./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2089803819 <...> Warning: Permanently added '10.128.0.10' (ED25519) to the list of known hosts. execve("./syz-executor2089803819", ["./syz-executor2089803819"], 0x7fffd611e530 /* 10 vars */) = 0 brk(NULL) = 0x55557b48a000 brk(0x55557b48ad00) = 0x55557b48ad00 arch_prctl(ARCH_SET_FS, 0x55557b48a380) = 0 set_tid_address(0x55557b48a650) = 5065 set_robust_list(0x55557b48a660, 24) = 0 rseq(0x55557b48aca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2089803819", 4096) = 28 getrandom("\x21\xc7\x18\x91\xb6\x9c\xc5\xab", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557b48ad00 brk(0x55557b4abd00) = 0x55557b4abd00 brk(0x55557b4ac000) = 0x55557b4ac000 mprotect(0x7ff898cbe000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached , child_tidptr=0x55557b48a650) = 5066 [pid 5066] set_robust_list(0x55557b48a660, 24) = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5066] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5066] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="contention_begin", prog_fd=4}}, 16) = 5 [pid 5066] exit_group(0) = ? [pid 5066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5067 attached [pid 5067] set_robust_list(0x55557b48a660, 24) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x55557b48a650) = 5067 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5067] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5067] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="contention_begin", prog_fd=4}}, 16) = 5 [ 54.699415][ T5060] [ 54.701777][ T5060] ===================================================== [ 54.708694][ T5060] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 54.716129][ T5060] 6.8.0-syzkaller-05238-g61df575632d6 #0 Not tainted [ 54.722778][ T5060] ----------------------------------------------------- [ 54.729687][ T5060] sshd/5060 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 54.736782][ T5060] ffff88802aa48200 (&stab->lock){+...}-{2:2}, at: sock_map_delete_elem+0x97/0x140 [ 54.746011][ T5060] [ 54.746011][ T5060] and this task is already holding: [ 54.753357][ T5060] ffff8880b943e158 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 54.762822][ T5060] which would create a new lock dependency: [ 54.768687][ T5060] (&rq->__lock){-.-.}-{2:2} -> (&stab->lock){+...}-{2:2} [ 54.775810][ T5060] [ 54.775810][ T5060] but this new dependency connects a HARDIRQ-irq-safe lock: [ 54.785240][ T5060] (&rq->__lock){-.-.}-{2:2} [ 54.785259][ T5060] [ 54.785259][ T5060] ... which became HARDIRQ-irq-safe at: [ 54.797507][ T5060] lock_acquire+0x1e4/0x530 [ 54.802081][ T5060] _raw_spin_lock_nested+0x31/0x40 [ 54.807269][ T5060] raw_spin_rq_lock_nested+0x2a/0x140 [ 54.812715][ T5060] scheduler_tick+0xa1/0x6e0 [ 54.817383][ T5060] update_process_times+0x202/0x230 [ 54.822648][ T5060] tick_periodic+0x190/0x220 [ 54.827307][ T5060] tick_handle_periodic+0x4a/0x160 [ 54.832486][ T5060] timer_interrupt+0x5c/0x70 [ 54.837150][ T5060] __handle_irq_event_percpu+0x28c/0xa30 [ 54.842865][ T5060] handle_irq_event+0x89/0x1f0 [ 54.847702][ T5060] handle_level_irq+0x3c5/0x6e0 [ 54.852624][ T5060] __common_interrupt+0x13a/0x230 [ 54.857721][ T5060] common_interrupt+0xa5/0xd0 [ 54.862470][ T5060] asm_common_interrupt+0x26/0x40 [ 54.867567][ T5060] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 54.873356][ T5060] __setup_irq+0x1277/0x1cf0 [ 54.878016][ T5060] request_threaded_irq+0x2ab/0x380 [ 54.883285][ T5060] setup_default_timer_irq+0x25/0x60 [ 54.888646][ T5060] x86_late_time_init+0x66/0xc0 [ 54.893570][ T5060] start_kernel+0x3f3/0x500 [ 54.898142][ T5060] x86_64_start_reservations+0x2a/0x30 [ 54.903671][ T5060] x86_64_start_kernel+0x99/0xa0 [ 54.908682][ T5060] common_startup_64+0x13e/0x147 [ 54.913690][ T5060] [ 54.913690][ T5060] to a HARDIRQ-irq-unsafe lock: [ 54.920686][ T5060] (&stab->lock){+...}-{2:2} [ 54.920708][ T5060] [ 54.920708][ T5060] ... which became HARDIRQ-irq-unsafe at: [ 54.933131][ T5060] ... [ 54.933137][ T5060] lock_acquire+0x1e4/0x530 [ 54.940268][ T5060] _raw_spin_lock_bh+0x35/0x50 [ 54.945101][ T5060] sock_map_delete_elem+0x97/0x140 [ 54.950286][ T5060] 0xffffffffa0002272 [ 54.954335][ T5060] bpf_trace_run2+0x2ec/0x530 [ 54.959085][ T5060] trace_contention_begin+0xd7/0x100 [ 54.964443][ T5060] __mutex_lock+0x147/0xd70 [ 54.969021][ T5060] pipe_write+0x1c9/0x1a40 [ 54.973508][ T5060] vfs_write+0xa84/0xcb0 [ 54.977819][ T5060] ksys_write+0x1a0/0x2c0 [ 54.982218][ T5060] do_syscall_64+0xfb/0x240 [ 54.986792][ T5060] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 54.992757][ T5060] [ 54.992757][ T5060] other info that might help us debug this: [ 54.992757][ T5060] [ 55.002962][ T5060] Possible interrupt unsafe locking scenario: [ 55.002962][ T5060] [ 55.011258][ T5060] CPU0 CPU1 [ 55.016604][ T5060] ---- ---- [ 55.021948][ T5060] lock(&stab->lock); [ 55.026011][ T5060] local_irq_disable(); [ 55.032743][ T5060] lock(&rq->__lock); [ 55.039316][ T5060] lock(&stab->lock); [ 55.045886][ T5060] [ 55.049321][ T5060] lock(&rq->__lock); [ 55.053550][ T5060] [ 55.053550][ T5060] *** DEADLOCK *** [ 55.053550][ T5060] [ 55.061678][ T5060] 2 locks held by sshd/5060: [ 55.066249][ T5060] #0: ffff8880b943e158 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 55.076160][ T5060] #1: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x530 [ 55.085740][ T5060] [ 55.085740][ T5060] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 55.096140][ T5060] -> (&rq->__lock){-.-.}-{2:2} { [ 55.101081][ T5060] IN-HARDIRQ-W at: [ 55.105049][ T5060] lock_acquire+0x1e4/0x530 [ 55.111189][ T5060] _raw_spin_lock_nested+0x31/0x40 [ 55.118039][ T5060] raw_spin_rq_lock_nested+0x2a/0x140 [ 55.125051][ T5060] scheduler_tick+0xa1/0x6e0 [ 55.131274][ T5060] update_process_times+0x202/0x230 [ 55.138105][ T5060] tick_periodic+0x190/0x220 [ 55.144344][ T5060] tick_handle_periodic+0x4a/0x160 [ 55.151119][ T5060] timer_interrupt+0x5c/0x70 [ 55.157371][ T5060] __handle_irq_event_percpu+0x28c/0xa30 [ 55.164658][ T5060] handle_irq_event+0x89/0x1f0 [ 55.171069][ T5060] handle_level_irq+0x3c5/0x6e0 [ 55.177557][ T5060] __common_interrupt+0x13a/0x230 [ 55.184227][ T5060] common_interrupt+0xa5/0xd0 [ 55.190549][ T5060] asm_common_interrupt+0x26/0x40 [ 55.197217][ T5060] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 55.204662][ T5060] __setup_irq+0x1277/0x1cf0 [ 55.210893][ T5060] request_threaded_irq+0x2ab/0x380 [ 55.217741][ T5060] setup_default_timer_irq+0x25/0x60 [ 55.224663][ T5060] x86_late_time_init+0x66/0xc0 [ 55.231149][ T5060] start_kernel+0x3f3/0x500 [ 55.237289][ T5060] x86_64_start_reservations+0x2a/0x30 [ 55.244383][ T5060] x86_64_start_kernel+0x99/0xa0 [ 55.250953][ T5060] common_startup_64+0x13e/0x147 [ 55.257525][ T5060] IN-SOFTIRQ-W at: [ 55.261490][ T5060] lock_acquire+0x1e4/0x530 [ 55.267622][ T5060] _raw_spin_lock_nested+0x31/0x40 [ 55.274429][ T5060] raw_spin_rq_lock_nested+0x2a/0x140 [ 55.281465][ T5060] try_to_wake_up+0x7d3/0x1470 [ 55.287874][ T5060] call_timer_fn+0x17e/0x600 [ 55.294102][ T5060] __run_timer_base+0x66a/0x8e0 [ 55.300588][ T5060] run_timer_softirq+0xb7/0x170 [ 55.307071][ T5060] __do_softirq+0x2bc/0x943 [ 55.313210][ T5060] __irq_exit_rcu+0xf2/0x1c0 [ 55.319434][ T5060] irq_exit_rcu+0x9/0x30 [ 55.325310][ T5060] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 55.332581][ T5060] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 55.340224][ T5060] default_idle+0x13/0x20 [ 55.346201][ T5060] default_idle_call+0x74/0xb0 [ 55.352603][ T5060] do_idle+0x22f/0x5d0 [ 55.358318][ T5060] cpu_startup_entry+0x42/0x60 [ 55.364716][ T5060] rest_init+0x2e0/0x300 [ 55.370594][ T5060] arch_call_rest_init+0xe/0x10 [ 55.377080][ T5060] start_kernel+0x47a/0x500 [ 55.383215][ T5060] x86_64_start_reservations+0x2a/0x30 [ 55.390306][ T5060] x86_64_start_kernel+0x99/0xa0 [ 55.396880][ T5060] common_startup_64+0x13e/0x147 [ 55.403456][ T5060] INITIAL USE at: [ 55.407332][ T5060] lock_acquire+0x1e4/0x530 [ 55.413382][ T5060] _raw_spin_lock_nested+0x31/0x40 [ 55.420044][ T5060] raw_spin_rq_lock_nested+0x2a/0x140 [ 55.426966][ T5060] rq_attach_root+0xee/0x540 [ 55.433110][ T5060] sched_init+0x64e/0xc30 [ 55.438995][ T5060] start_kernel+0x1ab/0x500 [ 55.445043][ T5060] x86_64_start_reservations+0x2a/0x30 [ 55.452051][ T5060] x86_64_start_kernel+0x99/0xa0 [ 55.458551][ T5060] common_startup_64+0x13e/0x147 [ 55.465039][ T5060] } [ 55.467518][ T5060] ... key at: [] sched_init.__key+0x0/0x20 [ 55.475397][ T5060] [ 55.475397][ T5060] the dependencies between the lock to be acquired [ 55.475404][ T5060] and HARDIRQ-irq-unsafe lock: [ 55.488892][ T5060] -> (&stab->lock){+...}-{2:2} { [ 55.493829][ T5060] HARDIRQ-ON-W at: [ 55.497791][ T5060] lock_acquire+0x1e4/0x530 [ 55.503927][ T5060] _raw_spin_lock_bh+0x35/0x50 [ 55.510323][ T5060] sock_map_delete_elem+0x97/0x140 [ 55.517085][ T5060] 0xffffffffa0002272 [ 55.522696][ T5060] bpf_trace_run2+0x2ec/0x530 [ 55.529010][ T5060] trace_contention_begin+0xd7/0x100 [ 55.535930][ T5060] __mutex_lock+0x147/0xd70 [ 55.542067][ T5060] pipe_write+0x1c9/0x1a40 [ 55.548121][ T5060] vfs_write+0xa84/0xcb0 [ 55.553999][ T5060] ksys_write+0x1a0/0x2c0 [ 55.559960][ T5060] do_syscall_64+0xfb/0x240 [ 55.566098][ T5060] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 55.573629][ T5060] INITIAL USE at: [ 55.577506][ T5060] lock_acquire+0x1e4/0x530 [ 55.583553][ T5060] _raw_spin_lock_bh+0x35/0x50 [ 55.589862][ T5060] sock_map_delete_elem+0x97/0x140 [ 55.596524][ T5060] 0xffffffffa0002272 [ 55.602062][ T5060] bpf_trace_run2+0x2ec/0x530 [ 55.608323][ T5060] trace_contention_begin+0xd7/0x100 [ 55.615154][ T5060] __mutex_lock+0x147/0xd70 [ 55.621207][ T5060] pipe_write+0x1c9/0x1a40 [ 55.627175][ T5060] vfs_write+0xa84/0xcb0 [ 55.632963][ T5060] ksys_write+0x1a0/0x2c0 [ 55.638840][ T5060] do_syscall_64+0xfb/0x240 [ 55.644890][ T5060] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 55.652333][ T5060] } [ 55.654813][ T5060] ... key at: [] sock_map_alloc.__key+0x0/0x20 [ 55.663040][ T5060] ... acquired at: [ 55.666834][ T5060] lock_acquire+0x1e4/0x530 [ 55.671493][ T5060] _raw_spin_lock_bh+0x35/0x50 [ 55.676414][ T5060] sock_map_delete_elem+0x97/0x140 [ 55.681681][ T5060] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 55.687298][ T5060] bpf_trace_run2+0x2ec/0x530 [ 55.692133][ T5060] trace_contention_begin+0xf9/0x120 [ 55.697579][ T5060] __pv_queued_spin_lock_slowpath+0x115/0xc60 [ 55.703802][ T5060] queued_spin_lock_slowpath+0x42/0x50 [ 55.709431][ T5060] do_raw_spin_lock+0x272/0x370 [ 55.714528][ T5060] raw_spin_rq_lock_nested+0x2a/0x140 [ 55.720060][ T5060] __schedule+0x354/0x4a20 [ 55.724635][ T5060] schedule+0x14b/0x320 [ 55.728947][ T5060] syscall_exit_to_user_mode+0x13e/0x360 [ 55.734743][ T5060] do_syscall_64+0x10a/0x240 [ 55.739492][ T5060] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 55.745577][ T5060] [ 55.747884][ T5060] [ 55.747884][ T5060] stack backtrace: [ 55.753753][ T5060] CPU: 0 PID: 5060 Comm: sshd Not tainted 6.8.0-syzkaller-05238-g61df575632d6 #0 [ 55.762843][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 55.772880][ T5060] Call Trace: [ 55.776149][ T5060] [ 55.779070][ T5060] dump_stack_lvl+0x1e7/0x2e0 [ 55.783745][ T5060] ? __pfx_dump_stack_lvl+0x10/0x10 [ 55.788933][ T5060] ? __pfx__printk+0x10/0x10 [ 55.793513][ T5060] ? print_shortest_lock_dependencies+0xf2/0x160 [ 55.799830][ T5060] validate_chain+0x4dc7/0x58e0 [ 55.804674][ T5060] ? __pfx_validate_chain+0x10/0x10 [ 55.809861][ T5060] ? __lock_acquire+0x1346/0x1fd0 [ 55.814874][ T5060] ? __pfx_validate_chain+0x10/0x10 [ 55.820068][ T5060] ? __lock_acquire+0x1346/0x1fd0 [ 55.825078][ T5060] ? mark_lock+0x9a/0x350 [ 55.829396][ T5060] __lock_acquire+0x1346/0x1fd0 [ 55.834237][ T5060] lock_acquire+0x1e4/0x530 [ 55.838727][ T5060] ? sock_map_delete_elem+0x97/0x140 [ 55.843999][ T5060] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 55.849708][ T5060] ? __pfx_lock_acquire+0x10/0x10 [ 55.854728][ T5060] ? sock_map_delete_elem+0x97/0x140 [ 55.859995][ T5060] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 55.865790][ T5060] ? __pfx___cant_migrate+0x10/0x10 [ 55.870972][ T5060] ? sock_map_delete_elem+0x97/0x140 [ 55.876242][ T5060] _raw_spin_lock_bh+0x35/0x50 [ 55.880993][ T5060] ? sock_map_delete_elem+0x97/0x140 [ 55.886277][ T5060] sock_map_delete_elem+0x97/0x140 [ 55.891390][ T5060] ? bpf_trace_run2+0x1fc/0x530 [ 55.896236][ T5060] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 55.901695][ T5060] bpf_trace_run2+0x2ec/0x530 [ 55.906366][ T5060] ? __pfx_bpf_trace_run2+0x10/0x10 [ 55.911551][ T5060] ? __lock_acquire+0x1346/0x1fd0 [ 55.916563][ T5060] trace_contention_begin+0xf9/0x120 [ 55.921839][ T5060] __pv_queued_spin_lock_slowpath+0x115/0xc60 [ 55.927894][ T5060] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 55.934474][ T5060] queued_spin_lock_slowpath+0x42/0x50 [ 55.939925][ T5060] do_raw_spin_lock+0x272/0x370 [ 55.944765][ T5060] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 55.950126][ T5060] ? common_file_perm+0x1a6/0x210 [ 55.955140][ T5060] raw_spin_rq_lock_nested+0x2a/0x140 [ 55.960521][ T5060] __schedule+0x354/0x4a20 [ 55.964931][ T5060] ? __pfx___schedule+0x10/0x10 [ 55.969768][ T5060] ? __pfx_lock_acquire+0x10/0x10 [ 55.974779][ T5060] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 55.980751][ T5060] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 55.987060][ T5060] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 55.993023][ T5060] schedule+0x14b/0x320 [ 55.997185][ T5060] syscall_exit_to_user_mode+0x13e/0x360 [ 56.002804][ T5060] do_syscall_64+0x10a/0x240 [ 56.007383][ T5060] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 56.013322][ T5060] RIP: 0033:0x7f98c5efd587 [ 56.017720][ T5060] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 b9 01 00 00 00 e9 12 fe ff ff 31 c9 e9 0b fe ff ff 0f 1f 84 00 00 00 00 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 56.037316][ T5060] RSP: 002b:00007ffe22cffe78 EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 56.045711][ T5060] RAX: 00000000000013c4 RBX: 0000000000000000 RCX: 00007f98c5efd587 [pid 5067] exit_group(0) = ? [pid 5067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5067, si_uid=0, si_status=0, si_utime=0, si_stime=138 /* 1.38 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5069 attached , child_tidptr=0x55557b48a650) = 5069 [pid 5069] set_robust_list(0x55557b48a660, 24) = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [ 56.053670][ T5060] RDX: 000000000000085c RSI: 000055e7a92d9480 RDI: 000055e7a92d6937 [ 56.061624][ T5060] RBP: 000055e7a92d7856 R08: 0000000000000006 R09: 0000000000000000 [ 56.069580][ T5060] R10: 000055e7a92d7856 R11: 0000000000000246 R12: 000055e7a92d6937 [ 56.077535][ T5060] R13: 000055e7a92d9480 R14: 000055e7a92d9480 R15: 00007ffe22d00400 [ 56.085495][ T5060] [pid 5069] close(3) = 0 [pid 5069] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5069] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5069] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="contention_begin", prog_fd=4}}, 16) = 5 [pid 5069] exit_group(0) = ? [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5070 attached , child_tidptr=0x55557b48a650) = 5070 [pid 5070] set_robust_list(0x55557b48a660, 24) = 0 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5070] setpgid(0, 0) = 0 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3) = 0 [pid 5070] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5070] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5070] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="contention_begin", prog_fd=4}}, 16) = 5 [ 56.217731][ T5062] ------------[ cut here ]------------ [ 56.223289][ T5062] raw_local_irq_restore() called with IRQs enabled [ 56.229982][ T5062] WARNING: CPU: 0 PID: 5062 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x29/0x40 [ 56.240719][ T5062] Modules linked in: [ 56.244638][ T5062] CPU: 0 PID: 5062 Comm: strace-static-x Not tainted 6.8.0-syzkaller-05238-g61df575632d6 #0 [ 56.254730][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 56.264814][ T5062] RIP: 0010:warn_bogus_irq_restore+0x29/0x40 [ 56.270789][ T5062] Code: 90 f3 0f 1e fa 90 80 3d de 49 01 04 00 74 06 90 c3 cc cc cc cc c6 05 cf 49 01 04 01 90 48 c7 c7 20 ba aa 8b e8 d8 c5 e7 f5 90 <0f> 0b 90 90 90 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f [ 56.290421][ T5062] RSP: 0018:ffffc90003cef758 EFLAGS: 00010246 [ 56.296504][ T5062] RAX: 91cf0f72f44eb000 RBX: 1ffff9200079def0 RCX: ffff8880270b0000 [ 56.304536][ T5062] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 56.312495][ T5062] RBP: ffffc90003cef7f0 R08: ffffffff8157cbf2 R09: 1ffff110172851a2 [ 56.320469][ T5062] R10: dffffc0000000000 R11: ffffed10172851a3 R12: dffffc0000000000 [ 56.328448][ T5062] R13: 1ffff9200079deec R14: ffffc90003cef780 R15: 0000000000000046 [ 56.336423][ T5062] FS: 000000000f6b23c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 56.345345][ T5062] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.351905][ T5062] CR2: 00007ff898cc5110 CR3: 000000007d928000 CR4: 00000000003506f0 [ 56.359878][ T5062] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.367845][ T5062] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.375809][ T5062] Call Trace: [ 56.379066][ T5062] [ 56.381977][ T5062] ? __warn+0x163/0x4b0 [ 56.386129][ T5062] ? warn_bogus_irq_restore+0x29/0x40 [ 56.391479][ T5062] ? report_bug+0x2b3/0x500 [ 56.395994][ T5062] ? warn_bogus_irq_restore+0x29/0x40 [ 56.401346][ T5062] ? handle_bug+0x3e/0x70 [ 56.405668][ T5062] ? exc_invalid_op+0x1a/0x50 [ 56.410324][ T5062] ? asm_exc_invalid_op+0x1a/0x20 [ 56.415345][ T5062] ? __warn_printk+0x292/0x360 [ 56.420092][ T5062] ? warn_bogus_irq_restore+0x29/0x40 [ 56.425479][ T5062] ? warn_bogus_irq_restore+0x28/0x40 [ 56.430838][ T5062] _raw_spin_unlock_irqrestore+0x120/0x140 [ 56.436644][ T5062] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 56.442951][ T5062] ? do_raw_spin_unlock+0x13c/0x8b0 [ 56.448147][ T5062] ? ttwu_do_activate+0x200/0x7e0 [ 56.453268][ T5062] try_to_wake_up+0x902/0x1470 [ 56.458024][ T5062] ? lock_acquire+0xe3/0x530 [ 56.462590][ T5062] ? __pfx_try_to_wake_up+0x10/0x10 [ 56.467792][ T5062] ? do_raw_spin_lock+0x14f/0x370 [ 56.472801][ T5062] pollwake+0x1d8/0x280 [ 56.476961][ T5062] ? __pfx_pollwake+0x10/0x10 [ 56.481631][ T5062] ? __pfx_default_wake_function+0x10/0x10 [ 56.487433][ T5062] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 56.493324][ T5062] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 56.499300][ T5062] ? aa_file_perm+0x137/0xf60 [ 56.503992][ T5062] __wake_up_common_lock+0x130/0x1e0 [ 56.509270][ T5062] pipe_write+0x128d/0x1a40 [ 56.513804][ T5062] ? __pfx_pipe_write+0x10/0x10 [ 56.518652][ T5062] ? bpf_lsm_file_permission+0x9/0x10 [ 56.524022][ T5062] ? security_file_permission+0x7f/0xa0 [ 56.529561][ T5062] vfs_write+0xa84/0xcb0 [ 56.533890][ T5062] ? __pfx_vfs_write+0x10/0x10 [ 56.538636][ T5062] ? __fdget_pos+0x1a2/0x320 [ 56.543252][ T5062] ksys_write+0x1a0/0x2c0 [ 56.547572][ T5062] ? __pfx_ksys_write+0x10/0x10 [ 56.552405][ T5062] ? rcu_is_watching+0x15/0xb0 [ 56.557165][ T5062] ? rcu_is_watching+0x15/0xb0 [ 56.561908][ T5062] do_syscall_64+0xfb/0x240 [ 56.566408][ T5062] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 56.572286][ T5062] RIP: 0033:0x4e8593 [ 56.576188][ T5062] Code: c7 c2 a8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18 [ 56.595793][ T5062] RSP: 002b:00007fffd611e068 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 56.604198][ T5062] RAX: ffffffffffffffda RBX: 0000000000000018 RCX: 00000000004e8593 [ 56.612148][ T5062] RDX: 0000000000000018 RSI: 000000000f6b5140 RDI: 0000000000000002 [ 56.620116][ T5062] RBP: 000000000f6b5140 R08: 0000000000000000 R09: 0000000000000000 [ 56.628083][ T5062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000018 [ 56.636067][ T5062] R13: 000000000063f460 R14: 0000000000000018 R15: 000000000063f160 [ 56.644037][ T5062] [ 56.647057][ T5062] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 56.654314][ T5062] CPU: 0 PID: 5062 Comm: strace-static-x Not tainted 6.8.0-syzkaller-05238-g61df575632d6 #0 [ 56.664351][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 56.674384][ T5062] Call Trace: [ 56.677646][ T5062] [ 56.680570][ T5062] dump_stack_lvl+0x1e7/0x2e0 [ 56.685235][ T5062] ? __pfx_dump_stack_lvl+0x10/0x10 [ 56.690419][ T5062] ? __pfx__printk+0x10/0x10 [ 56.695008][ T5062] ? _printk+0xd5/0x120 [ 56.699148][ T5062] ? vscnprintf+0x5d/0x90 [ 56.703468][ T5062] panic+0x349/0x860 [ 56.707351][ T5062] ? __warn+0x172/0x4b0 [ 56.711488][ T5062] ? __pfx_panic+0x10/0x10 [ 56.715884][ T5062] ? show_trace_log_lvl+0x4e6/0x520 [ 56.721094][ T5062] __warn+0x31e/0x4b0 [ 56.725059][ T5062] ? warn_bogus_irq_restore+0x29/0x40 [ 56.730411][ T5062] report_bug+0x2b3/0x500 [ 56.734725][ T5062] ? warn_bogus_irq_restore+0x29/0x40 [ 56.740078][ T5062] handle_bug+0x3e/0x70 [ 56.744236][ T5062] exc_invalid_op+0x1a/0x50 [ 56.748722][ T5062] asm_exc_invalid_op+0x1a/0x20 [ 56.753556][ T5062] RIP: 0010:warn_bogus_irq_restore+0x29/0x40 [ 56.759520][ T5062] Code: 90 f3 0f 1e fa 90 80 3d de 49 01 04 00 74 06 90 c3 cc cc cc cc c6 05 cf 49 01 04 01 90 48 c7 c7 20 ba aa 8b e8 d8 c5 e7 f5 90 <0f> 0b 90 90 90 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f [ 56.779108][ T5062] RSP: 0018:ffffc90003cef758 EFLAGS: 00010246 [ 56.785173][ T5062] RAX: 91cf0f72f44eb000 RBX: 1ffff9200079def0 RCX: ffff8880270b0000 [ 56.793130][ T5062] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 56.801099][ T5062] RBP: ffffc90003cef7f0 R08: ffffffff8157cbf2 R09: 1ffff110172851a2 [ 56.809051][ T5062] R10: dffffc0000000000 R11: ffffed10172851a3 R12: dffffc0000000000 [ 56.817008][ T5062] R13: 1ffff9200079deec R14: ffffc90003cef780 R15: 0000000000000046 [ 56.824981][ T5062] ? __warn_printk+0x292/0x360 [ 56.829732][ T5062] ? warn_bogus_irq_restore+0x28/0x40 [ 56.835083][ T5062] _raw_spin_unlock_irqrestore+0x120/0x140 [ 56.840958][ T5062] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 56.847267][ T5062] ? do_raw_spin_unlock+0x13c/0x8b0 [ 56.852449][ T5062] ? ttwu_do_activate+0x200/0x7e0 [ 56.857456][ T5062] try_to_wake_up+0x902/0x1470 [ 56.862201][ T5062] ? lock_acquire+0xe3/0x530 [ 56.866770][ T5062] ? __pfx_try_to_wake_up+0x10/0x10 [ 56.871948][ T5062] ? do_raw_spin_lock+0x14f/0x370 [ 56.876956][ T5062] pollwake+0x1d8/0x280 [ 56.881095][ T5062] ? __pfx_pollwake+0x10/0x10 [ 56.885753][ T5062] ? __pfx_default_wake_function+0x10/0x10 [ 56.891555][ T5062] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 56.897429][ T5062] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 56.903394][ T5062] ? aa_file_perm+0x137/0xf60 [ 56.908058][ T5062] __wake_up_common_lock+0x130/0x1e0 [ 56.913332][ T5062] pipe_write+0x128d/0x1a40 [ 56.917844][ T5062] ? __pfx_pipe_write+0x10/0x10 [ 56.922674][ T5062] ? bpf_lsm_file_permission+0x9/0x10 [ 56.928040][ T5062] ? security_file_permission+0x7f/0xa0 [ 56.933569][ T5062] vfs_write+0xa84/0xcb0 [ 56.937798][ T5062] ? __pfx_vfs_write+0x10/0x10 [ 56.942543][ T5062] ? __fdget_pos+0x1a2/0x320 [ 56.947114][ T5062] ksys_write+0x1a0/0x2c0 [ 56.951423][ T5062] ? __pfx_ksys_write+0x10/0x10 [ 56.956255][ T5062] ? rcu_is_watching+0x15/0xb0 [ 56.961088][ T5062] ? rcu_is_watching+0x15/0xb0 [ 56.965830][ T5062] do_syscall_64+0xfb/0x240 [ 56.970317][ T5062] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 56.976194][ T5062] RIP: 0033:0x4e8593 [ 56.980067][ T5062] Code: c7 c2 a8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18 [ 56.999653][ T5062] RSP: 002b:00007fffd611e068 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 57.008048][ T5062] RAX: ffffffffffffffda RBX: 0000000000000018 RCX: 00000000004e8593 [ 57.016000][ T5062] RDX: 0000000000000018 RSI: 000000000f6b5140 RDI: 0000000000000002 [ 57.023970][ T5062] RBP: 000000000f6b5140 R08: 0000000000000000 R09: 0000000000000000 [ 57.031920][ T5062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000018 [ 57.039869][ T5062] R13: 000000000063f460 R14: 0000000000000018 R15: 000000000063f160 [ 57.047828][ T5062] [ 57.051105][ T5062] Kernel Offset: disabled [ 57.055412][ T5062] Rebooting in 86400 seconds..