./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1779414915 <...> Warning: Permanently added '10.128.1.2' (ED25519) to the list of known hosts. execve("./syz-executor1779414915", ["./syz-executor1779414915"], 0x7ffe9d1c4950 /* 10 vars */) = 0 brk(NULL) = 0x555585b63000 brk(0x555585b63d00) = 0x555585b63d00 arch_prctl(ARCH_SET_FS, 0x555585b63380) = 0 set_tid_address(0x555585b63650) = 5079 set_robust_list(0x555585b63660, 24) = 0 rseq(0x555585b63ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1779414915", 4096) = 28 getrandom("\x2f\x52\x1d\x78\x53\x43\x59\x67", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555585b63d00 brk(0x555585b84d00) = 0x555585b84d00 brk(0x555585b85000) = 0x555585b85000 mprotect(0x7f8fd95e9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=12, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16) = 5 bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SK_MSG, insn_cnt=4, insns=0x20000040, license="GPL", log_level=2, log_size=64912, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 6 close(6) = 0 socketpair(AF_UNIX, SOCK_DGRAM, 0, [6, 7]) = 0 bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 8 bpf(BPF_MAP_UPDATE_ELEM, {map_fd=8, key=0x20000000, value=0x20000080, flags=BPF_ANY}, 32) = 0 [ 61.450609][ T5079] [ 61.452974][ T5079] ============================================ [ 61.459108][ T5079] WARNING: possible recursive locking detected [ 61.465283][ T5079] 6.9.0-rc5-syzkaller-00202-g78cfe547607a #0 Not tainted [ 61.472311][ T5079] -------------------------------------------- [ 61.478444][ T5079] syz-executor177/5079 is trying to acquire lock: [ 61.484832][ T5079] ffff88802f63f200 (&stab->lock){+...}-{2:2}, at: sock_map_delete_elem+0x175/0x250 [ 61.494157][ T5079] [ 61.494157][ T5079] but task is already holding lock: [ 61.501617][ T5079] ffff88802f63ea00 (&stab->lock){+...}-{2:2}, at: sock_map_update_common+0x1b6/0x5b0 [ 61.511202][ T5079] [ 61.511202][ T5079] other info that might help us debug this: [ 61.519265][ T5079] Possible unsafe locking scenario: [ 61.519265][ T5079] [ 61.526696][ T5079] CPU0 [ 61.529972][ T5079] ---- [ 61.533502][ T5079] lock(&stab->lock); [ 61.537560][ T5079] lock(&stab->lock); [ 61.541616][ T5079] [ 61.541616][ T5079] *** DEADLOCK *** [ 61.541616][ T5079] [ 61.549775][ T5079] May be due to missing lock nesting notation [ 61.549775][ T5079] [ 61.558113][ T5079] 5 locks held by syz-executor177/5079: [ 61.563638][ T5079] #0: ffff8880202afa58 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sock_map_update_elem_sys+0x1cc/0x910 [ 61.574082][ T5079] #1: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: sock_map_update_elem_sys+0x1d8/0x910 [ 61.584348][ T5079] #2: ffff88802f63ea00 (&stab->lock){+...}-{2:2}, at: sock_map_update_common+0x1b6/0x5b0 [ 61.594275][ T5079] #3: ffff88802aa3e290 (&psock->link_lock){+...}-{2:2}, at: sock_map_unref+0xcc/0x5e0 [ 61.603927][ T5079] #4: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x114/0x420 [ 61.613325][ T5079] [ 61.613325][ T5079] stack backtrace: [ 61.619284][ T5079] CPU: 0 PID: 5079 Comm: syz-executor177 Not tainted 6.9.0-rc5-syzkaller-00202-g78cfe547607a #0 [ 61.629781][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 61.639841][ T5079] Call Trace: [ 61.643124][ T5079] [ 61.646453][ T5079] dump_stack_lvl+0x241/0x360 [ 61.651151][ T5079] ? __pfx_dump_stack_lvl+0x10/0x10 [ 61.656348][ T5079] ? print_deadlock_bug+0x479/0x620 [ 61.661541][ T5079] ? _find_first_zero_bit+0xd4/0x100 [ 61.666824][ T5079] validate_chain+0x15c1/0x58e0 [ 61.671682][ T5079] ? __pfx_lock_acquire+0x10/0x10 [ 61.676695][ T5079] ? mark_lock+0x9a/0x350 [ 61.681051][ T5079] ? __pfx_lock_release+0x10/0x10 [ 61.686062][ T5079] ? __pfx_validate_chain+0x10/0x10 [ 61.691260][ T5079] ? mark_lock+0x9a/0x350 [ 61.695668][ T5079] ? __pfx_validate_chain+0x10/0x10 [ 61.700987][ T5079] ? __lock_acquire+0x1346/0x1fd0 [ 61.706012][ T5079] ? mark_lock+0x9a/0x350 [ 61.710359][ T5079] __lock_acquire+0x1346/0x1fd0 [ 61.715226][ T5079] lock_acquire+0x1ed/0x550 [ 61.719729][ T5079] ? sock_map_delete_elem+0x175/0x250 [ 61.725101][ T5079] ? __lock_acquire+0x1346/0x1fd0 [ 61.730115][ T5079] ? __pfx_lock_acquire+0x10/0x10 [ 61.735129][ T5079] ? group_send_sig_info+0x86/0x310 [ 61.740323][ T5079] ? sock_map_delete_elem+0x175/0x250 [ 61.745695][ T5079] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 61.751493][ T5079] ? __pfx_group_send_sig_info+0x10/0x10 [ 61.757132][ T5079] ? sock_map_delete_elem+0x175/0x250 [ 61.762512][ T5079] _raw_spin_lock_bh+0x35/0x50 [ 61.767272][ T5079] ? sock_map_delete_elem+0x175/0x250 [ 61.772638][ T5079] sock_map_delete_elem+0x175/0x250 [ 61.777953][ T5079] ? __pfx_bpf_send_signal_common+0x10/0x10 [ 61.783870][ T5079] ? __pfx_sock_map_delete_elem+0x10/0x10 [ 61.789599][ T5079] bpf_prog_029d1888f6cd2729+0x47/0x4b [ 61.795052][ T5079] bpf_trace_run2+0x204/0x420 [ 61.799740][ T5079] ? bpf_trace_run2+0x114/0x420 [ 61.804594][ T5079] ? __pfx_bpf_trace_run2+0x10/0x10 [ 61.809870][ T5079] ? sock_map_unref+0x3ac/0x5e0 [ 61.815390][ T5079] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 61.820782][ T5079] ? sock_map_unref+0x3ac/0x5e0 [ 61.825642][ T5079] kfree+0x2af/0x3a0 [ 61.829538][ T5079] sock_map_unref+0x3ac/0x5e0 [ 61.834225][ T5079] sock_map_update_common+0x4f0/0x5b0 [ 61.839684][ T5079] sock_map_update_elem_sys+0x55f/0x910 [ 61.845223][ T5079] ? __virt_addr_valid+0x183/0x520 [ 61.850328][ T5079] ? sock_map_update_elem_sys+0x1d8/0x910 [ 61.856043][ T5079] ? __pfx_sock_map_update_elem_sys+0x10/0x10 [ 61.862109][ T5079] map_update_elem+0x53a/0x6f0 [ 61.866897][ T5079] __sys_bpf+0x76f/0x810 [ 61.871295][ T5079] ? __pfx___sys_bpf+0x10/0x10 [ 61.876071][ T5079] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 61.882482][ T5079] ? do_syscall_64+0x102/0x240 [ 61.887248][ T5079] __x64_sys_bpf+0x7c/0x90 [ 61.891678][ T5079] do_syscall_64+0xf5/0x240 [ 61.896286][ T5079] ? clear_bhb_loop+0x35/0x90 [ 61.901066][ T5079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.906970][ T5079] RIP: 0033:0x7f8fd95759e9 [ 61.911391][ T5079] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 61.930991][ T5079] RSP: 002b:00007ffd7e5f3158 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 61.939399][ T5079] RAX: ffffffffffffffda RBX: 00007ffd7e5f3328 RCX: 00007f8fd95759e9 bpf(BPF_MAP_UPDATE_ELEM, {map_fd=8, key=0x20000ac0, value=0x20000b00, flags=BPF_ANY}, 32) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 61.947417][ T5079] RDX: 0000000000000020 RSI: 000000002000