./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2954110232 <...> Warning: Permanently added '10.128.1.38' (ED25519) to the list of known hosts. execve("./syz-executor2954110232", ["./syz-executor2954110232"], 0x7ffe79161d30 /* 10 vars */) = 0 brk(NULL) = 0x55555b99a000 brk(0x55555b99ad40) = 0x55555b99ad40 arch_prctl(ARCH_SET_FS, 0x55555b99a3c0) = 0 set_tid_address(0x55555b99a690) = 5066 set_robust_list(0x55555b99a6a0, 24) = 0 rseq(0x55555b99ace0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2954110232", 4096) = 28 getrandom("\x89\x0f\xea\x3a\x07\x47\xc9\xb9", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555b99ad40 brk(0x55555b9bbd40) = 0x55555b9bbd40 brk(0x55555b9bc000) = 0x55555b9bc000 mprotect(0x7f8b63e33000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f8b63e3934c, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f8b63dd6260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8b63dc78e0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b63d4c000 mprotect(0x7f8b63d4d000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8b63d6c990, parent_tid=0x7f8b63d6c990, exit_signal=0, stack=0x7f8b63d4c000, stack_size=0x20300, tls=0x7f8b63d6c6c0}./strace-static-x86_64: Process 5067 attached => {parent_tid=[5067]}, 88) = 5067 [pid 5067] rseq(0x7f8b63d6cfe0, 0x20, 0, 0x53053053 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], [pid 5067] <... rseq resumed>) = 0 [pid 5066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] futex(0x7f8b63e39348, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] set_robust_list(0x7f8b63d6c9a0, 24 [pid 5066] <... futex resumed>) = 0 [pid 5067] <... set_robust_list resumed>) = 0 [pid 5066] futex(0x7f8b63e3934c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5067] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_MSG, insn_cnt=4, insns=0x20000040, license="GPL", log_level=2, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 3 [pid 5067] futex(0x7f8b63e3934c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] futex(0x7f8b63e39348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f8b63e39348, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5066] <... futex resumed>) = 1 [pid 5067] close(3 [pid 5066] futex(0x7f8b63e3934c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... close resumed>) = 0 [pid 5067] futex(0x7f8b63e3934c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5067] <... futex resumed>) = 1 [pid 5066] futex(0x7f8b63e39348, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 5066] <... futex resumed>) = 0 [pid 5067] <... socketpair resumed>[3, 4]) = 0 [pid 5066] futex(0x7f8b63e3934c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] futex(0x7f8b63e3934c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f8b63e39348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] <... futex resumed>) = 1 [pid 5066] futex(0x7f8b63e3934c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 5067] futex(0x7f8b63e3934c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f8b63e39348, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5067] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000000, value=0x20000080, flags=BPF_ANY}, 32 [pid 5066] futex(0x7f8b63e3934c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... bpf resumed>) = 0 [pid 5067] futex(0x7f8b63e3934c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f8b63e39348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f8b63e3934c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... futex resumed>) = 1 [pid 5067] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5067] futex(0x7f8b63e3934c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f8b63e39348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] <... futex resumed>) = 1 [pid 5066] futex(0x7f8b63e3934c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 6 [pid 5067] futex(0x7f8b63e3934c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f8b63e39348, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5067] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="tlb_flush", prog_fd=6}}, 16 [ 61.900191][ T5067] ------------[ cut here ]------------ [ 61.900642][ T33] [ 61.906561][ T5067] WARNING: CPU: 1 PID: 5067 at kernel/softirq.c:362 __local_bh_enable_ip+0x1be/0x200 [ 61.908880][ T33] ===================================================== [ 61.908888][ T33] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 61.918663][ T5067] Modules linked in: [ 61.925662][ T33] 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Not tainted [ 61.933185][ T5067] CPU: 1 PID: 5067 Comm: syz-executor295 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 [ 61.937051][ T33] ----------------------------------------------------- [ 61.937058][ T33] kcompactd0/33 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 61.943696][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 61.953997][ T33] ffff8880236f1200 [ 61.960988][ T5067] RIP: 0010:__local_bh_enable_ip+0x1be/0x200 [ 61.968413][ T33] ( [ 61.978878][ T5067] Code: 3b 44 24 60 75 52 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 90 0f 0b 90 e9 ca fe ff ff e8 55 00 00 00 eb 9c 90 <0f> 0b 90 e9 fa fe ff ff 48 c7 c1 9c e1 86 8f 80 e1 07 80 c1 03 38 [ 61.982765][ T33] &stab->lock [ 61.989333][ T5067] RSP: 0018:ffffc9000397f340 EFLAGS: 00010046 [ 61.991860][ T33] ){+...}-{2:2} [ 62.013372][ T5067] [ 62.013386][ T5067] RAX: 0000000000000000 RBX: 1ffff9200072fe6c RCX: 0000000000000001 [ 62.017276][ T33] , at: sock_map_delete_elem+0x97/0x140 [ 62.023425][ T5067] RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff895ff9a1 [ 62.026908][ T33] [ 62.026908][ T33] and this task is already holding: [ 62.026917][ T33] ffff8880b943e158 [ 62.029408][ T5067] RBP: ffffc9000397f3e8 R08: ffff888059dcd27b R09: 1ffff1100b3b9a4f [ 62.039039][ T33] ( [ 62.044750][ T5067] R10: dffffc0000000000 R11: ffffed100b3b9a50 R12: dffffc0000000000 [ 62.053046][ T33] &rq->__lock [ 62.060480][ T5067] R13: 0000000000000000 R14: ffffc9000397f380 R15: 0000000000000201 [ 62.064211][ T33] ){-.-.}-{2:2} [ 62.072609][ T5067] FS: 00007f8b63d6c6c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 62.075106][ T33] , at: raw_spin_rq_lock_nested+0x2a/0x140 [ 62.083340][ T5067] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.086633][ T33] which would create a new lock dependency: [ 62.086641][ T33] ( [ 62.094681][ T5067] CR2: 0000000000000000 CR3: 0000000020698000 CR4: 00000000003506f0 [ 62.098285][ T33] &rq->__lock [ 62.107613][ T5067] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.113419][ T33] ){-.-.}-{2:2} [ 62.120004][ T5067] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.126078][ T33] -> [ 62.128562][ T5067] Call Trace: [ 62.128576][ T5067] [ 62.136609][ T33] (&stab->lock [ 62.139959][ T5067] ? __warn+0x163/0x4b0 [ 62.147996][ T33] ){+...}-{2:2} [ 62.151538][ T5067] ? __local_bh_enable_ip+0x1be/0x200 [ 62.159491][ T33] [ 62.159503][ T33] [ 62.159503][ T33] but this new dependency connects a HARDIRQ-irq-safe lock: [ 62.162412][ T5067] ? report_bug+0x2b3/0x500 [ 62.165754][ T33] (&rq->__lock [ 62.168676][ T5067] ? __local_bh_enable_ip+0x1be/0x200 [ 62.172110][ T33] ){-.-.}-{2:2} [ 62.176238][ T5067] ? handle_bug+0x3e/0x70 [ 62.179677][ T33] [ 62.179677][ T33] ... which became HARDIRQ-irq-safe at: [ 62.185048][ T5067] ? exc_invalid_op+0x1a/0x50 [ 62.187362][ T33] lock_acquire+0x1e4/0x530 [ 62.196959][ T5067] ? asm_exc_invalid_op+0x1a/0x20 [ 62.205540][ T33] _raw_spin_lock_nested+0x31/0x40 [ 62.209093][ T5067] ? sock_map_unref+0x401/0x5e0 [ 62.214445][ T33] raw_spin_rq_lock_nested+0x2a/0x140 [ 62.217892][ T5067] ? __local_bh_enable_ip+0x1be/0x200 [ 62.222316][ T33] scheduler_tick+0xa1/0x6e0 [ 62.230376][ T5067] ? sock_map_unref+0x401/0x5e0 [ 62.235291][ T33] update_process_times+0x202/0x230 [ 62.239925][ T5067] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 62.245045][ T33] tick_periodic+0x190/0x220 [ 62.250218][ T5067] ? do_raw_spin_unlock+0x13c/0x8b0 [ 62.255154][ T33] tick_handle_periodic+0x4a/0x160 [ 62.260703][ T5067] ? sock_map_unref+0x3ac/0x5e0 [ 62.266051][ T33] timer_interrupt+0x5c/0x70 [ 62.270966][ T5067] sock_map_unref+0x401/0x5e0 [ 62.275884][ T33] __handle_irq_event_percpu+0x28c/0xa30 [ 62.281243][ T5067] sock_map_delete_elem+0xc0/0x140 [ 62.286927][ T33] handle_irq_event+0x89/0x1f0 [ 62.291585][ T5067] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 62.296746][ T33] handle_level_irq+0x3c5/0x6e0 [ 62.302008][ T5067] bpf_trace_run2+0x204/0x420 [ 62.307620][ T33] __common_interrupt+0x13a/0x230 [ 62.312612][ T5067] ? bpf_trace_run2+0x114/0x420 [ 62.317261][ T33] common_interrupt+0xa5/0xd0 [ 62.323305][ T5067] ? __pfx_bpf_trace_run2+0x10/0x10 [ 62.328635][ T33] asm_common_interrupt+0x26/0x40 [ 62.333547][ T5067] ? trace_tlb_flush+0x59/0x120 [ 62.339235][ T33] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 62.344496][ T5067] trace_tlb_flush+0xfa/0x120 [ 62.349246][ T33] __setup_irq+0x1277/0x1cf0 [ 62.354421][ T5067] switch_mm_irqs_off+0x7cb/0xae0 [ 62.359370][ T33] request_threaded_irq+0x2ab/0x380 [ 62.364329][ T5067] ? __pfx_switch_mm_irqs_off+0x10/0x10 [ 62.369585][ T33] setup_default_timer_irq+0x25/0x60 [ 62.374832][ T5067] ? text_poke_memcpy+0x25/0x30 [ 62.379915][ T33] x86_late_time_init+0x66/0xc0 [ 62.385785][ T5067] ? __asan_memcpy+0x40/0x70 [ 62.390975][ T33] start_kernel+0x3f3/0x500 [ 62.395917][ T5067] __text_poke+0x8f7/0xd30 [ 62.400937][ T33] x86_64_start_reservations+0x2a/0x30 [ 62.406406][ T5067] ? trace_tlb_flush+0x6/0x120 [ 62.412377][ T33] x86_64_start_kernel+0x99/0xa0 [ 62.418448][ T5067] ? __pfx_text_poke_memcpy+0x10/0x10 [ 62.423719][ T33] common_startup_64+0x13e/0x147 [ 62.428824][ T5067] ? __pfx___text_poke+0x10/0x10 [ 62.433501][ T33] [ 62.433501][ T33] to a HARDIRQ-irq-unsafe lock: [ 62.438169][ T5067] ? __pfx___might_resched+0x10/0x10 [ 62.442910][ T33] (&stab->lock [ 62.448525][ T5067] ? __mutex_trylock_common+0x183/0x2e0 [ 62.453289][ T33] ){+...}-{2:2} [ 62.458311][ T5067] ? __pfx___might_resched+0x10/0x10 [ 62.463854][ T33] [ 62.463854][ T33] ... which became HARDIRQ-irq-unsafe at: [ 62.469305][ T5067] ? trace_tlb_flush+0x6/0x120 [ 62.474748][ T33] ... [ 62.474755][ T33] lock_acquire+0x1e4/0x530 [ 62.482018][ T5067] text_poke_bp_batch+0x265/0xb30 [ 62.487535][ T33] _raw_spin_lock_bh+0x35/0x50 [ 62.491516][ T5067] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 62.497484][ T33] sock_map_update_common+0x1b6/0x5b0 [ 62.501032][ T5067] ? __pfx___mutex_lock+0x10/0x10 [ 62.506468][ T33] sock_map_update_elem_sys+0x55f/0x910 [ 62.514612][ T5067] ? arch_jump_label_transform_queue+0x9b/0x100 [ 62.520050][ T33] map_update_elem+0x53a/0x6f0 [ 62.522884][ T5067] text_poke_finish+0x30/0x50 [ 62.527877][ T33] __sys_bpf+0x76f/0x810 [ 62.533230][ T5067] arch_jump_label_transform_apply+0x1c/0x30 [ 62.538318][ T33] __x64_sys_bpf+0x7c/0x90 [ 62.544274][ T5067] static_key_enable_cpuslocked+0x136/0x260 [ 62.550142][ T33] do_syscall_64+0xfb/0x240 [ 62.556126][ T5067] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 62.561905][ T33] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.568311][ T5067] static_key_enable+0x1a/0x20 [ 62.573226][ T33] [ 62.573226][ T33] other info that might help us debug this: [ 62.573226][ T33] [ 62.573234][ T33] Possible interrupt unsafe locking scenario: [ 62.573234][ T33] [ 62.577976][ T5067] tracepoint_add_func+0x953/0x9e0 [ 62.582290][ T33] CPU0 CPU1 [ 62.582297][ T33] ---- ---- [ 62.588505][ T5067] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 62.592976][ T33] lock(&stab->lock [ 62.599107][ T5067] tracepoint_probe_register_prio_may_exist+0x122/0x190 [ 62.603851][ T33] ); [ 62.603857][ T33] local_irq_disable(); [ 62.609635][ T5067] ? __pfx_tracepoint_probe_register_prio_may_exist+0x10/0x10 [ 62.615588][ T33] lock(&rq->__lock [ 62.621027][ T5067] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 62.632928][ T33] ); [ 62.632935][ T33] lock( [ 62.641842][ T5067] ? anon_inode_getfile+0xff/0x180 [ 62.647017][ T33] &stab->lock [ 62.652364][ T5067] ? bpf_probe_register+0x117/0x1d0 [ 62.658069][ T33] ); [ 62.658080][ T33] [ 62.658083][ T33] lock( [ 62.664476][ T5067] bpf_raw_tp_link_attach+0x470/0x6d0 [ 62.668515][ T33] &rq->__lock); [ 62.675689][ T5067] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 62.678164][ T33] [ 62.678164][ T33] *** DEADLOCK *** [ 62.678164][ T33] [ 62.678169][ T33] 2 locks held by kcompactd0/33: [ 62.684910][ T5067] bpf_raw_tracepoint_open+0x19d/0x210 [ 62.692769][ T33] #0: ffff8880b943e158 [ 62.699443][ T5067] __sys_bpf+0x3c0/0x810 [ 62.705350][ T33] ( [ 62.708102][ T5067] ? __pfx___sys_bpf+0x10/0x10 [ 62.714244][ T33] &rq->__lock [ 62.719992][ T5067] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 62.724668][ T33] ){-.-.}-{2:2} [ 62.729856][ T5067] ? do_syscall_64+0x10a/0x240 [ 62.732426][ T33] , at: raw_spin_rq_lock_nested+0x2a/0x140 [ 62.736046][ T5067] __x64_sys_bpf+0x7c/0x90 [ 62.739154][ T33] #1: [ 62.744595][ T5067] do_syscall_64+0xfb/0x240 [ 62.748035][ T33] ffffffff8e131920 [ 62.754000][ T5067] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.762599][ T33] (rcu_read_lock [ 62.767790][ T5067] RIP: 0033:0x7f8b63db03b9 [ 62.773597][ T33] ){....}-{1:2} [ 62.778036][ T5067] Code: Unable to access opcode bytes at 0x7f8b63db038f. [ 62.782362][ T33] , at: bpf_trace_run2+0x114/0x420 [ 62.784862][ T5067] RSP: 002b:00007f8b63d6c228 EFLAGS: 00000246 [ 62.789601][ T33] [ 62.789601][ T33] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 62.792953][ T5067] ORIG_RAX: 0000000000000141 [ 62.799266][ T33] -> ( [ 62.802887][ T5067] RAX: ffffffffffffffda RBX: 00007f8b63e39348 RCX: 00007f8b63db03b9 [ 62.807888][ T33] &rq->__lock [ 62.814007][ T5067] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000011 [ 62.818397][ T33] ){-.-.}-{2:2} [ 62.821156][ T5067] RBP: 00007f8b63e39340 R08: 00007f8b63d6c6c0 R09: 00007f8b63d6c6c0 [ 62.825811][ T33] { [ 62.825817][ T33] IN-HARDIRQ-W [ 62.829591][ T5067] R10: 00007f8b63d6c6c0 R11: 0000000000000246 R12: 00007f8b63e3934c [ 62.835723][ T33] at: [ 62.835729][ T33] lock_acquire+0x1e4/0x530 [ 62.839511][ T5067] R13: 00007f8b63e07004 R14: 73756c665f626c74 R15: 00007ffea1acb928 [ 62.843984][ T33] _raw_spin_lock_nested+0x31/0x40 [ 62.847602][ T5067] [ 62.854951][ T33] raw_spin_rq_lock_nested+0x2a/0x140 [ 62.860227][ T5067] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 62.860238][ T5067] CPU: 1 PID: 5067 Comm: syz-executor295 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 [ 62.860255][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 62.860264][ T5067] Call Trace: [ 62.860274][ T5067] [ 62.860281][ T5067] dump_stack_lvl+0x1e7/0x2e0 [ 62.860311][ T5067] ? __pfx_dump_stack_lvl+0x10/0x10 [ 62.860330][ T5067] ? __pfx__printk+0x10/0x10 [ 62.860350][ T5067] ? vscnprintf+0x5d/0x90 [ 62.860372][ T5067] panic+0x349/0x860 [ 62.860390][ T5067] ? __warn+0x172/0x4b0 [ 62.860410][ T5067] ? __pfx_panic+0x10/0x10 [ 62.860435][ T5067] __warn+0x31e/0x4b0 [ 62.860455][ T5067] ? __local_bh_enable_ip+0x1be/0x200 [ 62.860473][ T5067] report_bug+0x2b3/0x500 [ 62.860496][ T5067] ? __local_bh_enable_ip+0x1be/0x200 [ 62.860514][ T5067] handle_bug+0x3e/0x70 [ 62.860533][ T5067] exc_invalid_op+0x1a/0x50 [ 62.860552][ T5067] asm_exc_invalid_op+0x1a/0x20 [ 62.860574][ T5067] RIP: 0010:__local_bh_enable_ip+0x1be/0x200 [ 62.860592][ T5067] Code: 3b 44 24 60 75 52 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 90 0f 0b 90 e9 ca fe ff ff e8 55 00 00 00 eb 9c 90 <0f> 0b 90 e9 fa fe ff ff 48 c7 c1 9c e1 86 8f 80 e1 07 80 c1 03 38 [ 62.860604][ T5067] RSP: 0018:ffffc9000397f340 EFLAGS: 00010046 [ 62.860619][ T5067] RAX: 0000000000000000 RBX: 1ffff9200072fe6c RCX: 0000000000000001 [ 62.860629][ T5067] RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff895ff9a1 [ 62.860640][ T5067] RBP: ffffc9000397f3e8 R08: ffff888059dcd27b R09: 1ffff1100b3b9a4f [ 62.860651][ T5067] R10: dffffc0000000000 R11: ffffed100b3b9a50 R12: dffffc0000000000 [ 62.860662][ T5067] R13: 0000000000000000 R14: ffffc9000397f380 R15: 0000000000000201 [ 62.860677][ T5067] ? sock_map_unref+0x401/0x5e0 [ 62.860699][ T5067] ? sock_map_unref+0x401/0x5e0 [ 62.860715][ T5067] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 62.860729][ T5067] ? do_raw_spin_unlock+0x13c/0x8b0 [ 62.860751][ T5067] ? sock_map_unref+0x3ac/0x5e0 [ 62.860770][ T5067] sock_map_unref+0x401/0x5e0 [ 62.860790][ T5067] sock_map_delete_elem+0xc0/0x140 [ 62.860807][ T5067] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 62.860825][ T5067] bpf_trace_run2+0x204/0x420 [ 62.860843][ T5067] ? bpf_trace_run2+0x114/0x420 [ 62.860859][ T5067] ? __pfx_bpf_trace_run2+0x10/0x10 [ 62.860876][ T5067] ? trace_tlb_flush+0x59/0x120 [ 62.860900][ T5067] trace_tlb_flush+0xfa/0x120 [ 62.860923][ T5067] switch_mm_irqs_off+0x7cb/0xae0 [ 62.860949][ T5067] ? __pfx_switch_mm_irqs_off+0x10/0x10 [ 62.860971][ T5067] ? text_poke_memcpy+0x25/0x30 [ 62.860990][ T5067] ? __asan_memcpy+0x40/0x70 [ 62.861007][ T5067] __text_poke+0x8f7/0xd30 [ 62.861026][ T5067] ? trace_tlb_flush+0x6/0x120 [ 62.861048][ T5067] ? __pfx_text_poke_memcpy+0x10/0x10 [ 62.861066][ T5067] ? __pfx___text_poke+0x10/0x10 [ 62.861087][ T5067] ? __pfx___might_resched+0x10/0x10 [ 62.861104][ T5067] ? __mutex_trylock_common+0x183/0x2e0 [ 62.861123][ T5067] ? __pfx___might_resched+0x10/0x10 [ 62.861145][ T5067] ? trace_tlb_flush+0x6/0x120 [ 62.861166][ T5067] text_poke_bp_batch+0x265/0xb30 [ 62.861190][ T5067] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 62.861208][ T5067] ? __pfx___mutex_lock+0x10/0x10 [ 62.861229][ T5067] ? arch_jump_label_transform_queue+0x9b/0x100 [ 62.861253][ T5067] text_poke_finish+0x30/0x50 [ 62.861271][ T5067] arch_jump_label_transform_apply+0x1c/0x30 [ 62.861295][ T5067] static_key_enable_cpuslocked+0x136/0x260 [ 62.861312][ T5067] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 62.861327][ T5067] static_key_enable+0x1a/0x20 [ 62.861341][ T5067] tracepoint_add_func+0x953/0x9e0 [ 62.861366][ T5067] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 62.861382][ T5067] tracepoint_probe_register_prio_may_exist+0x122/0x190 [ 62.861407][ T5067] ? __pfx_tracepoint_probe_register_prio_may_exist+0x10/0x10 [ 62.861429][ T5067] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 62.861444][ T5067] ? anon_inode_getfile+0xff/0x180 [ 62.861460][ T5067] ? bpf_probe_register+0x117/0x1d0 [ 62.861479][ T5067] bpf_raw_tp_link_attach+0x470/0x6d0 [ 62.861501][ T5067] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 62.861533][ T5067] bpf_raw_tracepoint_open+0x19d/0x210 [ 62.861554][ T5067] __sys_bpf+0x3c0/0x810 [ 62.861570][ T5067] ? __pfx___sys_bpf+0x10/0x10 [ 62.861594][ T5067] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 62.861611][ T5067] ? do_syscall_64+0x10a/0x240 [ 62.861631][ T5067] __x64_sys_bpf+0x7c/0x90 [ 62.861646][ T5067] do_syscall_64+0xfb/0x240 [ 62.861666][ T5067] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.861688][ T5067] RIP: 0033:0x7f8b63db03b9 [ 62.861700][ T5067] Code: Unable to access opcode bytes at 0x7f8b63db038f. [ 62.861707][ T5067] RSP: 002b:00007f8b63d6c228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 62.861723][ T5067] RAX: ffffffffffffffda RBX: 00007f8b63e39348 RCX: 00007f8b63db03b9 [ 62.861734][ T5067] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000011 [ 62.861744][ T5067] RBP: 00007f8b63e39340 R08: 00007f8b63d6c6c0 R09: 00007f8b63d6c6c0 [ 62.861755][ T5067] R10: 00007f8b63d6c6c0 R11: 0000000000000246 R12: 00007f8b63e3934c [ 62.861766][ T5067] R13: 00007f8b63e07004 R14: 73756c665f626c74 R15: 00007ffea1acb928 [ 62.861784][ T5067] [ 62.866872][ T33] scheduler_tick+0xa1/0x6e0 [ 62.866892][ T33] update_process_times+0x202/0x230 [ 62.866907][ T33] tick_periodic+0x190/0x220 [ 62.866920][ T33] tick_handle_periodic+0x4a/0x160 [ 62.866933][ T33] timer_interrupt+0x5c/0x70 [ 62.866954][ T33] __handle_irq_event_percpu+0x28c/0xa30 [ 62.866971][ T33] handle_irq_event+0x89/0x1f0 [ 62.866986][ T33] handle_level_irq+0x3c5/0x6e0 [ 62.867002][ T33] __common_interrupt+0x13a/0x230 [ 62.867019][ T33] common_interrupt+0xa5/0xd0 [ 62.867037][ T33] asm_common_interrupt+0x26/0x40 [ 62.867055][ T33] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 62.867071][ T33] __setup_irq+0x1277/0x1cf0 [ 62.867088][ T33] request_threaded_irq+0x2ab/0x380 [ 62.867105][ T33] setup_default_timer_irq+0x25/0x60 [ 62.867123][ T33] x86_late_time_init+0x66/0xc0 [ 62.867140][ T33] start_kernel+0x3f3/0x500 [ 62.867152][ T33] x86_64_start_reservations+0x2a/0x30 [ 62.867169][ T33] x86_64_start_kernel+0x99/0xa0 [ 62.867184][ T33] common_startup_64+0x13e/0x147 [ 62.867200][ T33] IN-SOFTIRQ-W at: [ 62.867208][ T33] lock_acquire+0x1e4/0x530 [ 62.867222][ T33] _raw_spin_lock_nested+0x31/0x40 [ 62.867238][ T33] raw_spin_rq_lock_nested+0x2a/0x140 [ 62.867257][ T33] try_to_wake_up+0x7d3/0x1470 [ 62.867272][ T33] call_timer_fn+0x17e/0x600 [ 62.867287][ T33] __run_timer_base+0x66a/0x8e0 [ 62.867299][ T33] run_timer_softirq+0xb7/0x170 [ 62.867312][ T33] __do_softirq+0x2bc/0x943 [ 62.867328][ T33] __irq_exit_rcu+0xf2/0x1c0 [ 62.867341][ T33] irq_exit_rcu+0x9/0x30 [ 62.867353][ T33] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 62.867369][ T33] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 62.867388][ T33] default_idle+0x13/0x20 [ 62.867404][ T33] default_idle_call+0x74/0xb0 [ 62.867421][ T33] do_idle+0x22f/0x5d0 [ 62.867435][ T33] cpu_startup_entry+0x42/0x60 [ 62.867448][ T33] rest_init+0x2e0/0x300 [ 62.867466][ T33] arch_call_rest_init+0xe/0x10 [ 62.867478][ T33] start_kernel+0x47a/0x500 [ 62.867490][ T33] x86_64_start_reservations+0x2a/0x30 [ 62.867506][ T33] x86_64_start_kernel+0x99/0xa0 [ 62.867521][ T33] common_startup_64+0x13e/0x147 [ 62.867536][ T33] INITIAL USE at: [ 62.867544][ T33] lock_acquire+0x1e4/0x530 [ 62.867556][ T33] _raw_spin_lock_nested+0x31/0x40 [ 62.867572][ T33] raw_spin_rq_lock_nested+0x2a/0x140 [ 62.867592][ T33] rq_attach_root+0xee/0x540 [ 62.867606][ T33] sched_init+0x64e/0xc30 [ 62.867623][ T33] start_kernel+0x1ab/0x500 [ 62.867635][ T33] x86_64_start_reservations+0x2a/0x30 [ 62.867651][ T33] x86_64_start_kernel+0x99/0xa0 [ 62.867667][ T33] common_startup_64+0x13e/0x147 [ 62.867681][ T33] } [ 62.867685][ T33] ... key at: [] sched_init.__key+0x0/0x20 [ 62.867706][ T33] [ 62.867706][ T33] the dependencies between the lock to be acquired [ 62.867710][ T33] and HARDIRQ-irq-unsafe lock: [ 62.867736][ T33] -> (&stab->lock){+...}-{2:2} { [ 62.867757][ T33] HARDIRQ-ON-W at: [ 62.867764][ T33] lock_acquire+0x1e4/0x530 [ 62.867777][ T33] _raw_spin_lock_bh+0x35/0x50 [ 62.867797][ T33] sock_map_update_common+0x1b6/0x5b0 [ 62.867810][ T33] sock_map_update_elem_sys+0x55f/0x910 [ 62.867823][ T33] map_update_elem+0x53a/0x6f0 [ 62.867837][ T33] __sys_bpf+0x76f/0x810 [ 62.867851][ T33] __x64_sys_bpf+0x7c/0x90 [ 62.867863][ T33] do_syscall_64+0xfb/0x240 [ 62.867878][ T33] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.867897][ T33] INITIAL USE at: [ 62.867904][ T33] lock_acquire+0x1e4/0x530 [ 62.867917][ T33] _raw_spin_lock_bh+0x35/0x50 [ 62.867931][ T33] sock_map_update_common+0x1b6/0x5b0 [ 62.867944][ T33] sock_map_update_elem_sys+0x55f/0x910 [ 62.867957][ T33] map_update_elem+0x53a/0x6f0 [ 62.867971][ T33] __sys_bpf+0x76f/0x810 [ 62.867984][ T33] __x64_sys_bpf+0x7c/0x90 [ 62.867996][ T33] do_syscall_64+0xfb/0x240 [ 62.868012][ T33] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.868034][ T33] } [ 62.868037][ T33] ... key at: [] sock_map_alloc.__key+0x0/0x20 [ 62.868054][ T33] ... acquired at: [ 62.868058][ T33] lock_acquire+0x1e4/0x530 [ 62.868071][ T33] _raw_spin_lock_bh+0x35/0x50 [ 62.868085][ T33] sock_map_delete_elem+0x97/0x140 [ 62.868098][ T33] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 62.868111][ T33] bpf_trace_run2+0x204/0x420 [ 62.868125][ T33] trace_tlb_flush+0xfa/0x120 [ 62.868144][ T33] switch_mm_irqs_off+0x7cb/0xae0 [ 62.868162][ T33] __schedule+0x1054/0x4a20 [ 62.868176][ T33] schedule+0x14b/0x320 [ 62.868190][ T33] schedule_timeout+0x1be/0x310 [ 62.868203][ T33] kcompactd+0xaaa/0x1b80 [ 62.868215][ T33] kthread+0x2f0/0x390 [ 62.868231][ T33] ret_from_fork+0x4b/0x80 [ 62.868248][ T33] ret_from_fork_asm+0x1a/0x30 [ 62.868266][ T33] [ 62.868268][ T33] [ 62.868268][ T33] stack backtrace: [ 62.868273][ T33] CPU: 0 PID: 33 Comm: kcompactd0 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 [ 62.868288][ T33] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 62.868295][ T33] Call Trace: [ 62.868301][ T33] [ 62.868305][ T33] dump_stack_lvl+0x1e7/0x2e0 [ 62.868324][ T33] ? __pfx_dump_stack_lvl+0x10/0x10 [ 62.868341][ T33] ? __pfx__printk+0x10/0x10 [ 62.868360][ T33] ? print_shortest_lock_dependencies+0xf2/0x160 [ 62.868382][ T33] validate_chain+0x4dc7/0x58e0 [ 62.868410][ T33] ? __pfx_validate_chain+0x10/0x10 [ 62.868426][ T33] ? validate_chain+0x11b/0x58e0 [ 62.868446][ T33] ? __pfx_validate_chain+0x10/0x10 [ 62.868474][ T33] ? mark_lock+0x9a/0x350 [ 62.868490][ T33] __lock_acquire+0x1346/0x1fd0 [ 62.868512][ T33] lock_acquire+0x1e4/0x530 [ 62.868526][ T33] ? sock_map_delete_elem+0x97/0x140 [ 62.868541][ T33] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 62.868557][ T33] ? __pfx_lock_acquire+0x10/0x10 [ 62.868574][ T33] ? sock_map_delete_elem+0x97/0x140 [ 62.868588][ T33] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 62.868606][ T33] ? __pfx___cant_migrate+0x10/0x10 [ 62.868621][ T33] ? sock_map_delete_elem+0x97/0x140 [ 62.868637][ T33] _raw_spin_lock_bh+0x35/0x50 [ 62.868652][ T33] ? sock_map_delete_elem+0x97/0x140 [ 62.868666][ T33] sock_map_delete_elem+0x97/0x140 [ 62.868682][ T33] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 62.868697][ T33] bpf_trace_run2+0x204/0x420 [ 62.868713][ T33] ? bpf_trace_run2+0x114/0x420 [ 62.868727][ T33] ? __pfx_bpf_trace_run2+0x10/0x10 [ 62.868744][ T33] ? trace_tlb_flush+0x59/0x120 [ 62.868766][ T33] trace_tlb_flush+0xfa/0x120 [ 62.868787][ T33] switch_mm_irqs_off+0x7cb/0xae0 [ 62.868816][ T33] ? __pfx_switch_mm_irqs_off+0x10/0x10 [ 62.868841][ T33] __schedule+0x1054/0x4a20 [ 62.868868][ T33] ? __pfx___schedule+0x10/0x10 [ 62.868886][ T33] ? __pfx_lock_release+0x10/0x10 [ 62.868899][ T33] ? __asan_memset+0x23/0x50 [ 62.868916][ T33] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 62.868930][ T33] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 62.868946][ T33] ? schedule+0x90/0x320 [ 62.868962][ T33] schedule+0x14b/0x320 [ 62.868979][ T33] schedule_timeout+0x1be/0x310 [ 62.868995][ T33] ? __pfx_schedule_timeout+0x10/0x10 [ 62.869010][ T33] ? __pfx_process_timeout+0x10/0x10 [ 62.869027][ T33] ? prepare_to_wait_event+0x3ba/0x400 [ 62.869045][ T33] kcompactd+0xaaa/0x1b80 [ 62.869058][ T33] ? mark_lock+0x9a/0x350 [ 62.869087][ T33] ? __pfx_kcompactd+0x10/0x10 [ 62.869104][ T33] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 62.869121][ T33] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 62.869138][ T33] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 62.869154][ T33] ? lockdep_hardirqs_on+0x99/0x150 [ 62.869170][ T33] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 62.869187][ T33] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 62.869205][ T33] ? __pfx_autoremove_wake_function+0x10/0x10 [ 62.869222][ T33] ? __kthread_parkme+0x169/0x1d0 [ 62.869239][ T33] ? __pfx_kcompactd+0x10/0x10 [ 62.869252][ T33] kthread+0x2f0/0x390 [ 62.869269][ T33] ? __pfx_kcompactd+0x10/0x10 [ 62.869283][ T33] ? __pfx_kthread+0x10/0x10 [ 62.869300][ T33] ret_from_fork+0x4b/0x80 [ 62.869318][ T33] ? __pfx_kthread+0x10/0x10 [ 62.869335][ T33] ret_from_fork_asm+0x1a/0x30 [ 62.869360][ T33] [ 63.933180][ T5067] Shutting down cpus with NMI [ 65.483766][ T5067] Kernel Offset: disabled [ 65.488085][ T5067] Rebooting in 86400 seconds..