./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor965751947 <...> Warning: Permanently added '10.128.1.121' (ED25519) to the list of known hosts. execve("./syz-executor965751947", ["./syz-executor965751947"], 0x7fff69fe8c20 /* 10 vars */) = 0 brk(NULL) = 0x555556414000 brk(0x555556414d00) = 0x555556414d00 arch_prctl(ARCH_SET_FS, 0x555556414380) = 0 set_tid_address(0x555556414650) = 5057 set_robust_list(0x555556414660, 24) = 0 rseq(0x555556414ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor965751947", 4096) = 27 getrandom("\xfa\x0b\x1d\xd0\xf3\x3d\x41\x97", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556414d00 brk(0x555556435d00) = 0x555556435d00 brk(0x555556436000) = 0x555556436000 mprotect(0x7f8494d28000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=0./strace-static-x86_64: Process 5058 attached ) = 5058 [pid 5057] ptrace(PTRACE_SEIZE, 5058, NULL, 0) = -1 EPERM (Operation not permitted) [pid 5057] timer_create(CLOCK_REALTIME, NULL, [0]) = 0 [ 72.231797][ C0] [ 72.234137][ C0] ================================ [ 72.239218][ C0] WARNING: inconsistent lock state [ 72.244301][ C0] 6.7.0-rc1-next-20231117-syzkaller #0 Not tainted [ 72.250775][ C0] -------------------------------- [ 72.255859][ C0] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. [ 72.262683][ C0] syz-executor965/5057 [HC1[1]:SC0[0]:HE0:SE1] takes: [ 72.269423][ C0] ffff888025e36f18 (&sighand->siglock){?.+.}-{2:2}, at: __lock_task_sighand+0xc2/0x340 [ 72.279067][ C0] {HARDIRQ-ON-W} state was registered at: [ 72.284759][ C0] lock_acquire+0x1b1/0x530 [ 72.289328][ C0] _raw_spin_lock+0x2e/0x40 [ 72.293903][ C0] ptrace_attach+0x401/0x650 [ 72.298563][ C0] __do_sys_ptrace+0x204/0x230 [ 72.303394][ C0] do_syscall_64+0x40/0x110 [ 72.307965][ C0] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 72.313933][ C0] irq event stamp: 4934 [ 72.318060][ C0] hardirqs last enabled at (4933): [] _raw_spin_unlock_irqrestore+0x4e/0x70 [ 72.328364][ C0] hardirqs last disabled at (4934): [] sysvec_apic_timer_interrupt+0xe/0xb0 [ 72.338586][ C0] softirqs last enabled at (4858): [] __do_softirq+0x591/0x8d5 [ 72.347762][ C0] softirqs last disabled at (4845): [] irq_exit_rcu+0xb5/0x120 [ 72.356849][ C0] [ 72.356849][ C0] other info that might help us debug this: [ 72.364884][ C0] Possible unsafe locking scenario: [ 72.364884][ C0] [ 72.372307][ C0] CPU0 [ 72.375567][ C0] ---- [ 72.378844][ C0] lock(&sighand->siglock); [ 72.383430][ C0] [ 72.386861][ C0] lock(&sighand->siglock); [ 72.391605][ C0] [ 72.391605][ C0] *** DEADLOCK *** [ 72.391605][ C0] [ 72.399727][ C0] 3 locks held by syz-executor965/5057: [ 72.405247][ C0] #0: ffff8880755a6038 (&new_timer->it_lock){-...}-{2:2}, at: posix_timer_fn+0x2d/0x3d0 [ 72.415075][ C0] #1: ffffffff8cfad060 (rcu_read_lock){....}-{1:2}, at: send_sigqueue+0x10c/0x840 [ 72.424356][ C0] #2: ffffffff8cfad060 (rcu_read_lock){....}-{1:2}, at: __lock_task_sighand+0x3f/0x340 [ 72.434076][ C0] [ 72.434076][ C0] stack backtrace: [ 72.439947][ C0] CPU: 0 PID: 5057 Comm: syz-executor965 Not tainted 6.7.0-rc1-next-20231117-syzkaller #0 [ 72.449934][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 72.459967][ C0] Call Trace: [ 72.463227][ C0] [ 72.466052][ C0] dump_stack_lvl+0xd9/0x1b0 [ 72.470625][ C0] mark_lock+0x91a/0xc50 [ 72.474855][ C0] ? mark_lock+0xb5/0xc50 [ 72.479163][ C0] ? print_usage_bug.part.0+0x550/0x550 [ 72.484688][ C0] ? print_usage_bug.part.0+0x550/0x550 [ 72.490217][ C0] ? save_trace+0x4e/0xb30 [ 72.494617][ C0] ? print_usage_bug.part.0+0x550/0x550 [ 72.500141][ C0] ? free_zapped_rcu+0x80/0x80 [ 72.504889][ C0] ? hlock_class+0x4e/0x130 [ 72.509376][ C0] ? mark_lock+0xb5/0xc50 [ 72.513683][ C0] __lock_acquire+0x1347/0x3b10 [ 72.518519][ C0] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 72.524480][ C0] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 72.530439][ C0] lock_acquire+0x1b1/0x530 [ 72.534922][ C0] ? __lock_task_sighand+0xc2/0x340 [ 72.540101][ C0] ? lock_sync+0x190/0x190 [ 72.544496][ C0] ? lock_sync+0x190/0x190 [ 72.548888][ C0] ? lock_sync+0x190/0x190 [ 72.553279][ C0] ? debug_object_deactivate+0x28b/0x320 [ 72.558901][ C0] ? reacquire_held_locks+0x4c0/0x4c0 [ 72.564256][ C0] _raw_spin_lock_irqsave+0x3a/0x50 [ 72.569435][ C0] ? __lock_task_sighand+0xc2/0x340 [ 72.574622][ C0] __lock_task_sighand+0xc2/0x340 [ 72.579631][ C0] send_sigqueue+0x1d4/0x840 [ 72.584204][ C0] ? spin_bug+0x1c0/0x1c0 [ 72.588513][ C0] ? sigqueue_free+0x220/0x220 [ 72.593263][ C0] posix_timer_fn+0x181/0x3d0 [ 72.597924][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 72.603103][ C0] ? posix_get_monotonic_coarse+0x270/0x270 [ 72.608979][ C0] __hrtimer_run_queues+0x20c/0xc20 [ 72.614163][ C0] ? enqueue_hrtimer+0x320/0x320 [ 72.619078][ C0] ? ktime_get_update_offsets_now+0x3bc/0x610 [ 72.625127][ C0] hrtimer_interrupt+0x31b/0x800 [ 72.630047][ C0] __sysvec_apic_timer_interrupt+0x10c/0x410 [ 72.636014][ C0] sysvec_apic_timer_interrupt+0x90/0xb0 [ 72.641633][ C0] [ 72.644545][ C0] [ 72.647457][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 72.653425][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x70 [ 72.659821][ C0] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 16 c8 e3 f6 48 89 df e8 ce 3f e4 f6 f7 c5 00 02 00 00 75 1f 9c 58 f6 c4 02 75 2f 01 00 00 00 e8 85 ed d5 f6 65 8b 05 a6 18 7f 75 85 c0 74 12 5b [ 72.679406][ C0] RSP: 0018:ffffc90003d9fd70 EFLAGS: 00000246 [ 72.685452][ C0] RAX: 0000000000000002 RBX: ffff8880755a6020 RCX: 1ffffffff1e31619 [ 72.693401][ C0] RDX: 0000000000000000 RSI: ffffffff8accbfe0 RDI: ffffffff8b2f1520 [ 72.701352][ C0] RBP: 0000000000000293 R08: 0000000000000001 R09: 0000000000000001 [ 72.709303][ C0] R10: ffffffff8f18e357 R11: 0000000000000002 R12: 0000000000000000 [ 72.717275][ C0] R13: 1ffff920007b3fb3 R14: ffffffff81789850 R15: dffffc0000000000 [ 72.725313][ C0] ? common_timer_get+0x530/0x530 [ 72.730345][ C0] do_timer_settime+0x260/0x2f0 [ 72.735184][ C0] ? do_timer_gettime+0x180/0x180 [ 72.740193][ C0] __x64_sys_timer_settime+0x266/0x2c0 [ 72.745638][ C0] ? __ia32_sys_timer_getoverrun+0x140/0x140 [ 72.751603][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 72.756786][ C0] ? ptrace_notify+0xf1/0x130 [ 72.761446][ C0] ? syscall_trace_enter.constprop.0+0xad/0x1f0 [ 72.767672][ C0] do_syscall_64+0x40/0x110 [ 72.772164][ C0] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 72.778062][ C0] RIP: 0033:0x7f8494cb5349 [ 72.782458][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 72.802043][ C0] RSP: 002b:00007fff43fe5d88 EFLAGS: 00000246 ORIG_RAX: 00000000000000df [ 72.810437][ C0] RAX: ffffffffffffffda RBX: 00007fff43fe5f58 RCX: 00007f8494cb5349 [ 72.818391][ C0] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 72.826361][ C0] RBP: 00007f8494d28610 R08: 00007fff43fe5f58 R09: 00007fff43fe5f58 [pid 5057] timer_settime(0, 0, {it_interval={tv_sec=0, tv_nsec=10000000}, it_value={tv_sec=0, tv_nsec=9}}, NULL) = 0 [pid 5057] --- SIGALRM {si_signo=SIGALRM, si_code=SI_TIMER, si_timerid=0, si_overrun=62, si_int=0, si_ptr=NULL} --- [pid 5058] exit(0) = ? [pid 5057] +++ killed by SIGALRM +++ +++ exited with 0 +++ [