./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2620995728 <...> T28] audit: type=1400 audit(1752528142.845:62): avc: denied { rlimitinh } for pid=268 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 47.869428][ T28] audit: type=1400 audit(1752528142.845:63): avc: denied { siginh } for pid=268 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.168' (ED25519) to the list of known hosts. execve("./syz-executor2620995728", ["./syz-executor2620995728"], 0x7ffdea6e1280 /* 10 vars */) = 0 brk(NULL) = 0x555579d32000 brk(0x555579d32d00) = 0x555579d32d00 arch_prctl(ARCH_SET_FS, 0x555579d32380) = 0 set_tid_address(0x555579d32650) = 291 set_robust_list(0x555579d32660, 24) = 0 rseq(0x555579d32ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2620995728", 4096) = 28 getrandom("\x71\x23\x71\x8c\x94\xe7\x0e\x81", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555579d32d00 brk(0x555579d53d00) = 0x555579d53d00 brk(0x555579d54000) = 0x555579d54000 mprotect(0x7f55d22d3000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555579d32650) = 292 ./strace-static-x86_64: Process 292 attached [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] set_robust_list(0x555579d32660, 24 [pid 291] <... clone resumed>, child_tidptr=0x555579d32650) = 293 [pid 292] <... set_robust_list resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 293 attached [pid 291] <... clone resumed>, child_tidptr=0x555579d32650) = 294 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] <... clone resumed>, child_tidptr=0x555579d32650) = 295 ./strace-static-x86_64: Process 295 attached ./strace-static-x86_64: Process 294 attached [pid 293] set_robust_list(0x555579d32660, 24) = 0 ./strace-static-x86_64: Process 296 attached [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... clone resumed>, child_tidptr=0x555579d32650) = 296 [pid 295] set_robust_list(0x555579d32660, 24 [pid 296] set_robust_list(0x555579d32660, 24 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... set_robust_list resumed>) = 0 [pid 295] <... set_robust_list resumed>) = 0 [pid 294] set_robust_list(0x555579d32660, 24./strace-static-x86_64: Process 297 attached [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 294] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 298 attached [pid 295] <... prctl resumed>) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555579d32650) = 297 [pid 291] <... clone resumed>, child_tidptr=0x555579d32650) = 298 [pid 295] setpgid(0, 0 [pid 298] set_robust_list(0x555579d32660, 24 [pid 295] <... setpgid resumed>) = 0 [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... set_robust_list resumed>) = 0 [pid 297] set_robust_list(0x555579d32660, 24 [pid 295] <... openat resumed>) = 3 [pid 295] write(3, "1000", 4) = 4 [pid 295] close(3executing program ) = 0 [pid 295] write(1, "executing program\n", 18) = 18 [pid 295] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=65537, max_entries=8, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 299 attached [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] <... bpf resumed>) = 3 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... prctl resumed>) = 0 [pid 297] setpgid(0, 0) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555579d32650) = 300 [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... clone resumed>, child_tidptr=0x555579d32650) = 299 [pid 297] <... openat resumed>) = 3 [pid 297] write(3, "1000", 4) = 4 [pid 297] close(3) = 0 [pid 297] write(1, "executing program\n", 18executing program ) = 18 [pid 297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=65537, max_entries=8, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=65537, max_entries=8, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 4 [pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=4294967293, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = -1 EFAULT (Bad address) [pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 5 [pid 297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=5}}, 16./strace-static-x86_64: Process 300 attached [pid 299] set_robust_list(0x555579d32660, 24 [pid 295] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=65537, max_entries=8, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80 [pid 294] <... clone resumed>, child_tidptr=0x555579d32650) = 301 ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x555579d32660, 24) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [ 116.124806][ T28] audit: type=1400 audit(1752528211.115:64): avc: denied { execmem } for pid=291 comm="syz-executor262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 116.150384][ T28] audit: type=1400 audit(1752528211.145:65): avc: denied { bpf } for pid=295 comm="syz-executor262" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 301] close(3) = 0 [pid 301] write(1, "executing program\n", 18executing program ) = 18 [pid 301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=65537, max_entries=8, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 3 [pid 301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=65537, max_entries=8, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 80) = 4 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=4294967293, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = -1 EFAULT (Bad address) [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 [pid 300] set_robust_list(0x555579d32660, 24 [pid 299] <... set_robust_list resumed>) = 0 [pid 300] <... set_robust_list resumed>) = 0 [pid 295] <... bpf resumed>) = 4 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x200000000440, license=NULL, log_level=4294967293, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 [pid 300] <... prctl resumed>) = 0 [pid 299] <... prctl resumed>) = 0 [pid 300] setpgid(0, 0 [pid 295] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 301] <... bpf resumed>) = 5 [ 116.171277][ T28] audit: type=1400 audit(1752528211.145:66): avc: denied { map_create } for pid=295 comm="syz-executor262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 116.191019][ T28] audit: type=1400 audit(1752528211.145:67): avc: denied { map_read map_write } for pid=295 comm="syz-executor262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=5}}, 16 [pid 299] setpgid(0, 0 [pid 300] <... setpgid resumed>) = 0 [pid 295] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x200000000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 [pid 301] <... bpf resumed>) = 6 [pid 301] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=4, key=0x2000000001c0, value=0x200000000200, flags=BPF_ANY}, 32) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... setpgid resumed>) = 0 [pid 295] <... bpf resumed>) = 5 [pid 301] exit_group(0) = ? [pid 300] <... openat resumed>) = 3 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=5}}, 16 [pid 300] write(3, "1000", 4 [pid 299] <... openat resumed>) = 3 [pid 297] <... bpf resumed>) = 6 [pid 297] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=4, key=0x2000000001c0, value=0x200000000200, flags=BPF_ANY}, 32) = 0 [pid 297] exit_group(0) = ? [pid 300] <... write resumed>) = 4 [ 116.211643][ T28] audit: type=1400 audit(1752528211.145:68): avc: denied { prog_load } for pid=297 comm="syz-executor262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 116.232976][ T28] audit: type=1400 audit(1752528211.145:69): avc: denied { perfmon } for pid=297 comm="syz-executor262" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 116.254578][ T28] audit: type=1400 audit(1752528211.145:70): avc: denied { prog_run } for pid=297 comm="syz-executor262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 216.271066][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 216.278052][ C0] (detected by 0, t=10002 jiffies, g=605, q=17 ncpus=2) [ 216.285061][ C0] rcu: All QSes seen, last rcu_preempt kthread activity 10002 (4294958842-4294948840), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 216.298504][ C0] rcu: rcu_preempt kthread starved for 10002 jiffies! g605 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 216.309505][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 216.319537][ C0] rcu: RCU grace-period kthread stack dump: [ 216.325406][ C0] task:rcu_preempt state:R running task stack:28352 pid:14 ppid:2 flags:0x00004000 [ 216.336172][ C0] Call Trace: [ 216.339445][ C0] [ 216.342355][ C0] __schedule+0xb87/0x14e0 [ 216.346768][ C0] ? release_firmware_map_entry+0x194/0x194 [ 216.352636][ C0] ? __mod_timer+0x7ae/0xb30 [ 216.357203][ C0] schedule+0xbd/0x170 [ 216.361253][ C0] schedule_timeout+0x12c/0x2e0 [ 216.366080][ C0] ? __cfi_schedule_timeout+0x10/0x10 [ 216.371429][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 216.376863][ C0] ? __cfi_process_timeout+0x10/0x10 [ 216.382121][ C0] ? prepare_to_swait_event+0x308/0x320 [ 216.387657][ C0] rcu_gp_fqs_loop+0x2d8/0x10a0 [ 216.392503][ C0] ? rcu_gp_init+0xf10/0xf10 [ 216.397073][ C0] rcu_gp_kthread+0x95/0x370 [ 216.401640][ C0] ? __cfi_rcu_gp_kthread+0x10/0x10 [ 216.406826][ C0] ? __kasan_check_read+0x11/0x20 [ 216.411842][ C0] ? __kthread_parkme+0x142/0x180 [ 216.416856][ C0] kthread+0x281/0x320 [ 216.420899][ C0] ? __cfi_rcu_gp_kthread+0x10/0x10 [ 216.426074][ C0] ? __cfi_kthread+0x10/0x10 [ 216.430637][ C0] ret_from_fork+0x1f/0x30 [ 216.435044][ C0] [ 216.438047][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 216.444352][ C0] Sending NMI from CPU 0 to CPUs 1: [ 216.449625][ C1] NMI backtrace for cpu 1 [ 216.449643][ C1] CPU: 1 PID: 287 Comm: sshd-session Not tainted 6.1.141-syzkaller-00038-ge2deb0b42a3a #0 [ 216.449659][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 216.449670][ C1] RIP: 0010:kvm_wait+0xcc/0x140 [ 216.449694][ C1] Code: 20 f6 44 24 21 02 75 24 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 75 48 0f b6 07 40 38 f0 75 a6 66 90 0f 00 2d b5 ae 13 04 f4 9a fa 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 75 3f 0f b6 07 [ 216.449714][ C1] RSP: 0018:ffffc90000e56c20 EFLAGS: 00000046 [ 216.449727][ C1] RAX: 0000000000000003 RBX: ffff8881f7127c40 RCX: ffffffff84f06582 [ 216.449738][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff8881f7127c40 [ 216.449748][ C1] RBP: ffffc90000e56cb0 R08: dffffc0000000000 R09: ffffed103ee24f89 [ 216.449759][ C1] R10: ffffed103ee24f89 R11: 1ffff1103ee24f88 R12: 1ffff1103ee20001 [ 216.449770][ C1] R13: ffff8881f7138c94 R14: dffffc0000000000 R15: 1ffff920001cad84 [ 216.449781][ C1] FS: 00007fbb619f6300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 216.449793][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 216.449804][ C1] CR2: 00007f55d22da130 CR3: 0000000122e7b000 CR4: 00000000003506a0 [ 216.449817][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 216.449825][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 216.449834][ C1] Call Trace: [ 216.449839][ C1] [ 216.449847][ C1] ? __cfi_kvm_wait+0x10/0x10 [ 216.449887][ C1] ? pv_hash+0x86/0x150 [ 216.449934][ C1] __pv_queued_spin_lock_slowpath+0x690/0xc40 [ 216.449974][ C1] ? __cfi___pv_queued_spin_lock_slowpath+0x10/0x10 [ 216.449992][ C1] queued_spin_lock_slowpath+0x47/0x50 [ 216.450012][ C1] _raw_spin_lock_irqsave+0x108/0x110 [ 216.450031][ C1] ? __cfi__raw_spin_lock_irqsave+0x10/0x10 [ 216.450050][ C1] ? __local_bh_enable_ip+0x58/0x80 [ 216.450065][ C1] ? __dev_queue_xmit+0x13fb/0x3420 [ 216.450084][ C1] lock_timer_base+0x127/0x270 [ 216.450100][ C1] __mod_timer+0x10a/0xb30 [ 216.450117][ C1] add_timer+0x68/0x80 [ 216.450131][ C1] __queue_delayed_work+0x173/0x200 [ 216.450150][ C1] queue_delayed_work_on+0xdb/0x150 [ 216.450167][ C1] ? __cfi_queue_delayed_work_on+0x10/0x10 [ 216.450183][ C1] ? __virt_addr_valid+0x228/0x2e0 [ 216.450197][ C1] kvfree_call_rcu+0x436/0x7a0 [ 216.450214][ C1] ? __cfi_kvfree_call_rcu+0x10/0x10 [ 216.450229][ C1] ? longest_prefix_match+0x43c/0x640 [ 216.450246][ C1] trie_delete_elem+0x572/0x720 [ 216.450262][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e [ 216.450290][ C1] bpf_trace_run3+0x113/0x270 [ 216.450308][ C1] ? __cfi_bpf_trace_run3+0x10/0x10 [ 216.450325][ C1] ? calc_wheel_index+0xce/0x8b0 [ 216.450343][ C1] __bpf_trace_timer_start+0x2b/0x40 [ 216.450357][ C1] ? __cfi___bpf_trace_timer_start+0x10/0x10 [ 216.450371][ C1] __traceiter_timer_start+0x8c/0xe0 [ 216.450391][ C1] enqueue_timer+0x337/0x480 [ 216.450408][ C1] __mod_timer+0x79f/0xb30 [ 216.450425][ C1] mod_timer+0x1f/0x30 [ 216.450452][ C1] sk_reset_timer+0x22/0xb0 [ 216.450468][ C1] tcp_rearm_rto+0x312/0x700 [ 216.450485][ C1] ? tcp_rbtree_insert+0x149/0x180 [ 216.450503][ C1] tcp_event_new_data_sent+0x250/0x400 [ 216.450519][ C1] tcp_write_xmit+0x161f/0x5fb0 [ 216.450541][ C1] __tcp_push_pending_frames+0x9c/0x2f0 [ 216.450555][ C1] tcp_push+0x48f/0x660 [ 216.450573][ C1] ? __check_object_size+0x45a/0x600 [ 216.450593][ C1] tcp_sendmsg_locked+0x34f1/0x3d90 [ 216.450612][ C1] ? __local_bh_enable_ip+0x58/0x80 [ 216.450627][ C1] ? __cfi_tcp_sendmsg_locked+0x10/0x10 [ 216.450643][ C1] tcp_sendmsg+0x2f/0x50 [ 216.450655][ C1] inet_sendmsg+0xb6/0xd0 [ 216.450669][ C1] sock_write_iter+0x2ca/0x3b0 [ 216.450686][ C1] ? __cfi_sock_write_iter+0x10/0x10 [ 216.450703][ C1] ? fsnotify_perm+0x67/0x5b0 [ 216.450717][ C1] ? security_file_permission+0x8a/0xb0 [ 216.450733][ C1] vfs_write+0x5db/0xca0 [ 216.450752][ C1] ? __cfi_vfs_write+0x10/0x10 [ 216.450770][ C1] ? _raw_spin_unlock_irq+0x4d/0x70 [ 216.450789][ C1] ? __kasan_check_write+0x14/0x20 [ 216.450808][ C1] ? __kasan_check_read+0x11/0x20 [ 216.450825][ C1] ? __fdget_pos+0x1f2/0x380 [ 216.450844][ C1] ksys_write+0x140/0x240 [ 216.450862][ C1] ? __cfi_ksys_write+0x10/0x10 [ 216.450880][ C1] ? debug_smp_processor_id+0x17/0x20 [ 216.450899][ C1] __x64_sys_write+0x7b/0x90 [ 216.450916][ C1] x64_sys_call+0x27b/0x9a0 [ 216.450932][ C1] do_syscall_64+0x4c/0xa0 [ 216.450944][ C1] ? clear_bhb_loop+0x30/0x80 [ 216.450958][ C1] ? clear_bhb_loop+0x30/0x80 [ 216.450973][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 216.450987][ C1] RIP: 0033:0x7fbb612a7407 [ 216.450998][ C1] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 216.451009][ C1] RSP: 002b:00007fff30c30cd0 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 216.451023][ C1] RAX: ffffffffffffffda RBX: 00007fbb619f6300 RCX: 00007fbb612a7407 [ 216.451034][ C1] RDX: 0000000000000074 RSI: 000055e85e7a4170 RDI: 0000000000000004 [ 216.451042][ C1] RBP: 000055e85e7a7ca0 R08: 0000000000000000 R09: 0000000000000000 [ 216.451051][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 216.451060][ C1] R13: 00007fff30c30e20 R14: 0000000000000000 R15: 0000000000000004 [ 216.451072][ C1] [ 216.451078][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.460 msecs [ 353.092890][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 225s! [syz-executor262:295] [ 353.101510][ C0] Modules linked in: [ 353.105388][ C0] CPU: 0 PID: 295 Comm: syz-executor262 Not tainted 6.1.141-syzkaller-00038-ge2deb0b42a3a #0 [ 353.115505][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 353.125561][ C0] RIP: 0010:smp_call_function_many_cond+0x872/0x960 [ 353.132148][ C0] Code: 41 8b 1f 89 de 83 e6 01 31 ff e8 39 66 09 00 83 e3 01 48 bb 00 00 00 00 00 fc ff df 75 0a e8 05 62 09 00 e9 38 ff ff ff f3 90 <41> 0f b6 44 1d 00 84 c0 75 14 41 f7 07 01 00 00 00 0f 84 1a ff ff [ 353.152165][ C0] RSP: 0018:ffffc90000e87480 EFLAGS: 00000293 [ 353.158212][ C0] RAX: ffffffff8166958e RBX: dffffc0000000000 RCX: ffff8881096fa880 [ 353.166158][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 353.174190][ C0] RBP: ffffc90000e875b8 R08: dffffc0000000000 R09: ffffed103ee07213 [ 353.182134][ C0] R10: 0000000000000000 R11: ffffffff81341b30 R12: 1ffff1103ee07210 [ 353.190083][ C0] R13: 1ffff1103ee2789d R14: 0000000000000001 R15: ffff8881f713c4e8 [ 353.198029][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 353.206932][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 353.213576][ C0] CR2: 00002000000000f4 CR3: 0000000006e0f000 CR4: 00000000003506b0 [ 353.221527][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 353.229474][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 353.237422][ C0] Call Trace: [ 353.240676][ C0] [ 353.243585][ C0] ? __cfi_do_sync_core+0x10/0x10 [ 353.248601][ C0] ? smp_call_function_many+0x40/0x40 [ 353.253951][ C0] ? __SCT__tp_func_timer_init+0x8/0x8 [ 353.259383][ C0] ? text_poke+0x30/0x30 [ 353.263609][ C0] ? __cfi_do_sync_core+0x10/0x10 [ 353.268622][ C0] on_each_cpu_cond_mask+0x43/0x80 [ 353.273713][ C0] text_poke_bp_batch+0x1cc/0x580 [ 353.278714][ C0] ? text_poke_loc_init+0x570/0x570 [ 353.283886][ C0] ? __stack_depot_save+0x36/0x480 [ 353.288971][ C0] ? __SCT__tp_func_timer_init+0x8/0x8 [ 353.294409][ C0] text_poke_bp+0xc8/0x140 [ 353.298801][ C0] ? __cfi_text_poke_bp+0x10/0x10 [ 353.303798][ C0] ? __kmalloc+0xb1/0x1e0 [ 353.308109][ C0] ? bpf_raw_tp_link_release+0x63/0x90 [ 353.313541][ C0] ? bpf_link_free+0x13a/0x390 [ 353.318279][ C0] ? __fput+0x1fc/0x8f0 [ 353.322406][ C0] __static_call_transform+0x318/0x500 [ 353.327841][ C0] ? __kasan_check_write+0x14/0x20 [ 353.332926][ C0] ? __SCT__tp_func_timer_init+0x8/0x8 [ 353.338365][ C0] ? text_poke_bp+0x140/0x140 [ 353.343020][ C0] ? __kasan_check_write+0x14/0x20 [ 353.348140][ C0] ? mutex_lock+0x8d/0x1a0 [ 353.352539][ C0] ? __cfi_mutex_lock+0x10/0x10 [ 353.357387][ C0] ? __SCT__tp_func_timer_init+0x8/0x8 [ 353.362833][ C0] ? __cfi___bpf_trace_timer_start+0x10/0x10 [ 353.368794][ C0] arch_static_call_transform+0xd3/0x280 [ 353.374405][ C0] ? __SCT__tp_func_timer_init+0x8/0x8 [ 353.379840][ C0] __static_call_update+0xef/0x5c0 [ 353.384952][ C0] ? __cfi___bpf_trace_timer_start+0x10/0x10 [ 353.390913][ C0] ? __cfi___static_call_update+0x10/0x10 [ 353.396612][ C0] ? kasan_save_alloc_info+0x25/0x30 [ 353.401874][ C0] ? __kasan_kmalloc+0x95/0xb0 [ 353.406612][ C0] ? memcpy+0x56/0x70 [ 353.410573][ C0] ? __cfi___bpf_trace_timer_start+0x10/0x10 [ 353.416554][ C0] tracepoint_probe_unregister+0x817/0x8b0 [ 353.422380][ C0] bpf_probe_unregister+0x61/0x70 [ 353.427507][ C0] bpf_raw_tp_link_release+0x63/0x90 [ 353.432771][ C0] bpf_link_free+0x13a/0x390 [ 353.437372][ C0] ? bpf_link_put_deferred+0x20/0x20 [ 353.442647][ C0] bpf_link_release+0x15f/0x170 [ 353.447474][ C0] ? __cfi_bpf_link_release+0x10/0x10 [ 353.452819][ C0] __fput+0x1fc/0x8f0 [ 353.456776][ C0] ____fput+0x15/0x20 [ 353.460735][ C0] task_work_run+0x1db/0x240 [ 353.465300][ C0] ? __cfi_task_work_run+0x10/0x10 [ 353.470403][ C0] ? disassociate_ctty+0x1f2/0x8b0 [ 353.475506][ C0] ? __kasan_check_write+0x14/0x20 [ 353.480609][ C0] do_exit+0xa1d/0x2650 [ 353.484930][ C0] ? __cfi_do_exit+0x10/0x10 [ 353.489541][ C0] ? _raw_spin_unlock_irq+0x4d/0x70 [ 353.494734][ C0] ? __kasan_check_write+0x14/0x20 [ 353.499846][ C0] ? _raw_spin_lock_irq+0x8f/0xe0 [ 353.504878][ C0] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 353.510405][ C0] ? zap_other_threads+0x2c1/0x2f0 [ 353.515494][ C0] do_group_exit+0x210/0x2d0 [ 353.520061][ C0] __x64_sys_exit_group+0x3f/0x40 [ 353.525062][ C0] x64_sys_call+0x7b4/0x9a0 [ 353.529551][ C0] do_syscall_64+0x4c/0xa0 [ 353.533938][ C0] ? clear_bhb_loop+0x30/0x80 [ 353.538588][ C0] ? clear_bhb_loop+0x30/0x80 [ 353.543275][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 353.549141][ C0] RIP: 0033:0x7f55d225e039 [ 353.553620][ C0] Code: Unable to access opcode bytes at 0x7f55d225e00f. [ 353.560607][ C0] RSP: 002b:00007fffad60a048 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 353.568997][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f55d225e039 [ 353.576942][ C0] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 353.584922][ C0] RBP: 00007f55d22d92b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 353.592867][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f55d22d92b0 [ 353.600811][ C0] R13: 0000000000000000 R14: 00007f55d22d9d20 R15: 00007f55d222f1f0 [ 353.608760][ C0]