./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor607397833 <...> Warning: Permanently added '10.128.1.12' (ED25519) to the list of known hosts. execve("./syz-executor607397833", ["./syz-executor607397833"], 0x7ffe71bc6e10 /* 10 vars */) = 0 brk(NULL) = 0x55557594d000 brk(0x55557594dd00) = 0x55557594dd00 arch_prctl(ARCH_SET_FS, 0x55557594d380) = 0 set_tid_address(0x55557594d650) = 5066 set_robust_list(0x55557594d660, 24) = 0 rseq(0x55557594dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor607397833", 4096) = 27 getrandom("\x6b\x33\xab\x69\x91\x42\x03\xb1", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557594dd00 brk(0x55557596ed00) = 0x55557596ed00 brk(0x55557596f000) = 0x55557596f000 mprotect(0x7f105fd9e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557594d650) = 5067 ./strace-static-x86_64: Process 5067 attached [pid 5067] set_robust_list(0x55557594d660, 24) = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=8, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5067] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5067] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5067] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sched_kthread_work_queue_work", prog_fd=4}}, 16) = 5 [pid 5067] exit_group(0) = ? [pid 5067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5067, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557594d650) = 5068 ./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x55557594d660, 24) = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=8, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5068] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5068] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5068] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sched_kthread_work_queue_work", prog_fd=4}}, 16) = 5 [pid 5068] exit_group(0) = ? [pid 5068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5069 attached , child_tidptr=0x55557594d650) = 5069 [pid 5069] set_robust_list(0x55557594d660, 24) = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=8, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5069] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5069] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5069] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sched_kthread_work_queue_work", prog_fd=4}}, 16) = 5 [pid 5069] exit_group(0) = ? [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5070 attached [pid 5070] set_robust_list(0x55557594d660, 24) = 0 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... clone resumed>, child_tidptr=0x55557594d650) = 5070 [pid 5070] <... prctl resumed>) = 0 [pid 5070] setpgid(0, 0) = 0 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3) = 0 [pid 5070] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=8, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5070] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5070] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5070] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sched_kthread_work_queue_work", prog_fd=4}}, 16) = 5 [pid 5070] exit_group(0) = ? [pid 5070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached , child_tidptr=0x55557594d650) = 5071 [pid 5071] set_robust_list(0x55557594d660, 24) = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=8, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5071] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5071] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5071] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sched_kthread_work_queue_work", prog_fd=4}}, 16) = 5 [pid 5071] exit_group(0) = ? [pid 5071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5072 attached , child_tidptr=0x55557594d650) = 5072 [pid 5072] set_robust_list(0x55557594d660, 24) = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=8, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5072] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5072] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5072] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sched_kthread_work_queue_work", prog_fd=4}}, 16) = 5 [pid 5072] exit_group(0) = ? [pid 5072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x55557594d660, 24) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x55557594d650) = 5073 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=8, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5073] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5073] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5073] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sched_kthread_work_queue_work", prog_fd=4}}, 16) = 5 [pid 5073] exit_group(0) = ? [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5074 attached , child_tidptr=0x55557594d650) = 5074 [pid 5074] set_robust_list(0x55557594d660, 24) = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=8, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5074] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5074] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5074] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sched_kthread_work_queue_work", prog_fd=4}}, 16) = 5 [pid 5074] exit_group(0) = ? [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557594d650) = 5075 ./strace-static-x86_64: Process 5075 attached [pid 5075] set_robust_list(0x55557594d660, 24) = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=8, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5075] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5075] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5075] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="sched_kthread_work_queue_work", prog_fd=4}}, 16) = 5 [pid 5075] exit_group(0) = ? [ 64.415502][ T50] [ 64.418809][ T50] ===================================================== [ 64.426273][ T50] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 64.433777][ T50] 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Not tainted [ 64.440534][ T50] ----------------------------------------------------- [ 64.447707][ T50] kworker/u8:3/50 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 64.455342][ T50] ffff888029e2fa18 (&htab->buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xb0/0x300 [ 64.465972][ T50] [ 64.465972][ T50] and this task is already holding: [ 64.473585][ T50] ffff888016eb6120 ((worker)->lock){....}-{2:2}, at: kthread_queue_work+0x27/0x180 [ 64.482892][ T50] which would create a new lock dependency: [ 64.488855][ T50] ((worker)->lock){....}-{2:2} -> (&htab->buckets[i].lock){+...}-{2:2} [ 64.497582][ T50] [ 64.497582][ T50] but this new dependency connects a HARDIRQ-irq-safe lock: [ 64.507123][ T50] (&pool->lock){-.-.}-{2:2} [ 64.507150][ T50] [ 64.507150][ T50] ... which became HARDIRQ-irq-safe at: [ 64.519873][ T50] lock_acquire+0x1e4/0x530 [ 64.524736][ T50] _raw_spin_lock+0x2e/0x40 [ 64.529506][ T50] __queue_work+0x6ec/0xec0 [ 64.534209][ T50] queue_work_on+0x14f/0x250 [ 64.538997][ T50] hrtimer_run_queues+0x154/0x460 [ 64.544209][ T50] update_process_times+0x80/0x230 [ 64.549603][ T50] tick_periodic+0x190/0x220 [ 64.554298][ T50] tick_handle_periodic+0x4a/0x160 [ 64.559592][ T50] __sysvec_apic_timer_interrupt+0x107/0x3a0 [ 64.565707][ T50] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 64.571533][ T50] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 64.577660][ T50] __sanitizer_cov_trace_pc+0x8/0x70 [ 64.583239][ T50] unwind_next_frame+0x54e/0x2a00 [ 64.588400][ T50] arch_stack_walk+0x151/0x1b0 [ 64.593428][ T50] stack_trace_save+0x118/0x1d0 [ 64.598381][ T50] kasan_save_track+0x3f/0x80 [ 64.603481][ T50] __kasan_slab_alloc+0x66/0x80 [ 64.608623][ T50] kmem_cache_alloc+0x172/0x350 [ 64.613859][ T50] security_inode_alloc+0x28/0x120 [ 64.619077][ T50] inode_init_always+0x947/0xc70 [ 64.624103][ T50] new_inode_pseudo+0x9e/0x1e0 [ 64.629297][ T50] new_inode+0x22/0x1d0 [ 64.633561][ T50] tracefs_create_file+0xef/0x650 [ 64.639096][ T50] trace_create_file+0x32/0x70 [ 64.644075][ T50] create_event_toplevel_files+0xa5/0x100 [ 64.649890][ T50] early_event_add_tracer+0x23/0x80 [ 64.655301][ T50] event_trace_init+0xeb/0x170 [ 64.660366][ T50] tracer_init_tracefs_work_func+0x11/0x140 [ 64.666333][ T50] process_scheduled_works+0xa00/0x1770 [ 64.672306][ T50] worker_thread+0x86d/0xd70 [ 64.676971][ T50] kthread+0x2f0/0x390 [ 64.681308][ T50] ret_from_fork+0x4b/0x80 [ 64.685830][ T50] ret_from_fork_asm+0x1a/0x30 [ 64.690772][ T50] [ 64.690772][ T50] to a HARDIRQ-irq-unsafe lock: [ 64.699609][ T50] (&htab->buckets[i].lock){+...}-{2:2} [ 64.699633][ T50] [ 64.699633][ T50] ... which became HARDIRQ-irq-unsafe at: [ 64.713199][ T50] ... [ 64.713205][ T50] lock_acquire+0x1e4/0x530 [ 64.720438][ T50] _raw_spin_lock_bh+0x35/0x50 [ 64.725282][ T50] sock_hash_free+0x164/0x820 [ 64.730045][ T50] bpf_map_free_deferred+0xe6/0x110 [ 64.735404][ T50] process_scheduled_works+0xa00/0x1770 [ 64.741418][ T50] worker_thread+0x86d/0xd70 [ 64.746546][ T50] kthread+0x2f0/0x390 [ 64.750797][ T50] ret_from_fork+0x4b/0x80 [ 64.755397][ T50] ret_from_fork_asm+0x1a/0x30 [ 64.760335][ T50] [ 64.760335][ T50] other info that might help us debug this: [ 64.760335][ T50] [ 64.770811][ T50] Chain exists of: [ 64.770811][ T50] &pool->lock --> (worker)->lock --> &htab->buckets[i].lock [ 64.770811][ T50] [ 64.784991][ T50] Possible interrupt unsafe locking scenario: [ 64.784991][ T50] [ 64.793494][ T50] CPU0 CPU1 [ 64.799492][ T50] ---- ---- [ 64.804950][ T50] lock(&htab->buckets[i].lock); [ 64.810086][ T50] local_irq_disable(); [ 64.817805][ T50] lock(&pool->lock); [ 64.825323][ T50] lock((worker)->lock); [ 64.832445][ T50] [ 64.836159][ T50] lock(&pool->lock); [ 64.840478][ T50] [ 64.840478][ T50] *** DEADLOCK *** [ 64.840478][ T50] [ 64.848954][ T50] 5 locks held by kworker/u8:3/50: [ 64.854160][ T50] #0: ffff888014c81148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x8e0/0x1770 [ 64.866075][ T50] #1: ffffc90000bb7d00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x91b/0x1770 [ 64.877888][ T50] #2: ffffffff8e136cb8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x39a/0x820 [ 64.888946][ T50] #3: ffff888016eb6120 ((worker)->lock){....}-{2:2}, at: kthread_queue_work+0x27/0x180 [ 64.899491][ T50] #4: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x114/0x420 [ 64.909085][ T50] [ 64.909085][ T50] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 64.919514][ T50] -> (&pool->lock){-.-.}-{2:2} { [ 64.924556][ T50] IN-HARDIRQ-W at: [ 64.928618][ T50] lock_acquire+0x1e4/0x530 [ 64.935155][ T50] _raw_spin_lock+0x2e/0x40 [ 64.941515][ T50] __queue_work+0x6ec/0xec0 [ 64.948193][ T50] queue_work_on+0x14f/0x250 [ 64.954689][ T50] hrtimer_run_queues+0x154/0x460 [ 64.961854][ T50] update_process_times+0x80/0x230 [ 64.968849][ T50] tick_periodic+0x190/0x220 [ 64.975352][ T50] tick_handle_periodic+0x4a/0x160 [ 64.982281][ T50] __sysvec_apic_timer_interrupt+0x107/0x3a0 [ 64.990110][ T50] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 64.997847][ T50] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 65.005684][ T50] __sanitizer_cov_trace_pc+0x8/0x70 [ 65.012820][ T50] unwind_next_frame+0x54e/0x2a00 [ 65.019871][ T50] arch_stack_walk+0x151/0x1b0 [ 65.026472][ T50] stack_trace_save+0x118/0x1d0 [ 65.033428][ T50] kasan_save_track+0x3f/0x80 [ 65.040078][ T50] __kasan_slab_alloc+0x66/0x80 [ 65.046858][ T50] kmem_cache_alloc+0x172/0x350 [ 65.053571][ T50] security_inode_alloc+0x28/0x120 [ 65.060540][ T50] inode_init_always+0x947/0xc70 [ 65.067763][ T50] new_inode_pseudo+0x9e/0x1e0 [ 65.074358][ T50] new_inode+0x22/0x1d0 [ 65.080355][ T50] tracefs_create_file+0xef/0x650 [ 65.087210][ T50] trace_create_file+0x32/0x70 [ 65.093824][ T50] create_event_toplevel_files+0xa5/0x100 [ 65.101359][ T50] early_event_add_tracer+0x23/0x80 [ 65.108638][ T50] event_trace_init+0xeb/0x170 [ 65.115502][ T50] tracer_init_tracefs_work_func+0x11/0x140 [ 65.123315][ T50] process_scheduled_works+0xa00/0x1770 [ 65.131021][ T50] worker_thread+0x86d/0xd70 [ 65.137607][ T50] kthread+0x2f0/0x390 [ 65.143595][ T50] ret_from_fork+0x4b/0x80 [ 65.149937][ T50] ret_from_fork_asm+0x1a/0x30 [ 65.156546][ T50] IN-SOFTIRQ-W at: [ 65.160893][ T50] lock_acquire+0x1e4/0x530 [ 65.167330][ T50] _raw_spin_lock+0x2e/0x40 [ 65.173954][ T50] __queue_work+0x6ec/0xec0 [ 65.180405][ T50] call_timer_fn+0x17e/0x600 [ 65.187447][ T50] __run_timer_base+0x695/0x8e0 [ 65.194580][ T50] run_timer_softirq+0xb7/0x170 [ 65.201608][ T50] __do_softirq+0x2bc/0x943 [ 65.208127][ T50] __irq_exit_rcu+0xf2/0x1c0 [ 65.214642][ T50] irq_exit_rcu+0x9/0x30 [ 65.220851][ T50] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 65.228586][ T50] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 65.236572][ T50] default_idle+0x13/0x20 [ 65.243697][ T50] default_idle_call+0x74/0xb0 [ 65.250860][ T50] do_idle+0x22f/0x5d0 [ 65.256949][ T50] cpu_startup_entry+0x42/0x60 [ 65.263587][ T50] rest_init+0x2e0/0x300 [ 65.270675][ T50] arch_call_rest_init+0xe/0x10 [ 65.277358][ T50] start_kernel+0x47a/0x500 [ 65.284242][ T50] x86_64_start_reservations+0x2a/0x30 [ 65.292327][ T50] x86_64_start_kernel+0x99/0xa0 [ 65.299698][ T50] common_startup_64+0x13e/0x147 [ 65.306807][ T50] INITIAL USE at: [ 65.310861][ T50] lock_acquire+0x1e4/0x530 [ 65.317460][ T50] _raw_spin_lock+0x2e/0x40 [ 65.323784][ T50] __queue_work+0x6ec/0xec0 [ 65.330100][ T50] queue_work_on+0x14f/0x250 [ 65.336794][ T50] start_poll_synchronize_rcu_expedited+0xf7/0x150 [ 65.345305][ T50] rcu_init+0xea/0x140 [ 65.351804][ T50] start_kernel+0x1f7/0x500 [ 65.359829][ T50] x86_64_start_reservations+0x2a/0x30 [ 65.367049][ T50] x86_64_start_kernel+0x99/0xa0 [ 65.373825][ T50] common_startup_64+0x13e/0x147 [ 65.380527][ T50] } [ 65.383127][ T50] ... key at: [] init_worker_pool.__key+0x0/0x20 [ 65.391741][ T50] -> ((worker)->lock){....}-{2:2} { [ 65.397238][ T50] INITIAL USE at: [ 65.401306][ T50] lock_acquire+0x1e4/0x530 [ 65.407458][ T50] _raw_spin_lock_irq+0xd3/0x120 [ 65.414037][ T50] kthread_worker_fn+0x236/0xab0 [ 65.420657][ T50] kthread+0x2f0/0x390 [ 65.426471][ T50] ret_from_fork+0x4b/0x80 [ 65.432477][ T50] ret_from_fork_asm+0x1a/0x30 [ 65.438848][ T50] } [ 65.441421][ T50] ... key at: [] __kthread_create_worker.__key+0x0/0x20 [ 65.450475][ T50] ... acquired at: [ 65.454914][ T50] lock_acquire+0x1e4/0x530 [ 65.459601][ T50] _raw_spin_lock_irqsave+0xd5/0x120 [ 65.465244][ T50] kthread_queue_work+0x27/0x180 [ 65.470440][ T50] put_pwq_unlocked+0x12a/0x190 [ 65.475546][ T50] apply_workqueue_attrs_locked+0x132/0x210 [ 65.481784][ T50] apply_workqueue_attrs+0x30/0x50 [ 65.487146][ T50] padata_alloc+0x22b/0x370 [ 65.492085][ T50] pcrypt_init_padata+0x27/0x100 [ 65.497370][ T50] pcrypt_init+0x65/0xe0 [ 65.501888][ T50] do_one_initcall+0x238/0x830 [ 65.506943][ T50] do_initcall_level+0x157/0x210 [ 65.512147][ T50] do_initcalls+0x3f/0x80 [ 65.516729][ T50] kernel_init_freeable+0x435/0x5d0 [ 65.522263][ T50] kernel_init+0x1d/0x2a0 [ 65.526855][ T50] ret_from_fork+0x4b/0x80 [ 65.531705][ T50] ret_from_fork_asm+0x1a/0x30 [ 65.536641][ T50] [ 65.538981][ T50] [ 65.538981][ T50] the dependencies between the lock to be acquired [ 65.538988][ T50] and HARDIRQ-irq-unsafe lock: [ 65.554338][ T50] -> (&htab->buckets[i].lock){+...}-{2:2} { [ 65.560461][ T50] HARDIRQ-ON-W at: [ 65.564680][ T50] lock_acquire+0x1e4/0x530 [ 65.571266][ T50] _raw_spin_lock_bh+0x35/0x50 [ 65.578208][ T50] sock_hash_free+0x164/0x820 [ 65.585115][ T50] bpf_map_free_deferred+0xe6/0x110 [ 65.592237][ T50] process_scheduled_works+0xa00/0x1770 [ 65.599945][ T50] worker_thread+0x86d/0xd70 [ 65.607681][ T50] kthread+0x2f0/0x390 [ 65.613673][ T50] ret_from_fork+0x4b/0x80 [ 65.619736][ T50] ret_from_fork_asm+0x1a/0x30 [ 65.626233][ T50] INITIAL USE at: [ 65.630202][ T50] lock_acquire+0x1e4/0x530 [ 65.636691][ T50] _raw_spin_lock_bh+0x35/0x50 [ 65.644107][ T50] sock_hash_free+0x164/0x820 [ 65.650637][ T50] bpf_map_free_deferred+0xe6/0x110 [ 65.658071][ T50] process_scheduled_works+0xa00/0x1770 [ 65.665633][ T50] worker_thread+0x86d/0xd70 [ 65.671799][ T50] kthread+0x2f0/0x390 [ 65.677525][ T50] ret_from_fork+0x4b/0x80 [ 65.683872][ T50] ret_from_fork_asm+0x1a/0x30 [ 65.690208][ T50] } [ 65.692691][ T50] ... key at: [] sock_hash_alloc.__key+0x0/0x20 [ 65.701189][ T50] ... acquired at: [ 65.705265][ T50] lock_acquire+0x1e4/0x530 [ 65.710145][ T50] _raw_spin_lock_bh+0x35/0x50 [ 65.715089][ T50] sock_hash_delete_elem+0xb0/0x300 [ 65.720829][ T50] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 65.726557][ T50] bpf_trace_run2+0x204/0x420 [ 65.731422][ T50] kthread_insert_work+0x3f4/0x460 [ 65.736882][ T50] kthread_queue_work+0xff/0x180 [ 65.742362][ T50] synchronize_rcu_expedited+0x593/0x820 [ 65.748368][ T50] synchronize_rcu+0x136/0x3e0 [ 65.753480][ T50] sock_hash_free+0xac/0x820 [ 65.758324][ T50] bpf_map_free_deferred+0xe6/0x110 [ 65.764009][ T50] process_scheduled_works+0xa00/0x1770 [ 65.770218][ T50] worker_thread+0x86d/0xd70 [ 65.775095][ T50] kthread+0x2f0/0x390 [ 65.779359][ T50] ret_from_fork+0x4b/0x80 [ 65.783956][ T50] ret_from_fork_asm+0x1a/0x30 [ 65.789127][ T50] [ 65.791710][ T50] [ 65.791710][ T50] stack backtrace: [ 65.799519][ T50] CPU: 0 PID: 50 Comm: kworker/u8:3 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 [ 65.809424][ T50] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 65.820290][ T50] Workqueue: events_unbound bpf_map_free_deferred [ 65.827611][ T50] Call Trace: [ 65.831254][ T50] [ 65.834183][ T50] dump_stack_lvl+0x1e7/0x2e0 [ 65.838892][ T50] ? __pfx_dump_stack_lvl+0x10/0x10 [ 65.844121][ T50] ? __pfx__printk+0x10/0x10 [ 65.848731][ T50] ? print_shortest_lock_dependencies+0xf2/0x160 [ 65.855784][ T50] validate_chain+0x4dc7/0x58e0 [ 65.860657][ T50] ? __pfx_validate_chain+0x10/0x10 [ 65.866111][ T50] ? validate_chain+0x11b/0x58e0 [ 65.871074][ T50] ? __lock_acquire+0x1346/0x1fd0 [ 65.876187][ T50] ? __pfx_validate_chain+0x10/0x10 [ 65.881590][ T50] ? register_lock_class+0x102/0x980 [ 65.887048][ T50] ? __pfx_register_lock_class+0x10/0x10 [ 65.892993][ T50] ? mark_lock+0x9a/0x350 [ 65.897452][ T50] __lock_acquire+0x1346/0x1fd0 [ 65.902788][ T50] lock_acquire+0x1e4/0x530 [ 65.907314][ T50] ? sock_hash_delete_elem+0xb0/0x300 [ 65.912793][ T50] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 65.918604][ T50] ? __pfx_lock_acquire+0x10/0x10 [ 65.923693][ T50] ? sock_hash_delete_elem+0xb0/0x300 [ 65.929248][ T50] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 65.935150][ T50] ? __pfx_lock_acquire+0x10/0x10 [ 65.940557][ T50] ? sock_hash_delete_elem+0xb0/0x300 [ 65.945936][ T50] _raw_spin_lock_bh+0x35/0x50 [ 65.950707][ T50] ? sock_hash_delete_elem+0xb0/0x300 [ 65.956351][ T50] sock_hash_delete_elem+0xb0/0x300 [ 65.961576][ T50] ? do_raw_spin_lock+0x14f/0x370 [ 65.966617][ T50] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 65.972074][ T50] bpf_trace_run2+0x204/0x420 [ 65.976952][ T50] ? bpf_trace_run2+0x114/0x420 [ 65.982075][ T50] ? __pfx_bpf_trace_run2+0x10/0x10 [ 65.987310][ T50] kthread_insert_work+0x3f4/0x460 [ 65.992607][ T50] kthread_queue_work+0xff/0x180 [ 65.997743][ T50] synchronize_rcu_expedited+0x593/0x820 [ 66.003827][ T50] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 66.009987][ T50] ? __pfx_validate_chain+0x10/0x10 [ 66.015364][ T50] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 66.021957][ T50] ? __mod_timer+0xb89/0xeb0 [ 66.026997][ T50] ? __pfx_lock_release+0x10/0x10 [ 66.032651][ T50] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 66.038559][ T50] ? __pfx___might_resched+0x10/0x10 [ 66.043922][ T50] ? look_up_lock_class+0x77/0x160 [ 66.049301][ T50] synchronize_rcu+0x136/0x3e0 [ 66.054541][ T50] ? __pfx_synchronize_rcu+0x10/0x10 [ 66.059852][ T50] ? mark_lock+0x9a/0x350 [ 66.065181][ T50] ? debug_object_deactivate+0x2d5/0x390 [ 66.071640][ T50] ? __lock_acquire+0x1346/0x1fd0 [ 66.077642][ T50] sock_hash_free+0xac/0x820 [ 66.082245][ T50] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 66.088278][ T50] ? __pfx_sock_hash_free+0x10/0x10 [ 66.093570][ T50] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 66.099896][ T50] bpf_map_free_deferred+0xe6/0x110 [ 66.105867][ T50] ? process_scheduled_works+0x91b/0x1770 [ 66.111664][ T50] process_scheduled_works+0xa00/0x1770 [ 66.117299][ T50] ? __pfx_process_scheduled_works+0x10/0x10 [ 66.123963][ T50] ? assign_work+0x364/0x3d0 [ 66.128845][ T50] worker_thread+0x86d/0xd70 [ 66.133678][ T50] ? __kthread_parkme+0x169/0x1d0 [ 66.138709][ T50] ? __pfx_worker_thread+0x10/0x10 [ 66.144117][ T50] kthread+0x2f0/0x390 [ 66.148446][ T50] ? __pfx_worker_thread+0x10/0x10 [ 66.154015][ T50] ? __pfx_kthread+0x10/0x10 [ 66.159005][ T50] ret_from_fork+0x4b/0x80 [ 66.163620][ T50] ? __pfx_kthread+0x10/0x10 [ 66.168409][ T50] ret_from_fork_asm+0x1a/0x30 [ 66.173215][ T50] [ 66.176584][ T50] ------------[ cut here ]------------ [ 66.182641][ T50] raw_local_irq_restore() called with IRQs enabled [ 66.189913][ T50] WARNING: CPU: 0 PID: 50 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x29/0x40 [ 66.200589][ T50] Modules linked in: [ 66.204555][ T50] CPU: 0 PID: 50 Comm: kworker/u8:3 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 [ 66.214323][ T50] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 66.224637][ T50] Workqueue: events_unbound bpf_map_free_deferred [ 66.231328][ T50] RIP: 0010:warn_bogus_irq_restore+0x29/0x40 [ 66.237944][ T50] Code: 90 f3 0f 1e fa 90 80 3d de 69 01 04 00 74 06 90 c3 cc cc cc cc c6 05 cf 69 01 04 01 90 48 c7 c7 20 ba aa 8b e8 f8 e5 e7 f5 90 <0f> 0b 90 90 90 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f [ 66.258309][ T50] RSP: 0018:ffffc90000bb7598 EFLAGS: 00010246 [ 66.264576][ T50] RAX: 5f6f3c1adefd3e00 RBX: 1ffff92000176eb8 RCX: ffff888015f10000 [pid 5075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=181 /* 1.81 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557594d650) = 5076 ./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x55557594d660, 24) = 0 [ 66.272834][ T50] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 66.280971][ T50] RBP: ffffc90000bb7630 R08: ffffffff8157cc12 R09: 1ffff92000176e08 [ 66.289198][ T50] R10: dffffc0000000000 R11: fffff52000176e09 R12: dffffc0000000000 [ 66.297627][ T50] R13: 1ffff92000176eb4 R14: ffffc90000bb75c0 R15: 0000000000000246 [ 66.305975][ T50] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 66.315451][ T50] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=8, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5076] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [ 66.322478][ T50] CR2: 00007f105fda5110 CR3: 000000000df32000 CR4: 00000000003506f0 [ 66.330968][ T50] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 66.339675][ T50] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 66.348329][ T50] Call Trace: [ 66.351637][ T50] [ 66.355009][ T50] ? __warn+0x163/0x4b0 [ 66.359523][ T50] ? warn_bogus_irq_restore+0x29/0x40 [ 66.365190][ T50] ? report_bug+0x2b3/0x500 [pid 5076] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 66.370173][ T50] ? warn_bogus_irq_restore+0x29/0x40 [ 66.376593][ T50] ? handle_bug+0x3e/0x70 [ 66.381510][ T50] ? exc_invalid_op+0x1a/0x50 [ 66.386635][ T50] ? asm_exc_invalid_op+0x1a/0x20 [ 66.392298][ T50] ? __warn_printk+0x292/0x360 [ 66.397681][ T50] ? warn_bogus_irq_restore+0x29/0x40 [ 66.404420][ T50] ? warn_bogus_irq_restore+0x28/0x40 [ 66.410515][ T50] _raw_spin_unlock_irqrestore+0x120/0x140 [ 66.417368][ T50] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 66.424024][ T50] kthread_queue_work+0x110/0x180 [ 66.429473][ T50] synchronize_rcu_expedited+0x593/0x820 [ 66.435267][ T50] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 66.441793][ T50] ? __pfx_validate_chain+0x10/0x10 [ 66.447248][ T50] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 66.453715][ T50] ? __mod_timer+0xb89/0xeb0 [ 66.458394][ T50] ? __pfx_lock_release+0x10/0x10 [ 66.463810][ T50] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 66.469349][ T50] ? __pfx___might_resched+0x10/0x10 [ 66.475032][ T50] ? look_up_lock_class+0x77/0x160 [ 66.480175][ T50] synchronize_rcu+0x136/0x3e0 [ 66.485360][ T50] ? __pfx_synchronize_rcu+0x10/0x10 [ 66.491117][ T50] ? mark_lock+0x9a/0x350 [ 66.495579][ T50] ? debug_object_deactivate+0x2d5/0x390 [ 66.501232][ T50] ? __lock_acquire+0x1346/0x1fd0 [ 66.506658][ T50] sock_hash_free+0xac/0x820 [ 66.511396][ T50] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 66.517604][ T50] ? __pfx_sock_hash_free+0x10/0x10 [ 66.523070][ T50] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 66.530705][ T50] bpf_map_free_deferred+0xe6/0x110 [ 66.536074][ T50] ? process_scheduled_works+0x91b/0x1770 [ 66.542332][ T50] process_scheduled_works+0xa00/0x1770 [ 66.548054][ T50] ? __pfx_process_scheduled_works+0x10/0x10 [ 66.554063][ T50] ? assign_work+0x364/0x3d0 [ 66.558834][ T50] worker_thread+0x86d/0xd70 [ 66.563444][ T50] ? __kthread_parkme+0x169/0x1d0 [ 66.568731][ T50] ? __pfx_worker_thread+0x10/0x10 [ 66.573874][ T50] kthread+0x2f0/0x390 [ 66.578010][ T50] ? __pfx_worker_thread+0x10/0x10 [ 66.583141][ T50] ? __pfx_kthread+0x10/0x10 [ 66.587966][ T50] ret_from_fork+0x4b/0x80 [ 66.592511][ T50] ? __pfx_kthread+0x10/0x10 [ 66.597145][ T50] ret_from_fork_asm+0x1a/0x30 [ 66.602935][ T50] [ 66.606440][ T50] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 66.613830][ T50] CPU: 0 PID: 50 Comm: kworker/u8:3 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 [ 66.623653][ T50] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 66.634589][ T50] Workqueue: events_unbound bpf_map_free_deferred [ 66.641038][ T50] Call Trace: [ 66.644414][ T50] [ 66.647343][ T50] dump_stack_lvl+0x1e7/0x2e0 [ 66.652013][ T50] ? __pfx_dump_stack_lvl+0x10/0x10 [ 66.657204][ T50] ? __pfx__printk+0x10/0x10 [ 66.661791][ T50] ? _printk+0xd5/0x120 [ 66.665937][ T50] ? vscnprintf+0x5d/0x90 [ 66.670354][ T50] panic+0x349/0x860 [ 66.674285][ T50] ? __warn+0x172/0x4b0 [ 66.678452][ T50] ? __pfx_panic+0x10/0x10 [ 66.682926][ T50] ? show_trace_log_lvl+0x4e6/0x520 [ 66.688161][ T50] ? ret_from_fork_asm+0x1a/0x30 [ 66.693220][ T50] __warn+0x31e/0x4b0 [ 66.697229][ T50] ? warn_bogus_irq_restore+0x29/0x40 [ 66.702773][ T50] report_bug+0x2b3/0x500 [ 66.707271][ T50] ? warn_bogus_irq_restore+0x29/0x40 [ 66.712809][ T50] handle_bug+0x3e/0x70 [ 66.717306][ T50] exc_invalid_op+0x1a/0x50 [ 66.722003][ T50] asm_exc_invalid_op+0x1a/0x20 [ 66.726882][ T50] RIP: 0010:warn_bogus_irq_restore+0x29/0x40 [ 66.732975][ T50] Code: 90 f3 0f 1e fa 90 80 3d de 69 01 04 00 74 06 90 c3 cc cc cc cc c6 05 cf 69 01 04 01 90 48 c7 c7 20 ba aa 8b e8 f8 e5 e7 f5 90 <0f> 0b 90 90 90 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f [ 66.754413][ T50] RSP: 0018:ffffc90000bb7598 EFLAGS: 00010246 [ 66.760928][ T50] RAX: 5f6f3c1adefd3e00 RBX: 1ffff92000176eb8 RCX: ffff888015f10000 [ 66.769254][ T50] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 66.777502][ T50] RBP: ffffc90000bb7630 R08: ffffffff8157cc12 R09: 1ffff92000176e08 [ 66.785847][ T50] R10: dffffc0000000000 R11: fffff52000176e09 R12: dffffc0000000000 [ 66.794269][ T50] R13: 1ffff92000176eb4 R14: ffffc90000bb75c0 R15: 0000000000000246 [ 66.802650][ T50] ? __warn_printk+0x292/0x360 [ 66.807521][ T50] ? warn_bogus_irq_restore+0x28/0x40 [ 66.812974][ T50] _raw_spin_unlock_irqrestore+0x120/0x140 [ 66.819032][ T50] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 66.825552][ T50] kthread_queue_work+0x110/0x180 [ 66.830769][ T50] synchronize_rcu_expedited+0x593/0x820 [ 66.836778][ T50] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 66.843010][ T50] ? __pfx_validate_chain+0x10/0x10 [ 66.848374][ T50] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 66.854868][ T50] ? __mod_timer+0xb89/0xeb0 [ 66.859820][ T50] ? __pfx_lock_release+0x10/0x10 [ 66.865582][ T50] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 66.871424][ T50] ? __pfx___might_resched+0x10/0x10 [ 66.876961][ T50] ? look_up_lock_class+0x77/0x160 [ 66.882071][ T50] synchronize_rcu+0x136/0x3e0 [ 66.887001][ T50] ? __pfx_synchronize_rcu+0x10/0x10 [ 66.892469][ T50] ? mark_lock+0x9a/0x350 [ 66.896916][ T50] ? debug_object_deactivate+0x2d5/0x390 [ 66.902820][ T50] ? __lock_acquire+0x1346/0x1fd0 [ 66.908041][ T50] sock_hash_free+0xac/0x820 [ 66.913050][ T50] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 66.919480][ T50] ? __pfx_sock_hash_free+0x10/0x10 [ 66.925199][ T50] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 66.931693][ T50] bpf_map_free_deferred+0xe6/0x110 [ 66.936969][ T50] ? process_scheduled_works+0x91b/0x1770 [ 66.942850][ T50] process_scheduled_works+0xa00/0x1770 [ 66.948393][ T50] ? __pfx_process_scheduled_works+0x10/0x10 [ 66.954538][ T50] ? assign_work+0x364/0x3d0 [ 66.959224][ T50] worker_thread+0x86d/0xd70 [ 66.963810][ T50] ? __kthread_parkme+0x169/0x1d0 [ 66.968938][ T50] ? __pfx_worker_thread+0x10/0x10 [ 66.974040][ T50] kthread+0x2f0/0x390 [ 66.978271][ T50] ? __pfx_worker_thread+0x10/0x10 [ 66.984208][ T50] ? __pfx_kthread+0x10/0x10 [ 66.988830][ T50] ret_from_fork+0x4b/0x80 [ 66.993778][ T50] ? __pfx_kthread+0x10/0x10 [ 66.998971][ T50] ret_from_fork_asm+0x1a/0x30 [ 67.004294][ T50] [ 67.008054][ T50] Kernel Offset: disabled [ 67.012554][ T50] Rebooting in 86400 seconds..