./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3298272058 <...> Warning: Permanently added '10.128.10.2' (ED25519) to the list of known hosts. execve("./syz-executor3298272058", ["./syz-executor3298272058"], 0x7ffda8c03c60 /* 10 vars */) = 0 brk(NULL) = 0x55555a80c000 brk(0x55555a80cd00) = 0x55555a80cd00 arch_prctl(ARCH_SET_FS, 0x55555a80c380) = 0 set_tid_address(0x55555a80c650) = 5084 set_robust_list(0x55555a80c660, 24) = 0 rseq(0x55555a80cca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3298272058", 4096) = 28 getrandom("\x28\x95\x85\x8a\xd8\xa9\xa4\x54", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555a80cd00 brk(0x55555a82dd00) = 0x55555a82dd00 brk(0x55555a82e000) = 0x55555a82e000 mprotect(0x7f4ef2405000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a80c650) = 5085 ./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x55555a80c660, 24) = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] write(1, "executing program\n", 18executing program ) = 18 [pid 5085] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=2, max_entries=1, map_flags=BPF_F_NO_PREALLOC|BPF_F_NUMA_NODE, inner_map_fd=-1, numa_node=0, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5085] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5085] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=3, key=0x20000300, value=0x20000540, flags=BPF_ANY}, 32) = 0 [pid 5085] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5085] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16) = 5 [ 54.218318][ T5085] [ 54.220688][ T5085] ============================================ [ 54.226823][ T5085] WARNING: possible recursive locking detected [ 54.232974][ T5085] 6.9.0-rc7-syzkaller-02064-g71ed6c266348 #0 Not tainted [ 54.239981][ T5085] -------------------------------------------- [ 54.246119][ T5085] syz-executor329/5085 is trying to acquire lock: [ 54.252512][ T5085] ffff88802a50c1f8 (&trie->lock){....}-{2:2}, at: trie_delete_elem+0x96/0x6a0 [ 54.261398][ T5085] [ 54.261398][ T5085] but task is already holding lock: [ 54.268761][ T5085] ffff88802a50c1f8 (&trie->lock){....}-{2:2}, at: trie_update_elem+0xc8/0xc00 [ 54.277660][ T5085] [ 54.277660][ T5085] other info that might help us debug this: [ 54.285702][ T5085] Possible unsafe locking scenario: [ 54.285702][ T5085] [ 54.293133][ T5085] CPU0 [ 54.296396][ T5085] ---- [ 54.299654][ T5085] lock(&trie->lock); [ 54.303703][ T5085] lock(&trie->lock); [ 54.307755][ T5085] [ 54.307755][ T5085] *** DEADLOCK *** [ 54.307755][ T5085] [ 54.315880][ T5085] May be due to missing lock nesting notation [ 54.315880][ T5085] [ 54.324183][ T5085] 3 locks held by syz-executor329/5085: [ 54.329719][ T5085] #0: ffffffff8e334ea0 (rcu_read_lock){....}-{1:2}, at: bpf_map_update_value+0x3c4/0x540 [ 54.339618][ T5085] #1: ffff88802a50c1f8 (&trie->lock){....}-{2:2}, at: trie_update_elem+0xc8/0xc00 [ 54.348909][ T5085] #2: ffffffff8e334ea0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540 [ 54.358287][ T5085] [ 54.358287][ T5085] stack backtrace: [ 54.364184][ T5085] CPU: 0 PID: 5085 Comm: syz-executor329 Not tainted 6.9.0-rc7-syzkaller-02064-g71ed6c266348 #0 [ 54.374587][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 54.384644][ T5085] Call Trace: [ 54.387912][ T5085] [ 54.390827][ T5085] dump_stack_lvl+0x241/0x360 [ 54.395505][ T5085] ? __pfx_dump_stack_lvl+0x10/0x10 [ 54.400697][ T5085] ? print_deadlock_bug+0x479/0x620 [ 54.405890][ T5085] ? _find_first_zero_bit+0xd4/0x100 [ 54.411177][ T5085] validate_chain+0x15c1/0x58e0 [ 54.416030][ T5085] ? validate_chain+0x11b/0x58e0 [ 54.420967][ T5085] ? __pfx_validate_chain+0x10/0x10 [ 54.426170][ T5085] ? validate_chain+0x11b/0x58e0 [ 54.431104][ T5085] ? mark_lock+0x9a/0x350 [ 54.435423][ T5085] ? __lock_acquire+0x1346/0x1fd0 [ 54.440434][ T5085] ? __pfx_validate_chain+0x10/0x10 [ 54.445629][ T5085] ? mark_lock+0x9a/0x350 [ 54.449949][ T5085] __lock_acquire+0x1346/0x1fd0 [ 54.454795][ T5085] lock_acquire+0x1ed/0x550 [ 54.459284][ T5085] ? trie_delete_elem+0x96/0x6a0 [ 54.464222][ T5085] ? __pfx_lock_acquire+0x10/0x10 [ 54.469255][ T5085] ? __lock_acquire+0x1346/0x1fd0 [ 54.474282][ T5085] _raw_spin_lock_irqsave+0xd5/0x120 [ 54.479556][ T5085] ? trie_delete_elem+0x96/0x6a0 [ 54.484488][ T5085] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 54.490371][ T5085] ? __pfx_lock_acquire+0x10/0x10 [ 54.495389][ T5085] trie_delete_elem+0x96/0x6a0 [ 54.500176][ T5085] ? __pfx___cant_migrate+0x10/0x10 [ 54.505373][ T5085] ? bpf_trace_run2+0x1fc/0x540 [ 54.510213][ T5085] bpf_prog_fdee3c9a1e8a2a6e+0x45/0x49 [ 54.515657][ T5085] bpf_trace_run2+0x2ec/0x540 [ 54.520339][ T5085] ? __pfx_bpf_trace_run2+0x10/0x10 [ 54.525542][ T5085] ? trie_update_elem+0x26c/0xc00 [ 54.530567][ T5085] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 54.536023][ T5085] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 54.541900][ T5085] ? trie_update_elem+0x26c/0xc00 [ 54.546912][ T5085] kfree+0x2bd/0x3b0 [ 54.550799][ T5085] trie_update_elem+0x26c/0xc00 [ 54.555648][ T5085] ? __might_fault+0xaa/0x120 [ 54.560333][ T5085] bpf_map_update_value+0x4d3/0x540 [ 54.565524][ T5085] map_update_elem+0x53a/0x6f0 [ 54.570277][ T5085] __sys_bpf+0x76f/0x810 [ 54.574508][ T5085] ? __pfx___sys_bpf+0x10/0x10 [ 54.579262][ T5085] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 54.585580][ T5085] ? do_syscall_64+0x102/0x240 [ 54.590346][ T5085] __x64_sys_bpf+0x7c/0x90 [ 54.594769][ T5085] do_syscall_64+0xf5/0x240 [ 54.599262][ T5085] ? clear_bhb_loop+0x35/0x90 [ 54.603937][ T5085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.609823][ T5085] RIP: 0033:0x7f4ef2391eb9 [ 54.614233][ T5085] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 54.633942][ T5085] RSP: 002b:00007ffc218d24d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 54.642374][ T5085] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4ef2391eb9 [ 54.650347][ T5085] RDX: 0000000000000090 RSI: 0000000020000680 RDI: 0000000000000002 [ 54.658310][ T5085] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000006 [ 54.666305][ T5085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.674281][ T5085] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 54.682259][ T5085]