./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2486975719 <...> Warning: Permanently added '10.128.0.111' (ED25519) to the list of known hosts. execve("./syz-executor2486975719", ["./syz-executor2486975719"], 0x7fff4874e4d0 /* 10 vars */) = 0 brk(NULL) = 0x55558c754000 brk(0x55558c754d00) = 0x55558c754d00 arch_prctl(ARCH_SET_FS, 0x55558c754380) = 0 set_tid_address(0x55558c754650) = 5065 set_robust_list(0x55558c754660, 24) = 0 rseq(0x55558c754ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2486975719", 4096) = 28 getrandom("\xf4\x84\x1b\xfb\x3f\xf4\x16\xde", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558c754d00 brk(0x55558c775d00) = 0x55558c775d00 brk(0x55558c776000) = 0x55558c776000 mprotect(0x7feec2269000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c754650) = 5066 ./strace-static-x86_64: Process 5066 attached [pid 5066] set_robust_list(0x55558c754660, 24) = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=4, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5066] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5066] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="contention_end", prog_fd=4}}, 16) = 5 [ 59.129671][ T5062] [ 59.132014][ T5062] ===================================================== [ 59.138939][ T5062] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 59.146366][ T5062] 6.8.0-syzkaller-05226-g0740b6427e90 #0 Not tainted [ 59.153010][ T5062] ----------------------------------------------------- [ 59.159914][ T5062] strace-static-x/5062 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 59.167954][ T5062] ffff888021dde820 (&htab->buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xb0/0x300 [ 59.178210][ T5062] [ 59.178210][ T5062] and this task is already holding: [ 59.185548][ T5062] ffff8880b943e158 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 59.195003][ T5062] which would create a new lock dependency: [ 59.200879][ T5062] (&rq->__lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+...}-{2:2} [ 59.208945][ T5062] [ 59.208945][ T5062] but this new dependency connects a HARDIRQ-irq-safe lock: [ 59.218364][ T5062] (&rq->__lock){-.-.}-{2:2} [ 59.218379][ T5062] [ 59.218379][ T5062] ... which became HARDIRQ-irq-safe at: [ 59.230616][ T5062] lock_acquire+0x1e4/0x530 [ 59.235186][ T5062] _raw_spin_lock_nested+0x31/0x40 [ 59.240372][ T5062] raw_spin_rq_lock_nested+0x2a/0x140 [ 59.245811][ T5062] scheduler_tick+0xa1/0x6e0 [ 59.250464][ T5062] update_process_times+0x202/0x230 [ 59.255728][ T5062] tick_periodic+0x190/0x220 [ 59.260378][ T5062] tick_handle_periodic+0x4a/0x160 [ 59.265550][ T5062] timer_interrupt+0x5c/0x70 [ 59.270205][ T5062] __handle_irq_event_percpu+0x28c/0xa30 [ 59.275901][ T5062] handle_irq_event+0x89/0x1f0 [ 59.280729][ T5062] handle_edge_irq+0x25f/0xc20 [ 59.285553][ T5062] __common_interrupt+0x13a/0x230 [ 59.290638][ T5062] common_interrupt+0xa5/0xd0 [ 59.295380][ T5062] asm_common_interrupt+0x26/0x40 [ 59.300477][ T5062] console_flush_all+0x9cd/0xec0 [ 59.305487][ T5062] console_unlock+0x13b/0x4d0 [ 59.310224][ T5062] vprintk_emit+0x509/0x720 [ 59.314788][ T5062] _printk+0xd5/0x120 [ 59.318830][ T5062] spectre_v2_select_mitigation+0x651/0x8f0 [ 59.324785][ T5062] cpu_select_mitigations+0x41/0xa0 [ 59.330045][ T5062] arch_cpu_finalize_init+0x20/0xa0 [ 59.335306][ T5062] start_kernel+0x402/0x500 [ 59.339868][ T5062] x86_64_start_reservations+0x2a/0x30 [ 59.345387][ T5062] x86_64_start_kernel+0x99/0xa0 [ 59.350383][ T5062] common_startup_64+0x13e/0x147 [ 59.355384][ T5062] [ 59.355384][ T5062] to a HARDIRQ-irq-unsafe lock: [ 59.362380][ T5062] (&htab->buckets[i].lock){+...}-{2:2} [ 59.362398][ T5062] [ 59.362398][ T5062] ... which became HARDIRQ-irq-unsafe at: [ 59.375763][ T5062] ... [ 59.375767][ T5062] lock_acquire+0x1e4/0x530 [ 59.382888][ T5062] _raw_spin_lock_bh+0x35/0x50 [ 59.387713][ T5062] sock_hash_delete_elem+0xb0/0x300 [ 59.392973][ T5062] bpf_prog_43221478a22f23b5+0x42/0x46 [ 59.398494][ T5062] bpf_trace_run2+0x204/0x420 [ 59.403232][ T5062] trace_contention_end+0xd7/0x100 [ 59.408407][ T5062] __mutex_lock+0x2e5/0xd70 [ 59.412972][ T5062] pipe_write+0x1c9/0x1a40 [ 59.417449][ T5062] vfs_write+0xa84/0xcb0 [ 59.421754][ T5062] ksys_write+0x1a0/0x2c0 [ 59.426143][ T5062] do_syscall_64+0xfb/0x240 [ 59.430709][ T5062] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 59.436665][ T5062] [ 59.436665][ T5062] other info that might help us debug this: [ 59.436665][ T5062] [ 59.446864][ T5062] Possible interrupt unsafe locking scenario: [ 59.446864][ T5062] [ 59.455157][ T5062] CPU0 CPU1 [ 59.460494][ T5062] ---- ---- [ 59.465829][ T5062] lock(&htab->buckets[i].lock); [ 59.470830][ T5062] local_irq_disable(); [ 59.477560][ T5062] lock(&rq->__lock); [ 59.484122][ T5062] lock(&htab->buckets[i].lock); [ 59.491640][ T5062] [ 59.495073][ T5062] lock(&rq->__lock); [ 59.499292][ T5062] [ 59.499292][ T5062] *** DEADLOCK *** [ 59.499292][ T5062] [ 59.507406][ T5062] 3 locks held by strace-static-x/5062: [ 59.512923][ T5062] #0: ffff88802a400a10 (&p->pi_lock){-.-.}-{2:2}, at: task_rq_lock+0x57/0x360 [ 59.521858][ T5062] #1: ffff8880b943e158 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 59.531743][ T5062] #2: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x114/0x420 [ 59.541103][ T5062] [ 59.541103][ T5062] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 59.551480][ T5062] -> (&rq->__lock){-.-.}-{2:2} { [ 59.556403][ T5062] IN-HARDIRQ-W at: [ 59.560356][ T5062] lock_acquire+0x1e4/0x530 [ 59.566480][ T5062] _raw_spin_lock_nested+0x31/0x40 [ 59.573221][ T5062] raw_spin_rq_lock_nested+0x2a/0x140 [ 59.580234][ T5062] scheduler_tick+0xa1/0x6e0 [ 59.586456][ T5062] update_process_times+0x202/0x230 [ 59.593278][ T5062] tick_periodic+0x190/0x220 [ 59.599493][ T5062] tick_handle_periodic+0x4a/0x160 [ 59.606226][ T5062] timer_interrupt+0x5c/0x70 [ 59.612443][ T5062] __handle_irq_event_percpu+0x28c/0xa30 [ 59.619703][ T5062] handle_irq_event+0x89/0x1f0 [ 59.626088][ T5062] handle_edge_irq+0x25f/0xc20 [ 59.632474][ T5062] __common_interrupt+0x13a/0x230 [ 59.639129][ T5062] common_interrupt+0xa5/0xd0 [ 59.645435][ T5062] asm_common_interrupt+0x26/0x40 [ 59.652091][ T5062] console_flush_all+0x9cd/0xec0 [ 59.658651][ T5062] console_unlock+0x13b/0x4d0 [ 59.664967][ T5062] vprintk_emit+0x509/0x720 [ 59.671096][ T5062] _printk+0xd5/0x120 [ 59.676704][ T5062] spectre_v2_select_mitigation+0x651/0x8f0 [ 59.684223][ T5062] cpu_select_mitigations+0x41/0xa0 [ 59.691046][ T5062] arch_cpu_finalize_init+0x20/0xa0 [ 59.697884][ T5062] start_kernel+0x402/0x500 [ 59.704011][ T5062] x86_64_start_reservations+0x2a/0x30 [ 59.711094][ T5062] x86_64_start_kernel+0x99/0xa0 [ 59.717657][ T5062] common_startup_64+0x13e/0x147 [ 59.724218][ T5062] IN-SOFTIRQ-W at: [ 59.728172][ T5062] lock_acquire+0x1e4/0x530 [ 59.734298][ T5062] _raw_spin_lock_nested+0x31/0x40 [ 59.741033][ T5062] raw_spin_rq_lock_nested+0x2a/0x140 [ 59.748048][ T5062] try_to_wake_up+0x7d3/0x1470 [ 59.754454][ T5062] call_timer_fn+0x17e/0x600 [ 59.760669][ T5062] __run_timer_base+0x66a/0x8e0 [ 59.767230][ T5062] run_timer_softirq+0xb7/0x170 [ 59.773707][ T5062] __do_softirq+0x2bc/0x943 [ 59.779836][ T5062] __irq_exit_rcu+0xf2/0x1c0 [ 59.786047][ T5062] irq_exit_rcu+0x9/0x30 [ 59.791911][ T5062] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 59.799164][ T5062] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 59.806771][ T5062] default_idle+0x13/0x20 [ 59.812727][ T5062] default_idle_call+0x74/0xb0 [ 59.819203][ T5062] do_idle+0x22f/0x5d0 [ 59.824895][ T5062] cpu_startup_entry+0x42/0x60 [ 59.831298][ T5062] rest_init+0x2e0/0x300 [ 59.837226][ T5062] arch_call_rest_init+0xe/0x10 [ 59.843720][ T5062] start_kernel+0x47a/0x500 [ 59.849863][ T5062] x86_64_start_reservations+0x2a/0x30 [ 59.856977][ T5062] x86_64_start_kernel+0x99/0xa0 [ 59.863547][ T5062] common_startup_64+0x13e/0x147 [ 59.870115][ T5062] INITIAL USE at: [ 59.873986][ T5062] lock_acquire+0x1e4/0x530 [ 59.880028][ T5062] _raw_spin_lock_nested+0x31/0x40 [ 59.886679][ T5062] raw_spin_rq_lock_nested+0x2a/0x140 [ 59.893593][ T5062] rq_attach_root+0xee/0x540 [ 59.899722][ T5062] sched_init+0x64e/0xc30 [ 59.905590][ T5062] start_kernel+0x1ab/0x500 [ 59.911644][ T5062] x86_64_start_reservations+0x2a/0x30 [ 59.918641][ T5062] x86_64_start_kernel+0x99/0xa0 [ 59.925117][ T5062] common_startup_64+0x13e/0x147 [ 59.931610][ T5062] } [ 59.934108][ T5062] ... key at: [] sched_init.__key+0x0/0x20 [ 59.941989][ T5062] [ 59.941989][ T5062] the dependencies between the lock to be acquired [ 59.941995][ T5062] and HARDIRQ-irq-unsafe lock: [ 59.955480][ T5062] -> (&htab->buckets[i].lock){+...}-{2:2} { [ 59.961364][ T5062] HARDIRQ-ON-W at: [ 59.965322][ T5062] lock_acquire+0x1e4/0x530 [ 59.971454][ T5062] _raw_spin_lock_bh+0x35/0x50 [ 59.977845][ T5062] sock_hash_delete_elem+0xb0/0x300 [ 59.984670][ T5062] bpf_prog_43221478a22f23b5+0x42/0x46 [ 59.991758][ T5062] bpf_trace_run2+0x204/0x420 [ 59.998067][ T5062] trace_contention_end+0xd7/0x100 [ 60.004803][ T5062] __mutex_lock+0x2e5/0xd70 [ 60.010948][ T5062] pipe_write+0x1c9/0x1a40 [ 60.017000][ T5062] vfs_write+0xa84/0xcb0 [ 60.022869][ T5062] ksys_write+0x1a0/0x2c0 [ 60.028822][ T5062] do_syscall_64+0xfb/0x240 [ 60.034956][ T5062] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 60.042482][ T5062] INITIAL USE at: [ 60.046357][ T5062] lock_acquire+0x1e4/0x530 [ 60.052417][ T5062] _raw_spin_lock_bh+0x35/0x50 [ 60.058733][ T5062] sock_hash_delete_elem+0xb0/0x300 [ 60.065480][ T5062] bpf_prog_43221478a22f23b5+0x42/0x46 [ 60.072496][ T5062] bpf_trace_run2+0x204/0x420 [ 60.078721][ T5062] trace_contention_end+0xd7/0x100 [ 60.085374][ T5062] __mutex_lock+0x2e5/0xd70 [ 60.091423][ T5062] pipe_write+0x1c9/0x1a40 [ 60.097387][ T5062] vfs_write+0xa84/0xcb0 [ 60.103172][ T5062] ksys_write+0x1a0/0x2c0 [ 60.109039][ T5062] do_syscall_64+0xfb/0x240 [ 60.115083][ T5062] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 60.122519][ T5062] } [ 60.124995][ T5062] ... key at: [] sock_hash_alloc.__key+0x0/0x20 [ 60.133297][ T5062] ... acquired at: [ 60.137074][ T5062] lock_acquire+0x1e4/0x530 [ 60.141723][ T5062] _raw_spin_lock_bh+0x35/0x50 [ 60.146636][ T5062] sock_hash_delete_elem+0xb0/0x300 [ 60.151982][ T5062] bpf_prog_43221478a22f23b5+0x42/0x46 [ 60.157589][ T5062] bpf_trace_run2+0x204/0x420 [ 60.162412][ T5062] trace_contention_end+0xf6/0x120 [ 60.167673][ T5062] __pv_queued_spin_lock_slowpath+0x939/0xc60 [ 60.173891][ T5062] queued_spin_lock_slowpath+0x42/0x50 [ 60.179502][ T5062] do_raw_spin_lock+0x272/0x370 [ 60.184502][ T5062] raw_spin_rq_lock_nested+0x2a/0x140 [ 60.190038][ T5062] task_rq_lock+0xc6/0x360 [ 60.194604][ T5062] wait_task_inactive+0x1fa/0x6f0 [ 60.199777][ T5062] ptrace_check_attach+0x19d/0x3a0 [ 60.205040][ T5062] __se_sys_ptrace+0x136/0x450 [ 60.209949][ T5062] do_syscall_64+0xfb/0x240 [ 60.214614][ T5062] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 60.220658][ T5062] [ 60.222977][ T5062] [ 60.222977][ T5062] stack backtrace: [ 60.228852][ T5062] CPU: 1 PID: 5062 Comm: strace-static-x Not tainted 6.8.0-syzkaller-05226-g0740b6427e90 #0 [ 60.238898][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 60.248946][ T5062] Call Trace: [ 60.252211][ T5062] [ 60.255126][ T5062] dump_stack_lvl+0x1e7/0x2e0 [ 60.259789][ T5062] ? __pfx_dump_stack_lvl+0x10/0x10 [ 60.264965][ T5062] ? __pfx__printk+0x10/0x10 [ 60.269535][ T5062] ? print_shortest_lock_dependencies+0xf2/0x160 [ 60.275846][ T5062] validate_chain+0x4dc7/0x58e0 [ 60.280681][ T5062] ? __pfx_validate_chain+0x10/0x10 [ 60.285871][ T5062] ? __pfx_validate_chain+0x10/0x10 [ 60.291060][ T5062] ? __pfx_validate_chain+0x10/0x10 [ 60.296235][ T5062] ? __pfx_validate_chain+0x10/0x10 [ 60.301415][ T5062] ? validate_chain+0x11b/0x58e0 [ 60.306330][ T5062] ? mark_lock+0x9a/0x350 [ 60.310636][ T5062] __lock_acquire+0x1346/0x1fd0 [ 60.315471][ T5062] lock_acquire+0x1e4/0x530 [ 60.319951][ T5062] ? sock_hash_delete_elem+0xb0/0x300 [ 60.325300][ T5062] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 60.330995][ T5062] ? __pfx_lock_acquire+0x10/0x10 [ 60.335998][ T5062] ? sock_hash_delete_elem+0xb0/0x300 [ 60.341347][ T5062] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 60.347129][ T5062] ? __pfx_lock_acquire+0x10/0x10 [ 60.352133][ T5062] ? sock_hash_delete_elem+0xb0/0x300 [ 60.357480][ T5062] _raw_spin_lock_bh+0x35/0x50 [ 60.362218][ T5062] ? sock_hash_delete_elem+0xb0/0x300 [ 60.367568][ T5062] sock_hash_delete_elem+0xb0/0x300 [ 60.372745][ T5062] bpf_prog_43221478a22f23b5+0x42/0x46 [ 60.378183][ T5062] bpf_trace_run2+0x204/0x420 [ 60.382834][ T5062] ? bpf_trace_run2+0x114/0x420 [ 60.387659][ T5062] ? __pfx_bpf_trace_run2+0x10/0x10 [ 60.392833][ T5062] ? __lock_acquire+0x1346/0x1fd0 [ 60.397831][ T5062] trace_contention_end+0xf6/0x120 [ 60.402920][ T5062] __pv_queued_spin_lock_slowpath+0x939/0xc60 [ 60.408964][ T5062] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 60.415529][ T5062] queued_spin_lock_slowpath+0x42/0x50 [ 60.420968][ T5062] do_raw_spin_lock+0x272/0x370 [ 60.425797][ T5062] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 60.431147][ T5062] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 60.436583][ T5062] raw_spin_rq_lock_nested+0x2a/0x140 [ 60.441932][ T5062] task_rq_lock+0xc6/0x360 [ 60.446328][ T5062] wait_task_inactive+0x1fa/0x6f0 [ 60.451329][ T5062] ? ptrace_check_attach+0x2d9/0x3a0 [ 60.456588][ T5062] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 60.462540][ T5062] ? __pfx_wait_task_inactive+0x10/0x10 [ 60.468058][ T5062] ? _raw_spin_lock_irq+0xdf/0x120 [ 60.473144][ T5062] ptrace_check_attach+0x19d/0x3a0 [ 60.478233][ T5062] __se_sys_ptrace+0x136/0x450 [ 60.482989][ T5062] ? __pfx___se_sys_ptrace+0x10/0x10 [ 60.488261][ T5062] ? do_syscall_64+0x10a/0x240 [ 60.493004][ T5062] ? do_syscall_64+0xb6/0x240 [ 60.497659][ T5062] do_syscall_64+0xfb/0x240 [ 60.502141][ T5062] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 60.508019][ T5062] RIP: 0033:0x4e987a [ 60.511892][ T5062] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 54 [ 60.531488][ T5062] RSP: 002b:00007fff4874dff0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065 [ 60.539886][ T5062] RAX: ffffffffffffffda RBX: 000000003e957b90 RCX: 00000000004e987a [ 60.547836][ T5062] RDX: 0000000000000058 RSI: 00000000000013c9 RDI: 000000000000420e [ 60.555786][ T5062] RBP: 0000000000664740 R08: 000000000000420d R09: 00000000000003c9 [ 60.563736][ T5062] R10: 0000000000664740 R11: 0000000000000206 R12: 00007fff4874e13c [ 60.571691][ T5062] R13: 000000000000857f R14: 000000003e957b90 R15: 000000000063f160 [ 60.579646][ T5062]