./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3583905687 <...> Warning: Permanently added '10.128.0.149' (ED25519) to the list of known hosts. execve("./syz-executor3583905687", ["./syz-executor3583905687"], 0x7ffd5b9a8db0 /* 10 vars */) = 0 brk(NULL) = 0x555595244000 brk(0x555595244d00) = 0x555595244d00 arch_prctl(ARCH_SET_FS, 0x555595244380) = 0 set_tid_address(0x555595244650) = 5076 set_robust_list(0x555595244660, 24) = 0 rseq(0x555595244ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3583905687", 4096) = 28 getrandom("\xc7\x74\xbf\x38\xd8\xc0\xf7\xe3", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555595244d00 brk(0x555595265d00) = 0x555595265d00 brk(0x555595266000) = 0x555595266000 mprotect(0x7fa3cdc29000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached , child_tidptr=0x555595244650) = 5077 [pid 5077] set_robust_list(0x555595244660, 24) = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5077] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=4294966338, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5077] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5077] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="contention_end", prog_fd=4}}, 16) = 5 [pid 5077] exit_group(0) = ? [ 110.343630][ T0] [ 110.346021][ T0] ===================================================== [ 110.352952][ T0] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 110.360416][ T0] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 110.367123][ T0] ----------------------------------------------------- [ 110.374081][ T0] swapper/1/0 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 110.381389][ T0] ffff88801e7a6020 (&htab->buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xcb/0x260 [ 110.391731][ T0] [ 110.391731][ T0] and this task is already holding: [ 110.399099][ T0] ffff8880b953e6d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 110.408649][ T0] which would create a new lock dependency: [ 110.414549][ T0] (&rq->__lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+...}-{2:2} [ 110.422794][ T0] [ 110.422794][ T0] but this new dependency connects a HARDIRQ-irq-safe lock: [ 110.432250][ T0] (&rq->__lock){-.-.}-{2:2} [ 110.432293][ T0] [ 110.432293][ T0] ... which became HARDIRQ-irq-safe at: [ 110.444587][ T0] lock_acquire+0x1b1/0x540 [ 110.449218][ T0] _raw_spin_lock_nested+0x31/0x40 [ 110.454446][ T0] raw_spin_rq_lock_nested+0x29/0x130 [ 110.459938][ T0] scheduler_tick+0xa2/0x650 [ 110.464669][ T0] update_process_times+0x199/0x220 [ 110.470001][ T0] tick_periodic+0x7e/0x230 [ 110.474606][ T0] tick_handle_periodic+0x45/0x120 [ 110.479815][ T0] timer_interrupt+0x4e/0x80 [ 110.484516][ T0] __handle_irq_event_percpu+0x22c/0x750 [ 110.490253][ T0] handle_irq_event+0xab/0x1e0 [ 110.495118][ T0] handle_edge_irq+0x263/0xd10 [ 110.499995][ T0] __common_interrupt+0xe1/0x250 [ 110.505071][ T0] common_interrupt+0xab/0xd0 [ 110.509848][ T0] asm_common_interrupt+0x26/0x40 [ 110.514984][ T0] console_flush_all+0xa19/0xd70 [ 110.520032][ T0] console_unlock+0xae/0x290 [ 110.524767][ T0] vprintk_emit+0x11a/0x5a0 [ 110.529491][ T0] vprintk+0x7f/0xa0 [ 110.533518][ T0] _printk+0xc8/0x100 [ 110.537631][ T0] arch_cpu_finalize_init+0x7b/0x170 [ 110.543088][ T0] start_kernel+0x32b/0x490 [ 110.547723][ T0] x86_64_start_reservations+0x18/0x30 [ 110.553324][ T0] x86_64_start_kernel+0xb2/0xc0 [ 110.558550][ T0] common_startup_64+0x13e/0x148 [ 110.563606][ T0] [ 110.563606][ T0] to a HARDIRQ-irq-unsafe lock: [ 110.570629][ T0] (&htab->buckets[i].lock){+...}-{2:2} [ 110.570675][ T0] [ 110.570675][ T0] ... which became HARDIRQ-irq-unsafe at: [ 110.584132][ T0] ... [ 110.584143][ T0] lock_acquire+0x1b1/0x540 [ 110.591377][ T0] _raw_spin_lock_bh+0x33/0x40 [ 110.596391][ T0] sock_hash_delete_elem+0xcb/0x260 [ 110.601747][ T0] bpf_prog_2c29ac5cdc6b1842+0x42/0x4a [ 110.607315][ T0] bpf_trace_run2+0x154/0x420 [ 110.612208][ T0] __bpf_trace_contention_end+0xca/0x110 [ 110.617984][ T0] trace_contention_end+0xce/0x120 [ 110.623216][ T0] __mutex_lock+0x19c/0x9c0 [ 110.627931][ T0] pipe_write+0x16c/0x1b50 [ 110.632479][ T0] vfs_write+0x6de/0x1100 [ 110.636929][ T0] ksys_write+0x1f8/0x260 [ 110.641388][ T0] do_syscall_64+0xd5/0x260 [ 110.646106][ T0] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 110.652165][ T0] [ 110.652165][ T0] other info that might help us debug this: [ 110.652165][ T0] [ 110.662417][ T0] Possible interrupt unsafe locking scenario: [ 110.662417][ T0] [ 110.670841][ T0] CPU0 CPU1 [ 110.676216][ T0] ---- ---- [ 110.681595][ T0] lock(&htab->buckets[i].lock); [ 110.686669][ T0] local_irq_disable(); [ 110.693797][ T0] lock(&rq->__lock); [ 110.700502][ T0] lock(&htab->buckets[i].lock); [ 110.708073][ T0] [ 110.711533][ T0] lock(&rq->__lock); [ 110.715798][ T0] [ 110.715798][ T0] *** DEADLOCK *** [ 110.715798][ T0] [ 110.723949][ T0] 2 locks held by swapper/1/0: [ 110.728725][ T0] #0: ffff8880b953e6d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 110.738826][ T0] #1: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0xe4/0x420 [ 110.748227][ T0] [ 110.748227][ T0] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 110.758650][ T0] -> (&rq->__lock){-.-.}-{2:2} { [ 110.763652][ T0] IN-HARDIRQ-W at: [ 110.767660][ T0] lock_acquire+0x1b1/0x540 [ 110.773840][ T0] _raw_spin_lock_nested+0x31/0x40 [ 110.780635][ T0] raw_spin_rq_lock_nested+0x29/0x130 [ 110.787682][ T0] scheduler_tick+0xa2/0x650 [ 110.793984][ T0] update_process_times+0x199/0x220 [ 110.800859][ T0] tick_periodic+0x7e/0x230 [ 110.807057][ T0] tick_handle_periodic+0x45/0x120 [ 110.813840][ T0] timer_interrupt+0x4e/0x80 [ 110.820125][ T0] __handle_irq_event_percpu+0x22c/0x750 [ 110.827534][ T0] handle_irq_event+0xab/0x1e0 [ 110.833986][ T0] handle_edge_irq+0x263/0xd10 [ 110.840421][ T0] __common_interrupt+0xe1/0x250 [ 110.847058][ T0] common_interrupt+0xab/0xd0 [ 110.853414][ T0] asm_common_interrupt+0x26/0x40 [ 110.860143][ T0] console_flush_all+0xa19/0xd70 [ 110.866780][ T0] console_unlock+0xae/0x290 [ 110.873238][ T0] vprintk_emit+0x11a/0x5a0 [ 110.879433][ T0] vprintk+0x7f/0xa0 [ 110.885043][ T0] _printk+0xc8/0x100 [ 110.890707][ T0] arch_cpu_finalize_init+0x7b/0x170 [ 110.897697][ T0] start_kernel+0x32b/0x490 [ 110.903892][ T0] x86_64_start_reservations+0x18/0x30 [ 110.911045][ T0] x86_64_start_kernel+0xb2/0xc0 [ 110.917685][ T0] common_startup_64+0x13e/0x148 [ 110.924311][ T0] IN-SOFTIRQ-W at: [ 110.928310][ T0] lock_acquire+0x1b1/0x540 [ 110.934484][ T0] _raw_spin_lock_nested+0x31/0x40 [ 110.941290][ T0] raw_spin_rq_lock_nested+0x29/0x130 [ 110.948380][ T0] try_to_wake_up+0x514/0x13e0 [ 110.954836][ T0] call_timer_fn+0x1a3/0x5b0 [ 110.961970][ T0] __run_timers+0x74b/0xab0 [ 110.968194][ T0] run_timer_base+0x111/0x190 [ 110.974550][ T0] run_timer_softirq+0x1a/0x40 [ 110.980997][ T0] __do_softirq+0x21b/0x8de [ 110.987188][ T0] irq_exit_rcu+0xb9/0x120 [ 110.993294][ T0] sysvec_apic_timer_interrupt+0x95/0xb0 [ 111.000624][ T0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 111.008305][ T0] default_idle+0xf/0x20 [ 111.014220][ T0] default_idle_call+0x6d/0xb0 [ 111.020654][ T0] do_idle+0x32c/0x3f0 [ 111.026403][ T0] cpu_startup_entry+0x4f/0x60 [ 111.032851][ T0] rest_init+0x16f/0x2b0 [ 111.038767][ T0] arch_call_rest_init+0x13/0x40 [ 111.045392][ T0] start_kernel+0x3a3/0x490 [ 111.051586][ T0] x86_64_start_reservations+0x18/0x30 [ 111.058746][ T0] x86_64_start_kernel+0xb2/0xc0 [ 111.065374][ T0] common_startup_64+0x13e/0x148 [ 111.071990][ T0] INITIAL USE at: [ 111.075911][ T0] lock_acquire+0x1b1/0x540 [ 111.082021][ T0] _raw_spin_lock_nested+0x31/0x40 [ 111.088727][ T0] raw_spin_rq_lock_nested+0x29/0x130 [ 111.095694][ T0] rq_attach_root+0x38/0x470 [ 111.101880][ T0] sched_init+0x6a7/0x1180 [ 111.107884][ T0] start_kernel+0x165/0x490 [ 111.113995][ T0] x86_64_start_reservations+0x18/0x30 [ 111.121066][ T0] x86_64_start_kernel+0xb2/0xc0 [ 111.127703][ T0] common_startup_64+0x13e/0x148 [ 111.134327][ T0] } [ 111.136871][ T0] ... key at: [] __key.545+0x0/0x40 [ 111.144204][ T0] [ 111.144204][ T0] the dependencies between the lock to be acquired [ 111.144219][ T0] and HARDIRQ-irq-unsafe lock: [ 111.157768][ T0] -> (&htab->buckets[i].lock){+...}-{2:2} { [ 111.163718][ T0] HARDIRQ-ON-W at: [ 111.167731][ T0] lock_acquire+0x1b1/0x540 [ 111.173923][ T0] _raw_spin_lock_bh+0x33/0x40 [ 111.180368][ T0] sock_hash_delete_elem+0xcb/0x260 [ 111.187243][ T0] bpf_prog_2c29ac5cdc6b1842+0x42/0x4a [ 111.194365][ T0] bpf_trace_run2+0x154/0x420 [ 111.200726][ T0] __bpf_trace_contention_end+0xca/0x110 [ 111.208162][ T0] trace_contention_end+0xce/0x120 [ 111.214997][ T0] __mutex_lock+0x19c/0x9c0 [ 111.221203][ T0] pipe_write+0x16c/0x1b50 [ 111.227317][ T0] vfs_write+0x6de/0x1100 [ 111.233366][ T0] ksys_write+0x1f8/0x260 [ 111.239393][ T0] do_syscall_64+0xd5/0x260 [ 111.245595][ T0] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 111.253179][ T0] INITIAL USE at: [ 111.257188][ T0] lock_acquire+0x1b1/0x540 [ 111.263491][ T0] _raw_spin_lock_bh+0x33/0x40 [ 111.269845][ T0] sock_hash_delete_elem+0xcb/0x260 [ 111.276648][ T0] bpf_prog_2c29ac5cdc6b1842+0x42/0x4a [ 111.283709][ T0] bpf_trace_run2+0x154/0x420 [ 111.290080][ T0] __bpf_trace_contention_end+0xca/0x110 [ 111.297312][ T0] trace_contention_end+0xce/0x120 [ 111.304123][ T0] __mutex_lock+0x19c/0x9c0 [ 111.310221][ T0] pipe_write+0x16c/0x1b50 [ 111.316328][ T0] vfs_write+0x6de/0x1100 [ 111.322249][ T0] ksys_write+0x1f8/0x260 [ 111.328275][ T0] do_syscall_64+0xd5/0x260 [ 111.334378][ T0] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 111.341889][ T0] } [ 111.344390][ T0] ... key at: [] __key.0+0x0/0x40 [ 111.351522][ T0] ... acquired at: [ 111.355331][ T0] lock_acquire+0x1b1/0x540 [ 111.360030][ T0] _raw_spin_lock_bh+0x33/0x40 [ 111.364983][ T0] sock_hash_delete_elem+0xcb/0x260 [ 111.370467][ T0] bpf_prog_2c29ac5cdc6b1842+0x42/0x4a [ 111.376108][ T0] bpf_trace_run2+0x154/0x420 [ 111.380975][ T0] __bpf_trace_contention_end+0xca/0x110 [ 111.386882][ T0] trace_contention_end.constprop.0+0xe2/0x140 [ 111.393231][ T0] __pv_queued_spin_lock_slowpath+0x266/0xc80 [ 111.399509][ T0] do_raw_spin_lock+0x210/0x2c0 [ 111.404560][ T0] raw_spin_rq_lock_nested+0x29/0x130 [ 111.410149][ T0] __schedule+0x29d/0x5c70 [ 111.414793][ T0] schedule_idle+0x59/0x90 [ 111.419410][ T0] do_idle+0x287/0x3f0 [ 111.423676][ T0] cpu_startup_entry+0x4f/0x60 [ 111.428662][ T0] start_secondary+0x220/0x2b0 [ 111.433626][ T0] common_startup_64+0x13e/0x148 [ 111.438756][ T0] [ 111.441077][ T0] [ 111.441077][ T0] stack backtrace: [ 111.446970][ T0] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 111.456361][ T0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 111.466436][ T0] Call Trace: [ 111.469745][ T0] [ 111.472711][ T0] dump_stack_lvl+0x116/0x1f0 [ 111.477513][ T0] check_irq_usage+0xe3c/0x1490 [ 111.482431][ T0] ? __pfx_mark_lock+0x10/0x10 [ 111.487333][ T0] ? srso_return_thunk+0x5/0x5f [ 111.492233][ T0] ? __pfx_check_irq_usage+0x10/0x10 [ 111.497545][ T0] ? hlock_conflict+0x58/0x200 [ 111.502358][ T0] ? __bfs+0x2fd/0x670 [ 111.506672][ T0] ? __pfx_hlock_conflict+0x10/0x10 [ 111.511942][ T0] ? lockdep_lock+0xc6/0x200 [ 111.516591][ T0] ? __pfx_lockdep_lock+0x10/0x10 [ 111.521657][ T0] ? srso_return_thunk+0x5/0x5f [ 111.526559][ T0] ? __lock_acquire+0x248e/0x3b30 [ 111.531957][ T0] __lock_acquire+0x248e/0x3b30 [ 111.536855][ T0] ? __pfx___lock_acquire+0x10/0x10 [ 111.542100][ T0] lock_acquire+0x1b1/0x540 [ 111.546663][ T0] ? sock_hash_delete_elem+0xcb/0x260 [ 111.552058][ T0] ? __pfx_lock_acquire+0x10/0x10 [ 111.557186][ T0] ? srso_return_thunk+0x5/0x5f [ 111.562090][ T0] ? lock_acquire+0x1b1/0x540 [ 111.566823][ T0] ? srso_return_thunk+0x5/0x5f [ 111.571708][ T0] ? srso_return_thunk+0x5/0x5f [ 111.576589][ T0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 111.582530][ T0] _raw_spin_lock_bh+0x33/0x40 [ 111.587353][ T0] ? sock_hash_delete_elem+0xcb/0x260 [ 111.592764][ T0] sock_hash_delete_elem+0xcb/0x260 [ 111.598040][ T0] bpf_prog_2c29ac5cdc6b1842+0x42/0x4a [ 111.603539][ T0] bpf_trace_run2+0x154/0x420 [ 111.608279][ T0] ? __pfx_bpf_trace_run2+0x10/0x10 [ 111.613565][ T0] ? hlock_class+0x4e/0x130 [ 111.618126][ T0] ? srso_return_thunk+0x5/0x5f [ 111.623294][ T0] ? __lock_acquire+0x14f4/0x3b30 [ 111.628386][ T0] __bpf_trace_contention_end+0xca/0x110 [ 111.634094][ T0] ? __pfx___bpf_trace_contention_end+0x10/0x10 [ 111.640547][ T0] trace_contention_end.constprop.0+0xe2/0x140 [ 111.646749][ T0] __pv_queued_spin_lock_slowpath+0x266/0xc80 [ 111.652872][ T0] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 111.659705][ T0] ? srso_return_thunk+0x5/0x5f [ 111.664675][ T0] ? __pfx_lock_acquire+0x10/0x10 [ 111.669919][ T0] ? clockevents_program_event+0x155/0x380 [ 111.675910][ T0] do_raw_spin_lock+0x210/0x2c0 [ 111.680816][ T0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 111.686224][ T0] ? srso_return_thunk+0x5/0x5f [ 111.691153][ T0] ? srso_return_thunk+0x5/0x5f [ 111.696069][ T0] raw_spin_rq_lock_nested+0x29/0x130 [ 111.701491][ T0] ? schedule_idle+0x59/0x90 [ 111.706123][ T0] __schedule+0x29d/0x5c70 [ 111.710578][ T0] ? clockevents_program_event+0x13a/0x380 [ 111.717116][ T0] ? srso_return_thunk+0x5/0x5f [ 111.722033][ T0] ? srso_return_thunk+0x5/0x5f [ 111.726968][ T0] ? tick_nohz_restart_sched_tick+0x1c4/0x2f0 [ 111.733092][ T0] ? __pfx_lock_release+0x10/0x10 [ 111.738164][ T0] ? __pfx___schedule+0x10/0x10 [ 111.743062][ T0] ? srso_return_thunk+0x5/0x5f [ 111.747958][ T0] ? do_raw_spin_unlock+0x172/0x230 [ 111.753360][ T0] ? srso_return_thunk+0x5/0x5f [ 111.758271][ T0] schedule_idle+0x59/0x90 [ 111.762719][ T0] do_idle+0x287/0x3f0 [ 111.766816][ T0] ? __pfx_do_idle+0x10/0x10 [ 111.771463][ T0] cpu_startup_entry+0x4f/0x60 [ 111.776260][ T0] start_secondary+0x220/0x2b0 [ 111.781061][ T0] ? __pfx_start_secondary+0x10/0x10 [ 111.786383][ T0] common_startup_64+0x13e/0x148 [ 111.791360][ T0]