./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3049656993 <...> Warning: Permanently added '10.128.0.244' (ED25519) to the list of known hosts. execve("./syz-executor3049656993", ["./syz-executor3049656993"], 0x7ffd8102da90 /* 10 vars */) = 0 brk(NULL) = 0x55557d6ec000 brk(0x55557d6ecd00) = 0x55557d6ecd00 arch_prctl(ARCH_SET_FS, 0x55557d6ec380) = 0 set_tid_address(0x55557d6ec650) = 5844 set_robust_list(0x55557d6ec660, 24) = 0 rseq(0x55557d6ecca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3049656993", 4096) = 28 getrandom("\xca\x86\x40\xbb\x8e\x9a\x7e\x99", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557d6ecd00 brk(0x55557d70dd00) = 0x55557d70dd00 brk(0x55557d70e000) = 0x55557d70e000 mprotect(0x7f9ad03ab000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 executing program write(1, "executing program\n", 18) = 18 bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=4, max_entries=8, map_flags=BPF_F_NUMA_NODE|BPF_F_WRONLY|BPF_F_INNER_MAP, inner_map_fd=-1, numa_node=0, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 bpf(BPF_MAP_GET_NEXT_KEY, {map_fd=3, key=NULL, next_key=NULL}, 32) = -1 EPERM (Operation not permitted) bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=4, max_entries=8, map_flags=BPF_F_NUMA_NODE|BPF_F_WRONLY|BPF_F_INNER_MAP, inner_map_fd=-1, numa_node=0, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 4 bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_HASH_OF_MAPS, key_size=4, value_size=4, max_entries=9, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=4, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000300, value=0x20000000, flags=BPF_ANY}, 32) = 0 close(3) = 0 [ 61.541549][ T5844] [ 61.543904][ T5844] ============================= [ 61.548747][ T5844] [ BUG: Invalid wait context ] [ 61.553593][ T5844] 6.12.0-rc5-next-20241031-syzkaller #0 Not tainted [ 61.560165][ T5844] ----------------------------- [ 61.564998][ T5844] syz-executor304/5844 is trying to lock: [ 61.570705][ T5844] ffffffff8e9ba4b8 (map_idr_lock){+...}-{3:3}, at: bpf_map_put+0x9a/0x380 [ 61.579245][ T5844] other info that might help us debug this: [ 61.585119][ T5844] context-{5:5} [ 61.588558][ T5844] 2 locks held by syz-executor304/5844: [ 61.594087][ T5844] #0: ffffffff8e939f20 (rcu_read_lock){....}-{1:3}, at: map_delete_elem+0x338/0x5c0 [ 61.603568][ T5844] #1: ffff88807b870410 (&htab->lockdep_key){....}-{2:2}, at: htab_lock_bucket+0x1a4/0x370 [ 61.613565][ T5844] stack backtrace: [ 61.617278][ T5844] CPU: 1 UID: 0 PID: 5844 Comm: syz-executor304 Not tainted 6.12.0-rc5-next-20241031-syzkaller #0 [ 61.627847][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 61.637900][ T5844] Call Trace: [ 61.641170][ T5844] [ 61.644096][ T5844] dump_stack_lvl+0x241/0x360 [ 61.648775][ T5844] ? __pfx_dump_stack_lvl+0x10/0x10 [ 61.653972][ T5844] ? __pfx__printk+0x10/0x10 [ 61.658560][ T5844] __lock_acquire+0x15a8/0x2100 [ 61.663409][ T5844] lock_acquire+0x1ed/0x550 [ 61.667907][ T5844] ? bpf_map_put+0x9a/0x380 [ 61.672398][ T5844] ? __pfx_lock_acquire+0x10/0x10 [ 61.677416][ T5844] ? __pfx_lock_acquire+0x10/0x10 [ 61.682430][ T5844] ? do_raw_spin_lock+0x14f/0x370 [ 61.687441][ T5844] ? __lock_acquire+0x1397/0x2100 [ 61.692461][ T5844] _raw_spin_lock_irqsave+0xd5/0x120 [ 61.697741][ T5844] ? bpf_map_put+0x9a/0x380 [ 61.702245][ T5844] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 61.708128][ T5844] ? htab_lock_bucket+0x1a4/0x370 [ 61.713144][ T5844] bpf_map_put+0x9a/0x380 [ 61.717459][ T5844] ? __pfx_bpf_map_fd_put_ptr+0x10/0x10 [ 61.722990][ T5844] free_htab_elem+0xbb/0x460 [ 61.727571][ T5844] htab_map_delete_elem+0x576/0x6b0 [ 61.732757][ T5844] ? __pfx_lock_acquire+0x10/0x10 [ 61.737776][ T5844] ? __pfx_htab_map_delete_elem+0x10/0x10 [ 61.743481][ T5844] ? __might_fault+0xaa/0x120 [ 61.748156][ T5844] map_delete_elem+0x431/0x5c0 [ 61.752912][ T5844] __sys_bpf+0x598/0x810 [ 61.757147][ T5844] ? __pfx___sys_bpf+0x10/0x10 [ 61.761905][ T5844] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 61.768230][ T5844] ? do_syscall_64+0x100/0x230 [ 61.772987][ T5844] __x64_sys_bpf+0x7c/0x90 [ 61.777403][ T5844] do_syscall_64+0xf3/0x230 [ 61.781901][ T5844] ? clear_bhb_loop+0x35/0x90 [ 61.786568][ T5844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.792461][ T5844] RIP: 0033:0x7f9ad03385e9 [ 61.796866][ T5844] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 61.816462][ T5844] RSP: 002b:00007ffd14d58828 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 61.824868][ T5844] RAX: ffffffffffffffda RBX: 00007ffd14d589f8 RCX: 00007f9ad03385e9 [ 61.832829][ T5844] RDX: 0000000000000020 RSI: 0000000020000300 RDI: 0000000000000003 bpf(BPF_MAP_DELETE_ELEM, {map_fd=5, key=0x20000240}, 32) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 61.840787][ T5844] R