./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3518495827 <...> Warning: Permanently added '10.128.1.57' (ED25519) to the list of known hosts. execve("./syz-executor3518495827", ["./syz-executor3518495827"], 0x7fffcbf47540 /* 10 vars */) = 0 brk(NULL) = 0x55555d20c000 brk(0x55555d20cd00) = 0x55555d20cd00 arch_prctl(ARCH_SET_FS, 0x55555d20c380) = 0 set_tid_address(0x55555d20c650) = 5072 set_robust_list(0x55555d20c660, 24) = 0 rseq(0x55555d20cca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3518495827", 4096) = 28 getrandom("\xc8\xa8\xb3\x44\xdd\x8e\x52\x9b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555d20cd00 brk(0x55555d22dd00) = 0x55555d22dd00 brk(0x55555d22e000) = 0x55555d22e000 mprotect(0x7fb94809e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached , child_tidptr=0x55555d20c650) = 5073 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5073] set_robust_list(0x55555d20c660, 24) = 0 ./strace-static-x86_64: Process 5074 attached [pid 5073] unshare(CLONE_NEWPID [pid 5072] <... clone resumed>, child_tidptr=0x55555d20c650) = 5074 [pid 5074] set_robust_list(0x55555d20c660, 24 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] <... set_robust_list resumed>) = 0 [pid 5073] <... unshare resumed>) = 0 [pid 5074] unshare(CLONE_NEWPID [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached [pid 5074] <... unshare resumed>) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5075] set_robust_list(0x55555d20c660, 24./strace-static-x86_64: Process 5077 attached ./strace-static-x86_64: Process 5076 attached [pid 5072] <... clone resumed>, child_tidptr=0x55555d20c650) = 5075 [pid 5074] <... clone resumed>, child_tidptr=0x55555d20c650) = 5077 [pid 5075] <... set_robust_list resumed>) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5077] set_robust_list(0x55555d20c660, 24 [pid 5076] set_robust_list(0x55555d20c660, 24 [pid 5073] <... clone resumed>, child_tidptr=0x55555d20c650) = 5076 [pid 5077] <... set_robust_list resumed>) = 0 [pid 5076] <... set_robust_list resumed>) = 0 [pid 5075] unshare(CLONE_NEWPID [pid 5077] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL./strace-static-x86_64: Process 5078 attached ) = -1 EBUSY (Device or resource busy) [pid 5076] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 5075] <... unshare resumed>) = 0 [pid 5072] <... clone resumed>, child_tidptr=0x55555d20c650) = 5078 [pid 5078] set_robust_list(0x55555d20c660, 24 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5076] <... mount resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 5079 attached [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5078] <... set_robust_list resumed>) = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5079] set_robust_list(0x55555d20c660, 24 [pid 5078] unshare(CLONE_NEWPID [pid 5077] <... prctl resumed>) = 0 [pid 5079] <... set_robust_list resumed>) = 0 [pid 5078] <... unshare resumed>) = 0 [pid 5079] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 5078] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5079] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5077] setsid( [pid 5076] <... prctl resumed>) = 0 [pid 5075] <... clone resumed>, child_tidptr=0x55555d20c650) = 5079 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 5081 attached ) = 0 [pid 5077] <... setsid resumed>) = 1 [pid 5076] setsid( [pid 5079] setsid( [pid 5076] <... setsid resumed>) = 1 [pid 5081] set_robust_list(0x55555d20c660, 24 [pid 5079] <... setsid resumed>) = 1 [pid 5077] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 5076] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, ./strace-static-x86_64: Process 5080 attached [pid 5081] <... set_robust_list resumed>) = 0 [pid 5079] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 5078] <... clone resumed>, child_tidptr=0x55555d20c650) = 5080 [pid 5077] <... prlimit64 resumed>NULL) = 0 [pid 5076] <... prlimit64 resumed>NULL) = 0 [pid 5072] <... clone resumed>, child_tidptr=0x55555d20c650) = 5081 [pid 5080] set_robust_list(0x55555d20c660, 24 [pid 5081] unshare(CLONE_NEWPID [pid 5079] <... prlimit64 resumed>NULL) = 0 [pid 5077] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 5076] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 5080] <... set_robust_list resumed>) = 0 [pid 5077] <... prlimit64 resumed>NULL) = 0 [pid 5076] <... prlimit64 resumed>NULL) = 0 [pid 5080] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 5081] <... unshare resumed>) = 0 [pid 5079] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 5077] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 5076] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5079] <... prlimit64 resumed>NULL) = 0 [pid 5077] <... prlimit64 resumed>NULL) = 0 [pid 5076] <... prlimit64 resumed>NULL) = 0 [pid 5080] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5079] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 5077] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 5076] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, ./strace-static-x86_64: Process 5082 attached [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5079] <... prlimit64 resumed>NULL) = 0 [pid 5077] <... prlimit64 resumed>NULL) = 0 [pid 5076] <... prlimit64 resumed>NULL) = 0 [pid 5082] set_robust_list(0x55555d20c660, 24 [pid 5080] <... prctl resumed>) = 0 [pid 5081] <... clone resumed>, child_tidptr=0x55555d20c650) = 5082 [pid 5079] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 5077] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 5076] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 5082] <... set_robust_list resumed>) = 0 [pid 5080] setsid( [pid 5079] <... prlimit64 resumed>NULL) = 0 [pid 5077] <... prlimit64 resumed>NULL) = 0 [pid 5076] <... prlimit64 resumed>NULL) = 0 [pid 5082] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 5080] <... setsid resumed>) = 1 [pid 5079] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 5077] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 5076] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 5080] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 5082] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5077] <... prlimit64 resumed>NULL) = 0 [pid 5076] <... prlimit64 resumed>NULL) = 0 [pid 5080] <... prlimit64 resumed>NULL) = 0 [pid 5077] unshare(CLONE_NEWNS [pid 5076] unshare(CLONE_NEWNS [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5080] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 5079] <... prlimit64 resumed>NULL) = 0 [pid 5079] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5082] <... prctl resumed>) = 0 [pid 5079] unshare(CLONE_NEWNS [pid 5080] <... prlimit64 resumed>NULL) = 0 [pid 5077] <... unshare resumed>) = 0 [pid 5082] setsid( [pid 5079] <... unshare resumed>) = 0 [pid 5082] <... setsid resumed>) = 1 [pid 5080] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 5079] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 5077] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 5076] <... unshare resumed>) = 0 [pid 5082] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5080] <... prlimit64 resumed>NULL) = 0 [pid 5079] <... mount resumed>) = 0 [pid 5077] <... mount resumed>) = 0 [pid 5076] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 5082] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 5080] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 5082] <... prlimit64 resumed>NULL) = 0 [pid 5080] <... prlimit64 resumed>NULL) = 0 [pid 5079] unshare(CLONE_NEWIPC [pid 5077] unshare(CLONE_NEWIPC [pid 5082] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 5080] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 5077] <... unshare resumed>) = 0 [pid 5076] <... mount resumed>) = 0 [pid 5082] <... prlimit64 resumed>NULL) = 0 [pid 5080] <... prlimit64 resumed>NULL) = 0 [pid 5082] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 5080] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 5082] <... prlimit64 resumed>NULL) = 0 [pid 5080] <... prlimit64 resumed>NULL) = 0 [pid 5082] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 5080] unshare(CLONE_NEWNS [pid 5082] <... prlimit64 resumed>NULL) = 0 [pid 5077] unshare(CLONE_NEWCGROUP [pid 5076] unshare(CLONE_NEWIPC [pid 5082] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 5080] <... unshare resumed>) = 0 [pid 5079] <... unshare resumed>) = 0 [pid 5077] <... unshare resumed>) = 0 [pid 5082] <... prlimit64 resumed>NULL) = 0 [pid 5082] unshare(CLONE_NEWNS [pid 5076] <... unshare resumed>) = 0 [pid 5077] unshare(CLONE_NEWUTS [pid 5080] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 5079] unshare(CLONE_NEWCGROUP [pid 5077] <... unshare resumed>) = 0 [pid 5076] unshare(CLONE_NEWCGROUP [pid 5082] <... unshare resumed>) = 0 [pid 5080] <... mount resumed>) = 0 [pid 5079] <... unshare resumed>) = 0 [pid 5077] unshare(CLONE_SYSVSEM [pid 5076] <... unshare resumed>) = 0 [pid 5076] unshare(CLONE_NEWUTS [pid 5077] <... unshare resumed>) = 0 [pid 5082] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 5079] unshare(CLONE_NEWUTS [pid 5077] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 5076] <... unshare resumed>) = 0 [pid 5082] <... mount resumed>) = 0 [pid 5080] unshare(CLONE_NEWIPC [pid 5079] <... unshare resumed>) = 0 [pid 5079] unshare(CLONE_SYSVSEM) = 0 [pid 5082] unshare(CLONE_NEWIPC [pid 5080] <... unshare resumed>) = 0 [pid 5077] <... openat resumed>) = 3 [pid 5076] unshare(CLONE_SYSVSEM [pid 5079] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 5082] <... unshare resumed>) = 0 [pid 5080] unshare(CLONE_NEWCGROUP [pid 5079] <... openat resumed>) = 3 [pid 5077] write(3, "16777216", 8 [pid 5076] <... unshare resumed>) = 0 [pid 5080] <... unshare resumed>) = 0 [pid 5077] <... write resumed>) = 8 [pid 5077] close(3 [pid 5080] unshare(CLONE_NEWUTS [pid 5077] <... close resumed>) = 0 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 5080] <... unshare resumed>) = 0 [pid 5080] unshare(CLONE_SYSVSEM [pid 5079] write(3, "16777216", 8 [pid 5077] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 5082] unshare(CLONE_NEWCGROUP [pid 5080] <... unshare resumed>) = 0 [pid 5079] <... write resumed>) = 8 [pid 5076] <... openat resumed>) = 3 [pid 5082] <... unshare resumed>) = 0 [pid 5079] close(3 [pid 5077] <... openat resumed>) = 3 [pid 5079] <... close resumed>) = 0 [pid 5080] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 5082] unshare(CLONE_NEWUTS [pid 5076] write(3, "16777216", 8 [pid 5079] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 5077] write(3, "536870912", 9 [pid 5082] <... unshare resumed>) = 0 [pid 5080] <... openat resumed>) = 3 [pid 5076] <... write resumed>) = 8 [pid 5082] unshare(CLONE_SYSVSEM) = 0 [pid 5077] <... write resumed>) = 9 [pid 5082] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 5080] write(3, "16777216", 8 [pid 5079] <... openat resumed>) = 3 [pid 5077] close(3 [pid 5076] close(3 [pid 5080] <... write resumed>) = 8 [pid 5079] write(3, "536870912", 9 [pid 5077] <... close resumed>) = 0 [pid 5082] <... openat resumed>) = 3 [pid 5076] <... close resumed>) = 0 [pid 5080] close(3 [pid 5079] <... write resumed>) = 9 [pid 5080] <... close resumed>) = 0 [pid 5077] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 5080] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 5079] close(3 [pid 5082] write(3, "16777216", 8 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 5082] <... write resumed>) = 8 [pid 5080] <... openat resumed>) = 3 [pid 5079] <... close resumed>) = 0 [pid 5077] <... openat resumed>) = 3 [pid 5076] <... openat resumed>) = 3 [pid 5082] close(3 [pid 5080] write(3, "536870912", 9 [pid 5079] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 5076] write(3, "536870912", 9 [pid 5082] <... close resumed>) = 0 [pid 5080] <... write resumed>) = 9 [pid 5076] <... write resumed>) = 9 [pid 5082] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 5080] close(3 [pid 5079] <... openat resumed>) = 3 [pid 5077] write(3, "1024", 4 [pid 5076] close(3 [pid 5082] <... openat resumed>) = 3 [pid 5080] <... close resumed>) = 0 [pid 5079] write(3, "1024", 4 [pid 5077] <... write resumed>) = 4 [pid 5079] <... write resumed>) = 4 [pid 5076] <... close resumed>) = 0 [pid 5080] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 5079] close(3 [pid 5077] close(3 [pid 5082] write(3, "536870912", 9 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 5080] <... openat resumed>) = 3 [pid 5082] <... write resumed>) = 9 [pid 5076] <... openat resumed>) = 3 [pid 5082] close(3 [pid 5076] write(3, "1024", 4 [pid 5082] <... close resumed>) = 0 [pid 5076] <... write resumed>) = 4 [pid 5082] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] close(3 [pid 5079] <... close resumed>) = 0 [pid 5076] <... close resumed>) = 0 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 5077] <... close resumed>) = 0 [pid 5080] write(3, "1024", 4 [pid 5079] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 5077] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 5080] <... write resumed>) = 4 [pid 5082] write(3, "1024", 4 [pid 5080] close(3 [pid 5079] <... openat resumed>) = 3 [pid 5076] <... openat resumed>) = 3 [pid 5082] <... write resumed>) = 4 [pid 5080] <... close resumed>) = 0 [pid 5077] <... openat resumed>) = 3 [pid 5082] close(3) = 0 [pid 5076] write(3, "8192", 4 [pid 5082] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 5080] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 5077] write(3, "8192", 4 [pid 5076] <... write resumed>) = 4 [pid 5082] <... openat resumed>) = 3 [pid 5076] close(3 [pid 5082] write(3, "8192", 4 [pid 5080] <... openat resumed>) = 3 [pid 5076] <... close resumed>) = 0 [pid 5082] <... write resumed>) = 4 [pid 5082] close(3 [pid 5079] write(3, "8192", 4 [pid 5077] <... write resumed>) = 4 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 5080] write(3, "8192", 4 [pid 5082] <... close resumed>) = 0 [pid 5079] <... write resumed>) = 4 [pid 5077] close(3 [pid 5076] <... openat resumed>) = 3 [pid 5080] <... write resumed>) = 4 [pid 5079] close(3 [pid 5080] close(3 [pid 5077] <... close resumed>) = 0 [pid 5080] <... close resumed>) = 0 [pid 5079] <... close resumed>) = 0 [pid 5077] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 5080] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 5079] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 5082] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 5076] write(3, "1024", 4 [pid 5082] <... openat resumed>) = 3 [pid 5079] <... openat resumed>) = 3 [pid 5076] <... write resumed>) = 4 [pid 5082] write(3, "1024", 4 [pid 5076] close(3 [pid 5082] <... write resumed>) = 4 [pid 5076] <... close resumed>) = 0 [pid 5082] close(3 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 5082] <... close resumed>) = 0 [pid 5076] <... openat resumed>) = 3 [pid 5082] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] <... openat resumed>) = 3 [pid 5079] write(3, "1024", 4 [pid 5080] write(3, "1024", 4 [pid 5077] <... openat resumed>) = 3 [pid 5082] write(3, "1024", 4 [pid 5079] <... write resumed>) = 4 [pid 5076] write(3, "1024", 4 [pid 5082] <... write resumed>) = 4 [pid 5080] <... write resumed>) = 4 [pid 5079] close(3 [pid 5077] write(3, "1024", 4 [pid 5076] <... write resumed>) = 4 [pid 5082] close(3 [pid 5080] close(3 [pid 5079] <... close resumed>) = 0 [pid 5076] close(3 [pid 5082] <... close resumed>) = 0 [pid 5080] <... close resumed>) = 0 [pid 5079] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 5077] <... write resumed>) = 4 [pid 5076] <... close resumed>) = 0 [pid 5082] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 5080] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 5082] <... openat resumed>) = 3 [pid 5080] <... openat resumed>) = 3 [pid 5079] <... openat resumed>) = 3 [pid 5077] close(3 [pid 5082] write(3, "1024 1048576 500 1024", 21 [pid 5077] <... close resumed>) = 0 [pid 5076] <... openat resumed>) = 3 [pid 5080] write(3, "1024", 4 [pid 5079] write(3, "1024", 4 [pid 5077] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 5082] <... write resumed>) = 21 [pid 5080] <... write resumed>) = 4 [pid 5079] <... write resumed>) = 4 [pid 5076] write(3, "1024 1048576 500 1024", 21 [pid 5082] close(3 [pid 5080] close(3 [pid 5079] close(3 [pid 5077] <... openat resumed>) = 3 [pid 5082] <... close resumed>) = 0 [pid 5076] <... write resumed>) = 21 [pid 5082] getpid( [pid 5076] close(3 [pid 5082] <... getpid resumed>) = 1 [pid 5076] <... close resumed>) = 0 [pid 5082] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 5076] getpid( [pid 5082] <... capget resumed>{effective=1<) = 1 [pid 5082] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5076] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 5082] <... capset resumed>) = 0 [pid 5076] <... capget resumed>{effective=1< [pid 5076] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5080] <... close resumed>) = 0 [pid 5079] <... close resumed>) = 0 [pid 5077] write(3, "1024", 4 [pid 5080] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 5079] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 5077] <... write resumed>) = 4 [pid 5076] <... capset resumed>) = 0 [pid 5076] unshare(CLONE_NEWNET [pid 5080] <... openat resumed>) = 3 [pid 5079] <... openat resumed>) = 3 [pid 5077] close(3) = 0 [pid 5079] write(3, "1024 1048576 500 1024", 21 [pid 5080] write(3, "1024 1048576 500 1024", 21 [pid 5077] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 5080] <... write resumed>) = 21 [pid 5079] <... write resumed>) = 21 [pid 5077] <... openat resumed>) = 3 [pid 5080] close(3 [pid 5079] close(3 [pid 5077] write(3, "1024 1048576 500 1024", 21 [pid 5080] <... close resumed>) = 0 [pid 5079] <... close resumed>) = 0 [pid 5077] <... write resumed>) = 21 [pid 5080] getpid( [pid 5079] getpid( [pid 5080] <... getpid resumed>) = 1 [pid 5079] <... getpid resumed>) = 1 [pid 5077] close(3 [pid 5080] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 5079] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 5080] <... capget resumed>{effective=1<{effective=1<) = 0 [pid 5080] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5079] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5077] getpid( [pid 5080] <... capset resumed>) = 0 [pid 5079] <... capset resumed>) = 0 [pid 5077] <... getpid resumed>) = 1 [pid 5080] unshare(CLONE_NEWNET [pid 5079] unshare(CLONE_NEWNET [pid 5077] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5082] <... unshare resumed>) = 0 [pid 5082] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "0 65535", 7) = 7 [pid 5082] close(3) = 0 [pid 5082] mkdir("/dev/binderfs", 0777) = 0 [pid 5079] <... unshare resumed>) = 0 [pid 5082] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 5079] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] symlink("/dev/binderfs", "./binderfs" [pid 5079] write(3, "0 65535", 7 [pid 5082] <... symlink resumed>) = 0 [pid 5079] <... write resumed>) = 7 [pid 5079] close(3) = 0 [pid 5079] mkdir("/dev/binderfs", 0777 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5079] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5079] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = -1 EEXIST (File exists) [pid 5079] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached ./strace-static-x86_64: Process 5086 attached [pid 5082] <... clone resumed>, child_tidptr=0x55555d20c650) = 2 [pid 5086] set_robust_list(0x55555d20c660, 24 [pid 5088] set_robust_list(0x55555d20c660, 24) = 0 [pid 5079] <... clone resumed>, child_tidptr=0x55555d20c650) = 2 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] setpgid(0, 0 [pid 5088] <... prctl resumed>) = 0 [pid 5086] <... setpgid resumed>) = 0 [pid 5088] setpgid(0, 0 [pid 5077] <... unshare resumed>) = 0 [pid 5076] <... unshare resumed>) = 0 [pid 5077] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 5088] <... setpgid resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5077] <... openat resumed>) = 3 [pid 5076] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "0 65535", 7 [pid 5080] <... unshare resumed>) = 0 [pid 5076] write(3, "0 65535", 7 [pid 5086] <... openat resumed>) = 3 [pid 5080] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 5076] <... write resumed>) = 7 [pid 5076] close(3 [pid 5080] <... openat resumed>) = 3 [pid 5076] <... close resumed>) = 0 [pid 5080] write(3, "0 65535", 7 [pid 5076] mkdir("/dev/binderfs", 0777 [pid 5080] <... write resumed>) = 7 [pid 5076] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5080] close(3 [pid 5076] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 5086] write(3, "1000", 4 [pid 5088] <... openat resumed>) = 3 [pid 5080] <... close resumed>) = 0 [pid 5077] <... write resumed>) = 7 [pid 5088] write(3, "1000", 4 [pid 5086] <... write resumed>) = 4 [pid 5088] <... write resumed>) = 4 [pid 5080] mkdir("/dev/binderfs", 0777 [pid 5077] close(3 [pid 5086] close(3 [pid 5080] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5077] <... close resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5088] close(3 [pid 5080] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 5077] mkdir("/dev/binderfs", 0777 [pid 5076] <... mount resumed>) = 0 [pid 5086] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=6, value_size=8, max_entries=2, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 5088] <... close resumed>) = 0 [pid 5080] <... mount resumed>) = 0 [pid 5077] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5086] <... bpf resumed>) = 3 [pid 5077] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 5076] symlink("/dev/binderfs", "./binderfs" [pid 5086] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000080, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 5088] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=6, value_size=8, max_entries=2, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 5077] <... mount resumed>) = 0 [pid 5088] <... bpf resumed>) = 3 [pid 5080] symlink("/dev/binderfs", "./binderfs" [pid 5086] <... bpf resumed>) = 4 [pid 5077] symlink("/dev/binderfs", "./binderfs" [pid 5076] <... symlink resumed>) = -1 EEXIST (File exists) [pid 5086] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=4}}, 16 [pid 5088] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000080, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 5080] <... symlink resumed>) = -1 EEXIST (File exists) [pid 5077] <... symlink resumed>) = -1 EEXIST (File exists) [ 63.049640][ T5082] [ 63.052096][ T5082] ===================================================== [ 63.059046][ T5082] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 63.066560][ T5082] 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Not tainted [ 63.073224][ T5082] ----------------------------------------------------- [ 63.080483][ T5082] syz-executor351/5082 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 63.088634][ T5082] ffff88801b340268 (&htab->buckets[i].lock){+.-.}-{2:2}, at: sock_hash_delete_elem+0xb0/0x300 [ 63.099021][ T5082] [ 63.099021][ T5082] and this task is already holding: [ 63.106740][ T5082] ffff8880b952c8d8 (hrtimer_bases.lock){-.-.}-{2:2}, at: hrtimer_start_range_ns+0xdf/0xc60 [ 63.117760][ T5082] which would create a new lock dependency: [ 63.123822][ T5082] (hrtimer_bases.lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+.-.}-{2:2} [ 63.132785][ T5082] [ 63.132785][ T5082] but this new dependency connects a HARDIRQ-irq-safe lock: [ 63.142480][ T5082] (hrtimer_bases.lock){-.-.}-{2:2} [ 63.142498][ T5082] [ 63.142498][ T5082] ... which became HARDIRQ-irq-safe at: [ 63.155748][ T5082] lock_acquire+0x1e4/0x530 [ 63.160519][ T5082] _raw_spin_lock_irqsave+0xd5/0x120 [ 63.166153][ T5082] hrtimer_run_queues+0x18e/0x460 [ 63.172042][ T5082] update_process_times+0x80/0x230 [ 63.177253][ T5082] tick_periodic+0x190/0x220 [ 63.182143][ T5082] tick_handle_periodic+0x4a/0x160 [ 63.188557][ T5082] timer_interrupt+0x5c/0x70 [ 63.193522][ T5082] __handle_irq_event_percpu+0x28c/0xa30 [ 63.199580][ T5082] handle_irq_event+0x89/0x1f0 [ 63.204886][ T5082] handle_level_irq+0x3c5/0x6e0 [ 63.210366][ T5082] __common_interrupt+0x13a/0x230 [ 63.216378][ T5082] common_interrupt+0xa5/0xd0 [ 63.221747][ T5082] asm_common_interrupt+0x26/0x40 [ 63.228615][ T5082] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 63.234792][ T5082] __setup_irq+0x1277/0x1cf0 [ 63.239666][ T5082] request_threaded_irq+0x2ab/0x380 [ 63.245692][ T5082] setup_default_timer_irq+0x25/0x60 [ 63.252383][ T5082] x86_late_time_init+0x66/0xc0 [ 63.257490][ T5082] start_kernel+0x3f3/0x500 [ 63.262245][ T5082] x86_64_start_reservations+0x2a/0x30 [ 63.268000][ T5082] x86_64_start_kernel+0x99/0xa0 [ 63.273301][ T5082] common_startup_64+0x13e/0x147 [ 63.278755][ T5082] [ 63.278755][ T5082] to a HARDIRQ-irq-unsafe lock: [ 63.285751][ T5082] (&htab->buckets[i].lock){+.-.}-{2:2} [ 63.285769][ T5082] [ 63.285769][ T5082] ... which became HARDIRQ-irq-unsafe at: [ 63.300039][ T5082] ... [ 63.300044][ T5082] lock_acquire+0x1e4/0x530 [ 63.307270][ T5082] _raw_spin_lock_bh+0x35/0x50 [ 63.312127][ T5082] sock_hash_delete_elem+0xb0/0x300 [ 63.317742][ T5082] bpf_prog_a8aaa52f2e199321+0x4a/0x4e [ 63.323275][ T5082] bpf_trace_run4+0x25a/0x490 [ 63.328019][ T5082] __alloc_pages+0x657/0x680 [ 63.332683][ T5082] alloc_slab_page+0x5f/0x160 [ 63.337707][ T5082] new_slab+0x84/0x2f0 [ 63.342449][ T5082] ___slab_alloc+0xd1b/0x13e0 [ 63.347374][ T5082] kmem_cache_alloc_node+0x248/0x380 [ 63.352952][ T5082] __alloc_skb+0x1c3/0x440 [ 63.358828][ T5082] tcp_stream_alloc_skb+0x3d/0x310 [ 63.364251][ T5082] tcp_sendmsg_locked+0xd94/0x4d00 [ 63.369454][ T5082] tcp_sendmsg+0x30/0x50 [ 63.373847][ T5082] __sock_sendmsg+0x1a6/0x270 [ 63.379024][ T5082] sock_write_iter+0x2dd/0x400 [ 63.384032][ T5082] vfs_write+0xa84/0xcb0 [ 63.388521][ T5082] ksys_write+0x1a0/0x2c0 [ 63.392928][ T5082] do_syscall_64+0xfb/0x240 [ 63.397615][ T5082] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 63.403810][ T5082] [ 63.403810][ T5082] other info that might help us debug this: [ 63.403810][ T5082] [ 63.414142][ T5082] Possible interrupt unsafe locking scenario: [ 63.414142][ T5082] [ 63.422739][ T5082] CPU0 CPU1 [ 63.428092][ T5082] ---- ---- [ 63.433440][ T5082] lock(&htab->buckets[i].lock); [ 63.438555][ T5082] local_irq_disable(); [ 63.445305][ T5082] lock(hrtimer_bases.lock); [ 63.452791][ T5082] lock(&htab->buckets[i].lock); [ 63.460324][ T5082] [ 63.463801][ T5082] lock(hrtimer_bases.lock); [ 63.468745][ T5082] [ 63.468745][ T5082] *** DEADLOCK *** [ 63.468745][ T5082] [ 63.476961][ T5082] 3 locks held by syz-executor351/5082: [ 63.482485][ T5082] #0: ffff8880b952c8d8 (hrtimer_bases.lock){-.-.}-{2:2}, at: hrtimer_start_range_ns+0xdf/0xc60 [ 63.493075][ T5082] #1: ffffffff8e818c20 (fill_pool_map-wait-type-override){+.+.}-{3:3}, at: debug_objects_fill_pool+0x80/0x9b0 [ 63.504790][ T5082] #2: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x16e/0x490 [ 63.514261][ T5082] [ 63.514261][ T5082] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 63.524660][ T5082] -> (hrtimer_bases.lock){-.-.}-{2:2} { [ 63.530294][ T5082] IN-HARDIRQ-W at: [ 63.534402][ T5082] lock_acquire+0x1e4/0x530 [ 63.540993][ T5082] _raw_spin_lock_irqsave+0xd5/0x120 [ 63.548039][ T5082] hrtimer_run_queues+0x18e/0x460 [ 63.554897][ T5082] update_process_times+0x80/0x230 [ 63.561828][ T5082] tick_periodic+0x190/0x220 [ 63.568356][ T5082] tick_handle_periodic+0x4a/0x160 [ 63.575530][ T5082] timer_interrupt+0x5c/0x70 [ 63.582045][ T5082] __handle_irq_event_percpu+0x28c/0xa30 [ 63.589688][ T5082] handle_irq_event+0x89/0x1f0 [ 63.596577][ T5082] handle_level_irq+0x3c5/0x6e0 [ 63.603716][ T5082] __common_interrupt+0x13a/0x230 [ 63.610711][ T5082] common_interrupt+0xa5/0xd0 [ 63.617175][ T5082] asm_common_interrupt+0x26/0x40 [ 63.623893][ T5082] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 63.632593][ T5082] __setup_irq+0x1277/0x1cf0 [ 63.639284][ T5082] request_threaded_irq+0x2ab/0x380 [ 63.646918][ T5082] setup_default_timer_irq+0x25/0x60 [ 63.654589][ T5082] x86_late_time_init+0x66/0xc0 [ 63.661559][ T5082] start_kernel+0x3f3/0x500 [ 63.668440][ T5082] x86_64_start_reservations+0x2a/0x30 [ 63.676176][ T5082] x86_64_start_kernel+0x99/0xa0 [ 63.683077][ T5082] common_startup_64+0x13e/0x147 [ 63.690727][ T5082] IN-SOFTIRQ-W at: [ 63.694705][ T5082] lock_acquire+0x1e4/0x530 [ 63.701377][ T5082] _raw_spin_lock_irqsave+0xd5/0x120 [ 63.708826][ T5082] hrtimer_interrupt+0xfb/0x990 [ 63.715577][ T5082] __sysvec_apic_timer_interrupt+0x107/0x3a0 [ 63.723756][ T5082] sysvec_apic_timer_interrupt+0x52/0xc0 [ 63.731699][ T5082] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 63.739863][ T5082] __sanitizer_cov_trace_switch+0x9d/0x120 [ 63.748472][ T5082] unwind_next_frame+0x7be/0x2a00 [ 63.755686][ T5082] arch_stack_walk+0x151/0x1b0 [ 63.763425][ T5082] stack_trace_save+0x118/0x1d0 [ 63.770314][ T5082] kasan_save_track+0x3f/0x80 [ 63.777226][ T5082] kasan_save_free_info+0x40/0x50 [ 63.784609][ T5082] poison_slab_object+0xa6/0xe0 [ 63.791199][ T5082] __kasan_slab_free+0x37/0x60 [ 63.797627][ T5082] kfree+0x14a/0x380 [ 63.803455][ T5082] blk_update_request+0x55d/0x1050 [ 63.810574][ T5082] scsi_end_request+0x88/0x8c0 [ 63.817295][ T5082] scsi_io_completion+0x1bd/0x430 [ 63.824084][ T5082] blk_done_softirq+0x100/0x150 [ 63.830955][ T5082] __do_softirq+0x2bc/0x943 [ 63.837557][ T5082] __irq_exit_rcu+0xf2/0x1c0 [ 63.844328][ T5082] irq_exit_rcu+0x9/0x30 [ 63.850516][ T5082] common_interrupt+0xaa/0xd0 [ 63.857522][ T5082] asm_common_interrupt+0x26/0x40 [ 63.865200][ T5082] lock_is_held_type+0x13b/0x190 [ 63.872150][ T5082] __schedule+0x255/0x4a20 [ 63.878704][ T5082] schedule+0x14b/0x320 [ 63.884609][ T5082] schedule_timeout+0x1be/0x310 [ 63.891363][ T5082] io_schedule_timeout+0x9c/0x120 [ 63.898305][ T5082] wait_for_common_io+0x329/0x640 [ 63.905055][ T5082] blk_execute_rq+0x370/0x4b0 [ 63.911760][ T5082] scsi_execute_cmd+0x3a0/0x7c0 [ 63.918752][ T5082] scsi_probe_and_add_lun+0x5e9/0x4940 [ 63.925906][ T5082] __scsi_scan_target+0x20f/0x10a0 [ 63.932711][ T5082] scsi_scan_host_selected+0x37e/0x690 [ 63.940214][ T5082] do_scan_async+0x138/0x7a0 [ 63.946650][ T5082] async_run_entry_fn+0xa8/0x420 [ 63.953410][ T5082] process_scheduled_works+0xa00/0x1770 [ 63.961046][ T5082] worker_thread+0x86d/0xd70 [ 63.967361][ T5082] kthread+0x2f0/0x390 [ 63.973611][ T5082] ret_from_fork+0x4b/0x80 [ 63.979784][ T5082] ret_from_fork_asm+0x1a/0x30 [ 63.986470][ T5082] INITIAL USE at: [ 63.990545][ T5082] lock_acquire+0x1e4/0x530 [ 63.996601][ T5082] _raw_spin_lock_irqsave+0xd5/0x120 [ 64.003803][ T5082] hrtimer_run_queues+0x18e/0x460 [ 64.010401][ T5082] update_process_times+0x80/0x230 [ 64.017154][ T5082] tick_periodic+0x190/0x220 [ 64.023289][ T5082] tick_handle_periodic+0x4a/0x160 [ 64.030076][ T5082] timer_interrupt+0x5c/0x70 [ 64.036235][ T5082] __handle_irq_event_percpu+0x28c/0xa30 [ 64.043427][ T5082] handle_irq_event+0x89/0x1f0 [ 64.050004][ T5082] handle_level_irq+0x3c5/0x6e0 [ 64.056446][ T5082] __common_interrupt+0x13a/0x230 [ 64.063062][ T5082] common_interrupt+0xa5/0xd0 [ 64.069406][ T5082] asm_common_interrupt+0x26/0x40 [ 64.076256][ T5082] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 64.083977][ T5082] __setup_irq+0x1277/0x1cf0 [ 64.090303][ T5082] request_threaded_irq+0x2ab/0x380 [ 64.097235][ T5082] setup_default_timer_irq+0x25/0x60 [ 64.104408][ T5082] x86_late_time_init+0x66/0xc0 [ 64.111515][ T5082] start_kernel+0x3f3/0x500 [ 64.117774][ T5082] x86_64_start_reservations+0x2a/0x30 [ 64.125223][ T5082] x86_64_start_kernel+0x99/0xa0 [ 64.131919][ T5082] common_startup_64+0x13e/0x147 [ 64.138686][ T5082] } [ 64.141368][ T5082] ... key at: [] 0xffff8880b942c8d8 [ 64.149159][ T5082] [ 64.149159][ T5082] the dependencies between the lock to be acquired [ 64.149166][ T5082] and HARDIRQ-irq-unsafe lock: [ 64.163545][ T5082] -> (&htab->buckets[i].lock){+.-.}-{2:2} { [ 64.169518][ T5082] HARDIRQ-ON-W at: [ 64.173679][ T5082] lock_acquire+0x1e4/0x530 [ 64.180458][ T5082] _raw_spin_lock_bh+0x35/0x50 [ 64.187130][ T5082] sock_hash_delete_elem+0xb0/0x300 [ 64.195138][ T5082] bpf_prog_a8aaa52f2e199321+0x4a/0x4e [ 64.203592][ T5082] bpf_trace_run4+0x25a/0x490 [ 64.210804][ T5082] __alloc_pages+0x657/0x680 [ 64.218311][ T5082] alloc_slab_page+0x5f/0x160 [ 64.225091][ T5082] new_slab+0x84/0x2f0 [ 64.230998][ T5082] ___slab_alloc+0xd1b/0x13e0 [ 64.238421][ T5082] kmem_cache_alloc_node+0x248/0x380 [ 64.246174][ T5082] __alloc_skb+0x1c3/0x440 [ 64.252451][ T5082] tcp_stream_alloc_skb+0x3d/0x310 [ 64.259780][ T5082] tcp_sendmsg_locked+0xd94/0x4d00 [ 64.266733][ T5082] tcp_sendmsg+0x30/0x50 [ 64.272720][ T5082] __sock_sendmsg+0x1a6/0x270 [ 64.279426][ T5082] sock_write_iter+0x2dd/0x400 [ 64.285849][ T5082] vfs_write+0xa84/0xcb0 [ 64.292099][ T5082] ksys_write+0x1a0/0x2c0 [ 64.298617][ T5082] do_syscall_64+0xfb/0x240 [ 64.305307][ T5082] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 64.313142][ T5082] IN-SOFTIRQ-W at: [ 64.317394][ T5082] lock_acquire+0x1e4/0x530 [ 64.324117][ T5082] _raw_spin_lock_bh+0x35/0x50 [ 64.330996][ T5082] sock_hash_delete_elem+0xb0/0x300 [ 64.339575][ T5082] bpf_prog_a8aaa52f2e199321+0x4a/0x4e [ 64.347095][ T5082] bpf_trace_run4+0x25a/0x490 [ 64.353825][ T5082] __alloc_pages+0x657/0x680 [ 64.360401][ T5082] alloc_pages_node+0x12b/0x1b0 [ 64.367632][ T5082] __napi_alloc_skb+0x37f/0x540 [ 64.375304][ T5082] page_to_skb+0x275/0x9b0 [ 64.382339][ T5082] receive_buf+0x3b3/0x3890 [ 64.389582][ T5082] virtnet_poll+0x720/0x18f0 [ 64.396860][ T5082] __napi_poll+0xcb/0x490 [ 64.403233][ T5082] net_rx_action+0x7bb/0x1090 [ 64.410021][ T5082] __do_softirq+0x2bc/0x943 [ 64.416365][ T5082] __irq_exit_rcu+0xf2/0x1c0 [ 64.422760][ T5082] irq_exit_rcu+0x9/0x30 [ 64.428744][ T5082] common_interrupt+0x54/0xd0 [ 64.435860][ T5082] asm_common_interrupt+0x26/0x40 [ 64.442630][ T5082] INITIAL USE at: [ 64.446602][ T5082] lock_acquire+0x1e4/0x530 [ 64.453287][ T5082] _raw_spin_lock_bh+0x35/0x50 [ 64.460309][ T5082] sock_hash_delete_elem+0xb0/0x300 [ 64.467511][ T5082] bpf_prog_a8aaa52f2e199321+0x4a/0x4e [ 64.474716][ T5082] bpf_trace_run4+0x25a/0x490 [ 64.481149][ T5082] __alloc_pages+0x657/0x680 [ 64.487598][ T5082] alloc_slab_page+0x5f/0x160 [ 64.494362][ T5082] new_slab+0x84/0x2f0 [ 64.500173][ T5082] ___slab_alloc+0xd1b/0x13e0 [ 64.506753][ T5082] kmem_cache_alloc_node+0x248/0x380 [ 64.513886][ T5082] __alloc_skb+0x1c3/0x440 [ 64.520205][ T5082] tcp_stream_alloc_skb+0x3d/0x310 [ 64.527251][ T5082] tcp_sendmsg_locked+0xd94/0x4d00 [ 64.533998][ T5082] tcp_sendmsg+0x30/0x50 [ 64.539906][ T5082] __sock_sendmsg+0x1a6/0x270 [ 64.546396][ T5082] sock_write_iter+0x2dd/0x400 [ 64.552747][ T5082] vfs_write+0xa84/0xcb0 [ 64.558651][ T5082] ksys_write+0x1a0/0x2c0 [ 64.564545][ T5082] do_syscall_64+0xfb/0x240 [ 64.570708][ T5082] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 64.578176][ T5082] } [ 64.580744][ T5082] ... key at: [] sock_hash_alloc.__key+0x0/0x20 [ 64.589081][ T5082] ... acquired at: [ 64.593242][ T5082] lock_acquire+0x1e4/0x530 [ 64.598227][ T5082] _raw_spin_lock_bh+0x35/0x50 [ 64.603256][ T5082] sock_hash_delete_elem+0xb0/0x300 [ 64.608809][ T5082] bpf_prog_a8aaa52f2e199321+0x4a/0x4e [ 64.614887][ T5082] bpf_trace_run4+0x25a/0x490 [ 64.619949][ T5082] __alloc_pages+0x657/0x680 [ 64.624809][ T5082] alloc_slab_page+0x5f/0x160 [ 64.629723][ T5082] new_slab+0x84/0x2f0 [ 64.634061][ T5082] ___slab_alloc+0xd1b/0x13e0 [ 64.639002][ T5082] kmem_cache_alloc+0x250/0x350 [ 64.644190][ T5082] debug_objects_fill_pool+0x6c6/0x9b0 [ 64.649929][ T5082] debug_object_activate+0x135/0x510 [ 64.655729][ T5082] enqueue_hrtimer+0x30/0x3a0 [ 64.663275][ T5082] hrtimer_start_range_ns+0xaa0/0xc60 [ 64.669004][ T5082] do_nanosleep+0x158/0x600 [ 64.673867][ T5082] hrtimer_nanosleep+0x227/0x470 [ 64.679071][ T5082] __se_sys_clock_nanosleep+0x32b/0x3c0 [ 64.684952][ T5082] do_syscall_64+0xfb/0x240 [ 64.689610][ T5082] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 64.695931][ T5082] [ 64.698232][ T5082] [ 64.698232][ T5082] stack backtrace: [ 64.704156][ T5082] CPU: 1 PID: 5082 Comm: syz-executor351 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 [ 64.714563][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 64.724904][ T5082] Call Trace: [ 64.728268][ T5082] [ 64.731363][ T5082] dump_stack_lvl+0x1e7/0x2e0 [ 64.736742][ T5082] ? __pfx_dump_stack_lvl+0x10/0x10 [ 64.742304][ T5082] ? __pfx__printk+0x10/0x10 [ 64.747071][ T5082] ? print_shortest_lock_dependencies+0xf2/0x160 [ 64.753507][ T5082] validate_chain+0x4dc7/0x58e0 [ 64.758696][ T5082] ? __pfx_validate_chain+0x10/0x10 [ 64.763980][ T5082] ? __lock_acquire+0x1346/0x1fd0 [ 64.769081][ T5082] ? __pfx_validate_chain+0x10/0x10 [ 64.774311][ T5082] ? mark_lock+0x9a/0x350 [ 64.778638][ T5082] __lock_acquire+0x1346/0x1fd0 [ 64.783520][ T5082] lock_acquire+0x1e4/0x530 [ 64.788272][ T5082] ? sock_hash_delete_elem+0xb0/0x300 [ 64.793668][ T5082] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 64.799892][ T5082] ? __pfx_lock_acquire+0x10/0x10 [ 64.805246][ T5082] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 64.811470][ T5082] ? sock_hash_delete_elem+0xb0/0x300 [ 64.817017][ T5082] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 64.822977][ T5082] ? __pfx_lock_acquire+0x10/0x10 [ 64.828103][ T5082] ? sock_hash_delete_elem+0xb0/0x300 [ 64.833785][ T5082] _raw_spin_lock_bh+0x35/0x50 [ 64.839179][ T5082] ? sock_hash_delete_elem+0xb0/0x300 [ 64.845022][ T5082] sock_hash_delete_elem+0xb0/0x300 [ 64.850327][ T5082] bpf_prog_a8aaa52f2e199321+0x4a/0x4e [ 64.855896][ T5082] ? bpf_trace_run4+0x16e/0x490 [ 64.860924][ T5082] bpf_trace_run4+0x25a/0x490 [ 64.865615][ T5082] ? __pfx_bpf_trace_run4+0x10/0x10 [ 64.871149][ T5082] ? prepare_alloc_pages+0x1da/0x5b0 [ 64.876865][ T5082] __alloc_pages+0x657/0x680 [ 64.881995][ T5082] ? __pfx___alloc_pages+0x10/0x10 [ 64.887402][ T5082] ? ___slab_alloc+0x1f0/0x13e0 [ 64.892373][ T5082] ? __pfx_lock_release+0x10/0x10 [ 64.897793][ T5082] alloc_slab_page+0x5f/0x160 [ 64.902554][ T5082] new_slab+0x84/0x2f0 [ 64.906782][ T5082] ___slab_alloc+0xd1b/0x13e0 [ 64.911729][ T5082] ? debug_objects_fill_pool+0x6c6/0x9b0 [ 64.917450][ T5082] ? debug_objects_fill_pool+0x6c6/0x9b0 [ 64.923158][ T5082] kmem_cache_alloc+0x250/0x350 [ 64.928010][ T5082] ? debug_objects_fill_pool+0x6c6/0x9b0 [ 64.933814][ T5082] debug_objects_fill_pool+0x6c6/0x9b0 [ 64.939461][ T5082] ? debug_objects_fill_pool+0x80/0x9b0 [ 64.945912][ T5082] ? __pfx_debug_objects_fill_pool+0x10/0x10 [ 64.951907][ T5082] debug_object_activate+0x135/0x510 [ 64.957561][ T5082] ? ktime_get+0x83/0x280 [ 64.961902][ T5082] ? __pfx_debug_object_activate+0x10/0x10 [ 64.967901][ T5082] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 64.973496][ T5082] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 64.980164][ T5082] enqueue_hrtimer+0x30/0x3a0 [ 64.985005][ T5082] hrtimer_start_range_ns+0xaa0/0xc60 [ 64.990364][ T5082] do_nanosleep+0x158/0x600 [ 64.994986][ T5082] ? do_nanosleep+0x80/0x600 [ 64.999662][ T5082] ? __pfx_do_nanosleep+0x10/0x10 [ 65.004777][ T5082] ? __asan_memset+0x23/0x50 [ 65.009353][ T5082] ? __hrtimer_init+0x170/0x250 [ 65.014303][ T5082] hrtimer_nanosleep+0x227/0x470 [ 65.019227][ T5082] ? __pfx_hrtimer_nanosleep+0x10/0x10 [ 65.024808][ T5082] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 65.030016][ T5082] ? __pfx_get_timespec64+0x10/0x10 [ 65.035317][ T5082] ? ptrace_notify+0x279/0x380 [ 65.040074][ T5082] __se_sys_clock_nanosleep+0x32b/0x3c0 [ 65.045892][ T5082] ? __pfx___se_sys_clock_nanosleep+0x10/0x10 [ 65.052152][ T5082] ? do_syscall_64+0x10a/0x240 [ 65.056942][ T5082] ? syscall_trace_enter+0x5f/0x150 [ 65.062383][ T5082] do_syscall_64+0xfb/0x240 [ 65.066975][ T5082] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 65.072969][ T5082] RIP: 0033:0x7fb9480526c3 [ 65.077554][ T5082] Code: 00 00 00 00 00 66 90 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d be 09 05 00 00 74 14 b8 e6 00 00 00 0f 05 d8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 [ 65.097604][ T5082] RSP: 002b:00007fff5dd1fa28 EFLAGS: 00000202 ORIG_RAX: 00000000000000e6 [ 65.106272][ T5082] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fb9480526c3 [ 65.114779][ T5082] RDX: 00007fff5dd1fa40 RSI: 0000000000000000 RDI: 0000000000000000 [ 65.122755][ T5082] RBP: 00000000000f4240 R08: 0000000000000010 R09: 00007fb947fea0b0 [ 65.130819][ T5082] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000f5fc [ 65.138821][ T5082] R13: 00007fff5dd1fa74 R14: 00007fff5dd1fa90 R15: 00007fff5dd1fa80 [ 65.147056][ T5082]