./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1602673477 <...> Warning: Permanently added '10.128.1.84' (ED25519) to the list of known hosts. execve("./syz-executor1602673477", ["./syz-executor1602673477"], 0x7fff1f2d4970 /* 10 vars */) = 0 brk(NULL) = 0x555557869000 brk(0x555557869d00) = 0x555557869d00 arch_prctl(ARCH_SET_FS, 0x555557869380) = 0 set_tid_address(0x555557869650) = 5087 set_robust_list(0x555557869660, 24) = 0 rseq(0x555557869ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1602673477", 4096) = 28 getrandom("\x7f\xe9\xdc\x0d\xcf\x2a\x4e\x25", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557869d00 brk(0x55555788ad00) = 0x55555788ad00 brk(0x55555788b000) = 0x55555788b000 mprotect(0x7f570a946000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=8, max_entries=11, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=13, insns=0x20000180, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16) = 5 socketpair(AF_UNIX, SOCK_STREAM, 0, [6, 7]) = 0 bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=18, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 8 bpf(BPF_MAP_UPDATE_ELEM, {map_fd=8, key=0x200006c0, value=0x20000700, flags=BPF_ANY}, 32) = 0 [ 73.728027][ T5087] [ 73.730425][ T5087] ============================================ [ 73.736561][ T5087] WARNING: possible recursive locking detected [ 73.742717][ T5087] 6.9.0-rc5-syzkaller-00184-gba1cb99b559e #0 Not tainted [ 73.749723][ T5087] -------------------------------------------- [ 73.755852][ T5087] syz-executor160/5087 is trying to acquire lock: [ 73.762284][ T5087] ffff888022fc9200 (&stab->lock){+...}-{2:2}, at: sock_map_delete_elem+0x175/0x250 [ 73.771598][ T5087] [ 73.771598][ T5087] but task is already holding lock: [ 73.778945][ T5087] ffff88802ae24a00 (&stab->lock){+...}-{2:2}, at: sock_map_update_common+0x1b6/0x5b0 [ 73.788442][ T5087] [ 73.788442][ T5087] other info that might help us debug this: [ 73.796486][ T5087] Possible unsafe locking scenario: [ 73.796486][ T5087] [ 73.803914][ T5087] CPU0 [ 73.807184][ T5087] ---- [ 73.810467][ T5087] lock(&stab->lock); [ 73.814633][ T5087] lock(&stab->lock); [ 73.818716][ T5087] [ 73.818716][ T5087] *** DEADLOCK *** [ 73.818716][ T5087] [ 73.826862][ T5087] May be due to missing lock nesting notation [ 73.826862][ T5087] [ 73.835172][ T5087] 5 locks held by syz-executor160/5087: [ 73.840707][ T5087] #0: ffff88801d377a58 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sock_map_update_elem_sys+0x1cc/0x910 [ 73.851171][ T5087] #1: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: sock_map_update_elem_sys+0x1d8/0x910 [ 73.861460][ T5087] #2: ffff88802ae24a00 (&stab->lock){+...}-{2:2}, at: sock_map_update_common+0x1b6/0x5b0 [ 73.871404][ T5087] #3: ffff88801f046290 (&psock->link_lock){+...}-{2:2}, at: sock_map_unref+0xcc/0x5e0 [ 73.881072][ T5087] #4: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x114/0x420 [ 73.890469][ T5087] [ 73.890469][ T5087] stack backtrace: [ 73.896348][ T5087] CPU: 0 PID: 5087 Comm: syz-executor160 Not tainted 6.9.0-rc5-syzkaller-00184-gba1cb99b559e #0 [ 73.906746][ T5087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 73.916789][ T5087] Call Trace: [ 73.920062][ T5087] [ 73.922987][ T5087] dump_stack_lvl+0x241/0x360 [ 73.927683][ T5087] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.932893][ T5087] ? print_deadlock_bug+0x479/0x620 [ 73.938109][ T5087] ? _find_first_zero_bit+0xd4/0x100 [ 73.943414][ T5087] validate_chain+0x15c1/0x58e0 [ 73.948271][ T5087] ? __pfx_lock_acquire+0x10/0x10 [ 73.953295][ T5087] ? mark_lock+0x9a/0x350 [ 73.957650][ T5087] ? __pfx_lock_release+0x10/0x10 [ 73.962675][ T5087] ? __pfx_validate_chain+0x10/0x10 [ 73.967882][ T5087] ? __pfx_validate_chain+0x10/0x10 [ 73.973081][ T5087] ? validate_chain+0x11b/0x58e0 [ 73.978037][ T5087] ? mark_lock+0x9a/0x350 [ 73.982369][ T5087] ? __pfx_validate_chain+0x10/0x10 [ 73.987569][ T5087] ? __lock_acquire+0x1346/0x1fd0 [ 73.992594][ T5087] ? __pfx_validate_chain+0x10/0x10 [ 73.997796][ T5087] ? mark_lock+0x9a/0x350 [ 74.002151][ T5087] __lock_acquire+0x1346/0x1fd0 [ 74.007017][ T5087] lock_acquire+0x1ed/0x550 [ 74.011521][ T5087] ? sock_map_delete_elem+0x175/0x250 [ 74.016900][ T5087] ? __pfx_lock_acquire+0x10/0x10 [ 74.021923][ T5087] ? bpf_get_current_cgroup_id+0x1d/0x340 [ 74.027648][ T5087] ? sock_map_delete_elem+0x175/0x250 [ 74.033026][ T5087] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 74.038828][ T5087] ? __pfx_lock_acquire+0x10/0x10 [ 74.043850][ T5087] ? bpf_get_current_cgroup_id+0x1d/0x340 [ 74.049570][ T5087] ? sock_map_delete_elem+0x175/0x250 [ 74.054975][ T5087] _raw_spin_lock_bh+0x35/0x50 [ 74.059750][ T5087] ? sock_map_delete_elem+0x175/0x250 [ 74.065141][ T5087] sock_map_delete_elem+0x175/0x250 [ 74.070360][ T5087] ? __pfx_rcu_read_lock_sched_held+0x10/0x10 [ 74.076436][ T5087] ? __pfx_sock_map_delete_elem+0x10/0x10 [ 74.082167][ T5087] ? bpf_get_current_cgroup_id+0x1d/0x340 [ 74.087891][ T5087] bpf_prog_d284ea97e99fac5b+0x47/0x4b [ 74.093372][ T5087] bpf_trace_run2+0x204/0x420 [ 74.098056][ T5087] ? bpf_trace_run2+0x114/0x420 [ 74.102912][ T5087] ? __pfx_bpf_trace_run2+0x10/0x10 [ 74.108133][ T5087] ? sock_map_unref+0x3ac/0x5e0 [ 74.113000][ T5087] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 74.118384][ T5087] ? sock_map_unref+0x3ac/0x5e0 [ 74.123249][ T5087] kfree+0x2af/0x3a0 [ 74.127153][ T5087] sock_map_unref+0x3ac/0x5e0 [ 74.131843][ T5087] sock_map_update_common+0x4f0/0x5b0 [ 74.137229][ T5087] sock_map_update_elem_sys+0x55f/0x910 [ 74.142786][ T5087] ? __virt_addr_valid+0x183/0x520 [ 74.147907][ T5087] ? sock_map_update_elem_sys+0x1d8/0x910 [ 74.153633][ T5087] ? __pfx_sock_map_update_elem_sys+0x10/0x10 [ 74.159706][ T5087] map_update_elem+0x53a/0x6f0 [ 74.164520][ T5087] __sys_bpf+0x76f/0x810 [ 74.168769][ T5087] ? __pfx___sys_bpf+0x10/0x10 [ 74.173545][ T5087] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 74.179872][ T5087] ? do_syscall_64+0x102/0x240 [ 74.184642][ T5087] __x64_sys_bpf+0x7c/0x90 [ 74.189056][ T5087] do_syscall_64+0xf5/0x240 [ 74.193565][ T5087] ? clear_bhb_loop+0x35/0x90 [ 74.198248][ T5087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.204147][ T5087] RIP: 0033:0x7f570a8d3729 [ 74.208626][ T5087] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 bpf(BPF_MAP_UPDATE_ELEM, {map_fd=8, key=0x20000600, value=0x20000640, flags=BPF_ANY}, 32) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 74.228331][ T5087]