./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1702004068

<...>
Warning: Permanently added '10.128.1.247' (ED25519) to the list of known hosts.
execve("./syz-executor1702004068", ["./syz-executor1702004068"], 0x7ffdfc2763f0 /* 10 vars */) = 0
brk(NULL)                               = 0x55557522a000
brk(0x55557522ad00)                     = 0x55557522ad00
arch_prctl(ARCH_SET_FS, 0x55557522a380) = 0
set_tid_address(0x55557522a650)         = 5087
set_robust_list(0x55557522a660, 24)     = 0
rseq(0x55557522aca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1702004068", 4096) = 28
getrandom("\x43\x18\xd6\xa8\x74\x84\x57\x4c", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55557522ad00
brk(0x55557524bd00)                     = 0x55557524bd00
brk(0x55557524c000)                     = 0x55557524c000
mprotect(0x7efd930fb000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached
 <unfinished ...>
[pid  5088] set_robust_list(0x55557522a660, 24 <unfinished ...>
[pid  5087] <... clone resumed>, child_tidptr=0x55557522a650) = 5088
[pid  5088] <... set_robust_list resumed>) = 0
[pid  5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5088] setpgid(0, 0)               = 0
[pid  5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5088] write(3, "1000", 4)         = 4
[pid  5088] close(3)                    = 0
[pid  5088] write(1, "executing program\n", 18executing program
) = 18
[pid  5088] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=4294966948, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid  5088] socketpair(AF_TIPC, SOCK_DGRAM, 0, [3, 4]) = 0
[pid  5088] close(3)                    = 0
[pid  5088] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=7, value_size=65537, max_entries=8, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid  5088] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid  5088] close(3)                    = 0
[pid  5088] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=7, value_size=3983, max_entries=9, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid  5088] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000340, value=0x20000200, flags=BPF_ANY}, 32) = 0
[pid  5088] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 5
[pid  5088] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=5}}, 16) = 6
[pid  5088] exit_group(0)               = ?
[pid  5088] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5089 attached
, child_tidptr=0x55557522a650) = 5089
[pid  5089] set_robust_list(0x55557522a660, 24) = 0
[pid  5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5089] setpgid(0, 0)               = 0
[pid  5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5089] write(3, "1000", 4)         = 4
[pid  5089] close(3)                    = 0
[pid  5089] write(1, "executing program\n", 18executing program
) = 18
[pid  5089] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=4294966948, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid  5089] socketpair(AF_TIPC, SOCK_DGRAM, 0, [3, 4]) = 0
[pid  5089] close(3)                    = 0
[pid  5089] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=7, value_size=65537, max_entries=8, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid  5089] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid  5089] close(3)                    = 0
[pid  5089] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=7, value_size=3983, max_entries=9, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid  5089] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000340, value=0x20000200, flags=BPF_ANY}, 32) = 0
[pid  5089] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 5
[pid  5089] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=5}}, 16) = 6
[pid  5089] exit_group(0)               = ?
[pid  5089] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached
, child_tidptr=0x55557522a650) = 5090
[pid  5090] set_robust_list(0x55557522a660, 24) = 0
[pid  5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5090] setpgid(0, 0)               = 0
[pid  5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5090] write(3, "1000", 4)         = 4
[pid  5090] close(3)                    = 0
[pid  5090] write(1, "executing program\n", 18executing program
) = 18
[pid  5090] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=4294966948, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid  5090] socketpair(AF_TIPC, SOCK_DGRAM, 0, [3, 4]) = 0
[pid  5090] close(3)                    = 0
[pid  5090] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=7, value_size=65537, max_entries=8, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid  5090] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid  5090] close(3)                    = 0
[pid  5090] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=7, value_size=3983, max_entries=9, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid  5090] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000340, value=0x20000200, flags=BPF_ANY}, 32) = 0
[pid  5090] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 5
[pid  5090] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=5}}, 16) = 6
[pid  5090] exit_group(0)               = ?
[pid  5090] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached
, child_tidptr=0x55557522a650) = 5091
[pid  5091] set_robust_list(0x55557522a660, 24) = 0
[pid  5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5091] setpgid(0, 0)               = 0
[pid  5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5091] write(3, "1000", 4)         = 4
[pid  5091] close(3)                    = 0
executing program
[pid  5091] write(1, "executing program\n", 18) = 18
[pid  5091] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=4294966948, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid  5091] socketpair(AF_TIPC, SOCK_DGRAM, 0, [3, 4]) = 0
[pid  5091] close(3)                    = 0
[pid  5091] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=7, value_size=65537, max_entries=8, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid  5091] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid  5091] close(3)                    = 0
[pid  5091] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=7, value_size=3983, max_entries=9, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid  5091] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000340, value=0x20000200, flags=BPF_ANY}, 32) = 0
[pid  5091] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 5
[pid  5091] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=5}}, 16) = 6
[   56.635417][    C1] 
[   56.637797][    C1] ======================================================
[   56.644803][    C1] WARNING: possible circular locking dependency detected
[   56.651809][    C1] 6.10.0-rc2-syzkaller-00242-g36534d3c5453 #0 Not tainted
[   56.658896][    C1] ------------------------------------------------------
[   56.665889][    C1] swapper/1/0 is trying to acquire lock:
[   56.671493][    C1] ffff8880b9529430 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x18a/0x790
[   56.680103][    C1] 
[   56.680103][    C1] but task is already holding lock:
[   56.687457][    C1] ffff8880b952a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240
[   56.696303][    C1] 
[   56.696303][    C1] which lock already depends on the new lock.
[   56.696303][    C1] 
[   56.706679][    C1] 
[   56.706679][    C1] the existing dependency chain (in reverse order) is:
[   56.715665][    C1] 
[   56.715665][    C1] -> #1 (&base->lock){-.-.}-{2:2}:
[   56.722939][    C1]        lock_acquire+0x1ed/0x550
[   56.727959][    C1]        _raw_spin_lock_irqsave+0xd5/0x120
[   56.733762][    C1]        lock_timer_base+0x112/0x240
[   56.739024][    C1]        __mod_timer+0x1ca/0xeb0
[   56.743936][    C1]        queue_delayed_work_on+0x1ca/0x390
[   56.749721][    C1]        kvfree_call_rcu+0x47f/0x790
[   56.754985][    C1]        rtnl_register_internal+0x482/0x590
[   56.760856][    C1]        rtnl_register+0x36/0x80
[   56.765774][    C1]        ip_rt_init+0x2f6/0x3a0
[   56.770613][    C1]        ip_init+0xe/0x20
[   56.774923][    C1]        inet_init+0x3d8/0x580
[   56.779667][    C1]        do_one_initcall+0x248/0x880
[   56.784931][    C1]        do_initcall_level+0x157/0x210
[   56.790375][    C1]        do_initcalls+0x3f/0x80
[   56.795205][    C1]        kernel_init_freeable+0x435/0x5d0
[   56.801336][    C1]        kernel_init+0x1d/0x2b0
[   56.806168][    C1]        ret_from_fork+0x4b/0x80
[   56.811081][    C1]        ret_from_fork_asm+0x1a/0x30
[   56.816693][    C1] 
[   56.816693][    C1] -> #0 (krc.lock){..-.}-{2:2}:
[   56.823706][    C1]        validate_chain+0x18e0/0x5900
[   56.829058][    C1]        __lock_acquire+0x1346/0x1fd0
[   56.834437][    C1]        lock_acquire+0x1ed/0x550
[   56.839435][    C1]        _raw_spin_lock+0x2e/0x40
[   56.844438][    C1]        kvfree_call_rcu+0x18a/0x790
[   56.849787][    C1]        trie_delete_elem+0x546/0x6a0
[   56.855151][    C1]        bpf_prog_2c29ac5cdc6b1842+0x42/0x46
[   56.861113][    C1]        bpf_trace_run2+0x2ec/0x540
[   56.866294][    C1]        enqueue_timer+0x3ce/0x570
[   56.871393][    C1]        __mod_timer+0xa0e/0xeb0
[   56.876308][    C1]        dsp_cmx_send+0x21bf/0x2240
[   56.881512][    C1]        call_timer_fn+0x18e/0x650
[   56.886654][    C1]        __run_timer_base+0x66a/0x8e0
[   56.892034][    C1]        run_timer_softirq+0xb7/0x170
[   56.897414][    C1]        handle_softirqs+0x2c4/0x970
[   56.902690][    C1]        __irq_exit_rcu+0xf4/0x1c0
[   56.907779][    C1]        irq_exit_rcu+0x9/0x30
[   56.912517][    C1]        sysvec_apic_timer_interrupt+0xa6/0xc0
[   56.918656][    C1]        asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   56.925138][    C1]        acpi_safe_halt+0x21/0x30
[   56.930141][    C1]        acpi_idle_enter+0xe4/0x140
[   56.935317][    C1]        cpuidle_enter_state+0x112/0x480
[   56.940928][    C1]        cpuidle_enter+0x5d/0xa0
[   56.945849][    C1]        do_idle+0x375/0x5d0
[   56.950441][    C1]        cpu_startup_entry+0x42/0x60
[   56.955745][    C1]        __pfx_ap_starting+0x0/0x10
[   56.960929][    C1]        common_startup_64+0x13e/0x147
[   56.966367][    C1] 
[   56.966367][    C1] other info that might help us debug this:
[   56.966367][    C1] 
[   56.976658][    C1]  Possible unsafe locking scenario:
[   56.976658][    C1] 
[   56.984082][    C1]        CPU0                    CPU1
[   56.989424][    C1]        ----                    ----
[   56.994770][    C1]   lock(&base->lock);
[   56.998822][    C1]                                lock(krc.lock);
[   57.005125][    C1]                                lock(&base->lock);
[   57.011690][    C1]   lock(krc.lock);
[   57.015493][    C1] 
[   57.015493][    C1]  *** DEADLOCK ***
[   57.015493][    C1] 
[   57.023613][    C1] 4 locks held by swapper/1/0:
[   57.028357][    C1]  #0: ffffc90000a18c00 ((&dsp_spl_tl)){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650
[   57.037561][    C1]  #1: ffffffff8f33a138 (dsp_lock){..-.}-{2:2}, at: dsp_cmx_send+0x26/0x2240
[   57.046845][    C1]  #2: ffff8880b952a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240
[   57.056224][    C1]  #3: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540
[   57.065608][    C1] 
[   57.065608][    C1] stack backtrace:
[   57.071505][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.10.0-rc2-syzkaller-00242-g36534d3c5453 #0
[   57.081214][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   57.091254][    C1] Call Trace:
[   57.094515][    C1]  <IRQ>
[   57.097340][    C1]  dump_stack_lvl+0x241/0x360
[   57.102010][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[   57.107289][    C1]  ? print_circular_bug+0x130/0x1a0
[   57.112467][    C1]  check_noncircular+0x36a/0x4a0
[   57.117387][    C1]  ? __pfx_check_noncircular+0x10/0x10
[   57.122825][    C1]  ? lockdep_lock+0x123/0x2b0
[   57.127481][    C1]  ? deref_stack_reg+0x1c7/0x260
[   57.132401][    C1]  ? __bfs+0x368/0x6f0
[   57.136450][    C1]  validate_chain+0x18e0/0x5900
[   57.141279][    C1]  ? __pfx___bfs+0x10/0x10
[   57.145691][    C1]  ? mark_lock_irq+0x8e1/0xc20
[   57.150435][    C1]  ? __pfx_validate_chain+0x10/0x10
[   57.155614][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[   57.161172][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[   57.166369][    C1]  ? lockdep_unlock+0x16a/0x300
[   57.171228][    C1]  ? __pfx_lockdep_unlock+0x10/0x10
[   57.176410][    C1]  ? stack_trace_save+0x118/0x1d0
[   57.181506][    C1]  ? mark_lock+0x9a/0x350
[   57.185814][    C1]  __lock_acquire+0x1346/0x1fd0
[   57.190656][    C1]  lock_acquire+0x1ed/0x550
[   57.195136][    C1]  ? kvfree_call_rcu+0x18a/0x790
[   57.200054][    C1]  ? __pfx_lock_acquire+0x10/0x10
[   57.205061][    C1]  ? __phys_addr+0xba/0x170
[   57.209550][    C1]  _raw_spin_lock+0x2e/0x40
[   57.214035][    C1]  ? kvfree_call_rcu+0x18a/0x790
[   57.218950][    C1]  kvfree_call_rcu+0x18a/0x790
[   57.225261][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   57.231163][    C1]  ? __pfx_kvfree_call_rcu+0x10/0x10
[   57.236517][    C1]  ? longest_prefix_match+0x49f/0x650
[   57.241871][    C1]  trie_delete_elem+0x546/0x6a0
[   57.246723][    C1]  ? bpf_trace_run2+0x1fc/0x540
[   57.251577][    C1]  bpf_prog_2c29ac5cdc6b1842+0x42/0x46
[   57.257040][    C1]  bpf_trace_run2+0x2ec/0x540
[   57.261730][    C1]  ? __pfx_bpf_trace_run2+0x10/0x10
[   57.266914][    C1]  ? __pfx_debug_object_activate+0x10/0x10
[   57.272704][    C1]  enqueue_timer+0x3ce/0x570
[   57.277286][    C1]  __mod_timer+0xa0e/0xeb0
[   57.281685][    C1]  ? __pfx___mod_timer+0x10/0x10
[   57.286600][    C1]  ? _raw_read_unlock_irqrestore+0xdd/0x140
[   57.292479][    C1]  ? __pfx__raw_read_unlock_irqrestore+0x10/0x10
[   57.298783][    C1]  ? timekeeping_get_ns+0x2c0/0x420
[   57.303982][    C1]  dsp_cmx_send+0x21bf/0x2240
[   57.308646][    C1]  ? __pfx_lock_acquire+0x10/0x10
[   57.313666][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   57.319561][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   57.325883][    C1]  ? call_timer_fn+0xa8/0x650
[   57.330543][    C1]  call_timer_fn+0x18e/0x650
[   57.335112][    C1]  ? __pfx_dsp_cmx_send+0x10/0x10
[   57.340117][    C1]  ? call_timer_fn+0xc0/0x650
[   57.344775][    C1]  ? __pfx_dsp_cmx_send+0x10/0x10
[   57.349781][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[   57.354875][    C1]  ? __pfx_dsp_cmx_send+0x10/0x10
[   57.359881][    C1]  ? __pfx_dsp_cmx_send+0x10/0x10
[   57.364888][    C1]  ? __pfx_dsp_cmx_send+0x10/0x10
[   57.369908][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[   57.375089][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[   57.380267][    C1]  ? __pfx_dsp_cmx_send+0x10/0x10
[   57.385280][    C1]  __run_timer_base+0x66a/0x8e0
[   57.390114][    C1]  ? __pfx___run_timer_base+0x10/0x10
[   57.395491][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   57.401801][    C1]  run_timer_softirq+0xb7/0x170
[   57.406720][    C1]  handle_softirqs+0x2c4/0x970
[   57.411464][    C1]  ? __irq_exit_rcu+0xf4/0x1c0
[   57.416210][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[   57.421473][    C1]  ? irqtime_account_irq+0xd4/0x1e0
[   57.426653][    C1]  __irq_exit_rcu+0xf4/0x1c0
[   57.431238][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[   57.436416][    C1]  irq_exit_rcu+0x9/0x30
[   57.440635][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   57.446254][    C1]  </IRQ>
[   57.449186][    C1]  <TASK>
[   57.452099][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   57.458074][    C1] RIP: 0010:acpi_safe_halt+0x21/0x30
[   57.463366][    C1] Code: 90 90 90 90 90 90 90 90 90 65 48 8b 04 25 00 d5 03 00 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d 25 c5 a2 00 f3 0f 1e fa fb f4 <fa> c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90
[   57.482956][    C1] RSP: 0018:ffffc900001a7d08 EFLAGS: 00000246
[   57.489007][    C1] RAX: ffff888017ae8000 RBX: ffff888015148064 RCX: 000000000001f699
[   57.496979][    C1] RDX: 0000000000000001 RSI: ffff888015148000 RDI: ffff888015148064
[   57.504932][    C1] RBP: 000000000003a5b8 R08: ffff8880b9537d0b R09: 1ffff110172a6fa1
[   57.512899][    C1] R10: dffffc0000000000 R11: ffffffff8b86b9f0 R12: ffff88801c351800
[   57.520850][    C1] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff8eace280
[   57.528892][    C1]  ? __pfx_acpi_idle_enter+0x10/0x10
[   57.534164][    C1]  acpi_idle_enter+0xe4/0x140
[   57.538819][    C1]  cpuidle_enter_state+0x112/0x480
[   57.543905][    C1]  ? __pfx_menu_select+0x10/0x10
[   57.548834][    C1]  cpuidle_enter+0x5d/0xa0
[   57.553233][    C1]  do_idle+0x375/0x5d0
[   57.557281][    C1]  ? __pfx_do_idle+0x10/0x10
[   57.561865][    C1]  cpu_startup_entry+0x42/0x60
[   57.566610][    C1]  start_secondary+0x100/0x100
[   57.571353][    C1]  common_startup_64+0x13e/0x147
[   57.576272][    C1]  </TASK>