./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2072606111
<...>
DUID 00:04:d8:4c:c9:11:ac:63:2d:02:94:c2:98:57:04:42:70:49
forked to background, child pid 4895
[ 28.823957][ T4896] 8021q: adding VLAN 0 to HW filter on device bond0
[ 28.841058][ T4896] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.4' (ED25519) to the list of known hosts.
execve("./syz-executor2072606111", ["./syz-executor2072606111"], 0x7fff9171f1d0 /* 10 vars */) = 0
brk(NULL) = 0x555557f5b000
brk(0x555557f5bd00) = 0x555557f5bd00
arch_prctl(ARCH_SET_FS, 0x555557f5b380) = 0
set_tid_address(0x555557f5b650) = 5226
set_robust_list(0x555557f5b660, 24) = 0
rseq(0x555557f5bca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2072606111", 4096) = 28
getrandom("\xa9\xe4\x27\x9b\xc8\xed\x4f\x54", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555557f5bd00
brk(0x555557f7cd00) = 0x555557f7cd00
brk(0x555557f7d000) = 0x555557f7d000
mprotect(0x7fa7b8d5f000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5227 attached
, child_tidptr=0x555557f5b650) = 5227
[pid 5227] set_robust_list(0x555557f5b660, 24) = 0
[pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5227] setpgid(0, 0) = 0
[pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5227] write(3, "1000", 4) = 4
[pid 5227] close(3) = 0
[pid 5227] write(1, "executing program\n", 18executing program
) = 18
[pid 5227] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=7, value_size=65537, max_entries=9, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid 5227] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000580, value=0x200005c0, flags=BPF_ANY}, 32) = 0
[pid 5227] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x200002c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4
syzkaller login: [ 56.186269][ C0]
[ 56.188662][ C0] ======================================================
[ 56.195674][ C0] WARNING: possible circular locking dependency detected
[ 56.202677][ C0] 6.11.0-syzkaller-10555-gbcd28cfd04eb #0 Not tainted
[ 56.209424][ C0] ------------------------------------------------------
[ 56.216439][ C0] syz-executor207/5227 is trying to acquire lock:
[ 56.222829][ C0] ffff8880b8629430 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x18a/0x790
[ 56.231444][ C0]
[ 56.231444][ C0] but task is already holding lock:
[ 56.238786][ C0] ffff8880b862a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240
[ 56.247634][ C0]
[ 56.247634][ C0] which lock already depends on the new lock.
[ 56.247634][ C0]
[ 56.258041][ C0]
[ 56.258041][ C0] the existing dependency chain (in reverse order) is:
[ 56.267036][ C0]
[ 56.267036][ C0] -> #1 (&base->lock){-.-.}-{2:2}:
[ 56.274317][ C0] lock_acquire+0x1ed/0x550
[ 56.279332][ C0] _raw_spin_lock_irqsave+0xd5/0x120
[ 56.285131][ C0] lock_timer_base+0x112/0x240
[ 56.290403][ C0] __mod_timer+0x1ca/0xeb0
[ 56.295329][ C0] queue_delayed_work_on+0x1ca/0x390
[ 56.301125][ C0] kvfree_call_rcu+0x47f/0x790
[ 56.306391][ C0] pwq_release_workfn+0x664/0x800
[ 56.311923][ C0] kthread_worker_fn+0x500/0xb70
[ 56.317370][ C0] kthread+0x2f0/0x390
[ 56.321941][ C0] ret_from_fork+0x4b/0x80
[ 56.326864][ C0] ret_from_fork_asm+0x1a/0x30
[ 56.332135][ C0]
[ 56.332135][ C0] -> #0 (krc.lock){..-.}-{2:2}:
[ 56.339157][ C0] validate_chain+0x18ef/0x5920
[ 56.344522][ C0] __lock_acquire+0x1384/0x2050
[ 56.349877][ C0] lock_acquire+0x1ed/0x550
[ 56.354890][ C0] _raw_spin_lock+0x2e/0x40
[ 56.359899][ C0] kvfree_call_rcu+0x18a/0x790
[ 56.365167][ C0] trie_delete_elem+0x546/0x6a0
[ 56.370529][ C0] bpf_prog_4febba1e7eaf042b+0x4b/0x54
[ 56.376531][ C0] bpf_trace_run2+0x2ec/0x540
[ 56.381710][ C0] enqueue_timer+0x3ce/0x570
[ 56.386805][ C0] __mod_timer+0xa0e/0xeb0
[ 56.391718][ C0] dsp_cmx_send+0x21bf/0x2240
[ 56.396899][ C0] call_timer_fn+0x18e/0x650
[ 56.401999][ C0] __run_timer_base+0x66a/0x8e0
[ 56.407361][ C0] run_timer_softirq+0xb7/0x170
[ 56.412722][ C0] handle_softirqs+0x2c5/0x980
[ 56.417994][ C0] __irq_exit_rcu+0xf4/0x1c0
[ 56.423090][ C0] irq_exit_rcu+0x9/0x30
[ 56.427928][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 56.434147][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 56.440636][ C0] lock_acquire+0x264/0x550
[ 56.445649][ C0] __pte_offset_map+0x9e/0x380
[ 56.450918][ C0] pte_offset_map_nolock+0xad/0x1f0
[ 56.456620][ C0] handle_pte_fault+0x1b5/0x6800
[ 56.462055][ C0] handle_mm_fault+0x1106/0x1bb0
[ 56.467491][ C0] exc_page_fault+0x459/0x8c0
[ 56.472670][ C0] asm_exc_page_fault+0x26/0x30
[ 56.478018][ C0]
[ 56.478018][ C0] other info that might help us debug this:
[ 56.478018][ C0]
[ 56.488225][ C0] Possible unsafe locking scenario:
[ 56.488225][ C0]
[ 56.495669][ C0] CPU0 CPU1
[ 56.501009][ C0] ---- ----
[ 56.506348][ C0] lock(&base->lock);
[ 56.510396][ C0] lock(krc.lock);
[ 56.516702][ C0] lock(&base->lock);
[ 56.523268][ C0] lock(krc.lock);
[ 56.527056][ C0]
[ 56.527056][ C0] *** DEADLOCK ***
[ 56.527056][ C0]
[ 56.535267][ C0] 6 locks held by syz-executor207/5227:
[ 56.540783][ C0] #0: ffff888024c67df0 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x34b/0x790
[ 56.551043][ C0] #1: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: __pte_offset_map+0x82/0x380
[ 56.560523][ C0] #2: ffffc90000007c00 ((&dsp_spl_tl)){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650
[ 56.569744][ C0] #3: ffffffff8fa01478 (dsp_lock){..-.}-{2:2}, at: dsp_cmx_send+0x26/0x2240
[ 56.578518][ C0] #4: ffff8880b862a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240
[ 56.587820][ C0] #5: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540
[ 56.597191][ C0]
[ 56.597191][ C0] stack backtrace:
[ 56.603068][ C0] CPU: 0 UID: 0 PID: 5227 Comm: syz-executor207 Not tainted 6.11.0-syzkaller-10555-gbcd28cfd04eb #0
[ 56.613829][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 56.623866][ C0] Call Trace:
[ 56.627129][ C0]
[ 56.629952][ C0] dump_stack_lvl+0x241/0x360
[ 56.634612][ C0] ? __pfx_dump_stack_lvl+0x10/0x10
[ 56.639789][ C0] ? __pfx__printk+0x10/0x10
[ 56.644357][ C0] print_circular_bug+0x13a/0x1b0
[ 56.649360][ C0] check_noncircular+0x36a/0x4a0
[ 56.654276][ C0] ? __pfx_check_noncircular+0x10/0x10
[ 56.659737][ C0] ? lockdep_lock+0x123/0x2b0
[ 56.664394][ C0] ? get_stack_info_noinstr+0x1a/0x130
[ 56.669923][ C0] ? __bfs+0x368/0x6f0
[ 56.673977][ C0] validate_chain+0x18ef/0x5920
[ 56.678808][ C0] ? __pfx___bfs+0x10/0x10
[ 56.683205][ C0] ? mark_lock_irq+0x8e1/0xc20
[ 56.687945][ C0] ? __pfx_validate_chain+0x10/0x10
[ 56.693118][ C0] ? __pfx_stack_trace_save+0x10/0x10
[ 56.698468][ C0] ? lockdep_unlock+0x16a/0x300
[ 56.703297][ C0] ? __pfx_lockdep_unlock+0x10/0x10
[ 56.708474][ C0] ? mark_lock+0x9a/0x360
[ 56.712779][ C0] __lock_acquire+0x1384/0x2050
[ 56.717629][ C0] lock_acquire+0x1ed/0x550
[ 56.722111][ C0] ? kvfree_call_rcu+0x18a/0x790
[ 56.727052][ C0] ? __pfx_lock_acquire+0x10/0x10
[ 56.732057][ C0] ? debug_object_active_state+0x239/0x360
[ 56.737873][ C0] ? __pfx_debug_object_active_state+0x10/0x10
[ 56.744025][ C0] ? __virt_addr_valid+0x183/0x530
[ 56.749117][ C0] ? __virt_addr_valid+0x183/0x530
[ 56.754210][ C0] ? __virt_addr_valid+0x45f/0x530
[ 56.759303][ C0] ? __phys_addr+0xba/0x170
[ 56.763783][ C0] _raw_spin_lock+0x2e/0x40
[ 56.768265][ C0] ? kvfree_call_rcu+0x18a/0x790
[ 56.773182][ C0] kvfree_call_rcu+0x18a/0x790
[ 56.777942][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 56.783821][ C0] ? __pfx_kvfree_call_rcu+0x10/0x10
[ 56.789083][ C0] ? longest_prefix_match+0x49f/0x650
[ 56.794437][ C0] trie_delete_elem+0x546/0x6a0
[ 56.799270][ C0] ? bpf_trace_run2+0x1fc/0x540
[ 56.804102][ C0] bpf_prog_4febba1e7eaf042b+0x4b/0x54
[ 56.809538][ C0] bpf_trace_run2+0x2ec/0x540
[ 56.814192][ C0] ? __pfx_bpf_trace_run2+0x10/0x10
[ 56.819368][ C0] ? __pfx_debug_object_activate+0x10/0x10
[ 56.825151][ C0] enqueue_timer+0x3ce/0x570
[ 56.829740][ C0] __mod_timer+0xa0e/0xeb0
[ 56.834133][ C0] ? __pfx___mod_timer+0x10/0x10
[ 56.839047][ C0] ? _raw_read_unlock_irqrestore+0xdd/0x140
[ 56.844918][ C0] ? __pfx__raw_read_unlock_irqrestore+0x10/0x10
[ 56.851223][ C0] ? timekeeping_get_ns+0x2c0/0x420
[ 56.856401][ C0] dsp_cmx_send+0x21bf/0x2240
[ 56.861057][ C0] ? __pfx_lock_acquire+0x10/0x10
[ 56.866064][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 56.871933][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 56.878238][ C0] ? call_timer_fn+0xa8/0x650
[ 56.882895][ C0] call_timer_fn+0x18e/0x650
[ 56.887467][ C0] ? call_timer_fn+0xc0/0x650
[ 56.892122][ C0] ? __pfx_dsp_cmx_send+0x10/0x10
[ 56.897303][ C0] ? __pfx_call_timer_fn+0x10/0x10
[ 56.902420][ C0] ? __pfx_dsp_cmx_send+0x10/0x10
[ 56.907421][ C0] ? __pfx_dsp_cmx_send+0x10/0x10
[ 56.912452][ C0] ? __pfx_dsp_cmx_send+0x10/0x10
[ 56.917461][ C0] ? _raw_spin_unlock_irq+0x23/0x50
[ 56.922645][ C0] ? lockdep_hardirqs_on+0x99/0x150
[ 56.927853][ C0] ? __pfx_dsp_cmx_send+0x10/0x10
[ 56.932871][ C0] __run_timer_base+0x66a/0x8e0
[ 56.937722][ C0] ? __pfx___run_timer_base+0x10/0x10
[ 56.943188][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 56.949534][ C0] run_timer_softirq+0xb7/0x170
[ 56.954376][ C0] handle_softirqs+0x2c5/0x980
[ 56.959150][ C0] ? __irq_exit_rcu+0xf4/0x1c0
[ 56.963901][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 56.969178][ C0] ? irqtime_account_irq+0xd4/0x1e0
[ 56.974366][ C0] __irq_exit_rcu+0xf4/0x1c0
[ 56.978947][ C0] ? __pfx___irq_exit_rcu+0x10/0x10
[ 56.984131][ C0] irq_exit_rcu+0x9/0x30
[ 56.988355][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 56.993971][ C0]
[ 56.996902][ C0]
[ 56.999814][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 57.005795][ C0] RIP: 0010:lock_acquire+0x264/0x550
[ 57.011065][ C0] Code: 2b 00 74 08 4c 89 f7 e8 0a 4d 8e 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
[ 57.030647][ C0] RSP: 0000:ffffc90002f2f6a0 EFLAGS: 00000206
[ 57.036699][ C0] RAX: 0000000000000001 RBX: 1ffff920005e5ee0 RCX: 44cd3a51c77b4d00
[ 57.044668][ C0] RDX: dffffc0000000000 RSI: ffffffff8c0adbc0 RDI: ffffffff8c6100a0
[ 57.052624][ C0] RBP: ffffc90002f2f7e8 R08: ffffffff942687c7 R09: 1ffffffff284d0f8
[ 57.060576][ C0] R10: dffffc0000000000 R11: fffffbfff284d0f9 R12: 1ffff920005e5edc
[ 57.068525][ C0] R13: dffffc0000000000 R14: ffffc90002f2f700 R15: 0000000000000246
[ 57.076485][ C0] ? __pfx_lock_acquire+0x10/0x10
[ 57.081499][ C0] ? free_swap_cache+0x126/0x7c0
[ 57.086440][ C0] ? do_wp_page+0x27e9/0x52d0
[ 57.091097][ C0] ? __pfx_validate_chain+0x10/0x10
[ 57.096272][ C0] ? do_wp_page+0x15bc/0x52d0
[ 57.101016][ C0] __pte_offset_map+0x9e/0x380
[ 57.105759][ C0] ? __pte_offset_map+0x82/0x380
[ 57.110676][ C0] ? __pfx___pte_offset_map+0x10/0x10
[ 57.116028][ C0] ? __pfx_validate_chain+0x10/0x10
[ 57.121223][ C0] pte_offset_map_nolock+0xad/0x1f0
[ 57.126407][ C0] ? __pfx_pte_offset_map_nolock+0x10/0x10
[ 57.132196][ C0] handle_pte_fault+0x1b5/0x6800
[ 57.137140][ C0] ? mark_lock+0x9a/0x360
[ 57.141447][ C0] ? __pfx_handle_pte_fault+0x10/0x10
[ 57.146796][ C0] ? __lock_acquire+0x1384/0x2050
[ 57.151825][ C0] ? reacquire_held_locks+0x3eb/0x690
[ 57.157174][ C0] ? lock_vma_under_rcu+0x34b/0x790
[ 57.162357][ C0] ? __pfx_reacquire_held_locks+0x10/0x10
[ 57.168066][ C0] handle_mm_fault+0x1106/0x1bb0
[ 57.172990][ C0] ? __pfx_handle_mm_fault+0x10/0x10
[ 57.178253][ C0] ? lock_vma_under_rcu+0x602/0x790
[ 57.183433][ C0] ? lock_vma_under_rcu+0x1dd/0x790
[ 57.188617][ C0] ? exc_page_fault+0x113/0x8c0
[ 57.193450][ C0] exc_page_fault+0x459/0x8c0
[ 57.198106][ C0] asm_exc_page_fault+0x26/0x30
[ 57.203024][ C0] RIP: 0033:0x7fa7b8d341f8
[ 57.207424][ C0] Code: Unable to access opcode bytes at 0x7fa7b8d341ce.
[ 57.214434][ C0] RSP: 002b:00007ffcb673a298 EFLAGS: 00010206
[ 57.220486][ C0] RAX: 00007fa7b8d64ad8 RBX: 0000000000000000 RCX: 0000000000000004
[ 57.228434][ C0] RDX: 00007fa7b8d65d00 RSI: 0000000000000000 RDI: 00007fa7b8d64ad8
[ 57.236391][ C0] RBP: 00007fa7b8d63120 R08: 0000000000000006 R09: 0000000000000006
[ 57.244338][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7b8d65ce8
[ 57.252292][ C0] R13: 0000000000000000 R14: 00007fa7b8d65d00 R15: 00007fa7b8cbb1f0
[ 57.260244][ C0]