./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3900545508 <...> Warning: Permanently added '10.128.10.35' (ED25519) to the list of known hosts. execve("./syz-executor3900545508", ["./syz-executor3900545508"], 0x7ffe2009c1e0 /* 10 vars */) = 0 brk(NULL) = 0x555565658000 brk(0x555565658d00) = 0x555565658d00 arch_prctl(ARCH_SET_FS, 0x555565658380) = 0 set_tid_address(0x555565658650) = 5108 set_robust_list(0x555565658660, 24) = 0 rseq(0x555565658ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3900545508", 4096) = 28 getrandom("\xd6\x40\xc9\xf0\x58\xa8\xa1\xf7", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555565658d00 brk(0x555565679d00) = 0x555565679d00 brk(0x55556567a000) = 0x55556567a000 mprotect(0x7f135a1d4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5109 attached , child_tidptr=0x555565658650) = 5109 [pid 5109] set_robust_list(0x555565658660, 24) = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5109] setpgid(0, 0) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5109] write(3, "1000", 4) = 4 [pid 5109] close(3) = 0 [pid 5109] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=8, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5109] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5109] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5109] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sched_kthread_work_queue_work", prog_fd=4}}, 16) = 5 [pid 5109] exit_group(0) = ? [pid 5109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached [pid 5110] set_robust_list(0x555565658660, 24) = 0 [pid 5108] <... clone resumed>, child_tidptr=0x555565658650) = 5110 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=8, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5110] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5110] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5110] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sched_kthread_work_queue_work", prog_fd=4}}, 16) = 5 [pid 5110] exit_group(0) = ? [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5111 attached , child_tidptr=0x555565658650) = 5111 [pid 5111] set_robust_list(0x555565658660, 24) = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [pid 5111] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=8, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5111] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5111] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5111] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sched_kthread_work_queue_work", prog_fd=4}}, 16) = 5 [ 186.133488][ T43] [ 186.135919][ T43] ===================================================== [ 186.142895][ T43] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 186.150563][ T43] 6.9.0-rc1-next-20240328-syzkaller #0 Not tainted [ 186.157086][ T43] ----------------------------------------------------- [ 186.164052][ T43] kworker/u8:3/43 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 186.171689][ T43] ffff8880204f8218 (&htab->buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xb0/0x300 [ 186.182011][ T43] [ 186.182011][ T43] and this task is already holding: [ 186.189387][ T43] ffff8880172f0120 ((worker)->lock){....}-{2:2}, at: kthread_queue_work+0x27/0x180 [ 186.198713][ T43] which would create a new lock dependency: [ 186.204609][ T43] ((worker)->lock){....}-{2:2} -> (&htab->buckets[i].lock){+...}-{2:2} [ 186.212993][ T43] [ 186.212993][ T43] but this new dependency connects a HARDIRQ-irq-safe lock: [ 186.222473][ T43] (&pool->lock){-.-.}-{2:2} [ 186.222499][ T43] [ 186.222499][ T43] ... which became HARDIRQ-irq-safe at: [ 186.234857][ T43] lock_acquire+0x1ed/0x550 [ 186.239497][ T43] _raw_spin_lock+0x2e/0x40 [ 186.244137][ T43] __queue_work+0x6ec/0xef0 [ 186.248739][ T43] queue_work_on+0x1c2/0x380 [ 186.253427][ T43] hrtimer_run_queues+0x154/0x460 [ 186.258848][ T43] update_process_times+0x80/0x230 [ 186.264095][ T43] tick_periodic+0x190/0x220 [ 186.268805][ T43] tick_handle_periodic+0x4a/0x160 [ 186.274199][ T43] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 186.280300][ T43] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 186.286059][ T43] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 186.292161][ T43] lock_acquire+0x264/0x550 [ 186.296792][ T43] fs_reclaim_acquire+0x88/0x140 [ 186.301854][ T43] kmem_cache_alloc_lru_noprof+0x42/0x2b0 [ 186.307669][ T43] new_inode_pseudo+0x8b/0x1e0 [ 186.312566][ T43] new_inode+0x22/0x1d0 [ 186.316906][ T43] pseudo_fs_fill_super+0x190/0x350 [ 186.322291][ T43] get_tree_nodev+0xb7/0x140 [ 186.327087][ T43] vfs_get_tree+0x90/0x2a0 [ 186.331624][ T43] vfs_kern_mount+0xbc/0x160 [ 186.336412][ T43] kern_mount+0x43/0x90 [ 186.341294][ T43] anon_inode_init+0x16/0xa0 [ 186.346101][ T43] do_one_initcall+0x248/0x880 [ 186.350964][ T43] do_initcall_level+0x157/0x210 [ 186.356024][ T43] do_initcalls+0x3f/0x80 [ 186.360460][ T43] kernel_init_freeable+0x435/0x5d0 [ 186.365752][ T43] kernel_init+0x1d/0x2b0 [ 186.370173][ T43] ret_from_fork+0x4b/0x80 [ 186.374692][ T43] ret_from_fork_asm+0x1a/0x30 [ 186.379589][ T43] [ 186.379589][ T43] to a HARDIRQ-irq-unsafe lock: [ 186.386617][ T43] (&htab->buckets[i].lock){+...}-{2:2} [ 186.386650][ T43] [ 186.386650][ T43] ... which became HARDIRQ-irq-unsafe at: [ 186.400146][ T43] ... [ 186.400158][ T43] lock_acquire+0x1ed/0x550 [ 186.407347][ T43] _raw_spin_lock_bh+0x35/0x50 [ 186.412203][ T43] sock_hash_free+0x164/0x820 [ 186.417008][ T43] bpf_map_free_deferred+0xe6/0x110 [ 186.422302][ T43] process_scheduled_works+0xa2c/0x1830 [ 186.428048][ T43] worker_thread+0x86d/0xd70 [ 186.432741][ T43] kthread+0x2f0/0x390 [ 186.436920][ T43] ret_from_fork+0x4b/0x80 [ 186.441440][ T43] ret_from_fork_asm+0x1a/0x30 [ 186.446325][ T43] [ 186.446325][ T43] other info that might help us debug this: [ 186.446325][ T43] [ 186.456645][ T43] Chain exists of: [ 186.456645][ T43] &pool->lock --> (worker)->lock --> &htab->buckets[i].lock [ 186.456645][ T43] [ 186.469892][ T43] Possible interrupt unsafe locking scenario: [ 186.469892][ T43] [ 186.478602][ T43] CPU0 CPU1 [ 186.484964][ T43] ---- ---- [ 186.490692][ T43] lock(&htab->buckets[i].lock); [ 186.495729][ T43] local_irq_disable(); [ 186.502497][ T43] lock(&pool->lock); [ 186.509126][ T43] lock((worker)->lock); [ 186.516073][ T43] [ 186.519537][ T43] lock(&pool->lock); [ 186.523792][ T43] [ 186.523792][ T43] *** DEADLOCK *** [ 186.523792][ T43] [ 186.531942][ T43] 5 locks held by kworker/u8:3/43: [ 186.537117][ T43] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 186.548814][ T43] #1: ffffc90000b37d00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 186.560969][ T43] #2: ffffffff8e33a0f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x39a/0x820 [ 186.571891][ T43] #3: ffff8880172f0120 ((worker)->lock){....}-{2:2}, at: kthread_queue_work+0x27/0x180 [ 186.581681][ T43] #4: ffffffff8e334d60 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x530 [ 186.591131][ T43] [ 186.591131][ T43] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 186.602404][ T43] -> (&pool->lock){-.-.}-{2:2} { [ 186.607455][ T43] IN-HARDIRQ-W at: [ 186.611610][ T43] lock_acquire+0x1ed/0x550 [ 186.617991][ T43] _raw_spin_lock+0x2e/0x40 [ 186.624336][ T43] __queue_work+0x6ec/0xef0 [ 186.630682][ T43] queue_work_on+0x1c2/0x380 [ 186.637118][ T43] hrtimer_run_queues+0x154/0x460 [ 186.643978][ T43] update_process_times+0x80/0x230 [ 186.650950][ T43] tick_periodic+0x190/0x220 [ 186.657458][ T43] tick_handle_periodic+0x4a/0x160 [ 186.664548][ T43] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 186.672499][ T43] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 186.680010][ T43] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 186.687845][ T43] lock_acquire+0x264/0x550 [ 186.694197][ T43] fs_reclaim_acquire+0x88/0x140 [ 186.700966][ T43] kmem_cache_alloc_lru_noprof+0x42/0x2b0 [ 186.708517][ T43] new_inode_pseudo+0x8b/0x1e0 [ 186.715111][ T43] new_inode+0x22/0x1d0 [ 186.721093][ T43] pseudo_fs_fill_super+0x190/0x350 [ 186.728125][ T43] get_tree_nodev+0xb7/0x140 [ 186.734559][ T43] vfs_get_tree+0x90/0x2a0 [ 186.740815][ T43] vfs_kern_mount+0xbc/0x160 [ 186.747265][ T43] kern_mount+0x43/0x90 [ 186.753350][ T43] anon_inode_init+0x16/0xa0 [ 186.759808][ T43] do_one_initcall+0x248/0x880 [ 186.766446][ T43] do_initcall_level+0x157/0x210 [ 186.773237][ T43] do_initcalls+0x3f/0x80 [ 186.779451][ T43] kernel_init_freeable+0x435/0x5d0 [ 186.786485][ T43] kernel_init+0x1d/0x2b0 [ 186.792649][ T43] ret_from_fork+0x4b/0x80 [ 186.798921][ T43] ret_from_fork_asm+0x1a/0x30 [ 186.805547][ T43] IN-SOFTIRQ-W at: [ 186.809638][ T43] lock_acquire+0x1ed/0x550 [ 186.815974][ T43] _raw_spin_lock+0x2e/0x40 [ 186.822310][ T43] __queue_work+0x6ec/0xef0 [ 186.828652][ T43] call_timer_fn+0x18e/0x650 [ 186.835146][ T43] __run_timer_base+0x695/0x8e0 [ 186.841871][ T43] run_timer_softirq+0xb7/0x170 [ 186.848574][ T43] __do_softirq+0x2c6/0x980 [ 186.854909][ T43] __irq_exit_rcu+0xf2/0x1c0 [ 186.861451][ T43] irq_exit_rcu+0x9/0x30 [ 186.867523][ T43] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 186.875017][ T43] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 186.882941][ T43] default_idle+0x13/0x20 [ 186.889155][ T43] default_idle_call+0x74/0xb0 [ 186.895949][ T43] do_idle+0x22f/0x5d0 [ 186.901948][ T43] cpu_startup_entry+0x42/0x60 [ 186.908545][ T43] rest_init+0x2dc/0x300 [ 186.914620][ T43] start_kernel+0x47a/0x500 [ 186.920952][ T43] x86_64_start_reservations+0x2a/0x30 [ 186.928401][ T43] x86_64_start_kernel+0x99/0xa0 [ 186.935191][ T43] common_startup_64+0x13e/0x147 [ 186.942074][ T43] INITIAL USE at: [ 186.946078][ T43] lock_acquire+0x1ed/0x550 [ 186.952350][ T43] _raw_spin_lock+0x2e/0x40 [ 186.958681][ T43] __queue_work+0x6ec/0xef0 [ 186.964937][ T43] queue_work_on+0x1c2/0x380 [ 186.971731][ T43] start_poll_synchronize_rcu_expedited+0xf7/0x150 [ 186.980003][ T43] rcu_init+0xea/0x140 [ 186.985821][ T43] start_kernel+0x1f7/0x500 [ 186.992083][ T43] x86_64_start_reservations+0x2a/0x30 [ 186.999341][ T43] x86_64_start_kernel+0x99/0xa0 [ 187.006035][ T43] common_startup_64+0x13e/0x147 [ 187.012744][ T43] } [ 187.015337][ T43] ... key at: [] init_worker_pool.__key+0x0/0x20 [ 187.023860][ T43] -> ((worker)->lock){....}-{2:2} { [ 187.029086][ T43] INITIAL USE at: [ 187.033000][ T43] lock_acquire+0x1ed/0x550 [ 187.039076][ T43] _raw_spin_lock_irq+0xd3/0x120 [ 187.045586][ T43] kthread_worker_fn+0x236/0xaf0 [ 187.052091][ T43] kthread+0x2f0/0x390 [ 187.057731][ T43] ret_from_fork+0x4b/0x80 [ 187.063726][ T43] ret_from_fork_asm+0x1a/0x30 [ 187.070073][ T43] } [ 187.072574][ T43] ... key at: [] __kthread_create_worker.__key+0x0/0x20 [ 187.081700][ T43] ... acquired at: [ 187.085505][ T43] lock_acquire+0x1ed/0x550 [ 187.090210][ T43] _raw_spin_lock_irqsave+0xd5/0x120 [ 187.095674][ T43] kthread_queue_work+0x27/0x180 [ 187.100799][ T43] put_pwq_unlocked+0x12a/0x190 [ 187.105835][ T43] apply_workqueue_attrs_locked+0x132/0x210 [ 187.111915][ T43] apply_workqueue_attrs+0x30/0x50 [ 187.117213][ T43] padata_alloc+0x22b/0x370 [ 187.121905][ T43] pcrypt_init_padata+0x27/0x100 [ 187.127037][ T43] pcrypt_init+0x65/0xe0 [ 187.131466][ T43] do_one_initcall+0x248/0x880 [ 187.136431][ T43] do_initcall_level+0x157/0x210 [ 187.141554][ T43] do_initcalls+0x3f/0x80 [ 187.146419][ T43] kernel_init_freeable+0x435/0x5d0 [ 187.151827][ T43] kernel_init+0x1d/0x2b0 [ 187.156456][ T43] ret_from_fork+0x4b/0x80 [ 187.161057][ T43] ret_from_fork_asm+0x1a/0x30 [ 187.166200][ T43] [ 187.168527][ T43] [ 187.168527][ T43] the dependencies between the lock to be acquired [ 187.168536][ T43] and HARDIRQ-irq-unsafe lock: [ 187.182175][ T43] -> (&htab->buckets[i].lock){+...}-{2:2} { [ 187.188101][ T43] HARDIRQ-ON-W at: [ 187.192104][ T43] lock_acquire+0x1ed/0x550 [ 187.198286][ T43] _raw_spin_lock_bh+0x35/0x50 [ 187.204711][ T43] sock_hash_free+0x164/0x820 [ 187.211041][ T43] bpf_map_free_deferred+0xe6/0x110 [ 187.217900][ T43] process_scheduled_works+0xa2c/0x1830 [ 187.225107][ T43] worker_thread+0x86d/0xd70 [ 187.231358][ T43] kthread+0x2f0/0x390 [ 187.237091][ T43] ret_from_fork+0x4b/0x80 [ 187.243169][ T43] ret_from_fork_asm+0x1a/0x30 [ 187.249872][ T43] INITIAL USE at: [ 187.254115][ T43] lock_acquire+0x1ed/0x550 [ 187.260190][ T43] _raw_spin_lock_bh+0x35/0x50 [ 187.266531][ T43] sock_hash_free+0x164/0x820 [ 187.273294][ T43] bpf_map_free_deferred+0xe6/0x110 [ 187.280237][ T43] process_scheduled_works+0xa2c/0x1830 [ 187.287350][ T43] worker_thread+0x86d/0xd70 [ 187.293511][ T43] kthread+0x2f0/0x390 [ 187.299148][ T43] ret_from_fork+0x4b/0x80 [ 187.305141][ T43] ret_from_fork_asm+0x1a/0x30 [ 187.311577][ T43] } [ 187.314095][ T43] ... key at: [] sock_hash_alloc.__key+0x0/0x20 [ 187.322533][ T43] ... acquired at: [ 187.326450][ T43] lock_acquire+0x1ed/0x550 [ 187.331133][ T43] _raw_spin_lock_bh+0x35/0x50 [ 187.336079][ T43] sock_hash_delete_elem+0xb0/0x300 [ 187.341459][ T43] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 187.347101][ T43] bpf_trace_run2+0x2ec/0x530 [ 187.351977][ T43] kthread_insert_work+0x419/0x480 [ 187.357463][ T43] kthread_queue_work+0xff/0x180 [ 187.362592][ T43] synchronize_rcu_expedited+0x593/0x820 [ 187.368423][ T43] synchronize_rcu+0x136/0x3e0 [ 187.373368][ T43] sock_hash_free+0xac/0x820 [ 187.378148][ T43] bpf_map_free_deferred+0xe6/0x110 [ 187.383533][ T43] process_scheduled_works+0xa2c/0x1830 [ 187.389341][ T43] worker_thread+0x86d/0xd70 [ 187.394120][ T43] kthread+0x2f0/0x390 [ 187.398372][ T43] ret_from_fork+0x4b/0x80 [ 187.403146][ T43] ret_from_fork_asm+0x1a/0x30 [ 187.408095][ T43] [ 187.410419][ T43] [ 187.410419][ T43] stack backtrace: [ 187.416311][ T43] CPU: 1 PID: 43 Comm: kworker/u8:3 Not tainted 6.9.0-rc1-next-20240328-syzkaller #0 [ 187.426462][ T43] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 187.436537][ T43] Workqueue: events_unbound bpf_map_free_deferred [ 187.442993][ T43] Call Trace: [ 187.446283][ T43] [ 187.449220][ T43] dump_stack_lvl+0x241/0x360 [ 187.453906][ T43] ? __pfx_dump_stack_lvl+0x10/0x10 [ 187.459890][ T43] ? __pfx__printk+0x10/0x10 [ 187.464518][ T43] ? print_shortest_lock_dependencies+0xf2/0x160 [ 187.470885][ T43] validate_chain+0x4dc7/0x58e0 [ 187.475919][ T43] ? __pfx_validate_chain+0x10/0x10 [ 187.481230][ T43] ? validate_chain+0x11b/0x58e0 [ 187.486271][ T43] ? __pfx_validate_chain+0x10/0x10 [ 187.491482][ T43] ? register_lock_class+0x102/0x980 [ 187.496776][ T43] ? __pfx_register_lock_class+0x10/0x10 [ 187.502413][ T43] ? __pfx_validate_chain+0x10/0x10 [ 187.507625][ T43] ? mark_lock+0x9a/0x350 [ 187.511996][ T43] __lock_acquire+0x1346/0x1fd0 [ 187.516883][ T43] lock_acquire+0x1ed/0x550 [ 187.521395][ T43] ? sock_hash_delete_elem+0xb0/0x300 [ 187.526791][ T43] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 187.532518][ T43] ? __pfx_lock_acquire+0x10/0x10 [ 187.537558][ T43] ? sock_hash_delete_elem+0xb0/0x300 [ 187.542979][ T43] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 187.548821][ T43] ? __pfx_lock_acquire+0x10/0x10 [ 187.553874][ T43] ? sock_hash_delete_elem+0xb0/0x300 [ 187.559352][ T43] _raw_spin_lock_bh+0x35/0x50 [ 187.564125][ T43] ? sock_hash_delete_elem+0xb0/0x300 [ 187.569516][ T43] sock_hash_delete_elem+0xb0/0x300 [ 187.574725][ T43] ? bpf_trace_run2+0x1fc/0x530 [ 187.579613][ T43] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 187.585085][ T43] bpf_trace_run2+0x2ec/0x530 [ 187.589958][ T43] ? __pfx_bpf_trace_run2+0x10/0x10 [ 187.595192][ T43] kthread_insert_work+0x419/0x480 [ 187.600321][ T43] kthread_queue_work+0xff/0x180 [ 187.605269][ T43] synchronize_rcu_expedited+0x593/0x820 [ 187.610916][ T43] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 187.617079][ T43] ? __pfx_validate_chain+0x10/0x10 [ 187.622461][ T43] ? __mod_timer+0xb89/0xeb0 [ 187.627060][ T43] ? __pfx_lock_release+0x10/0x10 [ 187.632092][ T43] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 187.637418][ T43] ? __pfx___might_resched+0x10/0x10 [ 187.642718][ T43] ? look_up_lock_class+0x77/0x160 [ 187.647995][ T43] synchronize_rcu+0x136/0x3e0 [ 187.652768][ T43] ? __pfx_synchronize_rcu+0x10/0x10 [ 187.658060][ T43] ? mark_lock+0x9a/0x350 [ 187.662481][ T43] ? debug_object_deactivate+0x2d5/0x390 [ 187.668125][ T43] ? __lock_acquire+0x1346/0x1fd0 [ 187.673196][ T43] sock_hash_free+0xac/0x820 [ 187.677809][ T43] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 187.683798][ T43] ? __pfx_sock_hash_free+0x10/0x10 [ 187.689002][ T43] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 187.695428][ T43] bpf_map_free_deferred+0xe6/0x110 [ 187.700640][ T43] ? process_scheduled_works+0x945/0x1830 [ 187.706461][ T43] process_scheduled_works+0xa2c/0x1830 [ 187.712044][ T43] ? __pfx_process_scheduled_works+0x10/0x10 [ 187.718066][ T43] ? assign_work+0x364/0x3d0 [ 187.722764][ T43] worker_thread+0x86d/0xd70 [ 187.727376][ T43] ? __kthread_parkme+0x169/0x1d0 [ 187.732596][ T43] ? __pfx_worker_thread+0x10/0x10 [pid 5111] exit_group(0) = ? [ 187.737723][ T43] kthread+0x2f0/0x390 [ 187.741831][ T43] ? __pfx_worker_thread+0x10/0x10 [ 187.746962][ T43] ? __pfx_kthread+0x10/0x10 [ 187.751562][ T43] ret_from_fork+0x4b/0x80 [ 187.755999][ T43] ? __pfx_kthread+0x10/0x10 [ 187.760633][ T43] ret_from_fork_asm+0x1a/0x30 [ 187.765443][ T43] [ 187.768766][ T43] ------------[ cut here ]------------ [ 187.774469][ T43] raw_local_irq_restore() called with IRQs enabled [ 187.781233][ T43] WARNING: CPU: 1 PID: 43 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x29/0x40 [ 187.792038][ T43] Modules linked in: [ 187.796033][ T43] CPU: 1 PID: 43 Comm: kworker/u8:3 Not tainted 6.9.0-rc1-next-20240328-syzkaller #0 [ 187.805569][ T43] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 187.815725][ T43] Workqueue: events_unbound bpf_map_free_deferred [ 187.822199][ T43] RIP: 0010:warn_bogus_irq_restore+0x29/0x40 [ 187.828268][ T43] Code: 90 f3 0f 1e fa 90 80 3d f4 fc 13 04 00 74 06 90 c3 cc cc cc cc c6 05 e5 fc 13 04 01 90 48 c7 c7 c0 cd ca 8b e8 68 60 d8 f5 90 <0f> 0b 90 90 90 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f [ 187.848763][ T43] RSP: 0018:ffffc90000b37598 EFLAGS: 00010246 [ 187.854912][ T43] RAX: 4d3935fa6456b600 RBX: 1ffff92000166eb8 RCX: ffff88801b6e1e00 [ 187.862958][ T43] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 187.871195][ T43] RBP: ffffc90000b37630 R08: ffffffff815802c2 R09: fffffbfff1c39b10 [ 187.879240][ T43] R10: dffffc0000000000 R11: fffffbfff1c39b10 R12: dffffc0000000000 [pid 5111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=170 /* 1.70 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565658650) = 5112 ./strace-static-x86_64: Process 5112 attached [pid 5112] set_robust_list(0x555565658660, 24) = 0 [pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5112] setpgid(0, 0) = 0 [pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5112] write(3, "1000", 4) = 4 [pid 5112] close(3) = 0 [pid 5112] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=8, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5112] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5112] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 187.887406][ T43] R13: 1ffff92000166eb4 R14: ffffc90000b375c0 R15: 0000000000000246 [ 187.895475][ T43] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 187.904490][ T43] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 187.911101][ T43] CR2: 0000000000000000 CR3: 0000000079034000 CR4: 00000000003506f0 [ 187.919211][ T43] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 187.928421][ T43] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 187.936746][ T43] Call Trace: [ 187.940050][ T43] [ 187.943064][ T43] ? __warn+0x163/0x4e0 [ 187.947257][ T43] ? warn_bogus_irq_restore+0x29/0x40 [ 187.952658][ T43] ? report_bug+0x2b3/0x500 [ 187.957329][ T43] ? warn_bogus_irq_restore+0x29/0x40 [ 187.962752][ T43] ? handle_bug+0x3e/0x70 [ 187.967232][ T43] ? exc_invalid_op+0x1a/0x50 [ 187.971977][ T43] ? asm_exc_invalid_op+0x1a/0x20 [ 187.977079][ T43] ? __warn_printk+0x292/0x360 [ 187.981990][ T43] ? warn_bogus_irq_restore+0x29/0x40 [ 187.987475][ T43] ? warn_bogus_irq_restore+0x28/0x40 [ 187.992913][ T43] _raw_spin_unlock_irqrestore+0x120/0x140 [ 187.998798][ T43] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 188.005484][ T43] kthread_queue_work+0x110/0x180 [ 188.010638][ T43] synchronize_rcu_expedited+0x593/0x820 [ 188.016343][ T43] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 188.022534][ T43] ? __pfx_validate_chain+0x10/0x10 [ 188.027842][ T43] ? __mod_timer+0xb89/0xeb0 [ 188.032485][ T43] ? __pfx_lock_release+0x10/0x10 [ 188.037683][ T43] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 188.043065][ T43] ? __pfx___might_resched+0x10/0x10 [ 188.048393][ T43] ? look_up_lock_class+0x77/0x160 [ 188.053593][ T43] synchronize_rcu+0x136/0x3e0 [ 188.058427][ T43] ? __pfx_synchronize_rcu+0x10/0x10 [ 188.063908][ T43] ? mark_lock+0x9a/0x350 [ 188.068275][ T43] ? debug_object_deactivate+0x2d5/0x390 [ 188.074187][ T43] ? __lock_acquire+0x1346/0x1fd0 [ 188.079362][ T43] sock_hash_free+0xac/0x820 [ 188.084621][ T43] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 188.090860][ T43] ? __pfx_sock_hash_free+0x10/0x10 [ 188.096191][ T43] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 188.102751][ T43] bpf_map_free_deferred+0xe6/0x110 [ 188.108134][ T43] ? process_scheduled_works+0x945/0x1830 [ 188.114010][ T43] process_scheduled_works+0xa2c/0x1830 [ 188.119607][ T43] ? __pfx_process_scheduled_works+0x10/0x10 [ 188.125664][ T43] ? assign_work+0x364/0x3d0 [ 188.130307][ T43] worker_thread+0x86d/0xd70 [ 188.134992][ T43] ? __kthread_parkme+0x169/0x1d0 [ 188.140063][ T43] ? __pfx_worker_thread+0x10/0x10 [ 188.145284][ T43] kthread+0x2f0/0x390 [ 188.149494][ T43] ? __pfx_worker_thread+0x10/0x10 [ 188.154685][ T43] ? __pfx_kthread+0x10/0x10 [ 188.159342][ T43] ret_from_fork+0x4b/0x80 [ 188.163858][ T43] ? __pfx_kthread+0x10/0x10 [ 188.168488][ T43] ret_from_fork_asm+0x1a/0x30 [ 188.173344][ T43] [ 188.176406][ T43] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 188.183730][ T43] CPU: 1 PID: 43 Comm: kworker/u8:3 Not tainted 6.9.0-rc1-next-20240328-syzkaller #0 [ 188.193221][ T43] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 188.203423][ T43] Workqueue: events_unbound bpf_map_free_deferred [ 188.209981][ T43] Call Trace: [ 188.213266][ T43] [ 188.216230][ T43] dump_stack_lvl+0x241/0x360 [ 188.220949][ T43] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.226166][ T43] ? __pfx__printk+0x10/0x10 [ 188.230801][ T43] ? _printk+0xd5/0x120 [ 188.235252][ T43] ? vscnprintf+0x5d/0x90 [ 188.239954][ T43] panic+0x349/0x860 [ 188.243970][ T43] ? __warn+0x172/0x4e0 [ 188.248168][ T43] ? __pfx_panic+0x10/0x10 [ 188.252621][ T43] ? show_trace_log_lvl+0x4e6/0x520 [ 188.257843][ T43] ? ret_from_fork_asm+0x1a/0x30 [ 188.262809][ T43] __warn+0x346/0x4e0 [ 188.266933][ T43] ? warn_bogus_irq_restore+0x29/0x40 [ 188.272769][ T43] report_bug+0x2b3/0x500 [ 188.277143][ T43] ? warn_bogus_irq_restore+0x29/0x40 [ 188.282540][ T43] handle_bug+0x3e/0x70 [ 188.286719][ T43] exc_invalid_op+0x1a/0x50 [ 188.291241][ T43] asm_exc_invalid_op+0x1a/0x20 [ 188.296112][ T43] RIP: 0010:warn_bogus_irq_restore+0x29/0x40 [ 188.302110][ T43] Code: 90 f3 0f 1e fa 90 80 3d f4 fc 13 04 00 74 06 90 c3 cc cc cc cc c6 05 e5 fc 13 04 01 90 48 c7 c7 c0 cd ca 8b e8 68 60 d8 f5 90 <0f> 0b 90 90 90 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f [ 188.321752][ T43] RSP: 0018:ffffc90000b37598 EFLAGS: 00010246 [ 188.327955][ T43] RAX: 4d3935fa6456b600 RBX: 1ffff92000166eb8 RCX: ffff88801b6e1e00 [ 188.336124][ T43] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 188.344108][ T43] RBP: ffffc90000b37630 R08: ffffffff815802c2 R09: fffffbfff1c39b10 [ 188.352094][ T43] R10: dffffc0000000000 R11: fffffbfff1c39b10 R12: dffffc0000000000 [ 188.360086][ T43] R13: 1ffff92000166eb4 R14: ffffc90000b375c0 R15: 0000000000000246 [ 188.368155][ T43] ? __warn_printk+0x292/0x360 [ 188.372945][ T43] ? warn_bogus_irq_restore+0x28/0x40 [ 188.378344][ T43] _raw_spin_unlock_irqrestore+0x120/0x140 [ 188.384343][ T43] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 188.390868][ T43] kthread_queue_work+0x110/0x180 [ 188.395909][ T43] synchronize_rcu_expedited+0x593/0x820 [ 188.401552][ T43] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 188.407715][ T43] ? __pfx_validate_chain+0x10/0x10 [ 188.413103][ T43] ? __mod_timer+0xb89/0xeb0 [ 188.417977][ T43] ? __pfx_lock_release+0x10/0x10 [ 188.423014][ T43] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 188.428408][ T43] ? __pfx___might_resched+0x10/0x10 [ 188.434503][ T43] ? look_up_lock_class+0x77/0x160 [ 188.440007][ T43] synchronize_rcu+0x136/0x3e0 [ 188.444780][ T43] ? __pfx_synchronize_rcu+0x10/0x10 [ 188.450086][ T43] ? mark_lock+0x9a/0x350 [ 188.454445][ T43] ? debug_object_deactivate+0x2d5/0x390 [ 188.460123][ T43] ? __lock_acquire+0x1346/0x1fd0 [ 188.465192][ T43] sock_hash_free+0xac/0x820 [ 188.469800][ T43] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 188.475793][ T43] ? __pfx_sock_hash_free+0x10/0x10 [ 188.481087][ T43] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 188.487513][ T43] bpf_map_free_deferred+0xe6/0x110 [ 188.492907][ T43] ? process_scheduled_works+0x945/0x1830 [ 188.498632][ T43] process_scheduled_works+0xa2c/0x1830 [ 188.504201][ T43] ? __pfx_process_scheduled_works+0x10/0x10 [ 188.510192][ T43] ? assign_work+0x364/0x3d0 [ 188.514790][ T43] worker_thread+0x86d/0xd70 [ 188.519431][ T43] ? __kthread_parkme+0x169/0x1d0 [ 188.524563][ T43] ? __pfx_worker_thread+0x10/0x10 [ 188.529694][ T43] kthread+0x2f0/0x390 [ 188.533774][ T43] ? __pfx_worker_thread+0x10/0x10 [ 188.538982][ T43] ? __pfx_kthread+0x10/0x10 [ 188.543587][ T43] ret_from_fork+0x4b/0x80 [ 188.548109][ T43] ? __pfx_kthread+0x10/0x10 [ 188.552725][ T43] ret_from_fork_asm+0x1a/0x30 [ 188.557518][ T43] [ 188.560763][ T43] Kernel Offset: disabled [ 188.565092][ T43] Rebooting in 86400 seconds..