>
[pid   298] rmdir("./5" <unfinished ...>
[pid   296] <... rmdir resumed>)        = 0
./strace-static-x86_64: Process 336 attached
[pid   301] <... clone resumed>, child_tidptr=0x555556ccb650) = 336
[pid   298] <... rmdir resumed>)        = 0
[pid   296] mkdir("./5", 0777 <unfinished ...>
[pid   336] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   298] mkdir("./6", 0777 <unfinished ...>
[pid   336] <... set_robust_list resumed>) = 0
[pid   296] <... mkdir resumed>)        = 0
[pid   336] chdir("./5")                = 0
[pid   336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   336] setpgid(0, 0)               = 0
[pid   336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   336] write(3, "1000", 4)         = 4
[pid   336] close(3)                    = 0
[pid   336] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   336] write(1, "executing program\n", 18) = 18
[pid   336] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   298] <... mkdir resumed>)        = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   336] <... bpf resumed>)          = 3
[pid   336] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 337 attached
 <unfinished ...>
[pid   336] <... bpf resumed>)          = 4
[pid   337] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   336] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   337] <... set_robust_list resumed>) = 0
[pid   337] chdir("./5")                = 0
[pid   337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   337] setpgid(0, 0)               = 0
[pid   337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   337] write(3, "1000", 4 <unfinished ...>
[pid   296] <... clone resumed>, child_tidptr=0x555556ccb650) = 337
[pid   298] <... clone resumed>, child_tidptr=0x555556ccb650) = 338
[pid   337] <... write resumed>)        = 4
[pid   337] close(3)                    = 0
[pid   337] symlink("/dev/binderfs", "./binderfs") = 0
[pid   337] write(1, "executing program\n", 18executing program
) = 18
[pid   337] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   337] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 338 attached
 <unfinished ...>
[pid   338] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   337] <... bpf resumed>)          = 4
[pid   337] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   338] <... set_robust_list resumed>) = 0
[pid   338] chdir("./6")                = 0
[pid   338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   338] setpgid(0, 0)               = 0
[pid   338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   338] write(3, "1000", 4)         = 4
[pid   338] close(3)                    = 0
[pid   338] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   338] write(1, "executing program\n", 18) = 18
[pid   338] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   338] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   338] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   338] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   335] <... bpf resumed>)          = 7
[   24.598100][   T83] RAX: 000000000000004d RBX: 0000000000000002 RCX: 00007ff3d0f26b6a
[   24.605906][   T83] RDX: 00000000000000ff RSI: 000055c2f3b76300 RDI: 0000000000000000
[   24.613724][   T83] RBP: 000055c2f3b762c0 R08: 0000000000000001 R09: 0000000000000000
[   24.621529][   T83] R10: 00007ff3d10c53a3 R11: 0000000000000246 R12: 000055c2f3b7634c
[   24.629340][   T83] R13: 000055c2f3b76300 R14: 0000000000000000 R15: 00007ff3d1103a80
[   24.637159][   T83]  </TASK>
[   24.679161][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   24.690705][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   24.697064][  T289] Modules linked in:
[   24.700982][  T289] Preemption disabled at:
[   24.700991][  T289] [<ffffffff81c7d203>] pipe_read+0x5b3/0x1040
[   24.711125][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   24.721471][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   24.731362][  T289] Call Trace:
[   24.734488][  T289]  <TASK>
[   24.737280][  T289]  dump_stack_lvl+0x151/0x1b7
[   24.741781][  T289]  ? pipe_read+0x5b3/0x1040
[   24.746117][  T289]  ? pipe_read+0x5b3/0x1040
[   24.750460][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   24.755755][  T289]  ? pipe_read+0x5b3/0x1040
[   24.760091][  T289]  dump_stack+0x15/0x1b
[   24.764080][  T289]  __schedule_bug+0x195/0x260
[   24.768606][  T289]  ? try_to_wake_up+0x670/0x1220
[   24.773372][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   24.778664][  T289]  ? cpu_curr_snapshot+0x90/0x90
[   24.783451][  T289]  __schedule+0xcf7/0x1550
[   24.787742][  T289]  ? wake_up_process+0x10/0x20
[   24.792376][  T289]  ? raise_softirq_irqoff+0x37/0x40
[   24.797447][  T289]  ? rcu_read_unlock_special+0x3f2/0x4e0
[   24.802967][  T289]  ? __sched_text_start+0x8/0x8
[   24.807664][  T289]  ? __rcu_read_unlock+0xd0/0xd0
[   24.812428][  T289]  ? ksys_read+0x24f/0x2c0
[   24.816679][  T289]  ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[   24.822064][  T289]  schedule+0xc3/0x180
[   24.826063][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   24.831183][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   24.836585][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   24.841959][  T289]  do_syscall_64+0x49/0xb0
[   24.846214][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   24.851933][  T289] RIP: 0033:0x7f73f9afd587
[   24.856272][  T289] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00
[pid   338] <... bpf resumed>)          = 5
[pid   337] <... bpf resumed>)          = 5
[pid   336] <... bpf resumed>)          = 5
[pid   335] exit_group(0 <unfinished ...>
[pid   334] <... bpf resumed>)          = 7
[pid   338] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   336] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   335] <... exit_group resumed>)   = ?
[pid   334] exit_group(0 <unfinished ...>
[pid   338] <... bpf resumed>)          = 6
[pid   337] <... bpf resumed>)          = 6
[pid   336] <... bpf resumed>)          = 6
[pid   334] <... exit_group resumed>)   = ?
[pid   338] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   337] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   336] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   335] +++ exited with 0 +++
[pid   334] +++ exited with 0 +++
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   295] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   295] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   295] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   300] <... openat resumed>)       = 3
[pid   295] unlink("./6/binderfs" <unfinished ...>
[pid   300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   295] <... unlink resumed>)       = 0
[pid   300] getdents64(3,  <unfinished ...>
[pid   295] getdents64(3,  <unfinished ...>
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   300] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] close(3 <unfinished ...>
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] newfstatat(AT_FDCWD, "./5/binderfs",  <unfinished ...>
[pid   295] <... close resumed>)        = 0
[pid   300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] rmdir("./6" <unfinished ...>
[pid   300] unlink("./5/binderfs")      = 0
[pid   300] getdents64(3,  <unfinished ...>
[pid   295] <... rmdir resumed>)        = 0
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] mkdir("./7", 0777 <unfinished ...>
[pid   300] close(3)                    = 0
[pid   300] rmdir("./5")                = 0
[pid   295] <... mkdir resumed>)        = 0
[pid   300] mkdir("./6", 0777 <unfinished ...>
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   300] <... mkdir resumed>)        = 0
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 340
[pid   295] <... clone resumed>, child_tidptr=0x555556ccb650) = 339
./strace-static-x86_64: Process 340 attached
[pid   340] set_robust_list(0x555556ccb660, 24) = 0
[pid   340] chdir("./6"./strace-static-x86_64: Process 339 attached
)                = 0
[pid   339] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   340] setpgid(0, 0)               = 0
[pid   340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   339] <... set_robust_list resumed>) = 0
[pid   339] chdir("./7" <unfinished ...>
[pid   340] <... openat resumed>)       = 3
[pid   340] write(3, "1000", 4)         = 4
[pid   340] close(3)                    = 0
[pid   340] symlink("/dev/binderfs", "./binderfs") = 0
[pid   339] <... chdir resumed>)        = 0
executing program
[pid   340] write(1, "executing program\n", 18) = 18
[pid   339] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   340] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   339] <... prctl resumed>)        = 0
[pid   340] <... bpf resumed>)          = 3
[pid   340] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   339] setpgid(0, 0)               = 0
[pid   339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   340] <... bpf resumed>)          = 4
[pid   340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   339] <... openat resumed>)       = 3
[pid   339] write(3, "1000", 4)         = 4
[pid   339] close(3)                    = 0
[pid   339] symlink("/dev/binderfs", "./binderfs") = 0
[pid   339] write(1, "executing program\n", 18executing program
) = 18
[pid   337] <... bpf resumed>)          = 7
[pid   338] <... bpf resumed>)          = 7
[pid   336] <... bpf resumed>)          = 7
[pid   338] exit_group(0 <unfinished ...>
[pid   337] exit_group(0 <unfinished ...>
[pid   338] <... exit_group resumed>)   = ?
[pid   337] <... exit_group resumed>)   = ?
[pid   336] exit_group(0 <unfinished ...>
[pid   339] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   339] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   338] +++ exited with 0 +++
[pid   336] <... exit_group resumed>)   = ?
[pid   339] <... bpf resumed>)          = 0
[pid   339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[   24.875889][  T289] RSP: 002b:00007ffcfb242318 EFLAGS: 00000246 ORIG_RAX: 0000000000000027
[   24.884133][  T289] RAX: 0000000000000121 RBX: 0000000000000000 RCX: 00007f73f9afd587
[   24.891947][  T289] RDX: 000000000000085c RSI: 0000565321978480 RDI: 0000565321975937
[   24.899842][  T289] RBP: 0000565321976856 R08: 0000000000000006 R09: 0000000000000000
[   24.907916][  T289] R10: 0000565321976856 R11: 0000000000000246 R12: 0000565321975937
[   24.915735][  T289] R13: 0000565321978480 R14: 0000565321978480 R15: 00007ffcfb2428a0
[   24.923628][  T289]  </TASK>
[pid   298] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[   24.941374][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   24.952803][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   24.960332][  T291] Modules linked in:
[   24.964032][  T291] Preemption disabled at:
[   24.964037][  T291] [<ffffffff81586206>] up_read+0x16/0x170
[   24.973876][  T291] CPU: 0 PID: 291 Comm: strace-static-x Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   24.985211][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   24.995110][  T291] Call Trace:
[   24.998264][  T291]  <TASK>
[   25.001005][  T291]  dump_stack_lvl+0x151/0x1b7
[   25.005526][  T291]  ? up_read+0x16/0x170
[   25.009510][  T291]  ? up_read+0x16/0x170
[   25.013501][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   25.018798][  T291]  ? fsnotify_perm+0x6a/0x5d0
[   25.023315][  T291]  ? up_read+0x16/0x170
[   25.027302][  T291]  dump_stack+0x15/0x1b
[   25.031560][  T291]  __schedule_bug+0x195/0x260
[   25.036067][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   25.041363][  T291]  ? file_end_write+0x1c0/0x1c0
[   25.046137][  T291]  __schedule+0xcf7/0x1550
[   25.050395][  T291]  ? __kasan_check_read+0x11/0x20
[   25.055250][  T291]  ? __fdget_pos+0x204/0x390
[   25.059679][  T291]  ? __sched_text_start+0x8/0x8
[   25.064452][  T291]  ? ksys_write+0x24f/0x2c0
[   25.068800][  T291]  schedule+0xc3/0x180
[   25.072782][  T291]  exit_to_user_mode_loop+0x4e/0xa0
[   25.077818][  T291]  exit_to_user_mode_prepare+0x5a/0xa0
[   25.083112][  T291]  syscall_exit_to_user_mode+0x26/0x140
[   25.088492][  T291]  do_syscall_64+0x49/0xb0
[   25.092744][  T291]  ? sysvec_call_function_single+0x52/0xb0
[   25.098385][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   25.104114][  T291] RIP: 0033:0x4e5c73
[   25.107847][  T291] Code: c7 c0 b8 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18
[   25.127290][  T291] RSP: 002b:00007ffc36129f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid   298] newfstatat(3, "",  <unfinished ...>
[pid   339] <... bpf resumed>)          = 4
[pid   298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] unlink("./6/binderfs")      = 0
[pid   298] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] close(3)                    = 0
[pid   298] rmdir("./6")                = 0
[pid   298] mkdir("./7", 0777)          = 0
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 341 attached
 <unfinished ...>
[pid   340] <... bpf resumed>)          = 5
[pid   339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   336] +++ exited with 0 +++
[pid   340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   298] <... clone resumed>, child_tidptr=0x555556ccb650) = 341
[pid   341] set_robust_list(0x555556ccb660, 24) = 0
[pid   341] chdir("./7")                = 0
[pid   341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   341] setpgid(0, 0)               = 0
[pid   341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   341] write(3, "1000", 4 <unfinished ...>
[pid   301] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   341] <... write resumed>)        = 4
[pid   301] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   341] close(3 <unfinished ...>
[pid   301] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   341] <... close resumed>)        = 0
[pid   340] <... bpf resumed>)          = 6
[pid   301] <... openat resumed>)       = 3
[pid   340] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   341] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   301] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   301] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   341] <... symlink resumed>)      = 0
executing program
[pid   301] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   301] newfstatat(AT_FDCWD, "./5/binderfs",  <unfinished ...>
[pid   341] write(1, "executing program\n", 18 <unfinished ...>
[pid   301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   301] unlink("./5/binderfs" <unfinished ...>
[pid   341] <... write resumed>)        = 18
[pid   341] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   301] <... unlink resumed>)       = 0
[pid   341] <... bpf resumed>)          = 3
[pid   301] getdents64(3,  <unfinished ...>
[pid   341] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   301] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   341] <... bpf resumed>)          = 0
[pid   301] close(3 <unfinished ...>
[pid   341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   301] <... close resumed>)        = 0
[pid   301] rmdir("./5")                = 0
[pid   301] mkdir("./6", 0777 <unfinished ...>
[pid   341] <... bpf resumed>)          = 4
[pid   341] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   301] <... mkdir resumed>)        = 0
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 342 attached
 <unfinished ...>
[pid   339] <... bpf resumed>)          = 5
[pid   337] +++ exited with 0 +++
[pid   342] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   341] <... bpf resumed>)          = 5
[pid   340] <... bpf resumed>)          = 7
[pid   339] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   301] <... clone resumed>, child_tidptr=0x555556ccb650) = 342
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   342] <... set_robust_list resumed>) = 0
[pid   341] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   340] exit_group(0 <unfinished ...>
[pid   342] chdir("./6" <unfinished ...>
[pid   341] <... bpf resumed>)          = 6
[pid   340] <... exit_group resumed>)   = ?
[pid   339] <... bpf resumed>)          = 6
[pid   296] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   342] <... chdir resumed>)        = 0
[pid   339] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   296] <... restart_syscall resumed>) = 0
[pid   342] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   341] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   339] <... bpf resumed>)          = 7
[pid   342] <... prctl resumed>)        = 0
[pid   339] exit_group(0 <unfinished ...>
[pid   342] setpgid(0, 0 <unfinished ...>
[pid   339] <... exit_group resumed>)   = ?
[pid   296] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   342] <... setpgid resumed>)      = 0
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   296] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   342] <... openat resumed>)       = 3
[pid   296] getdents64(3,  <unfinished ...>
[pid   342] write(3, "1000", 4)         = 4
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   342] close(3 <unfinished ...>
[pid   296] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   342] <... close resumed>)        = 0
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   342] symlink("/dev/binderfs", "./binderfs") = 0
[   25.135533][  T291] RAX: 000000000000001e RBX: 000000000000001e RCX: 00000000004e5c73
[   25.143347][  T291] RDX: 000000000000001e RSI: 00000000012a7000 RDI: 0000000000000002
[   25.151156][  T291] RBP: 00000000012a7000 R08: 0000000000000002 R09: 00000000012acd10
[   25.158970][  T291] R10: 0000000000000001 R11: 0000000000000246 R12: 000000000000001e
[   25.166780][  T291] R13: 0000000000617480 R14: 000000000000001e R15: 0000000000617180
[   25.174594][  T291]  </TASK>
[   25.205215][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   25.216649][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   25.223213][  T289] Modules linked in:
[   25.226917][  T289] Preemption disabled at:
[   25.226926][  T289] [<ffffffff81c7d203>] pipe_read+0x5b3/0x1040
[   25.236986][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   25.247492][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   25.257387][  T289] Call Trace:
[   25.260510][  T289]  <TASK>
[   25.263292][  T289]  dump_stack_lvl+0x151/0x1b7
[   25.267887][  T289]  ? pipe_read+0x5b3/0x1040
[   25.272220][  T289]  ? pipe_read+0x5b3/0x1040
[   25.276565][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   25.281867][  T289]  ? pipe_read+0x5b3/0x1040
[   25.286215][  T289]  dump_stack+0x15/0x1b
[   25.290204][  T289]  __schedule_bug+0x195/0x260
[   25.294787][  T289]  ? bpf_bprintf_cleanup+0x4f/0x60
[   25.299739][  T289]  ? bpf_trace_printk+0x1be/0x300
[   25.304594][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   25.309893][  T289]  ? bpf_probe_write_user+0xf0/0xf0
[   25.314927][  T289]  ? bpf_trace_run2+0xe9/0x290
[   25.319525][  T289]  __schedule+0xcf7/0x1550
[   25.323778][  T289]  ? bpf_trace_run2+0x138/0x290
[   25.328462][  T289]  ? __sched_text_start+0x8/0x8
[   25.333153][  T289]  ? bpf_trace_run1+0x240/0x240
[   25.337928][  T289]  ? ksys_read+0x24f/0x2c0
[   25.342182][  T289]  ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[   25.347562][  T289]  schedule+0xc3/0x180
[   25.351551][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   25.356584][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   25.361884][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   25.367260][  T289]  do_syscall_64+0x49/0xb0
[   25.371513][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   25.377245][  T289] RIP: 0033:0x7f73f9afd587
[   25.381501][  T289] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00
[pid   296] newfstatat(AT_FDCWD, "./5/binderfs", executing program
executing program
 <unfinished ...>
[pid   342] write(1, "executing program\n", 18 <unfinished ...>
[pid   296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] unlink("./5/binderfs")      = 0
[pid   296] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] close(3)                    = 0
[pid   296] rmdir("./5")                = 0
[pid   296] mkdir("./6", 0777)          = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 343
./strace-static-x86_64: Process 343 attached
[pid   343] set_robust_list(0x555556ccb660, 24) = 0
[pid   343] chdir("./6")                = 0
[pid   343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   343] setpgid(0, 0)               = 0
[pid   343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   343] write(3, "1000", 4)         = 4
[pid   343] close(3)                    = 0
[pid   343] symlink("/dev/binderfs", "./binderfs") = 0
[pid   343] write(1, "executing program\n", 18) = 18
[pid   343] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   343] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   343] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   342] <... write resumed>)        = 18
[pid   342] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   342] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   342] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   341] <... bpf resumed>)          = 7
[pid   340] +++ exited with 0 +++
[pid   341] exit_group(0)               = ?
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   300] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   300] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   300] unlink("./6/binderfs")      = 0
[pid   300] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   300] close(3)                    = 0
[pid   300] rmdir("./6")                = 0
[pid   300] mkdir("./7", 0777)          = 0
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 345
./strace-static-x86_64: Process 345 attached
[pid   345] set_robust_list(0x555556ccb660, 24) = 0
[pid   345] chdir("./7")                = 0
[pid   345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   345] setpgid(0, 0)               = 0
[pid   345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   345] write(3, "1000", 4)         = 4
[pid   345] close(3)                    = 0
[pid   345] symlink("/dev/binderfs", "./binderfs") = 0
[pid   345] write(1, "executing program\n", 18executing program
) = 18
[pid   345] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   345] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[   25.401110][  T289] RSP: 002b:00007ffcfb246408 EFLAGS: 00000246 ORIG_RAX: 0000000000000027
[   25.409359][  T289] RAX: 0000000000000121 RBX: 0000000000000000 RCX: 00007f73f9afd587
[   25.417170][  T289] RDX: 0000000000000b29 RSI: 0000565321977fe0 RDI: 0000565321975937
[   25.425065][  T289] RBP: 0000565321976e06 R08: 0000000000000006 R09: 0000000000000000
[   25.432878][  T289] R10: 0000565321976e06 R11: 0000000000000246 R12: 0000565321975937
[   25.440697][  T289] R13: 0000565321977fe0 R14: 0000565323260390 R15: 00007ffcfb246990
[   25.448593][  T289]  </TASK>
[pid   345] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   339] +++ exited with 0 +++
[pid   343] <... bpf resumed>)          = 5
[pid   342] <... bpf resumed>)          = 5
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   345] <... bpf resumed>)          = 5
[pid   295] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   345] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   341] +++ exited with 0 +++
[pid   343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   342] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   295] <... restart_syscall resumed>) = 0
[pid   345] <... bpf resumed>)          = 6
[pid   343] <... bpf resumed>)          = 6
[pid   345] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   295] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   295] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   295] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   295] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   295] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   342] <... bpf resumed>)          = 6
[pid   298] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   295] unlink("./7/binderfs" <unfinished ...>
[pid   343] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   342] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   298] <... restart_syscall resumed>) = 0
[pid   295] <... unlink resumed>)       = 0
[pid   295] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   295] close(3 <unfinished ...>
[pid   298] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   298] newfstatat(3, "",  <unfinished ...>
[pid   295] <... close resumed>)        = 0
[pid   298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   295] rmdir("./7" <unfinished ...>
[pid   298] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] <... rmdir resumed>)        = 0
[pid   298] unlink("./7/binderfs")      = 0
[pid   295] mkdir("./8", 0777 <unfinished ...>
[pid   298] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] close(3)                    = 0
[pid   298] rmdir("./7")                = 0
[pid   295] <... mkdir resumed>)        = 0
[pid   298] mkdir("./8", 0777 <unfinished ...>
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   298] <... mkdir resumed>)        = 0
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 347
[pid   295] <... clone resumed>, child_tidptr=0x555556ccb650) = 346
./strace-static-x86_64: Process 347 attached
./strace-static-x86_64: Process 346 attached
[pid   346] set_robust_list(0x555556ccb660, 24) = 0
[pid   346] chdir("./8")                = 0
[pid   346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   346] setpgid(0, 0)               = 0
[pid   346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   347] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   346] write(3, "1000", 4)         = 4
[pid   346] close(3)                    = 0
[pid   346] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   347] <... set_robust_list resumed>) = 0
[pid   346] <... symlink resumed>)      = 0
executing program
[pid   346] write(1, "executing program\n", 18) = 18
[pid   346] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   346] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   347] chdir("./8")                = 0
[pid   347] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   346] <... bpf resumed>)          = 4
[pid   347] <... prctl resumed>)        = 0
[pid   346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   347] setpgid(0, 0)               = 0
[pid   347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   347] write(3, "1000", 4)         = 4
[pid   347] close(3)                    = 0
[pid   347] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   347] write(1, "executing program\n", 18) = 18
[pid   347] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   347] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   347] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   345] <... bpf resumed>)          = 7
[pid   347] <... bpf resumed>)          = 5
[pid   346] <... bpf resumed>)          = 5
[pid   343] <... bpf resumed>)          = 7
[pid   342] <... bpf resumed>)          = 7
[   25.509883][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   25.521520][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   25.527994][  T289] Modules linked in:
[   25.531687][  T289] Preemption disabled at:
[   25.531695][  T289] [<ffffffff81489ceb>] __set_current_blocked+0x11b/0x2f0
[   25.542784][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   25.553271][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   25.563174][  T289] Call Trace:
[   25.566289][  T289]  <TASK>
[   25.569070][  T289]  dump_stack_lvl+0x151/0x1b7
[   25.573573][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   25.578871][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   25.584161][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   25.589469][  T289]  ? fsnotify_perm+0x6a/0x5d0
[   25.593977][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   25.599266][  T289]  dump_stack+0x15/0x1b
[   25.603262][  T289]  __schedule_bug+0x195/0x260
[   25.607772][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   25.613063][  T289]  ? file_end_write+0x1c0/0x1c0
[   25.617751][  T289]  __schedule+0xcf7/0x1550
[   25.622020][  T289]  ? __kasan_check_read+0x11/0x20
[   25.626866][  T289]  ? __fdget_pos+0x204/0x390
[   25.631294][  T289]  ? __sched_text_start+0x8/0x8
[   25.636105][  T289]  ? ksys_write+0x24f/0x2c0
[   25.640445][  T289]  ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[   25.645824][  T289]  schedule+0xc3/0x180
[   25.649735][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   25.654768][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   25.660059][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   25.665440][  T289]  do_syscall_64+0x49/0xb0
[   25.669692][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   25.675423][  T289] RIP: 0033:0x7f73f9b16bf2
[   25.679672][  T289] Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83
[   25.699244][  T289] RSP: 002b:00007ffcfb246ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid   347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73executing program
 <unfinished ...>
[pid   346] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   343] exit_group(0 <unfinished ...>
[pid   342] exit_group(0 <unfinished ...>
[pid   347] <... bpf resumed>)          = 6
[pid   346] <... bpf resumed>)          = 6
[pid   345] exit_group(0 <unfinished ...>
[pid   343] <... exit_group resumed>)   = ?
[pid   342] <... exit_group resumed>)   = ?
[pid   347] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   346] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   343] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   296] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   296] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   296] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] unlink("./6/binderfs")      = 0
[pid   296] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] close(3)                    = 0
[pid   296] rmdir("./6")                = 0
[pid   296] mkdir("./7", 0777)          = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 348
[pid   345] <... exit_group resumed>)   = ?
./strace-static-x86_64: Process 348 attached
[pid   348] set_robust_list(0x555556ccb660, 24) = 0
[pid   348] chdir("./7")                = 0
[pid   348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   348] setpgid(0, 0)               = 0
[pid   348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   348] write(3, "1000", 4)         = 4
[pid   348] close(3)                    = 0
[pid   348] symlink("/dev/binderfs", "./binderfs") = 0
[pid   348] write(1, "executing program\n", 18) = 18
[pid   348] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   348] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   348] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   342] +++ exited with 0 +++
[pid   347] <... bpf resumed>)          = 7
[pid   346] <... bpf resumed>)          = 7
[pid   345] +++ exited with 0 +++
[pid   348] <... bpf resumed>)          = 5
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   348] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   346] exit_group(0 <unfinished ...>
[pid   347] exit_group(0 <unfinished ...>
[pid   301] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   301] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   348] <... bpf resumed>)          = 6
[pid   301] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   346] <... exit_group resumed>)   = ?
[pid   347] <... exit_group resumed>)   = ?
[pid   301] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   301] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   301] unlink("./6/binderfs")      = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   301] close(3)                    = 0
[pid   301] rmdir("./6")                = 0
[pid   300] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   301] mkdir("./7", 0777 <unfinished ...>
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   348] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   301] <... mkdir resumed>)        = 0
[pid   300] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   300] <... openat resumed>)       = 3
[pid   300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] getdents64(3, ./strace-static-x86_64: Process 349 attached
 <unfinished ...>
[pid   301] <... clone resumed>, child_tidptr=0x555556ccb650) = 349
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   349] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   300] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   349] <... set_robust_list resumed>) = 0
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] newfstatat(AT_FDCWD, "./7/binderfs",  <unfinished ...>
[pid   349] chdir("./7" <unfinished ...>
[pid   300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[   25.707500][  T289] RAX: 00000000000001c4 RBX: 00000000000001c4 RCX: 00007f73f9b16bf2
[   25.715301][  T289] RDX: 00000000000001c4 RSI: 0000565323272140 RDI: 0000000000000004
[   25.723111][  T289] RBP: 0000565323258290 R08: 0000000000000000 R09: 0000000000000000
[   25.730925][  T289] R10: 0000000000000000 R11: 0000000000000246 R12: 000056532196caa4
[   25.738736][  T289] R13: 0000000000000019 R14: 000056532196d3e8 R15: 00007ffcfb246b48
[   25.746552][  T289]  </TASK>
[   25.757225][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   25.768668][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   25.775054][  T289] Modules linked in:
[   25.779115][  T289] Preemption disabled at:
[   25.779124][  T289] [<ffffffff81489ceb>] __set_current_blocked+0x11b/0x2f0
[   25.790314][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   25.800785][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   25.810677][  T289] Call Trace:
[   25.813808][  T289]  <TASK>
[   25.816578][  T289]  dump_stack_lvl+0x151/0x1b7
[   25.821092][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   25.826387][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   25.831692][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   25.836975][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   25.842277][  T289]  dump_stack+0x15/0x1b
[   25.846261][  T289]  __schedule_bug+0x195/0x260
[   25.850777][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   25.856073][  T289]  ? pollwake+0x280/0x280
[   25.860238][  T289]  __schedule+0xcf7/0x1550
[   25.864492][  T289]  ? __se_sys_ppoll+0x2b3/0x330
[   25.869262][  T289]  ? __sched_text_start+0x8/0x8
[   25.873948][  T289]  ? __x64_sys_ppoll+0xd0/0xd0
[   25.878550][  T289]  schedule+0xc3/0x180
[   25.882457][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   25.887491][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   25.892784][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   25.898168][  T289]  do_syscall_64+0x49/0xb0
[   25.902421][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   25.908146][  T289] RIP: 0033:0x7f73f9b19ad5
[   25.912405][  T289] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83
[   25.931847][  T289] RSP: 002b:00007ffcfb246ac0 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[   25.940085][  T289] RAX: 0000000000000002 RBX: 00000000000668a0 RCX: 00007f73f9b19ad5
[   25.947901][  T289] RDX: 00007ffcfb246ae0 RSI: 0000000000000004 RDI: 0000565323259b20
[pid   300] unlink("./7/binderfs"executing program
executing program
)      = 0
[pid   300] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   300] close(3)                    = 0
[pid   300] rmdir("./7")                = 0
[pid   300] mkdir("./8", 0777)          = 0
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 350
[pid   349] <... chdir resumed>)        = 0
[pid   349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   349] setpgid(0, 0)               = 0
[pid   349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   349] write(3, "1000", 4)         = 4
[pid   349] close(3)                    = 0
[pid   349] symlink("/dev/binderfs", "./binderfs") = 0
[pid   349] write(1, "executing program\n", 18) = 18
[pid   349] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   349] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   349] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16./strace-static-x86_64: Process 350 attached
 <unfinished ...>
[pid   350] set_robust_list(0x555556ccb660, 24) = 0
[pid   350] chdir("./8")                = 0
[pid   350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   350] setpgid(0, 0)               = 0
[pid   350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   350] write(3, "1000", 4)         = 4
[pid   350] close(3)                    = 0
[pid   350] symlink("/dev/binderfs", "./binderfs") = 0
[pid   350] write(1, "executing program\n", 18) = 18
[pid   350] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   350] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   350] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   346] +++ exited with 0 +++
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   295] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   295] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   295] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   295] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   295] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] unlink("./8/binderfs" <unfinished ...>
[pid   348] <... bpf resumed>)          = 7
[pid   347] +++ exited with 0 +++
[pid   350] <... bpf resumed>)          = 5
[pid   349] <... bpf resumed>)          = 5
[pid   348] exit_group(0)               = ?
[pid   350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   349] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   348] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   296] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   296] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] getdents64(3,  <unfinished ...>
[pid   350] <... bpf resumed>)          = 6
[pid   298] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   350] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   349] <... bpf resumed>)          = 6
[pid   349] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   298] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] getdents64(3,  <unfinished ...>
[pid   350] <... bpf resumed>)          = 7
[pid   349] <... bpf resumed>)          = 7
[pid   350] exit_group(0)               = ?
[pid   349] exit_group(0)               = ?
[pid   350] +++ exited with 0 +++
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   349] +++ exited with 0 +++
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   301] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   301] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   300] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   301] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[   25.955709][  T289] RBP: 00005653232585e0 R08: 0000000000000008 R09: 0000000000000000
[   25.963519][  T289] R10: 00007ffcfb246bc8 R11: 0000000000000246 R12: 000056532196caa4
[   25.971468][  T289] R13: 0000000000000001 R14: 000056532196d3e8 R15: 00007ffcfb246b48
[   25.979282][  T289]  </TASK>
[pid   301] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   300] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   301] <... openat resumed>)       = 3
[pid   300] <... openat resumed>)       = 3
[pid   301] newfstatat(3, "",  <unfinished ...>
[pid   300] newfstatat(3, "",  <unfinished ...>
[pid   301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   301] getdents64(3,  <unfinished ...>
[pid   300] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   300] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] <... unlink resumed>)       = 0
[pid   301] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] getdents64(3,  <unfinished ...>
[pid   301] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   300] newfstatat(AT_FDCWD, "./8/binderfs",  <unfinished ...>
[pid   298] newfstatat(AT_FDCWD, "./8/binderfs",  <unfinished ...>
[pid   296] newfstatat(AT_FDCWD, "./7/binderfs",  <unfinished ...>
[pid   301] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   301] newfstatat(AT_FDCWD, "./7/binderfs",  <unfinished ...>
[pid   300] unlink("./8/binderfs" <unfinished ...>
[pid   298] unlink("./8/binderfs" <unfinished ...>
[pid   296] unlink("./7/binderfs" <unfinished ...>
[pid   295] close(3 <unfinished ...>
[pid   301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   300] <... unlink resumed>)       = 0
[pid   295] <... close resumed>)        = 0
[pid   301] unlink("./7/binderfs" <unfinished ...>
[pid   295] rmdir("./8" <unfinished ...>
[pid   301] <... unlink resumed>)       = 0
[pid   300] getdents64(3,  <unfinished ...>
[pid   298] <... unlink resumed>)       = 0
[pid   296] <... unlink resumed>)       = 0
[pid   301] getdents64(3,  <unfinished ...>
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] <... rmdir resumed>)        = 0
[pid   298] getdents64(3,  <unfinished ...>
[pid   301] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   300] close(3 <unfinished ...>
[pid   296] getdents64(3,  <unfinished ...>
[pid   295] mkdir("./9", 0777 <unfinished ...>
[pid   301] close(3 <unfinished ...>
[pid   300] <... close resumed>)        = 0
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   301] <... close resumed>)        = 0
[pid   300] rmdir("./8" <unfinished ...>
[pid   298] close(3 <unfinished ...>
[pid   296] close(3 <unfinished ...>
[pid   295] <... mkdir resumed>)        = 0
[pid   301] rmdir("./7" <unfinished ...>
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   301] <... rmdir resumed>)        = 0
[pid   300] <... rmdir resumed>)        = 0
[pid   298] <... close resumed>)        = 0
[pid   296] <... close resumed>)        = 0
[pid   300] mkdir("./9", 0777 <unfinished ...>
[pid   298] rmdir("./8" <unfinished ...>
[pid   296] rmdir("./7"./strace-static-x86_64: Process 351 attached
 <unfinished ...>
[pid   301] mkdir("./8", 0777 <unfinished ...>
[pid   300] <... mkdir resumed>)        = 0
[pid   298] <... rmdir resumed>)        = 0
[pid   351] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   296] <... rmdir resumed>)        = 0
[pid   295] <... clone resumed>, child_tidptr=0x555556ccb650) = 351
[pid   351] <... set_robust_list resumed>) = 0
[pid   301] <... mkdir resumed>)        = 0
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   298] mkdir("./9", 0777 <unfinished ...>
[pid   296] mkdir("./8", 0777 <unfinished ...>
[pid   351] chdir("./9" <unfinished ...>
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   351] <... chdir resumed>)        = 0
[pid   351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   351] setpgid(0, 0)               = 0
[pid   298] <... mkdir resumed>)        = 0
[pid   351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   296] <... mkdir resumed>)        = 0
[pid   351] write(3, "1000", 4)         = 4
./strace-static-x86_64: Process 352 attached
./strace-static-x86_64: Process 353 attached
[pid   351] close(3executing program
 <unfinished ...>
[pid   300] <... clone resumed>, child_tidptr=0x555556ccb650) = 352
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   301] <... clone resumed>, child_tidptr=0x555556ccb650) = 353
[pid   351] <... close resumed>)        = 0
[pid   351] symlink("/dev/binderfs", "./binderfs") = 0
[pid   351] write(1, "executing program\n", 18) = 18
[pid   351] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   351] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   298] <... clone resumed>, child_tidptr=0x555556ccb650) = 354
[pid   296] <... clone resumed>, child_tidptr=0x555556ccb650) = 355
./strace-static-x86_64: Process 355 attached
./strace-static-x86_64: Process 354 attached
[pid   353] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   352] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   351] <... bpf resumed>)          = 4
[pid   351] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   353] <... set_robust_list resumed>) = 0
[pid   352] <... set_robust_list resumed>) = 0
[pid   351] <... bpf resumed>)          = 5
[pid   354] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   351] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   355] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   354] <... set_robust_list resumed>) = 0
[pid   353] chdir("./8" <unfinished ...>
[pid   352] chdir("./9" <unfinished ...>
[pid   355] <... set_robust_list resumed>) = 0
[pid   351] <... bpf resumed>)          = 6
[pid   351] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7
[pid   352] <... chdir resumed>)        = 0
[pid   353] <... chdir resumed>)        = 0
[pid   352] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   353] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   352] <... prctl resumed>)        = 0
[pid   351] exit_group(0)               = ?
[pid   354] chdir("./9" <unfinished ...>
[pid   353] <... prctl resumed>)        = 0
[pid   352] setpgid(0, 0 <unfinished ...>
[pid   351] +++ exited with 0 +++
[pid   355] chdir("./8" <unfinished ...>
[pid   352] <... setpgid resumed>)      = 0
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   353] setpgid(0, 0 <unfinished ...>
[pid   354] <... chdir resumed>)        = 0
[pid   353] <... setpgid resumed>)      = 0
[pid   352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   295] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   354] setpgid(0, 0 <unfinished ...>
[pid   295] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   354] <... setpgid resumed>)      = 0
[pid   354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   295] <... openat resumed>)       = 3
[pid   352] <... openat resumed>)       = 3
[pid   295] newfstatat(3, "",  <unfinished ...>
[pid   354] <... openat resumed>)       = 3
[pid   353] <... openat resumed>)       = 3
[pid   352] write(3, "1000", 4 <unfinished ...>
[pid   295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   354] write(3, "1000", 4 <unfinished ...>
[pid   352] <... write resumed>)        = 4
[pid   295] getdents64(3,  <unfinished ...>
[pid   353] write(3, "1000", 4 <unfinished ...>
[pid   354] <... write resumed>)        = 4
[pid   354] close(3)                    = 0
[pid   354] symlink("/dev/binderfs", "./binderfs") = 0
[pid   353] <... write resumed>)        = 4
[pid   352] close(3executing program
 <unfinished ...>
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   354] write(1, "executing program\n", 18) = 18
[pid   353] close(3 <unfinished ...>
[pid   352] <... close resumed>)        = 0
[pid   295] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   354] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   353] <... close resumed>)        = 0
[pid   352] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   354] <... bpf resumed>)          = 3
[pid   353] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   354] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   295] newfstatat(AT_FDCWD, "./9/binderfs",  <unfinished ...>
[pid   354] <... bpf resumed>)          = 0
[pid   354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   355] <... chdir resumed>)        = 0
[pid   354] <... bpf resumed>)          = 4
[pid   353] <... symlink resumed>)      = 0
[pid   352] <... symlink resumed>)      = 0
[pid   295] unlink("./9/binderfs" <unfinished ...>
[pid   354] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
executing program
executing program
[pid   355] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   353] write(1, "executing program\n", 18 <unfinished ...>
[pid   352] write(1, "executing program\n", 18 <unfinished ...>
[pid   295] <... unlink resumed>)       = 0
[pid   355] <... prctl resumed>)        = 0
[pid   353] <... write resumed>)        = 18
[pid   352] <... write resumed>)        = 18
[pid   295] getdents64(3,  <unfinished ...>
[pid   353] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   355] setpgid(0, 0 <unfinished ...>
[pid   352] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   353] <... bpf resumed>)          = 3
[pid   295] close(3 <unfinished ...>
[pid   355] <... setpgid resumed>)      = 0
[pid   295] <... close resumed>)        = 0
[pid   353] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   295] rmdir("./9" <unfinished ...>
[pid   353] <... bpf resumed>)          = 0
[pid   352] <... bpf resumed>)          = 3
[pid   355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   295] <... rmdir resumed>)        = 0
[pid   353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   352] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   295] mkdir("./10", 0777 <unfinished ...>
[pid   352] <... bpf resumed>)          = 0
[pid   355] write(3, "1000", 4)         = 4
[pid   355] close(3)                    = 0
[pid   355] symlink("/dev/binderfs", "./binderfs") = 0
[pid   295] <... mkdir resumed>)        = 0
[pid   352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   355] write(1, "executing program\n", 18) = 18
[pid   355] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   355] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144executing program
) = 4
[pid   353] <... bpf resumed>)          = 4
[pid   352] <... bpf resumed>)          = 4
[pid   295] <... clone resumed>, child_tidptr=0x555556ccb650) = 356
[pid   353] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   355] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16./strace-static-x86_64: Process 356 attached
 <unfinished ...>
[pid   356] set_robust_list(0x555556ccb660, 24) = 0
[pid   356] chdir("./10")               = 0
[pid   356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   356] setpgid(0, 0)               = 0
[pid   356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   356] write(3, "1000", 4)         = 4
[pid   356] close(3)                    = 0
[pid   356] symlink("/dev/binderfs", "./binderfs") = 0
[pid   356] write(1, "executing program\n", 18executing program
) = 18
[pid   356] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   356] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   356] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   354] <... bpf resumed>)          = 5
[pid   355] <... bpf resumed>)          = 5
[pid   354] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   353] <... bpf resumed>)          = 5
[pid   352] <... bpf resumed>)          = 5
[pid   356] <... bpf resumed>)          = 5
[pid   355] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   352] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   355] <... bpf resumed>)          = 6
[pid   354] <... bpf resumed>)          = 6
[pid   353] <... bpf resumed>)          = 6
[pid   355] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   354] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   355] <... bpf resumed>)          = 7
[pid   354] <... bpf resumed>)          = 7
[pid   353] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   352] <... bpf resumed>)          = 6
[   26.063192][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   26.074715][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   26.081148][  T289] Modules linked in:
[   26.084830][  T289] Preemption disabled at:
[   26.084840][  T289] [<ffffffff840015c0>] release_sock+0x30/0x1b0
[   26.095005][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   26.105396][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   26.115385][  T289] Call Trace:
[   26.118502][  T289]  <TASK>
[   26.121278][  T289]  dump_stack_lvl+0x151/0x1b7
[   26.125788][  T289]  ? release_sock+0x30/0x1b0
[   26.130213][  T289]  ? release_sock+0x30/0x1b0
[   26.134640][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   26.139935][  T289]  ? release_sock+0x30/0x1b0
[   26.144365][  T289]  dump_stack+0x15/0x1b
[   26.148357][  T289]  __schedule_bug+0x195/0x260
[   26.152869][  T289]  ? bpf_bprintf_cleanup+0x48/0x60
[   26.157818][  T289]  ? bpf_trace_printk+0x1be/0x300
[   26.162680][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   26.167996][  T289]  ? bpf_probe_write_user+0xf0/0xf0
[   26.173004][  T289]  ? bpf_trace_run2+0xe9/0x290
[   26.177603][  T289]  __schedule+0xcf7/0x1550
[   26.181856][  T289]  ? __this_cpu_preempt_check+0x13/0x20
[   26.187244][  T289]  ? bpf_trace_run2+0x138/0x290
[   26.191929][  T289]  ? __sched_text_start+0x8/0x8
[   26.196613][  T289]  ? bpf_trace_run1+0x240/0x240
[   26.201301][  T289]  ? ksys_write+0x24f/0x2c0
[   26.205641][  T289]  ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[   26.211018][  T289]  schedule+0xc3/0x180
[   26.214928][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   26.219960][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   26.225255][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   26.230639][  T289]  do_syscall_64+0x49/0xb0
[   26.234891][  T289]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[   26.240529][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   26.246275][  T289] RIP: 0033:0x7f73f9afd587
[   26.250526][  T289] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00
[   26.270044][  T289] RSP: 002b:00007ffcfb246928 EFLAGS: 00000246 ORIG_RAX: 0000000000000027
[   26.278283][  T289] RAX: 0000000000000121 RBX: 0000000000000008 RCX: 00007f73f9afd587
[   26.286101][  T289] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000008
[   26.293910][  T289] RBP: 0000565323253554 R08: 0000000000000000 R09: 0000000000000000
[   26.301719][  T289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000400
[pid   355] exit_group(0 <unfinished ...>
[   26.309534][  T289] R13: 0000000000000008 R14: 0000000000000000 R15: 0000565323258290
[   26.317351][  T289]  </TASK>
[   26.321581][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   26.332983][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   26.339412][  T289] Modules linked in:
[   26.343095][  T289] Preemption disabled at:
[   26.343101][  T289] [<ffffffff81489ceb>] __set_current_blocked+0x11b/0x2f0
[   26.354217][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   26.364534][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   26.374431][  T289] Call Trace:
[   26.377551][  T289]  <TASK>
[   26.380328][  T289]  dump_stack_lvl+0x151/0x1b7
[   26.384843][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   26.390137][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   26.395432][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   26.400727][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   26.406023][  T289]  dump_stack+0x15/0x1b
[   26.410011][  T289]  __schedule_bug+0x195/0x260
[   26.414612][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   26.419915][  T289]  ? pollwake+0x280/0x280
[   26.424079][  T289]  __schedule+0xcf7/0x1550
[   26.428327][  T289]  ? __se_sys_ppoll+0x2b3/0x330
[   26.433010][  T289]  ? __sched_text_start+0x8/0x8
[   26.437703][  T289]  ? __x64_sys_ppoll+0xd0/0xd0
[   26.442303][  T289]  schedule+0xc3/0x180
[   26.446204][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   26.451244][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   26.456534][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   26.461914][  T289]  do_syscall_64+0x49/0xb0
[   26.466184][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   26.471897][  T289] RIP: 0033:0x7f73f9b19ad5
[   26.476157][  T289] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83
[   26.495595][  T289] RSP: 002b:00007ffcfb246ac0 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[   26.503836][  T289] RAX: 0000000000000002 RBX: 00000000000668a0 RCX: 00007f73f9b19ad5
[pid   354] exit_group(0executing program
executing program
executing program
executing program
executing program
 <unfinished ...>
[pid   353] <... bpf resumed>)          = 7
[pid   352] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   355] <... exit_group resumed>)   = ?
[pid   354] <... exit_group resumed>)   = ?
[pid   353] exit_group(0 <unfinished ...>
[pid   352] <... bpf resumed>)          = 7
[pid   355] +++ exited with 0 +++
[pid   354] +++ exited with 0 +++
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   298] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   296] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   298] <... openat resumed>)       = 3
[pid   296] <... openat resumed>)       = 3
[pid   298] newfstatat(3, "",  <unfinished ...>
[pid   296] newfstatat(3, "",  <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] getdents64(3,  <unfinished ...>
[pid   296] getdents64(3,  <unfinished ...>
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] newfstatat(AT_FDCWD, "./9/binderfs",  <unfinished ...>
[pid   296] newfstatat(AT_FDCWD, "./8/binderfs",  <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] unlink("./9/binderfs" <unfinished ...>
[pid   296] unlink("./8/binderfs" <unfinished ...>
[pid   298] <... unlink resumed>)       = 0
[pid   296] <... unlink resumed>)       = 0
[pid   298] getdents64(3,  <unfinished ...>
[pid   296] getdents64(3,  <unfinished ...>
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] close(3 <unfinished ...>
[pid   296] close(3 <unfinished ...>
[pid   298] <... close resumed>)        = 0
[pid   296] <... close resumed>)        = 0
[pid   298] rmdir("./9" <unfinished ...>
[pid   296] rmdir("./8" <unfinished ...>
[pid   298] <... rmdir resumed>)        = 0
[pid   296] <... rmdir resumed>)        = 0
[pid   298] mkdir("./10", 0777 <unfinished ...>
[pid   296] mkdir("./9", 0777 <unfinished ...>
[pid   298] <... mkdir resumed>)        = 0
[pid   296] <... mkdir resumed>)        = 0
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   298] <... clone resumed>, child_tidptr=0x555556ccb650) = 357
[pid   296] <... clone resumed>, child_tidptr=0x555556ccb650) = 358
./strace-static-x86_64: Process 358 attached
[pid   358] set_robust_list(0x555556ccb660, 24) = 0
[pid   358] chdir("./9")                = 0
[pid   358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   358] setpgid(0, 0)               = 0
[pid   358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   358] write(3, "1000", 4)         = 4
[pid   358] close(3)                    = 0
[pid   358] symlink("/dev/binderfs", "./binderfs") = 0
[pid   358] write(1, "executing program\n", 18) = 18
[pid   358] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   358] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   358] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 357 attached
 <unfinished ...>
[pid   357] set_robust_list(0x555556ccb660, 24) = 0
[pid   357] chdir("./10")               = 0
[pid   358] <... bpf resumed>)          = 4
[pid   357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   357] setpgid(0, 0)               = 0
[pid   357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   357] write(3, "1000", 4)         = 4
[pid   357] close(3 <unfinished ...>
[pid   358] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   357] <... close resumed>)        = 0
[pid   358] <... bpf resumed>)          = 5
[pid   357] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   358] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   357] <... symlink resumed>)      = 0
[pid   357] write(1, "executing program\n", 18) = 18
[pid   357] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   357] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   357] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16) = 5
[pid   357] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   358] <... bpf resumed>)          = 6
[pid   357] <... bpf resumed>)          = 6
[pid   356] <... bpf resumed>)          = 6
[pid   358] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   357] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   358] <... bpf resumed>)          = 7
[pid   357] <... bpf resumed>)          = 7
[pid   358] exit_group(0 <unfinished ...>
[pid   357] exit_group(0 <unfinished ...>
[pid   356] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   358] <... exit_group resumed>)   = ?
[pid   357] <... exit_group resumed>)   = ?
[pid   356] <... bpf resumed>)          = 7
[pid   358] +++ exited with 0 +++
[pid   357] +++ exited with 0 +++
[pid   356] exit_group(0)               = ?
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=358, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   356] +++ exited with 0 +++
[pid   353] <... exit_group resumed>)   = ?
[pid   296] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   298] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   296] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] <... openat resumed>)       = 3
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] newfstatat(3, "",  <unfinished ...>
[pid   296] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] <... openat resumed>)       = 3
[pid   298] getdents64(3,  <unfinished ...>
[pid   296] newfstatat(3, "",  <unfinished ...>
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] getdents64(3,  <unfinished ...>
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] newfstatat(AT_FDCWD, "./10/binderfs",  <unfinished ...>
[pid   296] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] unlink("./10/binderfs" <unfinished ...>
[pid   296] newfstatat(AT_FDCWD, "./9/binderfs",  <unfinished ...>
[pid   295] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] <... unlink resumed>)       = 0
[pid   296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] getdents64(3,  <unfinished ...>
[pid   296] unlink("./9/binderfs" <unfinished ...>
[pid   295] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] <... unlink resumed>)       = 0
[pid   295] <... openat resumed>)       = 3
[pid   298] close(3 <unfinished ...>
[pid   296] getdents64(3,  <unfinished ...>
[pid   295] newfstatat(3, "",  <unfinished ...>
[pid   298] <... close resumed>)        = 0
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] rmdir("./10" <unfinished ...>
[pid   296] close(3 <unfinished ...>
[pid   295] getdents64(3,  <unfinished ...>
[pid   298] <... rmdir resumed>)        = 0
[pid   296] <... close resumed>)        = 0
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] mkdir("./11", 0777 <unfinished ...>
[pid   296] rmdir("./9" <unfinished ...>
[pid   295] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] <... mkdir resumed>)        = 0
[pid   296] <... rmdir resumed>)        = 0
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   296] mkdir("./10", 0777 <unfinished ...>
[pid   295] newfstatat(AT_FDCWD, "./10/binderfs",  <unfinished ...>
[pid   296] <... mkdir resumed>)        = 0
[pid   295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] <... clone resumed>, child_tidptr=0x555556ccb650) = 359
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   295] unlink("./10/binderfs")     = 0
[pid   296] <... clone resumed>, child_tidptr=0x555556ccb650) = 360
[pid   295] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] close(3)                    = 0
[pid   295] rmdir("./10")               = 0
[pid   295] mkdir("./11", 0777)         = 0
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 361
./strace-static-x86_64: Process 360 attached
[pid   360] set_robust_list(0x555556ccb660, 24) = 0
[pid   360] chdir("./10")               = 0
[pid   360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   360] setpgid(0, 0)               = 0
[pid   360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   360] write(3, "1000", 4)         = 4
[pid   360] close(3)                    = 0
[pid   360] symlink("/dev/binderfs", "./binderfs") = 0
[pid   360] write(1, "executing program\n", 18) = 18
./strace-static-x86_64: Process 359 attached
[pid   360] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   359] set_robust_list(0x555556ccb660, 24) = 0
[pid   360] <... bpf resumed>)          = 3
[pid   359] chdir("./11" <unfinished ...>
[pid   360] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   360] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   359] <... chdir resumed>)        = 0
[pid   359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   359] setpgid(0, 0)               = 0
[pid   359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   360] <... bpf resumed>)          = 4
[pid   359] write(3, "1000", 4 <unfinished ...>
[pid   360] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   359] <... write resumed>)        = 4
[pid   359] close(3)                    = 0
[pid   359] symlink("/dev/binderfs", "./binderfs") = 0
[pid   359] write(1, "executing program\n", 18) = 18
[pid   359] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   359] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   359] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   359] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   352] exit_group(0)               = ?
./strace-static-x86_64: Process 361 attached
[pid   361] set_robust_list(0x555556ccb660, 24) = 0
[pid   361] chdir("./11")               = 0
[pid   361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   361] setpgid(0, 0)               = 0
[pid   361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   361] write(3, "1000", 4)         = 4
[pid   361] close(3)                    = 0
[pid   361] symlink("/dev/binderfs", "./binderfs") = 0
[pid   361] write(1, "executing program\n", 18) = 18
[pid   361] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   361] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   361] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   361] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16) = 5
[pid   360] <... bpf resumed>)          = 5
[pid   359] <... bpf resumed>)          = 5
[pid   353] +++ exited with 0 +++
[pid   352] +++ exited with 0 +++
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   359] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=353, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   361] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   360] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   359] <... bpf resumed>)          = 6
[pid   301] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   300] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   360] <... bpf resumed>)          = 6
[pid   301] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   301] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   300] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   301] <... openat resumed>)       = 3
[pid   300] <... openat resumed>)       = 3
[pid   301] newfstatat(3, "",  <unfinished ...>
[pid   300] newfstatat(3, "",  <unfinished ...>
[pid   301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   361] <... bpf resumed>)          = 6
[pid   360] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   361] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   301] getdents64(3,  <unfinished ...>
[pid   300] getdents64(3,  <unfinished ...>
[pid   359] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   301] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   301] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   301] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   301] newfstatat(AT_FDCWD, "./8/binderfs",  <unfinished ...>
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   300] newfstatat(AT_FDCWD, "./9/binderfs",  <unfinished ...>
[pid   301] unlink("./8/binderfs" <unfinished ...>
[pid   300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   301] <... unlink resumed>)       = 0
[pid   301] getdents64(3,  <unfinished ...>
[pid   300] unlink("./9/binderfs" <unfinished ...>
[pid   301] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   301] close(3 <unfinished ...>
[pid   300] <... unlink resumed>)       = 0
[pid   301] <... close resumed>)        = 0
[pid   300] getdents64(3,  <unfinished ...>
[pid   301] rmdir("./8" <unfinished ...>
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   301] <... rmdir resumed>)        = 0
[pid   300] close(3 <unfinished ...>
[pid   301] mkdir("./9", 0777 <unfinished ...>
[pid   300] <... close resumed>)        = 0
[pid   300] rmdir("./9")                = 0
[pid   301] <... mkdir resumed>)        = 0
[pid   300] mkdir("./10", 0777 <unfinished ...>
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   300] <... mkdir resumed>)        = 0
[pid   301] <... clone resumed>, child_tidptr=0x555556ccb650) = 363
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 363 attached
 <unfinished ...>
[pid   363] set_robust_list(0x555556ccb660, 24./strace-static-x86_64: Process 364 attached
 <unfinished ...>
[pid   300] <... clone resumed>, child_tidptr=0x555556ccb650) = 364
[pid   363] <... set_robust_list resumed>) = 0
[pid   364] set_robust_list(0x555556ccb660, 24) = 0
[pid   363] chdir("./9")                = 0
[pid   364] chdir("./10" <unfinished ...>
[pid   363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   363] setpgid(0, 0)               = 0
[pid   363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   363] write(3, "1000", 4)         = 4
[pid   363] close(3)                    = 0
[pid   364] <... chdir resumed>)        = 0
[pid   363] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   363] <... symlink resumed>)      = 0
[pid   364] setpgid(0, 0)               = 0
[pid   364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   363] write(1, "executing program\n", 18executing program
 <unfinished ...>
[pid   364] <... openat resumed>)       = 3
[pid   363] <... write resumed>)        = 18
[pid   364] write(3, "1000", 4 <unfinished ...>
[pid   363] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   364] <... write resumed>)        = 4
[pid   363] <... bpf resumed>)          = 3
[pid   363] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   363] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   364] close(3)                    = 0
executing program
[pid   364] symlink("/dev/binderfs", "./binderfs") = 0
[pid   363] <... bpf resumed>)          = 4
[pid   364] write(1, "executing program\n", 18) = 18
[pid   364] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   363] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   364] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   364] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   364] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   360] <... bpf resumed>)          = 7
[pid   363] <... bpf resumed>)          = 5
[pid   361] <... bpf resumed>)          = 7
[pid   359] <... bpf resumed>)          = 7
[   26.511649][  T289] RDX: 00007ffcfb246ae0 RSI: 0000000000000004 RDI: 0000565323259b20
[   26.519459][  T289] RBP: 00005653232585e0 R08: 0000000000000008 R09: 0000000000000000
[   26.527271][  T289] R10: 00007ffcfb246bc8 R11: 0000000000000246 R12: 000056532196caa4
[   26.535082][  T289] R13: 0000000000000001 R14: 000056532196d3e8 R15: 00007ffcfb246b48
[   26.542903][  T289]  </TASK>
[   26.569536][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   26.580948][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   26.587325][  T289] Modules linked in:
[   26.591228][  T289] Preemption disabled at:
[   26.591236][  T289] [<ffffffff840015c0>] release_sock+0x30/0x1b0
[   26.601621][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   26.612103][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   26.621997][  T289] Call Trace:
[   26.625125][  T289]  <TASK>
[   26.627903][  T289]  dump_stack_lvl+0x151/0x1b7
[   26.632416][  T289]  ? release_sock+0x30/0x1b0
[   26.636841][  T289]  ? release_sock+0x30/0x1b0
[   26.641270][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   26.646559][  T289]  ? release_sock+0x30/0x1b0
[   26.650984][  T289]  dump_stack+0x15/0x1b
[   26.654984][  T289]  __schedule_bug+0x195/0x260
[   26.659494][  T289]  ? try_to_wake_up+0x670/0x1220
[   26.664264][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   26.669559][  T289]  ? cpu_curr_snapshot+0x90/0x90
[   26.674338][  T289]  __schedule+0xcf7/0x1550
[   26.678587][  T289]  ? wake_up_process+0x10/0x20
[   26.683216][  T289]  ? raise_softirq_irqoff+0x37/0x40
[   26.688222][  T289]  ? rcu_read_unlock_special+0x3f2/0x4e0
[   26.693692][  T289]  ? __sched_text_start+0x8/0x8
[   26.698373][  T289]  ? __rcu_read_unlock+0xd0/0xd0
[   26.703150][  T289]  ? ksys_write+0x24f/0x2c0
[   26.707498][  T289]  ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[   26.712869][  T289]  schedule+0xc3/0x180
[   26.716776][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   26.721899][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   26.727201][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   26.732574][  T289]  do_syscall_64+0x49/0xb0
[   26.736825][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   26.742558][  T289] RIP: 0033:0x7f73f9afd587
[   26.746815][  T289] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00
[pid   360] exit_group(0executing program
executing program
 <unfinished ...>
[pid   364] <... bpf resumed>)          = 5
[pid   363] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   361] exit_group(0 <unfinished ...>
[pid   360] <... exit_group resumed>)   = ?
[pid   359] exit_group(0 <unfinished ...>
[pid   363] <... bpf resumed>)          = 6
[pid   359] <... exit_group resumed>)   = ?
[pid   363] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   359] +++ exited with 0 +++
[pid   363] <... bpf resumed>)          = 7
[pid   363] exit_group(0)               = ?
[pid   363] +++ exited with 0 +++
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   301] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   301] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   301] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   301] unlink("./9/binderfs")      = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   301] close(3)                    = 0
[pid   301] rmdir("./9")                = 0
[pid   301] mkdir("./10", 0777)         = 0
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 365
./strace-static-x86_64: Process 365 attached
[pid   365] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   364] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   361] <... exit_group resumed>)   = ?
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   298] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] unlink("./11/binderfs")     = 0
[pid   298] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] close(3)                    = 0
[pid   298] rmdir("./11")               = 0
[pid   298] mkdir("./12", 0777)         = 0
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 366
[pid   365] <... set_robust_list resumed>) = 0
[pid   365] chdir("./10" <unfinished ...>
[pid   364] <... bpf resumed>)          = 6
[pid   365] <... chdir resumed>)        = 0
[pid   365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   365] setpgid(0, 0 <unfinished ...>
[pid   364] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   365] <... setpgid resumed>)      = 0
[pid   365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   365] write(3, "1000", 4)         = 4
[pid   365] close(3)                    = 0
[pid   365] symlink("/dev/binderfs", "./binderfs") = 0
[pid   365] write(1, "executing program\n", 18) = 18
[pid   365] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   365] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   365] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   365] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16./strace-static-x86_64: Process 366 attached
 <unfinished ...>
[pid   366] set_robust_list(0x555556ccb660, 24) = 0
[pid   366] chdir("./12")               = 0
[pid   366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   366] setpgid(0, 0)               = 0
[pid   366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   366] write(3, "1000", 4)         = 4
[pid   366] close(3)                    = 0
[pid   366] symlink("/dev/binderfs", "./binderfs") = 0
[pid   366] write(1, "executing program\n", 18) = 18
[pid   366] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   366] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   366] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   366] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   360] +++ exited with 0 +++
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   296] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   296] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   296] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] unlink("./10/binderfs")     = 0
[pid   296] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] close(3)                    = 0
[pid   296] rmdir("./10")               = 0
[pid   296] mkdir("./11", 0777)         = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 367 attached
, child_tidptr=0x555556ccb650) = 367
[pid   367] set_robust_list(0x555556ccb660, 24) = 0
[pid   367] chdir("./11")               = 0
[pid   367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   367] setpgid(0, 0)               = 0
[pid   367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   367] write(3, "1000", 4)         = 4
[pid   367] close(3)                    = 0
[pid   367] symlink("/dev/binderfs", "./binderfs") = 0
[pid   367] write(1, "executing program\n", 18executing program
) = 18
[pid   367] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   367] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   367] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   367] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   361] +++ exited with 0 +++
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   295] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   364] <... bpf resumed>)          = 7
[pid   367] <... bpf resumed>)          = 5
[pid   366] <... bpf resumed>)          = 5
[pid   365] <... bpf resumed>)          = 5
[pid   364] exit_group(0 <unfinished ...>
[pid   367] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   366] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   365] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   364] <... exit_group resumed>)   = ?
[pid   364] +++ exited with 0 +++
[pid   295] <... restart_syscall resumed>) = 0
[pid   366] <... bpf resumed>)          = 6
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=364, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   300] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   295] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   300] <... openat resumed>)       = 3
[pid   295] <... openat resumed>)       = 3
[pid   300] newfstatat(3, "",  <unfinished ...>
[pid   295] newfstatat(3, "",  <unfinished ...>
[pid   300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] getdents64(3,  <unfinished ...>
[pid   295] getdents64(3,  <unfinished ...>
[pid   366] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   365] <... bpf resumed>)          = 6
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   365] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   300] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] newfstatat(AT_FDCWD, "./10/binderfs",  <unfinished ...>
[pid   295] newfstatat(AT_FDCWD, "./11/binderfs",  <unfinished ...>
[pid   300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   300] unlink("./10/binderfs" <unfinished ...>
[pid   295] unlink("./11/binderfs" <unfinished ...>
[pid   367] <... bpf resumed>)          = 6
[pid   300] <... unlink resumed>)       = 0
[pid   367] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   300] getdents64(3,  <unfinished ...>
[pid   295] <... unlink resumed>)       = 0
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] getdents64(3,  <unfinished ...>
[pid   300] close(3 <unfinished ...>
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   300] <... close resumed>)        = 0
[pid   295] close(3 <unfinished ...>
[pid   300] rmdir("./10" <unfinished ...>
[pid   295] <... close resumed>)        = 0
[pid   300] <... rmdir resumed>)        = 0
[pid   295] rmdir("./11" <unfinished ...>
[pid   300] mkdir("./11", 0777 <unfinished ...>
[pid   295] <... rmdir resumed>)        = 0
[pid   295] mkdir("./12", 0777 <unfinished ...>
[pid   300] <... mkdir resumed>)        = 0
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   295] <... mkdir resumed>)        = 0
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 368 attached
./strace-static-x86_64: Process 369 attached
 <unfinished ...>
[pid   369] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   368] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   300] <... clone resumed>, child_tidptr=0x555556ccb650) = 368
[pid   295] <... clone resumed>, child_tidptr=0x555556ccb650) = 369
[pid   369] <... set_robust_list resumed>) = 0
[pid   368] <... set_robust_list resumed>) = 0
[pid   368] chdir("./11")               = 0
[pid   368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   368] setpgid(0, 0)               = 0
[pid   368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   368] write(3, "1000", 4)         = 4
[pid   368] close(3)                    = 0
[pid   368] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   368] write(1, "executing program\n", 18) = 18
[pid   368] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   369] chdir("./12" <unfinished ...>
[pid   368] <... bpf resumed>)          = 3
[pid   369] <... chdir resumed>)        = 0
[pid   368] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   369] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   368] <... bpf resumed>)          = 4
[pid   368] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   369] <... prctl resumed>)        = 0
[pid   369] setpgid(0, 0)               = 0
[pid   369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   369] write(3, "1000", 4)         = 4
[pid   369] close(3)                    = 0
[pid   369] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   369] write(1, "executing program\n", 18) = 18
[pid   369] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   369] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   369] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   369] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   366] <... bpf resumed>)          = 7
[pid   369] <... bpf resumed>)          = 5
[pid   368] <... bpf resumed>)          = 5
[pid   367] <... bpf resumed>)          = 7
[pid   365] <... bpf resumed>)          = 7
[pid   366] exit_group(0 <unfinished ...>
[pid   369] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[   26.766342][  T289] RSP: 002b:00007ffcfb2463f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000027
[   26.774579][  T289] RAX: 0000000000000121 RBX: 0000000000000000 RCX: 00007f73f9afd587
[   26.782393][  T289] RDX: 0000000000000b16 RSI: 0000565321977fe0 RDI: 0000565321975937
[   26.790202][  T289] RBP: 0000565321976dd0 R08: 0000000000000006 R09: 0000000000000000
[   26.798013][  T289] R10: 0000565321976dd0 R11: 0000000000000246 R12: 0000565321975937
[   26.805826][  T289] R13: 0000565321977fe0 R14: 0000565323260390 R15: 00007ffcfb246980
[   26.813644][  T289]  </TASK>
[pid   368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   367] exit_group(0 <unfinished ...>
[pid   369] <... bpf resumed>)          = 6
[pid   368] <... bpf resumed>)          = 6
[pid   367] <... exit_group resumed>)   = ?
[pid   366] <... exit_group resumed>)   = ?
[pid   365] exit_group(0 <unfinished ...>
[pid   369] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7
[pid   367] +++ exited with 0 +++
[pid   369] exit_group(0 <unfinished ...>
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   369] <... exit_group resumed>)   = ?
[pid   368] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   366] +++ exited with 0 +++
[pid   365] <... exit_group resumed>)   = ?
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   298] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   298] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   296] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   298] <... openat resumed>)       = 3
[pid   296] <... openat resumed>)       = 3
[pid   298] newfstatat(3, "",  <unfinished ...>
[pid   296] newfstatat(3, "",  <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] getdents64(3,  <unfinished ...>
[pid   296] getdents64(3,  <unfinished ...>
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] newfstatat(AT_FDCWD, "./12/binderfs",  <unfinished ...>
[pid   296] newfstatat(AT_FDCWD, "./11/binderfs",  <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] unlink("./12/binderfs" <unfinished ...>
[pid   296] unlink("./11/binderfs" <unfinished ...>
[pid   298] <... unlink resumed>)       = 0
[pid   296] <... unlink resumed>)       = 0
[pid   298] getdents64(3,  <unfinished ...>
[pid   296] getdents64(3,  <unfinished ...>
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] close(3 <unfinished ...>
[pid   296] close(3 <unfinished ...>
[pid   298] <... close resumed>)        = 0
[pid   296] <... close resumed>)        = 0
[pid   298] rmdir("./12" <unfinished ...>
[pid   296] rmdir("./11" <unfinished ...>
[pid   298] <... rmdir resumed>)        = 0
[pid   296] <... rmdir resumed>)        = 0
[pid   298] mkdir("./13", 0777 <unfinished ...>
[pid   296] mkdir("./12", 0777 <unfinished ...>
[pid   298] <... mkdir resumed>)        = 0
[pid   296] <... mkdir resumed>)        = 0
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 370 attached
./strace-static-x86_64: Process 371 attached
 <unfinished ...>
[pid   370] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   371] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   298] <... clone resumed>, child_tidptr=0x555556ccb650) = 371
[pid   296] <... clone resumed>, child_tidptr=0x555556ccb650) = 370
[pid   370] <... set_robust_list resumed>) = 0
[pid   371] <... set_robust_list resumed>) = 0
[pid   370] chdir("./12")               = 0
[pid   371] chdir("./13" <unfinished ...>
[pid   370] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   371] <... chdir resumed>)        = 0
[pid   370] <... prctl resumed>)        = 0
[pid   370] setpgid(0, 0 <unfinished ...>
[pid   371] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   370] <... setpgid resumed>)      = 0
[pid   370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   371] <... prctl resumed>)        = 0
[pid   370] <... openat resumed>)       = 3
[pid   371] setpgid(0, 0 <unfinished ...>
[pid   370] write(3, "1000", 4)         = 4
[pid   371] <... setpgid resumed>)      = 0
[pid   370] close(3)                    = 0
[pid   371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   370] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   370] write(1, "executing program\n", 18 <unfinished ...>
[pid   371] <... openat resumed>)       = 3
[pid   370] <... write resumed>)        = 18
[pid   371] write(3, "1000", 4 <unfinished ...>
[pid   370] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   371] <... write resumed>)        = 4
[pid   370] <... bpf resumed>)          = 3
[pid   371] close(3 <unfinished ...>
[pid   370] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   371] <... close resumed>)        = 0
[pid   370] <... bpf resumed>)          = 0
[pid   371] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   370] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   371] <... symlink resumed>)      = 0
executing program
[pid   371] write(1, "executing program\n", 18 <unfinished ...>
[pid   369] +++ exited with 0 +++
[pid   368] <... bpf resumed>)          = 7
[pid   371] <... write resumed>)        = 18
[pid   368] exit_group(0 <unfinished ...>
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   370] <... bpf resumed>)          = 4
[pid   371] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   368] <... exit_group resumed>)   = ?
[pid   295] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   370] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   371] <... bpf resumed>)          = 3
[pid   371] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   295] <... restart_syscall resumed>) = 0
[pid   371] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   295] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   295] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   371] <... bpf resumed>)          = 4
[pid   295] newfstatat(3, "",  <unfinished ...>
[pid   371] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   295] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   295] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   295] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] unlink("./12/binderfs")     = 0
[pid   295] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] close(3)                    = 0
[pid   295] rmdir("./12")               = 0
[pid   295] mkdir("./13", 0777)         = 0
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 372 attached
, child_tidptr=0x555556ccb650) = 372
[pid   372] set_robust_list(0x555556ccb660, 24) = 0
[pid   372] chdir("./13")               = 0
[pid   372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   372] setpgid(0, 0)               = 0
[pid   372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   372] write(3, "1000", 4)         = 4
[   26.878107][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   26.889527][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   26.895916][  T289] Modules linked in:
[   26.899807][  T289] Preemption disabled at:
[   26.899815][  T289] [<ffffffff81c7d203>] pipe_read+0x5b3/0x1040
[   26.910013][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   26.920390][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   26.930284][  T289] Call Trace:
[   26.933407][  T289]  <TASK>
[   26.936193][  T289]  dump_stack_lvl+0x151/0x1b7
[   26.940698][  T289]  ? pipe_read+0x5b3/0x1040
[   26.945045][  T289]  ? pipe_read+0x5b3/0x1040
[   26.949382][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   26.954677][  T289]  ? pipe_read+0x5b3/0x1040
[   26.959031][  T289]  dump_stack+0x15/0x1b
[   26.963003][  T289]  __schedule_bug+0x195/0x260
[   26.967519][  T289]  ? bpf_bprintf_cleanup+0x4f/0x60
[   26.972469][  T289]  ? bpf_trace_printk+0x1be/0x300
[   26.977331][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   26.982711][  T289]  ? bpf_probe_write_user+0xf0/0xf0
[   26.987735][  T289]  ? bpf_trace_run2+0xe9/0x290
[   26.992341][  T289]  __schedule+0xcf7/0x1550
[   26.996593][  T289]  ? bpf_trace_run2+0x138/0x290
[   27.001281][  T289]  ? __sched_text_start+0x8/0x8
[   27.005968][  T289]  ? bpf_trace_run1+0x240/0x240
[   27.010651][  T289]  ? ksys_read+0x24f/0x2c0
[   27.014905][  T289]  ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[   27.020295][  T289]  schedule+0xc3/0x180
[   27.024190][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   27.029224][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   27.034528][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   27.039900][  T289]  do_syscall_64+0x49/0xb0
[   27.044155][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   27.049916][  T289] RIP: 0033:0x7f73f9afd587
[   27.054134][  T289] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00
[pid   372] close(3executing program
)                    = 0
[pid   372] symlink("/dev/binderfs", "./binderfs") = 0
[pid   372] write(1, "executing program\n", 18) = 18
[pid   372] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   372] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   372] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   372] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   365] +++ exited with 0 +++
[pid   368] +++ exited with 0 +++
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   301] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   301] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   300] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   301] <... openat resumed>)       = 3
[pid   301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   301] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   300] <... restart_syscall resumed>) = 0
[pid   301] unlink("./10/binderfs")     = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   300] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   301] close(3 <unfinished ...>
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   301] <... close resumed>)        = 0
[pid   300] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   301] rmdir("./10" <unfinished ...>
[pid   300] <... openat resumed>)       = 3
[pid   301] <... rmdir resumed>)        = 0
[pid   300] newfstatat(3, "",  <unfinished ...>
[pid   301] mkdir("./11", 0777 <unfinished ...>
[pid   300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] getdents64(3,  <unfinished ...>
[pid   301] <... mkdir resumed>)        = 0
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   300] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 373 attached
) = -1 EINVAL (Invalid argument)
[pid   373] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   301] <... clone resumed>, child_tidptr=0x555556ccb650) = 373
[pid   300] newfstatat(AT_FDCWD, "./11/binderfs",  <unfinished ...>
[pid   373] <... set_robust_list resumed>) = 0
[pid   300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   373] chdir("./11" <unfinished ...>
[pid   300] unlink("./11/binderfs" <unfinished ...>
[pid   373] <... chdir resumed>)        = 0
[pid   300] <... unlink resumed>)       = 0
[pid   373] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   300] getdents64(3,  <unfinished ...>
[pid   373] <... prctl resumed>)        = 0
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   373] setpgid(0, 0 <unfinished ...>
[pid   300] close(3 <unfinished ...>
[pid   373] <... setpgid resumed>)      = 0
[pid   300] <... close resumed>)        = 0
[pid   373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   300] rmdir("./11" <unfinished ...>
[pid   373] <... openat resumed>)       = 3
[pid   300] <... rmdir resumed>)        = 0
[pid   300] mkdir("./12", 0777 <unfinished ...>
[pid   373] write(3, "1000", 4)         = 4
[pid   300] <... mkdir resumed>)        = 0
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   373] close(3)                    = 0
[pid   373] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 374 attached
 <unfinished ...>
[pid   300] <... clone resumed>, child_tidptr=0x555556ccb650) = 374
[pid   373] <... symlink resumed>)      = 0
[pid   374] set_robust_list(0x555556ccb660, 24 <unfinished ...>
executing program
[pid   373] write(1, "executing program\n", 18 <unfinished ...>
[pid   374] <... set_robust_list resumed>) = 0
[pid   373] <... write resumed>)        = 18
[pid   374] chdir("./12" <unfinished ...>
[pid   373] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   374] <... chdir resumed>)        = 0
[pid   373] <... bpf resumed>)          = 3
[pid   374] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   373] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   374] <... prctl resumed>)        = 0
[pid   373] <... bpf resumed>)          = 0
[pid   374] setpgid(0, 0 <unfinished ...>
[pid   373] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   374] <... setpgid resumed>)      = 0
[pid   374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   374] write(3, "1000", 4 <unfinished ...>
[pid   373] <... bpf resumed>)          = 4
[pid   374] <... write resumed>)        = 4
[pid   373] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   374] close(3)                    = 0
[pid   374] symlink("/dev/binderfs", "./binderfs") = 0
[pid   374] write(1, "executing program\n", 18executing program
) = 18
[pid   374] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   374] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   374] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   374] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   370] <... bpf resumed>)          = 5
[pid   371] <... bpf resumed>)          = 5
[pid   372] <... bpf resumed>)          = 5
[pid   374] <... bpf resumed>)          = 5
[pid   373] <... bpf resumed>)          = 5
[   27.073579][  T289] RSP: 002b:00007ffcfb242318 EFLAGS: 00000246 ORIG_RAX: 0000000000000027
[   27.081825][  T289] RAX: 0000000000000121 RBX: 0000000000000000 RCX: 00007f73f9afd587
[   27.089644][  T289] RDX: 000000000000085c RSI: 0000565321978480 RDI: 0000565321975937
[   27.097448][  T289] RBP: 0000565321976856 R08: 0000000000000006 R09: 0000000000000000
[   27.105256][  T289] R10: 0000565321976856 R11: 0000000000000246 R12: 0000565321975937
[   27.113067][  T289] R13: 0000565321978480 R14: 0000565321978480 R15: 00007ffcfb2428a0
[   27.120885][  T289]  </TASK>
[pid   372] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   370] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   371] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   373] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   372] <... bpf resumed>)          = 6
[pid   371] <... bpf resumed>)          = 6
[pid   371] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16) = 7
[pid   372] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   370] <... bpf resumed>)          = 6
[pid   371] exit_group(0 <unfinished ...>
[pid   372] <... bpf resumed>)          = 7
[pid   370] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   371] <... exit_group resumed>)   = ?
[pid   374] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   373] <... bpf resumed>)          = 6
[pid   372] exit_group(0 <unfinished ...>
[pid   370] <... bpf resumed>)          = 7
[pid   371] +++ exited with 0 +++
[pid   372] <... exit_group resumed>)   = ?
[pid   370] exit_group(0 <unfinished ...>
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   298] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   373] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   370] <... exit_group resumed>)   = ?
[pid   298] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   298] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   374] <... bpf resumed>)          = 6
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[   27.165380][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   27.176808][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   27.184384][  T291] Modules linked in:
[   27.188085][  T291] Preemption disabled at:
[   27.188091][  T291] [<ffffffff8147f1fb>] __lock_task_sighand+0x6b/0x100
[   27.198876][  T291] CPU: 0 PID: 291 Comm: strace-static-x Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   27.210232][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   27.220120][  T291] Call Trace:
[   27.223241][  T291]  <TASK>
[   27.226018][  T291]  dump_stack_lvl+0x151/0x1b7
[   27.230529][  T291]  ? __lock_task_sighand+0x6b/0x100
[   27.235563][  T291]  ? __lock_task_sighand+0x6b/0x100
[   27.240598][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   27.245979][  T291]  ? __lock_task_sighand+0x6b/0x100
[   27.251021][  T291]  dump_stack+0x15/0x1b
[   27.255006][  T291]  __schedule_bug+0x195/0x260
[   27.259519][  T291]  ? __ia32_sys_waitid+0xd0/0xd0
[   27.264298][  T291]  ? bpf_trace_printk+0x1be/0x300
[   27.269154][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   27.274446][  T291]  ? kernel_waitid+0x520/0x520
[   27.279048][  T291]  __schedule+0xcf7/0x1550
[   27.283300][  T291]  ? __x64_sys_wait4+0x181/0x1e0
[   27.288074][  T291]  ? bpf_trace_run2+0x138/0x290
[   27.292761][  T291]  ? __sched_text_start+0x8/0x8
[   27.297450][  T291]  schedule+0xc3/0x180
[   27.301362][  T291]  exit_to_user_mode_loop+0x4e/0xa0
[   27.306385][  T291]  exit_to_user_mode_prepare+0x5a/0xa0
[   27.311682][  T291]  syscall_exit_to_user_mode+0x26/0x140
[   27.317073][  T291]  do_syscall_64+0x49/0xb0
[   27.321315][  T291]  ? sysvec_call_function_single+0x52/0xb0
[   27.326957][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   27.332689][  T291] RIP: 0033:0x4d49a6
[   27.336419][  T291] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24
[   27.355868][  T291] RSP: 002b:00007ffc3612a0e8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[pid   298] newfstatat(AT_FDCWD, "./13/binderfs",  <unfinished ...>
[pid   374] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] unlink("./13/binderfs" <unfinished ...>
[pid   372] +++ exited with 0 +++
[pid   298] <... unlink resumed>)       = 0
[pid   298] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] close(3)                    = 0
[   27.364108][  T291] RAX: 0000000000000176 RBX: 00000000012a42f8 RCX: 00000000004d49a6
[   27.371915][  T291] RDX: 0000000040000000 RSI: 00007ffc3612a10c RDI: 00000000ffffffff
[   27.379726][  T291] RBP: 0000000000000000 R08: 0000000000000017 R09: 00000000012acd10
[   27.387538][  T291] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000012ac7f0
[   27.395351][  T291] R13: 0000000000000000 R14: 00007ffc3612a10c R15: 0000000000617180
[   27.403168][  T291]  </TASK>
[   27.407426][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   27.418836][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   27.426300][  T291] Modules linked in:
[   27.430067][  T291] Preemption disabled at:
[   27.430074][  T291] [<ffffffff8147f1fb>] __lock_task_sighand+0x6b/0x100
[   27.440828][  T291] CPU: 0 PID: 291 Comm: strace-static-x Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   27.452132][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   27.462026][  T291] Call Trace:
[   27.465179][  T291]  <TASK>
[   27.467938][  T291]  dump_stack_lvl+0x151/0x1b7
[   27.472442][  T291]  ? __lock_task_sighand+0x6b/0x100
[   27.477475][  T291]  ? __lock_task_sighand+0x6b/0x100
[   27.482512][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   27.487808][  T291]  ? __lock_task_sighand+0x6b/0x100
[   27.492838][  T291]  dump_stack+0x15/0x1b
[   27.496832][  T291]  __schedule_bug+0x195/0x260
[   27.501345][  T291]  ? __ia32_sys_waitid+0xd0/0xd0
[   27.506117][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   27.511412][  T291]  ? kernel_waitid+0x520/0x520
[   27.516012][  T291]  __schedule+0xcf7/0x1550
[   27.520265][  T291]  ? __x64_sys_wait4+0x181/0x1e0
[   27.525039][  T291]  ? __sched_text_start+0x8/0x8
[   27.529727][  T291]  schedule+0xc3/0x180
[   27.533629][  T291]  exit_to_user_mode_loop+0x4e/0xa0
[   27.538665][  T291]  exit_to_user_mode_prepare+0x5a/0xa0
[   27.544069][  T291]  syscall_exit_to_user_mode+0x26/0x140
[   27.549454][  T291]  do_syscall_64+0x49/0xb0
[   27.553702][  T291]  ? sysvec_call_function_single+0x52/0xb0
[   27.559345][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   27.565073][  T291] RIP: 0033:0x4d49a6
[   27.568812][  T291] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24
[   27.588251][  T291] RSP: 002b:00007ffc3612a0e8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[   27.596494][  T291] RAX: 000000000000012d RBX: 00000000012a42f8 RCX: 00000000004d49a6
[   27.604305][  T291] RDX: 0000000040000000 RSI: 00007ffc3612a10c RDI: 00000000ffffffff
[pid   374] <... bpf resumed>)          = 7
[pid   373] <... bpf resumed>)          = 7
[pid   370] +++ exited with 0 +++
[pid   298] rmdir("./13" <unfinished ...>
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   374] exit_group(0 <unfinished ...>
[pid   373] exit_group(0 <unfinished ...>
[pid   298] <... rmdir resumed>)        = 0
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   374] <... exit_group resumed>)   = ?
[pid   373] <... exit_group resumed>)   = ?
[pid   298] mkdir("./14", 0777 <unfinished ...>
[pid   295] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   296] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   295] <... openat resumed>)       = 3
[pid   296] <... openat resumed>)       = 3
[pid   295] newfstatat(3, "",  <unfinished ...>
[pid   296] newfstatat(3, "",  <unfinished ...>
[pid   295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   295] getdents64(3,  <unfinished ...>
[pid   296] getdents64(3,  <unfinished ...>
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   295] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] newfstatat(AT_FDCWD, "./13/binderfs",  <unfinished ...>
[pid   296] newfstatat(AT_FDCWD, "./12/binderfs",  <unfinished ...>
[pid   295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] unlink("./13/binderfs" <unfinished ...>
[pid   296] unlink("./12/binderfs" <unfinished ...>
[pid   295] <... unlink resumed>)       = 0
[pid   296] <... unlink resumed>)       = 0
[pid   295] getdents64(3,  <unfinished ...>
[pid   296] getdents64(3,  <unfinished ...>
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] close(3 <unfinished ...>
[pid   296] close(3 <unfinished ...>
[pid   295] <... close resumed>)        = 0
[pid   296] <... close resumed>)        = 0
[pid   295] rmdir("./13" <unfinished ...>
[pid   296] rmdir("./12" <unfinished ...>
[pid   295] <... rmdir resumed>)        = 0
[pid   296] <... rmdir resumed>)        = 0
[pid   295] mkdir("./14", 0777 <unfinished ...>
[pid   296] mkdir("./13", 0777 <unfinished ...>
[pid   295] <... mkdir resumed>)        = 0
[   27.612115][  T291] RBP: 0000000000000000 R08: 0000000000000017 R09: 0000000000000003
[   27.619927][  T291] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000012ac6d0
[   27.627737][  T291] R13: 0000000000000000 R14: 00007ffc3612a10c R15: 0000000000617180
[   27.635555][  T291]  </TASK>
[   27.642211][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   27.654736][  T298] BUG: scheduling while atomic: syz-executor638/298/0x00000002
[   27.662134][  T298] Modules linked in:
[   27.665831][  T298] Preemption disabled at:
[   27.665837][  T298] [<ffffffff814981ae>] ptrace_stop+0x57e/0x930
[   27.676098][  T298] CPU: 0 PID: 298 Comm: syz-executor638 Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   27.687487][  T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   27.697364][  T298] Call Trace:
[   27.700483][  T298]  <TASK>
[   27.703262][  T298]  dump_stack_lvl+0x151/0x1b7
[   27.707778][  T298]  ? ptrace_stop+0x57e/0x930
[   27.712194][  T298]  ? ptrace_stop+0x57e/0x930
[   27.716683][  T298]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   27.721922][  T298]  ? ptrace_stop+0x57e/0x930
[   27.726344][  T298]  dump_stack+0x15/0x1b
[   27.730338][  T298]  __schedule_bug+0x195/0x260
[   27.734847][  T298]  ? irqentry_exit+0x30/0x40
[   27.739277][  T298]  ? sysvec_irq_work+0x52/0xb0
[   27.743877][  T298]  ? cpu_util_update_eff+0x10e0/0x10e0
[   27.749173][  T298]  __schedule+0xcf7/0x1550
[   27.753424][  T298]  ? __kasan_check_write+0x14/0x20
[   27.758369][  T298]  ? _raw_spin_lock_irq+0xa5/0x1b0
[   27.763320][  T298]  ? __sched_text_start+0x8/0x8
[   27.768004][  T298]  ? __kasan_check_read+0x11/0x20
[   27.772862][  T298]  ? cgroup_update_frozen+0x15f/0x980
[   27.778086][  T298]  ? ptrace_stop+0x367/0x930
[   27.782509][  T298]  schedule+0xc3/0x180
[   27.786665][  T298]  ptrace_stop+0x54f/0x930
[   27.791072][  T298]  ptrace_notify+0x225/0x350
[   27.795486][  T298]  ? do_notify_parent+0xa20/0xa20
[   27.800353][  T298]  ? vfs_mkdir+0x570/0x570
[   27.804605][  T298]  ? getname_flags+0x1fd/0x520
[   27.809200][  T298]  syscall_exit_to_user_mode+0xa2/0x140
[   27.814582][  T298]  do_syscall_64+0x49/0xb0
[   27.818833][  T298]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   27.824563][  T298] RIP: 0033:0x7ff3404f0557
[   27.828815][  T298] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   27.848255][  T298] RSP: 002b:00007ffc96f7dda8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053
[   27.856502][  T298] RAX: 0000000000000000 RBX: 00000000000068dc RCX: 00007ff3404f0557
[pid   298] <... mkdir resumed>)        = 0
[pid   296] <... mkdir resumed>)        = 0
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   374] +++ exited with 0 +++
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   373] +++ exited with 0 +++
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   298] <... clone resumed>, child_tidptr=0x555556ccb650) = 376
./strace-static-x86_64: Process 378 attached
./strace-static-x86_64: Process 377 attached
./strace-static-x86_64: Process 376 attached
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=374, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
[pid   295] <... clone resumed>, child_tidptr=0x555556ccb650) = 377
[pid   301] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   300] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   296] <... clone resumed>, child_tidptr=0x555556ccb650) = 378
[pid   301] <... restart_syscall resumed>) = 0
[pid   300] <... restart_syscall resumed>) = 0
executing program
executing program
executing program
[pid   378] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   377] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   376] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   300] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   300] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   300] unlink("./12/binderfs")     = 0
[pid   300] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   300] close(3)                    = 0
[pid   300] rmdir("./12")               = 0
[pid   300] mkdir("./13", 0777)         = 0
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   377] <... set_robust_list resumed>) = 0
[pid   377] chdir("./14" <unfinished ...>
[pid   378] <... set_robust_list resumed>) = 0
[pid   300] <... clone resumed>, child_tidptr=0x555556ccb650) = 379
[pid   378] chdir("./13")               = 0
[pid   377] <... chdir resumed>)        = 0
[pid   378] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   377] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   378] <... prctl resumed>)        = 0
[pid   377] <... prctl resumed>)        = 0
[pid   378] setpgid(0, 0 <unfinished ...>
[pid   377] setpgid(0, 0 <unfinished ...>
[pid   378] <... setpgid resumed>)      = 0
[pid   377] <... setpgid resumed>)      = 0
[pid   378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   378] <... openat resumed>)       = 3
[pid   377] <... openat resumed>)       = 3
[pid   378] write(3, "1000", 4 <unfinished ...>
[pid   377] write(3, "1000", 4 <unfinished ...>
[pid   378] <... write resumed>)        = 4
[pid   377] <... write resumed>)        = 4
[pid   378] close(3 <unfinished ...>
[pid   377] close(3 <unfinished ...>
[pid   378] <... close resumed>)        = 0
[pid   377] <... close resumed>)        = 0
[pid   378] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   377] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   378] <... symlink resumed>)      = 0
[pid   378] write(1, "executing program\n", 18 <unfinished ...>
[pid   377] <... symlink resumed>)      = 0
[pid   378] <... write resumed>)        = 18
[pid   377] write(1, "executing program\n", 18 <unfinished ...>
[pid   378] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   377] <... write resumed>)        = 18
[pid   378] <... bpf resumed>)          = 3
[pid   377] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   378] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   377] <... bpf resumed>)          = 3
[pid   378] <... bpf resumed>)          = 0
[pid   377] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   378] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   377] <... bpf resumed>)          = 0
[pid   378] <... bpf resumed>)          = 4
[pid   377] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   378] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   377] <... bpf resumed>)          = 4
[pid   377] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   376] <... set_robust_list resumed>) = 0
[pid   376] chdir("./14")               = 0
[pid   376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   376] setpgid(0, 0)               = 0
[pid   376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   376] write(3, "1000", 4)         = 4
[pid   376] close(3)                    = 0
[pid   376] symlink("/dev/binderfs", "./binderfs") = 0
[pid   376] write(1, "executing program\n", 18) = 18
[pid   376] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   376] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   376] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   376] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   301] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   301] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   301] unlink("./11/binderfs")     = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   301] close(3)                    = 0
[pid   301] rmdir("./11")               = 0
[pid   301] mkdir("./12", 0777)         = 0
[   27.864311][  T298] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00007ffc96f7dde0
[   27.872130][  T298] RBP: 0000000000000173 R08: 0000000000000004 R09: 00007ffc96f7db46
[   27.880026][  T298] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffc96f7ddcc
[   27.887919][  T298] R13: 00007ffc96f7de00 R14: 00007ffc96f7dde0 R15: 000000000000000e
[   27.895740][  T298]  </TASK>
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 379 attached
 <unfinished ...>
[pid   378] <... bpf resumed>)          = 5
[pid   377] <... bpf resumed>)          = 5
[pid   376] <... bpf resumed>)          = 5
./strace-static-x86_64: Process 380 attached
[pid   380] set_robust_list(0x555556ccb660, 24) = 0
[pid   380] chdir("./12")               = 0
[pid   380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   380] setpgid(0, 0)               = 0
[pid   380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   380] write(3, "1000", 4)         = 4
[pid   380] close(3)                    = 0
[pid   380] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   379] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   380] <... symlink resumed>)      = 0
[pid   378] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   379] <... set_robust_list resumed>) = 0
executing program
[pid   377] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   376] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   301] <... clone resumed>, child_tidptr=0x555556ccb650) = 380
[pid   379] chdir("./13" <unfinished ...>
[pid   380] write(1, "executing program\n", 18) = 18
[pid   380] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   380] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   380] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   377] <... bpf resumed>)          = 6
[pid   380] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16) = 5
[pid   380] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   376] <... bpf resumed>)          = 6
[pid   380] <... bpf resumed>)          = 6
[pid   380] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   378] <... bpf resumed>)          = 6
[pid   380] <... bpf resumed>)          = 7
[pid   380] exit_group(0 <unfinished ...>
[pid   379] <... chdir resumed>)        = 0
[pid   378] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   377] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   376] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   380] <... exit_group resumed>)   = ?
[pid   379] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   376] <... bpf resumed>)          = 7
[pid   379] <... prctl resumed>)        = 0
[pid   378] <... bpf resumed>)          = 7
[pid   376] exit_group(0 <unfinished ...>
[pid   379] setpgid(0, 0 <unfinished ...>
[pid   378] exit_group(0 <unfinished ...>
[pid   376] <... exit_group resumed>)   = ?
[pid   377] <... bpf resumed>)          = 7
[pid   380] +++ exited with 0 +++
[pid   379] <... setpgid resumed>)      = 0
[pid   378] <... exit_group resumed>)   = ?
[pid   377] exit_group(0 <unfinished ...>
[pid   376] +++ exited with 0 +++
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=380, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   377] <... exit_group resumed>)   = ?
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   379] <... openat resumed>)       = 3
[pid   379] write(3, "1000", 4 <unfinished ...>
[pid   301] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   379] <... write resumed>)        = 4
[pid   301] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[   27.901313][   T28] audit: type=1400 audit(1716247025.677:73): avc:  denied  { remove_name } for  pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   27.923863][   T28] audit: type=1400 audit(1716247025.677:74): avc:  denied  { rename } for  pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   27.934704][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   27.964117][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   27.971591][  T291] Modules linked in:
[   27.975292][  T291] Preemption disabled at:
[   27.975297][  T291] [<ffffffff8147f1fb>] __lock_task_sighand+0x6b/0x100
[   27.986060][  T291] CPU: 0 PID: 291 Comm: strace-static-x Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   27.997423][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   28.007321][  T291] Call Trace:
[   28.010440][  T291]  <TASK>
[   28.013342][  T291]  dump_stack_lvl+0x151/0x1b7
[   28.017850][  T291]  ? __lock_task_sighand+0x6b/0x100
[   28.022980][  T291]  ? __lock_task_sighand+0x6b/0x100
[   28.027999][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   28.033300][  T291]  ? __lock_task_sighand+0x6b/0x100
[   28.038328][  T291]  dump_stack+0x15/0x1b
[   28.042320][  T291]  __schedule_bug+0x195/0x260
[   28.046835][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   28.052124][  T291]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   28.057418][  T291]  ? _raw_spin_lock+0x1b0/0x1b0
[   28.062106][  T291]  __schedule+0xcf7/0x1550
[   28.066360][  T291]  ? __lock_task_sighand+0xde/0x100
[   28.071392][  T291]  ? __sched_text_start+0x8/0x8
[   28.076078][  T291]  ? __kasan_check_write+0x14/0x20
[   28.081025][  T291]  ? __se_sys_ptrace+0x3b2/0x410
[   28.085801][  T291]  schedule+0xc3/0x180
[   28.089707][  T291]  exit_to_user_mode_loop+0x4e/0xa0
[   28.094740][  T291]  exit_to_user_mode_prepare+0x5a/0xa0
[   28.100042][  T291]  syscall_exit_to_user_mode+0x26/0x140
[   28.105416][  T291]  do_syscall_64+0x49/0xb0
[   28.109666][  T291]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[   28.115309][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   28.121039][  T291] RIP: 0033:0x4e6c1a
[   28.124768][  T291] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c
[   28.144224][  T291] RSP: 002b:00007ffc36129f50 EFLAGS: 00000206 ORIG_RAX: 0000000000000065
[   28.152463][  T291] RAX: 0000000000000050 RBX: 00000000012a6230 RCX: 00000000004e6c1a
[   28.160273][  T291] RDX: 0000000000000058 RSI: 000000000000012d RDI: 000000000000420e
[pid   379] close(3executing program
 <unfinished ...>
[pid   301] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   379] <... close resumed>)        = 0
[pid   301] <... openat resumed>)       = 3
[pid   298] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   379] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   301] newfstatat(3, "",  <unfinished ...>
[pid   298] <... openat resumed>)       = 3
[pid   379] <... symlink resumed>)      = 0
[pid   301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] newfstatat(3, "",  <unfinished ...>
[pid   379] write(1, "executing program\n", 18 <unfinished ...>
[pid   301] getdents64(3,  <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   379] <... write resumed>)        = 18
[pid   301] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] getdents64(3,  <unfinished ...>
[pid   379] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   301] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   379] <... bpf resumed>)          = 3
[pid   301] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[   28.168079][  T291] RBP: 00007ffc3612a050 R08: 000000000000420d R09: 0000000000000001
[   28.175890][  T291] R10: 000000000063c820 R11: 0000000000000206 R12: 00000000012a6230
[   28.183702][  T291] R13: 00007ffc3612a0ac R14: 000000000000857f R15: 0000000000617180
[   28.191517][  T291]  </TASK>
[   28.198182][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   28.198562][    C1] softirq: huh, entered softirq 9 RCU ffffffff8160d2f0 with preempt_count 00000103, exited with 00000102?
[   28.210186][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   28.221323][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   28.221340][  T291] Modules linked in:
[   28.221349][  T291] Preemption disabled at:
[   28.221353][  T291] [<ffffffff81566406>] remove_wait_queue+0x26/0x140
[   28.221381][  T291] CPU: 1 PID: 291 Comm: strace-static-x Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   28.221397][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   28.221405][  T291] Call Trace:
[   28.221410][  T291]  <TASK>
[   28.221415][  T291]  dump_stack_lvl+0x151/0x1b7
[   28.221432][  T291]  ? remove_wait_queue+0x26/0x140
[   28.227812][  T289] Modules linked in:
[   28.235190][  T291]  ? remove_wait_queue+0x26/0x140
[   28.235213][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   28.238932][  T289] Preemption disabled at:
[   28.243089][  T291]  ? remove_wait_queue+0x26/0x140
[   28.249525][  T289] [<ffffffff840015c0>] release_sock+0x30/0x1b0
[   28.260882][  T291]  dump_stack+0x15/0x1b
[   28.260901][  T291]  __schedule_bug+0x195/0x260
[   28.323463][  T291]  ? __ia32_sys_waitid+0xd0/0xd0
[   28.328235][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   28.333528][  T291]  ? kernel_waitid+0x520/0x520
[   28.338130][  T291]  __schedule+0xcf7/0x1550
[   28.342384][  T291]  ? __x64_sys_wait4+0x181/0x1e0
[   28.347156][  T291]  ? __sched_text_start+0x8/0x8
[   28.351844][  T291]  schedule+0xc3/0x180
[   28.355751][  T291]  exit_to_user_mode_loop+0x4e/0xa0
[   28.360784][  T291]  exit_to_user_mode_prepare+0x5a/0xa0
[   28.366077][  T291]  syscall_exit_to_user_mode+0x26/0x140
[   28.371459][  T291]  do_syscall_64+0x49/0xb0
[   28.375711][  T291]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[   28.381352][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   28.387083][  T291] RIP: 0033:0x4d49a6
[   28.390813][  T291] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24
[   28.410256][  T291] RSP: 002b:00007ffc3612a0e8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[   28.418501][  T291] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00000000004d49a6
[   28.426309][  T291] RDX: 0000000040000001 RSI: 00007ffc3612a10c RDI: 00000000ffffffff
[   28.434122][  T291] RBP: 00000000012a5f90 R08: 0000000000000000 R09: 0000000000000000
[   28.441936][  T291] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000012ac6d0
[   28.449744][  T291] R13: 000000000000012c R14: 00007ffc3612a10c R15: 0000000000617180
[   28.457561][  T291]  </TASK>
[   28.460425][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   28.470839][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   28.480733][  T289] Call Trace:
[   28.483854][  T289]  <TASK>
[   28.486633][  T289]  dump_stack_lvl+0x151/0x1b7
[   28.491147][  T289]  ? release_sock+0x30/0x1b0
[   28.495571][  T289]  ? release_sock+0x30/0x1b0
[   28.500000][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   28.505294][  T289]  ? release_sock+0x30/0x1b0
[   28.509722][  T289]  dump_stack+0x15/0x1b
[   28.513713][  T289]  __schedule_bug+0x195/0x260
[   28.518224][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   28.523518][  T289]  ? bpf_trace_printk+0x1be/0x300
[   28.528378][  T289]  ? bpf_trace_run2+0xe9/0x290
[   28.532979][  T289]  ? bpf_probe_write_user+0xf0/0xf0
[   28.538013][  T289]  __schedule+0xcf7/0x1550
[   28.542278][  T289]  ? __sched_text_start+0x8/0x8
[   28.546955][  T289]  ? bpf_trace_run2+0x138/0x290
[   28.551641][  T289]  ? bpf_trace_run1+0x240/0x240
[   28.556329][  T289]  schedule+0xc3/0x180
[   28.560236][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   28.565268][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   28.570567][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   28.575943][  T289]  do_syscall_64+0x49/0xb0
[   28.580197][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   28.585925][  T289] RIP: 0033:0x7f73f9afd587
[   28.590177][  T289] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00
[   28.609618][  T289] RSP: 002b:00007ffcfb246408 EFLAGS: 00000246 ORIG_RAX: 0000000000000027
[pid   379] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   301] newfstatat(AT_FDCWD, "./12/binderfs",  <unfinished ...>
[pid   379] <... bpf resumed>)          = 0
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   379] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[   28.617870][  T289] RAX: 0000000000000121 RBX: 0000000000000000 RCX: 00007f73f9afd587
[   28.625774][  T289] RDX: 0000000000000b29 RSI: 0000565321977fe0 RDI: 0000565321975937
[   28.633582][  T289] RBP: 0000565321976e06 R08: 0000000000000006 R09: 0000000000000000
[   28.641394][  T289] R10: 0000565321976e06 R11: 0000000000000246 R12: 0000565321975937
[   28.649207][  T289] R13: 0000565321977fe0 R14: 0000565323260390 R15: 00007ffcfb246990
[   28.657197][  T289]  </TASK>
[   28.661203][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   28.672603][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   28.680023][  T291] Modules linked in:
[   28.683675][  T291] Preemption disabled at:
[   28.683684][  T291] [<ffffffff81566406>] remove_wait_queue+0x26/0x140
[   28.694294][  T291] CPU: 0 PID: 291 Comm: strace-static-x Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   28.705628][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   28.715526][  T291] Call Trace:
[   28.718648][  T291]  <TASK>
[   28.721424][  T291]  dump_stack_lvl+0x151/0x1b7
[   28.725945][  T291]  ? remove_wait_queue+0x26/0x140
[   28.730797][  T291]  ? remove_wait_queue+0x26/0x140
[   28.735659][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   28.740955][  T291]  ? remove_wait_queue+0x26/0x140
[   28.745813][  T291]  dump_stack+0x15/0x1b
[   28.749808][  T291]  __schedule_bug+0x195/0x260
[   28.754321][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   28.759617][  T291]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   28.764913][  T291]  ? _raw_spin_lock+0x1b0/0x1b0
[   28.769594][  T291]  __schedule+0xcf7/0x1550
[   28.773847][  T291]  ? __lock_task_sighand+0xde/0x100
[   28.778883][  T291]  ? __sched_text_start+0x8/0x8
[   28.783569][  T291]  ? __kasan_check_write+0x14/0x20
[   28.788515][  T291]  ? __se_sys_ptrace+0x3b2/0x410
[   28.793291][  T291]  ? bpf_trace_run1+0x240/0x240
[   28.797977][  T291]  schedule+0xc3/0x180
[   28.801882][  T291]  exit_to_user_mode_loop+0x4e/0xa0
[   28.806926][  T291]  exit_to_user_mode_prepare+0x5a/0xa0
[   28.812211][  T291]  syscall_exit_to_user_mode+0x26/0x140
[   28.817590][  T291]  do_syscall_64+0x49/0xb0
[   28.821853][  T291]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[   28.827486][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   28.833221][  T291] RIP: 0033:0x4e6c1a
[   28.836957][  T291] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c
[   28.856390][  T291] RSP: 002b:00007ffc36129f50 EFLAGS: 00000206 ORIG_RAX: 0000000000000065
[   28.864633][  T291] RAX: 0000000000000050 RBX: 00000000012a5f90 RCX: 00000000004e6c1a
[pid   298] newfstatat(AT_FDCWD, "./14/binderfs",  <unfinished ...>
[pid   379] <... bpf resumed>)          = 4
[pid   301] unlink("./12/binderfs" <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   379] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   301] <... unlink resumed>)       = 0
[pid   298] unlink("./14/binderfs" <unfinished ...>
[pid   379] <... bpf resumed>)          = 5
[pid   378] +++ exited with 0 +++
[pid   301] getdents64(3,  <unfinished ...>
[pid   379] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   301] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] <... unlink resumed>)       = 0
[pid   301] close(3 <unfinished ...>
[pid   298] getdents64(3,  <unfinished ...>
[pid   379] <... bpf resumed>)          = 6
[pid   301] <... close resumed>)        = 0
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid   379] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   301] rmdir("./12" <unfinished ...>
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   296] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   296] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] unlink("./13/binderfs" <unfinished ...>
[pid   301] <... rmdir resumed>)        = 0
[pid   298] close(3 <unfinished ...>
[pid   296] <... unlink resumed>)       = 0
[pid   296] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   301] mkdir("./13", 0777 <unfinished ...>
[pid   298] <... close resumed>)        = 0
[pid   296] close(3)                    = 0
[pid   296] rmdir("./13" <unfinished ...>
[pid   298] rmdir("./14" <unfinished ...>
[pid   296] <... rmdir resumed>)        = 0
[pid   296] mkdir("./14", 0777 <unfinished ...>
[pid   301] <... mkdir resumed>)        = 0
[pid   298] <... rmdir resumed>)        = 0
[pid   296] <... mkdir resumed>)        = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   298] mkdir("./15", 0777./strace-static-x86_64: Process 382 attached
 <unfinished ...>
[pid   382] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   296] <... clone resumed>, child_tidptr=0x555556ccb650) = 382
./strace-static-x86_64: Process 383 attached
[pid   382] <... set_robust_list resumed>) = 0
[pid   301] <... clone resumed>, child_tidptr=0x555556ccb650) = 383
[pid   298] <... mkdir resumed>)        = 0
[pid   383] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   383] <... set_robust_list resumed>) = 0
[pid   382] chdir("./14")               = 0
[pid   382] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   383] chdir("./13" <unfinished ...>
[pid   298] <... clone resumed>, child_tidptr=0x555556ccb650) = 384
./strace-static-x86_64: Process 384 attached
[pid   383] <... chdir resumed>)        = 0
[pid   383] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   382] <... prctl resumed>)        = 0
[pid   384] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   383] <... prctl resumed>)        = 0
[pid   384] <... set_robust_list resumed>) = 0
[pid   382] setpgid(0, 0 <unfinished ...>
[pid   383] setpgid(0, 0)               = 0
[pid   383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   382] <... setpgid resumed>)      = 0
[pid   384] chdir("./15" <unfinished ...>
[pid   383] <... openat resumed>)       = 3
[pid   383] write(3, "1000", 4)         = 4
[pid   383] close(3)                    = 0
[pid   383] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   384] <... chdir resumed>)        = 0
[pid   382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   383] <... symlink resumed>)      = 0
executing program
[pid   383] write(1, "executing program\n", 18) = 18
[pid   383] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   384] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   383] <... bpf resumed>)          = 3
[pid   382] <... openat resumed>)       = 3
[pid   384] <... prctl resumed>)        = 0
[pid   383] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   382] write(3, "1000", 4 <unfinished ...>
[pid   383] <... bpf resumed>)          = 0
[pid   383] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   384] setpgid(0, 0 <unfinished ...>
[pid   382] <... write resumed>)        = 4
[pid   384] <... setpgid resumed>)      = 0
[pid   382] close(3 <unfinished ...>
[pid   384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   382] <... close resumed>)        = 0
[pid   383] <... bpf resumed>)          = 4
[pid   382] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   384] <... openat resumed>)       = 3
[pid   383] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   384] write(3, "1000", 4 <unfinished ...>
[pid   382] <... symlink resumed>)      = 0
[pid   384] <... write resumed>)        = 4
[pid   384] close(3)                    = 0
[pid   384] symlink("/dev/binderfs", "./binderfs"executing program
 <unfinished ...>
[pid   382] write(1, "executing program\n", 18) = 18
[pid   384] <... symlink resumed>)      = 0
[pid   384] write(1, "executing program\n", 18 <unfinished ...>
executing program
[pid   382] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   384] <... write resumed>)        = 18
[pid   382] <... bpf resumed>)          = 3
[pid   382] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   384] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   382] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   384] <... bpf resumed>)          = 3
[pid   384] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   382] <... bpf resumed>)          = 4
[pid   382] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   384] <... bpf resumed>)          = 0
[pid   384] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   384] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   377] +++ exited with 0 +++
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=377, si_uid=0, si_status=0, si_utime=0, si_stime=21} ---
[pid   379] <... bpf resumed>)          = 7
[pid   384] <... bpf resumed>)          = 5
[pid   383] <... bpf resumed>)          = 5
[pid   382] <... bpf resumed>)          = 5
[pid   379] exit_group(0 <unfinished ...>
[pid   295] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[   28.872444][  T291] RDX: 0000000000000058 RSI: 000000000000012c RDI: 000000000000420e
[   28.880255][  T291] RBP: 00007ffc3612a050 R08: 000000000000420d R09: 0000000000000000
[   28.888153][  T291] R10: 000000000063c820 R11: 0000000000000206 R12: 00000000012a5f90
[   28.895966][  T291] R13: 00007ffc3612a0ac R14: 000000000000857f R15: 0000000000617180
[   28.903790][  T291]  </TASK>
[   28.929833][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   28.941256][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   28.947775][  T289] Modules linked in:
[   28.951499][  T289] Preemption disabled at:
[   28.951507][  T289] [<ffffffff81489ceb>] __set_current_blocked+0x11b/0x2f0
[   28.962578][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   28.972920][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   28.982814][  T289] Call Trace:
[   28.985938][  T289]  <TASK>
[   28.988716][  T289]  dump_stack_lvl+0x151/0x1b7
[   28.993227][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   28.998520][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   29.003816][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   29.009111][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   29.014404][  T289]  dump_stack+0x15/0x1b
[   29.018397][  T289]  __schedule_bug+0x195/0x260
[   29.022909][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   29.028205][  T289]  __schedule+0xcf7/0x1550
[   29.032457][  T289]  ? __kasan_check_read+0x11/0x20
[   29.037318][  T289]  ? _copy_to_user+0x74/0x90
[   29.041744][  T289]  ? __sched_text_start+0x8/0x8
[   29.046431][  T289]  ? __se_sys_rt_sigprocmask+0x311/0x380
[   29.051898][  T289]  ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[   29.057282][  T289]  schedule+0xc3/0x180
[   29.061185][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   29.066224][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   29.071515][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   29.076895][  T289]  do_syscall_64+0x49/0xb0
[   29.081147][  T289]  ? sysvec_call_function_single+0x52/0xb0
[   29.086790][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   29.092517][  T289] RIP: 0033:0x7f73f9ac2773
[   29.096773][  T289] Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41
[   29.116214][  T289] RSP: 002b:00007ffcfb246ae0 EFLAGS: 00000246 ORIG_RAX: 000000000000000e
[pid   384] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   383] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   382] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   379] <... exit_group resumed>)   = ?
[pid   384] <... bpf resumed>)          = 6
[pid   382] <... bpf resumed>)          = 6
[pid   295] <... restart_syscall resumed>) = 0
[pid   384] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   382] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   295] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   295] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   295] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   295] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   295] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] unlink("./14/binderfs")     = 0
[pid   295] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] close(3 <unfinished ...>
[pid   383] <... bpf resumed>)          = 6
[pid   295] <... close resumed>)        = 0
[pid   383] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   295] rmdir("./14")               = 0
[pid   295] mkdir("./15", 0777)         = 0
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 385 attached
, child_tidptr=0x555556ccb650) = 385
[pid   385] set_robust_list(0x555556ccb660, 24) = 0
[pid   385] chdir("./15")               = 0
[pid   385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   385] setpgid(0, 0)               = 0
[pid   385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   385] write(3, "1000", 4)         = 4
[pid   385] close(3)                    = 0
[pid   385] symlink("/dev/binderfs", "./binderfs") = 0
[pid   385] write(1, "executing program\n", 18executing program
) = 18
[pid   385] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   385] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   385] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[   29.124459][  T289] RAX: 0000000000000000 RBX: 0000000000060000 RCX: 00007f73f9ac2773
[   29.132269][  T289] RDX: 00007ffcfb246bc8 RSI: 00007ffcfb246b48 RDI: 0000000000000001
[   29.140169][  T289] RBP: 00005653232585e0 R08: 0000000000000001 R09: 0000000000000000
[   29.147979][  T289] R10: 0000000000000008 R11: 0000000000000246 R12: 000056532196caa4
[   29.155791][  T289] R13: 000000000000001c R14: 000056532196d3e8 R15: 00007ffcfb246b48
[   29.163607][  T289]  </TASK>
[pid   385] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   382] <... bpf resumed>)          = 7
[pid   384] <... bpf resumed>)          = 7
[pid   383] <... bpf resumed>)          = 7
[pid   379] +++ exited with 0 +++
[pid   384] exit_group(0 <unfinished ...>
[pid   383] exit_group(0 <unfinished ...>
[pid   382] exit_group(0 <unfinished ...>
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=379, si_uid=0, si_status=0, si_utime=0, si_stime=22} ---
[pid   384] <... exit_group resumed>)   = ?
[pid   383] <... exit_group resumed>)   = ?
[pid   382] <... exit_group resumed>)   = ?
[pid   300] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[   29.192962][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   29.204357][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   29.211806][  T291] Modules linked in:
[   29.215423][  T291] Preemption disabled at:
[   29.215428][  T291] [<ffffffff8147f1fb>] __lock_task_sighand+0x6b/0x100
[   29.226199][  T291] CPU: 0 PID: 291 Comm: strace-static-x Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   29.237563][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   29.247455][  T291] Call Trace:
[   29.250574][  T291]  <TASK>
[   29.253351][  T291]  dump_stack_lvl+0x151/0x1b7
[   29.257864][  T291]  ? __lock_task_sighand+0x6b/0x100
[   29.262902][  T291]  ? __lock_task_sighand+0x6b/0x100
[   29.267934][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   29.273229][  T291]  ? task_rq_lock+0xd2/0x2b0
[   29.277652][  T291]  ? __lock_task_sighand+0x6b/0x100
[   29.282685][  T291]  dump_stack+0x15/0x1b
[   29.286686][  T291]  __schedule_bug+0x195/0x260
[   29.291193][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   29.296485][  T291]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   29.301780][  T291]  ? _raw_spin_lock+0x1b0/0x1b0
[   29.306469][  T291]  __schedule+0xcf7/0x1550
[   29.310722][  T291]  ? __lock_task_sighand+0xde/0x100
[   29.315767][  T291]  ? __sched_text_start+0x8/0x8
[   29.320443][  T291]  ? __kasan_check_write+0x14/0x20
[   29.325394][  T291]  ? __se_sys_ptrace+0x3b2/0x410
[   29.330163][  T291]  schedule+0xc3/0x180
[   29.334069][  T291]  exit_to_user_mode_loop+0x4e/0xa0
[   29.339104][  T291]  exit_to_user_mode_prepare+0x5a/0xa0
[   29.344400][  T291]  syscall_exit_to_user_mode+0x26/0x140
[   29.349779][  T291]  do_syscall_64+0x49/0xb0
[   29.354034][  T291]  ? sysvec_call_function_single+0x52/0xb0
[   29.359672][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   29.365401][  T291] RIP: 0033:0x4e6c1a
[   29.369136][  T291] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c
[pid   300] getdents64(3,  <unfinished ...>
[pid   385] <... bpf resumed>)          = 5
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   385] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   384] +++ exited with 0 +++
[pid   300] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   385] <... bpf resumed>)          = 6
[pid   382] +++ exited with 0 +++
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   385] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   300] newfstatat(AT_FDCWD, "./13/binderfs",  <unfinished ...>
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=384, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   300] unlink("./13/binderfs" <unfinished ...>
[pid   298] <... restart_syscall resumed>) = 0
[pid   296] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   300] <... unlink resumed>)       = 0
[pid   300] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] <... restart_syscall resumed>) = 0
[pid   300] close(3 <unfinished ...>
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] <... close resumed>)        = 0
[pid   298] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   300] rmdir("./13" <unfinished ...>
[pid   298] <... openat resumed>)       = 3
[pid   296] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] newfstatat(3, "",  <unfinished ...>
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   298] getdents64(3,  <unfinished ...>
[pid   296] <... openat resumed>)       = 3
[pid   300] <... rmdir resumed>)        = 0
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] newfstatat(3, "",  <unfinished ...>
[pid   300] mkdir("./14", 0777 <unfinished ...>
[pid   298] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   296] getdents64(3,  <unfinished ...>
[pid   298] newfstatat(AT_FDCWD, "./15/binderfs",  <unfinished ...>
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   300] <... mkdir resumed>)        = 0
[pid   298] unlink("./15/binderfs" <unfinished ...>
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   298] <... unlink resumed>)       = 0
[pid   296] newfstatat(AT_FDCWD, "./14/binderfs",  <unfinished ...>
[pid   298] getdents64(3,  <unfinished ...>
[pid   296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] unlink("./14/binderfs" <unfinished ...>
[pid   300] <... clone resumed>, child_tidptr=0x555556ccb650) = 386
[pid   298] close(3 <unfinished ...>
[pid   296] <... unlink resumed>)       = 0
[pid   298] <... close resumed>)        = 0
[pid   296] getdents64(3,  <unfinished ...>
[pid   298] rmdir("./15" <unfinished ...>
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
./strace-static-x86_64: Process 386 attached
[pid   386] set_robust_list(0x555556ccb660, 24) = 0
[pid   298] <... rmdir resumed>)        = 0
[pid   296] close(3 <unfinished ...>
[pid   298] mkdir("./16", 0777 <unfinished ...>
[pid   296] <... close resumed>)        = 0
[pid   386] chdir("./14")               = 0
[pid   386] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   298] <... mkdir resumed>)        = 0
[pid   296] rmdir("./14" <unfinished ...>
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   386] <... prctl resumed>)        = 0
[pid   386] setpgid(0, 0)               = 0
[pid   296] <... rmdir resumed>)        = 0
[pid   386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   296] mkdir("./15", 0777 <unfinished ...>
[pid   298] <... clone resumed>, child_tidptr=0x555556ccb650) = 387
[pid   386] write(3, "1000", 4)         = 4
[pid   386] close(3)                    = 0
[pid   386] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   296] <... mkdir resumed>)        = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   386] <... symlink resumed>)      = 0
[pid   386] write(1, "executing program\n", 18executing program
 <unfinished ...>
[pid   296] <... clone resumed>, child_tidptr=0x555556ccb650) = 388
[pid   386] <... write resumed>)        = 18
[pid   386] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72./strace-static-x86_64: Process 388 attached
./strace-static-x86_64: Process 387 attached
) = 3
[pid   386] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   388] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   387] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   388] <... set_robust_list resumed>) = 0
[pid   387] <... set_robust_list resumed>) = 0
[pid   386] <... bpf resumed>)          = 0
[pid   387] chdir("./16" <unfinished ...>
[pid   386] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   388] chdir("./15" <unfinished ...>
[pid   387] <... chdir resumed>)        = 0
[pid   388] <... chdir resumed>)        = 0
[pid   388] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   387] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   388] <... prctl resumed>)        = 0
[pid   387] <... prctl resumed>)        = 0
[pid   388] setpgid(0, 0 <unfinished ...>
[pid   386] <... bpf resumed>)          = 4
[pid   388] <... setpgid resumed>)      = 0
[pid   387] setpgid(0, 0 <unfinished ...>
[pid   386] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   387] <... setpgid resumed>)      = 0
[pid   387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   387] <... openat resumed>)       = 3
[pid   387] write(3, "1000", 4 <unfinished ...>
[pid   388] <... openat resumed>)       = 3
[pid   387] <... write resumed>)        = 4
[pid   387] close(3)                    = 0
[pid   387] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   388] write(3, "1000", 4 <unfinished ...>
[pid   387] <... symlink resumed>)      = 0
[pid   388] <... write resumed>)        = 4
[pid   388] close(3)                    = 0
[pid   388] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   388] write(1, "executing program\n", 18) = 18
executing program
[pid   387] write(1, "executing program\n", 18 <unfinished ...>
[pid   388] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   387] <... write resumed>)        = 18
[pid   387] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   388] <... bpf resumed>)          = 3
[pid   387] <... bpf resumed>)          = 3
[pid   388] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   387] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   388] <... bpf resumed>)          = 0
[pid   387] <... bpf resumed>)          = 0
[pid   387] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   388] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   387] <... bpf resumed>)          = 4
[pid   387] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   388] <... bpf resumed>)          = 4
[pid   388] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   383] +++ exited with 0 +++
[pid   387] <... bpf resumed>)          = 5
[pid   386] <... bpf resumed>)          = 5
[pid   385] <... bpf resumed>)          = 7
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=383, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   388] <... bpf resumed>)          = 5
[pid   387] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[   29.388575][  T291] RSP: 002b:00007ffc36129fd0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065
[   29.396820][  T291] RAX: 0000000000000000 RBX: 00000000012a42f8 RCX: 00000000004e6c1a
[   29.404630][  T291] RDX: 0000000000000000 RSI: 0000000000000128 RDI: 0000000000000018
[   29.412442][  T291] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000001
[   29.420254][  T291] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000012a5cf0
[   29.428073][  T291] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180
[   29.435968][  T291]  </TASK>
[   29.460209][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   29.471623][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   29.478033][  T289] Modules linked in:
[   29.481824][  T289] Preemption disabled at:
[   29.481832][  T289] [<ffffffff81c7d203>] pipe_read+0x5b3/0x1040
[   29.491835][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   29.502224][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   29.512122][  T289] Call Trace:
[   29.515246][  T289]  <TASK>
[   29.518033][  T289]  dump_stack_lvl+0x151/0x1b7
[   29.522566][  T289]  ? pipe_read+0x5b3/0x1040
[   29.526870][  T289]  ? pipe_read+0x5b3/0x1040
[   29.531211][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   29.536505][  T289]  ? pipe_read+0x5b3/0x1040
[   29.540844][  T289]  dump_stack+0x15/0x1b
[   29.544925][  T289]  __schedule_bug+0x195/0x260
[   29.549439][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   29.554730][  T289]  ? bpf_trace_printk+0x1be/0x300
[   29.559594][  T289]  ? bpf_trace_run2+0xe9/0x290
[   29.564192][  T289]  ? bpf_probe_write_user+0xf0/0xf0
[   29.569226][  T289]  __schedule+0xcf7/0x1550
[   29.573480][  T289]  ? __sched_text_start+0x8/0x8
[   29.578167][  T289]  ? bpf_trace_run2+0x138/0x290
[   29.582857][  T289]  ? bpf_trace_run1+0x240/0x240
[   29.587549][  T289]  schedule+0xc3/0x180
[   29.591451][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   29.596485][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   29.601875][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   29.607249][  T289]  do_syscall_64+0x49/0xb0
[   29.611497][  T289]  ? sysvec_call_function_single+0x52/0xb0
[   29.617138][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   29.622870][  T289] RIP: 0033:0x7f73f9afd587
[   29.627124][  T289] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00
[   29.646648][  T289] RSP: 002b:00007ffcfb246408 EFLAGS: 00000246 ORIG_RAX: 0000000000000027
[pid   386] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   385] exit_group(0 <unfinished ...>
[pid   301] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   388] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   387] <... bpf resumed>)          = 6
[pid   386] <... bpf resumed>)          = 6
[pid   385] <... exit_group resumed>)   = ?
[pid   301] <... restart_syscall resumed>) = 0
[pid   387] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   386] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   301] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   301] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   301] unlink("./13/binderfs")     = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   301] close(3)                    = 0
[pid   301] rmdir("./13")               = 0
[pid   301] mkdir("./14", 0777)         = 0
[pid   301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 389
./strace-static-x86_64: Process 389 attached
[pid   389] set_robust_list(0x555556ccb660, 24) = 0
[pid   389] chdir("./14")               = 0
[pid   389] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   388] <... bpf resumed>)          = 6
[pid   389] <... prctl resumed>)        = 0
[pid   389] setpgid(0, 0 <unfinished ...>
[pid   388] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   389] <... setpgid resumed>)      = 0
[pid   389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   386] <... bpf resumed>)          = 7
[pid   389] write(3, "1000", 4 <unfinished ...>
[pid   388] <... bpf resumed>)          = 7
[pid   387] <... bpf resumed>)          = 7
[pid   386] exit_group(0 <unfinished ...>
[pid   385] +++ exited with 0 +++
[pid   389] <... write resumed>)        = 4
[   29.654892][  T289] RAX: 0000000000000121 RBX: 0000000000000000 RCX: 00007f73f9afd587
[   29.662705][  T289] RDX: 0000000000000b29 RSI: 0000565321977fe0 RDI: 0000565321975937
[   29.670516][  T289] RBP: 0000565321976e06 R08: 0000000000000006 R09: 0000000000000000
[   29.678325][  T289] R10: 0000565321976e06 R11: 0000000000000246 R12: 0000565321975937
[   29.686136][  T289] R13: 0000565321977fe0 R14: 0000565323260390 R15: 00007ffcfb246990
[   29.693954][  T289]  </TASK>
[pid   388] exit_group(0 <unfinished ...>
[pid   387] exit_group(0)               = ?
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   387] +++ exited with 0 +++
[pid   295] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=387, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   295] <... restart_syscall resumed>) = 0
[pid   298] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   295] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   298] <... openat resumed>)       = 3
[pid   295] <... openat resumed>)       = 3
[pid   298] newfstatat(3, "",  <unfinished ...>
[pid   295] newfstatat(3, "",  <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] getdents64(3,  <unfinished ...>
[pid   295] getdents64(3,  <unfinished ...>
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] newfstatat(AT_FDCWD, "./16/binderfs",  <unfinished ...>
[pid   295] newfstatat(AT_FDCWD, "./15/binderfs",  <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] unlink("./16/binderfs" <unfinished ...>
[pid   295] unlink("./15/binderfs" <unfinished ...>
[pid   298] <... unlink resumed>)       = 0
[pid   295] <... unlink resumed>)       = 0
[pid   298] getdents64(3,  <unfinished ...>
[pid   295] getdents64(3,  <unfinished ...>
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] close(3 <unfinished ...>
[pid   295] close(3 <unfinished ...>
[pid   298] <... close resumed>)        = 0
[pid   295] <... close resumed>)        = 0
[pid   298] rmdir("./16" <unfinished ...>
[pid   295] rmdir("./15" <unfinished ...>
[pid   298] <... rmdir resumed>)        = 0
[pid   295] <... rmdir resumed>)        = 0
[pid   298] mkdir("./17", 0777 <unfinished ...>
[pid   295] mkdir("./16", 0777 <unfinished ...>
[pid   298] <... mkdir resumed>)        = 0
[pid   295] <... mkdir resumed>)        = 0
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   298] <... clone resumed>, child_tidptr=0x555556ccb650) = 392
[pid   295] <... clone resumed>, child_tidptr=0x555556ccb650) = 393
./strace-static-x86_64: Process 393 attached
[pid   393] set_robust_list(0x555556ccb660, 24) = 0
[pid   393] chdir("./16")               = 0
[pid   393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   393] setpgid(0, 0)               = 0
[pid   393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   393] write(3, "1000", 4)         = 4
[pid   393] close(3)                    = 0
[pid   393] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   393] write(1, "executing program\n", 18) = 18
[   29.703744][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   29.715838][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   29.722316][  T289] Modules linked in:
[   29.725986][  T289] Preemption disabled at:
[   29.725996][  T289] [<ffffffff81489ceb>] __set_current_blocked+0x11b/0x2f0
[   29.737265][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   29.747755][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   29.757648][  T289] Call Trace:
[   29.760770][  T289]  <TASK>
[   29.763548][  T289]  dump_stack_lvl+0x151/0x1b7
[   29.768062][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   29.773354][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   29.778654][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   29.783945][  T289]  ? __set_current_blocked+0x11b/0x2f0
[   29.789244][  T289]  dump_stack+0x15/0x1b
[   29.793235][  T289]  __schedule_bug+0x195/0x260
[   29.797757][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   29.803041][  T289]  ? __kasan_check_write+0x14/0x20
[   29.807987][  T289]  __schedule+0xcf7/0x1550
[   29.812245][  T289]  ? timerqueue_add+0x250/0x270
[   29.816933][  T289]  ? __sched_text_start+0x8/0x8
[   29.821619][  T289]  schedule+0xc3/0x180
[   29.825519][  T289]  schedule_hrtimeout_range_clock+0x1ef/0x360
[   29.831431][  T289]  ? hrtimer_nanosleep_restart+0x170/0x170
[   29.837062][  T289]  ? add_wait_queue+0x189/0x1c0
[   29.841750][  T289]  ? __remove_hrtimer+0x4d0/0x4d0
[   29.846611][  T289]  ? __pollwait+0x2f5/0x3f0
[   29.850949][  T289]  ? poll_initwait+0x160/0x160
[   29.855550][  T289]  schedule_hrtimeout_range+0x2a/0x40
[   29.860755][  T289]  do_sys_poll+0xdd7/0x1230
[   29.865103][  T289]  ? poll_select_finish+0x7b0/0x7b0
[   29.870131][  T289]  ? __x64_compat_sys_ppoll_time64+0xd0/0xd0
[   29.875950][  T289]  ? __x64_compat_sys_ppoll_time64+0xd0/0xd0
[   29.881773][  T289]  ? __x64_compat_sys_ppoll_time64+0xd0/0xd0
[   29.887575][  T289]  ? __x64_compat_sys_ppoll_time64+0xd0/0xd0
[   29.893395][  T289]  ? _raw_spin_lock_irqsave+0x210/0x210
[   29.898777][  T289]  ? __kasan_check_write+0x14/0x20
[   29.903721][  T289]  ? recalc_sigpending+0x164/0x1c0
[   29.908670][  T289]  ? _raw_spin_unlock_irq+0x4d/0x70
[   29.913712][  T289]  ? sigprocmask+0x280/0x280
[   29.918141][  T289]  __se_sys_ppoll+0x29c/0x330
[   29.922652][  T289]  ? __x64_sys_ppoll+0xd0/0xd0
[   29.927244][  T289]  ? __bpf_trace_sys_enter+0x62/0x70
[   29.932368][  T289]  __x64_sys_ppoll+0xbf/0xd0
[   29.936787][  T289]  do_syscall_64+0x3d/0xb0
[   29.941041][  T289]  ? sysvec_call_function_single+0x52/0xb0
[   29.946687][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   29.952414][  T289] RIP: 0033:0x7f73f9b19ad5
[   29.956662][  T289] Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83
[   29.976105][  T289] RSP: 002b:00007ffcfb246ac0 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[   29.984351][  T289] RAX: ffffffffffffffda RBX: 00000000000668a0 RCX: 00007f73f9b19ad5
[   29.992161][  T289] RDX: 00007ffcfb246ae0 RSI: 0000000000000004 RDI: 0000565323259b20
[   29.999974][  T289] RBP: 00005653232585e0 R08: 0000000000000008 R09: 0000000000000000
executing program
executing program
executing program
executing program
[pid   393] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   393] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   393] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 392 attached
 <unfinished ...>
[pid   392] set_robust_list(0x555556ccb660, 24) = 0
[pid   392] chdir("./17")               = 0
[pid   392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   392] setpgid(0, 0)               = 0
[pid   392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   393] <... bpf resumed>)          = 4
[pid   392] write(3, "1000", 4 <unfinished ...>
[pid   393] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   392] <... write resumed>)        = 4
[pid   393] <... bpf resumed>)          = 5
[pid   392] close(3 <unfinished ...>
[pid   393] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   392] <... close resumed>)        = 0
[pid   393] <... bpf resumed>)          = 6
[pid   392] symlink("/dev/binderfs", "./binderfs") = 0
[pid   392] write(1, "executing program\n", 18) = 18
[pid   392] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   393] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   392] <... bpf resumed>)          = 3
[pid   393] <... bpf resumed>)          = 7
[pid   392] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   393] exit_group(0 <unfinished ...>
[pid   392] <... bpf resumed>)          = 0
[pid   393] <... exit_group resumed>)   = ?
[pid   392] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   393] +++ exited with 0 +++
[pid   392] <... bpf resumed>)          = 4
[pid   392] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=393, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   392] <... bpf resumed>)          = 5
[pid   392] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73) = 6
[pid   295] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   392] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   386] <... exit_group resumed>)   = ?
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   392] <... bpf resumed>)          = 7
[pid   386] +++ exited with 0 +++
[pid   295] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   392] exit_group(0 <unfinished ...>
[pid   295] <... openat resumed>)       = 3
[pid   392] <... exit_group resumed>)   = ?
[pid   295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   295] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   295] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   295] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] unlink("./16/binderfs")     = 0
[pid   295] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] close(3)                    = 0
[pid   295] rmdir("./16")               = 0
[pid   295] mkdir("./17", 0777)         = 0
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 394
./strace-static-x86_64: Process 394 attached
[pid   394] set_robust_list(0x555556ccb660, 24) = 0
[pid   394] chdir("./17")               = 0
[pid   394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   394] setpgid(0, 0)               = 0
[pid   394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   394] write(3, "1000", 4)         = 4
[pid   394] close(3)                    = 0
[pid   394] symlink("/dev/binderfs", "./binderfs") = 0
[pid   394] write(1, "executing program\n", 18) = 18
[pid   394] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   394] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   394] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   394] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=386, si_uid=0, si_status=0, si_utime=0, si_stime=21} ---
[pid   300] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   300] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   300] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   300] unlink("./14/binderfs")     = 0
[pid   300] getdents64(3, 0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   300] close(3)                    = 0
[pid   300] rmdir("./14")               = 0
[pid   300] mkdir("./15", 0777)         = 0
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 395
./strace-static-x86_64: Process 395 attached
[pid   395] set_robust_list(0x555556ccb660, 24) = 0
[pid   395] chdir("./15")               = 0
[pid   395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   395] setpgid(0, 0)               = 0
[pid   395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   395] write(3, "1000", 4)         = 4
[pid   395] close(3)                    = 0
[pid   395] symlink("/dev/binderfs", "./binderfs") = 0
[pid   395] write(1, "executing program\n", 18) = 18
[pid   395] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   395] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   395] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   395] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   389] close(3)                    = 0
[pid   389] symlink("/dev/binderfs", "./binderfs") = 0
[pid   389] write(1, "executing program\n", 18) = 18
[pid   389] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   389] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   389] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   389] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   388] <... exit_group resumed>)   = ?
[pid   392] +++ exited with 0 +++
[pid   394] <... bpf resumed>)          = 5
[pid   395] <... bpf resumed>)          = 5
[pid   389] <... bpf resumed>)          = 5
[pid   394] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   395] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   389] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   388] +++ exited with 0 +++
[pid   395] <... bpf resumed>)          = 6
[pid   394] <... bpf resumed>)          = 6
[pid   298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=392, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   394] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   298] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   296] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   389] <... bpf resumed>)          = 6
[pid   298] <... restart_syscall resumed>) = 0
[pid   296] <... restart_syscall resumed>) = 0
[pid   395] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   389] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   298] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   296] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] <... openat resumed>)       = 3
[pid   296] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   298] newfstatat(3, "",  <unfinished ...>
[pid   296] <... openat resumed>)       = 3
[pid   298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   296] newfstatat(3, "",  <unfinished ...>
[pid   298] getdents64(3,  <unfinished ...>
[pid   296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   296] getdents64(3,  <unfinished ...>
[pid   298] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   298] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] newfstatat(AT_FDCWD, "./17/binderfs",  <unfinished ...>
[pid   296] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   296] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   298] unlink("./17/binderfs" <unfinished ...>
[pid   296] newfstatat(AT_FDCWD, "./15/binderfs",  <unfinished ...>
[pid   298] <... unlink resumed>)       = 0
[pid   296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   298] getdents64(3,  <unfinished ...>
[pid   296] unlink("./15/binderfs" <unfinished ...>
[pid   298] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   296] <... unlink resumed>)       = 0
[pid   298] close(3 <unfinished ...>
[pid   296] getdents64(3,  <unfinished ...>
[pid   298] <... close resumed>)        = 0
[pid   296] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   298] rmdir("./17" <unfinished ...>
[pid   296] close(3)                    = 0
[pid   298] <... rmdir resumed>)        = 0
[pid   296] rmdir("./15" <unfinished ...>
[pid   298] mkdir("./18", 0777 <unfinished ...>
[pid   296] <... rmdir resumed>)        = 0
[pid   296] mkdir("./16", 0777 <unfinished ...>
[pid   298] <... mkdir resumed>)        = 0
[pid   298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   296] <... mkdir resumed>)        = 0
[pid   296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 396 attached
 <unfinished ...>
[pid   298] <... clone resumed>, child_tidptr=0x555556ccb650) = 396
[pid   296] <... clone resumed>, child_tidptr=0x555556ccb650) = 397
./strace-static-x86_64: Process 397 attached
[pid   397] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   396] set_robust_list(0x555556ccb660, 24 <unfinished ...>
[pid   397] <... set_robust_list resumed>) = 0
[pid   396] <... set_robust_list resumed>) = 0
[pid   396] chdir("./18")               = 0
[pid   396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   397] chdir("./16" <unfinished ...>
[pid   396] setpgid(0, 0)               = 0
[pid   396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   397] <... chdir resumed>)        = 0
[pid   396] <... openat resumed>)       = 3
[pid   397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   397] setpgid(0, 0 <unfinished ...>
[pid   396] write(3, "1000", 4 <unfinished ...>
[pid   397] <... setpgid resumed>)      = 0
[pid   396] <... write resumed>)        = 4
[pid   396] close(3 <unfinished ...>
[pid   397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   396] <... close resumed>)        = 0
[pid   396] symlink("/dev/binderfs", "./binderfs") = 0
[pid   397] <... openat resumed>)       = 3
[pid   397] write(3, "1000", 4 <unfinished ...>
executing program
[pid   396] write(1, "executing program\n", 18 <unfinished ...>
[pid   397] <... write resumed>)        = 4
[pid   396] <... write resumed>)        = 18
[pid   396] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 <unfinished ...>
[pid   397] close(3 <unfinished ...>
[pid   396] <... bpf resumed>)          = 3
[pid   397] <... close resumed>)        = 0
[pid   396] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4 <unfinished ...>
[pid   397] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   396] <... bpf resumed>)          = 0
[pid   396] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   397] <... symlink resumed>)      = 0
executing program
[pid   397] write(1, "executing program\n", 18) = 18
[pid   397] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   397] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   396] <... bpf resumed>)          = 4
[pid   397] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 <unfinished ...>
[pid   396] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   397] <... bpf resumed>)          = 4
[pid   397] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   394] <... bpf resumed>)          = 7
[pid   396] <... bpf resumed>)          = 5
[pid   395] <... bpf resumed>)          = 7
[pid   394] exit_group(0 <unfinished ...>
[pid   389] <... bpf resumed>)          = 7
[   30.007787][  T289] R10: 00007ffcfb246bc8 R11: 0000000000000246 R12: 000056532196caa4
[   30.015600][  T289] R13: 0000000000000001 R14: 000056532196d3e8 R15: 00007ffcfb246b48
[   30.023417][  T289]  </TASK>
[   30.049235][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   30.060644][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   30.067984][  T291] Modules linked in:
[   30.071972][  T291] Preemption disabled at:
[   30.071980][  T291] [<ffffffff81566406>] remove_wait_queue+0x26/0x140
[   30.082702][  T291] CPU: 0 PID: 291 Comm: strace-static-x Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   30.094040][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   30.103937][  T291] Call Trace:
[   30.107062][  T291]  <TASK>
[   30.109845][  T291]  dump_stack_lvl+0x151/0x1b7
[   30.114352][  T291]  ? remove_wait_queue+0x26/0x140
[   30.119211][  T291]  ? remove_wait_queue+0x26/0x140
[   30.124072][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   30.129366][  T291]  ? remove_wait_queue+0x26/0x140
[   30.134224][  T291]  dump_stack+0x15/0x1b
[   30.138217][  T291]  __schedule_bug+0x195/0x260
[   30.142730][  T291]  ? __ia32_sys_waitid+0xd0/0xd0
[   30.147509][  T291]  ? bpf_trace_printk+0x1be/0x300
[   30.152367][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   30.157659][  T291]  ? kernel_waitid+0x520/0x520
[   30.162262][  T291]  __schedule+0xcf7/0x1550
[   30.166512][  T291]  ? __x64_sys_wait4+0x181/0x1e0
[   30.171286][  T291]  ? bpf_trace_run2+0x138/0x290
[   30.175979][  T291]  ? __sched_text_start+0x8/0x8
[   30.180664][  T291]  schedule+0xc3/0x180
[   30.184565][  T291]  exit_to_user_mode_loop+0x4e/0xa0
[   30.189600][  T291]  exit_to_user_mode_prepare+0x5a/0xa0
[   30.194893][  T291]  syscall_exit_to_user_mode+0x26/0x140
[   30.200276][  T291]  do_syscall_64+0x49/0xb0
[   30.204526][  T291]  ? sysvec_call_function_single+0x52/0xb0
[   30.210172][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   30.215897][  T291] RIP: 0033:0x4d49a6
[   30.219633][  T291] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24
[   30.239342][  T291] RSP: 002b:00007ffc3612a0e8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[   30.247590][  T291] RAX: 0000000000000185 RBX: 0000000000000004 RCX: 00000000004d49a6
[   30.255406][  T291] RDX: 0000000040000001 RSI: 00007ffc3612a10c RDI: 00000000ffffffff
[pid   397] <... bpf resumed>)          = 5
[pid   396] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[pid   395] exit_group(0 <unfinished ...>
[pid   394] <... exit_group resumed>)   = ?
[pid   389] exit_group(0 <unfinished ...>
[pid   396] <... bpf resumed>)          = 6
[pid   395] <... exit_group resumed>)   = ?
[pid   394] +++ exited with 0 +++
[pid   389] <... exit_group resumed>)   = ?
[pid   397] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=8, insns=0x200037c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=255, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0}, 73 <unfinished ...>
[   30.263215][  T291] RBP: 00000000012a5e40 R08: 0000000000000000 R09: 0000000000000000
[   30.271019][  T291] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000012ac880
[   30.278836][  T291] R13: 000000000000018a R14: 00007ffc3612a10c R15: 0000000000617180
[   30.286646][  T291]  </TASK>
[   30.293419][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   30.304825][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   30.312305][  T291] Modules linked in:
[   30.316001][  T291] Preemption disabled at:
[   30.316006][  T291] [<ffffffff8147f1fb>] __lock_task_sighand+0x6b/0x100
[   30.326768][  T291] CPU: 0 PID: 291 Comm: strace-static-x Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   30.338133][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   30.348117][  T291] Call Trace:
[   30.351249][  T291]  <TASK>
[   30.354016][  T291]  dump_stack_lvl+0x151/0x1b7
[   30.358529][  T291]  ? __lock_task_sighand+0x6b/0x100
[   30.363560][  T291]  ? __lock_task_sighand+0x6b/0x100
[   30.368597][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   30.373890][  T291]  ? task_rq_lock+0xd2/0x2b0
[   30.378321][  T291]  ? __lock_task_sighand+0x6b/0x100
[   30.383354][  T291]  dump_stack+0x15/0x1b
[   30.387343][  T291]  __schedule_bug+0x195/0x260
[   30.391859][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   30.397151][  T291]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   30.402448][  T291]  ? _raw_spin_lock+0x1b0/0x1b0
[   30.407134][  T291]  __schedule+0xcf7/0x1550
[   30.411504][  T291]  ? __lock_task_sighand+0xde/0x100
[   30.416507][  T291]  ? __sched_text_start+0x8/0x8
[   30.421197][  T291]  ? __kasan_check_write+0x14/0x20
[   30.426141][  T291]  ? __se_sys_ptrace+0x3b2/0x410
[   30.430920][  T291]  schedule+0xc3/0x180
[   30.434822][  T291]  exit_to_user_mode_loop+0x4e/0xa0
[   30.439855][  T291]  exit_to_user_mode_prepare+0x5a/0xa0
[   30.445150][  T291]  syscall_exit_to_user_mode+0x26/0x140
[   30.450530][  T291]  do_syscall_64+0x49/0xb0
[   30.454792][  T291]  ? sysvec_call_function_single+0x52/0xb0
[   30.460427][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   30.466152][  T291] RIP: 0033:0x4e6c1a
[   30.469887][  T291] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 4c
[   30.489329][  T291] RSP: 002b:00007ffc36129fd0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065
[   30.497658][  T291] RAX: 0000000000000000 RBX: 00000000012a42f8 RCX: 00000000004e6c1a
[   30.505470][  T291] RDX: 0000000000000000 RSI: 000000000000012d RDI: 0000000000000018
[pid   396] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   397] <... bpf resumed>)          = 6
[   30.513283][  T291] RBP: 0000000000000018 R08: 0000000000000017 R09: 0000000000000000
[   30.521095][  T291] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000012a6230
[   30.528910][  T291] R13: 0000000000000000 R14: 000000000000857f R15: 0000000000617180
[   30.536719][  T291]  </TASK>
[   30.540603][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   30.552002][  T289] BUG: scheduling while atomic: sshd/289/0x00000002
[   30.558389][  T289] Modules linked in:
[   30.562120][  T289] Preemption disabled at:
[   30.562129][  T289] [<ffffffff81c7d203>] pipe_read+0x5b3/0x1040
[   30.572286][  T289] CPU: 0 PID: 289 Comm: sshd Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   30.582607][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   30.592584][  T289] Call Trace:
[   30.595706][  T289]  <TASK>
[   30.598571][  T289]  dump_stack_lvl+0x151/0x1b7
[   30.603085][  T289]  ? pipe_read+0x5b3/0x1040
[   30.607428][  T289]  ? pipe_read+0x5b3/0x1040
[   30.611768][  T289]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   30.617059][  T289]  ? pipe_read+0x5b3/0x1040
[   30.621403][  T289]  dump_stack+0x15/0x1b
[   30.625397][  T289]  __schedule_bug+0x195/0x260
[   30.629910][  T289]  ? bpf_bprintf_cleanup+0x4f/0x60
[   30.634866][  T289]  ? bpf_trace_printk+0x1be/0x300
[   30.639814][  T289]  ? cpu_util_update_eff+0x10e0/0x10e0
[   30.645114][  T289]  ? bpf_probe_write_user+0xf0/0xf0
[   30.650143][  T289]  ? bpf_trace_run2+0xe9/0x290
[   30.654745][  T289]  __schedule+0xcf7/0x1550
[   30.659005][  T289]  ? bpf_trace_run2+0x138/0x290
[   30.663682][  T289]  ? __sched_text_start+0x8/0x8
[   30.668369][  T289]  ? bpf_trace_run1+0x240/0x240
[   30.673059][  T289]  ? ksys_read+0x24f/0x2c0
[   30.677312][  T289]  ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[   30.682696][  T289]  schedule+0xc3/0x180
[   30.686715][  T289]  exit_to_user_mode_loop+0x4e/0xa0
[   30.691824][  T289]  exit_to_user_mode_prepare+0x5a/0xa0
[   30.697120][  T289]  syscall_exit_to_user_mode+0x26/0x140
[   30.702505][  T289]  do_syscall_64+0x49/0xb0
[   30.706750][  T289]  ? sysvec_call_function_single+0x52/0xb0
[   30.712391][  T289]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   30.718121][  T289] RIP: 0033:0x7f73f9afd587
[   30.722374][  T289] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00
[   30.741816][  T289] RSP: 002b:00007ffcfb242318 EFLAGS: 00000246 ORIG_RAX: 0000000000000027
[   30.750054][  T289] RAX: 0000000000000121 RBX: 0000000000000000 RCX: 00007f73f9afd587
[   30.757872][  T289] RDX: 000000000000085c RSI: 0000565321978480 RDI: 0000565321975937
[pid   396] <... bpf resumed>)          = 7
executing program
executing program
[pid   395] +++ exited with 0 +++
[pid   295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=394, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   397] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sys_enter", prog_fd=6}}, 16 <unfinished ...>
[pid   396] exit_group(0 <unfinished ...>
[pid   295] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   396] <... exit_group resumed>)   = ?
[pid   300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=395, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   295] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   300] <... restart_syscall resumed>) = 0
[pid   295] <... openat resumed>)       = 3
[pid   295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   300] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] getdents64(3,  <unfinished ...>
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   300] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   295] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   300] <... openat resumed>)       = 3
[pid   295] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   300] newfstatat(3, "",  <unfinished ...>
[pid   295] newfstatat(AT_FDCWD, "./17/binderfs",  <unfinished ...>
[pid   300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   300] getdents64(3,  <unfinished ...>
[pid   295] unlink("./17/binderfs" <unfinished ...>
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 3 entries */, 32768) = 80
[pid   295] <... unlink resumed>)       = 0
[pid   300] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid   295] getdents64(3,  <unfinished ...>
[pid   300] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   295] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   300] newfstatat(AT_FDCWD, "./15/binderfs",  <unfinished ...>
[pid   295] close(3 <unfinished ...>
[pid   300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   295] <... close resumed>)        = 0
[pid   300] unlink("./15/binderfs" <unfinished ...>
[pid   295] rmdir("./17" <unfinished ...>
[pid   300] <... unlink resumed>)       = 0
[pid   295] <... rmdir resumed>)        = 0
[pid   300] getdents64(3,  <unfinished ...>
[pid   295] mkdir("./18", 0777 <unfinished ...>
[pid   300] <... getdents64 resumed>0x555556ccc6f0 /* 0 entries */, 32768) = 0
[pid   295] <... mkdir resumed>)        = 0
[pid   300] close(3 <unfinished ...>
[pid   295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   300] <... close resumed>)        = 0
[pid   300] rmdir("./15" <unfinished ...>
[pid   295] <... clone resumed>, child_tidptr=0x555556ccb650) = 398
[pid   300] <... rmdir resumed>)        = 0
[pid   300] mkdir("./16", 0777)         = 0
[pid   300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ccb650) = 399
./strace-static-x86_64: Process 399 attached
[pid   399] set_robust_list(0x555556ccb660, 24) = 0
[pid   399] chdir("./16")               = 0
[pid   399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   399] setpgid(0, 0)               = 0
[pid   399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   399] write(3, "1000", 4)         = 4
[pid   399] close(3)                    = 0
[pid   399] symlink("/dev/binderfs", "./binderfs") = 0
[pid   399] write(1, "executing program\n", 18) = 18
[pid   399] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   399] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   399] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   399] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16./strace-static-x86_64: Process 398 attached
 <unfinished ...>
[pid   398] set_robust_list(0x555556ccb660, 24) = 0
[pid   398] chdir("./18")               = 0
[pid   398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   398] setpgid(0, 0)               = 0
[pid   398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   398] write(3, "1000", 4)         = 4
[pid   398] close(3)                    = 0
[pid   398] symlink("/dev/binderfs", "./binderfs") = 0
[pid   398] write(1, "executing program\n", 18) = 18
[pid   398] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=8, max_entries=1, map_flags=BPF_F_RDONLY_PROG, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid   398] bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0
[pid   398] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=24, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
[pid   398] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 <unfinished ...>
[pid   389] +++ exited with 0 +++
[pid   397] <... bpf resumed>)          = 7
[pid   397] exit_group(0 <unfinished ...>
[pid   301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=389, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   397] <... exit_group resumed>)   = ?
[   30.765679][  T289] RBP: 0000565321976856 R08: 0000000000000006 R09: 0000000000000000
[   30.773494][  T289] R10: 0000565321976856 R11: 0000000000000246 R12: 0000565321975937
[   30.781306][  T289] R13: 0000565321978480 R14: 0000565321978480 R15: 00007ffcfb2428a0
[   30.789116][  T289]  </TASK>
[   30.793395][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?
[   30.805190][  T291] BUG: scheduling while atomic: strace-static-x/291/0x00000002
[   30.812822][  T291] Modules linked in:
[   30.816529][  T291] Preemption disabled at:
[   30.816533][  T291] [<ffffffff81566406>] remove_wait_queue+0x26/0x140
[   30.827116][  T291] CPU: 0 PID: 291 Comm: strace-static-x Tainted: G        W          6.1.75-syzkaller-00022-g34a15d350726 #0
[   30.838485][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   30.848386][  T291] Call Trace:
[   30.851502][  T291]  <TASK>
[   30.854282][  T291]  dump_stack_lvl+0x151/0x1b7
[   30.858790][  T291]  ? remove_wait_queue+0x26/0x140
[   30.863650][  T291]  ? remove_wait_queue+0x26/0x140
[   30.868510][  T291]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   30.873806][  T291]  ? remove_wait_queue+0x26/0x140
[   30.878668][  T291]  dump_stack+0x15/0x1b
[   30.882659][  T291]  __schedule_bug+0x195/0x260
[   30.887170][  T291]  ? cpu_util_update_eff+0x10e0/0x10e0
[   30.892470][  T291]  __schedule+0xcf7/0x1550
[   30.896717][  T291]  ? _raw_spin_lock+0x1b0/0x1b0
[   30.901408][  T291]  ? __sched_text_start+0x8/0x8
[   30.906093][  T291]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[   30.911735][  T291]  schedule+0xc3/0x180
[   30.915641][  T291]  do_wait+0x6e7/0xa10
[   30.919656][  T291]  kernel_wait4+0x29e/0x3d0
[   30.923978][  T291]  ? __ia32_sys_waitid+0xd0/0xd0
[   30.928752][  T291]  ? bpf_trace_printk+0x1be/0x300
[   30.933605][  T291]  ? kernel_waitid+0x520/0x520
[   30.938295][  T291]  __x64_sys_wait4+0x130/0x1e0
[   30.942908][  T291]  ? kernel_wait+0x230/0x230
[   30.947319][  T291]  ? bpf_trace_run2+0x138/0x290
[   30.952007][  T291]  ? __bpf_trace_sys_enter+0x62/0x70
[   30.957136][  T291]  ? __traceiter_sys_enter+0x2a/0x40
[   30.962248][  T291]  ? syscall_enter_from_user_mode+0x12c/0x190
[   30.968151][  T291]  do_syscall_64+0x3d/0xb0
[   30.972401][  T291]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   30.978129][  T291] RIP: 0033:0x4d49a6
[   30.981864][  T291] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24
[   31.001393][  T291] RSP: 002b:00007ffc3612a0e8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[   31.009634][  T291] RAX: ffffffffffffffda RBX: 00000000012a42f8 RCX: 00000000004d49a6
[pid   301] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   301] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   301] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid   301] getdents64(3, 0x555556ccc6f0 /* 3 entries */, 32768) = 80
[   31.017447][  T291] RDX: 0000000040000000 RSI: 00007ffc3612a10c RDI: 00000000ffffffff
[   31.025258][  T291] RBP: 0000000000000000 R08: 0000000000000017 R09: 0000000000000024
[   31.033073][  T291] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000012ac9a0
[   31.040882][  T291] R13: 0000000000000000 R14: 00007ffc3612a10c R15: 0000000000617180
[   31.048698][  T291]  </TASK>
[   31.054879][    C0] softirq: huh, entered softirq 3 NET_RX ffffffff840b5cd0 with preempt_count 00000103, exited with 00000102?