./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor914719981 <...> Warning: Permanently added '10.128.0.118' (ED25519) to the list of known hosts. execve("./syz-executor914719981", ["./syz-executor914719981"], 0x7ffdc9e0d140 /* 10 vars */) = 0 brk(NULL) = 0x555581802000 brk(0x555581802e00) = 0x555581802e00 arch_prctl(ARCH_SET_FS, 0x555581802480) = 0 set_tid_address(0x555581802750) = 5065 set_robust_list(0x555581802760, 24) = 0 rseq(0x555581802da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor914719981", 4096) = 27 getrandom("\x2d\x41\xef\x56\xd7\x8d\x39\x0b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555581802e00 brk(0x555581823e00) = 0x555581823e00 brk(0x555581824000) = 0x555581824000 mprotect(0x7f72e44b6000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f72e4410920, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f72e4419600}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f72e4410920, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f72e4419600}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached , child_tidptr=0x555581802750) = 5066 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] set_robust_list(0x555581802760, 24) = 0 ./strace-static-x86_64: Process 5067 attached [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... clone resumed>, child_tidptr=0x555581802750) = 5067 [pid 5067] set_robust_list(0x555581802760, 24./strace-static-x86_64: Process 5068 attached [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... set_robust_list resumed>) = 0 [pid 5068] set_robust_list(0x555581802760, 24 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... clone resumed>, child_tidptr=0x555581802750) = 5068 [pid 5068] <... set_robust_list resumed>) = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 5069 attached [pid 5065] <... clone resumed>, child_tidptr=0x555581802750) = 5070 [pid 5068] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5070 attached [pid 5069] set_robust_list(0x555581802760, 24 [pid 5068] setpgid(0, 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5070] set_robust_list(0x555581802760, 24 [pid 5069] <... set_robust_list resumed>) = 0 [pid 5068] <... setpgid resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5070] <... set_robust_list resumed>) = 0 [pid 5069] <... prctl resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5067] <... clone resumed>, child_tidptr=0x555581802750) = 5069 ./strace-static-x86_64: Process 5071 attached [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] write(3, "1000", 4 [pid 5069] setpgid(0, 0 [pid 5068] <... write resumed>) = 4 [pid 5068] close(3) = 0 [pid 5068] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE, insn_cnt=5, insns=0x20000040, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144./strace-static-x86_64: Process 5072 attached [pid 5065] <... clone resumed>, child_tidptr=0x555581802750) = 5071 [pid 5071] set_robust_list(0x555581802760, 24 [pid 5069] <... setpgid resumed>) = 0 [pid 5071] <... set_robust_list resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... bpf resumed>) = 3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] set_robust_list(0x555581802760, 24 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mmap_lock_acquire_returned", prog_fd=3}}, 16./strace-static-x86_64: Process 5074 attached ./strace-static-x86_64: Process 5073 attached [pid 5072] <... set_robust_list resumed>) = 0 [pid 5070] <... clone resumed>, child_tidptr=0x555581802750) = 5072 [pid 5069] <... openat resumed>) = 3 [pid 5065] <... clone resumed>, child_tidptr=0x555581802750) = 5073 [pid 5074] set_robust_list(0x555581802760, 24 [pid 5073] set_robust_list(0x555581802760, 24 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5071] <... clone resumed>, child_tidptr=0x555581802750) = 5074 [pid 5069] write(3, "1000", 4 [pid 5074] <... set_robust_list resumed>) = 0 [pid 5073] <... set_robust_list resumed>) = 0 [pid 5072] <... prctl resumed>) = 0 [pid 5069] <... write resumed>) = 4 [pid 5072] setpgid(0, 0 [pid 5069] close(3 [pid 5072] <... setpgid resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE, insn_cnt=5, insns=0x20000040, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 [pid 5074] <... prctl resumed>) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5072] <... openat resumed>) = 3 [pid 5074] <... openat resumed>) = 3 [ 61.643889][ C1] [ 61.646260][ C1] ================================ [ 61.651438][ C1] WARNING: inconsistent lock state [ 61.656556][ C1] 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Not tainted [ 61.663227][ C1] -------------------------------- [ 61.668317][ C1] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 61.675151][ C1] syz-executor914/5165 [HC0[0]:SC1[1]:HE0:SE0] takes: [ 61.681897][ C1] ffff8880b9538528 (lock#9){+.?.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x8f/0x600 [ 61.692180][ C1] {SOFTIRQ-ON-W} state was registered at: [ 61.697912][ C1] lock_acquire+0x1e4/0x530 [ 61.702505][ C1] __mmap_lock_do_trace_acquire_returned+0xa8/0x600 [ 61.709166][ C1] lock_mm_and_find_vma+0x213/0x2f0 [ 61.714447][ C1] exc_page_fault+0x1a9/0x890 [ 61.719203][ C1] asm_exc_page_fault+0x26/0x30 [ 61.724138][ C1] __put_user_4+0x11/0x20 [ 61.728625][ C1] schedule_tail+0x96/0xb0 [ 61.733122][ C1] ret_from_fork+0x24/0x80 [ 61.737612][ C1] ret_from_fork_asm+0x1a/0x30 [ 61.742445][ C1] irq event stamp: 459 [ 61.746487][ C1] hardirqs last enabled at (458): [] _raw_spin_unlock_irqrestore+0x8f/0x140 [ 61.756793][ C1] hardirqs last disabled at (459): [] queue_work_on+0xfa/0x250 [ 61.765899][ C1] softirqs last enabled at (0): [] copy_process+0xa03/0x3df0 [ 61.774900][ C1] softirqs last disabled at (399): [] __irq_exit_rcu+0xf2/0x1c0 [ 61.784089][ C1] [ 61.784089][ C1] other info that might help us debug this: [ 61.792124][ C1] Possible unsafe locking scenario: [ 61.792124][ C1] [ 61.799564][ C1] CPU0 [ 61.802837][ C1] ---- [ 61.806112][ C1] lock(lock#9); [ 61.809745][ C1] [ 61.813175][ C1] lock(lock#9); [ 61.817052][ C1] [ 61.817052][ C1] *** DEADLOCK *** [ 61.817052][ C1] [ 61.825178][ C1] 7 locks held by syz-executor914/5165: [ 61.830705][ C1] #0: ffffffff8e797d30 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_check_open_permission+0x204/0x500 [ 61.840954][ C1] #1: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: __task_pid_nr_ns+0x28/0x450 [ 61.850447][ C1] #2: ffffffff8e1319e0 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 [ 61.859291][ C1] #3: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: __queue_work+0x198/0xec0 [ 61.868578][ C1] #4: ffff8880b953d8d8 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x6ec/0xec0 [ 61.877605][ C1] #5: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0x14a/0x460 [ 61.886971][ C1] #6: ffff888021fabaa0 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x237/0x9d0 [ 61.897731][ C1] [ 61.897731][ C1] stack backtrace: [ 61.903845][ C1] CPU: 1 PID: 5165 Comm: syz-executor914 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 [ 61.913891][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 61.923932][ C1] Call Trace: [ 61.927310][ C1] [ 61.930142][ C1] dump_stack_lvl+0x1e7/0x2e0 [ 61.934820][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 61.939999][ C1] ? print_usage_bug+0x61a/0x8a0 [ 61.944917][ C1] ? is_bpf_text_address+0x28d/0x2b0 [ 61.950269][ C1] valid_state+0x13a/0x1c0 [ 61.954667][ C1] mark_lock_irq+0xbb/0xc20 [ 61.959164][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 61.964081][ C1] ? __pfx_mark_lock_irq+0x10/0x10 [ 61.969176][ C1] ? stack_trace_save+0x118/0x1d0 [ 61.974204][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 61.979556][ C1] ? validate_chain+0x11b/0x58e0 [ 61.984477][ C1] ? lockdep_lock+0x123/0x2b0 [ 61.989140][ C1] ? save_trace+0x5a/0xb40 [ 61.993537][ C1] mark_lock+0x223/0x350 [ 61.997792][ C1] __lock_acquire+0xbcd/0x1fd0 [ 62.002576][ C1] lock_acquire+0x1e4/0x530 [ 62.007235][ C1] ? __mmap_lock_do_trace_acquire_returned+0x8f/0x600 [ 62.014156][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 62.019161][ C1] ? __pfx_validate_chain+0x10/0x10 [ 62.024348][ C1] ? __pfx_validate_chain+0x10/0x10 [ 62.029532][ C1] ? down_read_trylock+0x24f/0x3c0 [ 62.034623][ C1] ? stack_map_get_build_id_offset+0x237/0x9d0 [ 62.040757][ C1] ? __mmap_lock_do_trace_acquire_returned+0x8f/0x600 [ 62.047605][ C1] __mmap_lock_do_trace_acquire_returned+0xa8/0x600 [ 62.054172][ C1] ? __mmap_lock_do_trace_acquire_returned+0x8f/0x600 [ 62.060937][ C1] stack_map_get_build_id_offset+0x9b2/0x9d0 [ 62.066899][ C1] ? __pfx_stack_map_get_build_id_offset+0x10/0x10 [ 62.073386][ C1] __bpf_get_stack+0x4ad/0x5a0 [ 62.078153][ C1] ? __pfx___bpf_get_stack+0x10/0x10 [ 62.083529][ C1] ? __pfx___cant_migrate+0x10/0x10 [ 62.088716][ C1] bpf_get_stack_raw_tp+0x1a3/0x240 [ 62.093904][ C1] bpf_prog_e6cf5f9c69743609+0x42/0x46 [ 62.099352][ C1] bpf_trace_run3+0x238/0x460 [ 62.104093][ C1] ? bpf_trace_run3+0x14a/0x460 [ 62.109012][ C1] ? __pfx_bpf_trace_run3+0x10/0x10 [ 62.114184][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 62.119189][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 62.124546][ C1] ? __pfx___bpf_trace_workqueue_queue_work+0x10/0x10 [ 62.131292][ C1] __traceiter_workqueue_queue_work+0x80/0xd0 [ 62.137349][ C1] __queue_work+0xe5b/0xec0 [ 62.141833][ C1] ? __queue_work+0x198/0xec0 [ 62.146488][ C1] ? rcu_is_watching+0x15/0xb0 [ 62.151228][ C1] queue_work_on+0x14f/0x250 [ 62.155815][ C1] ? __pfx_queue_work_on+0x10/0x10 [ 62.160936][ C1] ? rcu_is_watching+0x15/0xb0 [ 62.165795][ C1] ? kfree+0x4e/0x380 [ 62.169771][ C1] ? rcu_core+0xa86/0x1830 [ 62.174173][ C1] ? rcu_core+0xa86/0x1830 [ 62.178591][ C1] ? __pfx___bpf_prog_put_rcu+0x10/0x10 [ 62.184206][ C1] rcu_core+0xafd/0x1830 [ 62.188537][ C1] ? __pfx_rcu_core+0x10/0x10 [ 62.193275][ C1] ? rebalance_domains+0x949/0xac0 [ 62.198386][ C1] ? rebalance_domains+0x1b9/0xac0 [ 62.203568][ C1] ? __pfx_rebalance_domains+0x10/0x10 [ 62.209008][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 62.214282][ C1] __do_softirq+0x2bc/0x943 [ 62.218859][ C1] ? __irq_exit_rcu+0xf2/0x1c0 [ 62.223691][ C1] ? __pfx___do_softirq+0x10/0x10 [ 62.228799][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 62.234080][ C1] __irq_exit_rcu+0xf2/0x1c0 [ 62.238658][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 62.243842][ C1] irq_exit_rcu+0x9/0x30 [ 62.248070][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 62.253781][ C1] [ 62.256694][ C1] [ 62.259607][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 62.265582][ C1] RIP: 0010:__task_pid_nr_ns+0x2d0/0x450 [ 62.271287][ C1] Code: 89 c3 31 ff 89 c6 e8 cf 7e 33 00 85 db 0f 84 d9 00 00 00 80 3d 15 b9 0f 0e 01 0f 85 d6 00 00 00 e8 75 7a 33 00 e9 3d ff ff ff 6b 7a 33 00 49 8d 9c 1c e0 00 00 00 48 89 d8 48 c1 e8 03 42 0f [ 62.290876][ C1] RSP: 0018:ffffc90004a473c8 EFLAGS: 00000246 [ 62.296921][ C1] RAX: 1ffff110051d261d RBX: 0000000000000000 RCX: ffff88802f1a0000 [ 62.304870][ C1] RDX: ffff88802f1a0000 RSI: 0000000000000000 RDI: 0000000000000000 [ 62.312819][ C1] RBP: ffff888028e930e8 R08: ffffffff81617584 R09: 1ffffffff2598ea0 [ 62.320857][ C1] R10: dffffc0000000000 R11: fffffbfff2598ea1 R12: ffff888028e93000 [ 62.328812][ C1] R13: dffffc0000000000 R14: ffffffff81617358 R15: ffffffff8dfe12a0 [ 62.336785][ C1] ? __task_pid_nr_ns+0x28/0x450 [ 62.341725][ C1] ? __task_pid_nr_ns+0x254/0x450 [ 62.346743][ C1] ? __task_pid_nr_ns+0x254/0x450 [ 62.351766][ C1] tomoyo_get_local_path+0x3f5/0x7b0 [ 62.357127][ C1] ? __pfx_tomoyo_get_local_path+0x10/0x10 [ 62.362915][ C1] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 62.368971][ C1] ? rcu_is_watching+0x15/0xb0 [ 62.373721][ C1] ? trace_kmalloc+0x1f/0xb0 [ 62.378290][ C1] ? __kmalloc+0x24f/0x4a0 [ 62.382700][ C1] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 62.388581][ C1] tomoyo_realpath_from_path+0x49c/0x5e0 [ 62.394221][ C1] tomoyo_check_open_permission+0x255/0x500 [ 62.400151][ C1] ? tomoyo_check_open_permission+0x204/0x500 [ 62.406204][ C1] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 62.412609][ C1] ? tomoyo_file_open+0x168/0x220 [ 62.417626][ C1] security_file_open+0x69/0x570 [ 62.422637][ C1] ? try_module_get+0x11/0x150 [ 62.427392][ C1] do_dentry_open+0x327/0x15a0 [ 62.432154][ C1] ? inode_permission+0xff/0x460 [ 62.437075][ C1] path_openat+0x2860/0x3240 [ 62.441663][ C1] ? look_up_lock_class+0x77/0x160 [ 62.446850][ C1] ? __pfx_path_openat+0x10/0x10 [ 62.451771][ C1] do_filp_open+0x235/0x490 [ 62.456307][ C1] ? __pfx_do_filp_open+0x10/0x10 [ 62.461421][ C1] ? __pfx_kfree_link+0x10/0x10 [ 62.466284][ C1] ? _raw_spin_unlock+0x28/0x50 [ 62.471142][ C1] ? alloc_fd+0x59d/0x640 [ 62.475458][ C1] do_sys_openat2+0x13e/0x1d0 [ 62.480128][ C1] ? __pfx_do_sys_openat2+0x10/0x10 [ 62.485330][ C1] __x64_sys_openat+0x247/0x2a0 [ 62.490176][ C1] ? __pfx___x64_sys_openat+0x10/0x10 [ 62.495560][ C1] ? exc_page_fault+0x585/0x890 [ 62.500535][ C1] ? do_syscall_64+0xb6/0x240 [ 62.505217][ C1] do_syscall_64+0xfb/0x240 [ 62.509714][ C1] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.515626][ C1] RIP: 0033:0x7f72e44429d1 [ 62.520084][ C1] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d ba 86 07 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25 [ 62.539710][ C1] RSP: 002b:00007ffc4f0b2ed0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 62.548126][ C1] RAX: ffffffffffffffda RBX: 0000000000080001 RCX: 00007f72e44429d1 [ 62.556083][ C1] RDX: 0000000000080001 RSI: 00007f72e448c090 RDI: 00000000ffffff9c [ 62.564214][ C1] RBP: 00007f72e448c090 R08: 0000000000000000 R09: 0000000000000000 [ 62.572177][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffc4f0b2f70 [ 62.580216][ C1] R13: 000000000000f07f R14: 00007ffc4f0b344c R15: 00007ffc4f0b3450 [ 62.588283][ C1]