./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1430916088
<...>
Warning: Permanently added '10.128.1.174' (ED25519) to the list of known hosts.
execve("./syz-executor1430916088", ["./syz-executor1430916088"], 0x7ffc9a505920 /* 10 vars */) = 0
brk(NULL) = 0x5555638c5000
brk(0x5555638c5d00) = 0x5555638c5d00
arch_prctl(ARCH_SET_FS, 0x5555638c5380) = 0
set_tid_address(0x5555638c5650) = 5094
set_robust_list(0x5555638c5660, 24) = 0
rseq(0x5555638c5ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1430916088", 4096) = 28
getrandom("\x9f\x61\xae\xe3\xf7\xfe\x81\xc9", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x5555638c5d00
brk(0x5555638e6d00) = 0x5555638e6d00
brk(0x5555638e7000) = 0x5555638e7000
mprotect(0x7f015220d000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached
, child_tidptr=0x5555638c5650) = 5095
[pid 5095] set_robust_list(0x5555638c5660, 24) = 0
[pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5095] setpgid(0, 0) = 0
[pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5095] write(3, "1000", 4) = 4
[pid 5095] close(3) = 0
[pid 5095] write(1, "executing program\n", 18executing program
) = 18
[pid 5095] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=4294966948, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid 5095] socketpair(AF_TIPC, SOCK_DGRAM, 0, [3, 4]) = 0
[pid 5095] close(3) = 0
[pid 5095] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=7, value_size=65537, max_entries=8, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid 5095] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid 5095] close(3) = 0
[pid 5095] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=7, value_size=3983, max_entries=9, map_flags=BPF_F_NO_PREALLOC, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
[pid 5095] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000340, value=0x20000200, flags=BPF_ANY}, 32) = 0
[pid 5095] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 5
[pid 5095] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="timer_start", prog_fd=5}}, 16) = 6
[ 74.084317][ C1]
[ 74.086704][ C1] ======================================================
[ 74.093734][ C1] WARNING: possible circular locking dependency detected
[ 74.100841][ C1] 6.10.0-rc1-syzkaller-00199-gb0c9a2643541 #0 Not tainted
[ 74.107936][ C1] ------------------------------------------------------
[ 74.114939][ C1] swapper/1/0 is trying to acquire lock:
[ 74.120557][ C1] ffff8880b9529430 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x18a/0x790
[ 74.129200][ C1]
[ 74.129200][ C1] but task is already holding lock:
[ 74.136638][ C1] ffff8880b952a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240
[ 74.145682][ C1]
[ 74.145682][ C1] which lock already depends on the new lock.
[ 74.145682][ C1]
[ 74.156069][ C1]
[ 74.156069][ C1] the existing dependency chain (in reverse order) is:
[ 74.165072][ C1]
[ 74.165072][ C1] -> #1 (&base->lock){-.-.}-{2:2}:
[ 74.172364][ C1] lock_acquire+0x1ed/0x550
[ 74.177525][ C1] _raw_spin_lock_irqsave+0xd5/0x120
[ 74.183419][ C1] lock_timer_base+0x112/0x240
[ 74.188692][ C1] __mod_timer+0x1ca/0xeb0
[ 74.193618][ C1] queue_delayed_work_on+0x1ca/0x390
[ 74.199414][ C1] kvfree_call_rcu+0x47f/0x790
[ 74.204689][ C1] rtnl_register_internal+0x482/0x590
[ 74.210665][ C1] rtnl_register+0x36/0x80
[ 74.215596][ C1] ip_rt_init+0x2f6/0x3a0
[ 74.220528][ C1] ip_init+0xe/0x20
[ 74.224854][ C1] inet_init+0x3d8/0x580
[ 74.229607][ C1] do_one_initcall+0x248/0x880
[ 74.234887][ C1] do_initcall_level+0x157/0x210
[ 74.240341][ C1] do_initcalls+0x3f/0x80
[ 74.245180][ C1] kernel_init_freeable+0x435/0x5d0
[ 74.250898][ C1] kernel_init+0x1d/0x2b0
[ 74.255742][ C1] ret_from_fork+0x4b/0x80
[ 74.260676][ C1] ret_from_fork_asm+0x1a/0x30
[ 74.265963][ C1]
[ 74.265963][ C1] -> #0 (krc.lock){..-.}-{2:2}:
[ 74.273011][ C1] validate_chain+0x18e0/0x5900
[ 74.278386][ C1] __lock_acquire+0x1346/0x1fd0
[ 74.283753][ C1] lock_acquire+0x1ed/0x550
[ 74.288786][ C1] _raw_spin_lock+0x2e/0x40
[ 74.293804][ C1] kvfree_call_rcu+0x18a/0x790
[ 74.299095][ C1] trie_delete_elem+0x546/0x6a0
[ 74.304547][ C1] bpf_prog_2c29ac5cdc6b1842+0x42/0x46
[ 74.310522][ C1] bpf_trace_run2+0x2ec/0x540
[ 74.315744][ C1] enqueue_timer+0x3ce/0x570
[ 74.320852][ C1] __mod_timer+0xa0e/0xeb0
[ 74.325869][ C1] dsp_cmx_send+0x21bf/0x2240
[ 74.331075][ C1] call_timer_fn+0x18e/0x650
[ 74.336188][ C1] __run_timer_base+0x66a/0x8e0
[ 74.341548][ C1] run_timer_softirq+0xb7/0x170
[ 74.347011][ C1] handle_softirqs+0x2c4/0x970
[ 74.352303][ C1] __irq_exit_rcu+0xf4/0x1c0
[ 74.357515][ C1] irq_exit_rcu+0x9/0x30
[ 74.362292][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 74.368449][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 74.374945][ C1] acpi_safe_halt+0x21/0x30
[ 74.379965][ C1] acpi_idle_enter+0xe4/0x140
[ 74.385244][ C1] cpuidle_enter_state+0x112/0x480
[ 74.390865][ C1] cpuidle_enter+0x5d/0xa0
[ 74.395796][ C1] do_idle+0x375/0x5d0
[ 74.400377][ C1] cpu_startup_entry+0x42/0x60
[ 74.405665][ C1] __pfx_ap_starting+0x0/0x10
[ 74.410857][ C1] common_startup_64+0x13e/0x147
[ 74.416306][ C1]
[ 74.416306][ C1] other info that might help us debug this:
[ 74.416306][ C1]
[ 74.426525][ C1] Possible unsafe locking scenario:
[ 74.426525][ C1]
[ 74.433959][ C1] CPU0 CPU1
[ 74.439315][ C1] ---- ----
[ 74.444664][ C1] lock(&base->lock);
[ 74.448740][ C1] lock(krc.lock);
[ 74.455060][ C1] lock(&base->lock);
[ 74.461648][ C1] lock(krc.lock);
[ 74.465449][ C1]
[ 74.465449][ C1] *** DEADLOCK ***
[ 74.465449][ C1]
[ 74.473576][ C1] 4 locks held by swapper/1/0:
[ 74.478322][ C1] #0: ffffc90000a18c00 ((&dsp_spl_tl)){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650
[ 74.487543][ C1] #1: ffffffff8f339f98 (dsp_lock){..-.}-{2:2}, at: dsp_cmx_send+0x26/0x2240
[ 74.496327][ C1] #2: ffff8880b952a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240
[ 74.505630][ C1] #3: ffffffff8e333f60 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540
[ 74.515028][ C1]
[ 74.515028][ C1] stack backtrace:
[ 74.520909][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.10.0-rc1-syzkaller-00199-gb0c9a2643541 #0
[ 74.530611][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 74.540659][ C1] Call Trace:
[ 74.543933][ C1]
[ 74.546793][ C1] dump_stack_lvl+0x241/0x360
[ 74.551476][ C1] ? __pfx_dump_stack_lvl+0x10/0x10
[ 74.556679][ C1] ? print_circular_bug+0x130/0x1a0
[ 74.561875][ C1] check_noncircular+0x36a/0x4a0
[ 74.567260][ C1] ? __pfx_check_noncircular+0x10/0x10
[ 74.572733][ C1] ? lockdep_lock+0x123/0x2b0
[ 74.577400][ C1] ? deref_stack_reg+0x1c7/0x260
[ 74.582334][ C1] ? __bfs+0x368/0x6f0
[ 74.586491][ C1] validate_chain+0x18e0/0x5900
[ 74.591357][ C1] ? __pfx___bfs+0x10/0x10
[ 74.595772][ C1] ? mark_lock_irq+0x8e1/0xc20
[ 74.600610][ C1] ? __pfx_validate_chain+0x10/0x10
[ 74.605822][ C1] ? __pfx_stack_trace_save+0x10/0x10
[ 74.611189][ C1] ? do_raw_spin_unlock+0x13c/0x8b0
[ 74.616425][ C1] ? lockdep_unlock+0x16a/0x300
[ 74.621294][ C1] ? __pfx_lockdep_unlock+0x10/0x10
[ 74.626488][ C1] ? stack_trace_save+0x118/0x1d0
[ 74.631527][ C1] ? mark_lock+0x9a/0x350
[ 74.635852][ C1] __lock_acquire+0x1346/0x1fd0
[ 74.640800][ C1] lock_acquire+0x1ed/0x550
[ 74.645306][ C1] ? kvfree_call_rcu+0x18a/0x790
[ 74.650246][ C1] ? __pfx_lock_acquire+0x10/0x10
[ 74.655270][ C1] ? __phys_addr+0xba/0x170
[ 74.659773][ C1] _raw_spin_lock+0x2e/0x40
[ 74.664269][ C1] ? kvfree_call_rcu+0x18a/0x790
[ 74.669212][ C1] kvfree_call_rcu+0x18a/0x790
[ 74.673971][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 74.679992][ C1] ? __pfx_kvfree_call_rcu+0x10/0x10
[ 74.685296][ C1] ? longest_prefix_match+0x49f/0x650
[ 74.690688][ C1] trie_delete_elem+0x546/0x6a0
[ 74.695551][ C1] ? bpf_trace_run2+0x1fc/0x540
[ 74.700403][ C1] bpf_prog_2c29ac5cdc6b1842+0x42/0x46
[ 74.705864][ C1] bpf_trace_run2+0x2ec/0x540
[ 74.710557][ C1] ? __pfx_bpf_trace_run2+0x10/0x10
[ 74.715767][ C1] ? __pfx_debug_object_activate+0x10/0x10
[ 74.721573][ C1] enqueue_timer+0x3ce/0x570
[ 74.726166][ C1] __mod_timer+0xa0e/0xeb0
[ 74.730582][ C1] ? __pfx___mod_timer+0x10/0x10
[ 74.735546][ C1] ? _raw_read_unlock_irqrestore+0xdd/0x140
[ 74.741539][ C1] ? __pfx__raw_read_unlock_irqrestore+0x10/0x10
[ 74.747865][ C1] ? timekeeping_get_ns+0x2c0/0x420
[ 74.753061][ C1] dsp_cmx_send+0x21bf/0x2240
[ 74.757745][ C1] ? __pfx_lock_acquire+0x10/0x10
[ 74.762762][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 74.768674][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 74.775009][ C1] ? call_timer_fn+0xa8/0x650
[ 74.779689][ C1] call_timer_fn+0x18e/0x650
[ 74.784282][ C1] ? __pfx_dsp_cmx_send+0x10/0x10
[ 74.789303][ C1] ? call_timer_fn+0xc0/0x650
[ 74.793985][ C1] ? __pfx_dsp_cmx_send+0x10/0x10
[ 74.799075][ C1] ? __pfx_call_timer_fn+0x10/0x10
[ 74.804196][ C1] ? __pfx_dsp_cmx_send+0x10/0x10
[ 74.809216][ C1] ? __pfx_dsp_cmx_send+0x10/0x10
[ 74.814255][ C1] ? __pfx_dsp_cmx_send+0x10/0x10
[ 74.819372][ C1] ? _raw_spin_unlock_irq+0x23/0x50
[ 74.824564][ C1] ? lockdep_hardirqs_on+0x99/0x150
[ 74.829762][ C1] ? __pfx_dsp_cmx_send+0x10/0x10
[ 74.834782][ C1] __run_timer_base+0x66a/0x8e0
[ 74.839634][ C1] ? __pfx___run_timer_base+0x10/0x10
[ 74.845000][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 74.851327][ C1] run_timer_softirq+0xb7/0x170
[ 74.856174][ C1] handle_softirqs+0x2c4/0x970
[ 74.860933][ C1] ? __irq_exit_rcu+0xf4/0x1c0
[ 74.865692][ C1] ? __pfx_handle_softirqs+0x10/0x10
[ 74.870970][ C1] ? irqtime_account_irq+0xd4/0x1e0
[ 74.876179][ C1] __irq_exit_rcu+0xf4/0x1c0
[ 74.880764][ C1] ? __pfx___irq_exit_rcu+0x10/0x10
[ 74.885957][ C1] irq_exit_rcu+0x9/0x30
[ 74.890187][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 74.895822][ C1]
[ 74.898745][ C1]
[ 74.901666][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 74.907650][ C1] RIP: 0010:acpi_safe_halt+0x21/0x30
[ 74.912958][ C1] Code: 90 90 90 90 90 90 90 90 90 65 48 8b 04 25 00 d5 03 00 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d b5 f4 a2 00 f3 0f 1e fa fb f4 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90
[ 74.932562][ C1] RSP: 0018:ffffc900001a7d08 EFLAGS: 00000246
[ 74.938623][ C1] RAX: ffff888017ae8000 RBX: ffff88801b6f9864 RCX: 000000000001bdc9
[ 74.946586][ C1] RDX: 0000000000000001 RSI: ffff88801b6f9800 RDI: ffff88801b6f9864
[ 74.954596][ C1] RBP: 000000000003a5b8 R08: ffff8880b9537d0b R09: 1ffff110172a6fa1
[ 74.962562][ C1] R10: dffffc0000000000 R11: ffffffff8b868960 R12: ffff88801c718800
[ 74.970526][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff8eace380
[ 74.978667][ C1] ? __pfx_acpi_idle_enter+0x10/0x10
[ 74.983964][ C1] acpi_idle_enter+0xe4/0x140
[ 74.988668][ C1] cpuidle_enter_state+0x112/0x480
[ 74.993778][ C1] ? __pfx_menu_select+0x10/0x10
[ 74.998718][ C1] cpuidle_enter+0x5d/0xa0
[ 75.003135][ C1] do_idle+0x375/0x5d0
[ 75.007199][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 75.013524][ C1] ? __pfx_do_idle+0x10/0x10
[ 75.018107][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 75.023998][ C1] ? complete+0xb4/0x1c0
[ 75.028240][ C1] cpu_startup_entry+0x42/0x60
[ 75.032997][ C1] start_secondary+0x100/0x100
[ 75.037754][ C1] common_startup_64+0x13e/0x147
[ 75.042703][ C1]