./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor933786779
<...>
Warning: Permanently added '10.128.1.143' (ED25519) to the list of known hosts.
execve("./syz-executor933786779", ["./syz-executor933786779"], 0x7ffcabc3fc90 /* 10 vars */) = 0
brk(NULL) = 0x55558e850000
brk(0x55558e850d00) = 0x55558e850d00
arch_prctl(ARCH_SET_FS, 0x55558e850380) = 0
set_tid_address(0x55558e850650) = 5841
set_robust_list(0x55558e850660, 24) = 0
rseq(0x55558e850ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor933786779", 4096) = 27
getrandom("\x20\x8a\x21\xde\x95\x00\x75\x32", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55558e850d00
brk(0x55558e871d00) = 0x55558e871d00
brk(0x55558e872000) = 0x55558e872000
mprotect(0x7f5cfc772000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5842 attached
, child_tidptr=0x55558e850650) = 5842
[pid 5842] set_robust_list(0x55558e850660, 24) = 0
[pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5842] setpgid(0, 0) = 0
[pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5842] write(3, "1000", 4) = 4
[pid 5842] close(3) = 0
executing program
[pid 5842] write(1, "executing program\n", 18) = 18
[pid 5842] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=4294966948, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid 5842] socketpair(AF_TIPC, SOCK_DGRAM, 0, [3, 4]) = 0
[pid 5842] close(3) = 0
[pid 5842] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=7, value_size=65537, max_entries=8, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid 5842] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid 5842] close(3) = 0
[pid 5842] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=7, value_size=3983, max_entries=9, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid 5842] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000340, value=0x20000200, flags=BPF_ANY}, 32) = 0
[pid 5842] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 5
[pid 5842] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=5}}, 16) = 6
[ 68.404238][ C0]
[ 68.407299][ C0] ======================================================
[ 68.414315][ C0] WARNING: possible circular locking dependency detected
[ 68.421348][ C0] 6.12.0-rc6-syzkaller-01236-gcf6d9fe09185 #0 Not tainted
[ 68.429235][ C0] ------------------------------------------------------
[ 68.436602][ C0] syz-executor933/5842 is trying to acquire lock:
[ 68.443292][ C0] ffff8880b8629430 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x18a/0x790
[ 68.451947][ C0]
[ 68.451947][ C0] but task is already holding lock:
[ 68.459762][ C0] ffff8880b862a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240
[ 68.469163][ C0]
[ 68.469163][ C0] which lock already depends on the new lock.
[ 68.469163][ C0]
[ 68.479782][ C0]
[ 68.479782][ C0] the existing dependency chain (in reverse order) is:
[ 68.489091][ C0]
[ 68.489091][ C0] -> #1 (&base->lock){-.-.}-{2:2}:
[ 68.496989][ C0] lock_acquire+0x1ed/0x550
[ 68.502242][ C0] _raw_spin_lock_irqsave+0xd5/0x120
[ 68.508116][ C0] lock_timer_base+0x112/0x240
[ 68.514137][ C0] __mod_timer+0x1ca/0xeb0
[ 68.519088][ C0] queue_delayed_work_on+0x1ca/0x390
[ 68.524905][ C0] kvfree_call_rcu+0x47f/0x790
[ 68.530290][ C0] pwq_release_workfn+0x664/0x800
[ 68.535846][ C0] kthread_worker_fn+0x500/0xb70
[ 68.541308][ C0] kthread+0x2f0/0x390
[ 68.546508][ C0] ret_from_fork+0x4b/0x80
[ 68.551540][ C0] ret_from_fork_asm+0x1a/0x30
[ 68.557081][ C0]
[ 68.557081][ C0] -> #0 (krc.lock){..-.}-{2:2}:
[ 68.564131][ C0] validate_chain+0x18ef/0x5920
[ 68.569489][ C0] __lock_acquire+0x1384/0x2050
[ 68.575025][ C0] lock_acquire+0x1ed/0x550
[ 68.580037][ C0] _raw_spin_lock+0x2e/0x40
[ 68.585159][ C0] kvfree_call_rcu+0x18a/0x790
[ 68.590448][ C0] trie_delete_elem+0x546/0x6a0
[ 68.595816][ C0] bpf_prog_2c29ac5cdc6b1842+0x43/0x47
[ 68.601807][ C0] bpf_trace_run2+0x2ec/0x540
[ 68.607001][ C0] enqueue_timer+0x3ce/0x570
[ 68.612102][ C0] __mod_timer+0xa0e/0xeb0
[ 68.617163][ C0] dsp_cmx_send+0x21bf/0x2240
[ 68.622384][ C0] call_timer_fn+0x18e/0x650
[ 68.627493][ C0] __run_timer_base+0x66a/0x8e0
[ 68.632866][ C0] run_timer_softirq+0xb7/0x170
[ 68.638684][ C0] handle_softirqs+0x2c5/0x980
[ 68.644156][ C0] __irq_exit_rcu+0xf4/0x1c0
[ 68.649271][ C0] irq_exit_rcu+0x9/0x30
[ 68.654036][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 68.660470][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 68.666985][ C0] __sanitizer_cov_trace_const_cmp8+0x18/0x90
[ 68.673939][ C0] filemap_map_pages+0x48f/0x20d0
[ 68.679738][ C0] handle_pte_fault+0x2b98/0x6820
[ 68.685284][ C0] handle_mm_fault+0x1106/0x1bb0
[ 68.690799][ C0] exc_page_fault+0x459/0x8c0
[ 68.696084][ C0] asm_exc_page_fault+0x26/0x30
[ 68.701552][ C0]
[ 68.701552][ C0] other info that might help us debug this:
[ 68.701552][ C0]
[ 68.711873][ C0] Possible unsafe locking scenario:
[ 68.711873][ C0]
[ 68.719412][ C0] CPU0 CPU1
[ 68.724761][ C0] ---- ----
[ 68.730235][ C0] lock(&base->lock);
[ 68.734305][ C0] lock(krc.lock);
[ 68.740631][ C0] lock(&base->lock);
[ 68.747216][ C0] lock(krc.lock);
[ 68.751008][ C0]
[ 68.751008][ C0] *** DEADLOCK ***
[ 68.751008][ C0]
[ 68.759151][ C0] 7 locks held by syz-executor933/5842:
[ 68.764709][ C0] #0: ffff888074d99808 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x34b/0x790
[ 68.774995][ C0] #1: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: handle_pte_fault+0x2188/0x6820
[ 68.784775][ C0] #2: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: filemap_map_pages+0x243/0x20d0
[ 68.794558][ C0] #3: ffffc90000007c00 ((&dsp_spl_tl)){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650
[ 68.804319][ C0] #4: ffffffff8fa04118 (dsp_lock){..-.}-{2:2}, at: dsp_cmx_send+0x26/0x2240
[ 68.813104][ C0] #5: ffff8880b862a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240
[ 68.822494][ C0] #6: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540
[ 68.831977][ C0]
[ 68.831977][ C0] stack backtrace:
[ 68.837881][ C0] CPU: 0 UID: 0 PID: 5842 Comm: syz-executor933 Not tainted 6.12.0-rc6-syzkaller-01236-gcf6d9fe09185 #0
[ 68.849014][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[ 68.859089][ C0] Call Trace:
[ 68.862359][ C0]
[ 68.865213][ C0] dump_stack_lvl+0x241/0x360
[ 68.869882][ C0] ? __pfx_dump_stack_lvl+0x10/0x10
[ 68.875066][ C0] ? __pfx__printk+0x10/0x10
[ 68.879662][ C0] print_circular_bug+0x13a/0x1b0
[ 68.884729][ C0] check_noncircular+0x36a/0x4a0
[ 68.889807][ C0] ? __pfx_check_noncircular+0x10/0x10
[ 68.895387][ C0] ? lockdep_lock+0x123/0x2b0
[ 68.900220][ C0] ? get_stack_info_noinstr+0x1a/0x130
[ 68.905791][ C0] ? __bfs+0x368/0x6f0
[ 68.910041][ C0] validate_chain+0x18ef/0x5920
[ 68.914923][ C0] ? __pfx___bfs+0x10/0x10
[ 68.919354][ C0] ? mark_lock_irq+0x8e1/0xc20
[ 68.924378][ C0] ? __pfx_validate_chain+0x10/0x10
[ 68.930557][ C0] ? __pfx_stack_trace_save+0x10/0x10
[ 68.936425][ C0] ? do_raw_spin_unlock+0x13c/0x8b0
[ 68.941637][ C0] ? lockdep_unlock+0x16a/0x300
[ 68.946493][ C0] ? __pfx_lockdep_unlock+0x10/0x10
[ 68.951706][ C0] ? stack_trace_save+0x118/0x1d0
[ 68.956738][ C0] ? mark_lock+0x9a/0x360
[ 68.961054][ C0] __lock_acquire+0x1384/0x2050
[ 68.966197][ C0] lock_acquire+0x1ed/0x550
[ 68.970977][ C0] ? kvfree_call_rcu+0x18a/0x790
[ 68.976011][ C0] ? __pfx_lock_acquire+0x10/0x10
[ 68.981060][ C0] ? __phys_addr+0xba/0x170
[ 68.985653][ C0] _raw_spin_lock+0x2e/0x40
[ 68.990140][ C0] ? kvfree_call_rcu+0x18a/0x790
[ 68.995254][ C0] kvfree_call_rcu+0x18a/0x790
[ 69.000121][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 69.006010][ C0] ? __pfx_kvfree_call_rcu+0x10/0x10
[ 69.011296][ C0] ? longest_prefix_match+0x49f/0x650
[ 69.016651][ C0] trie_delete_elem+0x546/0x6a0
[ 69.021769][ C0] ? bpf_trace_run2+0x1fc/0x540
[ 69.026867][ C0] bpf_prog_2c29ac5cdc6b1842+0x43/0x47
[ 69.032354][ C0] bpf_trace_run2+0x2ec/0x540
[ 69.037031][ C0] ? __pfx_bpf_trace_run2+0x10/0x10
[ 69.042860][ C0] ? __pfx_debug_object_activate+0x10/0x10
[ 69.050292][ C0] enqueue_timer+0x3ce/0x570
[ 69.055576][ C0] __mod_timer+0xa0e/0xeb0
[ 69.060002][ C0] ? __pfx___mod_timer+0x10/0x10
[ 69.064985][ C0] ? _raw_read_unlock_irqrestore+0xdd/0x140
[ 69.071005][ C0] ? __pfx__raw_read_unlock_irqrestore+0x10/0x10
[ 69.077364][ C0] ? timekeeping_get_ns+0x2c0/0x420
[ 69.082577][ C0] dsp_cmx_send+0x21bf/0x2240
[ 69.087252][ C0] ? __pfx_lock_acquire+0x10/0x10
[ 69.092264][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 69.098165][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 69.104495][ C0] ? call_timer_fn+0xa8/0x650
[ 69.109189][ C0] call_timer_fn+0x18e/0x650
[ 69.113797][ C0] ? call_timer_fn+0xc0/0x650
[ 69.118580][ C0] ? __pfx_dsp_cmx_send+0x10/0x10
[ 69.123698][ C0] ? __pfx_call_timer_fn+0x10/0x10
[ 69.128820][ C0] ? __pfx_dsp_cmx_send+0x10/0x10
[ 69.133869][ C0] ? __pfx_dsp_cmx_send+0x10/0x10
[ 69.138904][ C0] ? __pfx_dsp_cmx_send+0x10/0x10
[ 69.143914][ C0] ? _raw_spin_unlock_irq+0x23/0x50
[ 69.149096][ C0] ? lockdep_hardirqs_on+0x99/0x150
[ 69.154289][ C0] ? __pfx_dsp_cmx_send+0x10/0x10
[ 69.159294][ C0] __run_timer_base+0x66a/0x8e0
[ 69.164130][ C0] ? __pfx___run_timer_base+0x10/0x10
[ 69.169627][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 69.175983][ C0] run_timer_softirq+0xb7/0x170
[ 69.181043][ C0] handle_softirqs+0x2c5/0x980
[ 69.185975][ C0] ? __irq_exit_rcu+0xf4/0x1c0
[ 69.190848][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 69.196160][ C0] ? irqtime_account_irq+0xd4/0x1e0
[ 69.201371][ C0] __irq_exit_rcu+0xf4/0x1c0
[ 69.205973][ C0] ? __pfx___irq_exit_rcu+0x10/0x10
[ 69.211293][ C0] irq_exit_rcu+0x9/0x30
[ 69.215996][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 69.221636][ C0]
[ 69.224569][ C0]
[ 69.227599][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 69.233770][ C0] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x18/0x90
[ 69.240721][ C0] Code: 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 4c 8b 04 24 65 48 8b 0c 25 c0 d5 03 00 65 8b 05 70 f6 6e 7e <25> 00 01 ff 00 74 10 3d 00 01 00 00 75 57 83 b9 1c 16 00 00 00 74
[ 69.260350][ C0] RSP: 0000:ffffc90003c97758 EFLAGS: 00000246
[ 69.266516][ C0] RAX: 0000000080000000 RBX: 0000000000000000 RCX: ffff88802c8e9e00
[ 69.274686][ C0] RDX: 0000000000000000 RSI: 0000000076671007 RDI: 0000000000000000
[ 69.282781][ C0] RBP: ffffc90003c97970 R08: ffffffff81cdd89f R09: 1ffffd4000391858
[ 69.291176][ C0] R10: dffffc0000000000 R11: fffff94000391859 R12: ffffc90003c97e30
[ 69.299242][ C0] R13: 0000000076671067 R14: ffff88807c0e1300 R15: 1ffff92000792fc6
[ 69.307219][ C0] ? filemap_map_pages+0x48f/0x20d0
[ 69.312491][ C0] filemap_map_pages+0x48f/0x20d0
[ 69.317548][ C0] ? filemap_map_pages+0x243/0x20d0
[ 69.323298][ C0] ? __pfx_filemap_map_pages+0x10/0x10
[ 69.328977][ C0] ? handle_pte_fault+0x334/0x6820
[ 69.334378][ C0] ? __pfx_lock_release+0x10/0x10
[ 69.339514][ C0] ? pte_offset_map_nolock+0x137/0x1f0
[ 69.344977][ C0] ? handle_pte_fault+0x2188/0x6820
[ 69.350160][ C0] ? __pfx_filemap_map_pages+0x10/0x10
[ 69.355618][ C0] handle_pte_fault+0x2b98/0x6820
[ 69.361033][ C0] ? mark_lock+0x9a/0x360
[ 69.366257][ C0] ? __pfx_handle_pte_fault+0x10/0x10
[ 69.372253][ C0] ? __lock_acquire+0x1384/0x2050
[ 69.377713][ C0] ? reacquire_held_locks+0x3eb/0x690
[ 69.383171][ C0] ? lock_vma_under_rcu+0x34b/0x790
[ 69.388466][ C0] ? __pfx_reacquire_held_locks+0x10/0x10
[ 69.394909][ C0] handle_mm_fault+0x1106/0x1bb0
[ 69.399880][ C0] ? __pfx_handle_mm_fault+0x10/0x10
[ 69.405661][ C0] ? lock_vma_under_rcu+0x602/0x790
[ 69.410972][ C0] ? lock_vma_under_rcu+0x1dd/0x790
[ 69.416174][ C0] ? exc_page_fault+0x113/0x8c0
[ 69.421027][ C0] exc_page_fault+0x459/0x8c0
[ 69.425695][ C0] asm_exc_page_fault+0x26/0x30
[ 69.430997][ C0] RIP: 0033:0x7f5cfc7473b8
[ 69.435430][ C0] Code: Unable to access opcode bytes at 0x7f5cfc74738e.
[ 69.442449][ C0] RSP: 002b:00007ffe82e9a508 EFLAGS: 00010202
[ 69.448613][ C0] RAX: 00007f5cfc777af8 RBX: 0000000000000000 RCX: 0000000000000004
[ 69.456687][ C0] RDX: 00007f5cfc778d20 RSI: 0000000000000000 RDI: 00007f5cfc777af8
[ 69.464671][ C0] RBP: 00007f5cfc776138 R08: 0000000000000006 R09: 0000000000000006
[ 69.472650][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5cfc778d08
[ 69.480626][ C0] R13: 0000000000000000 R14: 00007f5cfc778d20 R15: 00007f5cfc6ce3a0
[ 69.488636][ C0]