./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3066872994 <...> [ 97.645385][ T24] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.97' (ED25519) to the list of known hosts. execve("./syz-executor3066872994", ["./syz-executor3066872994"], 0x7ffc892a8cc0 /* 10 vars */) = 0 brk(NULL) = 0x555579c7e000 brk(0x555579c7ed00) = 0x555579c7ed00 arch_prctl(ARCH_SET_FS, 0x555579c7e380) = 0 set_tid_address(0x555579c7e650) = 5065 set_robust_list(0x555579c7e660, 24) = 0 rseq(0x555579c7eca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3066872994", 4096) = 28 getrandom("\xe4\x6e\xb6\x73\x23\xcd\x51\xdb", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555579c7ed00 brk(0x555579c9fd00) = 0x555579c9fd00 brk(0x555579ca0000) = 0x555579ca0000 mprotect(0x7f0d4ac4c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555579c7e650) = 5066 ./strace-static-x86_64: Process 5066 attached [pid 5066] set_robust_list(0x555579c7e660, 24) = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [ 102.419942][ T28] audit: type=1400 audit(1711671136.356:87): avc: denied { execmem } for pid=5065 comm="syz-executor306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 5066] close(3) = 0 [pid 5066] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=4, value_size=8, max_entries=4108, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [ 102.492864][ T28] audit: type=1400 audit(1711671136.426:88): avc: denied { map_create } for pid=5066 comm="syz-executor306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 102.512490][ T28] audit: type=1400 audit(1711671136.436:89): avc: denied { map_read map_write } for pid=5066 comm="syz-executor306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 5066] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000280, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 102.533168][ T28] audit: type=1400 audit(1711671136.466:90): avc: denied { prog_load } for pid=5066 comm="syz-executor306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 102.552742][ T28] audit: type=1400 audit(1711671136.466:91): avc: denied { bpf } for pid=5066 comm="syz-executor306" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [pid 5066] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=4}}, 16) = 5 [pid 5066] exit_group(0) = ? [pid 5066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5067 attached , child_tidptr=0x555579c7e650) = 5067 [pid 5067] set_robust_list(0x555579c7e660, 24) = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [ 102.573704][ T28] audit: type=1400 audit(1711671136.466:92): avc: denied { perfmon } for pid=5066 comm="syz-executor306" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 102.594966][ T28] audit: type=1400 audit(1711671136.476:93): avc: denied { prog_run } for pid=5066 comm="syz-executor306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 5067] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=4, value_size=8, max_entries=4108, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5067] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000280, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5067] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="workqueue_activate_work", prog_fd=4}}, 16) = 5 [pid 5067] exit_group(0) = ? [ 102.682887][ C0] [ 102.685270][ C0] ===================================================== [ 102.692266][ C0] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 102.699761][ C0] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 102.706437][ C0] ----------------------------------------------------- [ 102.713452][ C0] swapper/0/0 [HC0[0]:SC1[3]:HE0:SE0] is trying to acquire: [ 102.720779][ C0] ffffc900036083e0 (&htab->buckets[i].lock){+.-.}-{2:2}, at: sock_hash_delete_elem+0xcb/0x260 [ 102.731108][ C0] [ 102.731108][ C0] and this task is already holding: [ 102.738490][ C0] ffff8880b943d5d8 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x38e/0x1170 [ 102.747252][ C0] which would create a new lock dependency: [ 102.753144][ C0] (&pool->lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+.-.}-{2:2} [ 102.761294][ C0] [ 102.761294][ C0] but this new dependency connects a HARDIRQ-irq-safe lock: [ 102.770856][ C0] (&pool->lock){-.-.}-{2:2} [ 102.770886][ C0] [ 102.770886][ C0] ... which became HARDIRQ-irq-safe at: [ 102.783193][ C0] lock_acquire+0x1b1/0x540 [ 102.787824][ C0] _raw_spin_lock+0x2e/0x40 [ 102.792448][ C0] __queue_work+0x39e/0x1170 [ 102.797223][ C0] queue_work_on+0xf4/0x120 [ 102.801822][ C0] tick_setup_sched_timer+0x47c/0x790 [ 102.807432][ C0] hrtimer_run_queues+0x33c/0x450 [ 102.812764][ C0] update_process_times+0xcf/0x220 [ 102.818352][ C0] tick_periodic+0x7e/0x230 [ 102.823054][ C0] tick_handle_periodic+0x45/0x120 [ 102.828279][ C0] __sysvec_apic_timer_interrupt+0x10f/0x410 [ 102.834354][ C0] sysvec_apic_timer_interrupt+0x90/0xb0 [ 102.840108][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 102.846195][ C0] console_flush_all+0xa19/0xd70 [ 102.851227][ C0] console_unlock+0xae/0x290 [ 102.855913][ C0] vprintk_emit+0x11a/0x5a0 [ 102.860530][ C0] vprintk+0x7f/0xa0 [ 102.864531][ C0] _printk+0xc8/0x100 [ 102.868618][ C0] __clocksource_select+0x33f/0x400 [ 102.873924][ C0] clocksource_done_booting+0x39/0x50 [ 102.879672][ C0] do_one_initcall+0x128/0x690 [ 102.884659][ C0] kernel_init_freeable+0x69d/0xc40 [ 102.889963][ C0] kernel_init+0x1c/0x2a0 [ 102.894409][ C0] ret_from_fork+0x45/0x80 [ 102.898943][ C0] ret_from_fork_asm+0x1a/0x30 [ 102.903819][ C0] [ 102.903819][ C0] to a HARDIRQ-irq-unsafe lock: [ 102.910838][ C0] (&htab->buckets[i].lock){+.-.}-{2:2} [ 102.910867][ C0] [ 102.910867][ C0] ... which became HARDIRQ-irq-unsafe at: [ 102.924567][ C0] ... [ 102.924577][ C0] lock_acquire+0x1b1/0x540 [ 102.931821][ C0] _raw_spin_lock_bh+0x33/0x40 [ 102.936694][ C0] sock_hash_free+0x130/0x820 [ 102.941473][ C0] bpf_map_free_deferred+0x1ce/0x420 [ 102.946858][ C0] process_one_work+0x9a9/0x1a60 [ 102.951993][ C0] worker_thread+0x6c8/0xf70 [ 102.956695][ C0] kthread+0x2c1/0x3a0 [ 102.960867][ C0] ret_from_fork+0x45/0x80 [ 102.965389][ C0] ret_from_fork_asm+0x1a/0x30 [ 102.970269][ C0] [ 102.970269][ C0] other info that might help us debug this: [ 102.970269][ C0] [ 102.980524][ C0] Possible interrupt unsafe locking scenario: [ 102.980524][ C0] [ 102.988839][ C0] CPU0 CPU1 [ 102.994379][ C0] ---- ---- [ 102.999745][ C0] lock(&htab->buckets[i].lock); [ 103.004796][ C0] local_irq_disable(); [ 103.011554][ C0] lock(&pool->lock); [ 103.018230][ C0] lock(&htab->buckets[i].lock); [ 103.025788][ C0] [ 103.029256][ C0] lock(&pool->lock); [ 103.033519][ C0] [ 103.033519][ C0] *** DEADLOCK *** [ 103.033519][ C0] [ 103.041667][ C0] 4 locks held by swapper/0/0: [ 103.046447][ C0] #0: ffffc90000007cb0 (&(&krcp->monitor_work)->timer){..-.}-{0:0}, at: call_timer_fn+0x11a/0x5b0 [ 103.057280][ C0] #1: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: __queue_work+0xf2/0x1170 [ 103.066531][ C0] #2: ffff8880b943d5d8 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x38e/0x1170 [ 103.075689][ C0] #3: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run1+0xdc/0x410 [ 103.085018][ C0] [ 103.085018][ C0] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 103.095600][ C0] -> (&pool->lock){-.-.}-{2:2} { [ 103.100584][ C0] IN-HARDIRQ-W at: [ 103.104580][ C0] lock_acquire+0x1b1/0x540 [ 103.110756][ C0] _raw_spin_lock+0x2e/0x40 [ 103.116921][ C0] __queue_work+0x39e/0x1170 [ 103.123169][ C0] queue_work_on+0xf4/0x120 [ 103.129331][ C0] tick_setup_sched_timer+0x47c/0x790 [ 103.136365][ C0] hrtimer_run_queues+0x33c/0x450 [ 103.143077][ C0] update_process_times+0xcf/0x220 [ 103.149862][ C0] tick_periodic+0x7e/0x230 [ 103.156034][ C0] tick_handle_periodic+0x45/0x120 [ 103.162815][ C0] __sysvec_apic_timer_interrupt+0x10f/0x410 [ 103.170473][ C0] sysvec_apic_timer_interrupt+0x90/0xb0 [ 103.177774][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 103.185435][ C0] console_flush_all+0xa19/0xd70 [ 103.192035][ C0] console_unlock+0xae/0x290 [ 103.198282][ C0] vprintk_emit+0x11a/0x5a0 [ 103.204453][ C0] vprintk+0x7f/0xa0 [ 103.210024][ C0] _printk+0xc8/0x100 [ 103.215674][ C0] __clocksource_select+0x33f/0x400 [ 103.222541][ C0] clocksource_done_booting+0x39/0x50 [ 103.229586][ C0] do_one_initcall+0x128/0x690 [ 103.236028][ C0] kernel_init_freeable+0x69d/0xc40 [ 103.242900][ C0] kernel_init+0x1c/0x2a0 [ 103.248890][ C0] ret_from_fork+0x45/0x80 [ 103.254978][ C0] ret_from_fork_asm+0x1a/0x30 [ 103.261422][ C0] IN-SOFTIRQ-W at: [ 103.265423][ C0] lock_acquire+0x1b1/0x540 [ 103.271597][ C0] _raw_spin_lock+0x2e/0x40 [ 103.277881][ C0] __queue_work+0x39e/0x1170 [ 103.284214][ C0] call_timer_fn+0x1a0/0x5b0 [ 103.290470][ C0] __run_timers+0x567/0xab0 [ 103.296641][ C0] run_timer_base+0x111/0x190 [ 103.302987][ C0] run_timer_softirq+0x1a/0x40 [ 103.309417][ C0] __do_softirq+0x218/0x8de [ 103.315599][ C0] irq_exit_rcu+0xb9/0x120 [ 103.321684][ C0] sysvec_apic_timer_interrupt+0x95/0xb0 [ 103.329258][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 103.336927][ C0] default_idle+0xf/0x20 [ 103.342937][ C0] default_idle_call+0x6d/0xb0 [ 103.349393][ C0] do_idle+0x32c/0x3f0 [ 103.355226][ C0] cpu_startup_entry+0x4f/0x60 [ 103.361665][ C0] rest_init+0x16f/0x2b0 [ 103.367690][ C0] arch_call_rest_init+0x13/0x40 [ 103.374405][ C0] start_kernel+0x3a3/0x490 [ 103.380586][ C0] x86_64_start_reservations+0x18/0x30 [ 103.387815][ C0] x86_64_start_kernel+0xb2/0xc0 [ 103.394432][ C0] common_startup_64+0x13e/0x148 [ 103.401056][ C0] INITIAL USE at: [ 103.405053][ C0] lock_acquire+0x1b1/0x540 [ 103.411200][ C0] _raw_spin_lock+0x2e/0x40 [ 103.417294][ C0] __queue_work+0x39e/0x1170 [ 103.423577][ C0] queue_work_on+0xf4/0x120 [ 103.429686][ C0] start_poll_synchronize_rcu_expedited+0x147/0x180 [ 103.437851][ C0] rcu_init+0x1625/0x20c0 [ 103.443783][ C0] start_kernel+0x19e/0x490 [ 103.449906][ C0] x86_64_start_reservations+0x18/0x30 [ 103.457008][ C0] x86_64_start_kernel+0xb2/0xc0 [ 103.463630][ C0] common_startup_64+0x13e/0x148 [ 103.470152][ C0] } [ 103.472653][ C0] ... key at: [] __key.17+0x0/0x40 [ 103.479884][ C0] [ 103.479884][ C0] the dependencies between the lock to be acquired [ 103.479893][ C0] and HARDIRQ-irq-unsafe lock: [ 103.493568][ C0] -> (&htab->buckets[i].lock){+.-.}-{2:2} { [ 103.499537][ C0] HARDIRQ-ON-W at: [ 103.503624][ C0] lock_acquire+0x1b1/0x540 [ 103.509847][ C0] _raw_spin_lock_bh+0x33/0x40 [ 103.516285][ C0] sock_hash_free+0x130/0x820 [ 103.522646][ C0] bpf_map_free_deferred+0x1ce/0x420 [ 103.529601][ C0] process_one_work+0x9a9/0x1a60 [ 103.536221][ C0] worker_thread+0x6c8/0xf70 [ 103.542585][ C0] kthread+0x2c1/0x3a0 [ 103.548416][ C0] ret_from_fork+0x45/0x80 [ 103.554514][ C0] ret_from_fork_asm+0x1a/0x30 [ 103.560948][ C0] IN-SOFTIRQ-W at: [ 103.564935][ C0] lock_acquire+0x1b1/0x540 [ 103.571242][ C0] _raw_spin_lock_bh+0x33/0x40 [ 103.577689][ C0] sock_hash_delete_elem+0xcb/0x260 [ 103.584658][ C0] ___bpf_prog_run+0x3e51/0xae80 [ 103.591294][ C0] __bpf_prog_run32+0xc1/0x100 [ 103.597764][ C0] bpf_trace_run1+0x149/0x410 [ 103.604107][ C0] __bpf_trace_workqueue_activate_work+0x98/0xd0 [ 103.612140][ C0] __queue_work+0xd0d/0x1170 [ 103.618391][ C0] call_timer_fn+0x1a0/0x5b0 [ 103.624677][ C0] __run_timers+0x567/0xab0 [ 103.630850][ C0] run_timer_base+0x111/0x190 [ 103.637197][ C0] run_timer_softirq+0x1a/0x40 [ 103.643630][ C0] __do_softirq+0x218/0x8de [ 103.649821][ C0] irq_exit_rcu+0xb9/0x120 [ 103.655905][ C0] sysvec_apic_timer_interrupt+0x95/0xb0 [ 103.663212][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 103.670867][ C0] acpi_safe_halt+0x1a/0x20 [ 103.677031][ C0] acpi_idle_enter+0xc5/0x160 [ 103.683403][ C0] cpuidle_enter_state+0x85/0x510 [ 103.690105][ C0] cpuidle_enter+0x4e/0xa0 [ 103.696184][ C0] do_idle+0x313/0x3f0 [ 103.701952][ C0] cpu_startup_entry+0x4f/0x60 [ 103.708401][ C0] rest_init+0x16f/0x2b0 [ 103.714330][ C0] arch_call_rest_init+0x13/0x40 [ 103.721042][ C0] start_kernel+0x3a3/0x490 [ 103.727221][ C0] x86_64_start_reservations+0x18/0x30 [ 103.734470][ C0] x86_64_start_kernel+0xb2/0xc0 [ 103.741079][ C0] common_startup_64+0x13e/0x148 [ 103.747702][ C0] INITIAL USE at: [ 103.751609][ C0] lock_acquire+0x1b1/0x540 [ 103.757719][ C0] _raw_spin_lock_bh+0x33/0x40 [ 103.764080][ C0] sock_hash_free+0x130/0x820 [ 103.770452][ C0] bpf_map_free_deferred+0x1ce/0x420 [ 103.777329][ C0] process_one_work+0x9a9/0x1a60 [ 103.783846][ C0] worker_thread+0x6c8/0xf70 [ 103.790025][ C0] kthread+0x2c1/0x3a0 [ 103.795693][ C0] ret_from_fork+0x45/0x80 [ 103.801694][ C0] ret_from_fork_asm+0x1a/0x30 [ 103.808049][ C0] } [ 103.810547][ C0] ... key at: [] __key.0+0x0/0x40 [ 103.817696][ C0] ... acquired at: [ 103.821644][ C0] lock_acquire+0x1b1/0x540 [ 103.826367][ C0] _raw_spin_lock_bh+0x33/0x40 [ 103.831341][ C0] sock_hash_delete_elem+0xcb/0x260 [ 103.836747][ C0] ___bpf_prog_run+0x3e51/0xae80 [ 103.841894][ C0] __bpf_prog_run32+0xc1/0x100 [ 103.846855][ C0] bpf_trace_run1+0x149/0x410 [ 103.851736][ C0] __bpf_trace_workqueue_activate_work+0x98/0xd0 [ 103.858276][ C0] __queue_work+0xd0d/0x1170 [ 103.863057][ C0] call_timer_fn+0x1a0/0x5b0 [ 103.867851][ C0] __run_timers+0x567/0xab0 [ 103.872550][ C0] run_timer_base+0x111/0x190 [ 103.877440][ C0] run_timer_softirq+0x1a/0x40 [ 103.882441][ C0] __do_softirq+0x218/0x8de [ 103.887163][ C0] irq_exit_rcu+0xb9/0x120 [ 103.891799][ C0] sysvec_apic_timer_interrupt+0x95/0xb0 [ 103.897877][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 103.904098][ C0] acpi_safe_halt+0x1a/0x20 [ 103.908794][ C0] acpi_idle_enter+0xc5/0x160 [ 103.913672][ C0] cpuidle_enter_state+0x85/0x510 [ 103.918914][ C0] cpuidle_enter+0x4e/0xa0 [ 103.923553][ C0] do_idle+0x313/0x3f0 [ 103.927828][ C0] cpu_startup_entry+0x4f/0x60 [ 103.932792][ C0] rest_init+0x16f/0x2b0 [ 103.937225][ C0] arch_call_rest_init+0x13/0x40 [ 103.942466][ C0] start_kernel+0x3a3/0x490 [ 103.947192][ C0] x86_64_start_reservations+0x18/0x30 [ 103.952866][ C0] x86_64_start_kernel+0xb2/0xc0 [ 103.958015][ C0] common_startup_64+0x13e/0x148 [ 103.963152][ C0] [ 103.965483][ C0] [ 103.965483][ C0] stack backtrace: [ 103.971376][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 103.980771][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 103.990855][ C0] Call Trace: [ 103.994144][ C0] [ 103.996997][ C0] dump_stack_lvl+0x116/0x1f0 [ 104.001695][ C0] check_irq_usage+0xe3c/0x1490 [ 104.006622][ C0] ? __pfx_check_irq_usage+0x10/0x10 [ 104.012135][ C0] ? hlock_conflict+0x58/0x200 [ 104.017021][ C0] ? __bfs+0x2fa/0x670 [ 104.021108][ C0] ? __pfx_hlock_conflict+0x10/0x10 [ 104.026333][ C0] ? lockdep_lock+0xc6/0x200 [ 104.030944][ C0] ? __pfx_lockdep_lock+0x10/0x10 [ 104.036007][ C0] ? __lock_acquire+0x248e/0x3b30 [ 104.041051][ C0] __lock_acquire+0x248e/0x3b30 [ 104.046107][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 104.051330][ C0] ? __pfx_mark_lock+0x10/0x10 [ 104.056166][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 104.061333][ C0] lock_acquire+0x1b1/0x540 [ 104.065987][ C0] ? sock_hash_delete_elem+0xcb/0x260 [ 104.071584][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 104.076649][ C0] ? hlock_class+0x4e/0x130 [ 104.081202][ C0] ? __lock_acquire+0xc5d/0x3b30 [ 104.086524][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 104.092554][ C0] _raw_spin_lock_bh+0x33/0x40 [ 104.097523][ C0] ? sock_hash_delete_elem+0xcb/0x260 [ 104.102924][ C0] sock_hash_delete_elem+0xcb/0x260 [ 104.108144][ C0] ? __pfx_bpf_map_delete_elem+0x10/0x10 [ 104.113793][ C0] ___bpf_prog_run+0x3e51/0xae80 [ 104.118759][ C0] ? register_lock_class+0xb1/0x1230 [ 104.124089][ C0] __bpf_prog_run32+0xc1/0x100 [ 104.128871][ C0] ? __pfx___bpf_prog_run32+0x10/0x10 [ 104.134261][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 104.139314][ C0] ? __pfx___cant_migrate+0x10/0x10 [ 104.144564][ C0] bpf_trace_run1+0x149/0x410 [ 104.149259][ C0] ? __pfx_bpf_trace_run1+0x10/0x10 [ 104.154573][ C0] __bpf_trace_workqueue_activate_work+0x98/0xd0 [ 104.161027][ C0] ? __pfx___bpf_trace_workqueue_activate_work+0x10/0x10 [ 104.168091][ C0] ? pwq_tryinc_nr_active+0x212/0x850 [ 104.173499][ C0] __queue_work+0xd0d/0x1170 [ 104.178117][ C0] call_timer_fn+0x1a0/0x5b0 [ 104.182745][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 104.188615][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 104.193849][ C0] ? __pfx_lock_release+0x10/0x10 [ 104.198991][ C0] ? next_expiry_recalc+0x259/0x2e0 [ 104.204241][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 104.210087][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 104.215910][ C0] __run_timers+0x567/0xab0 [ 104.220462][ C0] ? __pfx___run_timers+0x10/0x10 [ 104.225580][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 104.230655][ C0] run_timer_base+0x111/0x190 [ 104.235394][ C0] ? __pfx_run_timer_base+0x10/0x10 [ 104.240740][ C0] run_timer_softirq+0x1a/0x40 [ 104.245660][ C0] __do_softirq+0x218/0x8de [ 104.250211][ C0] ? __pfx___do_softirq+0x10/0x10 [ 104.255256][ C0] irq_exit_rcu+0xb9/0x120 [ 104.259690][ C0] sysvec_apic_timer_interrupt+0x95/0xb0 [ 104.265364][ C0] [ 104.268303][ C0] [ 104.271239][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 104.277244][ C0] RIP: 0010:acpi_safe_halt+0x1a/0x20 [ 104.282542][ C0] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 d8 60 31 75 48 8b 00 a8 08 75 0c 66 90 0f 00 2d c8 73 a7 00 fb f4 c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 104.302180][ C0] RSP: 0018:ffffffff8d407d68 EFLAGS: 00000246 [ 104.308393][ C0] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8ad255f9 [ 104.316416][ C0] RDX: 0000000000000001 RSI: ffff88801bab8000 RDI: ffff88801bab8064 [ 104.324446][ C0] RBP: ffff88801bab8064 R08: 0000000000000001 R09: ffffed1017286fdd [ 104.332443][ C0] R10: ffff8880b9437eeb R11: 0000000000000000 R12: ffff8880173d4800 [ 104.340516][ C0] R13: ffffffff8e31fbc0 R14: 0000000000000000 R15: 0000000000000000 [ 104.348615][ C0] ? ct_kernel_exit+0x139/0x190 [ 104.353504][ C0] acpi_idle_enter+0xc5/0x160 [ 104.358202][ C0] cpuidle_enter_state+0x85/0x510 [ 104.363277][ C0] ? __pfx_tsc_verify_tsc_adjust+0x10/0x10 [ 104.369346][ C0] cpuidle_enter+0x4e/0xa0 [ 104.373878][ C0] do_idle+0x313/0x3f0 [ 104.377983][ C0] ? __pfx_do_idle+0x10/0x10 [ 104.382632][ C0] ? __schedule+0xf1d/0x5c70 [ 104.387262][ C0] ? do_idle+0x8/0x3f0 [ 104.391895][ C0] cpu_startup_entry+0x4f/0x60 [ 104.396698][ C0] rest_init+0x16f/0x2b0 [ 104.401056][ C0] ? regulator_has_full_constraints+0x9/0x20 [ 104.407088][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 104.412659][ C0] arch_call_rest_init+0x13/0x40 [ 104.417620][ C0] start_kernel+0x3a3/0x490 [ 104.422155][ C0] x86_64_start_reservations+0x18/0x30 [ 104.427639][ C0] x86_64_start_kernel+0xb2/0xc0 [ 104.432775][ C0] common_startup_64+0x13e/0x148 [ 104.437837][ C0] [ 104.441192][ C1] ------------[ cut here ]------------ [ 104.446815][ C1] raw_local_irq_restore() called with IRQs enabled [ 104.453586][ C1] WARNING: CPU: 1 PID: 0 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x29/0x30 [ 104.464102][ C1] Modules linked in: [ 104.468128][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 104.477567][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 104.487779][ C1] RIP: 0010:warn_bogus_irq_restore+0x29/0x30 [ 104.493864][ C1] Code: 90 f3 0f 1e fa 90 80 3d 72 d0 b5 04 00 74 06 90 c3 cc cc cc cc c6 05 63 d0 b5 04 01 90 48 c7 c7 c0 b1 0c 8b e8 78 6b 7d f6 90 <0f> 0b 90 90 eb df 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 104.513555][ C1] RSP: 0018:ffffc90000a08c30 EFLAGS: 00010282 [ 104.519679][ C1] RAX: 0000000000000000 RBX: 0000000000000200 RCX: ffffffff814fafe9 [ 104.527729][ C1] RDX: ffff8880172bda00 RSI: ffffffff814faff6 RDI: 0000000000000001 [ 104.535779][ C1] RBP: 0000000000000200 R08: 0000000000000001 R09: 0000000000000000 [ 104.543820][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 104.551848][ C1] R13: 0000000000000001 R14: ffff88801507a800 R15: 000000000003d300 [ 104.559895][ C1] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 104.568907][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.575641][ C1] CR2: 00000000200009d0 CR3: 0000000077ea4000 CR4: 00000000003506f0 [ 104.583726][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 5067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5067, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555579c7e650) = 5068 ./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x555579c7e660, 24) = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 104.591743][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 104.599795][ C1] Call Trace: [ 104.603133][ C1] [ 104.606200][ C1] ? show_regs+0x8c/0xa0 [ 104.610506][ C1] ? __warn+0xe5/0x390 [ 104.614656][ C1] ? __wake_up_klogd.part.0+0x99/0xf0 [ 104.620104][ C1] ? warn_bogus_irq_restore+0x29/0x30 [ 104.625656][ C1] ? report_bug+0x3c0/0x580 [ 104.630212][ C1] ? handle_bug+0x3d/0x70 [ 104.634610][ C1] ? exc_invalid_op+0x17/0x50 [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=4, value_size=8, max_entries=4108, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [ 104.639336][ C1] ? asm_exc_invalid_op+0x1a/0x20 [ 104.644557][ C1] ? __warn_printk+0x199/0x350 [ 104.649405][ C1] ? __warn_printk+0x1a6/0x350 [ 104.654257][ C1] ? warn_bogus_irq_restore+0x29/0x30 [ 104.659703][ C1] queue_work_on+0x115/0x120 [ 104.664362][ C1] call_timer_fn+0x1a0/0x5b0 [ 104.669036][ C1] ? __pfx_srcu_delay_timer+0x10/0x10 [ 104.674516][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 104.679687][ C1] ? __pfx_lock_release+0x10/0x10 [ 104.684774][ C1] ? __pfx_srcu_delay_timer+0x10/0x10 [pid 5068] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000280, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 104.690203][ C1] ? rcu_is_watching+0x12/0xc0 [ 104.695031][ C1] ? __pfx_srcu_delay_timer+0x10/0x10 [ 104.700480][ C1] ? __pfx_srcu_delay_timer+0x10/0x10 [ 104.705951][ C1] __run_timers+0x74b/0xab0 [ 104.710531][ C1] ? __pfx___run_timers+0x10/0x10 [ 104.715744][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 104.720921][ C1] ? enqueue_hrtimer+0x1c9/0x390 [ 104.725937][ C1] run_timer_base+0x111/0x190 [ 104.730849][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 104.736119][ C1] run_timer_softirq+0x1a/0x40 [ 104.740952][ C1] __do_softirq+0x218/0x8de [ 104.745612][ C1] ? __pfx___do_softirq+0x10/0x10 [ 104.750696][ C1] irq_exit_rcu+0xb9/0x120 [ 104.755197][ C1] sysvec_apic_timer_interrupt+0x95/0xb0 [ 104.760990][ C1] [ 104.763992][ C1] [ 104.766963][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 104.773034][ C1] RIP: 0010:acpi_safe_halt+0x1a/0x20 [ 104.778367][ C1] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 d8 60 31 75 48 8b 00 a8 08 75 0c 66 90 0f 00 2d c8 73 a7 00 fb f4 c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 104.798059][ C1] RSP: 0018:ffffc90000197d58 EFLAGS: 00000246 [ 104.804324][ C1] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8ad255f9 [ 104.812398][ C1] RDX: 0000000000000001 RSI: ffff88801bab8800 RDI: ffff88801bab8864 [ 104.820477][ C1] RBP: ffff88801bab8864 R08: 0000000000000000 R09: ffffed10172a6fdd [ 104.828516][ C1] R10: ffff8880b9537eeb R11: 0000000000000000 R12: ffff8880173d5000 [ 104.836717][ C1] R13: ffffffff8e31fbc0 R14: 0000000000000001 R15: 0000000000000000 [ 104.844854][ C1] ? ct_kernel_exit+0x139/0x190 [ 104.849746][ C1] acpi_idle_enter+0xc5/0x160 [ 104.854584][ C1] cpuidle_enter_state+0x85/0x510 [ 104.859678][ C1] ? __pfx_tsc_verify_tsc_adjust+0x10/0x10 [ 104.865589][ C1] cpuidle_enter+0x4e/0xa0 [ 104.870063][ C1] do_idle+0x313/0x3f0 [ 104.874331][ C1] ? __pfx_do_idle+0x10/0x10 [ 104.878969][ C1] cpu_startup_entry+0x4f/0x60 [ 104.883842][ C1] start_secondary+0x220/0x2b0 [ 104.888683][ C1] ? __pfx_start_secondary+0x10/0x10 [ 104.894044][ C1] common_startup_64+0x13e/0x148 [ 104.899211][ C1] [ 104.902244][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 104.909535][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 104.918886][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 104.929007][ C1] Call Trace: [ 104.932365][ C1] [ 104.935248][ C1] dump_stack_lvl+0x3d/0x1f0 [ 104.939894][ C1] panic+0x6f5/0x7a0 [ 104.943831][ C1] ? __pfx_panic+0x10/0x10 [ 104.948295][ C1] ? show_trace_log_lvl+0x363/0x500 [ 104.953549][ C1] ? check_panic_on_warn+0x1f/0xb0 [ 104.958704][ C1] ? warn_bogus_irq_restore+0x29/0x30 [ 104.964106][ C1] check_panic_on_warn+0xab/0xb0 [ 104.969102][ C1] __warn+0xf1/0x390 [ 104.973103][ C1] ? __wake_up_klogd.part.0+0x99/0xf0 [ 104.978642][ C1] ? warn_bogus_irq_restore+0x29/0x30 [ 104.984079][ C1] report_bug+0x3c0/0x580 [ 104.988435][ C1] handle_bug+0x3d/0x70 [ 104.992713][ C1] exc_invalid_op+0x17/0x50 [ 104.997285][ C1] asm_exc_invalid_op+0x1a/0x20 [ 105.002224][ C1] RIP: 0010:warn_bogus_irq_restore+0x29/0x30 [ 105.008250][ C1] Code: 90 f3 0f 1e fa 90 80 3d 72 d0 b5 04 00 74 06 90 c3 cc cc cc cc c6 05 63 d0 b5 04 01 90 48 c7 c7 c0 b1 0c 8b e8 78 6b 7d f6 90 <0f> 0b 90 90 eb df 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 105.027906][ C1] RSP: 0018:ffffc90000a08c30 EFLAGS: 00010282 [ 105.034110][ C1] RAX: 0000000000000000 RBX: 0000000000000200 RCX: ffffffff814fafe9 [ 105.042104][ C1] RDX: ffff8880172bda00 RSI: ffffffff814faff6 RDI: 0000000000000001 [ 105.050272][ C1] RBP: 0000000000000200 R08: 0000000000000001 R09: 0000000000000000 [ 105.058391][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 105.066589][ C1] R13: 0000000000000001 R14: ffff88801507a800 R15: 000000000003d300 [ 105.074601][ C1] ? __warn_printk+0x199/0x350 [ 105.079678][ C1] ? __warn_printk+0x1a6/0x350 [ 105.084936][ C1] queue_work_on+0x115/0x120 [ 105.089579][ C1] call_timer_fn+0x1a0/0x5b0 [ 105.094230][ C1] ? __pfx_srcu_delay_timer+0x10/0x10 [ 105.099672][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 105.104837][ C1] ? __pfx_lock_release+0x10/0x10 [ 105.109942][ C1] ? __pfx_srcu_delay_timer+0x10/0x10 [ 105.115377][ C1] ? rcu_is_watching+0x12/0xc0 [ 105.120242][ C1] ? __pfx_srcu_delay_timer+0x10/0x10 [ 105.125664][ C1] ? __pfx_srcu_delay_timer+0x10/0x10 [ 105.131165][ C1] __run_timers+0x74b/0xab0 [ 105.135803][ C1] ? __pfx___run_timers+0x10/0x10 [ 105.140877][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 105.145940][ C1] ? enqueue_hrtimer+0x1c9/0x390 [ 105.150910][ C1] run_timer_base+0x111/0x190 [ 105.155628][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 105.160963][ C1] run_timer_softirq+0x1a/0x40 [ 105.165774][ C1] __do_softirq+0x218/0x8de [ 105.170313][ C1] ? __pfx___do_softirq+0x10/0x10 [ 105.175499][ C1] irq_exit_rcu+0xb9/0x120 [ 105.180034][ C1] sysvec_apic_timer_interrupt+0x95/0xb0 [ 105.185846][ C1] [ 105.188824][ C1] [ 105.191774][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 105.197821][ C1] RIP: 0010:acpi_safe_halt+0x1a/0x20 [ 105.203236][ C1] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 d8 60 31 75 48 8b 00 a8 08 75 0c 66 90 0f 00 2d c8 73 a7 00 fb f4 c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 105.223086][ C1] RSP: 0018:ffffc90000197d58 EFLAGS: 00000246 [ 105.229471][ C1] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8ad255f9 [ 105.238980][ C1] RDX: 0000000000000001 RSI: ffff88801bab8800 RDI: ffff88801bab8864 [ 105.247059][ C1] RBP: ffff88801bab8864 R08: 0000000000000000 R09: ffffed10172a6fdd [ 105.255159][ C1] R10: ffff8880b9537eeb R11: 0000000000000000 R12: ffff8880173d5000 [ 105.263330][ C1] R13: ffffffff8e31fbc0 R14: 0000000000000001 R15: 0000000000000000 [ 105.271343][ C1] ? ct_kernel_exit+0x139/0x190 [ 105.276244][ C1] acpi_idle_enter+0xc5/0x160 [ 105.280983][ C1] cpuidle_enter_state+0x85/0x510 [ 105.286052][ C1] ? __pfx_tsc_verify_tsc_adjust+0x10/0x10 [ 105.292174][ C1] cpuidle_enter+0x4e/0xa0 [ 105.296628][ C1] do_idle+0x313/0x3f0 [ 105.300899][ C1] ? __pfx_do_idle+0x10/0x10 [ 105.305520][ C1] cpu_startup_entry+0x4f/0x60 [ 105.310321][ C1] start_secondary+0x220/0x2b0 [ 105.315165][ C1] ? __pfx_start_secondary+0x10/0x10 [ 105.320488][ C1] common_startup_64+0x13e/0x148 [ 105.325547][ C1] [ 105.328793][ C1] Kernel Offset: disabled [ 105.333141][ C1] Rebooting in 86400 seconds..